Lauren Weinstein's Blog https://lauren.vortex.com Sat, 16 Dec 2023 18:06:50 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 About Google and Location Privacy https://lauren.vortex.com/2023/12/16/about-google-and-location-privacy Sat, 16 Dec 2023 17:52:48 +0000 https://lauren.vortex.com/?p=5125 Continue reading "About Google and Location Privacy"]]> You may have seen a lot of press over the last few days about Google moving location data by default to be on-device (e.g., your phone) rather than stored centrally (and encrypted if you choose to store it centrally), and how this will help prevent abuses of broad “geofence” warrants that law enforcement uses to get broad data about devices in a particular specified area.

These are all positive moves by Google, but keep in mind that Google has long provided users with control over their location history — how long it’s kept, the ability for users to delete it manually, whether it’s kept at all, etc.

But when is the last time your mobile carrier offered you any control over the detailed data they collect on your devices’ movements? If you’re like most people, the answer seems to be never. And while cellular tracking may not usually be as precise as GPS, these days it can be remarkably accurate.

One wonders why there’s all this talk about Google, when the mobile carriers are collecting so much location data that users seem to have no control over at all, data that is of similar interest to law enforcement for mass geofence warrants, one might assume.

Think about it.

–Lauren–

]]>
Google’s Inactive Account Policy and Phishing Attacks Concerns https://lauren.vortex.com/2023/11/18/google-inactive-account-phishing Sat, 18 Nov 2023 15:47:16 +0000 https://lauren.vortex.com/?p=5118 Continue reading "Google’s Inactive Account Policy and Phishing Attacks Concerns"]]> As you may know, Google has recently begun a protocol to delete inactive Google accounts, with email notices going out to the account and recovery addresses in advance as a warning.

Leaving aside for the moment the issue that so many people who have lost track of accounts probably have no recovery address specified (or an old one that no longer reaches them), there’s another serious problem.

A few days ago I received a legitimate Google email about an older Google account of mine that I haven’t used in some time. I was able to quickly reauthenticate it and bring it back to active status.

However, this may be the first situation (there may be earlier ones, but I can’t think of any offhand) where Google is actively “out of the blue” soliciting people to log into their accounts (and typically, older accounts that I suspect are more likely not to have 2-factor authentication enabled, for example).

This is creating an ideal template for phishing attacks.

We’ve long strongly urged users not to respond to emailed efforts to get them to provide their login credentials when they have not taken any specific actions that would trigger the need for logging in again — and of course this is a very common phishing technique (“You need to verify your account — click here.” “Your password is expiring — click here.”, etc.)

Unfortunately, this is essentially the form of the Google “reactivate your account” email notice. And for ordinary busy users who may get confused to see one of these pop into their inbox suddenly, they may either ignore them thinking that they are a phishing attack (and so ultimately lose their account and data), or may fall victim to similar appearing phishes leveraging the fact that Google is now sending these out.

I’ve already seen such a phish, claiming to be Google prompting with a link for a login to a supposedly inactive account. So this scenario is already occurring. The format looked good, and it was forged to appear to be from the same Google address as used for the legitimate Google inactive account notification emails.  Even the internal headers had been forged to make it appear to be from  Google. The top level “Received from” header line IP address was wrong of course, but how many people would notice this or even look at the headers to see this in the first place?

I can think of some ways to help mitigate these risks, but as this stands right now I am definitely very concerned. 

–Lauren–

]]>
In Support of Google’s Progress On AI Content Choice and Control https://lauren.vortex.com/2023/10/26/in-support-of-googles-progress-on-ai-content-choice-and-control Thu, 26 Oct 2023 16:43:02 +0000 https://lauren.vortex.com/?p=5105 Continue reading "In Support of Google’s Progress On AI Content Choice and Control"]]> Last February, in:

Giving Creators and Websites Control Over Generative AI
https://lauren.vortex.com/2023/02/14/giving-creators-and-websites-control-over-generative-ai

I suggested expansion of the existing Robots Exclusion Protocol (e.g. “robots.txt”) as a path toward helping provide websites and creators control over how their contents are used by AI systems.

Shortly thereafter, Google publicly announced their own support for the robots.txt methodology as a useful mechanism in these contexts.

While it’s true that adherence to robots.txt (or related webpage Meta tags — also part of the Robots Exclusion Protocol) is voluntary, my view is that most large firms do honor its directives, and if ultimately moves toward a regulatory approach to this were deemed genuinely necessary, a more formal approach would be a possible option.

This morning Google ran a livestream discussing their progress in this entire area, emphasizing that we’re only at the beginning of a long road, and asking for a wide range of stakeholder inputs.

I believe of particular importance is Google’s desire for these content control systems to be as technologically straightforward as possible (so, building on the existing Robots Exclusion Protocol is clearly desirable rather than creating something entirely new), and for the effort to be industry-wide, not restricted to or controlled by only a few firms.

Also of note is Google’s endorsement of the excellent “AI taxonomy” concept for consideration in these regards. Essentially, the idea is that AI Web crawling exclusions could be specified by the type of use involved, rather than by which entity was doing the crawling. So, a set of directives could be defined that would apply to all AI-related crawlers, irrespective of who was doing the crawling, but permitting (for example) crawlers that are looking for content related to public interest AI research to proceed, but direct that content not be taken or used for commercial Generative AI chatbot systems.

Again, these are of course only the first few steps toward scalable solutions in this area, but this is all incredibly important, and I definitely support Google’s continuing progress in these regards.

–Lauren–

]]>
Radio Transcript: Google Passkeys and Google Account Recovery Concerns https://lauren.vortex.com/2023/10/19/radio-transcript-google-passkeys-and-google-account-recovery-concerns Thu, 19 Oct 2023 12:13:10 +0000 https://lauren.vortex.com/?p=5099 Continue reading "Radio Transcript: Google Passkeys and Google Account Recovery Concerns"]]> As per requests, this is a transcript of my national network radio report earlier this week regarding Google passkeys and Google account recovery concerns.

 – – –

So there really isn’t enough time tonight to get into any real details on this but I think it’s important that folks at least know what’s going on if this pops up in front of them. Various firms now are moving to eliminate passwords on accounts by using a technology called “passkeys” which bind account authentication to specific devices rather than depending on passwords.

And theoretically passkeys aren’t a bad idea, most of us know the problems with passwords when they’re forgotten or stolen, used for account phishing — all sorts of problems. And I myself have called for moving away from passwords. But as we say so often, the devil is in the details, and I’m not happy with Google’s passkey implementation as it stands right now. Google is aggressively pushing their users currently, asking if they want to move to a passwordless experience. And I’m choosing not to accept that option right now, and while the choice is certainly up to each individual, I myself don’t recommend using it at this stage.

Without getting too technical, one of my concerns is that anyone who can authenticate a device that has Google passkeys enabled on it, will have full access to those Google accounts without having to have any additional information — not even an additional authentication step. And this means that if — as is incredibly common — someone with a weak PIN for example on their smartphone, loses that device or it’s stolen, again, happens all the time, and the PIN was eavesdropped or guessed, those passkeys could let a culprit have full access to the associated Google accounts and lock out the rightful owner from those accounts before they had a chance to take any actions to prevent it.

And I’ve been discussing my concerns about this with Google, and their view — to use my words — is that they consider this to be the greatest good for the greatest number of people — for whom it will be a security enhancement. The problem is that Google has a long history of mainly being concerned about the majority, and leaving behind vast numbers of users who may represent a small percentage but still number in the millions or more. And these often are the same people who through no fault of their own get locked out of their Google accounts, lose access to their email on Gmail, photos, other data, and frankly Google’s account recovery systems and lack of useful customer service in these regards have long been a serious problem.

So I really don’t want to see the same often nontechnical folks who may have had problems with Google accounts before, to be potentially subjected to a NEW way to lose access to their accounts. Again it’s absolutely an individual decision, but for now I’m going to skip using Google passkeys and that’s my current personal recommendation.

–Lauren–

]]>
Google is making their weak, flawed passkey system the default login method — I urge you NOT to use it! https://lauren.vortex.com/2023/10/10/dont-use-google-passkeys-now Tue, 10 Oct 2023 15:05:44 +0000 https://lauren.vortex.com/?p=5091 Continue reading "Google is making their weak, flawed passkey system the default login method — I urge you NOT to use it!"]]> Google continues to push ahead with its ill-advised scheme to force passkeys on users who do not understand their risks, and will try push all users into this flawed system starting imminently.

In my discussions with Google on this matter (I have chatted multiple times with the Googler in charge of this), they have admitted that their implementation, by depending completely on device authentication security which for many users is extremely weak, will put many users at risk of their Google accounts being compromised. However, they feel that overall this will be an improvement for users who have strong authentication on their devices.

And as for ordinary people who already are left behind by Google when something goes wrong? They’ll get the shaft again. Google has ALWAYS operated on this basis — if you don’t fit into their majority silos, they just don’t care. Another way for Google users to get locked out of their accounts and lose all their data, with no useful help from Google.

With Google’s deficient passkey system implementation — they refuse to consider an additional authentication layer for protection — anyone who has authenticated access to your device (that includes the creep that watched you access your phone in that bar before he stole it) will have full and unrestricted access to your Google passkeys and accounts on the same basis. And when you’re locked out, don’t complain to Google, because they’ll just say that you’re not the user that they’re interested in — if they respond to you at all, that is.

“Thank you for choosing Google.”

–Lauren–

]]>
UK Passage of Online Safety Bill to Create Chinese-Style Internet Tracking and Censorship — Coming Soon to U.S.? https://lauren.vortex.com/2023/09/20/uk-online-safety-bill-tracking-censorship Wed, 20 Sep 2023 17:03:32 +0000 https://lauren.vortex.com/?p=5088 Continue reading "UK Passage of Online Safety Bill to Create Chinese-Style Internet Tracking and Censorship — Coming Soon to U.S.?"]]> In the 2005 film “V for Vendetta” a fictional UK government has turned into a tightly censored, tracked, and controlled hellscape, with technology used to control citizens in every way possible. The UK has now taken a massive step toward making that horror a reality, with the passage of likely the most misguided legislation in the country since the Norman invasion of 1066.

I won’t detail their Online Safety Bill here — you can find endless references by searching yourself — but the vast, blurry, nebulous, misguided rules for “protecting children from ‘harmful’ content” — a slippery slope bad enough on its own, quickly expanded into a Chinese Internet style virtual steel collar for every UK resident, chained to the government in every aspect of their online lives.

The mandated social media platform ID age verification requirements, which will ultimately require the showing of government IDs for access to sites, alone will create the opportunity for virtually every action of every user of the Internet in the UK to be tracked by the government and its minions in ever expanding ways over time.

Be careful what sites you visit or what you ask or say on them. In China, you can simply vanish under such circumstances. And in the UK? Similar disappearances coming soon, perhaps, as every site you visit, no matter the topic related to business, medical concerns, or other aspects of your family’s private and personal life, will ultimately be linked to you in government databases.

VERY similar *bipartisan* legislative efforts are taking place here in the U.S., though the U.S. court system is creating additional hurdles for their perpetrators here, at least for the moment. For now.

While some activists and legislators spend their time ranting about Internet advertising, governments around the world are working to turn the Internet into a pervasive tool for tracking your every online move and thought, permanently linked to your government IDs.

We’ve seen it in Communist China. Now we see it in so-called democracies.

Open your eyes — while you still can. 

–Lauren–

]]>
The Potential Privacy Problems With YouTube’s Family Plan “Suggestion Leakage” https://lauren.vortex.com/2023/08/16/youtube-suggestion-leakage Wed, 16 Aug 2023 18:02:32 +0000 https://lauren.vortex.com/?p=5077 Continue reading "The Potential Privacy Problems With YouTube’s Family Plan “Suggestion Leakage”"]]> I love YouTube. I consider it to be a wonder of the world for an array of reasons. Its scale is — well, the technical term is “mindbogglingly enormous.” I subscribe to YouTube Premium (primarily to obliterate the ads — I don’t use ad blockers), and as far as I’m concerned it’s the best streaming service value on the planet. If I had to choose one streaming service only — it would be YouTube Premium, undoubtedly. I have something approaching 7000 favorited videos on YT, and I sometimes imagine that there’s a whole cluster in a dark corner of a Google data center singularly devoted to managing my giganormous watch history.

Does YT have problems? Yup. Some YT creators have to deal with inappropriate strikes and takedowns — I’ve tried to assist a bunch of these users with these sorts of disruptions over the years. Some people complain of bad video suggestions pushing them in dark directions — though this has never been an issue for me — the suggestions I get are generally great, though I do take time to train the algorithm as to what I do and don’t like. If you just use YT not-logged in and/or don’t train, you’ll probably get less favorable results. Basically that’s your choice.

Obviously, no technology is perfect, and at YT’s scale even if only a tiny fraction of suggestions are problematic, it can still be a large number in absolute terms. That’s life. I still love YouTube.

There’s an oddity though with YT that I think is worth mentioning. It’s not a big concern in the scheme of things, but it really shouldn’t be happening.

This relates to the YouTube Premium “Family Plan” that lets you bundle multiple separate Google accounts in a household together so that they all have the benefits of Premium, at a better price than each subscribing to Premium separately. Under FP, each of the associated accounts is free of ads, etc., but is still separate — with their own YT play history, etc. — and can view different content simultaneously (normally, a Premium account can only view content on one device at a time). 

But a strange thing can happen with Family Plan. The videos being watched by one account on the plan can affect the suggestions on other accounts on the plan, even though they should be entirely separate in this particular respect.

This is most often noticed when a topic starts to pop up in the suggestions for one FP member that are totally odd for them — for example, a subject that they never view videos about. And it turns out — if the members of the FP compare notes — that some other member of the plan was watching videos on that topic, and the YT videos/channels being watched by FP member A are showing up in the suggestions for FP member B. And so on.

Most of the time this isn’t a serious concern, and can even be interesting in terms of surfacing new topics. But of course there are intrinsic privacy considerations as well. It isn’t good policy for the YT viewing habits of different family members to be intermingled in that way, without their specifically asking for such sharing. The potential family problems that could occur as a result in some cases are fairly obvious.

This has been going on with Family Plan for years, and I’ve brought this up with Google/YT myself in the past. And the responses I’ve always gotten back have either been that “it can’t happen” or “it shouldn’t happen” and … that’s pretty much where it’s been left hanging each time.

But it does still happen (I have a new report just this morning) and yeah, it really shouldn’t.

Again, not an enormous problem in the scheme of things, but not trivial either, and it’s something that definitely should be fixed.

–Lauren–

]]>
Artificial Intelligence at the Crossroads https://lauren.vortex.com/2023/07/13/artificial-intelligence-at-the-crossroads Thu, 13 Jul 2023 16:24:51 +0000 https://lauren.vortex.com/?p=5056 Continue reading "Artificial Intelligence at the Crossroads"]]> Suddenly there seems to be an enormous amount of political, regulatory, and legal activity regarding AI, especially generative AI. Much of this is uncharacteristically bipartisan in nature.

The reasons are clear. The big AI firms are largely depending on their traditional access to public website data as the justification for their use of such data for their AI training and generative AI systems.

This is a strong possibility that this argument will ultimately fail miserably, if not under current laws then under new laws and regulations likely to be pushed through around the world, quite likely in a rushed manner that will have an array of negative collateral effects that could actually end up hurting many ordinary people.

Google for example notes that they have long had access to public website data for Search.

Absolutely true. The problem is that generative AI is wholly different in terms of its data usage than anything that has ever come before.

For example, ordinary Search provides a direct value back to sites through search results pages links — something that the current Google CEO has said Google wants to de-emphasize (colloquially, “the ten blue links”) in favor of providing “answers”.

Since the dawn of Internet search sites many years ago, search results links have long represented a usually reasonable fair exchange for public websites, with robots.txt (Robots Exclusion Protocol) available for relatively fine-grained access control that can be specified by the websites themselves, and which at least the major search firms generally have honored.

But generative AI answers eliminate the need for links or other “easy to see” references. Even if “Google it!” or other forms of “more information” links are available related to generative AI answers at any AI firm’s site, few users will bother to view them.

The result is that by and large, today’s generative AI systems by their very nature return essentially nothing of value to the sites that provide the raw knowledge, data, and other information that powers AI language/learning models. 

And typically, generative AI answers (leaving aside rampant inaccuracy problems for now) are like high school term papers that haven’t even included sufficient (if any) inline footnotes and comprehensive bibliographies with links.

A very quick “F” grade at many schools.

I have proposed extending robots.txt to help deal with some of these AI issues — and Google also very recently proposed discussions around this area.

Giving Creators and Websites Control Over Generative AI:
https://lauren.vortex.com/2023/02/14/giving-creators-and-websites-control-over-generative-ai

But ultimately, the “take — and give back virtually nothing in return” modality of many AI systems inevitably leads toward enormous pushback. And I do not sense that the firms involved fully understand the cliff that they’re running towards in a competitive rush to push out AI systems long before they or the world at large are ready for them.

These firms can either grasp the nettle themselves and rethink the problematic aspects of their current AI methodologies, or continue their current course and face the high probability that governmental and public concerns will result in major restrictions to their AI projects — restrictions that may seriously negatively impact their operations and hobble positive AI applications for users around the world long into the future.

