Author: Lauren

We all know that the long knives are out by various governments regarding YouTube content. We know that Google is significantly increasing the number of workers who will review YT abuse reports.

But we also know that the volume of videos in the uploading firehose is going to continue leaving very large numbers of abusive videos online that may quickly achieve high numbers of views, even if YT employed techniques that I’ve previously urged, such as human review of videos that are about to go onto the trending lists before they actually do so.

This scale of videos is enormous — yet the scale of viewing users is also very large.

Is there some way to leverage the latter to help deal with abusive content in the former, as a proactive effort to help keep government censorship of YT at bay?

YT already has a “Trusted Flaggers” program that gives abuse review priority to videos that these users have flagged. But (as far as I know) this only applies to videos that these users have happened to find and see of their own volition. 

I don’t have the hard data to prove this, but I have a strong suspicion that vast numbers of users would be willing to participate as organized volunteer proactive “screeners” of a sort for YT, especially if there was some even minor financial incentive for their participation (think in terms of a small amount of Play Store credit, for example).

What if public videos that were suddenly attracting significant numbers of views (“significant” yet to be defined), were pushed to some odd number (to avoid ties) of such volunteer viewers who have undergone appropriate online training regarding YT’s Terms of Use? We require that they actually are viewing reasonable amounts of these videos (yes, there would be ways to attempt gaming this, but remember we’re talking about very large numbers of volunteers so much of that risk should wash out if care is used in tracking analysis).

They vote/rate the videos acceptable or not. If the majority vote a video as unacceptable, it gets pushed to the formal G abuse screeners for a decision. If any given volunteer is found over time to be providing bad decisions, they’re dropped from the program.

Most videos would have small enough numbers of views to never even enter this system. But it would provide a middle ground to help deal with videos that are suddenly getting more visibility *before* they can cause big problems, and this technique doesn’t rely on random viewers taking the initiative to flag abusive videos (and for that matter figuring out how to flag them, since flagging is not typically a top level YT user interface element these days, as I’ve previously noted).

Since participants in this program would not have any control over which specific videos they’d be pushed for a vote, and since again we’d be talking about quite large numbers of participants (and we’d be monitoring their performance over time), the ability to purposely claim that nonabusive videos were abusive (or the reverse) would be minimized.

No video would have action taken against it unless it had also been declared abusive by a regular YT screener in the pipeline after the volunteer screeners down-voted a video — providing even more protection.

How to define abusive videos is of course a separate discussion relating directly to the YT Terms of Service, but this could include the kinds of content violations that we all know about in relation to YT (hate speech, dangerous pranks and dares, threats, etc.), and even areas such as obvious obnoxious Content ID evasions (e.g., program/movie video inset boxes against random backgrounds, artificial program run time variations, and so on).

I do realize that this is a fairly radical concept and that there are all manner of details that aren’t considered in this brief summary. But I am increasingly convinced that it’s going to take some sort of new approach to help deal with these problems proactively, and to help forestall governments from moving in and wrecking the wonderful YouTube ecosystem with escalating politically motivated demands and threats.

–Lauren–

UPDATE (June 1, 2018): Google has reportedly announced that it will not be renewing the military artificial intelligence contract discussed in this post after the contract expires next year, and will shortly be unveiling new ethical guidelines for the use of artificial intelligence systems. Thanks Google for doing the right thing for Google, Googlers, and the community at large.

UPDATE (May 31, 2018): Google and the Defense Department’s Disturbing “Maven” A.I. Project Presentation Document

– – –

Many years ago, I was the systems guy who ran the early UNIX minicomputers in the basement of Santa Monica’s RAND Corporation. While RAND at the time derived the vast majority of its income from Department of Defense contracts, I was there despite my lifelong refusal to work directly on military-related projects (to the significant detriment of my own income, I might add). RAND spoke truth to power. DoD could contract with RAND for a report on some given topic, but RAND wouldn’t skew a report to reach results that the contractor had hoped for. I admired that.

One midday I was eating lunch in an open patio between the offices there, chatting with a couple of the military research guys. At the time, one focus of DoD interest was use of mainframe and minicomputer systems to analyze battlefield data, such as it was back then. My lunchmates assured me that their work was all defensive in nature.

I asked how they could be sure that the same analytical systems they intended for defense couldn’t also by used by the military for actually killing people. “We have to trust them,” came the reply. “The technology is inherently dual use.”

It seemed to me that battlefield data analysis was fundamentally different from the DoD-funded projects I also worked on — with ARPANET being the obvious example. Foundational communications research is not in the same category as calculating how to more efficiently kill your enemy. At least that’s how I felt at the time, and I still feel that way. There’s nothing inherently evil in accepting money from DoD — the ethical issues revolve around the specifics of the projects involved.

Fast forward to the controversy that has arisen today, about which I’ve been flooded with queries — word that Google has been engaged in “Project Maven” for DoD, using Google AI/Machine Learning tech to analyze footage from military drones. Apparently this wasn’t widely known even internally at Google, until the topic recently found its way to internal discussion groups and then leaked to the public. Needless to say, there reportedly has been quite considerable internal controversy about this, to say the least.

“How do you feel about this, Lauren?” I’m being asked.

Since I frequently play armchair ethicist, I’ve been giving this question a lot of thought today.

The parallels with that lunch discussion at RAND so long ago seem striking.  The military wanted to analyze battlefield data back then, and they want to analyze military drone data now.

There are no simple answers.

But we can perhaps begin with the problem of innocent civilian deaths resulting from U.S. drone strikes. We know that the designated terrorist targets are frequently purposely embedded in civilian areas, and often travel with civilians who have little or no choice in the matter — such as children and other family members.

While the Pentagon (as they did during the Vietnam war) makes a grand show about body counts, it’s not clear that most of these drone strikes have much long-term anti-terrorism impact. The targets are frequently fungible — kill one leader and another moves right in. Liquidate one bomb maker and the position is quickly filled by another.

So, ethical question #1: Are these drone strikes justifiable at all? To answer this question honestly, we must of course consider the rate of collateral civilian deaths and injuries, which are sure to inspire further anti-U.S. rhetoric and attacks.

My personal belief is that in most cases — at least to the extent that we in the public are aware — the answer to this question is generally no.

Which brings us to ethical question #2 (or rather, a set of questions): Does supplying advanced image processing and analysis systems for military drone data fall into an ethically acceptable category, provided that such analysis is not specifically oriented toward targeting for lethal operations? Can it be reasonably argued that more precise targeting could also help to prevent civilian casualties, even when those civilians are in immediate proximity to the intended targets? Or is providing such facilities also ethical even if direct lethal operations are known in advance to be the likely result, toward the advancement of currently stated U.S. interests?

And after all, much of our technology today can be easily repurposed in ways that we technologists had not intended — for example, for oppressive governments to surveil and censor their own citizens.

Yet the immense potential power of rapidly advancing AI and Machine Learning systems do cast these kinds of issues in a new and qualitatively different kind of light. And that’s even if we leave aside a business-based analysis that some firms might make, noting that if they don’t provide the services, some other company will do so anyway, and get the contracts as well as the income.

I know absolutely nothing about Google’s participation in Project Maven other than what I’ve seen in public sources today.

But to try address the gist of my own questions from just above, based on what I know right now, I believe that Google has a significant ethical quandary on their hands in this regard.

I personally doubt that this kind of powerful tech can be constrained through contractual relationships to purely defensive use. I also feel that the decision regarding whether or not any given firm is willing to accept that its technology may be used for lethal purposes is one that should be made “eyes wide open” —  and is worthy of nothing less than effectively a significant level of company-wide consensus before proceeding.

It has been ages since I even thought about that long ago lunch conversation at RAND. It’s indeed disquieting to be thinking about it again today.

Be seeing you.

–Lauren–

UPDATE (November 16, 2018):  New, Independent Criterion Channel to Launch Spring 2019

– – –

UPDATE (October 26, 2018): Warner Media — controlled by those sick bastards at AT&T since the horrific merger  — are shutting down FilmStruck on November 29th. AT&T: Always finding new ways to enrich ourselves and screw you. Thank you for using AT&T!

