Recent Google Posts

Can We Trust Google?
https://lauren.vortex.com/2018/12/10/can-we-trust-google

The DATA Says: Google’s “Dragonfly” Chinese Search Is Doomed
https://lauren.vortex.com/2018/11/28/the-data-says-googles-dragonfly-chinese-search-is-doomed

Save Google — but Let Facebook Die
https://lauren.vortex.com/2018/11/22/save-google-but-let-facebook-die

After the Walkout, Google’s Moment of Truth
https://lauren.vortex.com/2018/11/03/after-the-walkout-googles-moment-of-truth

Beware of “Self-Selected” Surveys of Google Employees
https://lauren.vortex.com/2018/10/30/beware-of-self-selected-surveys-of-google-employees

Why Internet Tech Employees Are Rebelling Against Military Contracts
https://lauren.vortex.com/2018/10/15/why-internet-tech-employees-are-rebelling-against-military-contracts

The Death of Google
https://lauren.vortex.com/2018/10/08/the-death-of-google

–Lauren–

Can We Trust Google?

I consider Google to be a great company. I have many friends who are Googlers. I am dependent on many Google services and products.

But if you’ve gotten the sense that Google has been flailing around in a seemingly uncoordinated fashion lately, like a chainsaw run wild, you’re not the only one. And I’m not talking right now about their nightmare “Dragonfly” Chinese censorship project or the righteous rising tide of their own employees’ protests.

Let’s talk about the users. Let’s talk about you and me.

Some of Google’s management decisions are chopping Google’s most loyal users to figurative bloody bits.

Google has fantastic engineering teams, world-class privacy and security teams, brilliant lawyers, and so many other wonderful human and technical resources — yet Google’s upper management apparently still hasn’t really grown up.

To put it bluntly, Google management in key respects treats ordinary users like disposable bathroom paper products, to be used and quickly disposed of without significant consideration of the ultimate impacts.

There’s a site out on the Web that calls itself the Google Graveyard — they list all the Google services that have appeared and then unceremoniously vanished over the years, leaving seas of disappointed and upset users in their wake.

Today Google apparently announced that they’re pushing up the death date for consumer Google+ to April. Just recently they said it was going to be next August, so loyal G+ users — and don’t believe the propaganda, there are vast numbers of them — were planning on the basis of that original date. Google is simultaneously citing a new minor G+ security bug and is apparently using that as an excuse. But we know that’s bogus, because Google simultaneously notes that this minor bug only existed for less than a week and there was no evidence of it being exploited.

Google just wants to dump its social media users who aren’t on YouTube. No matter the many years that those users on G+ have spent building up vibrant communities on the platform. We know Google isn’t killing the essential G+ technical infrastructure, since they plan to continue it for their enterprise (paying) customers.

Who knows, maybe Google will next announce that consumer G+ will shut down 48 hours from now.

Let’s face it, you simply cannot depend on Google honorably even sticking to their own service shutdown dates and not pulling the plug earlier — users be damned! Who really cares about the impacts on those users, right?

You want another recent example? Glad you asked! Google over the last handful of days suddenly, and with no notification at all, started removing a feature from Google Voice, causing the way incoming calls are treated by the system to suddenly change for users employing that option in call screening. Because Google didn’t bother to notify any Google Voice users about this in advance, users only found out when their callers started expressing confusion about what was going on. I’m in useful discussions with the Google Voice team about this situation, and Google asserts that most users didn’t choose a mix of options that were affected by this.

But that’s not the point! For those users who did use that option set, this was a big deal, a major disruptive change that they were not told about (and in fact, still have not officially been informed about as far as I know), leaving them no opportunity to take reasonable proactive actions and limit the negative impacts.

The list of similarly affected Google products and services goes on and on.  Google adds and removes features and changes user interfaces without warning, explanation, or frequently even any documentation. They kill off services — used by millions — on short notice, and even when they give a longer notice they may then suddenly chop months from that interval, as they have with G+.

Some might argue that users who don’t pay for Google services shouldn’t expect much more than nuthin’. But that’s garbage.

Vast numbers of persons depend on Google for many aspects of their lives. In many cases, they would happily pay reasonable fees for better support and some guarantees that Google won’t suddenly kill their favorite services! Innumerable people have told me how they’d happily pay to use consumer G+ or Google Voice under those conditions, and the same goes for many other Google services as well.

And yet, except for the limited offerings in “Google One” and media offerings like YouTube and Music premium services, essentially the only other way to pay for standard Google services is through Google’s “G Suite” enterprise model, which is domain-centric and far more appropriate for corporate users than for individuals.

Google knows that as time goes on their traditional advertising revenue model will become decreasingly effective. This is obviously one reason why they’ve been pivoting toward paid service models aimed at businesses and other organizations. That doesn’t just include G Suite, but great products like their AI offerings, Google Cloud, and more.

But no matter how technically advanced those products, there’s a fundamental question that any potential paying user of them must ask themselves. Can I depend on these services still being available a year from now? Or in five years? How do I know that Google won’t treat business users the same ways as they’ve treated their consumer users?

In fact, sadly, I hear this all the time now. Users tell me that they had been planning to move their business services to Google, but after what they’ve seen happening on the consumer side they just don’t trust Google to be a reliable partner going forward.

And I can’t blame folks for feeling this way. As the old saying goes, “Fool me once shame on you, fool me twice shame on me.”

The increasingly shabby way that Google treats consumer users in the respects that I’ve been discussing here has real world impacts on how potential business users view Google.  The fact that Google has been continuing to pull the rug out from under their most loyal consumer users has not been lost on business observers, who know that even though Google’s services are usually technically superior, that fact alone is not enough to trust Google with your business operations.

Google works quite hard it seems to avoid thinking much about these negative impacts. That’s part of the reasons, I believe, why Google fights so hard against filling commonly accepted roles that so many firms have found to be so incredibly useful, such as ombudspersons, ethics officers, and user advocates.

In some ways, Google management still behaves as if Google was still a bunch of PCs stacked up in a garage. They still have not really taken responsibility for their important place in the world.

Personally, I still believe that Google can turn around this situation for the better. However, I am forced to admit that to date, I do not see significant signs of their being willing to take the significant steps and to make the serious changes necessary for this to occur.

–Lauren–

The DATA Says: Google’s “Dragonfly” Chinese Search Is Doomed

Google’s highly controversial “Dragonfly” project, exploring the possibility of providing Chinese-government censored and controlled search to China, is back in the news — with continuing protests by concerned Google employees, including public letters and other actions.

I have previously explained my opposition to this project and my solidarity with these Googlers, in posts such as: “Google Admits It Has Chinese Censorship Search Plans – What This Means” (https://lauren.vortex.com/2018/08/17/google-admits-it-has-chinese-censorship-search-plans-what-this-means) and other related essays.

There are a multitude of reasons to be skeptical about this project, ranging from philosophical to emotional to economic. Basic issues relating to freedom of speech and individual rights come into play when dealing with an absolute dictatorship that sends people to “reeducation” camps where they are tortured merely for having the “wrong” religions, or where making an “inappropriate” comment on the tightly-controlled Chinese Internet can result in authorities dragging you away to secret prisons.

There is also ample evidence to suggest that if Google proceeds to provide such search services in China, they will be mercilessly attacked by politicians from both sides of the aisle, many of whom already are in the ranks of the Google Haters.