–Lauren–

]]>
Thoughts on AI Regulation https://lauren.vortex.com/2023/06/29/thoughts-on-ai-regulation Thu, 29 Jun 2023 16:56:43 +0000 https://lauren.vortex.com/?p=5047 Continue reading "Thoughts on AI Regulation"]]> Greetings. The excellent essay:

https://circleid.com/posts/20230628-the-eu-ai-act-a-critical-assessment

(by Anthony Rutkowski) serves to crystallize many of my concerns about the current rush toward specific approaches to AI regulation before the issues are even minimally understood, and why I am so concerned about negative collateral damage in these kinds of regulatory efforts.

There is widespread agreement that regulation of AI is necessary, both from within and outside the industry itself, but as you’ve probably grown tired of seeing me write, “the devil is in the details”. Poorly drafted and rushed AI regulation could easily do damage above and beyond the realistic concerns (that is, the genuine, non-sci-fi concerns) about AI itself.

It’s understandable that the very rapid deployments of AI systems — particularly generative AI — are creating escalating anxiety regarding an array of related real world controversies, an emotion that in many cases I obviously share.

However, as so often happens when governments and technologies intersect, the potential for rushed and poorly coordinated actions severely risks making these situations much worse rather than better, and that’s an outcome to be avoided. Given what’s at stake, it’s an outcome to be avoided at all costs.

I don’t have any magic wands of course, but in future posts I will discuss aspects of what I hope are practical paths forward in these matters. I realize that there is a great deal of concern (and hype) about these issues, and I welcome your questions. I will endeavor to answer them as best I can. 

–Lauren–

]]>
A Proposal for “Enhanced Recovery Services” for Locked Out Google Accounts https://lauren.vortex.com/2023/05/24/google-locked-out-accounts-enhanced-recovery Wed, 24 May 2023 16:09:22 +0000 https://lauren.vortex.com/?p=5031 Continue reading "A Proposal for “Enhanced Recovery Services” for Locked Out Google Accounts"]]> This post could get very long very quickly, so instead I’m going to endeavor to keep this introductory discussion brief, with an array of crucial details to come later. 

In my recent posts:

An Example of a Very Sad Google Account Recovery Failure — and How It Affects Real People

https://lauren.vortex.com/2023/05/17/google-account-recovery-failure-sad

and:

Potentially Serious Issues with Google’s Announced Inactive Accounts Deletion Policy

https://lauren.vortex.com/2023/05/16/google-inactive-accounts-deletion

(and frankly, in many related postings over many years in this blog and other venues), I discussed the continuing problems of honest Google users being locked out of their Google accounts, often with a total and permanent loss of all their data (Gmail, photos, Drive files, etc.) that they entrusted to Google.

These lockouts can occur for an array of reasons — problems with login credentials, third-party hacking of accounts including (but not limited to) malware, Google believing that violations of its Terms of Service have occurred, and many other events.

Each of these is an entire complex topic area that I won’t detail in this post.

But the bottom line is that many Google users who feel that they have done nothing wrong find themselves locked out of their accounts — and crucially — their data at Google, and are unable to successfully navigate the existing largely automated account recovery procedures that Google currently provides.

Generally speaking, once a user who has been locked out of a Google account reaches this point, they are, to use the vernacular, SOL — there’s no way to proceed. Usually their data, no matter how important and precious to their lives, is lost to them forever.

To be sure, sometimes the failure to recover a Google account is rooted in the failure of users to provide or keep up to date the recovery information that Google requests for the very purpose of easing account recovery paths.

But the reality is that many users forget about keeping these current, or are reluctant to provide phone numbers and/or alternative email addresses (if they even have them) in the first place. That’s just the way it is.

And ultimately, even at Google’s enormous scale of users who use its services for free, there is something inherently wrong about honest users who lose so much of their lives — that Google has encouraged them to entrust to Google — when an unrecovered account lockout occurs.

Over and over again — in a manner reminiscent of the film “Groundhog Day” — desperate Google users who have been locked out have asked me if there was someone they could pay to help them? Isn’t there some way, they ask, for Google to do a deeper dive into the circumstances of their lockouts, the users’ official government IDs for proof, and other methods to authenticate them back into their Google accounts — as can be done at virtually all financial institutions and most other firms.

Right now the answer is no.

But the answer should be and could be yes, if Google made the decision — by no means a trivial one! — to provide the means for such “enhanced recovery services” for Google Accounts, which in some cases (e.g., when a user is indeed at fault as the root cause of the lockout) could be chargeable (that is, paid) services as a means to help defray the additional costs involved.

This is a very complicated area with an array of trade-offs and nuances. It’s likely to be highly controversial. 

But as far as I’m concerned, the status quo of how Google account recoveries work (or fail) is no longer acceptable, especially in the current regulatory and political environment.

In future discussions, I will detail my thinking of how “enhanced recovery” for Google accounts could be accomplished in practice, and how it would benefit Google’s users, Google itself, and the wider global community that depends upon Google.

Take care, all.

–Lauren–

]]>
An Example of a Very Sad Google Account Recovery Failure — and How It Affects Real People https://lauren.vortex.com/2023/05/17/google-account-recovery-failure-sad Wed, 17 May 2023 14:21:15 +0000 https://lauren.vortex.com/?p=5018 Continue reading "An Example of a Very Sad Google Account Recovery Failure — and How It Affects Real People"]]> UPDATE: 24 May 2023: A Proposal for “Enhanced Recovery Services” for Locked Out Google Accounts

– – –

All, I am doing something in this post that I’ve never done before over these many years. I’m going to share with you an example of what Google account recovery failure means to the people involved, and this is by no means the worst such case I’ve seen — not even close, unfortunately.

I mentioned yesterday in my other venues how (for many years) I’ve routinely tried to informally help people with Google account recovery issues, because the process can be so difficult for many persons to navigate, and frequently fails. The announcement yesterday of Google’s inactive account deletion policy that I blogged about then:

https://lauren.vortex.com/2023/05/16/google-inactive-accounts-deletion

triggered an onslaught of concerns that for a time made my blog inaccessible and even delayed inbound and outbound email processing.

I’m going to include below most of the text from messages I received today from one of my readers about a specific Google account recovery failure — and how that’s affecting a nearly 90-year-old woman. I’ll be anonymizing the message texts, and I’ve of course received permission from the sender to show you this.

Unfortunately, this example is all too familiar for me. It is very much typical of the Google account recovery problems that Google users, so dependent on Google in their daily lives, bring to my attention in the hope that I might be able to help.

I’ve been discussing these issues with Google for many years. I’ve suggested “ombudspeople”, account escalation and appeal procedures that ordinary people could understand, and many other concepts. They’ve all basically hit the brick wall of Google suggesting that at their scale, nothing can be done about such “edge” cases. I disagree. In today’s regulatory and political environment, these edge cases matter more than ever. And I will continue to do what I can, as ineffective as these efforts often turn out to be. -L

 – – – Message Text Begins – – –

Hi Lauren, I tried to help a lovely neighbor (the quintessential “little old lady”) recently with her attempt to recover her legacy gmail account. We ultimately gave up and she created a second, new account instead. She had been using the original account forever (15+ years) and it was created so long ago that she didn’t need to provide any “recovery” contacts at that time (or she may have used a landline phone number that’s long been cancelled now). For at least the last decade, she was just using the stored password to login and check her email. When her ancient iPad finally died, she tried to add the gmail account to her new replacement iPad. However, she couldn’t remember the password in order to login. Because the old device had changed and she couldn’t remember the password and there was no back channel recovery method for her account, there was no way to login. I don’t know if you’ve ever attempted to contact a human being at google tech support, but it’s pretty much impossible. They also don’t seem to have an exception mechanism for cases like this. So she had to abandon hopes of viewing the google photos of her (now deceased) beloved pet, her contacts, her email subscriptions, reminders, calendar entries, etc.

I understand the desire to keep accounts secure and the need to reduce customer support expenses for a free service with millions of users. But it’s also frustrating for end users when there’s no way to appeal/review/reconsider the automated lockout. She’s nearly 90 years old, so I find it remarkable that she’s able to use the iPad. But it’s difficult to know what to say to someone like this when she asks “what can we do now” and there are no options…

I recognize that there are many different kinds of google users. Some folks (like journalists, dissidents, whistleblowers, political candidates, human rights workers, etc.) need maximum security for their communications (and their contacts). In these cases, it makes sense to employ multifactor authentication, end-to-end encryption, one time passwords, and other exceptional privacy and security features. However, there are a great many average users who find these additional steps difficult, frustrating and (esp. in the case of elderly people who aren’t necessarily very technology savvy), sometimes bewildering. It’s tough to explain that your treasured photos can’t be retrieved because you’re not the sort of user that google had in mind. Not everyone is a millennial digital native who finds this all obvious.

 – – – Message Text Ends – – –

–Lauren–

]]>
Potentially Serious Issues with Google’s Announced Inactive Accounts Deletion Policy https://lauren.vortex.com/2023/05/16/google-inactive-accounts-deletion Tue, 16 May 2023 18:52:53 +0000 https://lauren.vortex.com/?p=5007 Continue reading "Potentially Serious Issues with Google’s Announced Inactive Accounts Deletion Policy"]]> UPDATE: 24 May 2023: A Proposal for “Enhanced Recovery Services” for Locked Out Google Accounts

UPDATE (17 May 2023): An Example of a Very Sad Google Account Recovery Failure — and How It Affects Real People

– – –

Google has announced that inactive personal Google accounts will be removed and all of their data deleted after two years, after a number of emailed reminders:

https://blog.google/technology/safety-security/updating-our-inactive-account-policies/

Right now I’m only going to thumbnail some potentially serious issues with this policy. They deserve a much more detailed examination that I will address when I can, but there are many associated concerns that Google did not address publicly, and these matter enormously because Google is so much a part of so many people’s lives around the planet.

– Will account names become available for reissuing after an account is deleted? Google policy historically has been that used account names are permanently barred from reissuing. I am assuming that this is still the case, but I’d appreciate confirmation. This would be the best policy from a security standpoint, of course.

UPDATE (17 May 2023): I’ve now received confirmation from Google that account names will not be reissued after these account deletions. Good.

– Given the many ways that users can lose access to their Google accounts, including password and other authentication confusion, lockouts in error due to location login issues, and many other possibilities related to authentication and account recovery complexities, I am not convinced that deleting user data after two years of inactivity is a wise policy. While keeping the data around forever is impractical, two years seems very short from a legal standpoint in an array of ways, even if routine user access is blocked after two years of inactivity. While many users locked out of their accounts simply create new accounts, many still have crucial data in those “trapped” accounts, and most users unfortunately do not use the “Takeout” facilities Google provides to download data while accounts are still active.

 – The impact on user photos and public YouTube videos are especially of concern. Many popular and important YouTube videos are associated with very old accounts that are likely effectively abandoned. The loss of these public videos from YouTube could be devastating.

UPDATE (17 May 2023): While their original announcement yesterday said that YouTube videos would be deleted when accounts were deleted under this policy, Google has responded to concerns about YouTube videos and has now made a statement that “At this time, we do not plan to delete accounts with YouTube videos.” Obviously this leaves some related open questions for the future, but is still great news.

– Many people use Google accounts for logging in to non-Google sites via federated login (“Login with Google”) mechanisms. While Google says these logins will continue to constitute activity, many of these accounts are likely fairly old and their associated users may not have used them for anything directly on Google for years (including reading emails). If they also have not been logging on to those third party sites for extended periods, when they do try again they’re likely to be quite upset to find their Google accounts necessary for access have been deleted.

I could go on but for now I just wanted to point out a few of the complex negative ramifications of Google’s policy in this regard, irrespective of their assertion that they’re meeting “industry standards” related to account retention and deletion. 

As it stands, I predict that a great many people are going to lose an enormous amount of data due to this Google policy — data that in many cases is very important to them, and in the case of YouTube, often important to the entire world.

–Lauren–

]]>
How Google Broke Chrome Bookmarks Sync https://lauren.vortex.com/2023/05/12/how-google-broke-chrome-bookmarks-sync Fri, 12 May 2023 16:27:21 +0000 https://lauren.vortex.com/?p=4996 Continue reading "How Google Broke Chrome Bookmarks Sync"]]> UPDATE (15 May 2023): And … about 48 hours after this original post, bookmarks starting successfully syncing in full to my tablet, after months of failing totally (despite my many best efforts and every sync trick I know). Coincidence? Could be. But I’ll say “Thanks Google!” anyway. 

– – – – – –

Greetings. Recently I asked around for suggestions to help figure out why (after trying all the obvious techniques) I could no longer get my Chrome bookmarks to sync to my primary Android 13 tablet.

Now, courtesy of a gracious #Mastodon user who pointed me at this recent article, I have the answer as to the why. But there’s no apparent fix. Bookmark sync is now broken for power users in significant ways:

https://www.androidpolice.com/google-chrome-bookmark-sync-limit/

In brief, Google appears to have imposed (either purposefully or not) an undocumented limit to the number of bookmarks permitted to be synced between devices. If you exceed that limit, NO bookmarks appear to usually sync — you can end up with no bookmarks at all on most affected devices.

In my case, my Android 13 phone is still syncing all bookmarks correctly, while my tablet has no bookmarks, and shows the “count limit exceeded” error in chrome://sync-internals that the above article notes.

The article suggests that the new undocumented limit is 100K for desktops and 20K for mobile devices. It turns out that I have just over 57K bookmarks currently, so why the limit is exceeded on the tablet and not on the phone is a mystery. But having ZERO synced bookmarks on the tablet is a real problem.

Yeah, there are third party bookmark managers and ways to create bookmark files that could be viewed statically, but the whole point of Chrome bookmark sync is keeping things up to date across all devices. This needs to work!

And if you feel that 57K bookmarks is a lot of bookmarks — you’re right. But I’ve been using Chrome since the first day of public availability, and my bookmarks are the road maps to my use of the Net. For them to just suddenly stop working this way on a key device is a significant problem.

I’d appreciate some official word from Google regarding what’s going on about this. Have they established new “secret” limits? Is this some sort of bug? (The error message suggests not.) Please let me know, Google. You know how to reach me. Thanks. 

–Lauren–

]]>
Big Tech Needs to Vastly Improve Their Public Communications — or Potentially Face a Political Train Wreck Over AI (and More) https://lauren.vortex.com/2023/04/11/big-tech-public-comms-train-wreck Tue, 11 Apr 2023 18:29:51 +0000 https://lauren.vortex.com/?p=4980 Continue reading "Big Tech Needs to Vastly Improve Their Public Communications — or Potentially Face a Political Train Wreck Over AI (and More)"]]> In several of my past recent posts:

The “AI Crisis”: Who Is Responsible?
https://lauren.vortex.com/2023/04/09/the-ai-crisis-who-is-responsible

State and Federal Internet ID Age Requirements Are Hell-Bent on Turning the Internet Into a Chinese-Style Internet Nightmare
https://lauren.vortex.com/2023/03/23/government-internet-id-nightmare

Giving Creators and Websites Control Over Generative AI
https://lauren.vortex.com/2023/02/14/giving-creators-and-websites-control-over-generative-ai

and others in various venues, I have expressed concerns over the “perfect storm” that is now circling “Big Tech” from both sides of the political spectrum, with both Republicans and Democrats proposing (sometimes jointly, sometimes in completely opposing respects) “solutions” to various Internet-related issues — with some of these issues being real, and others being unrealistically hyped.

The latest flash point is AI — Artificial Intelligence — especially what’s called generative AI — publicly seen mainly as so-called AI chatbots.

I’m not going to repeat the specifics of my discussions on these various topics here, except in one respect.

For many (!) years I have asserted that these Big Tech firms (notably Google, but the others as well to one degree or another) have been negligently deficient in their public communications, failing to adequately assure that ordinary non-technical people — and the politicians that they elect — understand the true nature of these technologies.

This means both the positive and negative aspects of tech. But the important point is that the public needs to understand the reality of these systems, and not be misguided by misinformation and often politically-biased disinformation that fill the information vacuum left by these firms, often out of a misguided and self-destructive fear of so-called “Streisand Effects”, which the firms are afraid will occur if they mention these issues in any depth.

It is clear that such fears have done continuing damage to these firms over the years, while robust public communications and public education — not looking down at people, but helping them to understand! — could have instead done enormous good.

I’ve long called for the hiring of “ombudspersons” or liaisons — or whatever you want to call them — to fill these important, particular communications roles. These need to be dedicated roles for this purpose.

The situation has become so acute that it may now be necessary to have roles specific to AI-related public communications to help avoid the worst of the looming public relations and political catastrophes, that could decimate the positive aspects of these systems, and over time seriously damage the firms themselves.

But far more importantly, it’s society at large that will inevitably suffer when politics and fear win out over a true understanding of these technologies — how they actually impact our world in a range of ways — again, both positive and negative, both now and into the future.

The firms need to do this now. Right now. All of the greatest engineering in the world will not save them (and us!) if their abject public communications failures continue as they have to date.

–Lauren–

]]>
The “AI Crisis”: Who Is Responsible? https://lauren.vortex.com/2023/04/09/the-ai-crisis-who-is-responsible Sun, 09 Apr 2023 19:00:35 +0000 https://lauren.vortex.com/?p=4972 Continue reading "The “AI Crisis”: Who Is Responsible?"]]> There is a sense of gathering crisis revolving around Artificial Intelligence today — not just AI itself but also the public’s and governments’ reactions to AI — particularly generative AI.

Personally, I find little blame (not zero, but relatively little) with the software engineers and associated persons who are actually theorizing, building, and training these systems.

I find much more blame — and the related central problem of the moment — with some non-engineers (e.g., some executives at key levels of firms) who appear to be pushing AI projects into public view and use prematurely, out of fear of losing a seemingly suddenly highly competitive race, in some cases apparently deemphasizing crucial ethical and real world impact considerations.