– – –

Yesterday was my last day subscribing to Netflix. Miss them, I will not. I had been meaning to kill the subscription for quite some time, finally pulled the trigger a couple of weeks ago, and the final days ran out at the end of February.

It’s been painful to watch Netflix’s escalating deterioration and hubris. After arguably putting movie rental stores out of business almost single-handedly, Netflix decided that they no longer really cared about classic films.

Netflix CEO Reed Hastings wants to play Hollywood movie mogul for himself. So Netflix has been decimating its online catalog of classic, quality films, and replacing them with a cavalcade of mediocre productions. Their corpus of classic television has been going in the same direction for ages now.

What’s more, Netflix is spending billions of dollars — reportedly $8 billion just this year — to produce its own stream of mostly unwatchable films and series — which they continuously promote through app screensavers and in every other way possible.

It’s gotten to the point that whenever you hear the characteristic loud “thum thum!” that precedes a Netflix production, you know it’s time to move on.

That’s not to say that Netflix doesn’t occasionally produce a quality film or show — but the ratio is awful, and seems to be mostly of the “stopped clock is correct twice a day” variety.

Their “You might like this, Lauren!” recommendations stink. You can dig through their online listings for ages and find nothing even remotely worth your time.

Bye bye Netflix.

Luckily for those of us who care about classic films and quality films in general, there’s a superb online alternative —FilmStruck/Criterion:

https://www.filmstruck.com

FilmStruck is a service of Turner Broadcasting, who also produce the always excellent Turner Classic Movies (TCM) channel, of which I’ve been a fan since its inception many years ago. 

I subscribed to FilmStruck (and their wonderful Criterion Collection add-on) some weeks ago, around the same time that I issued my Netflix cancellation (Netflix vis-a-vis FilmStruck/Criterion pricing are both very similar, by the way). 

One of the best entertainment-related decisions I’ve ever made.

It would be fair to call F/C something of a TCM on super-steroids (and in fact, F/C has just now begun to integrate some new F/C intros from TCM hosts, and classic materials from the TCM archives — super!)

Are there downsides? Well, in all honesty F/C’s website is pretty slow and clunky. Their device apps need significant work. While you can run three simultaneous video streams, there’s no mechanism for separate users per se. 

I don’t care. All of that logistical stuff will certainly improve with time. 

Once the video streams are running they look great. Films are in HD whenever possible and are in reasonable aspect ratios. There are no “ID bugs” on the screen during films (and here I’ll also note that TCM has always had a policy of keeping their ID bugs to an absolute minimum — just a few seconds at a time occasionally during films, which is also very much appreciated).

The depth and breadth of F/C’s superb classic and independent films online catalog are breathtaking.

But there’s a lot more there than the individual movies. There are curated collections of films. Often there are all manner of “extras” — not only the kinds of additional materials familiar from DVDs like commentary tracks, discussions, and other original features, but F/C-produced materials as well.

It really is a classic film lover’s paradise.

What’s more, a few days ago it was announced that Warner Bros. was shutting down their own standalone streaming service, and transferring their vast library of hundreds of classic films to F/C — some of those have already become available and they’re great. I started into them yesterday with “Forbidden Planet” and “Casablanca” — and that’s just barely scratching the surface, of course.

Anyway, you get the idea. If you’re happy with the kind of putrid porridge that has become Netflix’s stock-in-trade these days, more power to you — enjoy.

But if you care about great films, about classic films — I urge you to give FilmStruck/Criterion a try (there’s a 14 day free trial, and you can view via a range of mobile and streaming devices, including Chromecast, Roku, etc.)

Sorry Netflix. That’s show biz!

–Lauren–

Late last year, in the wake of the Las Vegas shooting tragedy (I know, keeping track of USA mass shootings is increasingly difficult when they’re increasingly common) I suggested in general terms some ways that YouTube could avoid spreading disinformation and false conspiracy theories after these kinds of events:

“Vegas Shooting Horror: Fixing YouTube’s Continuing Fake News Problem” – https://lauren.vortex.com/2017/10/05/vegas-horror-fixing-youtube-fake-news

I’ve also expressed concerns that YouTube’s current general user interface does not encourage reporting of hate or other abusive videos:

“How YouTube’s User Interface Helps Perpetuate Hate Speech” – https://lauren.vortex.com/2017/03/26/how-youtubes-user-interface-helps-perpetuate-hate-speech

Now, here we are again. Another mass shooting. Another spew of abusive, dangerous, hateful, false conspiracy and other related videos on YouTube that clearly violate YouTube’s Terms of Use but still managed to push high up onto YouTube trending lists — this time aimed at vulnerable student survivors of the Florida high school tragedy of around a week ago.

Google has stated that the cause for one of the worst of these reaching top trending YouTube status was an automated misclassification due to an embedded news report, that “tricked” YouTube’s algorithms into treating the entire video as legitimate.

No algorithms are perfect, and YouTube’s scale is immense. But this all begs the question — would a trained human observer have made the same mistake?

No. It’s very unlikely that a human who had been trained to evaluate video content would have been fooled by such an embedding technique.

Of course as soon as anyone mentions “humans” in relation to analysis of YouTube videos, various questions of scale pop immediately into focus.  Hundreds of hours of content are uploaded to YouTube every minute. YouTube’s scope is global, so this data firehose includes videos concerning pretty much any conceivable topic in a vast array of languages.

Yet Google is not without major resources in these regards. They’ve publicly noted that they have significantly-sized teams to review videos that have been flagged by users as potentially abusive, and have announced that they are in the process of expanding those teams.

Still, the emphasis to date has seemed to be on removing abusive videos “after the fact” — often after they’ve already quickly achieved enormous view counts and done significant damage to victims.

A more proactive approach is called for.

One factor to keep in mind is that while very large numbers of videos are continuously pouring into YouTube, the vast majority of these will never quickly achieve high numbers of views. These are what comprise the massive “long tail” of YouTube videos.

Conversely, at any given time only a relative handful of videos are trending “viral” and accumulating large numbers of views in very short periods of time.

While any and all abusive videos are of concern, as a practical matter we need to direct most of our attention to those trending videos that can do the most damage the most quickly.  We must not permit the long tail of less viewed videos to distract us from promptly dealing with abusive videos that are currently being seen by huge and rapidly escalating numbers of viewers.

YouTube employees need to be more deeply “in the loop” to curate trending lists much earlier in the process.

As soon as a video goes sufficiently viral to technically “qualify” for a trending list, it should be immediately pushed to humans — to the YouTube abuse team — for analysis before the video is permitted to actually “surface” on any of those lists.

If the video isn’t abusive or otherwise in violation of YouTube rules, onto the trending list it goes and it likely won’t need further attention from the team. But if it is in violation, the YouTube team would proactively block it from ever going onto trending, and would take other actions related to that video as appropriate (which could include removal from YouTube entirely, strikes or other actions against the uploading YouTube account, and so on).

There simply is no good reason today for horrifically abusive videos appearing on YouTube trending lists, and even worse in some cases persisting on those lists for hours, even rising to top positions — giving them enormous audiences and potentially doing serious harm.

Yes, fixing this will be significant work.

Yes, this won’t be cheap to do.

And yes, I believe that Google has the capabilities to accomplish this task.

The dismal alternative is the specter of knee-jerk, politically-motivated censorship of YouTube by governments, actions that could effectively destroy much of what makes YouTube a true wonder of the world, and one of my all-time favorite sites on the Internet.

–Lauren–

Google seems to be taking hits from all sides these days, and the announcement of another “diversity” lawsuit directed at the firm by an ex-employee only adds to the escalating mix.

The specific events related to these suits all postdate my consulting inside Google some years ago, but I know a lot of Googlers — among the best people I know, by the way — and I still have a pretty good sense of how Google’s internal culture functions.

Google is in a classic “damned if you do and damned if you don’t” position right now, exacerbated by purely political forces (primarily of the alt-right) that are attempting to leverage these situations to their own advantage — and ultimately to the disadvantage of Google, Google’s users, and the broader community at large.

This all really began with Google’s completely justified firing of alt-right darling James Damore after he internally promulgated what is now widely known as his “anti-diversity” memo.