But for the moment, let’s attempt to set such horrors and the politics aside, and look at Dragonfly in the cold, hard logic of available data. Google famously considers itself to be a “data-driven” company. Does the available data suggest that Dragonfly would be practical for Google to implement and operate going forward?

The answer is clearly negative.

Philosopher George Santayana’s notable assertion that: “Those who cannot remember the past are condemned to repeat it” is basically another way of saying “If you ignore the data staring you in the face, don’t be surprised when you get screwed.”

And the data regarding the probability of getting burned, screwed, or otherwise bulldozed by China is plentiful.

Google of course has plenty of specific data in hand about this. They tried providing censored search to China around a decade ago. The result was (as many of us predicated at the time) ever-increasing demands for more censorship and more control from the Chinese government, and then a series of Chinese-based hack attacks against Google itself, causing Google to correctly pull the plug on that project.

Fast forward to today, and Google management seems to be asserting that somehow THIS time it will all be different and work out just fine. Is there any data to suggest that this view is accurate?

Again, the answer is clearly no. In fact, vast evidence suggests exactly the opposite.

The optimistic assertions of Dragonfly proponents might have a modicum of validity if there were any evidence that China has been moving in a positive direction relating to speech and other human rights (in either or both of the technological and non-technological realms) in the years since Google’s original attempt to provide censored Chinese search.

But the data regarding China’s behavior over this period clearly demonstrates China moving in precisely the contrary direction! 

China has used this time not to improve the human rights of its people, but to massively tighten its grip and to escalate its abuses in nightmarish ways. And especially to the point of this discussion, China’s ever more dictatorially monitored and controlled Internet has become a key tool in the government’s campaign of terror.

China has turned the democratic ideals of the Internet’s founders on their heads, and have morphed their own Internet into a bloody bludgeon to use against its own people, and even against Chinese persons living outside of China.

The reality of course is that China is an economic powerhouse — the West has already sold its economic soul to China to a major degree. There is no reversing that in the foreseeable future. Neither threats nor tariffs will make a real difference.

But we still do have some free choice when it comes to China.

And one specific choice — a righteous and honorable choice indeed — is to NOT get into bed with the Chinese dictators’ Internet control and censorship regime.  

Giving the Chinese government dictators any control over Google search results would be effectively tantamount to embracing their horrific abuses — PR releases to the contrary notwithstanding.

The data — the history — teaches us clearly that there is no “just dipping your toe into the water” when it comes to collaboration with unrepentant, dictatorial regimes in the process of extending and accelerating their abuses, as is the case with China. You will not be able to make China behave any “better” through your actions. But you will inevitably be ultimately dragged body and soul into their putrid deeps. 

The data is obvious. The data is devastating. 

Google should immediately end its dance with China over Chinese censored search. Dragonfly and any similar projects should be put out of their miseries for good and all.

–Lauren–

Save Google — but Let Facebook Die

Do you know why Facebook is called Facebook? The name dates back to founder Mark Zuckerberg’s “FaceMash” project at Harvard, designed to display photos of students’ faces (without their explicit permissions) to be compared in terms of physical attractiveness. Essentially, a way he and his friends could avoid dating “ugly” people by his definition. Zuck even toyed with the idea of comparing those student photos with shots of farm animals. 

Immature. Exploitative. Verging on pre-echos of evils to come.

Fast forward to Facebook of today. As we’ve watched Zuckerberg’s baby expand over the years like a mutant virus from science fiction, we’ve had plenty of warnings that the at best amoral attitudes of Zuck and his hand-picked cronies have permeated the Facebook ecosystem. 

It’s long been a given that Facebook ruthlessly controls, limits, and manipulates the data that users are shown — to its own financial advantage. 

But long before we learned of Facebook’s deep embeds in right-wing politics, and the Russians’ own deep manipulative embeds in Facebook, there were other clues that Facebook’s ethical compass was virtually nonexistent.

Remember when it was discovered that Facebook was manipulating information shown to specific sets of users to see if their emotional states could be altered by such machinations without their knowledge? 

Over and over again, Facebook has been caught in misstatements, in subterfuge, in outright lies — including the recent revelations of their paying an outside PR hit firm to fabricate attack pieces on other firms to divert attention from Facebook’s own spreading problems, even to the extent of the firm reportedly spreading false antisemitic conspiracy theories.

Zuck and Chief Operating Officer Sheryl Sandberg found an outgoing employee to fall on his sword to take official responsibility for this, and initially both Zuck and Sheryl publicly disclaimed any knowledge of that outside firm’s actions. But now Sheryl has apparently reversed herself, admitting that information about the firm did reach her desk. And do you really believe that control freaks like Mark Zuckerberg and Sandberg weren’t being kept informed about this in some manner all along? C’mon!

Facebook of course is not the only large Internet firm with ethical challenges. Recently in “The Death of Google” (https://lauren.vortex.com/2018/10/08/the-death-of-google), and “After the Walkout, Google’s Moment of Truth” (https://lauren.vortex.com/2018/11/03/after-the-walkout-googles-moment-of-truth), I noted Google’s own ethical failings of late, and my suggestions for making Google a better Google. Importantly, those posts were not predicting Google’s demise, but rather were proposing means to help Google avoid drifting further from the admirable principles of its founding (“organizing and making available the world’s information” — in sharp contrast to Facebook’s seminal “avoid dating ugly people” design goal).  So both of those posts regarding Google were in the manner of Dickens’  “Ghost of Christmas Future” — a discussion of bad outcomes that might be, not that must be.  

Saving Google is a righteous and worthy goal.

Not so Facebook. Facebook’s business model is and has always been fundamentally rotten to its core, and the more that this core has been exposed to the public, the more foul the stench of rotten decay that Facebook emits.

“Saving” Facebook would mean helping to perpetuate the sordid, manipulative mess of Facebook today, that reaches back to its very beginnings — a creation that no longer deserves to exist.

In theory, Facebook could change its ways in positive directions, but not without abandoning virtually everything that has characterized Facebook since its earliest days. 

And there is no indication — zero, none, nil — that Zuckerberg has any intention of letting that happen to his self-made monster.

So in the final analysis — from an ethical standpoint at least — there is no point to trying to “save” Facebook — not from regulators, not from politicians, and certainly not from itself. 

The likely end of Facebook as we know it today will not come tomorrow, or next month, or even perhaps over a short span of years. 

But the die has been cast, and nothing short of a miracle will save Facebook in the long run. And whether or not you believe in miracles, Facebook doesn’t deserve one.

–Lauren–

My Thoughts on New Studies of Toxic Emissions from 3D Printers

Some new studies are quantifying the levels of toxic emissions from conventional 3D printers using conventional plastic filaments of various types. The results are not particularly encouraging, but are not a big surprise. They are certainly important to note, and since I’ve discussed the usefulness of 3D printing many times in the past, I wanted to pass along some of my thoughts regarding these new reports. (Gizmodo’s summary is here: https://gizmodo.com/new-study-details-all-the-toxic-particles-spewed-out-by-3d-p-1830379464).

The big takeaways are pretty much in line with what we already knew (or at least suspected), but add some pretty large exclamation points.