While this view is understandable in terms of human nature, that does not justify such actions, and I fear that governments’ reactions are heading toward a perfect storm of legislation and regulations that may be even more problematic than the premature release of these AI systems has been for these firms and the public. This may potentially set back for years critical work in AI that has the potential to bring great benefits (and yes, risks as well — these both come together with any new technology) to the world.

By and large the Big Tech firms working on AI are doing a negligent and ultimately self-destructive job at communicating the importance — and limitations! — of these systems to the public, leaving a vacuum to be filled with misinformation and disinformation to gladden the hearts of political opportunists (both on the Right and the Left) around the planet.

If this doesn’t start changing for the better immediately, today’s controversies about AI are likely to look like firecrackers compared with nuclear bombs in the future. 

–Lauren–

]]>
State and Federal Internet ID Age Requirements Are Hell-Bent on Turning the Internet Into a Chinese-Style Internet Nightmare https://lauren.vortex.com/2023/03/23/government-internet-id-nightmare Fri, 24 Mar 2023 01:28:54 +0000 https://lauren.vortex.com/?p=4970 Continue reading "State and Federal Internet ID Age Requirements Are Hell-Bent on Turning the Internet Into a Chinese-Style Internet Nightmare"]]> The new Utah Internet ID age laws signed today — and what other states and the feds are moving toward in the same realm — will destroy social media and much else of the Internet as we know it.

Vast numbers of people will refuse to participate in any government ID-based scheme for age verification, no matter how secure and compartmented it is claimed to be (e.g. through third-party verifiers).

Many persons, rightly concerned about basic privacy rights, already use different names and specify different birthdays on different sites, to avoid being subjected to horrific problems in the case of data breaches, and to avoid being tracked across sites discussing unrelated topics.

These government moves are clear steps on the way toward creating a Chinese-style Internet where every individual’s Internet usage is tracked and monitored by the government, creating a vast and continuous climate of fear, oppression, and government control.

–Lauren–

]]>
Giving Creators and Websites Control Over Generative AI https://lauren.vortex.com/2023/02/14/giving-creators-and-websites-control-over-generative-ai Tue, 14 Feb 2023 18:35:27 +0000 https://lauren.vortex.com/?p=4958 Continue reading "Giving Creators and Websites Control Over Generative AI"]]> Seemingly overnight, the Internet is awash with controversies over Generative Artificial Intelligence (GAI) systems, and their potential positive and negative impacts on the Net and the world at large.

It also seems very clear that unless we (for once!) get ahead of the potential problems with this new technology that seem to be rushing toward us like a freight train, there could be some very tough times ahead for creators, websites, and ordinary Internet users around the world.

I’m not writing a tutorial here on GAI, but very briefly it’s not the kind of “backend” AI systems with which most of us are more familiar, used for research and modeling, sorting the order of search results and suggestions, and even the kinds of generally useful very brief “answers” we see as (for example) Google Knowledge Panels, featured snippets, or short Google Assistant answers (and the similar features of other firms’ products).

GAI is very different, because it creates (and this is a greatly simplified explanation) what appears to be (at least in theory) completely *new* content, based on its algorithms and the data on which it has been trained.

GAI can be applied to text, audio, imagery, video — pretty much everything we’ve come to associate with the Net. And already, serious problems are emerging — not necessarily unexpected at this early stage, but ones that we must start dealing with now or risk a maelstrom later.

GAI chatbots have been found to spew racist and other hateful garbage. The long-form answers and essays that are the stock-in-trade of many GAI systems can be beautifully written, appear knowledgeable and authoritative — but still be riddled with utterly incorrect information. This can be a hassle indeed even with purely technical articles that have had to be withdrawn as a result, but can get downright scary when they involve, as in one recent case, an article on men’s health issues.

There are more problems. GAI can easily create “fake” pornography targeting individuals. It can be used to simulate people’s voices for a range of nefarious purposes — or even potentially just to simulate the voices of professional voice actors without their permission.

Eventually, the kind of scenario imagined in the 1981 film “Looker” — where actors once scanned could be completely emulated by (what we’d now call) GAI systems — could actually come to pass. We’re getting quite close to this already in the film industry and the world of so-called deepfakes — the latter potentially carrying enormous risks for disinformation and political abuse.

All of this tends to point us mainly in one direction: How GAI is trained.

In many cases, the answer is that websites are crawled and their data used for GAI purposes, without the explicit permission of the creators of that data or the sites hosting it.

Since the beginning of Search on the Internet, there has been something of a largely unwritten agreement. To wit: Search engines spider and index sites to provide lists of search results to users, and in return those search engines refer users back to those original sites where they can get more information and find other associated content of interest.

GAI in Search runs the risk of disrupting this model in major ways. Because by presenting what appear to be largely original long-form essays and detailed answers to user search queries, the probability of users ever visiting those sites that (often unknowingly) provided the GAI training data, even when links are present, is likely to drop precipitously. Even with links back provided by the GAI answers, why are users going to bother visiting those sites that provided the data to the GAIs, if the GAIs have already completely answered those users’ questions?

Complicating this even further is that the outputs of some GAI systems appear to frequently include largely or even completely intact (or slightly reworded) stretches of text, elements of imagery, and other data that the GAI presents as if they were wholly original.

Creators and websites should be able to choose if and how they wish their data to be incorporated into GAI systems. 

Accomplishing this will be a complex undertaking, likely involving both technical and legislative aspects in order to be even reasonably effective, and will almost certainly always be a moving target as GAI systems advance.

But a logical starting point could be expansion of the existing Internet Robots Exclusion Protocol (REP — e.g. robots.txt, meta tags, etc.) currently used to express website preferences regarding search indexing and associated functions. While the REP is not universally adhered to today, major sites usually do follow these directives.

Indeed, even defining GAI-related directives for REP will be enormously challenging, but this could get the ball rolling at least.

We need to immediately start the process of formulating the control methodologies for what training data Generative Artificial Intelligence systems are permitted to use, and the manners in which they do so. Failure to begin considering these issues risks enormous backlash against these systems going forward, which could render many of their potential benefits moot, to the detriment of everyone.

–Lauren–

]]>
2023 and Social Media’s Winds of Change https://lauren.vortex.com/2022/12/31/2023-and-social-medias-winds-of-change Sat, 31 Dec 2022 17:41:08 +0000 https://lauren.vortex.com/?p=4948 Continue reading "2023 and Social Media’s Winds of Change"]]> Greetings. The last hours and minutes of 2022 are ticking off, and we’re all being drawn inexorably into the new year and even deeper into the 21st century.

In my previous post of early October — Social Media Is Probably Doomed — I discussed various issues that call into question the ability of social media as we’ve known it to continue for much longer. Since then we’ve seen the massive chaos at Twitter when Musk took over, the rapid rise of distributed social media ecosystem Mastodon, and an array of other new confounding factors that make this analysis notably more complex and less deterministic. 

It’s perhaps interesting to note that only a year ago, pretty much nobody had predicted that Elon Musk would — voluntarily, single-mindedly, and over such a short period of time — have reinvented himself as a pariah to a large segment of his customers and the public at large, and be in a position to remake Twitter in the image of the very worst that social media can offer.

The lessons that we can draw from this are many, beyond the obvious ones such as that dramatic, abrupt changes in the tech world — and broader society — should be considered more the norm than the exception, especially in our current toxic political environment.

And it’s important to note that no technology — nor the persons who develop, deploy, operate, or use it — is immune from such disruptions.

This includes Mastodon of course. And while the distributed nature of this ecosystem perhaps provides some additional buffering from sudden changes that more centralized services usually do without, that does not suggest invulnerability to many of the same kinds of problems plaguing other social media, despite best intentions.

And this is definitely not to assert that blindly attempting to resist changes is the proper course. In fact, *not* being willing to appropriately evolve with a massive growth in the quantity of users — especially as increasingly more nontechnically-oriented persons arrive — is likely lethal to a social media ecosystem in the long run.

As we stand on the cusp of 2023, there is immense potential in Mastodon and other distributed social media models. But there are also enormous risks — fear of change being among the most prominent and potentially negatively impactful of these.

Given all that’s happening, I suspect that this coming year will be a crucial turning point for social medial in many ways — both technical and nontechnical in scope.

We can try to hold back the winds of change in these regards, or we can endeavor to harness them for the good of all. That, my friends, is not the choice of technology itself, it is solely up to us.

All the best to you and yours for a great 2023. Happy New Year!

–Lauren–

]]>
Social Media Is Probably Doomed https://lauren.vortex.com/2022/10/04/social-media-is-probably-doomed Wed, 05 Oct 2022 01:00:50 +0000 https://lauren.vortex.com/?p=4941 Continue reading "Social Media Is Probably Doomed"]]> UPDATE (31 December 2022): 2023 and Social Media’s Winds of Change

– – – – – –

Social media as we’ve known it is probably doomed. Whether a decline in social media would on balance be good or bad for society I’ll leave to another discussion, but the handwriting is on the wall for a major decline in social media overall.

As with most predictions, the timing and other details will surface in coming months and years, but the overall shape of things to come is not terribly difficult to visualize.

The fundamental problem is also clear enough. A vast range of entities at state, federal, and international levels are in the process of enacting, invoking, or otherwise planning a range of regulatory and other legal mandates that would apply to social media firms — with many of these requirements being in direct and total opposition to each other.

The most likely outcome from putting these firms “between a rock and hard place” will be a drastic reduction of social media services provided, resulting in a massive decrease in ordinary persons’ ability to communicate publicly, rather than the increase that various social media critics have been anticipating.

Let’s very briefly review just some of the factors in the mix:

The political Right in the U.S. generally wants public postings to stay up, even if they contain racist or other hate speech or misinformation/disinformation. This is the outline of the push from states like Texas and Florida. Meanwhile, the Left and other states like California want more of the same sort of postings taken down even faster than they are now. Unless you can somehow provide different feeds on a posting by posting basis to users in different states (and what of VPN usage from other areas?), this creates an impossible situation.

Both the Left and Right hate Section 230, but for opposite reasons, relating to my point just above. Even the Biden White House has this wrong, arguing that cutting back 230 protections would force social media firms to more tightly moderate content, when in reality tampering with 230 would make hosting most UGC (User Generated Content) far too risky.

Elon Musk has proposed that Twitter carry any postings that aren’t explicitly illegal or condoning violence. This suggests an increase in the kind of hate speech and disinformation that not only drives away many users, but also tends to cause enormous problems for potential advertisers and network infrastructure providers, who usually do not want to be associated with such materials. And then of course there’s the EU — which has its own requirements (much more robust than in the U.S.) for dealing with hate speech and misinformation/disinformation.

There are calls to strip Internet users of all anonymity, to require use of real names (tied to official IDs, perhaps through some third party mechanisms) based on the theory that this would reduce hate speech and other attack speech. Yet studies have shown that such abhorrent speech continues to flower even when real names are used, while forcing real names causes already marginalized persons and groups to be even further disadvantaged, often in dangerous ways. Is there a middle ground on this? Perhaps requiring IDs be known to a third party (in case of abuse) before posting to large numbers of persons is permitted, but still permitting the use of pseudonyms for those postings? Maybe, but it seems like a long shot. 

Concerns over posting of terrorist content, live streaming of shootings, and other nightmarish postings have increased calls for pre-moderation of content before it goes public. But at the massive scale of the large social media firms, it’s impossible to see how this could be practical, for a whole range of reasons, unless the amount of content permitted from the public were drastically reduced.

And this is just a partial list. 

For social media to have any real value and practicality, it can’t operate on a reasonable basis when every state, every country may demand a different and conflicting set of rules. While there are certainly some politicians and leaders who do understand these issues in considerable depth, many others don’t worry about whether their technical demands are practical or what the collateral damage would be, only whether they’re good for votes come the next election.

And now we reach that part of this little essay where I’m expected to announce my preferred solution to this set of problems. Well dear readers, I’ve got nothing for you. I don’t see any practical solutions for these dilemmas. The issues are in direct conflict and opposition, and there is no obvious route toward their reconciliation or harmonization. 

So I can do little more here than push the needle into the red zone, sound the storm warnings, and try to point out that the paths we’re taking — absent some almost unimaginable changes in the current patterns — are rocketing us rapidly toward a world of social media that will likely briefly flare brightly and then go dark, like an incandescent light bulb at the end of its life, turned on just one too many times.

This analogy isn’t perfect of course, and there will continue to be some forms of social media under any circumstances. But the expected experience seems most likely to become increasingly constrained over time, along with all other aspects of publicly accessible user-provided materials — the incredible shrinking content.

As I said earlier, nobody knows how long this process will take. It won’t happen overnight. But we’ll have taken the path into this wilderness of our own free will, eyes wide open.

Please don’t forget to turn off the lights on your way out.

–Lauren–

]]>
How to Fix Google’s Gmail Political Spam Bypass Plan https://lauren.vortex.com/2022/08/03/how-to-fix-googles-gmail-political-spam-bypass-plan Wed, 03 Aug 2022 17:30:16 +0000 https://lauren.vortex.com/?p=4916 Continue reading "How to Fix Google’s Gmail Political Spam Bypass Plan"]]> UPDATE (25 January 2023): Google has announced that it will terminate this program at the end of this month (31 January 2023).

– – – – – –

Recently in Google’s Horrible Plan to Flood Your Gmail with Political Garbage I discussed Google’s plan to permit “official” political emails to bypass Gmail spam filters, with users able to opt-out from this bypass only on a sender-by-sender basis as political emails arrive. So as new “official” political senders proliferate, this will be a continuing unwanted exercise for most Gmail users.

The Federal Election Commission has now posted a draft decision that effectively gives Google a go ahead for this plan (UPDATE: 11 August 2022: The FEC has now officially approved the plan). The large number of comments received by the FEC regarding this proposal were overwhelmingly negative (it was difficult to find any positive comments at all), but the FEC is only ruling on the technical question of whether such a plan would represent prohibited in-kind political contributions.

My view is that Gmail users should be able to opt-out of this entire political spam bypass plan if that is their choice. Political emails would in that case continue going into those individual users’ spam folders to the same extent that they do now.

My specific recommendation:

The first time that a political email arrives for a Gmail user that would bypass spam filtering under the Google plan, the Gmail user would be presented with a modal query with words to this effect (and yes, wording this properly will be nontrivial):

Do you want official political emails to arrive in your Gmail inbox rather than any of them going to your spam folder, unless you indicate otherwise regarding specific political email senders? You can change this choice at any time in Gmail Settings.
(TELL ME MORE)
YES
NO

There is no “default” answer to this query. Users must choose either YES or NO to proceed (with the TELL ME MORE choice branching off to an explanatory help page).

This is a matter of showing respect to Gmail users. The political parties do not own Gmail users’ inboxes, but users who are concerned about missing political emails that might otherwise go to the spam folder would be able to participate in this program, while other users would not be forced into participation against their wills.

Of course this will not satisfy some politicians who incorrectly assume that so much political email ends up in spam due to a claimed political bias against them by Google. In fact, Google applies no political bias at all to Gmail — so much political email ends up in spam precisely because that’s where most Gmail users want it to be.

Google is between the proverbial rock and a hard place on this matter, but I’m asking Google to side with their users. I’d prefer that the Gmail political spam bypass plan not be deployed at all, but if it’s going to happen than let’s give Google’s users a choice to participate or not, right up front.

It’s the Googley thing to do.

–Lauren–

]]>
Google’s Horrible Plan to Flood Your Gmail with Political Garbage https://lauren.vortex.com/2022/07/13/googles-horrible-plan-to-flood-your-gmail-with-political-garbage Wed, 13 Jul 2022 17:40:19 +0000 https://lauren.vortex.com/?p=4900 Continue reading "Google’s Horrible Plan to Flood Your Gmail with Political Garbage"]]> UPDATE (25 January 2023): Google has announced that it will terminate this program at the end of this month (31 January 2023).

UPDATE (11 August 2022): The Federal Election Commission has now officially approved this Google plan.

UPDATE (3 August 2022): How to Fix Google’s Gmail Political Spam Bypass Plan

UPDATE (3 August 2022): A Federal Election Commission Draft APPROVES this plan. See: https://www.fec.gov/files/legal/aos/2022-14/202214.pdf

UPDATE (19 July 2022): Public comments on this proposal can now be viewed here on the Federal Election Commission site.

UPDATE (14 July 2022): The Federal Election Commission today extended the public comment period for this issue from a deadline of July 16 to a new ending date of August 5th. I have updated this post accordingly.

– – – – – –

Google is backed into a corner, and Google’s attempt to get out of this corner could be very bad for Gmail users. You have just a few weeks remaining to make your opinion known about this. Please read on.

While Google studiously avoids political bias, the GOP has been bitching for ages with the ludicrous claim that Google is purposely directing GOP political emails into Gmail users’ spam folders. The GOP asserts that Google directs more political emails from Republicans than from Democrats into the spam jail, and that this is because (the GOP claims) Google hates Republicans. 

Not true. The reason more GOP political emails end up in spam is that spam is exactly where most Gmail users want those emails to be.

While both Democrats and Republicans are guilty of sending unwanted, unsolicited political emails, the fact is that Republicans send more in quantity, and they tend to be more insidious, including traps like automatic recurring payments after supposedly one-time donations, and claims (like repeating Trump’s Big Lie about the 2020 election) that are misleading at best and often ludicrous and dangerous. This crap deserves to be in spam.

In an attempt to get out from under what are mostly GOP complaints, Google has asked the Federal Election Commission for approval for a plan to make emails from authorized candidate committees, political party committees and leadership political action committees registered with the FEC exempt from spam detection, as long they abide by Gmail’s rules on phishing, malware and illegal content.