The crux of the matter — as I see it, anyway — is that while Google’s internal discussion culture is famously vibrant and open (I can certainly attest to that myself!) — Google still has a corporate and ethical responsibility to provide a harassment-free workplace. That’s why Damore’s memo resulted in his termination.

But “harassment” (at least in a legal sense) doesn’t necessarily only apply to one side of these arguments.

To put this into more context, I need only think of various corporate environments that I’ve seen over my career, where it would have been utterly unthinkable to have the level of open discussion that is not only permitted by Google but encouraged there. At many firms today, Google’s internal openness in this regard would still be prohibited.

Many Googlers have never experienced such more typical corporate workplaces where open discussion of a vast range of topics is impractical or prohibited.

Yet even in an open discussion environment like Google’s, there have to be some limits. This is particularly true with personnel issues like diversity, that not only involve complex legal matters, but can be extremely sensitive personally to individual employees as well.

The upshot of all this — in my opinion — is that “public” internal personnel discussions per se are generally inappropriate for any corporate environment given the current legal and toxic political landscapes, especially with evil forces ready and willing to latch onto any leaks to further their own destructive agendas, e.g. as I discussed in “How the Alt-Right Plans to Control Google” — https://lauren.vortex.com/2017/09/29/how-the-alt-right-plans-to-control-google — and in other posts.

Personnel matters are much better suited to direct and private communications with corporate HR than for widely viewed internal discussion forums.

This isn’t a happy analysis for me. Most of us either know victims of harassment or have been harassed one way or another ourselves. And it’s clear that the kinds of harassment most in focus today are largely being encouraged by alt-right perpetrators, up to and including the sociopath currently in the Oval Office.

But in the long run, acting compulsively on our gut instincts in these regards — however noble those instincts may be — can be positively disastrous to our attempts to stop harassment and other evils. How and where these discussions take place can be fully as important as the actual contents of the discussions themselves. Insisting on such discussions within inappropriate environments, especially when complicated laws and “go for the jugular” external politics can be involved, is typically very much a losing tactic.

Overall, I believe that Google is handling this situation in pretty much the best ways that are actually possible today.

–Lauren–

With so much criticism lately being directed at the more “unsavory” content on YouTube that I’ve discussed previously, it might be easy to lose track of why I’m still one of YouTube’s biggest fans.

Anyone could be forgiven for forgetting that despite highly offensive or even dangerous videos on YouTube that can attract millions of views and understandable public scrutiny, there are many other types of YT videos that attract much less attention but collectively do an incalculably large amount of good.

One example is YT’s utterly enormous collection of legitimate and incredibly helpful “How-To” videos — covering a breathtaking array of topics.

I’m not referring here to “formal” education videos — though these are also present in tremendous numbers and are usually very welcome indeed. Nor am I just now discussing product installation and similar videos often posted by commercial firms — though these are also often genuinely useful.

Rather, today I’d like to highlight the wonders of “informal” YT videos that walk viewers through the “how-to” or other explanatory steps regarding pretty much any possible topic involving computers, electronics, plumbing, automotive, homemaking, hobbies, sports — seemingly almost everything under the sun.

These videos are typically created by a cast and crew of one individual, often without any formal on-screen titles, background music, or other “fancy” production values.

It’s not uncommon to never see the faces of these videos’ creators. Often you’ll just see their hands at a table or workbench — and hear their informal voice narration — as they proceed through the learning steps of whatever topic that they wish to share.

These videos tend with remarkable frequency to begin with the creator saying “Hi guys!” or “Hey guys!” — and often when you find them they’ll only have accumulated a few thousand views or even fewer.

I’ve been helped by videos like these innumerable times over the years, likely saving me thousands of dollars and vast numbers of wasted hours — permitting me to accomplish by myself projects that otherwise would have been expensive to have done by others, and helping me to avoid costly repair mistakes as well.

To my mind, these kinds of “how-to” creators and their videos aren’t just among the best parts of YouTube, but they’re also shining stars that represent much of what we many years ago had hoped the Internet would grow into being.

These videos are the result of individuals simply wanting to share knowledge to help other people. These creators aren’t looking for fame or recognition — typically their videos aren’t even monetized.

These “how-to” video makers are among the very best not only of YouTube and of the Internet — but of humanity in general as well. The urge to help others is among our species’ most admirable traits — something to keep in mind when the toxic wasteland of Internet abuses, racism, politicians, sociopathic presidents — and all the rest — really start to get you down.

And that’s the truth.

–Lauren–

As I’ve frequently noted, one of the reasons that it can be difficult to convince users to provide their phone numbers for account recovery and/or 2-step, multiple-factor authentication/verification login systems, is that many persons fear that the firms involved will abuse those numbers for other purposes.

In the case of Google, I’ve emphasized that their excellent privacy practices and related internal controls (Google’s privacy team is world class), make any such concerns utterly unwarranted.

Such is obviously not the case with Facebook. They’ve now admitted that a “bug” caused mobile numbers provided by users for multiple-factor verification to also be used for spamming those users with unrelated text messages. Even worse, when users replied to those texts their replies frequently ended up being posted on their own Facebook feeds! Ouch.

What’s most revealing here is what this situation suggests about Facebook’s own internal privacy practices. Proper proactive privacy design would have compartmentalized those phone numbers and associated data in a manner that would have prevented a “bug” like this from ever triggering such abuse of those numbers.

Facebook’s sloppiness in this regard has now been exposed to the entire world.

And naturally this raises a much more general concern.

What other sorts of systemic privacy design failures are buried in Facebook’s code, waiting for other “bugs” capable of freeing them to harass innocent Facebook users yet again?

These are all more illustrations of why I don’t use Facebook. If you still do, I recommend continuous diligence regarding your privacy on that platform — and lotsa luck — you’re going to need it!

–Lauren–

UPDATE (February 16, 2018): The FBI is reporting today that on January 5th of this year, they received a tip from an individual close to the shooter, specifically noting concerns about his guns and a possible school shooting. In sharp contrast to the single unverifiable YouTube comment discussed below that had been reported to the FBI, the very specific information apparently provided in the January tip is precisely the kind of data that should have triggered a full-blown FBI investigation. Since the information from this January tip reportedly was never acted upon, this dramatically increases FBI culpability in this case.

– – –

Before the blood had even dried in the classrooms of the Florida high school that was the venue for yet another mass shooting tragedy, authorities and politicians were out in force trying to assign blame everywhere.

That is, everywhere except for the fact that a youth too young to legally buy a handgun was able to legally buy an AR-15 assault-style weapon that he used to conduct his massacre.

Much of the misplaced blame this time is being lobbed at social media. The shooter, whom we now know had mental health problems but apparently had never been adjudicated as mentally ill, had a fairly rich social media  presence, so the talking heads are blaming firms like YouTube and agencies like the FBI for not “connecting the dots” to prevent this attack.

But the reality is that (as far as I can tell at this point) there wasn’t anything particularly remarkable about his social media history in today’s Internet environment.

There was — sad to say — nothing notable to differentiate his online activities from vast numbers of other profiles, posts, and comments that feature guns, knives, and provocatively “violent” types of statements. This is the state of the Net today — flooded with such content. When I block trolls on Google+, I usually first take a quick survey of their profiles. I’d say that at least 50% of the time they fall into the kinds of categories I’ve mentioned above.

We also know that 99+% of these kinds of users are not actually going to commit violent acts against people or property.

20/20 hindsight is great, but by definition it doesn’t have any predictive value in situations like this. Law enforcement couldn’t possibly have the resources to investigate every such posting.

In the case of this shooter, the FBI actually became involved since a YouTube user had expressed concern when a comment was left by someone (using the name of the shooter) saying “I’m going to be a professional school shooter.”

That’s not even an explicit threat. There’s no specified time or place. It’s very nasty, but not illegal to say. Social media is replete with far more explicit and scary statements that would be much more difficult to categorize as likely sarcasm or darkly joking around.

The FBI reportedly did a routine records search on that name (of course, anyone can post pretty much anything under any name), and found nothing relevant. To have expended more resources based only on that single comment didn’t make sense. Nor is there apparently any reason to believe that if they’d located that individual, then gone out and immediately interviewed him, that the course of later events would have been significantly changed.