PLA filament generally produces far fewer toxic emissions than most other filament compositions (especially ABS), and is what I would almost always recommend using in the vast majority of cases.

The finding that inexpensive filaments tend to have more emissions than “name brands” is interesting, probably related to levels of contaminants in the raw filament ingredients. However, in practice filament has become so fungible — with manufacturers putting different brand names on the same physical filament from the same factories — it’s often difficult to really know if you’re definitely buying the filament that you think you are. And of course, the most widely used filaments tend to be among the most inexpensive.

My own recommendation has always been to never run a 3D printer that doesn’t have its own enclosed build area air chamber (which the overwhelming vast majority don’t) in a room routinely occupied by people or animals — print runs can take many hours and emissions are continuing the entire time. Printing outside isn’t typically practical due to air currents and sudden temperature changes. A generally good location for common “open” printers is a garage, ideally with a ventilation fan.

The reported fact that filament color affects emissions is not unexpected — there has long been concern about the various additives that are used to create these colors. Black filament is probably the worst case, since it tends to have all sorts of leftover filament scraps and gunk thrown into the mix — the fact that black filament tends to regularly clog 3D printers is another warning sign.

Probably the safest choice overall when specific colors aren’t at issue, is to print with “natural color” (whitish, rather transparent) PLA filament, which tends to have minimum additives. It also is typically the easiest and most reliable to print with, probably for that same reason.

The finding that there is a “burst” of aerosol emissions when printing begins is particularly annoying, since it’s when printing is getting started that you tend to be most closely inspecting the process looking for early print failures.

So the bottom line is pretty much what you’d expect — breathing the stuff emanating from molten plastic isn’t great for you. Then again, even though it only heated the plastic sheets for a few minutes at a time (as opposed to the hours-long running times of modern 3D printers), I loved my old Mattel “VAC-U-FORM” when I was a kid — and who knows how toxic the plastics heated in that beauty really were (https://www.youtube.com/watch?v=lCvgvWiZNe8). Egads, not only can you still get them on eBay, replacement parts and plastic refill packs are still being sold as well!

I guess that they got it right in the “The Graduate” after all: https://www.youtube.com/watch?v=Dug-G9xVdVs

Be seeing you.

–Lauren–

After the Walkout, Google’s Moment of Truth

UPDATE (November 22, 2018): Save Google — but Let Facebook Die

– – –

Google has reached what could very well be an existential moment of truth in its corporate history.

The recent global walkout of Google employees and contractors included more than 20,000 participants by current counts, and the final numbers are almost certain to be even higher. This puts total participation at something north of 20% of the entire firm — a remarkable achievement by the organizers.

Almost a month ago, when I posted my concerns regarding the path that this great company has been taking, and the associated impacts on both their employees and users (“The Death of Google” – https://lauren.vortex.com/2018/10/08/the-death-of-google), the sexual assault and harassment issues that were the proximate trigger for the walkout were not yet known publicly — not even to most Googlers.

These newly reported management failures clearly fit tightly into the same pattern of longstanding issues that I’ve frequently noted, and various broad concerns related to Google’s accountability and transparency that have been cited as additional foundational reasons for the walkout.

Google today — almost exactly twenty years since its founding — is at a crossroads. The decisions that management makes now regarding the issues that drove the walkout and other issues of concern to Googlers, Google’s users, and the world at large, will greatly impact the future success of the firm, or even how long into the future Google will continue to exist in a recognizable form at all.

That so many of these issues have reached the public sphere at around the same time — sexual abuse and harassment, Googlers’ concerns about military contracts and a secret project aimed at providing Chinese-government censored search, and more — should not actually be a surprise.

For all of these matters are symptomatic of larger problematic ethical factors that have crept into Google’s structure, and without a foundational change of direction in this respect, new concerns will inevitably keep arising, and Google will keep lurching from crisis to crisis.

The walkout organizers will reportedly be meeting with Google CEO Sundar Pichai imminently, and I fully endorse the organizers’ publicly stated demands.

But management deeds are needed — not just words. After a demonstration of this nature, it’s all too easy for conciliatory statements to not be followed by concrete and sustained actions, and then for the original status quo to reassert itself over time.

This is also a most appropriate moment for Google to act on a range of systemic factors that have led to transparency, accountability, and other problems associated with Google management’s interactions with rank-and-file employees, and between Google as a whole and its users. 

Regarding the latter point, since I’ve many times over the years publicly outlined my thoughts regarding the need for Google employees dedicated to roles such as ombudsperson, user advocates, and ethics officer (call the latter “Guardian of Googleyness” if you prefer), I won’t detail these crucial positions again here now. But as the walkout strongly suggests, these all are more critically needed by Google than ever before, because they all connect back to the basic ethical issues at the core of many concerns regarding Google.

These are all interconnected and interrelated matters, and attempts to improve any of them in isolation from the others will ultimately be like sweeping dirt under the proverbial rug — such problems are pretty much guaranteed to eventually reemerge with even more serious negative consequences down the line.

Google is indeed a great company. No firm can be better than its employees, and Google’s employees — a significant number of whom I know personally — have through their walkout demonstrated to the world something that I already knew about them. 

Googlers care deeply about Google. They want it to be the best Google that it possibly can be, and that means meeting high ethical standards vertically, horizontally, and from A to Z.

Now it’s Google’s management’s turn. Can they demonstrate to their employees, to Google’s users, and to the global community, that loyalty towards Google has not been misplaced?

We shall see.

–Lauren–

Beware of “Self-Selected” Surveys of Google Employees

Late today I was sent a “press release” from “Blind: Your Anonymous Workplace Community” (“teamblind”) with the headline: 

88.4% of Google Conservatives Feel Their Political Views Not Welcome at Work

along with some response breakdowns of “liberal” – “moderate” – “conservative” and so on.

I wasn’t really familiar with Blind, but I did remember something from August where they claimed that:

65% of Google Employees Are in Favor of Censored Search

These are intriguing numbers, but as an old statistics guy from way back — ever since I read the 1954 (and still a classic) “How to Lie with Statistics” by Darrell Huff — I had to ask myself, what sort of statistically valid methodology is Blind using to gather these numbers?

Turns out — as far as I can tell at this point (and I’m certainly open to being corrected on this if I’m wrong!) — there appears to be no valid statistical methodologies in those surveys at all!

Blind’s primary model, as far as I can determine, is an app that interested users can install where various surveys are offered, and users who want to participate in particular surveys can choose to respond to them. 

To help ensure that workplace surveys are answered by actual employees of specific firms, Blind apparently verifies that users have appropriate corporate email addresses.

That serves to try keep random people out of the surveys, but doesn’t make those surveys in any way statistically valid, because they apparently remain fully “self-selected” surveys subject to the well known problems of “self-selection bias” effects.

In other words, you can’t infer any statistical information from these surveys beyond the opinions of the particular people who happened to be interested enough at any particular time to respond, and that will vary greatly depending on the nature of the questions and the types of people predisposed to install the Blind app and participate in any Blind surveys in the first place.

Your basic Statistics 101 course explains why the big polling organizations like Gallup — who do generate statistically valid surveys and polls — use carefully designed mathematical models to determine whom THEY will contact for surveys. They don’t just say “Hey, come on over and vote on this!” That’s why meticulously designed surveys of around 1000 or so people can be extremely accurate even when looking at national issues.