There’s stuff in there about notifying users the first time that they get one of these emails from a campaign so that they can (supposedly) opt-out and other details. It doesn’t matter. This plan will bury many Gmail users under a mountain of stinking swill. 

Google’s plan will never work, for a couple of reasons.

One is that campaign and other political mailings multiply and spread like a hideous plague. I’ve had the unpleasant experience of helping a Gmail user clean up the mess created when they subscribed to a single political website, in this case, yes, a Trump site that later was found to be soliciting funds for one purpose but actually using them for something else entirely. Big surprise, huh? 

In almost no time at all, this had metastasized into political mailings from affiliated groups spouting lies and begging for money, mixed in with all manner of political-appearing phishing attempts and other scams. These were showing up in his Gmail literally every few minutes. An utter nightmare. This doesn’t happen only with that GOP — though they’re the larger culprit in this saga.

The second reason that the Google plan will fail is that it will never satisfy the GOP. They’ve already proposed legislation that would make it illegal to send political email into spam. They want you to see all of it, every single word, whether you want to see it or not, whether you ever asked to see it or not.

The bottom line is that the Google plan will result in your Gmail inbox being flooded with unsolicited political garbage, that you’ll need to sort through and try (good luck!) to unsubscribe to. Whether you’re a Democrat, a Republican, an Independent, or something else entirely, this probably isn’t how you really want to be spending your days.

Again, I realize that Google has been unfairly forced into this position, but that can’t and doesn’t give this plan a pass.

The Federal Election Commission is now allowing for public comments until August 5th regarding this terrible idea. You can email your comments to:

ao@fec.gov

Please note that such emails may become part of the publicly inspectable public record related to this issue.

It’s been many years since I’ve seen a worse proposal related to email spam, and it’s very unfortunate that Google has been forced into this situation. But that’s where we are, so speak now or forever hold your peace.

–Lauren–

]]>
My Thoughts About Google’s New Blog Post Regarding Health-Related Data Privacy https://lauren.vortex.com/2022/07/01/my-thoughts-about-googles-new-blog-post-regarding-health-related-data-privacy Fri, 01 Jul 2022 23:09:20 +0000 https://lauren.vortex.com/?p=4883 Continue reading "My Thoughts About Google’s New Blog Post Regarding Health-Related Data Privacy"]]> In my very recent post:

“Internet Users’ Safety in a Post-Roe World”

I expressed concerns regarding how Internet and telecommunications firms would protect women’s and others’ data in a post-Roe v. Wade world of anti-abortion states’ health data demands.

Google has now briefly blogged about this, at:

“Protecting people’s privacy on health topics”

The most notable part of the Google post is the announcement of this important change:

“Location History is a Google account setting that is off by default, and for those that turn it on, we provide simple controls like auto-delete so users can easily delete parts, or all, of their data at any time. Some of the places people visit — including medical facilities like counseling centers, domestic violence shelters, abortion clinics, fertility centers, addiction treatment facilities, weight loss clinics, cosmetic surgery clinics, and others — can be particularly personal. Today, we’re announcing that if our systems identify that someone has visited one of these places, we will delete these entries from Location History soon after they visit. This change will take effect in the coming weeks.”

I definitely endorse this change, which aligns with the suggestions in my above referenced blog post regarding handling of sensitive location data. Thank you Google for taking this crucial action. This is an excellent start.

However, not yet publicly addressed by Google are the issues I noted regarding how these sensitive topics in search histories (both as stored by Google itself and/or on browsers) could also be abused by anti-abortion states hell-bent on pursuing women and others as part of those states’ extremist agendas, including in many instances abortion bans without exceptions for rape and incest.

Again, I praise Google for their initial step regarding location data, but there’s much more work still to do!

–Lauren–

]]>
Social Media Sites Should Be Required to ID Many Users https://lauren.vortex.com/2022/06/23/social-media-sites-should-be-required-to-id-many-users Thu, 23 Jun 2022 18:15:08 +0000 https://lauren.vortex.com/?p=4867 Continue reading "Social Media Sites Should Be Required to ID Many Users"]]> Greetings. I write the following with no joy whatsoever.

I have reluctantly come to the conclusion that it may be necessary to legislate that any social media user who wishes to have their posts seen by more than a small handful of users will need to be authenticated by any (significantly-sized) sites, using government IDs.

This identification information would be retained by the firms so long as the users are active and for some specified period afterwards. Users would *not* be required to use their real names for posts, but the linkages to their actual IDs would be available to authorities in cases of abuse under appropriate, precisely defined circumstances, subject to court oversight. 

This would include situations where a post may be forwarded to larger audiences by others, which will be a technical challenge to implement.

The ability to reach large audiences on today’s Internet should be a privilege, no longer a right.

It is very sad that it has come to this.

–Lauren–

]]>
Internet Users’ Safety in a Post-Roe World https://lauren.vortex.com/2022/06/18/internet-users-safety-in-a-post-roe-world Sat, 18 Jun 2022 16:57:49 +0000 https://lauren.vortex.com/?p=4858 Continue reading "Internet Users’ Safety in a Post-Roe World"]]> UPDATE (1 July 2022): My Thoughts About Google’s New Blog Post Regarding Health-Related Data Privacy

UPDATE (24 June 2022): As expected, the U.S. Supreme Court today overturned Roe v. Wade, bringing the issues discussed below into immediate focus.

TL;DR: By no later than early this July, it is highly probable that a nearly half-century nationwide precedent providing women with abortion-related protections will be partly or completely reversed by the current U.S. Supreme Court (SCOTUS). This sea change, especially impacting women’s rights but with even broader implications now and into the future, would immediately and dramatically affect many policy and operational aspects of numerous important Internet firms. Unless effective planning for this situation takes place imminently, the safety of women, the well-being of Internet users more generally, and crucial services of these firms themselves will in all likelihood be at risk in critical respects.

– – – – – –

Since the recent leak of a SCOTUS draft decision that would effectively eliminate the national protections of Roe v. Wade, and subsequent remarks by some of the associated justices, it is now widely assumed that within a matter of days or weeks a partial or total reversal of Roe will revert the vast majority of abortion-related matters back to the individual states. 

Many politicians and states have already indicated their plans to immediately ban most or even all abortions, including in some cases those related to rape and incest, and even those to preserve the health of the woman, with only narrow exceptions even to save mothers’ lives. Some of these laws may effectively criminalize miscarriages. Some may introduce both civil and criminal penalties related to abortion, possibly bringing homicide or murder charges against involved parties, potentially including the pregnant women. 

Various states plan to try extending their bans and civil/criminal penalties to include anyone who “participates” in making abortions possible, even if they are in other states, as when a woman travels to a different state for an abortion (the legality of one state attempting to impact actions in another state in this manner is unclear, but with today’s SCOTUS no possibilities can be safely ignored). Actions by some states to try ban obtaining, ordering, or providing various abortion drugs are also already being enacted. Note that SCOTUS has to date permitted to continue the Texas mechanism for suing abortion providers, which has largely blocked abortions in that state.

“Trigger laws” already in place in some states along with the statements of state legislators indicate that near total or total abortion bans will immediately become law in various states if the anticipated SCOTUS decision is announced. 

Anti-abortion and affiliated factions are already planning — using the reasoning of the expected SCOTUS decision as a foundation — for follow-up actions pushing for national abortion bans, limits on contraception, banning gay marriage, rolling back LGBTQ+ rights, and related activities. U.S. Senate Republican Leader Mitch McConnell has recently proclaimed that a nationwide abortion ban is possible if the GOP retakes the House, Senate, and presidency. 

These events are creating what could become an existential threat to many Internet users and to key aspects of many Internet firms’ policy and operational models.

Given the sweeping and unprecedented scope of the oppressive laws that would be unleashed on pregnant women and anyone else who becomes involved with their healthcare, especially given the civil and even criminal penalties being written into these laws, it seems inevitable that demands for access to data in the possession of many Internet and telecommunications firms relating to user activities will drastically increase.

Search histories (both server and browser) and potentially even stored email data could be sought looking for queries about abortion services, abortion drugs, and numerous other related topics. Location data (both targeting specific users, and data from broader geofence warrants associated with, for example, abortion providers) could be demanded. A range of other resulting data demands are also highly probable. It is also expected that there would be even more calls for government-mandated backdoors into end-to-end encrypted messaging systems.

Women may put their health and lives at risk by not seeking necessary health services, for fear of these abortion laws. Women’s partners, other family members, friends, associates, and healthcare providers may reasonably believe that their livelihoods or freedom may compromised if they are found to be providing or aiding in any manner related to abortion services. 

Many users may cease using Internet and various telecommunications services in the manners that they previously would have, out of concerns that their related activities and other data could ultimately fall into the hands of state or other officials, and then be used to track and potentially prosecute them under these abortion-related laws.

This situation is a Trust & Safety emergency of the first order for all of these firms.

While some firms already provide users a range of search/location history control tools, I would assert that most users do not understand them and are frequently unaware of how they are actually configured.

I believe that the best mechanism at this time to help protect women and affiliated others who would be victimized by these state actions is to not save the associated data in the first place, unless a user decides that they desire to have that data saved.

One possibility would be for these firms to proactively offer users the option to not save (or alternatively, very quickly expunge) their search, location, and other user activity data associated with abortion and important related issues — both on company servers, and within browser histories if practicable. Users who wished to have any of these categories of data activity saved as before could choose not to exercise this option.

Unfortunately, a database of users who opt out of having this data saved may itself be an attractive data demand target by parties who may assume that it mainly represents individuals attempting to hide activities related to abortions. This possibility may argue for the preferred default behavior being to not save this data, and offering users the option of saving it if they so choose.

While these changes could be part of a desirable broader effort to give users more control over which specific aspects of their “personally sensitive” activity data are saved, this would of course be a significantly larger project, and time is of the essence given the imminent SCOTUS ruling. 

Obviously I am not here addressing the detailed legal considerations or potential technical implementation challenges of the proposals above, and there may exist other ways to quickly ameliorate the risks that I’ve described, though practical alternatives are not obvious to me at present.

However, I do feel strongly that the status quo regarding user activity data in a post-Roe environment could create a nightmarish situation for many women and other Internet users, and be extraordinarily challenging for firms from Trust & Safety and broader policy and operational aspects. 

I strongly recommend that actions be taken immediately to protect Internet users from the storm that will likely arrive very shortly indeed.

–Lauren–

]]>
Big Tech and the Internet Are Not Our Enemies https://lauren.vortex.com/2022/06/13/big-tech-and-the-internet-are-not-our-enemies Mon, 13 Jun 2022 18:07:55 +0000 https://lauren.vortex.com/?p=4842 Continue reading "Big Tech and the Internet Are Not Our Enemies"]]> It seems like only a few years ago, the entire world was enamored of Big Tech and the Internet — and pretty much everyone was trying to emulate their most successful players. But now, to watch the news reports and listen to the politicians, the Internet and Big Tech are Our Enemies, responsible for everything from mass shootings to drug addiction, from depression to child abuse, and seemingly most other ills that any particular onlooker finds of concern in our modern world.

The truth is much more complex, and much more difficult to comfortably accept. For the fundamental problems we now face are not the fault of technology in any form, they are fully the responsibility of human beings. That is, as Pogo famously said, “We have met the enemy, and he is us.”

What’s more, most users of social media and other Internet services don’t realize how much they have to lose as a result of the often politically motivated faux “solutions” being proposed (and in some cases already passed into law) that could literally cripple many of the sites that billions of us have come to depend upon in our daily lives.

Hate speech, for example, was not invented by the Internet. While it can certainly be argued that social media increased its distribution, the intractable nature of the problem is clearly demonstrated by calls from the Right to leave most hate speech available as legal speech (at least in the U.S. — other countries have different legal standards regarding speech), while the Left (and many other countries) want hate speech removed even more rapidly. Both sides propose draconian penalties for failures to comply with their completely opposite demands.

In the U.S., some states have already passed laws explicitly prohibiting Big Tech from removing wide ranges of speech, much of which would be considered hateful and/or outright disinformation. These laws are currently unenforced due to court actions, but not on a permanent basis at this time.

The utter chaos that would be triggered by enforcement of such laws and associated attempts to undermine crucial Communications Decency Act Section 230 are obvious. If firms are required by law not to remove speech that they consider to be dangerous misinformation or hate speech, they will almost certainly find themselves cut off from key service providers that they need to stay in operation, who won’t want to keep doing business with them. Perhaps laws would then be passed to try require that those providers not cut off social media firms in such cases. But what of advertisers who do not wish to be associated with vile content? Laws to force them to continue advertising on particular sites are unlikely in the extreme.

Similar dilemmas apply to most other areas of Big Tech and the Internet that are now the subject of seemingly endless condemnation. There are calls for end-to-end encryption of chat systems and other direct messaging to protect private conversations from outside surveillance and tampering — but there are simultaneously demands that governments be able to see into these conversations to try detect child abuse or possible mass shooter events before they occur. Another enormous category of conflicting demands will arise as the U.S. Supreme Court drastically scales back fundamental protections for women.

Even if encryption were banned (a ban that we know would never be anywhere near 100% effective), the sheer scale of the Internet in general, and of social media in particular, are such that no currently imaginable combination of human beings and artificial intelligence could usefully scan and differentiate false positives from genuine threats among the nearly inconceivably enormous volumes of data involved. False positives have real costs — they divert scarce resources from genuine threats where those resources are desperately needed.

Big Tech now finds itself firmly between the proverbial rock and the hard place. Governments, politicians, and others are demanding changes that in many cases aren’t only in 180 degree opposition (“Take down violating posts faster! No, leave them up — taking them down is censorship!”), but are also calling for technologically impractical approaches to monitoring social media (both public postings and private messages/chats) at scale. Many of these demands would lead inevitably to requiring virtually all social media posts to be pre-moderated and pre-approved before being permitted to be seen publicly. Every public post. Every private chat. Every live stream throughout the totality of its existence.

Only in such or similar ways could social media firms meet the demands being strewn upon it, even if the inherent conflicts in demands from different groups and political factions could somehow be harmonized, even leaving aside associated privacy concerns.

But this is actually entirely academic at the kinds of scales at which users currently post to social media. Such pre-moderation is not possible in any kind of effective way without drastically reducing the total volume of user content that is made available.

This would leave Big Tech with only one likely practical path forward. Firms would need to drastically and dramatically reduce the amount of UGC (User Generated Content) that is submitted and publicly posted. All manner of postings — written, video, audio, prerecorded content and live streams, virtually everything that any user might want other users to see, would need to be curtailed. A tiny percentage compared with what is seen today might continue to be publicly surfaced after the required pre-moderation, but this would be a desert ghost town compared to today’s social media landscape.

There are some observers who upon reading this might think to themselves, “So what? To hell with social media! The Internet and the world will be better without it.” But this is fundamentally wrong. The ability of ordinary people to communicate with many others — without having to channel through traditional mass media gatekeepers — has been one of the most essential liberating aspects of the Internet. The appropriate responses to the abusive ways that some persons have chosen to use these capabilities do not include permitting governments to decimate a crucial aspect of the Internet’s empowerment of individuals.

Ultimately might governments expand their monitoring edicts to include email? Will attempts to ban VPNs become mainstream around the planet? There’s no reason to assume that governments demanding mass data surveillance would ultimately hesitate in any of these respects.

Of course, if this is what voters really want, it’s what their politicians will likely provide them. Possible alternatives that might help to limit some abuses — one suggestion at least worth discussing is requiring social media firms to confirm the identities of users posting to large groups before such postings are visible — may not be seriously considered. We shall see.

Unfortunately, most users of the Internet and social media are ill-informed about the realities of these situations. Most of what they are seeing on these topics is political rhetoric devoid of crucial technological contexts. They are purposely kept uninformed regarding the ramifications of the false “remedies” that some politicians and haters of Big Tech are spewing forth daily.

We are on the cusp of having major parts of our daily lives seriously disrupted by political demands that would wither away many of the services on the very sites that are so important to us all.

–Lauren–

]]>
How to Better Solve YouTube’s “Dislike Count” Problem https://lauren.vortex.com/2021/11/12/how-to-better-solve-youtubes-dislike-count-problem Fri, 12 Nov 2021 16:58:07 +0000 https://lauren.vortex.com/?p=4825 Continue reading "How to Better Solve YouTube’s “Dislike Count” Problem"]]> The controversy over the recently announced decision by YouTube to remove publicly viewable “Dislike” counts from all videos is continuing to grow. Many YT creators feel that the loss of a publicly viewable Like/Dislike ratio will be a serious detriment. I know that I consider that ratio useful.

There are some good arguments by Google/YouTube for this action, particularly relating to harassment campaigns targeting the Dislikes on specific videos. However, I believe that YouTube has gone too far in this instance, when a more nuanced approach would be preferable.

In particular, my view is that it is reasonable to remove the publicly viewable Dislike counts from videos by default, but that creators should be provided with an option to re-enable those counts on their specific videos (or on all of their videos) if they wish to do so.

With YouTube removing the counts by default, YouTube creators who are not aware of these issues will be automatically protected. But creators who feel that showing Dislike counts is good for them could opt to display them. Win-win!

–Lauren–

]]>
Apple Backdoors Itself https://lauren.vortex.com/2021/08/06/apple-backdoors-itself Fri, 06 Aug 2021 14:35:16 +0000 https://lauren.vortex.com/?p=4785 Continue reading "Apple Backdoors Itself"]]> UPDATE (September 3, 2021): Apple has now announced that “based on feedback” they are delaying the launch of this project to “collect input and make improvements” before release.