We’re also hearing the refrain that authorities should have the right to haul in anyone reported to have mental stability issues of any kind, even if they’ve never been treated for mental illness or been arrested for any crime.

Well golly, these days that would probably include about four-fifths of the population, if not more. Pretty much everyone is nuts these days in our toxic social and political environments, one way or another.

The world is full of loonies, but these kinds of attacks only happen routinely here in the U.S. — and we all know in our hearts that the trivial availability of powerful firearms is the single relevant differentiating factor that separates us from the rest of the civilized world in this respect.

And that’s the tragic truth.

–Lauren–

Google has announced the bringing of its “AMP” concept (an acronym for “Accelerated Mobile Pages”) to Gmail, and is encouraging other email providers to follow suit.

AMP in the mobile space has been highly controversial since the word go, mainly due to the increased power and leverage that it gives Google over the display of websites and ads.

The incorporation of AMP concepts into email, to provide what Google is calling “a more interactive and engaging” email experience, is nothing short of awful. It seriously sucks. It sucks so much that it takes your breath away.

I am not in this post interested in how or by how much AMPed email would push additional market power to Google. That’s not my area of expertise and I’ll largely defer to others’ analyses in these regards.

But I do know email technology. I’ve been coding email systems and using email for a very long time — longer than I really like to think about.  I was involved in the creation of various foundational email standards on which all of today’s Internet email systems are based, and I have a pretty good feel for where things have gone wrong with email during ensuing decades.

Introduction of “rich” email formats — in particular HTML email with its pretty fonts, animated icons, and wide array of extraneous adornments — can be reasonably viewed as a key class of “innovations” that led directly to the modern scourge of spam, phishing attacks, and a wide variety of other email-delivered criminal payloads that routinely ruin innumerable innocent lives.

Due to the wide variety of damage that can be done through unscrupulous use of these email formats, many sites actually ban and/or quarantine all inbound HTML email that doesn’t also include “plain text” versions of the messages as well.

In fact, the actual underlying email specifications require such a plain text version to accompany any HTML version. Unfortunately, this requirement is now frequently ignored, both by crooks who use its absence to try trick email users into clicking through to their malignant sites,  and by “honest” email senders who just don’t give a damn about standards and only care about getting their bloated messages through one way or another.

This state of affairs has led many site administrators to consider inbound HTML-only email to be a 100% signal of likely spam. Much actually legit email is thrown into the trash unseen as a result.

Google now plans to be pushing what amounts to HTML email on steroids, creating a new email “part” that will likely quickly become the darling of the same email marketers — further bloating email, wasting data, and causing both more confusion for users and more opportunities for virulent email crooks.

No doubt Google has considered the negative ramifications of this project, and obviously has decided to plow ahead anyway, especially given the rapidly growing challenges of the traditional website ad-based ecosystem.

I frequently am asked by users how they can actively avoid the tricky garbage that arrives in their email every day. I have never in my life heard anyone say anything like, “Golly, I sure wish that I could receive much more complicated email that would let me do all sorts of stuff from inside the email itself!”

And I’ll wager that you’ve never heard anyone asking for “more interactive and engaging” email. Most people want simple, straightforward email, keeping the more complex operations on individual websites that aren’t “cross-contaminated” into important email messages.

AMP for email is a quintessential “solution in search of a problem” — a system being driven by corporate needs, not by the needs of ordinary users.

Worse yet, if email marketers begin to widely use this system, it will ultimately negatively impact every email user on the Net, with ever more unnecessarily bloated messages clogging up inboxes even if you have no intention of ever touching the “AMPed” portion of those messages.

And I predict that despite what will surely be the best efforts of Google to avoid abuse, the email criminals will find ways to exploit this technology, leading to an ever escalating whack-a-mole war.

Throwing everything except the kitchen sink into HTML email was always a bad idea. But now Google apparently wants to throw in that sink as well. And frankly, this could be the final straw that sinks much of email’s usefulness for us all.

–Lauren–

We’re losing the account security war. Despite the increased availability of 2-step verification (2sv) systems — also called 2-factor and multiple-factor verification/authentication — most people don’t use them. As a result, conventional phishing techniques continue to be largely effective at stealing user account credentials, ruining many lives in the process.

As I’ve discussed previously, part of the reason for this low uptake of 2sv relates to the design of the systems themselves — they frankly remain too complicated in terms of “hassle level” for most users to be willing to bother with.

They don’t really understand them, even when many options are provided. They’re afraid they’ll screw up and get locked out of their accounts. They don’t want to hand over their phone numbers. They don’t trust where the verification phone calls are coming from when they see them on Caller ID — sometimes even reporting those calls as spam on public websites! They don’t know how to use 2sv with third-party apps. Often they tried to use 2sv, got confused, and gave up. It goes on and on. We’ve discussed this all before.

And to be sure, many 2sv implementations simply suck. Frequently they’re badly designed, break down easily, are a pain in the ass to use, and sometimes do lock you out.

Even for Google, which has one of the best 2sv systems that I know of (see their 2sv setup site at: https://www.google.com/landing/2step), user acceptance of 2sv is dismal — Google reports that fewer than 1 in 10 Gmail users have 2sv enabled.

And so the phishing continues. Recently there have been reports of new Russian hacking attacks against Defense Department users’ Gmail accounts (mostly their personal accounts, but that’s bad enough given the leverage that personal info found in such accounts might provide to adversaries).

In corporate environments it’s possible to require use of 2sv. But outside of those environments, this is a very tricky proposition. I’ve noted the theoretical desirability of requiring 2sv for everyone — but I also acknowledge that as a practical matter, given current systems and sensibilities, this is almost certainly a non-starter for now.

Too many users would object, and unlike some government entities (e.g. the Social Security Administration and IRS) that now require 2sv to access their sites and always offer alternative offline mechanisms (e.g., phone, conventional mail) for dealing with them, any major Web firm that tried to require 2sv would be likely to find itself at a competitive disadvantage in short order.

But there’s an even more fundamental problem. Most users simply don’t believe that they’re ever going to hacked. It always “happens to somebody else” — not to me! Using 2sv just feels like too much hassle for most people under such conditions, though after they or someone close to them have been hacked, they frequently change their tune on this quite quickly — but by then the damage is done.

It’s time to face the facts. Trying to “scare” users into adopting 2sv has been an utter failure.

Maybe we need to consider another approach — the carrot rather than the stick.

What can we do to make 2sv usage desirable, cool, even fun?

In other words, if we can’t successfully convince users to enable 2sv based on their own security self-interests, even in the face of nightmarish hacking stories, perhaps we can “bribe” them into the pantheon of 2sv.

There are precedents for this kind of approach.

For example, Google in the past has offered a bonus of additional free disk space allocations for users who completed specified security checkups.

Could we convince users to enable 2sv (and keep it enabled for at least reasonable periods of time) through similar incentives?

How about a buck or two of Play Store or other app store credits?

Can we make this more of a game, a kind of contest? Why not provide users with incentives not only to enable 2sv themselves, but to help convince other users to do so?

Obviously the devil is in the details, and any such incentive programs, rewards, or account bonuses would need to be carefully designed to avoid abuse.

But I increasingly believe that we need to explore new account security paradigms, especially when it comes to convincing users to enable 2sv.

The status quo is utterly unacceptable. If “bribing” users to enable better security on their accounts could make a positive difference, then let’s bring on the bribes!

–Lauren–

I come originally from an era where music was especially important to us, before the ability to watch pretty much any movie or other video program at the click of a mouse. But we did have radio, and vinyl records, and later CDs. 

And as each new plateau of technology was reached, we’d be able to hear our music with ever better fidelity. (Yes, I know all too well that there were some utterly atrocious early CD players and early CD pressings — but overall the trend line has been constantly upward in terms of audible quality.)

Since I’ve done quite a bit of audio work in my time, over the years I’ve had the opportunity to hear some really great sound systems, including incredibly expensive studio monitor speakers. But I never had the opportunity to really choose what I wanted to hear on those super speakers. Nor are they necessarily the best kind of speakers for simply enjoying music — they’re typically designed for the kind of “flat” response you want for a music mix, but that’s not ideal if you’re — for example — listening to music in your bedroom.