That’s not to say that Blind’s self-selected surveys regarding Google or other firms are worthless — they are indeed snapshots of interested users from subsets of their app’s user community. But that’s all.

It would be a tremendous error to try extrapolate from self-selected Blind surveys to any populations beyond the specific individual app users who chose to respond — so such surveys are essentially worthless for serious analysis or policy planning purposes.

This was true when Darrell Huff wrote his book in the mid-20th century, and it remains just as true today.

–Lauren–

Why Internet Tech Employees Are Rebelling Against Military Contracts

Of late we’ve seen both leaked and open evidence of many employees at Internet tech firms in the U.S. rebelling against their firms participating in battlefield systems military contracts, mostly related to cloud services and AI systems.

Some reactions I’ve seen to this include statements like “those employees are unpatriotic and aren’t true Americans!” and “if they don’t like the projects they should just quit the firms!” (the latter as if everybody with a family was independently wealthy).

Many years ago I faced similar questions. My work at UCLA on the early ARPANET (a Department of Defense project) was funded by the military, but was research, not a battlefield system. A lot of very important positive research serving the world has come from military funding over the years and centuries.

When I was doing similar work at RAND, the calculus was a bit more complex since RAND’s primary funding back then was also DOD, but RAND provided analytical reports to decision makers, not actual weapons systems. And RAND had a well-earned reputation of speaking truth to power, even when that truth was not what the power wanted hear. I liked that.

But what’s happening now is different. The U.S. military is attempting to expand its traditional “military-industrial” complex (so named during a cautionary speech by President Eisenhower in 1961) beyond the traditional defense contractors like Boeing, Lockheed, and Raytheon.

The new battle systems procurement targets are companies like Google, Amazon, and Microsoft.

And therein lies the root of the problem.

Projects like Maven and JEDI are not simply research. They are active battlefield systems. JEDI has been specifically described by one of its top officials as a program aimed at “increasing the lethality of our department.”

When you sign on for a job at any of the traditional defense contractors, you know full well that battlefield operational systems are a major part of the firms’ work.

But when you sign on at Google, or Microsoft, or Amazon, that’s a different story.

Whether you’re a young person just beginning your career, or an old-timer long engaged in Internet work, you might quite reasonably expect to be working on search, or ads, or networking, or a thousand other areas related to the Net — but you probably did not anticipate being asked or required to work on systems that will actually be used to kill people.

The arguments in favor of these new kinds of lethal systems are well known. For example, they’re claimed to replace soldiers with AI and make individual soldiers more effective. In theory, fewer of our brave and dedicated volunteer military would be injured or killed. That would be great — if it were truly accurate and the end of the story.

But it’s not. History teaches us that with virtually every advance in operational battlefield technology, there are new calls for even more military operations, more “interventions,” more use of military power. And somehow the promised technological advantages always seem to be somehow largely cancelled out in the end.

So one shouldn’t wonder why Google won’t renew their participation in Maven, and has now announced that they will not participate in JEDI — or why many Microsoft employees are protesting their own firm’s JEDI participation.

And I predict that we’re now only seeing the beginnings of employees being unwilling to just “go along” with working on lethal systems.

The U.S. military has made no secret of the fact that they see cloud environments, AI, robotics, and an array of allied high technology fields as the future of lethal systems going forward.

It’s obvious that we need advanced military systems at least for defensive purposes in today’s world. But simply assuming that employees at firms that are not traditional defense contractors will just “go along” with work on lethal systems would be an enormous mistake. Many of these employees are making much the same sorts of personal decisions as I did long ago and have followed throughout my life, when I decided that I would not work on such systems.

The sooner that DOD actually understands these realities and recalibrates accordingly, the better.

–Lauren–

The Death of Google

UPDATE (November 22, 2018): Save Google — but Let Facebook Die

UPDATE (November 3, 2018): After the Walkout, Google’s Moment of Truth

– – –

The Death of Google
Lauren Weinstein
8 October 2018

Blog: https://lauren.vortex.com/the-death-of-google
PDF: https://lauren.vortex.com/google-death.pdf
Google Docs: https://lauren.vortex.com/google-death.gdoc

Google is dying. It may be possible to save the patient, but it’s also quite possible that Google has already passed the point of no return, especially with the array of forces now attacking it from all sides and from within. Since this situation has been largely enabled by unforced errors committed by Google itself, the prognosis can only be described as bleak.

Unfortunately, I have strong doubts that Google is capable at this time of making the kinds of “lifestyle changes” that would be required to truly save themselves. I would love to have these doubts proven to be incorrect.

A company named Google and its parent Alphabet will continue to exist for the foreseeable future, but for all practical purposes the Google that we all know appears to be in a kind of terminal decline, even as the money continues rolling in for now.

How can this be?

Today’s announcements of a Google+ security breach and the upcoming shutdown of consumer Google+ are but immediate symptoms of a malignancy that has been creeping through Google for years. UPDATE (October 11, 2018): This turns out to be more of a bug than a breach per se, and as I note below its security impact is virtually nil. However, it still should have promptly been made public.

As a big fan of Google, spending a significant amount of my time retorting the mischaracterizations and lies of the Google haters via my written posts and radio interviews, I take no pleasure in this kind of diagnosis.

I’ve watched the death throes of other major technology firms over the years, who originally seemed nothing short of invincible. 

AT&T for one. Digital Equipment Corporation (DEC) was another. Their declines took time — these are processes rather than events. It’s actually a fairly long list if you go far enough back. DEC was assimilated into other firms and its talent siphoned off in various directions. AT&T today is still large and powerful but in many ways is but a shadow of its former self, with its gems like Bell Labs long since morphed into meaningless.

The forces that are ripping Google apart are somewhat different in kind, but all the more tortuous and painful to behold.

For at its core, Google is suffering a complex and multifaceted ethical dilemma that not only threatens to decimate the firm from the inside over time, but has opened up vast gaping wounds that legions of politically-motivated Google haters are using to further evil agendas.

I’ve traveled quite the arc when it comes to Google. In their earlier days starting some 20 years ago, I was a rather intense critic — various of their early data collection and privacy practices seemed to be driven by a cavalier attitude that I viewed as unacceptable.

My first direct physical contact with Google occurred in 2006, when I was invited to Google’s L.A. offices to give a talk that I entitled “Internet & Empires” (the video of that presentation by a significantly younger version of myself is here: https://www.youtube.com/watch?v=PGoSpmv9ZVc). 

I believe it was the first talk they’d ever recorded at that office. There was no podium yet — I just sat on the edge of a table for the presentation.

My interactions with Googlers that day — both from the Q&A and our later discussions before I headed home — yielded me an immediate epiphany of sorts.

Googlers are probably the best people I’ve ever met or worked with in tech — or anywhere else for that matter. It was an honor to consult to Google internally and work directly with them for a significant period several years ago.

They’re intelligent. They care. Many of them are pretty nerdy — but I certainly plead guilty to that myself. I’ve nearly never met a Googler that I didn’t like.

But it became immediately clear that day back in 2006 that something of a discontinuity existed between “rank and file” Googlers and some individuals in Google’s upper management. Even on that first day of contact, Googlers expressed to me their frustrations in this regard, relating to the very issues that I had discussed in my talk.