– – –

Apple’s newly revealed plan to scan users’ Apple devices for photos and messages related to child abuse is actually fairly easy to explain from a high-level technical standpoint.

Apple has abandoned their “end-to-end” encrypted messaging promises. They’re gone. Poof! Flushed down the john. Because a communication system that supposedly is end-to-end encrypted — but has a backdoor built into user devices — is like being sold a beautiful car and discovering after the fact that it doesn’t have any engine. It’s fraudulent.

The depth of Apple’s betrayal of its users is not specifically in the context of dealing with child abuse — which we all agree is a very important issue indeed — but that by building any kind of backdoor mechanism into their devices they’ve opened the legal door to courts and other government entities around the world to make ever broader demands for secret, remote access to the data on your Apple phones and other devices. And even if you trust your government today with such power — imagine what a future government in whom you have less faith may do.

In essence, Apple has given away the game. It’s as if you went into a hospital to have your appendix removed, and when you awoke you learned that they also removed one of your kidneys and an eye. Surprise!

There is no general requirement that Apple (or other firms) provide end-to-end crypto in their products. But Apple has routinely proclaimed itself to be a bastion of users’ privacy, while simultaneously being highly critical of various other major firms’ privacy practices. 

That’s all just history now, a popped balloon. Apple hasn’t only jumped the shark, they’ve fallen into the water and are sinking like a stone to the bottom.

–Lauren–

]]>
Keep Governments Away from Social Media “Misinformation Control” https://lauren.vortex.com/2021/07/20/misinformation-control Tue, 20 Jul 2021 20:46:49 +0000 https://lauren.vortex.com/?p=4774 Continue reading "Keep Governments Away from Social Media “Misinformation Control”"]]> As the COVID “Delta” variant continues its spread around the globe, the Biden administration has deployed something of a basketball-style full-court press against misinformation on social media sites. That its intentions are laudable is evident and not at issue. Misinformation on social media and in other venues (such as various cable “news” channels), definitely play a major role in vaccine hesitancy — though it appears that political and peer allegiances play a significant role in this as well, even for persons who have accurate information about the available vaccines.

Yet good intentions by the administration do not necessarily always translate into optimum statements and actions, especially in an ecosystem as large and complex as social media. When President Biden recently asserted that Facebook is “killing people” (a statement that he later walked back) it raised many eyebrows both in the U.S. and internationally.

I implied above that the extent to which vaccine misinformation (as opposed to or in combination with other factors) is directly related to COVID infections and/or deaths is not a straightforward metric. But we can still certainly assert that Facebook has traditionally been an enormous — likely the largest — source of misinformation on social media. And it is also true, as Facebook strongly retorted in the wake of Biden’s original remark, that Facebook has been working to reduce COVID misinformation and increase the viewing of accurate disease and vaccine information on their platform. Other firms such as Twitter and Google have also been putting enormous resources toward misinformation control (and its subset of “disinformation” — which is misinformation being purposely disseminated with the knowledge that it is false).

But for those both inside and outside government who assert that these firms “aren’t doing enough” to control misinformation, there are technical realities that need to be fully understood. And key among these is this: There is no practical way to eliminate all misinformation from these platforms. It is fundamentally impossible without preventing ordinary users from posting content at all — at which point these platforms wouldn’t be social media any longer.

Even if it were possible for a human moderator (or humans in concert with automated scanning) to pre-moderate every single user posting before permitting them to be seen and/or shared publicly, differences in interpretation (“Is this statement in this post really misinformation?”), errors, and other factors would mean that some misinformation is bound to spread — and that can happen very quickly and in ways that would not necessarily be easily detected either by human moderators or by automated content scanning systems. But this is academic. Without drastically curtailing the amount of User Generated Content (UGC) being submitted to these platforms, such pre-moderation models are impractical.

Some other statements from the administration also triggered concerns. The administration appeared to suggest that the same misinformation standards should be applied by all social media firms — a concept that would obviously eliminate the ability of the Trust & Safety teams at these firms to make independent decisions on these matters. And while the administration denied that it was dictating to firms what content should be removed as misinformation, they did say that they were in frequent contact with firms about perceived misinformation. Exactly what that means is uncertain. The administration also said that a short list of “influencers” were responsible for most misinformation on social media — though it wasn’t really apparent what the administration would want firms to do with that list. Disable all associated accounts? Watch those accounts more closely for disinformation? I certainly don’t know what was meant.

But the fundamental nature of the dilemma is even more basic. For governments to become involved at all in social media firms’ decisions about misinformation is a classic slippery slope, for multiple reasons.

Even if government entities are only providing social media firms with “suggestions” or “pointers” to what they believe to be misinformation, the oversized influence that these could have on firms’ decisions cannot be overestimated, especially when some of these same governments have been threatening these same firms with antitrust and other actions.

Perhaps of even more concern, government involvement in misinformation content decisions could potentially undermine the currently very strong argument that these firms are not subject to First Amendment considerations, and so are able to make their own decisions about what content they will permit on their platforms. Loss of this crucial protection would be a big win for those politicians and groups who wish to prevent social media firms from removing hate speech and misinformation from their platforms. So ironically, government involvement in suggesting that particular content is misinformation could end up making it even more difficult for these firms to remove misinformation at all!

Even if you feel that the COVID crisis is reason enough to endorse government involvement in social media content takedowns, please consider for a moment the next steps. Today we’re talking about COVID misinformation. What sort of misinformation — there’s a lot out there! — will we be talking about tomorrow? Do we want the government urging content removal about various other kinds of misinformation? How do we even define misinformation in widely different subject areas?

And even if you agree with the current administration’s views on misinformation, how do you know that you will agree with the next administration’s views on these topics? If you want the current administration to have these powers, will you be agreeable to potentially a very different kind of administration having such powers in the future? The previous administration and the current one have vastly diverging views on a multitude of issues. We have every reason to expect at least some future administrations to follow this pattern.

The bottom line is clear. Even with the best of motives, governments should not be involved in content decisions involving misinformation on social media. Period.

–Lauren–

]]>
We Have Met the Ransomware Enemy, and It Is (Partly) Us! https://lauren.vortex.com/2021/06/05/ransomware-enemy Sat, 05 Jun 2021 22:35:48 +0000 https://lauren.vortex.com/?p=4734 Continue reading "We Have Met the Ransomware Enemy, and It Is (Partly) Us!"]]> Ransomware is currently a huge topic in the news. A crucial gasoline pipeline shuts down. A major meat processor is sidelined. It almost feels as if there are new announced ransomware attacks every few days, and there are certainly many such attacks that are never made public.

We see commentators claiming that ransomware attacks are the software equivalent of 9/11, and that perpetrators should be treated as terrorists. Over on one popular right-wing news channel, a commentator gave a literal “thumbs up” to the idea that ransomware perpetrators might be assassinated.

The Biden administration and others are suggesting that if Russia’s Putin isn’t responsible for these attacks, he at least must be giving his tacit approval to the ones apparently originating there. For his part, Putin is laughing off such ideas.

There clearly is political hay to be made from linking ransomware attacks to state actors, but it is certainly true that ransomware attacks can potentially have much the same devastating impacts on crucial infrastructure and operations as more “traditional” cyberattacks.

And while it is definitely possible for a destruction-oriented cyberattack to masquerade as a ransomware attack, it is also true that the vast majority of ransomware attacks appear to be aimed not at actually causing damage, but for the rather more prosaic purpose of extorting money from the targeted firms.

All this having been said, there is actually a much more alarming bottom line. The vast majority of these ransomware attacks are not terribly sophisticated in execution. They don’t need to depend on armies of top-tier black-hat hackers. They usually leverage well-known authentication weaknesses, such as corporate networks accessible without robust 2-factor authentication techniques, and/or firms’ reliance on outmoded firewall/VPN security models.

Too often, we see that a single compromised password gives attackers essentially unlimited access behind corporate firewalls, with predictably dire results.

The irony is that the means to avoid these kinds of attacks are already available — but too many firms just don’t want to make the efforts to deploy them. In effect, their systems are left largely exposed — and then there’s professed surprise when the crooks simply saunter in! There are hobbyist forums on the Net, having already implemented these security improvements, that are now actually better protected than many major corporations!

I’ve discussed the specifics many times in the past. The use of 2-factor (aka 2-step) authentication can make compromised username/password combinations far less useful to attackers. When FIDO/U2F security keys are properly deployed to provide this authentication, successful fraudulent logins tend rapidly toward nil.

Combining these security key models with “zero trust” authentication, such as Google’s “BeyondCorp” (https://cloud.google.com/beyondcorp), and security is even further enhanced, since no longer can an attacker simply penetrating a firewall or compromised VPN find themselves with largely unfettered access to targeted internal corporate resources.

These kinds of security tools are available immediately. There is no need to wait for government actions or admissions from Putin! And sooner rather than later, firms and institutions that continue to stall on deploying these kinds of security methodologies will likely find themselves answering ever more pointed questions from their stockholders or other stakeholders, demanding to know why these security improvements weren’t already made *before* these organizations were targeted by new highly publicized ransomware attacks!

–Lauren–

]]>
DeJoy Is Hell-Bent on Wrecking the Postal Service — and Maybe Your Life https://lauren.vortex.com/2021/03/23/dejoy-is-hell-bent-on-wrecking-the-postal-service-and-maybe-your-life Tue, 23 Mar 2021 17:47:27 +0000 https://lauren.vortex.com/?p=4717 Continue reading "DeJoy Is Hell-Bent on Wrecking the Postal Service — and Maybe Your Life"]]> While we’re all still reeling from the recent horrific, tragic. and utterly preventable incidents of mass shooting murders, inside the D.C. beltway today events are taking place that could put innumerable medically challenged Americans at deep risk — and the culprit is Louis DeJoy, the Postal Service (USPS) Postmaster General and Trump megadonor. 

His 10-year plan for destroying the USPS, by treating it like his former for-profit shipping logistics business rather than the SERVICE is was intended to be — was released today, along with a flurry of self-congratulatory official USPS tweets that immediately attracted massive negative replies, most of them demanding that DeJoy be removed from his position. Now. Right now!

I strongly concur with this sentiment.

Even as first class and other mail delays have already been terrifying postal customers dependent on the USPS for critical prescription medications and other crucial products, DeJoy’s plan envisions even longer mail delays — including additional days of delay for delivery of local first class mail, banning first class mail from air shipping, raising rates, cutting back on post office hours, and — well, you get the idea.

Fundamentally the plan is simple. Destroy the USPS via the “death by a thousand cuts” — leaving to slowly twist in the wind those businesses and individuals without the wherewithal to rely on much more expensive commercial carriers.

While President Biden has taken some initial steps regarding the USPS by appointing several new appointees to the USPS board of governors (who need to be confirmed by the Senate), and this could lead to the ability for the ultimate ousting of DeJoy (since only the board can fire him directly), we do not have the time for this process to play out.

Biden has apparently been reluctant to take the “nuclear option” of firing DeJoy’s supporters on the board — they can be fired “for cause” — but many observers assert that their complicity in this DeJoy plan to wreck USPS services would be cause enough.

One thing is for sure. The kinds of changes that DeJoy is pushing through would be expensive and time consuming to unwind later on. And in the meantime, everybody — businesses and ordinary people alike — will suffer greatly at DeJoy’s hands. 

President Biden should act immediately to take any and all legal steps to get DeJoy out of the USPS before DeJoy can do even more damage to us all.

–Lauren–

]]>
How the “News Link Wars” Could Wreck the Web https://lauren.vortex.com/2021/02/18/how-the-news-link-wars-could-wreck-the-web Thu, 18 Feb 2021 18:36:55 +0000 https://lauren.vortex.com/?p=4709 Continue reading "How the “News Link Wars” Could Wreck the Web"]]> As it stands right now, major news organizations — in league with compliant politicians around the world — seem poised to use the power of their national governments to take actions that could absolutely destroy the essentially open Web, as we’ve known it since Sir Tim Berners-Lee created the first operational web server and client browser at CERN in 1990.

Australia — home of the right-wing Rupert Murdoch empire — is in the lead of pushing this nightmarish travesty, but other countries around the world are lining up to join in swinging wrecking balls at Web users worldwide. 

Large Internet firms like Facebook and Google, feeling pressure to protect their income streams more than to protect their users, are taking varying approaches toward this situation, but the end result will likely be the same in any case — users get the shaft.

The underlying problem is that news organizations are now demanding to be paid by firms like Google and Facebook merely for being linked from them. The implications of this should be obvious — it creates the slippery slope where more and more sites of all sorts around the world would demand to be paid for links, with the result that the largest, richest Internet firms would likely be the last ones standing, and competition (along with choices available to users) would wither away. 

The current situation is still in considerable flux — seemingly changing almost hour by hour — but the trend lines are clear. Google had originally taken a strong stance against this model, rightly pointing out how it could wreck the entire concept of open linking across the Web, the Web’s very foundation! But at the last minute, it seems that Google lost its backbone, and has been announcing payoff deals to Murdoch and others, which of course will just encourage more such demands. At the moment Facebook has taken the opposite approach, and has literally cut off news from their Australian users. The negative collateral effects that this move has created make it unlikely that this can be a long-term action.

But what we’re really seeing from Facebook and Google (and other large Internet firms who are likely to be joining their ranks in this respect) — despite their differing approaches at the moment — is essentially their floundering around in a kind of desperation. They don’t really want (and/or don’t know how) to address the vast damage that will be done to the overall Web by their actions, beyond their own individual ecosystems. From a profit center standpoint this arguably makes sense, but from the standpoint of ordinary users worldwide it does not.

To use the vernacular, users are being royally screwed, and that screwing has only just begun.

Some observers of how the news organizations and their government sycophants are pushing their demands have called these actions blackmail. There is one universal rule when dealing with blackmailers — no matter how much you pay them, they’ll always come back demanding more. In the case of the news link wars, the end result if the current path is continued, will be their demands for the entire Web — users be damned.

–Lauren–

]]>
The Big Lie About “Cancel Culture” and Demands to Change Section 230 https://lauren.vortex.com/2021/02/15/the-big-lie-about-cancel-culture-and-demands-to-change-section-230 Mon, 15 Feb 2021 19:27:23 +0000 https://lauren.vortex.com/?p=4702 Continue reading "The Big Lie About “Cancel Culture” and Demands to Change Section 230"]]> Claims of “cancel culture” seems to be everywhere these days. Almost every day, we seem to hear somebody complaining that they have been “canceled” from social media, and pretty much inevitably there is an accompanying claim of politically biased motives for the action.

The term “cancel culture” itself appears to have been pretty much unknown until several years ago, and seems to have morphed from the term “call-out culture” — which ironically is generally concerned with someone getting more publicity than they desire, rather than less.

Be that as it may, cancel culture complaints — the lions’ share of which emanate from the political right wing — are now routinely used to lambaste social media and other Internet firms, to assert that their actions are based on political statements with which the firms do not agree and (according to these accusations) seek to suppress.

However, even a casual inspection of these claims suggest that the actual issues in play are hate speech, violent speech, and dangerous misinformation and disinformation — not political viewpoints, and formal studies reinforce this observation, e.g. False Accusation: The Unfounded Claim that Social Media Companies Censor Conservatives.

Putting aside for now the fact that the First Amendment does not apply to other than government actions against speech, even a cursory examination of the data reveals — confirmed by more rigorous analysis — not only that right-wing entities are overwhelmingly the source of most associated dangerous speech (though they are by no means the only source, there are sources on the left as well), but conservatives overall still have prominent visibility on social media platforms, dramatically calling into question the claims of “free speech” violations overall.

Inexorably intertwined with this are various loud, misguided, and dangerous demands for changes to (and in some cases total repeal of) Communications Decency Act Section 230, the key legislation that makes all forms of Internet UGC — User Generated Content — practical in the first place.

And here we see pretty much equally unsound proposals (largely completely conflicting with each other) from both sides of the political spectrum, often apparently based on political motives and/or a dramatic ignorance of the negative collateral damage that would be done to ordinary users if such proposals were enacted.

The draconian penalties associated with various of these proposals — aimed at Internet firms — would almost inevitably lead not to the actually desired goals of the right or left, but rather to the crushing of ordinary Internet users, by vastly reducing (or even eliminating entirely) the amount of their content on these platforms — that is, videos they create, comments, discussion forms, and everything else users want to share with others.

The practical effect of these proposals would be not to create more free speech or simply reduce hate and violent speech, misinformation and disinformation, but to make it impractical for Internet platforms to support user content — which is vast in scale beyond the imagination of most persons — in anything like the ways it is supported today. The risks would just be too enormous, and methodologies to meet the new demanded standards — even if we assume the future deployment of advanced AI systems and vast new armies of proactive moderators — do not exist and likely could never exist in a practical and affordable manner.

This is truly one of those “be careful what you wish for” moments, like asking the newly-released genie to “fix social media” and with a wave of his hand he eliminates the ability of anyone in the public — prominent or not, on the right or the left — to share their views or other content.

So as we see, complaints about social media are being driven largely by highly political arguments, but in reality invoke enormously complex technical challenges at gigantic scales — many of which we don’t even fundamentally understand given the toxic political culture of today.

As much as nobody would likely argue that Section 230 is perfect, I have yet to see any realistic proposals to change it that would not make matters far worse — especially for ordinary users who largely don’t understand how much they have to lose in these battles. 

Like democracy itself, which has been referred to as “the worst possible system of governance, except for all the others” — buying into the big lie of cancel culture and demands to alter Section 230 is wrong for the Internet and would be terrible for its users.