I’ve written before about Google Home, e.g. in “Why Google Home Will Change the World” — https://lauren.vortex.com/2016/11/10/why-google-home-will-change-the-world — and elsewhere.

The original Google Home and Home Mini can be reasonably described as Google Assistant terminals that happen to also play music. 

Google’s latest edition to the Home pantheon, the Home Max, is best described as a very high quality audio system that happens to also include Google Assistant. 

Google recently sent me a Max to explore (thanks Google!) and I wanted to offer my initial impressions to date.

There are articles all over the Web that describe the impressive specifications of Max in great detail. I will not repeat them all here.

Is Max heavy? Yep, you wouldn’t want to drop it on your foot. Is Max loud? Indeed. I’ve rarely run it over 65% volume so far, and that was for an experiment, not for routine listening. Great bass response? Certainly!

Does Max do all the good stuff that you expect of Google Assistant? Of course, and it even does so while music is blaring from the speakers, though you might have to raise your voice just a wee tad to get its attention when it’s really booming out the decibels.

Max uses Class D amplifiers, so it barely gets warm even at high volume levels. I’ve seen some reviewers actually complain that Max is somehow “dull” looking in design. I don’t know about you, but personally I listen to speakers — I don’t spend a lot of time staring at them. I consider it a plus for Max to blend into the visual background.

But it’s my subjective impressions of Max (in combination with Google Play Music and YouTube Red) that I really want to describe.

While I certainly enjoy much current music, my preferences more often than not steer toward classical music, classic rock and pop, and film scores (typically orchestral). As an aside, one of my favorite streaming stations — available on Home via TuneIn — is “M2 Classic” from Paris, which just happens to specialize in film scores and classical music!

Many of the reviews you can find about Max emphasize its very high maximum volume levels. That’s good, but there are aspects of audio reproduction that are even more important.

Quality. Clarity.

Volume without clarity and quality is the audio equivalent of Donald Trump’s incoherent and moronic rants. No matter how much you turn up the volume, he’s still just agonizing, stupefying noise.

And so it is with speaker systems. I don’t claim to have “golden ears” anymore (if I ever did), but you don’t have to be an audio expert to know that many people consider loud to be good no matter how painfully distorted the result.

Max’s magic is that no matter how far you crank up the volume, the results are crystal clear and a joy to behold.

Are they as good as high-priced studio monitors? That’s an apples and oranges question. I don’t want flat response audio monitors in my bedroom. I want speakers that do the best job possible of reproducing music in a quality way given the complex acoustic environment in that room, very different from a studio where you can install speakers in ideal locations in a space specifically designed for audio work. 

I want appropriate equalization for my listening at home. Max accomplishes this automatically. It just works. I don’t even have to think about it.

And that’s not just for high quality music streams coming in from Google or third party sources. Max includes a standard audio input jack. I have my TV plugged in there and Max does a great job with that audio too (plus, I get the bonus of voice control to mute or change TV volume levels).

Now here’s the seriously subjective section of this discussion.

There are songs, albums, scores, classical works, and all manner of other musical selections that I’ve heard innumerable times over my life, in some cases first on a little AM transistor radio tucked under my pillow at night.

Each subsequent technology sounded better than the previous, even though I was never in a position to own really good speakers of my own.

What I’m finding with Max is that I’m now hearing those familiar songs, that familiar music, in an entirely new way. I’m listening to the tracks, the compositions, the scoring cues properly for the very first time.

It’s sort of similar to how one feels when first seeing an old movie in the theater or on a big flat screen TV in proper aspect ratio, when originally you had seen it on a little black and white set with the vertical hold needing adjustment every few minutes, or on an early NTSC color set where tints would go awry with every minor temperature change.

It doesn’t matter with Max whether I’m listening quietly or with the volume cranked up, what I hear is clear as a bell. I’m now hearing utterly new aspects of music that I thought I already knew like the back of my hand.

Rock bass lines that I’ve never heard before. Underscore instrumentations that I didn’t know existed. Vocals that sound like I’m standing in the studio just across the glass from the singer. 

Perhaps these sound like small things to you (no pun intended, naturally).

But music matters a lot to me, and thanks to Google and Max I’m now able to hear pretty much anything in the musical realm that I wish, whenever I wish, and to hear it with the highest audio quality of my life.

And given the toxic world of pain in which we reside today, that’s one hell of a lot more than a modicum of happiness.

–Lauren–

The monsters are everywhere — self-righteous sickos who laugh at other people’s misfortunes — the same kind of diseased personalities who slow down in traffic to take photos of horrific accidents and urge distressed persons on the edges of buildings to jump to their deaths.

And they’re online as well. Oh man, are they online. Worst of all perhaps, they’re extremely well represented among the tech community where I’ve spent my entire career, such as it’s been.

Perhaps this helps to explain why so many techies are so disdainful of non-techies, why so many software designers call the people using their systems by the pejorative “losers” rather than users or customers.

It certainly provides some insight into why many non-technical persons view our technical fields with so much disdain and distrust.

Lately I’ve been writing a lot about people being harmed — in some cases killed — by social media fads — e.g., in “YouTube’s Dangerous and Sickening Cesspool of ‘Prank’ and ‘Dare’ Videos” — https://lauren.vortex.com/2017/05/04/youtubes-dangerous-and-sickening-cesspool-of-prank-and-dare-videos — and other posts.

Inevitably, when I note the vast array of videos on YouTube, Facebook, and other sites that show individuals being burned, shocked, poisoned, crushed, or otherwise injured and sometimes killed in the name of challenges, dares, and dangerous pranks, there are always the Trumpian “wits” who chuckle in the comments about “Darwin Awards” and stupid people, and how this helps to improve the gene pool, and golly Lauren aren’t we clever to think up a comment like this?

I point out that the tragedies from ingesting toxic substances or playing with guns — or the array of other horrific pranks and dares that are easily found on these video platforms pulling in vast numbers of views — often involve suckering in for “social media fame” real people with actual families and loved ones, and frequently young people including sometimes very young children.

“Oh well, I’m not including children of course,” tends to come the belated reply — though it’s obvious that in reality their actual degree of caring about their fellow human beings is somewhere south of absolute zero.

I’ve discussed elsewhere my concerns regarding how YouTube fails to properly enforce their own published Terms of Service when it comes to hate speech and the sorts of videos I described above.

Google has recently announced a series of efforts relating to these and associated content areas, including significantly more humans in the abuse reporting loops — something I have long advocated as a crucial adjunct to the automated systems that by necessity must be the first line of defense for the vast firehose of video pouring into YouTube 24/7 from around the world.

As one of YouTube’s biggest fans — I make no bones about this fact! — I very much want to see Google succeed in these efforts. Frankly, I personally have doubts that they’re moving fast enough to avoid the increasing specter of politically motivated, heavy-handed government regulations that threaten the entire video ecosystem. But certainly Google’s trajectory in this regard is now positive.

In fact, my faith in Googlers is such that I’m certain that they can solve these problems if enough resources are devoted to them — provided that scheming politicians and their minions don’t get in the way.

I wish I could offer the same degree of confidence regarding human beings in general. Whenever I see them laughing and making their malignant comments regarding people injured or killed in online videos, I’m torn between vomiting and fantasizing of a means to send a brief pulse of high voltage back to these commenters’ keyboards over the Net.

Fortunately, we do have the ability to deal with the array of technological policy issues that seem so vexing, if we choose to seriously do so.

Unfortunately, human nature itself has barely advanced at all since the caves, and our powerful technologies tend to enable not only the best of humanity, but disproportionately even more so the very worst.

Be seeing you.

–Lauren–

I informally try to help quite a few Google users with their Google-related issues when I can. Many of these involve Google Account problems of one sort or another.

I’ve frequently written about why it’s so important to use Google’s 2-step verification systems, e.g. in: “Protecting Your Google Account from Personal Catastrophes” —https://lauren.vortex.com/2017/09/07/protecting-your-google-account-from-personal-catastrophes — and various other posts.