Over the years since, a wide range of issues related to Google have changed dramatically for the better. Google has become a world-class leader in privacy, security, and artificial intelligence policies. This doesn’t mean that Google is perfect in these respects, and bugs can still occur, but they have excellent people working on those teams — I know many of them personally — who put their lives into this important work. 

However, in key respects it seems that the chasm between Google’s management and other Googlers has grown from a disconnect to a gaping chasm.

Google has always had what I’d charitably call “blind spots” in various areas. Over the years I’ve written publicly about these many times, and I won’t go into detail about them again here, but we can briefly review a few.

Customer service has been an ongoing problem since day one. It has certainly made significant positive strides over time, but still is massively lacking in important respects, especially when dealing with growing populations of non-techie users who depend on Google products and services, but are increasingly left behind by Google user interface designs and available help resources.

When it comes to user interfaces, readability, and similar areas, we again see a sort of “split personality” from Google. They have excellent and rapidly evolving resources for persons with severe conditions like blindness, but continue to deploy low contrast fonts and confusing user interfaces that drive many users with common visual deficiencies absolutely nuts.

Proposals to create the kinds of roles at Google that have been so successful elsewhere — such as Ombudspersons and Consumer Advocates — have continually and routinely hit brick walls at Google whenever I’ve suggested them. I’ve probably written a hundred thousand words or more on this topic alone in my various essays about Google issues.

It has been very clear that Google’s style of public communications has became a major part of their ongoing problems — because in my experience so many common false claims about Google are easily refuted when you take the time to actually do so in a way that non-techies will appreciate.

Yet Google PR has always had a tendency to clam up when something controversial occurs — until the situation has escalated to the point that silence is no longer an option, and matters have become much worse than they would have been if dealt with publicly in a prompt fashion. Google’s deeply entrenched fear of the “Streisand Effect” — the idea that if you say anything about a bad situation you will only draw attention to it — has not served them well.

Today’s belated announcement of a security breach related to Google+, which appears to be the handy excuse for Google to shut down consumer Google+ over a period of 10 months — a process that Google also announced today — encapsulates much of what I’ve said above.

Though the practical impact of the breach seems to be negligible, Google played directly into the politically-motivated hands of the lying Google haters, who have already been screaming for Google’s blood and for its executives to be figuratively drawn and quartered. 

These kinds of Google communications strategies are giving the evil haters even more ammunition to use for false accusations of political user censorship, they give the EU additional excuses to try fine Google billions extra to enrich EU coffers, and they give massive energy to the forces who want to break up Google into smaller units to be micromanaged for political gain by politicians and those politicians’ minions and toadies. 

In the case of Google+, while I don’t have any inside information about today’s announcements, it’s pretty easy to guess what happened.

I’ve been a very active user of Google+ since the first day of beta availability in 2011. But it was obvious from the outset that Google management’s view of the platform was significantly different from its many dedicated users — and there are many millions of them despite the claims of naysayers. I have a wonderful core following of Google+ users who are absolutely great people, and the loss of Google+ will make me both sad and yes, extremely angry. It’s difficult to consider this to be anything short of loyal users being betrayed by Google itself.

Because it didn’t have to happen. Google+ has obviously been operating on very limited internal support resources for quite some time — this was apparent to anyone who used G+ routinely. And there were some terrible executive decisions made along the way — perhaps mostly notably an ultimately abandoned integration of G+ and the YouTube commenting system, which cross-contaminated completely different spheres of interest with disastrous effects. I advocated against this both publicly and internally, but even though it was ultimately rescinded the damage was already done.

Another Google self-inflicted injury is the new controversy over purported plans for Google to again provide Chinese government censored search in China, a concept that Google abandoned many years ago. I’ve written a lot about this recently — I believe it’s a terrible idea and plays into the hands of Google’s adversaries — but I won’t get into the details again here, other than to note the great distress that these moves and the ways that they were handled internally have caused many Googlers who have spoken out publicly.

And yet as I’ve also recently written, when we view that leaked Google TGIF video where Google executives discuss this matter, you won’t see any evil intents, and in fact you’ll find execs emphasizing the need to continue preventing any political bias from finding its way into Google search or other Google products. So their hearts are clearly in the right place overall.

But even the best of intentions are not enough.

With the opening words of Google’s 2004 IPO Founders Letter, Larry Page and Sergey Brin wrote:

“Google is not a conventional company. We do not intend to become one.”

I can’t help but be reminded of that classic scene in “Citizen Kane” where Charles Foster Kane takes the “Declaration of Principles” that he’d written many years earlier and rips them to pieces, declaring them to now be antique.

It is indeed possible, even likely, that Google can continue onward without the kinds of changes that I and other Google supporters have advocated over the years, and still make bushels of money.

But it won’t be the same Google. It will have become the “conventional company” kind of Google, not the firm of which so many Googlers are so rightly proud, and that so many users around the globe depend upon throughout their days.

The Google that we’ve known will be dead. And with its passing, we’ll be entering into a much darker phase of the Internet that many of us have long feared and have worked so hard to try prevent.

And that loss would be terrible for us all.

–Lauren–

How to Disable Gmail’s Annoying New “Smart Compose” Predictive Typing Feature

UPDATE (October 6, 2018): It appears that at least some Gmail users are now getting an (apparently one-time) pop-up box giving the option to turn off “Smart Compose” when it first becomes active for them. This is definitely an improvement. However, if someone accepts that default (“Got it”) to try it out, there’s no clue provided to help the user turn it off again at some future time, without digging around in the user interface as I describe below. Many users report regretting accepting it in the first place, since they didn’t know how to turn it off afterwards.

– – –

I had sort of hoped that Google would step up to the bat on this one themselves, but my inbox is still full of queries about this — all day, every day.

Google recently deployed a feature in Gmail that tries to guess what you’re about to type, and “helpfully” fills it in for you. They activated it by default, with no information provided to users (not even a one-time pop-up information bubble) explaining how to turn it off. (Please see update above regarding this aspect.)

I’ve seen this “Smart Compose” feature described publicly with a range of adjectives, including intrusive, wonderful, invasive, creepy, accurate, loony, mistaken, helpful, misguided — well, you get the point, opinions are all over the map.

In my case, I’d say that “annoying” is the descriptor I’d sort to the top of the heap. 

With the understanding that Google has great AI and is itching to use it whenever and wherever possible, I don’t really need it analyzing my email drafts as I type them. At least in my case, its proposed wordings are nearly always — what’s the technical term? — oh yes, WRONG. Not what I intend or want to write. 

And the predictions intrusively and continuously interrupt my flow of typing as each one needs to be individually bypassed. 

More Google-enhanced “dumbing-down” I really don’t need. Luckily, like the silly little “smart reply” labels that Gmail pops up by default these days (also useless for me, but far less annoying than Smart Compose”) this feature CAN be disabled.

Of course, you have to go on the usual Google user interface scavenger hunt to figure out how to turn this new feature off, because as I noted above, Google sprung it on everyone without information about opting out from its tender mercies. (Please see update above regarding this aspect).

I would not assert that “Smart Compose” is useless. For users who do find it helpful that’s excellent, fine, and dandy. More power to them, as the saying goes. Smart Compose generally seem more acceptable and helpful for mobile use — though Google mobile voice input is so good that voice is my own preferred method to input text on mobile.

