A New Invite-Only Forum for Victims of Google’s Google+ Purge

Views: 2310

Several weeks ago, in the wake of Google’s shameless and hypocritical abandonment of loyal Google users and communities with the announced rapidly approaching shutdown of consumer Google+ (originally scheduled for August, then — with yet another kick in the teeth to their users — advanced to April based on obviously exaggerated security claims) I created a new private forum to help stay in touch with my own G+ followers.

This was not something that I had anticipated needing to do.

If Google had shown even an ounce of concern for their users’ feelings, and provided the means for the “families” of users created on G+ since its inception to have some way to stay in touch after Google pulls the plug on consumer G+ (to concentrate on expanding their enterprise/business version of G+), I wouldn’t even have had to think about creating a new forum at this stage.

But relying upon Google in these respects — please see: “Can We Trust Google?” (https://lauren.vortex.com/2018/12/10/can-we-trust-google) — is a fool’s errand. Google has made it clear that even their most loyal users can be booted out the door at any time that upper management finds them to be an “inconvenience” in the Google ecosystem, to be swatted like flies. Given Google’s continuing user support and user trust failures in other areas, we all should have seen this coming long ago. In fact, many of us did, but had hoped that we were wrong. 

There have been continuing efforts to find some way in conjunction with Google to keep some of these consumer G+ relationships alive — for example, via the enterprise version of G+. To date, these prospects continue to appear bleak. Google seems to have no respect at all for their consumer G+ users, beyond the absolute minimum of providing a way for users to download their own G+ posting archives.

Since Google clearly cares not about destroying the relationships built up on Google+, and since I have many friends on G+ with whom I don’t want to lose touch (many of which, ironically, are Googlers — great Google employees), I created my own small, new private forum as a way to hopefully avoid total decapitation of these relationships at the hands of Google’s G+ guillotine.

A significant number of my G+ followers have already joined. But I’ve been frequently asked if I would consider opening it up further for other G+ users who feel burned by Google’s upcoming demolition of G+, especially since many G+ users are not finding the currently publicly available alternatives to be appealing, for a range of very good reasons. Facebook is nonstarter for many, and various of the other public alternatives are already infested with alt-right and other forms of trolls who were justifiably kicked off of the mainstream platforms.

So while I am indeed willing to accept invitation requests more broadly from G+ users and other folks who are feeling increasingly without a welcoming social media home, please carefully consider the following before applying.

It’s my private forum. My rules apply. It operates as a (hopefully) benign dictatorship. I reserve the right to reject any invite applications or submitted postings. Any bad behavior (by my definitions) will result in ejection, typically on a one-strike basis. All submitted posts will be moderated (by myself and/or by trusted users whom I designate) before potentially being accepted and becoming visible on the forum. Private messaging between users is not supported at this time. I make no guarantees regarding how long the forum will operate or how it might evolve, but my intention is for it to be a low-key and comfortable place for friends to post and discuss issues of interest.

If you don’t like that kind of environment, then please don’t even bother applying for an invitation. Go use Facebook. Or go somewhere else. Good luck. You’re going to need it.

If you do want to apply for an invitation, please send an email message explaining briefly who you are and why you want to join, to:

g-forum-request@vortex.com

I look forward to hearing from you.

Take care. Be seeing you.

–Lauren–

Google’s Reaction to Chromecast Hijacking Is Another User Trust Failure

Views: 876

You may have heard by now that significant numbers of Google’s excellent Chromecast devices — dongles that attach to televisions to display video streams — are being “hijacked” by hackers, forcing attached televisions to display content of the hackers’ choosing. The same exploit permits other tampering with some users’ Chromecasts, including apparently forced reboots, factory resets, and configuration changes. Google Home devices don’t seem to be similarly targeted currently, but they likely are similarly vulnerable.

The underlying technical vulnerability itself has been known for years, and Google has been uninterested in changing it. These devices use several ports for control, and they depend on local network isolation rather than strong authentication for access control.

In theory, if everyone had properly configured Internet routers with bug free firmware, this authentication and control design would likely be adequate. But of course, everyone doesn’t fall into this category.

If those control ports end up accessible to the outside world via unintended port forwarding settings (the UPnP capability in most routers is especially problematic in this regard), the associated devices become vulnerable to remote tampering, and may be discoverable by search engines that specialize in finding and exposing devices in this condition.

Google has their own reasons for not wanting to change the authentication model for these devices, and I’m not going to argue the technical ramifications of their stance right now.

But the manner in which Google has been reacting to this new round of attacks on Chromecast users is all too typical of their continuing user trust failures, others of which I’ve outlined in the recent posts “Can We Trust Google?” (https://lauren.vortex.com/2018/12/10/can-we-trust-google) and “The Death of Google” (https://lauren.vortex.com/2018/10/08/the-death-of-google).