I’ve also noted some of the reasons why Google users tell me that they don’t use Google’s 2-step verification, e.g. in: “Google Users Who Want to Use 2-Factor Protections — But Don’t Understand How” —  https://lauren.vortex.com/2017/06/10/google-users-who-want-to-use-2-factor-protections-but-dont-understand-how — and related discussions.

Google recently announced that fewer than 1 in 10 Gmail users have 2-factor enabled on their Google accounts — so this is a very serious matter.

Yesterday, I was approached by a long-time reader who told me that he had long been trying — without success — to use 2-factor, had been unable to get assistance from Google in this regard, and wondered if I could help. Perhaps you’ve had the same problem.

This Google user needed to make use of various non-Google applications via his Google account, that seemingly would only function when his Google account had 2-factor disabled. 

Google actually has a mechanism (that I’ve routinely used myself) for dealing with this — though you may never have heard of it — called “application specific passwords” (aka “App passwords”). Using this system, you can assign secure passwords to these kinds of apps that will work with Google 2-factor enabled. 

But this user was unable to access the Google page for setting up these passwords:

https://security.google.com/settings/security/apppasswords

Whenever he tried, he received the obscure error message:

“The setting you are looking for is not available for your account.”

Hmm. Not very helpful. He got this message every time he tried, so he finally gave up on enabling 2-factor at all.

When I looked at this in detail, the solution turned out to be trivially simple, in retrospect. You can’t access the apps passwords page unless 2-factor is already turned on!

He’d been trying to use his apps with 2-factor on and always failed. So he turned 2-factor off. Then he learned about the apps passwords and wanted to set those up — but couldn’t reach the setup page. So he left 2-factor turned off (so that he could continue using his apps).

Chicken and egg!

Now, the fundamental problem here is obvious. That error message should have told him something like:

“You cannot use app passwords unless 2-factor is enabled.”

That would have given him the clue he needed to have immediately fixed this entire situation by himself. 

A similar situation exists for G Suite users, who must both have 2-factor enabled and have had their administrator enable “less secure apps” before they can reach the apps password page successfully.

Complicating this all a bit more is that changes to Google Account parameters don’t necessarily seem to always take effect immediately. It appears that sometimes there is a lag before all background systems apparently sync up. So for example, if you turn 2-factor on and immediately try a test that requires 2-factor, it might not work unless you’ve waited long enough after changing that parameter.

It’s really, really important to enable Google 2-factor. I can’t emphasize this enough. If issues with non-Google apps have been preventing you from using 2-factor up to now, please give it another try as described above. As always, I’m glad to try assist. Take care, all.

–Lauren–

I’ve been getting a bunch of queries from folks asking if I could provide any insight into alt-right darling James Damore’s class action lawsuit against Google. I have no personal knowledge of the circumstances of that suit, and so I have nothing to say about its specific allegations.

I do however have considerable insight into Google’s culture — I spent enough time inside Google several years ago to have a pretty clear sense of that.

While like any other firm Google isn’t perfect, Google in particular has a culture to be roundly applauded, not condemned — I believe the finest I’ve seen in any corporate environment during my career.

Let’s start with an obvious truth. 

White heterosexual males — like myself — don’t need any special protections in the USA. When you hear straight white males bitching about supposedly being discriminated against, you can be sure that nearly always these snowflakes (to borrow a term typically thrown against liberals by the alt-right) are actually upset about pushback regarding their own racism, antisemitism, or other expressed hate speech.

Unapologetic racists like Donald Trump and many of his followers falsely assert that left and right both use the same tactics.

That claim is indeed a lie. There is no organized structure of hate and false propaganda aimed at the right, while the right most certainly has devoted vast efforts to such attacks directed at the left, even beyond the right’s traditional hate groups such as the KKK and Nazis. There is no valid comparison.

Right-wing groups are upset that new fact checking systems on social media and search predominantly point out the lies on right-wing sites (as opposed to more left-oriented sites). The reason for this is simple and obvious — those right-wing sites are the primary sources of lying propaganda (and the vast majority of hate speech). You just don’t find anything comparable in scope on left-wing sites. That’s just a fact.

Which brings us back to Google.

Google has a remarkably freewheeling internal discussion culture. The great extent to which Googlers debate technical and policy issues inside Google is in fact vastly reassuring in ways I’d never seen anywhere else in my life. Within hours of first logging in, I was personally invited into several important discussion forums — I later joined many more — and I even started several discussion lists internally myself while I was there, on topics that I felt were important.

As in most other large firms today, there are many employees at Google who are not white, straight males like me. And it’s my personal belief that it’s essentially impossible for guys like me to truly understand what it’s like for women, for blacks, for LGBT individuals, and for other minorities who typically have little power in our country, many of whom live in fear of serious discrimination and even personal harm in the daily lives. They feel — with complete justification — that they are under constant threat.

Google’s culture is widely inclusive and celebratory of true diversity. This is enormously positive. It’s good for Google, it’s good for Google’s users, and it’s good for the broader community. I wish every large firm were equally forward-thinking in such regards.

But such inclusiveness does not imply that any firm need tolerate employees whose freely stated views are fundamentally hateful, sexist, racist, antisemitic, or otherwise divisive — often attacking the very groups that I described above who are most in need of protection.

This is not an issue of political viewpoints. It’s a matter of how so many white male conservatives attempt to camouflage their racial and other hateful animus in hypocritical claims of  being discriminated against, as if the rest of us were obligated to just stand by idly while they attempt to sabotage everything positive that we’ve built.

If you spend some time over on alt-right websites (not recommended shortly after eating), you’ll quickly learn that making false claims of “discrimination against whites” is a major bullet point high up in their playbooks. It’s explicitly seen as a way to inject racial and other divisiveness into firms (and society generally) without the need to buy white hoods or sew swastikas onto your clothing.

Don’t be fooled by alt-right rhetoric. White guys like me are at the top of the power food chain in the USA. Racist alt-right forces are explicitly working to falsely and deviously weaponize open discussions and anti-discrimination laws designed to protect the truly vulnerable, attempting to hideously mutate those laws into tools to spread hate, racism, and worse throughout our country and the world.

We should be honoring and supporting companies, organizations, and individuals who resist these efforts by haters to roll back the clock to the mindset of slavery, lynchings, and government-enforced white and male supremacy.

To do any less is to empower the worst part of our natures as Americans, and to surrender our great country to the real world forces of evil.

–Lauren–

As always when I talk about Google’s YouTube, I want to make one thing perfectly clear. I love YouTube. I consider it to be a gem in Google’s pantheon and one of the most important sites on the Internet. If YouTube vanished tomorrow I’d be devastated. And I’m a big fan of the many folks in the teams at Google (quite a few of whom I know personally) who keep the incredibly complex systems and machinery of YouTube running.

That all said, I fear for YouTube’s future — and what this could mean overall for Google and its users in the long run, since in many ways YouTube’s issues are representative of Google’s issues more broadly.

I’ve written a lot about various matters regarding YouTube before, of course. I’ve lauded the sublime educational and entertainment content, but have been deeply critical of hate speech; dangerous pranks, dares, and stunts; and user interface issues that I believe suppress users from easily reporting videos that are believed to be in violation of YouTube’s Terms of Service.

Lately YouTube has been under fire from an array of quarters, including various pandering politicians associated with national governments — some of whom have passed laws imposing potentially impractical “moderation” and takedown requirements, along with massive fine structures for infractions, that may ultimately threaten the entire YouTube model in significant ways.

Some aspects of this unfortunate dilemma are indeed of Google’s own making. Google has long tried to keep as much of a “hands-off” attitude regarding YouTube content as possible, for a variety of reasons — some very valid, others significantly less so. 

But there’s no question that Google has a right and duty to enforce YouTube’s published terms of service regarding acceptable content, and the uneven manner in which this has typically occurred has left gaping openings for Google haters to leverage. This is certainly not to suggest that applying their terms of service is easy at the massive scale of YouTube — but even taking scale into account and looking only at specific highly publicized incidents involving videos and YouTube creators with enormous numbers of subscribers and video views, the issues persist.

Another aspect of YouTube’s problems is also intrinsic to Google itself, in terms of how they choose to communicate with the public at large. 