My foundational complaint here isn’t that Google deployed Smart Compose, but rather that they enabled it by default without providing users even basic related information, including the all important “How the hell do I turn this damned thing off?” — the very question filling my inbox of late! (Please see update above regarding this aspect.)

So here’s how you turn it off. It’s easy, IF you know how.

Click the desktop Gmail gear icon at the upper right. Then click Settings. You should already be on the General tab at this point. Scroll down until you find “Smart Compose” and click the “Writing suggestions off” choice. Many users assume that their changes have taken effect at this point. Nope, not yet. You next must scroll all the way to the bottom of the page and click “Save Changes” to actually cause any changes to take place.

By the way, you can also turn off the “Smart Reply” feature I mentioned above, via this same settings page. 

There are many better ways that Google could have deployed Smart Compose. Instead of enabling it by default, they could have popped an invitation to try it. Or if it had to be enabled by default, they could have popped a little box saying something like “Can be disabled on the General tab in Gmail settings” — or something along these lines. (Please see update above regarding this aspect.)

Unfortunately, the way that Google chose to launch Smart Compose is rather emblematic of continuing blind spots in Google’s attitudes toward user interface design and the needs of their very wide community of users. 

Google can easily do better, if they choose to do so by considering the needs of ALL users in these user interface decisions and designs.

–Lauren–

Please Don’t Ask! There Are No “Google Explainers”

Just a very short note! A few days ago, in “How Google Documentation Problems Can Lead to Public Relations Nightmares” (https://lauren.vortex.com/2018/09/27/how-google-documentation-problems-can-lead-to-public-relations-nightmares), I proposed that Google make available a series of tutorial resources — “explainers” so to speak, regarding a wide range of Google services, technical issues, and policies that tend to be misunderstood by significant numbers of persons in their user community and the global community at large. I suggested that both textual and video content in this vein could well serve toward improving the understanding of many things Google.

Apparently some readers misunderstood my post — or perhaps were incompletely informed about it by third parties. Because I’ve been flooded with people asking me where to find these “Google Explainer” resources.

You can’t find them. They do not exist at this time! I was making a proposal, not an announcement.

I hope that Google will move in the direction that I’ve suggested, but there are of course no guarantees that they will do so. I appreciate the emails expressing support for the concept, but this ball is firmly in Google’s court, not mine! It would not be practical for a non-Googler to write up such docs and keep them in sync with Google to the degree that would really be necessary for such resources to be genuinely useful.

Sorry about that, Chief!

Be seeing you.

–Lauren–

Criminal Behavior: How Facebook Steals Your Security Data to Violate Your Privacy

One of the most fundamental and crucial aspects of proper privacy implementations is the basic concept of “data compartmentalization” — essentially, assuring that data collected for a specific purpose is only used for that purpose.

Reports indicate that Facebook is violating this concept in a way that is directly detrimental to both the privacy and security of its users. I’d consider it criminal behavior in an ethical sense. If it isn’t already actually criminal under the laws of various countries, it should be.

There’s been much discussion over the last few days about reports (confirmed by Facebook, as far as I can determine) that Facebook routinely abuses their users’ contact information, including phone numbers provided by users, to ad target other users who may never have provided those numbers in the first place. In other words, if a friend of yours has your number in his contacts and lets Facebook access it, Facebook considers your number fair game for targeting, even though you never provided it to them or gave them permission to use it. And you have no way to tell Facebook to stop this behavior, because your number is in someone else’s contacts address book that was shared and is under their control, not yours.

This abuse by Facebook of “shadow contacts” is bad enough, but is actually not my main concern for this post today, because Facebook is also doing something far worse with your phone numbers.

By now you’ve probably gotten a bit bored of my frequent posts strongly urging that you enable 2sv (two-step verification, 2-factor verification) protections on your accounts whenever this capability is offered. It’s crucial to do this on all accounts where you can. Just a few days ago, I was contacted by someone who had failed to do this on a secondary account that they rarely used. That account has now been hijacked, and he’s concerned that someone could be conducting scams using that account — still in his name — as a home base for frauds.

It’s always been a hard sell to get most users to enable 2sv. Most people just don’t believe that they will be hacked — until they are and it’s too late (please see: “How to ‘Bribe’ Our Way to Better Account Security” – https://lauren.vortex.com/2018/02/11/how-to-bribe-our-way-to-better-account-security).

While among the various choices that can be offered for 2sv (phone-based, authenticator apps, U2F security keys, etc.) the phone-based systems offer the least security, 2sv via phone-based text messaging still greatly predominates among users with 2sv enabled, because virtually everyone has a mobile phone that is text messaging capable.

But many persons have been reluctant to provide their mobile numbers for 2sv security, because they fear that those numbers will be sold to advertisers or used for some other purpose than 2sv.

In the case of Google, such fears are groundless. Google doesn’t sell user data to anyone, and the phone numbers that you provide to them for 2sv or account recovery purposes are only used for those designated purposes.

But Facebook has admitted that they are taking a different, quite horrible approach. When you provide a phone number for 2sv, they feel free to use it as an advertising targeting vector that feeds into their “shadow contact” system that I described above.

This is, as I suggested, so close to being criminal as to be indistinguishable from actual criminality.

When you provide a phone number for 2sv account security to Facebook, you should have every expectation that this is the ONLY purpose for which that phone number will be used!

By violating the basic data compartmentalization concept, Facebook actually encourages poor security practices, by discouraging the use of 2sv by users who don’t want to provide their phone numbers for commercial exploitation by Facebook!

Facebook will say that they now have other ways to provide 2sv, so you can use 2sv without providing a phone number.

But they also know damned well that most people do use mobile phones for 2sv. There are very large numbers of people who don’t even have smartphones, just simple mobile phones with text messaging functions. They can’t run authenticator apps. Security keys are only now beginning to make slow inroads among user populations.

So Facebook — in sharp contrast to far more ethical companies like Google who don’t treat their users like sheep to be fleeced — is offering vast numbers of Facebook users a horrible Hobson’s choice — let us exploit your phone number for ad targeting, or suffer with poor security and risk your Facebook account being hijacked.

This situation, piled on top of all the other self-made disasters now facing Facebook, help to explain why I don’t have a Facebook account.

I realize that Facebook is a tough addiction to escape. “All my friends and family are on there!” is the usual excuse.

But if you really care about them — not to mention yourself — you might consider giving Facebook the boot for good and all.

–Lauren–

How Google Documentation Problems Can Lead to Public Relations Nightmares

UPDATE (October 1, 2018): Please Don’t Ask! There Are No “Google Explainers”

– – –

Google has been going through something of a public relations nightmare over the last week or so, all related to a new feature that was added to their Chrome browser — that actually was an excellent, user-positive feature! (Please see: “Ignore the Silly Panic over Google Chrome’s New Auto-Login Feature” – https://lauren.vortex.com/2018/09/24/ignore-the-silly-panic-over-google-chromes-new-auto-login-feature).

After a massive backlash — which I personally feel was almost entirely uninformed and unnecessary — Google has announced that they’ll provide a way for users to disable this useful feature (my recommendation to users is to leave it enabled).

But how did we get to this point?