–Lauren–

]]>
The Challenges of Moderating User Content on the Internet (and a Bit of History) https://lauren.vortex.com/2021/01/15/moderating-ugc Fri, 15 Jan 2021 18:05:09 +0000 https://lauren.vortex.com/?p=4668 Continue reading "The Challenges of Moderating User Content on the Internet (and a Bit of History)"]]> I increasingly suspect that the days of large-scale public distribution of unmoderated UGC (User Generated Content) on the Internet may shortly begin drawing to a close in significant ways. The most likely path leading to this over time will be a combination of steps taken independently by social media firms and future legislative mandates.

Such moderation at scale may follow the model of AI-based first-level filtering, followed by layers of human moderators. It seems unlikely that today’s scale of postings could continue under such a moderation model, but future technological developments may well turn out to be highly capable in this realm.

Back in 1985 when I launched my “Stargate” experiment to broadcast Usenet Netnews over the broadcast television vertical blanking interval of national “Superstation WTBS,” I decided that the project would only carry moderated Usenet newsgroups. Even more than 35 years ago, I was concerned about some of the behavior and content already beginning to become common on Usenet. My main related concerns back then did not involve hate speech or violent speech — which were not significant problems on the Net at that point — but human nature being what it is I felt that the situation was likely to get much worse rather than better.

What I had largely forgotten in the decades since then though, until I did a Google search on the topic today (a great deal of original or later information on Stargate is still online, including various of my relevant messages in very early mailing list archives that will likely long outlive me), is the level of animosity about that decision that I received at the time. My determination for Stargate to only carry moderated groups triggered cries of “censorship,” but I did not feel that responsible moderation equated with censorship — and that is still my view today.

And now, all these many years later, it’s clear that we’ve made no real progress in these regards. In fact, the associated issues of abuse of unmoderated content in hateful and dangerous ways makes the content problems that I was mostly concerned about back then seem like a soap bubble popping, compared with a nuclear bomb detonating now.

We must solve this. We must begin serious and coordinated work in this vein immediately. And my extremely strong preference is that we deal with these issues together as firms, organizations, customers, and users — rather than depend on government actions that, if history is any guide, will likely do enormous negative collateral damage.

Time is of the essence.

–Lauren–

]]>
The Right’s (and Left’s) Insane Internet Content Power Grab (repost with new introduction) https://lauren.vortex.com/2021/01/10/right-left-internet-power-grab-repost-new-intro Sun, 10 Jan 2021 17:27:17 +0000 https://lauren.vortex.com/?p=4652 Continue reading "The Right’s (and Left’s) Insane Internet Content Power Grab (repost with new introduction)"]]> The post below was originally published on 10 August 2019. In light of recent events, particularly the storming of the United States Capital by a violent mob — resulting in five deaths — and subsequent actions by major social media firms relating to the exiting President Donald Trump (terms of service enforcement actions by these firms that I do endorse under these extraordinary circumstances), I feel that the original post is again especially relevant. While the threats of moves by the Trump administration against  CDA Section 230 are now moot, it is clear that 230 will be a central focus of Congress going forward, and it’s crucial that we all understand the risks of tampering with this key legislation that is foundational to the availability of responsible speech and content on the Internet. –Lauren–

– – – – – – – – –  –

The Right’s (and Left’s) Insane Internet Content Power Grab
(10 August 2019)

Rumors are circulating widely — and some news sources claim to have seen actual drafts — of a possible Trump administration executive order aimed at giving the government control over content at large social media and other major Internet platforms. 

This effort is based on one of the biggest lies of our age — the continuing claims mostly from the conservative right (but also from some elements of the liberal left) that these firms are using politically biased decisions to determine which content is inappropriate for their platforms. That lie is largely based on the false premise that it’s impossible for employees of these firms to separate their personal political beliefs from content management decisions.

In fact, there is no evidence of political bias in these decisions at these firms. It is completely appropriate for these firms to remove hate speech and related attacks from their platforms — most of which does come from the right (though not exclusively so). Nazis, KKK, and a whole array of racist, antisemitic, anti-Muslim, misogynistic, and other violent hate groups are disproportionately creatures of the political right wing. 

So it is understandable that hate speech and related content takedowns would largely affect the right — because they’re the primary source of these postings and associated materials. 

At the scales that these firms operate, no decision-making ecosystem can be 100% accurate, and so errors will occur. But that does not change the underlying reality that the “political bias” arguments are false. 

The rumored draft Trump executive order would apparently give the FCC and FTC powers to determine if these firms were engaging in “inappropriate censorship” — the primary implied threat appears to be future changes to Section 230 of the Communications Decency Act, which broadly protects these (and other) firms and individuals from liability for materials that other parties post to their sites. In fact, 230 is effectively what makes social media possible in the first place, since without it the liability risks of allowing users to post anything publicly would almost certainly be overwhelming. 

But wait, it gets worse!

At the same time that these political forces are making the false claims that content is taken down inappropriately from these sites for political purposes, governments and politicians are also demanding — especially in the wake of recent mass shootings — that these firms immediately take down an array of violent postings and similar content. The reality that (for example) such materials may be posted only minutes before shootings occur, and may be widely re-uploaded by other users in an array of formats after the fact, doesn’t faze the politicians and others making these demands, who apparently either don’t understand the enormous scale on which these firms operate, or simply don’t care about such truths when they get in the way of politicians’ political pandering.

The upshot of all this is an insane situation — demands that offending material be taken down almost instantly, but also demands that no material be taken down inappropriately. Even with the best of AI algorithms and a vast human monitoring workforce, these dual demands are in fundamental conflict. Individually, neither are practical. Taken together, they are utterly impossible.

Of course, we know what’s actually going on. Many politicians on both the right and left are desperate to micromanage the Net, to control it for their own political and personal purposes. For them, it’s not actually about protecting users, it’s mostly about protecting themselves. 

Here in the U.S., the First Amendment guarantees that any efforts like Trump’s will trigger an orgy of court battles. For Trump himself, this probably doesn’t matter too much — he likely doesn’t really care how these battles turn out, so long as he’s managed to score points with his base along the way. 

But the broader risks of such strategies attacking the Internet are enormously dangerous, and Republicans who might smile today about such efforts would do well to imagine similar powers in the hands of a future Democratic administration. 

Such governmental powers over Internet content are far too dangerous to be permitted to the administrations of any party. They are anathema to the very principles that make the Internet great. They must not be permitted to take root under any circumstances.

–Lauren–

]]>
Recommendation: Do Not Install or Use Centralized Server Coronavirus (COVID-19) Contact Tracing Apps https://lauren.vortex.com/2020/04/27/recommendation-do-not-install-or-use-centralized-server-coronavirus-covid-19-contact-tracing-apps Mon, 27 Apr 2020 19:48:24 +0000 https://lauren.vortex.com/?p=4620 Continue reading "Recommendation: Do Not Install or Use Centralized Server Coronavirus (COVID-19) Contact Tracing Apps"]]> Everyone, I hope you and yours are safe and well during this unprecedented pandemic.

As I write this, various governments are rushing to implement — or have already implemented — a wide range of different smartphone apps purporting to be for public health COVID-19 “contact tracing” purposes. 

The landscape of these is changing literally hour by hour, but I want to emphasize MOST STRONGLY that all of these apps are not created equal, and that I urge you not to install various of these unless you are required to by law — which can indeed be the case in countries such as China and Poland, just to name two examples.

Without getting into deep technical details here, there are basically two kinds of these contact tracing apps. The first is apps that send your location or other contact-related data to centralized servers (whether the data being sent is claimed to be “anonymous” or not). Regardless of promised data security and professed limitations on government access to and use of such data, I do not recommend voluntarily choosing to install and/or use these apps under any circumstances.

The other category of contact tracing apps uses local phone storage and never sends your data to centralized servers. This is by far the safer category in which resides the recently announced Apple-Google Bluetooth contact tracing API, being adopted in some countries (including now in Germany, which just announced that due to privacy concerns it has changed course from its original plan of using centralized servers). In general, installing and using these local storage contact tracing apps presents a vastly less problematic and far safer situation compared with centralized server contact tracing apps.

Even if you personally have 100% faith that your own government will “do no wrong” with centralized server contact tracing apps — either now or in the future under different leadership — keep in mind that many other persons in your country may not be as naive as you are, and will likely refuse to install and/or use centralized server contact tracing apps unless forced to do so by authorities.

Very large-scale acceptance and use of any contact tracing apps are necessary for them to be effective for genuine pandemic-related public health purposes. If enough people won’t use them, they are essentially worthless for their purported purposes.

As I have previously noted, various governments around the world are salivating at the prospect of making mass surveillance via smartphones part of the so-called “new normal” — with genuine public health considerations as secondary goals at best.

We must all work together to bring the COVID-19 disaster to an end. But we must not permit this tragic situation to hand carte blanche permissions to governments to create and sustain ongoing privacy nightmares in the process. 

Stay well, all.

–Lauren–

]]>
Coronavirus Reactions Creating Major Internet Security Risks https://lauren.vortex.com/2020/03/18/coronavirus-reactions-creating-major-internet-security-risks Wed, 18 Mar 2020 17:26:58 +0000 https://lauren.vortex.com/?p=4601 Continue reading "Coronavirus Reactions Creating Major Internet Security Risks"]]> As vast numbers of people are suddenly working from home in reaction to the coronavirus pandemic, doctors switch to heavy use of video office visits, and in general more critical information than ever is suddenly being thrust onto the Internet, the risks of major security and privacy disasters that will long outlast the pandemic are rising rapidly. 

For example, the U.S. federal government is suspending key aspects of medical privacy laws to permit use of “telemedicine” via commercial services that have never been certified to be in compliance with the strict security and privacy rules associated with HIPAA (Health Insurance Portability and Accountability Act). The rush to provide more remote access to medical professionals is understandable, but we must also understand the risks of data breaches that once having occurred can never be reversed.

Sloppy computer security practices that have long been warned against are now coming home to roost, and the crooks as usual are way ahead of the game.  

The range of attack vectors is both broad and deep. Many firms have never prepared for large-scale work at home situations, and employees using their own PCs, laptops, phones, or other devices to access corporate networks can represent a major risk to company and customer data. 

Fake web sites purporting to provide coronavirus information and/or related products are popping up in large numbers around the Net, all with nefarious intents to spread malware, steal your accounts, or rob you in other ways.

Even when VPNs (Virtual Private Networks) are in use, malware on employee personal computers may happily transit VPNs into corporate networks. Commercial VPN services introduce their own risk factors, both due to potential flaws in their implementations and the basic technical limitations inherent in using a third-party service for such purposes. Whenever possible, third-party VPN services are to be avoided by corporate users, and these firms and other organizations using VPNs should deploy “in-house” VPN systems if they truly have the technical expertise to do so safely.

But far better than VPNs are “zero trust” security models such as Google’s “BeyondCorp” (https://cloud.google.com/beyondcorp), that can provide drastically better security without the disadvantages and risks of VPNs.

There are even more basic issues in focus. Most users still refuse to enable 2-factor (aka “2-step”) verification systems (https://www.google.com/landing/2step/) on services that support it, putting them at continuous risk of successful phishing attacks that can result in account hijacking and worse. 

I’ve been writing about all of this for many years here in this blog and in other venues. I’m not going to make a list here of my many relevant posts over time — they’re easy enough to find. 

The bottom line is that the kind of complacency that has been the hallmark of most firms and most users when it comes to computer security is even less acceptable now than ever before. It’s time to grow up, bite the bullet, and expend the effort — which in some cases isn’t a great deal of work at all! — to secure your systems, your data, and yes, your life and the lives of those that you care about.

Stay well.

–Lauren–

]]>
Iowa Screams: Don’t Trust High-Tech Elections! https://lauren.vortex.com/2020/02/08/iowa-screams-dont-trust-high-tech-elections Sat, 08 Feb 2020 18:08:16 +0000 https://lauren.vortex.com/?p=4591 Continue reading "Iowa Screams: Don’t Trust High-Tech Elections!"]]> For years — actually for decades — those of us in the Computer Science community who study election systems have with almost total unanimity warned against the rise of electronic voting, Internet voting, and more recently smartphone/app-based voting systems. I and my colleagues have written and spoken on this topic many times. Has anyone really been listening? Apparently very few!

We have pointed out repeatedly the fundamental problems that render high-tech election systems untrustworthy — much as “backdoors” to strong encryption systems are flawed at foundational levels.

Without a rigorous “paper trail” to backup electronic votes, knowing for sure when an election has been hacked is technically impossible. Even with a paper trail, getting authorities to use it can be enormously challenging. Hacking contests against proposed e-voting systems are generally of little value, since the most dangerous attackers won’t participate in those — they’ll wait for the real elections to do their undetectable damage!

Of course it doesn’t help when the underlying voting models are just this side of insane. Iowa’s caucuses have become a confused mess on every level. Caucuses throughout the U.S. should have been abandoned years ago. They disenfranchise large segments of the voting population who don’t have the ability to spend so much time engaged in a process that can take hours rather than a few minutes to cast their votes. Not only should the Democratic party have eliminated caucuses, it should no longer permit tiny states whose demographics are wholly unrepresentative of the party — and of the country as a whole — to be so early in the primary process. 

In the case of Iowa (and it would have been Nevada too, but they’ve reportedly abandoned plans to use the same flawed app) individual voters weren’t using their smartphones to vote, but caucus locations — almost 1700 of them in Iowa — were supposed to use the app (that melted down) to report their results. And of course the voice phone call system that was designated to be the reporting backup — the way these reports had traditionally been made — collapsed under the strain when the app-based system failed.

Some areas in the U.S. are already experimenting with letting larger and larger numbers of individual voters use their smartphones and apps to vote. It seems so obvious. So simple. They just can’t resist. And they’re driving their elections at 100 miles an hour right toward a massive brick wall.

Imagine — just imagine! — what the reactions would be during a national election if problems like Iowa’s occurred then on a much larger scale, especially given today’s toxic conspiracy theories environment. 

It would be a nuclear dumpster fire of unimaginable proportions. The election results would be tied up in courts for days, weeks, months — who knows?

We can’t take that kind of risk. Or if we do, we’re idiots and deserve the disaster that is likely to result.

Make your choice.

–Lauren–

]]>
How Some Software Designers Don’t Seem to Care About the Elderly https://lauren.vortex.com/2020/01/17/how-some-software-designers-dont-seem-to-care-about-the-elderly https://lauren.vortex.com/2020/01/17/how-some-software-designers-dont-seem-to-care-about-the-elderly#comments Fri, 17 Jan 2020 19:43:17 +0000 https://lauren.vortex.com/?p=4576 Continue reading "How Some Software Designers Don’t Seem to Care About the Elderly"]]> One of the most poignant ironies of the Internet is that at the very time that it’s become increasingly difficult for anyone to conduct their day to day lives without using the Net, some categories of people are increasingly being treated badly by many software designers. The victims of these attitudes include various special needs groups — visually and/or motor impaired are just two examples — but the elderly are a particular target.

Working routinely with extremely elderly persons who are very active Internet users (including in their upper 90s!), I’m particularly sensitive to the difficulties that they face keeping their Net lifelines going. 

Often they’re working on very old computers, without the resources (financial or human) to permit them to upgrade. They may still be running very old, admittedly risky OS versions and old browsers — Windows 7 is going to be used by many for years to come, despite hitting its official “end of life” for updates a few days ago.

Yet these elderly users are increasing dependent on the Net to pay bills (more and more firms are making alternatives increasingly difficult and in some cases expensive), to stay in touch with friends and loved ones, and for many of the other routine purposes for which all of us now routinely depend on these technologies.

This is a difficult state of affairs, to say the least.

There’s an aspect of this that is even worse. It’s attitudes! It’s the attitudes of many software designers that suggest they apparently really don’t care about this class of users much — or at all.

They design interfaces that are difficult for these users to navigate. Or in extreme cases, they simply drop support for many of these users entirely, by eliminating functionality that permits their old systems and old browsers to function. 

We can certainly stipulate that using old browsers and old operating systems is dangerous. In a perfect world, resources would be available to get everyone out of this situation.

However, we don’t exist in a perfect world, and these users, who are already often so disadvantaged in so many other ways, need support from software designers, not disdain or benign neglect.

A current example of these users being left behind is the otherwise excellent, open source “Discourse” forum software. I use this software myself, and it’s a wonderful project.

Recently they announced that they would be pulling all support for Internet Explorer (except for limited read-only access) from the Discourse software. Certainly they are not the only site or project dropping support for old browsers, but this fact does not eliminate the dilemma.

I despise Internet Explorer. And yes, old computers running old OS versions and old browsers represent security risks to their users. Definitely. No question about it. Yet what of the users who don’t understand how to upgrade? Who don’t have anyone to help them upgrade? Are we to tell them that they matter not at all? Is the plan to try ignore them as much as possible until they’re all dead and gone? Newsflash: This category of users will always exist!

This issue rose to the top of my morning queue today when I saw a tweet from Jeff Atwood (@codinghorror). Jeff is the force behind the creation and evolution of Discourse, and was a co-founder of Stack Exchange. He does seriously good work.

Yet this morning we engaged in the following tweet thread:

Jeff: At this point I am literally counting the days until we can fully remove IE11 support in @discourse (June 1st 2020)

Lauren: I remain concerned about the impact this will have on already marginalized users on old systems without the skills or help to switch to other browsers. They have enough problems already!