Google’s public communications apparatus has always been much more focused on dealing with tech media than with ordinary non-tech forms of media that are more likely to reach relatively non-techie users in ways that those users and the broader community will genuinely understand. Nowadays, with the many powerful forces aligning against Google, especially at the government level, this just isn’t good enough.

Google tends to communicate policy issues mostly through blog posts and emails with the tech trade press, and rarely offline. In the case of a YouTube controversy over the last few days, Google used a series of Twitter tweets to apologize for a long delay in addressing a very controversial issue — already an international story — involving a highly-ranked YouTube star. More than a bit ironic, to say the least.

Except mainly in terms of technical developer liaisons, Google hasn’t really had representatives of their own out in the “real world” with the specific role of interacting directly with the ordinary public regarding everyday and more controversial Google-related policy issues through the wide array of both online and offline discussion forums or mainstream media like radio and television (though Google’s recent hiring of Danny Sullivan as a search division adviser/liaison is indeed a welcome move in the specific context of search issues).

But in the broader scope of YouTube and Google more generally, the lack of effective ongoing public communications outside the boundaries of Google’s traditionally limited “comfort zone” risks costing Google and its users dearly in the long run. 

Google is full of great people in every respect — but they are now facing escalating adversarial relationships with governments and others — including competitors and the outright Google haters — who are exceedingly skilled at political and mass media public communications of the cutthroat variety — and unless Google significantly improves their game in this sphere they could very well come out on the losing end.

And that would likely be a disaster for Google, for the Internet, and for billions of individuals around the world, leaving us increasingly vulnerable to the “tender mercies” of government and other forces hellbent on remaking the Net in their own images of government-dictated censorship and politically-motivated, government-mandated information control.

It’s a battle that neither Google — nor the rest of us — can afford to lose.

–Lauren–

Greetings. As I’ve noted in posts such as:

The Google Account “Please Help Me!” Flood: https://lauren.vortex.com/2017/09/12/the-google-account-please-help-me-flood

Protecting Your Google Account from Personal Catastrophes:
https://lauren.vortex.com/2017/09/07/protecting-your-google-account-from-personal-catastrophes

and in various other associated missives, I’m nearly constantly being approached for informal assistance by Google users who are having problems accessing their Google accounts. Many are in a panic. Some call me on the phone and are literally crying — their whole lives are pretty much on Google and they’re desperate. Sometimes they find me from articles I’ve written or from radio discussions, in other instances via word of mouth.

I try to help when I can. I can offer direct advice to some of them (especially if they haven’t been “hard” locked out of their accounts through continued “thrashing” around on their part), for others in some situations I’m able to help them reach Google support personnel for their issues.

But I’m just one guy here in L.A. — I don’t scale well to the scope of these problems — nor do I have any official connection with Google these days.

While Google indeed offers various proactive means to protect your Google accounts, the plain truth is that many users don’t use them. In many cases, they’ve never even heard of them — or they don’t understand them.

With so much of so many people’s personal lives now dependent on Google’s great services, loss of access to your account can be devastating, and regaining access — especially if you don’t fully understand what’s going on, can be a frustrating exercise in futility.

I’ve talked in the past about the shortcomings in Google’s account recovery flows and how they affect ordinary users — it’s a very complex area. Let’s leave this aside for the moment.

Let’s instead ask the more fundamental question — how can we help Google users of all sorts — not just relatively young techies — avoid problems with their Google accounts in the first place? Remember, all sorts of persons from all walks of life, including growing numbers of the elderly in a rapidly aging overall population, are very much dependent on Google these days.

The most common ad hoc “solution” to this class of problems is telling someone else — for example a family member or friend — your Google username and password credentials. This is not at all uncommon. But from a security and privacy perspective, it’s awful.

Someone else who has your credentials has total access to your Google account and all related services, at identical privilege levels as yourself across the board. Good security practices strongly suggest that only providing minimum necessary access to third parties is by far the desirable procedure, but in the current context of Google accounts that really isn’t possible — it’s all or nothing.

Still, as an alternative to a user getting confused and losing data or getting locked out of their account (or otherwise disrupting their essential Google services), handing someone else your Google credentials is frequently seen as the only practical course of action.

In fact, there’s a significant number of Google users who have given me their Google credentials for this purpose — for some I also act as their account recovery address and I deal with their 2-factor verifications as well.

I don’t like doing this. Again, it’s awful from a privacy and security standpoint. But I won’t leave these users out in the cold.

To be sure, none of these problems are trivial to solve, especially at Google scale.

There is a better way though, that would be extremely useful for Google to implement — a concept that various other online services should consider using as well.

I propose that Google seriously explore solving this class of problems in a more controlled and structured manner, by creating a formal “Google account delegation” system.

Such a system would permit a user to delegate (that is, share with third parties in a controlled manner) specific permissions and capabilities (either individually and/or in logical groupings) for access to various aspects of the user’s Google account.

This would allow a designated third party to provide the kinds of ongoing assistance that many users desire and require — including but not limited to helping the user avoid errors that could disrupt their account access or usage in various ways — but without the need to share their primary, full Google credentials with those third parties as would be necessary today.

Delegated capabilities and permissions would be revocable by the user at any time.

I won’t in this post get into the details (to which I’ve given quite a bit of thought!) regarding what would be involved in making a concept like this deploy successfully in practice — it involves various layers ranging from upper level account capabilities down through specific Google services permissions. It’s certainly not simple but is wholly within Google’s abilities.

Given the vast numbers of persons who now depend on Google in so many ways, it makes enormous sense that these users should — if they so desire — be able to delegate specific aspects of their Google accounts to trusted individuals who could help them to manage those accounts and related services effectively, and in particular help them to avoid mistakes that can cause extremely upsetting situations such as accidentally deleted data and account lockouts, to name but two common scenarios.

Google account delegation options would be great for Google’s users, for Google itself, and for the broader community.

Google can do this.

–Lauren–

UPDATE: Please see Meltdown and Spectre for important additional information regarding Intel and other affected processors, including AMD and ARM in specific situations.

– – –

Just a very few quick words about a new Intel CPU security problem. You may have heard that a new, serious security bug has been discovered in generations of Intel CPU chips used in most consumer and business computers. I won’t get into the technical details here right now, but it’s a mess. The good news is that fixes will be rolling out in operating system updates (if you have computers that are still getting updates, that is!) — there’s nothing for most users to do themselves to manually deal with this — but these fixes will significantly degrade the performance of affected systems.

Users of computers with AMD CPU chips are (as far as we know currently) not vulnerable to this particular security bug. However, it is possible that some operating system updates to fix the Intel bug will have the side effect of unnecessarily reducing the performance of AMD CPU chips as well, if those patches don’t differentiate between the two different manufacturers. Obviously, AMD is working hard to avoid this situation in the CPU bug fix patches being developed and deployed by various entities to fix the Intel bug.

Intel has released a statement claiming that the same class of exploits can affect other CPU manufacturers. One of my readers wrote to tell me that while the specific issue now being patched does not affect AMD CPU chips, information about the broader exploit class (and other related problems that may involve manufacturers other than Intel) could be going public shortly. I do not have independent confirmation regarding these broader issues at this time.

I’ll say more about this all as additional information becomes available.

–Lauren–

UPDATE: Please see Meltdown and Spectre for important additional information regarding Intel and other affected processors, including AMD and ARM in specific situations.

Given the furor that has erupted in the wake of the latest infantile and dangerous tweet from Donald Trump — yesterday’s already infamous “my nuclear button is bigger than your nuclear button” tweet directed at the leader of the unstable and unpredictable nuclear-armed dictatorship of North Korea, I would assert that a Twitter thought experiment is in order.

We’ll draft a figure from history — Adolf Hitler (you remember him, right?) — to complete our tyrant triad along with Donald Trump and Kim Jong-un. We’ll be talking about the actual Adolf himself here, so “Godwin’s law” prohibitions against inappropriate Hitler analogies will not apply.

OK, boys and girls, let’s begin the thought experiment.

The Big Question that comes up after so many of Trump’s tweets is why do so many Twitter users posting far less provocative content have their Twitter accounts temporarily or permanently disabled or terminated, while an individual literally threatening nuclear war — about as provocative as you can get — continues to tweet with impunity?