This entire brouhaha relates to Chrome browser sync, which enables the synchronization of data — bookmarks, passwords, browsing history, etc. — between multiple devices running Chrome. It’s a fantastically useful feature that unfortunately is widely misunderstood.

Part of the reason for the confusion is that it really is not well documented — the associated help materials can be misunderstood even by hardcore techies, and obviously this can be even more troublesome for non-technical users. This has been exacerbated by some aspects of the associated user interface, but Google documentation and other help resources are primarily at fault.

The triggering event for this Google PR mess was the false assumption by some observers that the new Chrome auto-login feature would automatically enable Chrome sync. It doesn’t, and it never did.

But how many Chrome users realize how much flexibility actually exists in the sync system?

For example, while the default settings will sync all categories of data, there are customization options that permit users to specify exactly which classes of data they wish to sync or not sync. I tend to sync bookmarks and not much else.

The main concern expressed about sync during this controversy relates to Google seeing your synced browsing history (which again, I stress has always been possible for users to disable in the sync system).

But how many users realize that you can choose to sync any or all data classes between your devices without Google being able to interpret them at all, simply by specifying a sync “pass phrase” that encrypts the data so that it only exists in unencrypted form on your own devices — not at Google. Doing this means that Google can’t provide various centralized value-added features, but that’s your choice!

If all of this had been better documented (in ways understandable to a wide variety of users of different technical skill levels) much or all of this entire controversy could have been avoided.

While Google has made significant strides in their help and documentation resources over the years, they still have a long, long way to go, especially when dealing with the non-technical users who make up a large and growing segment of their user population. 

I have long asserted that Google (and its users!) would greatly benefit from a new class of Google-related documentation and help systems, created and maintained specifically to assist all users — including especially non-technical users — to better understand these necessarily complex systems and environments. 

I would suggest that these include textual materials specifically written for this purpose, with supplemental video content as well. Call them “Google Explainers” or whatever, but in Google parlance I would assert that ongoing deficiencies in this area represent a “Code Yellow” (extremely important) class of issues for both Google and its users.

–Lauren– 

Ignore the Silly Panic over Google Chrome’s New Auto-Login Feature

UPDATE (September 27, 2018): How Google Documentation Problems Can Lead to Public Relations Nightmares

UPDATE (September 25, 2018): In response to complaints about this actually very positive and useful new feature, Google has announced that an upcoming version of Chrome will provide an option for users to disable this functionality. But I recommend that you leave it enabled — I certainly will.

– – –

You may have seen stories going around over the last couple of days with various observers and so-called “experts” going all wacko panicky over a new feature in Google’s Chrome that automatically logs you into the browser when you log into a Google account.

In reality, this is a major privacy-positive move by Google, not any kind of negative as those breathless articles are trying to make you believe!

Over time, many users — especially in situations where multiple people use the same computer — have come to me confused about who was really logged into what. They’d login to their own Google accounts but later discover that the browser was still logged in as someone else entirely, not only causing confusion, but the potential for significant user errors as well.

I applaud Google changing this. It improves user privacy and user security, by helping to assure that the browser and Google Accounts are using the same identities, and that you’re not accidentally screwing around with someone else’s browser data.

Some panicky observers are loudly proclaiming that they never want to login to the browser. They seem on the whole to be rather confused. You can still use the browser as Guest. You can still switch user identities on the browser via the “Manage People” function in settings.

The key functionalities of browser login are to keep track of different users’ browser settings, and to provide sync capabilities. And the sync system isn’t automatically turned on by these new changes. If you want to sync bookmarks or passwords or whatever, you still need to enable this explicitly and you still have complete control over what is being synced, just like before.

Google should be getting applause for this new Chrome auto-login feature, not silly complaints.

Kudos to the Chrome team.

–Lauren–

More Bull from the Google Haters: Search Results and Trump’s Travel Ban

Here we go again. There are new stories today being breathlessly spouted by the alt-right, and being picked up by mainstream media, about internal Google emails showing employees discussing possible ways to “leverage” search results to help push back against Trump’s racist travel ban in January 2017, shortly after his inauguration.

The key aspect to note about this media brouhaha is that NONE of those ideas were EVER implemented. And the discussions themselves include participants noting why they shouldn’t be.

These discussions were the personal thoughts of individual Googlers, who are encouraged by Google to speak as openly as possible internally to help assure that Google has a wide range of opinions as input to decision-making on an ongoing basis.

I experienced this firsthand during the period ending several years ago when I consulted to Google. I had never seen such an open exchange of ideas at any large firm before. I was absolutely in awe of this — and actively participated in many internal discussions — because such interchange is an incredibly important asset — not only to Google, but to its users and to the world at large.

You want to avoid whenever possible having employees self-censoring internally about controversial matters. You want the maximum practicable interchange of ideas, many of which by definition will never actually be implemented.

We’d frankly have a much better world if such open internal discussions took place at all firms and other organizations.

What’s so appalling about this situation is that there are (or were) individuals inside Google who would purposely leak such internal discussions, obviously in the hopes of generating exactly the kinds of fanatical Google hate being demonstrated by the alt-right and their allies, and to try stifle the kinds of open internal discussions that are so important to us all.

–Lauren–

What We See on the Leaked TGIF Video Makes Us Proud of Google

Ever since an online right-wing rag recently released a leaked copy of a corporate “TGIF” meeting at Google (recorded a couple of days after the election of Donald Trump), I’ve been receiving emails from various Trump supporters pointing at various short, out of context clips from that video to try make the argument that a vast, conspiratorial political bias by Google is on display.

This is utter nonsense. And a viewing of the entire now public meeting recording (https://lauren.vortex.com/g-tgif) not only reveals a lack of bias, but should inspire a completely different set of reactions — namely confidence and pride.

For in this video we see exactly what I for one would have hoped to see from the leaders of a powerful corporation under such circumstances — expressions of personal concern, but a clear determination not to permit personal feelings to skew or bias Google search engine or other services.

As I watched this video, I found myself almost constantly nodding my head in agreement. Frankly, if I had been up there on that stage I would have been sorely tempted to state my concerns regarding the election’s outcome in somewhat stronger language. And let’s face it, events in the ensuing nearly two years since that election have proven these kinds of concerns to have been utterly justified.

The motives of the Google or ex-Googler who originally leaked this TGIF video are obvious enough — to try feed into the alt-right’s false narratives of claimed political bias at Google. 

In this respect that person failed miserably, because any fair-minded individual viewing the entire video cannot fail to see corporate leaders explicitly keeping their personal feelings separate from corporate policies. 

That’s not to say that this nefarious leaker hasn’t done real damage inside Google. Reportedly, internal access to TGIF videos has been greatly restricted in the wake of the leak. That’s bad news all around — open discussion of sometimes controversial issues inside Google is key not only to Google’s success, but is important to Google’s users and the global community as well.

And of course the leaker has now spawned a plethora of additional right-wing articles attacking various Google execs, and a range of new wacky false conspiracy theories, including the bizarre notion that the beanie propeller hats typically worn by new Google employees are actually some kind of creepy cult symbolism. Give me a break! Apparently these conspiracy idiots never saw “Beany & Cecil” (https://www.youtube.com/watch?v=cMdReHP9cb0).