Jeff: Their systems are so old they become extremely vulnerable to hackers and exploits, which is bad for their health and the public health of everyone else near them. It becomes an anti-vaccination argument, in which nobody wins.

Lauren: Do you regularly work with extremely elderly people whose only lifelines are their old computers? Serious question.

Somewhere around this point, he closed down the dialogue by blocking me on Twitter.

This was indeed his choice, but seems a bit sad when I actually had more fruitful discussions of this matter previously on the main Discourse discussion forum itself.

Of course his anti-vaxx comparison is inherently flawed. There are a variety of programs to help people — who can’t otherwise afford important vaccinations — to receive them. By comparison, vast numbers of elderly persons (often living in isolation) are on their own when dealing with their computers.

The world will keep spinning after Discourse drops IE support.

Far more important though than this particular case is the attitude being expressed by so many in the software community, an attitude that suggests that many highly capable software engineers don’t really appreciate these users and the kinds of problems that many of these users may have, that can prevent them from making even relatively simple changes or upgrades to their systems — which they need to keep using as much as anyone — in the real world. 

And that’s an unnecessary tragedy.

–Lauren–

]]>
https://lauren.vortex.com/2020/01/17/how-some-software-designers-dont-seem-to-care-about-the-elderly/feed 21
The Right’s (and Left’s) Insane Internet Content Power Grab https://lauren.vortex.com/2019/08/10/the-rights-and-lefts-insane-internet-content-power-grab Sat, 10 Aug 2019 17:15:07 +0000 https://lauren.vortex.com/?p=4555 Continue reading "The Right’s (and Left’s) Insane Internet Content Power Grab"]]> Rumors are circulating widely — and some news sources claim to have seen actual drafts — of a possible Trump administration executive order aimed at giving the government control over content at large social media and other major Internet platforms. 

This effort is based on one of the biggest lies of our age — the continuing claims mostly from the conservative right (but also from some elements of the liberal left) that these firms are using politically biased decisions to determine which content is inappropriate for their platforms. That lie is largely based on the false premise that it’s impossible for employees of these firms to separate their personal political beliefs from content management decisions.

In fact, there is no evidence of political bias in these decisions at these firms. It is completely appropriate for these firms to remove hate speech and related attacks from their platforms — most of which does come from the right (though not exclusively so). Nazis, KKK, and a whole array of racist, antisemitic, anti-Muslim, misogynistic, and other violent hate groups are disproportionately creatures of the political right wing. 

So it is understandable that hate speech and related content takedowns would largely affect the right — because they’re the primary source of these postings and associated materials. 

At the scales that these firms operate, no decision-making ecosystem can be 100% accurate, and so errors will occur. But that does not change the underlying reality that the “political bias” arguments are false. 

The rumored draft Trump executive order would apparently give the FCC and FTC powers to determine if these firms were engaging in “inappropriate censorship” — the primary implied threat appears to be future changes to Section 230 of the Communications Decency Act, which broadly protects these (and other) firms and individuals from liability for materials that other parties post to their sites. In fact, 230 is effectively what makes social media possible in the first place, since without it the liability risks of allowing users to post anything publicly would almost certainly be overwhelming. 

But wait, it gets worse!

At the same time that these political forces are making the false claims that content is taken down inappropriately from these sites for political purposes, governments and politicians are also demanding — especially in the wake of recent mass shootings — that these firms immediately take down an array of violent postings and similar content. The reality that (for example) such materials may be posted only minutes before shootings occur, and may be widely re-uploaded by other users in an array of formats after the fact, doesn’t faze the politicians and others making these demands, who apparently either don’t understand the enormous scale on which these firms operate, or simply don’t care about such truths when they get in the way of politicians’ political pandering.

The upshot of all this is an insane situation — demands that offending material be taken down almost instantly, but also demands that no material be taken down inappropriately. Even with the best of AI algorithms and a vast human monitoring workforce, these dual demands are in fundamental conflict. Individually, neither are practical. Taken together, they are utterly impossible.

Of course, we know what’s actually going on. Many politicians on both the right and left are desperate to micromanage the Net, to control it for their own political and personal purposes. For them, it’s not actually about protecting users, it’s mostly about protecting themselves. 

Here in the U.S., the First Amendment guarantees that any efforts like Trump’s will trigger an orgy of court battles. For Trump himself, this probably doesn’t matter too much — he likely doesn’t really care how these battles turn out, so long as he’s managed to score points with his base along the way. 

But the broader risks of such strategies attacking the Internet are enormously dangerous, and Republicans who might smile today about such efforts would do well to imagine similar powers in the hands of a future Democratic administration. 

Such governmental powers over Internet content are far too dangerous to be permitted to the administrations of any party. They are anathema to the very principles that make the Internet great. They must not be permitted to take root under any circumstances.

–Lauren–

]]>
Another Breach: What Capital One Could Have Learned from Google’s “BeyondCorp” https://lauren.vortex.com/2019/07/30/another-breach-what-capital-one-could-have-learned-from-googles-beyondcorp Tue, 30 Jul 2019 17:31:37 +0000 https://lauren.vortex.com/?p=4528 Continue reading "Another Breach: What Capital One Could Have Learned from Google’s “BeyondCorp”"]]> Another day, another massive data breach. This time some 100 million people in the U.S., and more millions in Canada. Reportedly the criminal hacker gained access to data stored on Amazon’s AWS systems. The fault was apparently not with AWS, but with a misconfigured firewall associated with Capital One, the bank whose credit card customers and card applicants were the victims of this attack.

Firewalls can be notoriously and fiendishly difficult to configure correctly, and often present a target-rich environment for successful attacks. The thing is, firewall vulnerabilities are not headline news — they’re an old story, and better solutions to providing network security already exist.

In particular, Google’s “BeyondCorp” approach (https://cloud.google.com/beyondcorp) is something that every enterprise involved in computing should make itself familiar with. Right now!

BeyondCorp techniques are how Google protects its own internal networks and systems from attack, with enormous success. In a nutshell, BeyondCorp is a set of practices that effectively puts “zero trust” in the networks themselves, moving access control and other authentication elements to individual devices and users. This eliminates traditional firewalls (and in nearly all instances, VPNs) because there is no longer any need for such devices or systems that, once breached, give an attacker access to internal goodies.

If Capital One had been following BeyondCorp principles, there’d likely be 100+ million fewer potentially panicky people today.

–Lauren–

]]>
Earthquakes vs. Darth Vader https://lauren.vortex.com/2019/07/06/earthquakes-vs-darth-vader Sat, 06 Jul 2019 15:25:24 +0000 https://lauren.vortex.com/?p=4521 Continue reading "Earthquakes vs. Darth Vader"]]> When the Ridgecrest earthquake reached L.A. yesterday evening (no damage this far from the epicenter from that quake or the one the previous day) I was “in” a moving elevator under attack in the “Vader Immortal” Oculus Quest VR simulation. I didn’t realize that there was a quake at all, everything seemed part of the VR experience (haptic feedback in the hand controllers was already buzzing my arms at the time).

The only oddity was that I heard a strange clinking sound, that at the time had no obvious source but that I figured was somehow part of the simulation. Actually, it was probably the sound of ceiling fan knob chains above me hitting the glass light bulb fixtures as the fan was presumably swaying a bit.

Quakes of this sort are actually very easy to miss if you’re not sitting or standing quietly (I barely felt the one the previous day and wasn’t immediately sure that it was a quake), but I did find my experience last night to be rather amusing in retrospect.

By the way, “Vader Immortal” — and the Quest itself — are very, very cool, very much 21st century “sci-fi” tech finally realized. My thanks to Oculus for sending me a Quest for my experiments.

–Lauren–

]]>
YouTube’s Public Videos Dilemma https://lauren.vortex.com/2019/06/03/youtubes-public-videos-dilemma https://lauren.vortex.com/2019/06/03/youtubes-public-videos-dilemma#comments Mon, 03 Jun 2019 22:11:24 +0000 https://lauren.vortex.com/?p=4507 Continue reading "YouTube’s Public Videos Dilemma"]]> So there’s yet another controversy surrounding YouTube and videos that include young children — this time concerns about YouTube suggesting such videos to “presumed” pedophiles.

We can argue about what YouTube should or should not be recommending to any given user. There are some calls for YT to not recommend such videos when it detects them (an imperfect process) — though I’m not convinced that this would really make much difference so long as the videos themselves are public.

But here’s a more fundamental question:

Why the hell are parents uploading videos of young children publicly to YouTube in the first place?

This is of course a subset of a more general issue — parents who apparently can’t resist posting all manner of photos and other personal information about their children in public online forums, much of which is going to be at the very least intensely embarrassing to those children when they’re older. And the Internet rarely ever forgets anything that was ever public (the protestations of EU politicians and regulators notwithstanding).

There are really only two major possibilities concerning such video uploads. Either the parents don’t care about these issues, or they don’t understand them. Or perhaps both.

Various apps and web pages exist that will automatically display YT videos that have few or no current views from around the world. There’s an endless stream of these. Thousands. Millions? Typically these seem as if they have been automatically uploaded by various camera and video apps, possibly without any specific intentions for the uploading to occur. Many of these involve schools and children.

So a possible answer to my question above may be that many YT users — including parents of young children — are either not fully aware of what they are uploading, or do not realize that the uploads are public and are subject to being suggested to strangers or found by searching. 

This leads us to another question. YT channel owners already have the ability to set their channel default privacy settings and the privacy settings for each individual video. 

Currently those YT defaults are initially set to public.

Should YT’s defaults be private rather than public?

Looking at it from a user trust and safety standpoint, we may be approaching such a necessity, especially given the pressure for increased regulatory oversight from politicians and governments, which in my opinion is best avoided if at all possible.

These questions and their ramifications are complex to say the least.

Clearly, default channel and videos privacy would be the safest approach, ensuing that videos would typically only be shared to specific other users deemed suitable by the channel owner. 

All of the public sharing capabilities of YT would still be present, but would require the owner to make specific decisions about the channel default and/or individual video settings. If a channel owner wanted to make some or all of their videos public — either to date or also going forward, that would be their choice. Full channel and individual videos privacy would only be the original defaults, purely as a safety measure.

Finer-grained settings might also be possible, not only including existing options like “unlisted” videos, but also specific options to control the visibility of videos and channels in search and suggestions.

Some of the complexities of such an approach are obvious. More controls means the potential for more user confusion. Fewer videos in search and suggestions limits visibility and could impact YT revenue streams to both Google and channel owners in complex ways that may be difficult to predict with significant accuracy.

But in the end, the last question here seems to be a relatively simple one. Should any YouTube uploaders ever have their videos publicly available for viewing, search, or suggestions if that was not actually their specific and informed intent?

I believe that the answer to that question is no.

Be seeing you.

–Lauren–

]]>
https://lauren.vortex.com/2019/06/03/youtubes-public-videos-dilemma/feed 1
A Major New Privacy-Positive Move by Google https://lauren.vortex.com/2019/05/01/a-major-new-privacy-positive-move-by-google Thu, 02 May 2019 02:31:42 +0000 https://lauren.vortex.com/?p=4486 Continue reading "A Major New Privacy-Positive Move by Google"]]> Almost exactly two years ago, I noted here the comprehensive features that Google provides for users to access their Google-related activity data, and to control and/or delete it in a variety of ways. Please see:

The Google Page That Google Haters Don’t Want You to Know About – https://lauren.vortex.com/2017/04/20/the-google-page-that-google-haters-dont-want-you-to-know-about

and:

Quick Tutorial: Deleting Your Data Using Google’s “My Activity” – https://lauren.vortex.com/2017/04/24/quick-tutorial-deleting-your-data-using-googles-my-activity

Today Google announced a new feature that I’ve long been hoping for — the option to automatically delete these kinds of data after specific periods of time have elapsed (3 month and 18 month options). And of course, you still have the ability to use the longstanding manual features for control and deletion of such data whenever you desire, as described at the links mentioned above.

The new auto-delete feature will be deployed over coming weeks first to Location History and to Web & App Activity.

This is really quite excellent. It means that you can take advantage of the customization and other capabilities that are made possible by leaving data collection enabled, but if you’re concerned about longer term storage of that data, you’ll be able to activate auto-delete and really get the best of both worlds without needing to manually delete data yourself at intervals.

Auto-delete is a major privacy-positive milestone for Google, and is a model that other firms should follow. 

My kudos to the Google teams involved!

–Lauren–

]]>
Could AI Help Prevent Mass Shootings? https://lauren.vortex.com/2019/04/29/could-ai-help-prevent-mass-shootings Mon, 29 Apr 2019 17:09:05 +0000 https://lauren.vortex.com/?p=4478 Continue reading "Could AI Help Prevent Mass Shootings?"]]> Could machine learning/AI techniques help to prevent mass shootings or other kinds of terrorist attacks? That’s the question. I do not profess to know the answer — but it’s a question that as a society we must seriously consider.

A notable relatively recent attribute of many mass attacks is that the criminal perpetrators don’t only want to kill, they want as large an audience as possible for their murderous activities, frequently planning their attacks openly on the Internet, even announcing online the initiation of their killing sprees and providing live video streams as well. Sometimes they use private forums for this purpose, but public forums seem to be even more popular in this context, given their potential for capturing larger audiences.

It’s particularly noteworthy that in some of these cases, members of the public were indeed aware of such attack planning and announcements due to those public postings, but chose not to report them. The reasons for the lack of reporting can be several. Users may be unsure whether or not the posts are serious, and don’t want to report someone for a fake attack scenario. Other users may want to report but not know where to report such a situation. And there may be other users who are actually urging the perpetrator onward to the maximum possible violence.

“Freedom of speech” and some privacy protections are generally viewed as ending where credible threats begin. Particularly in the context of public postings, this suggests that detecting these kinds of attacks before they have actually occurred may possibly be viewed as a kind of “big data” problem.

We can relatively easily list some of the factors that would need to be considered in these respects.

What level of resources would be required to keep an “automated” watch on at least the public postings and sites most likely to harbor the kinds of discussions and “attack manifestos” of concern? Could tools be developed to help separate false positive, faked, forged, or other “fantasy” attack postings from the genuine ones? How would these be tracked over time to include other sites involved in these operations, and to prevent “gaming” of the systems that might attempt to divert these tools away from genuine attack planning?

Obviously — as in many AI-related areas — automated systems alone would not be adequate by themselves to trigger full-scale alarms. These systems would primarily act as big filters, and would pass along to human teams their perceived alerts — with those teams making final determinations as to dispositions and possible referrals to law enforcement for investigatory or immediate preventative actions.

It can be reasonably argued that anyone publicly posting the kinds of specific planning materials that have been discovered in the wake of recent attacks has effectively surrendered various “rights” to privacy that might ordinarily be in force.

The fact that we keep discovering these kinds of directly related discussions and threats publicly online in the wake of these terrorist attacks, suggests that we are not effectively using the public information that is already available toward stopping these attacks before they actually occur.

To the extent that AI/machine learning technologies — in concert with human analysis and decision-making — may possibly provide a means to improve this situation, we should certainly at least be exploring the practical possibilities and associated issues.

–Lauren–

]]>
Pressuring Google’s AI Advisory Panel to Wear a Halo Is Very Dangerous https://lauren.vortex.com/2019/04/02/pressuring-googles-ai-advisory-panel-to-wear-a-halo-is-very-dangerous Tue, 02 Apr 2019 18:59:14 +0000 https://lauren.vortex.com/?p=4455 Continue reading "Pressuring Google’s AI Advisory Panel to Wear a Halo Is Very Dangerous"]]> UPDATE (April 4, 2019): Google has announced that due to the furor over ATEAC (their newly announced external advisory panel dealing with AI issues), they have dissolved the panel entirely. As I discuss in the original post below, AI is too important for our typical political games — and closed-minded unwillingness to even listen to other points of view — to hold sway, and such panels are potentially an important part of the solution to that problem. As I noted, I disagree strenuously with the views of the panel member (and their own organization) that was the focus of the intense criticism that apparently pressured Google into this decision, but I fear that an unwillingness to permit such organizations to even be heard at all in such venues will come back to haunt us mightily in our toxic political environment.

 – – –

Despite my very long history of enjoying “apocalyptic” and “technology run amok” sci-fi films, I’ve been forthright in my personal belief that AI and associated machine learning systems hold enormous promise for the betterment of our lives and our planet (“How AI Could Save Us All” – https://lauren.vortex.com/2018/05/01/how-ai-could-save-us-all).

Of course there are definitely ways that we could screw this up. So deep discussion from a wide variety of viewpoints is critical to “accentuate the positive — eliminate the negative” (as the old Bing Crosby song lyrics suggest).

A time-tested model for firms needing to deal with these kinds of complex situations is the appointment of external interdisciplinary advisory panels. 

Google announced its own such panel — the “Advanced Technology External Advisory Council” (ATEAC), last week. 

Controversy immediately erupted both inside and outside of Google, particularly relating to the presence of prominent right-wing think tank Heritage Foundation president Kay Cole James. Another invited member — behavioral economist and privacy researcher Alessandro Acquisti — has now pulled out from ATEAC, apparently due to James’ presence on the panel and the resulting protests.

This is all extraordinarily worrisome. 

While I abhor the sentiments of the Heritage Foundation, an AI advisory panel composed only of “yes men” in agreement more left-wing (and so admittedly my own) philosophies regarding social issues strikes me as vastly more dangerous.

Keeping in mind that advisory panels typically do not make policy — they only make recommendations — it is critical to have a wide range of input to these panels, including views with which we may personally strongly disagree, but that — like it or not — significant numbers of politicians and voters do enthusiastically agree with. The man sitting in the Oval Office right now is demonstrable proof that such views — however much we may despise them personally — are most definitely in the equation.