Granted, Chromecast hijacking doesn’t rank at the top of exploits sorted by severity, but Google’s responses to this situation are entirely characteristic of their attitude when faced with such controversies.

To date — as far as I know — Google has simply taken the “pass the buck” approach. In response to media queries about this issue, Google insists that the problem isn’t their fault. They assert that other devices made by other firms can have the same vulnerabilities. They lay the blame on users who have configured their routers incorrectly. And so on.

While we can argue the details of the authentication design that Google is using for these devices, there’s something that I consider to be inarguable: When you blame your users for a problem, you are virtually always on the losing side of the argument.

It’s as if Google just can’t bring itself to admit that anything could be wrong with the Chromecast ecosystem — or other aspects of their vast operating environments.

Forget about who’s to blame for the situation. Instead, how about thinking of ways to assist those users who are being affected or could be affected, without relying on third-party media to provide that kind of help!

Here’s what I’d do if I was making these decisions at Google.

I’d make an official blog post on the appropriate Google blogs alerting Chromecast users to these attacks and explaining how users can check to make sure that their routers are configured to block such exploits. I’d place something similar prominently within the official Chromecast help pages, where many users already affected by the problem would be most likely to initially turn for official “straight from Google” help.

This kind of proactive outreach shouldn’t be a difficult decision for a firm like Google that has so many superlative aspects. But again and again, it seems that Google has some sort of internal compulsion to try minimize such matters and to avoid reaching out to users in such situations, and seems to frequently only really engage publicly in these kinds of  circumstances when problems have escalated to the point where Google feels that its back is against the wall and that they have no other choice.

This isn’t rocket science. Hell, it’s not even computer science. We’re talking about demonstrating genuine respect for your users, even if the total number of users affected is relatively small at Google Scale, even if the problems aren’t extreme, even if the problems arguably aren’t even your fault.

It’s baffling. It’s disturbing. And it undermines overall user trust in Google relating to far more critical issues, to the detriment of both Google itself and Google’s users.

And perhaps most importantly, Google could easily improve this situation, if they chose to do so. No new data centers need be built for this purpose, no new code is required. 

What’s needed is merely the recognition by Google that despite their great technical prowess, they have failed to really internalize the fact that all users matter — even the ones with limited technical expertise — and that Google’s attitude toward those users who depend on their services matters at least as much as the quality of those services themselves. 

–Lauren–

USA Wants to Restrict AI Exports: A Stupid and Dangerous Idea

Views: 977

When small, closed minds tackle big issues, the results are rarely good, and frequently are awful. This tends to be especially true when governments attempt to restrict the development and evolution of technology. Not only do those attempts routinely fail at their stated and ostensible purposes, but they often do massive self-inflicted damage along the way, and end up further empowering our adversaries.

Much as Trump’s expensive fantasy wall (“Mexico will pay for it!”) would have little ultimate impact on genuine immigration problems — other than to further exacerbate them — his Commerce department’s new plans for restricting the export of technologies such as AI, speech recognition, natural language understanding, and computer vision would be yet another unforced error that could decimate the USA’s leading role in these areas.

We’ve been down this kind of road before. Years ago, the USA federal government placed draconian restrictions on the export of encryption technologies,  classifying them as a form of munitions. The result was that the rest of the world zoomed ahead in crypto tech. This also triggered famously bizarre situations like t-shirts with encryption source code printed on them being restricted, and the co-inventor of the UNIX operating system — Ken Thompson — battling to take his “Belle” chess-playing computer outside the country, because the U.S. government felt that various of the chips inside fell into this restricted category. (At the time, Ken was reportedly quoted as saying that the only way you could hurt someone with Belle was by dropping it out of a plane — you might kill someone if it hit them!)

As is the case with AI and the other technologies that Commerce is talking about restricting today, encryption R&D information is widely shared among researchers, and likewise, any attempts to stop these new technologies from being widely available, even attempts at restricting access to them by specific countries on our designated blacklist of the moment, will inevitably fail.

Even worse, the reaction of the global community to such ill-advised actions by the U.S. will inevitably tend to put us at a disadvantage yet again, as other countries with more intelligent and insightful leadership race ahead leaving us behind in the dust of politically motivated export control regimes.

To restrict the export of AI and affiliated technologies is shortsighted, dangerous, and will only accomplish damaging our own interests, by restricting our ability to participate fully and openly in these crucial areas. It’s the kind of self-destructive thinking that we’ve come to expect from the anti-science, “build walls” Trump administration, but it must be firmly and completely rejected nonetheless.

–Lauren–