Google — like all firms — is made up of human beings, and a person hasn’t walked this planet who qualifies as perfect. But when I watch this video, I see a group of people working very hard to do the right thing, to keep Google firmly on an unbiased and even keel despite personal disappointments.

And yes, that makes me very proud of Google and Googlers.

–Lauren–

Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily

In previous posts, including “Here’s How to Disable Google Chrome’s Confusing New URL Hiding Scheme” (https://lauren.vortex.com/2018/09/07/heres-how-to-disable-google-chromes-confusing-new-url-hiding-scheme), I’ve noted the serious security and other problems related to Google Chrome’s new policy of hiding parts of site URLs.

Google has now — sort of, temporarily — backed off on these changes.

In a post over on the Chromium blog, at:

https://bugs.chromium.org/p/chromium/issues/detail?id=883038

they note that URL subdomain hiding (Google uses the term “elide” — how often do you see that one?) is being rolled back in Chrome M69, but the post also says that they plan to begin hiding — I mean “eliding” — www again in M70, but not “m” (no doubt because they realized what a potential mess that made over on Tumblr). They also say that they’ll initiate a discussion with standards bodies about this to reserve “www or m” as hidden subdomains.

The comments on that Chromium post appear to be virtually universally opposed to Google’s hiding any elements of URLs. At the very least, it’s obvious that Google should not begin such URL modifications again until after such a time (if ever) that standards bodies have acted in these regards, and I would argue that these bodies should not do so in the manner that Google is now pushing.

The www and m subdomains have been integral parts of the user experience on the Web for decades. Tampering with them now (especially www) makes no sense, and (along with the other action that Google took at the same time — hiding the crucial http:// and https:// prefixes that are key signals regarding communications security) just puts users in an even more vulnerable position, as I discussed in “Chrome Is Hiding URL Details — and It’s Confusing People Already!” (https://lauren.vortex.com/2018/07/10/chrome-is-hiding-url-details-and-its-confusing-people-already).

We can certainly have a vibrant discussion regarding additional signals that could help users to detect phishing and other URL-related attacks, but any and all changes to URL displays (including involving http, https, m, www, and so on) should only take place if and after there is broad community agreement that such changes are actually user positive.

Google should completely cease all of these URL changes, permanently, unless such criteria are met.

–Lauren–

Verizon’s 5G Home Broadband Has a Rough Start

A few days ago, Verizon Wireless announced with great fanfare that people in their initial handful of supported cities (including here in L.A.) could use a locator site as of this morning to check for availability of the new Verizon Wireless 5G Home Broadband service, which supposedly touts some impressive specs. Actually, we should call it “5G” with the quotes made obvious, since it’s not really a standardized 5G yet, but let that pass for now.

The locator site has been present at least since that announcement but said that you couldn’t actually check addresses until something like 5 AM PDT this morning. So this morning I decided to check my address. I didn’t expect it to be covered — I heard rumors that Verizon’s initial coverage of L.A. would be very small, perhaps centered on downtown L.A., and I’m literally in the other end of the city in the distant reaches of the San Fernando Valley.

The site apparently did enable its address checking functionality this morning. Well, in theory, anyway.

The page has an annoying overlay curtain effect when you touch it (that was there several days ago as well) but as of right now the “Check availability” link immediately punches you through to another page saying that service is not available at your address — before you’ve even entered a physical address.  Are they trying to guess your approximate location based on your IP address? Naw, that would never work — too prone to error, and think of all the people using mobile devices who all appear to be coming from carrier gateways.

Hmm. There is a “change address” link — and you can actually enter your address at that one. Oops, still says not available at your address. But, wait a second. Whether you enter your address directly or not, there’s a note under that unavailability announcement:

Server is temporarily down, couldn’t able to process the request currently.

Wow, this is starting to feel like a phishing site with a backend coded by someone who clearly wasn’t a native English speaker.

And checking again just now, the site is still in this condition.

Not an auspicious beginning.

–Lauren–

EU Preliminarily Passes Horrific Articles 11 & 13 — Here’s How to Fight Back!

By a vote of 438 to 226, the massively confused and lobbyists-owned EU Parliament has preliminary passed horrific Article 11 and Article 13, aimed at turning ordinary users into the slaves of government-based Internet censorship and abuse.

The war isn’t over, however. These articles now enter a period of negotiation with EU member states, and then are subject to final votes next year, probably in the spring.

So now’s the time for the rest of the world to show Europe some special “tough love” — to help them understand what their Internet island universe will look like if these terrible articles are ever actually implemented.

Article 11 is an incredibly poorly defined “link tax” aimed at news aggregators. If Article 11 is implemented, the reaction by most aggregators who have jurisdictional exposure to the EU (e.g., EU-based points of presence) will not be to pay the link taxes, but rather will be to completely cease indexing those EU sites.

Between now and the final votes next year, news aggregation sites should consider temporarily ceasing to index those EU sites for various periods of time at various intervals, to give those sites a taste of what happens to their traffic when such indexing stops, and what their future would look like under Article 11.

Then we have Article 13’s massive, doomed-to-disaster content filtering scheme, which would be continually inundated with false matches and fake claims (there are absolutely no penalties under Article 13 for submitting bogus claims). While giant firms like Google and Facebook would have the resources to implement Article 13’s mandates, virtually nobody else could. And even the incredibly expensive filtering systems built by these largest firms have significant false positive error rates, frequently block permitted content, and cost vast sums to maintain.

A likely response to Article 13 by many affected firms would be to geoblock EU users from those company’s systems.  That process can begin now on a “demonstration” basis. The IP address ranges for EU countries can be easily determined in an automated manner, and servers programmed to present an explanatory “Sorry about that, Chief — You’re in the EU!” message to EU users instead of the usual services. As with the Article 11 protest procedure noted above, these Article 13 IP blocks would be implemented at various intervals for various durations, between now and the final votes next year.

The genuinely sad part about all this is that none of it should be necessary. Article 11 and 13 mandates will never work as their proponents hope, and if deployed will actually do massive damage not only to EU (and other) users at large, but to the very constituencies that have lobbied for passage of these articles!

And that’s a lose-lose situation in any language.

–Lauren–

“The EU’s (Internet) Island” (To the tune of “Gilligan’s Island”)

UPDATE (September 12, 2018): EU Preliminarily Passes Horrific Articles 11 & 13 — Here’s How to Fight Back!

– – –

In honor of the EU’s horrific “Article 11” and “Article 13” — In the hope that they don’t pass, and that these lyrics don’t come to pass as reality.

– – –

“The EU’s (Internet) Island”
(To the tune of “Gilligan’s Island”)
Lauren Weinstein – 11 September 2018

Just sit right back and you’ll hear a tale,
A tale of a fateful trip.
When the EU tried to wreck the Net,
And just sunk their own sad ship.
Their ideas were a link tax few would pay,
And content censorship tools.
So the EU voted to proceed,
With a plan made by fools,
A plan made by fools!

(Lightning and Thunder!)

It didn’t work out like they hoped,
The world cut the EU off.
Fake claims filled the content filters fast,
And EU users were lost,
The EU users were lost!

Now the EU’s been chopped from the Net,
Like a lonely desert isle.
With Luxembourg,
And Brussels too,
And Frankfurt,
And yes Strasbourg!
The Hague as well,
And the rest,
Are here on the EU’s Isle!

<End>