Twitter’s legal and policy teams have a ready answer — they point to clauses in their terms of service that provide exceptions for “newsworthy” tweets.  They also exempt public office holders elected through “democratic elections.”

Interestingly, tweets from Donald Trump would seem to conveniently fall into both of these policy buckets. Ironically, so would tweets from Adolf Hitler.

One certainly couldn’t argue that Hitler’s tweets wouldn’t have been newsworthy. And yes, Hitler was democratically elected. While he was appointed chancellor of Germany in January 1933 by President Hindenburg, he was elected to the presidency in a plebiscite vote in 1934 after Hindenburg died.

Bottom line: By Twitter, Inc. standards, anything Hitler might have tweeted would be golden.

Yet we know what’s really going on with these Twitter terms of service standards — it’s all about “engagements” — likes and reshares — and the income to Twitter that results. Twitter is terrified of cutting off those income streams by upsetting large chunks of Twitter users (such as Trump’s base of racist and antisemitic followers).

The fact that Twitter is putting money ahead of ethics and public safety shouldn’t surprise us — they’re on firm historical footing.

During the rise of the Third Reich, entire major firms — like IBM — knowingly provided resources to accelerate National Socialism’s Nazi evils, as did entire countries, like Switzerland.

So the next time that Twitter gets asked about their terms of service in the context of Trump, perhaps they might want to point to Adolf and Friends as an explanatory precedent.

I suspect though that Hitler’s Twitter feed would have looked a lot different than Trump’s. For one thing, Adolf was far more intelligent and mature than Trump overall, and I’ll bet that the lion’s share of Hitler’s Twitter posts would have typically been relatively adult and subtle compared against Trump’s third grade rants (no offense meant to third-graders).

So I doubt very much that we’d have seen tweeted photos of Jews, gypsies, and others being stuffed into boxcars on the way to the death camps, nor images of his victims in the millions piled into ditches or burning in crematoriums.

More likely, we’d have seen carefully worded tweets on political issues and lots of animal photos — Hitler was indeed a dog lover and many shots of Adolf and his dogs still exist today.

It would have been an interesting Twitter feed. I might have followed it myself.

Of course this would have belied the truth of what was actually going on, as the world was well aware — and largely attempted to ignore — as the Reich rose to power and implemented its murderous policies.

By any logical analysis, the decision to remove Trump from Twitter should be far easier for Twitter than it would have been for dealing with @realAdolfHitler (by the way, a Twitter account with that handle has existed since 2009, but has never tweeted to date).

After all, while Hitler was smart enough to be fairly constrained in his public statements when he felt that this served his own purposes, Trump’s continuing Twitter streams of deranged nuclear threats and sociopathic, senile ramblings are front and center on Twitter — and Twitter is making a mint from them.

It has been argued that letting Trump rant on Twitter will be his ultimate downfall — creating all manner of potential legal problems for him in the future.  Perhaps so.

However, I draw the line when it comes to threats of nuclear war and the potential deaths of millions or billions of people.

It’s time for Twitter to call a halt to this madness. They are not merely bystanders in this nightmare, they are active participants, enablers, and unethical beneficiaries.

Twitter, it’s time for you to do the right thing and dump Trump.

By doing so, you might even save the world.

–Lauren–

I continue to be an enormous fan of Google Home — for example, please see my post “Why Google Home Will Change the World” —https://lauren.vortex.com/2016/11/10/why-google-home-will-change-the-world — from a bit over a year ago.

But as time goes on, it’s becoming obvious that a design decision by Google in the Home ecosystem is seriously disadvantaging large numbers of potential users — ironically, the very users who might otherwise most benefit from Home’s enormous capabilities.

You cannot install or routinely maintain Google Home units without a smartphone and the Google Home smartphone app. There are no practical desktop based and/or remotely accessible means for someone to even do this for you. A smartphone on the same local Wi-Fi network as the device is always required for these purposes.

This means that many elderly persons and individuals with physical or visual disabilities — exactly the people whose lives could be greatly enhanced by Home’s advanced voice query, response, and control capabilities — are up the creek unless they have someone available in their physical presence to set up the device and make any ongoing configuration changes. Additionally, all of the “get more info” links related to Google Home responses are also restricted to the smartphone Home app.

I can see how imposing these restrictions made things faster and easier for Google to bring Home to market. For example, by requiring a smartphone for initial Wi-Fi configuration of Home, they avoided building desktop interfaces for this purpose, and leveraged smartphones’ already configured Wi-Fi environments.

But that’s not a valid excuse. You might be surprised how many people routinely use the Internet but who do not have smartphones, or who have never used text messaging on conventional cell phones — or hell, who don’t even have cell phones at all!

Now, one could argue that perhaps this wouldn’t matter so much if we were talking about an app to find rave parties or the best surfing locations. But the voice control, query, and response capabilities of Home are otherwise perfectly suited to greatly improve the lives of the very categories of users who are shut out from Home, unless they have someone with a smartphone in their physical presence to get the devices going and perform ongoing routine configuration changes and other non-voice interactions. 

In fact, many persons have queried me with great excitement about Home, only to be terribly disappointed to learn that smartphones were required and that they were being left behind by Google, yet again.

I have in the past asked the question “Does Google Hate Old People” — https://lauren.vortex.com/2017/02/06/does-google-hate-old-people — and I’m not going to rehash that discussion here.  Perhaps Google already has plans in the works to provide non-smartphone access for these key Home functionalities — if so I haven’t heard about them, but it’s clearly technically possible to do.

I find it distressing that this all seems to follow Google’s pattern of concentrating on their target demographics at the expense of large (and in many cases rapidly growing) categories of users who get left further and further behind as a result.

This is always sad — and unnecessary — but particularly so with Home, given that the voice-operated Home ecosystem would otherwise seem tailor-made to help these persons in so many ways. 

And at the risk of being repetitious, since I’ve been making the same statement quite a bit lately: Google is a great company. Google can do better than this.

–Lauren–

Sometimes Facebook’s manipulative tendencies are kept fairly well below the radar. But in some cases, their twisted sensibilities are so blatant that even their own public explanations immediately ring incredibly hollow.

Such is the case with their response yesterday to a ProPublica report accusing their advertising systems of enabling explicit (and in the opinion of many experts, illegal) age discrimination by advertisers seeking employees.

This one is as obvious as Bozo’s bright red nose. Facebook permits advertisers to target employment ads to specific age groups. Facebook users who are not in the designated groups would typically have no way to know that the ads existed at all!

Facebook’s attempted explanation is pathetic:

“US law forbids discrimination in employment based on age, race, gender and other legally protected characteristics. That said, simply showing certain job ads to different age groups on services like Facebook or Google may not in itself be discriminatory — just as it can be OK to run employment ads in magazines and on TV shows targeted at younger or older people.”

The evil duplicity in this statement hits you right in the face. Sure, advertisers run ads on TV shows and in magazines that are oriented toward certain age groups. But there’s nothing stopping adults of other ages from reading those magazines or watching those shows if they choose to do so — and seeing those ads.

By contrast, in Facebook’s tightly controlled, identity-focused ecosystem, the odds are practically nil that you’ll even realize that particular ads exist if you don’t fall into the targeted range. The old saying holds: “You can’t know what you don’t know.”  Facebook’s comparison with traditional media is false and ridiculous. 

ProPublica notes that other large Web services, including Google and others, permit ad targeting by age.  But unlike Google — where many services can be used without logging in and pseudonyms can be easily created — Facebook is almost entirely a walled garden — logins and your true identity are required under their terms of service to do pretty much anything on their platform.

Given Facebook’s dominance in this context, it’s easy to see why their response to these ad discrimination complaints is being met with such ridicule. 

It’s clear that this kind of Facebook age-based ad targeting by advertisers is an attempt to avoid the negative publicity and legal ramifications of explicitly stating the ages of their desired applicants. They hope to accomplish the same results by preventing anyone of the “wrong” ages from even seeing the ads — and the excuses from these advertisers denying this charge are nothing but sour grapes at their schemes (empowered by Facebook) being called out publicly.

Preventing adult users of any age from seeing employment ads is unethical and just plain wrong. If it’s not illegal, it should be.

And that’s the truth.

–Lauren–