“Filter bubbles” are extraordinarily dangerous on both the right and left. One of the reasons why I so frequently speak on national talk radio — whose audiences are typically very much skewed to the right — is that I view this as an opportunity to speak truth (as I see it) regarding technology issues to listeners who are not often exposed to views like mine from the other commentators that they typically see and hear. And frequently, I afterwards receive emails saying “Thanks for explaining this like you did — I never heard it explained that way before” — making it all worthwhile as far as I’m concerned.

Not attempting to include a wide variety of viewpoints on a panel dealing with a subject as important as AI would not only give the appearance of “stacking the deck” to favor preconceived outcomes, but would in fact be doing exactly that, opening up the firms involved to attacks by haters and pandering politicians who would just love to impose draconian regulatory regimes for their own benefits. 

The presence on an advisory panel of someone with whom other members may dramatically disagree does not imply endorsement of that individual.

I want to know what people who disagree with me are thinking. I want to hear from them. There’s an old saying: “Keep your friends close and your enemies closer.” Ignoring that adage is beyond foolish.

We can certainly argue regarding the specific current appointments to ATEAC, but viewing an advisory panel like this as some sort of rubber stamp for our preexisting opinions would be nothing less than mental malpractice. 

AI is far too crucial to all of our futures for us to fall into that sort of intellectual trap.

–Lauren–

]]>
Don’t Blame YouTube and Facebook for Hate Speech Horrors https://lauren.vortex.com/2019/03/19/dont-blame-youtube-and-facebook-for-hate-speech-horrors https://lauren.vortex.com/2019/03/19/dont-blame-youtube-and-facebook-for-hate-speech-horrors#comments Tue, 19 Mar 2019 18:21:29 +0000 https://lauren.vortex.com/?p=4433 Continue reading "Don’t Blame YouTube and Facebook for Hate Speech Horrors"]]> Within hours of the recent horrific mass shooting in New Zealand, know-nothing commentators and pandering politicians were already on the job, blaming Facebook, Google’s YouTube, and other large social media platforms for the spread of the live attack video and the shooter’s ranting and sickening written manifesto. 

While there was widespread agreement that such materials should be redistributed as little as possible (except by Trump adviser Kellyanne Conway, who has bizarrely recommended everyone read the latter, thus playing into the shooter’s hands!), the political focus quickly concentrated on blaming Facebook and YouTube for the sharing of the video, in its live form and in later recorded formats.

Let’s be very clear about this. While it can be argued that the very large platforms such as YouTube and Facebook were initially slow to fully recognize the extent to which the purveyors of hate speech and lying propaganda were leveraging their platforms, they have of late taken major steps to deal with these problems, especially in the wake of breaking news like the NZ shooting, including taking various specific actions regarding takedowns, video suggestions, and other related issues as recommended publicly by various observers including myself.

Of course this does not mean that such steps can be 100% effective at very large scales. No matter how many copies of such materials these firms successfully block, the ignorant refrains of “They should be able to stop them all!” continue.

In fact, even with significant resources to work with, this is an extremely difficult technical problem. Videos can be surfaced and altered in a myriad number of ways to try bypass automated scanning systems, and while advanced AI techniques combined with human assets will continually improve these detection systems, absolute perfection is not likely in the cards for the foreseeable future, or more likely ever.

Meanwhile, other demands being bandied about are equally specious.

Calls to include significant time delays in live streams ignore the fact that these would destroy educational live streams and other legitimate programming of all sorts where creators are interacting in real time with their viewers, via chat or other means. Legitimate live news streams of events critical to the public interest could be decimated.

Demands that all uploaded videos be fully reviewed by humans before becoming publicly available are equally utterly impractical. Even with unlimited resources you couldn’t hire enough people to completely preview the enormous numbers of videos being uploaded every minute. Not only would full previews be required — since a prohibited clip could be spliced into permitted footage — there would still be misidentifications. 

Even if you limited such extensive preview procedures to “new” users of the platforms, there’s nothing to stop determined evil from “playing nice” long enough for restrictions to be lifted, and then orchestrating their attacks.

Again, machine learning in concert with human oversight will continue to improve the systems used by the major platforms to deal with this set of serious issues.

But frankly, those major platforms — who are putting enormous resources into these efforts and trying to remove as much hate speech and associated violent content as possible — are not the real problem. 

Don’t be fooled by the politicians and “deep pockets”-seeking regulators who claim that through legislation and massive fines they can fix all this.

In fact, many of these are the same entities who would impose global Internet censorship to further their own ends. Others are the same right-wing politicians who have falsely accused Google of political bias due to Google’s efforts to remove from their systems the worst kinds of hate speech (of which much more spews forth from the right than the left).

The real question is: Where is all of this horrific hate speech originating in the first place? Who is creating these materials? Who is uploading and re-uploading them?

The problem isn’t the mainstream sites working to limit these horrors. By and large it’s the smaller sites and their supportive ISPs and domain registrars who make no serious efforts to limit these monstrous materials at all. In some cases these are sites that give the Nazis and their ilk a nod and a wink and proclaim “free speech for all!” — often arguing that unless the government steps in, they won’t take any steps of their own to control the cancer that metastasizes on their sites. 

They know that at least in the U.S., the First Amendment protects most of this speech from government actions. And it’s on these kinds of sites that the violent racists, antisemites, and other hateful horrors congregate, encouraged by the tacit approval of a racist, white nationalist president.

You may have heard the phrase “free speech but not free reach.” What this means is that in the U.S. you have a right to speak freely, even hatefully, so long as specific laws are not broken in the process — but this does not mean that non-governmental firms, organizations, or individuals are required to help you amplify your hate by permitting you the “reach” of their platforms and venues.

The major firms like Google, Facebook, and others who are making serious efforts to solve these problems and limit the spread of hate speech are our allies in this war. Our enemies are the firms that either blatantly or slyly encourage, support, or tolerate the purveyors of hate speech and the violence that so often results from such speech.

The battle lines are drawn. 

–Lauren–

]]>
https://lauren.vortex.com/2019/03/19/dont-blame-youtube-and-facebook-for-hate-speech-horrors/feed 2
As Google’s YouTube Battles Evil, YouTube Creators Are at a Crossroads https://lauren.vortex.com/2019/02/23/as-googles-youtube-battles-evil-youtube-creators-are-at-a-crossroads Sat, 23 Feb 2019 19:44:47 +0000 https://lauren.vortex.com/?p=4396 Continue reading "As Google’s YouTube Battles Evil, YouTube Creators Are at a Crossroads"]]> UPDATE (February 28, 2019): More updates on our actions related to the safety of minors on YouTube

 – – –

For vast numbers of persons around the globe, YouTube represents one of the three foundational “must have” aspects of a core Google services triad, with the other two being Google Search and Gmail. There are many other Google services of course, but these three are central to most of our lives, and I’d bet that for many users of these services the loss of YouTube would be felt even more deeply than the loss of either or both of the other two!

The assertion that a video service would mean so much to so many people might seem odd in some respects, but on reflection it’s notable that YouTube very much represents the Internet — and our lives — in a kind of microcosm.

YouTube is search, it’s entertainment, it’s education. YouTube is emotion, nostalgia, and music. YouTube is news, and community, and … well the list is almost literally endless.

And the operations of YouTube encompass a long list of complicated and controversial issues also affecting the rest of the Internet — decisions regarding content, copyright, fair use, monetization and ads, access and appeals, and … yet another very long list.

YouTube’s scope in terms of numbers of videos and amounts of Internet traffic is vast beyond the imagination of any mere mortal beings, with the exception of Googlers like the YouTube SREs themselves who keep the wheels spinning for the entire massive mechanism.

In the process of growing from a single short video about elephants at the zoo (more about that 2005 video in a moment) into a service that I personally can’t imagine living without, YouTube has increasingly intersected with the entire array of human social issues, from the most beatific, wondrous, and sublime — to the most crass, horrific, and evil.

I’ve discussed all of these aspects of YouTube — and my both positive and negative critiques regarding how Google has dealt with them over time — in numerous past posts over the years. I won’t even bother listing them here — they’re easy to find via search.

I will note again though that — especially of late — Google has become very serious about dealing with inappropriate content on YouTube, including taking some steps that I and others have long been calling for, such as removal of dangerous “prank and dare” videos, demonetization and general form de-recommendation of false “conspiracy” videos, and just announced, demonetization and other utterly appropriate actions against dangerous “anti-vaccine” (aka “anti-vaxx”) videos. 

This must be an even more intense time than usual for the YouTube policy folks up in San Bruno at YouTube HQ — because over the last few days yet another massive controversy regarding YouTube has erupted, this time one that has been bubbling under the surface for a long time, and suddenly burst forth dramatically and rather confusingly as well, involving the “hijacking” of innocent YouTube videos’ comments by pedophiles.

YouTube comments are a fascinating example of often stark contrasts in action. Many YouTube viewers just watch the videos and ignore comments completely. Other viewers consider the comments to be at least as important as the videos themselves. Many YouTube uploaders — I’ll refer to them as creators going forward in this post — are effectively oblivious to comments even on their own videos — which, given that the default setting for YouTube videos is to permit comments without any moderation — has become an increasingly problematic issue.

My own policy (started as soon as the functionality to do so became available) has always been to set my own YouTube videos to “moderated” mode — I must approve individual comments before they can appear publicly. But that takes considerable work, even with relatively low viewership videos like mine. Most YouTube creators likely never change the default comments setting, so comments of all sorts can appear and accumulate largely unnoticed by most creators.

In fact, a few minutes ago when I took another look at that first YouTube video (“Me at the zoo”) to make sure that I had the date correct, I noticed that it now has (as I type this) about 1.64 million comments. Every 5 or 10 seconds a new comment pops up on there, virtually all of them either requests for viewers to subscribe to other YouTube channels, or various kinds of more traditional spams and scams.

Obviously, nobody is curating the comments on this historic video. And this is the same kind of situation that has led to the new controversy about pedophiles establishing a virtual “comments network” of innocent videos involving children. It’s safe to assume that the creators of those videos haven’t been paying attention to the evil comments accumulating on those videos, or might not even know how to remove or otherwise control them.

There have already been a bunch of rather wild claims made about this situation. Some have argued that YouTube’s suggestion engine is at fault for suggesting more similar videos that have then in turn had their own comments subverted. I disagree. The suggestion algorithm is merely recommending more innocent videos of the same type. These videos are not themselves at fault, the commenters are the problem. In fact, if YouTube videos didn’t have comments at all, evil persons could simply create comments on other (non-Google) sites that provided links to specific YouTube videos. 

It’s easy for some to suggest simply banning or massively restricting the use of comments on YouTube videos as a “quick fix” for this dilemma. But that would drastically curtail the usefulness of many righteous videos.

I’ve seen YouTube entertainment videos with fascinating comment threads from persons who worked on historic movies and television programs or were related to such persons. For “how-to” videos on YouTube — one of the most important and valuable categories of videos as far as I’m concerned — the comment threads often add enormous value to the videos themselves, as viewers interact about the videos and describe their own related ideas and experiences. The same can be said for many other categories of YouTube videos as well — comments can be part and parcel of what makes YouTube wonderful.

To deal with the current, highly publicized crisis involving comment abuse — which has seen some major advertisers pulling their ads from YouTube as a result — Google has been disabling comments on large numbers of videos, and is warning that if comments are turned back on by these video creators and comment abuse occurs again, demonetization and perhaps other actions against those videos may occur.

The result is an enormously complex situation, given that in this context we are talking almost entirely about innocent videos where the creators are themselves the victims of comment abuse, not the perpetrators of abuse.

While I’d anticipate that Google is working on methods to algorithmically better filter comments at scale to try help avoid these comment abuses going forward, this still likely creates a situation where comment abuse could in many cases be “weaponized” to target innocent individual YouTube creators and videos, to try trigger YouTube enforcement actions against those innocent parties.

This could easily create a terrible kind of Hobson’s choice. For safety’s sake, these innocent creators may be forced to disable comments completely, in the process eliminating much of the value of their videos to their viewers. On the other hand, many creators of high viewership videos simply don’t have the time or other resources to individually moderate every comment before it appears.

A significant restructuring of the YouTube comments ecosystem may be in order, to permit the valuable aspects of comments to continue on legitimate videos, while still reducing the probabilities of comment abuse as much as possible. 

Perhaps it might be necessary to consider the permanent changing of the default comments settings away from “allowed” — to either “not allowed” or “moderated” — for new uploads (at least for certain categories of videos), especially for new YouTube creators. But given that so many creators never change the defaults, the ultimate ramifications and possible unintended negative consequences of such a significant policy alteration appear difficult to predict. 

Improved tools to aid creators in moderating comments on high viewership videos would also seem to be in focus — perhaps by leveraging third-party services or trusted viewer communities.

There are a variety of other possible approaches as well.

It appears certain that both YouTube itself and YouTube creators have reached a critical crossroads, a junction that successfully navigating will likely require some significant changes going forward, if the greatness of YouTube and its vast positive possibilities for creators are to be maintained or grow.

–Lauren–

]]>
Another Positive Move by YouTube: No More General “Conspiracy Theory” Suggestions https://lauren.vortex.com/2019/02/10/another-positive-move-by-youtube-no-more-general-conspiracy-theory-suggestions Mon, 11 Feb 2019 01:54:57 +0000 https://lauren.vortex.com/?p=4382 Continue reading "Another Positive Move by YouTube: No More General “Conspiracy Theory” Suggestions"]]> A few weeks ago, I noted the very welcome news that Google’s YouTube is cracking down on the presence of dangerous prank and dare videos, rightly categorizing them as potentially harmful content no longer permitted on the platform. Excellent.

Even more recently, YouTube announced a new policy regarding the category of misleading and clearly false “conspiracy theory” videos that would sometimes appear as suggested videos.

Quite a few folks have asked me how I feel about this newer policy, which aims to prevent this category of videos from being suggested by YouTube’s algorithms, unless a viewer is already subscribed to the YouTube channels that uploaded the videos in question.

The policy will take time to implement given the significant number of videos involved and the complexities of classification, but I feel that overall this new policy regarding these videos is an excellent compromise.

If you’re a subscriber to a conspiracy video hosting channel, conspiracy videos from that channel would still be suggested to you.

Otherwise, if you don’t subscribe to such channels, you could still find these kinds of videos if you purposely search for them — they’re not being removed from YouTube.

A balanced approach to a difficult problem. Great work!

–Lauren–

]]>
Another Massive Google User Trust Failure, As They Kill Louisville Fiber on Short Notice https://lauren.vortex.com/2019/02/07/another-massive-google-user-trust-failure-as-they-kill-louisville-fiber-on-short-notice https://lauren.vortex.com/2019/02/07/another-massive-google-user-trust-failure-as-they-kill-louisville-fiber-on-short-notice#comments Thu, 07 Feb 2019 20:27:40 +0000 https://lauren.vortex.com/?p=4363 Continue reading "Another Massive Google User Trust Failure, As They Kill Louisville Fiber on Short Notice"]]> It’s getting increasingly difficult to keep up with Google’s User Trust Failures these days, as they continue to rapidly shed “inconvenient” users faster than a long-haired dog. I do plan a “YouTube Live Chat” to discuss these issues and other Google-related topics, tentatively scheduled for Tuesday, February 12 at 10:30 AM PST. The easiest way to get notifications about this would probably be to subscribe to my main YouTube channel at: https://www.youtube.com/vortextech (be sure to click on the “bell” after subscribing if you want real time notifications). I rarely promote the channel but it’s been around for ages. Don’t expect anything fancy.

In the meantime, let’s look at Google’s latest abominable treatment of users, and this time it’s users who have actually been paying them with real money!

As you probably know, I’ve recently been discussing Google’s massive failures involving the shutdown of Google+ (“Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening” – https://lauren.vortex.com/2019/02/04/google-users-panic-over-google-deletion-emails-heres-whats-actually-happening).

Google has been mistreating loyal Google users — among the most loyal that they have and who often are decision makers about Google commercial products — in the process of the G+ shutdown on very short notice.

One might think that Google wouldn’t treat their paying customers as badly — but hey, you’d be wrong.

Remember when Google Fiber was a “thing” — when cities actually competed to be on the Google Fiber deployment list? It’s well known that incumbent ISPs fought against Google on this tooth and nail, but there was always a suspicion that Google wasn’t really in this for the long haul, that it was really more of an experiment and an effort to try jump start other firms to deploy fiber-based Internet and TV systems.

Given that the project has been downsizing for some time now, Google’s announcement today that they’re pulling the plug on the Louisville Google Fiber system doesn’t come as a complete surprise.

But what’s so awful about their announcement is the timing, which shows Google’s utter contempt for their Louisville fiber subscribers, on a system that only got going around two years ago.

Just a relatively short time ago, in August 2018, Google was pledging to spend the next two years dealing with the fiber installation mess that was occurring in their Louisville deployment areas (“Google Fiber announces plan to fix exposed fiber lines in the Highlands” – https://www.wdrb.com/news/google-fiber-announces-plan-to-fix-exposed-fiber-lines-in/article_fbc678c3-66ef-5d5b-860c-2156bc2f0f0c.html).

But now that’s all off. Google is giving their Louisville subscribers notice that they have only just over two months before their service ends. Go find ye another ISP in a hurry, oh suckers who trusted us!

Google will provide those two remaining months’ service for free, but that’s hardly much consolation for their subscribers who now have to go through all the hassles of setting up alternate services with incumbent carriers who are laughing their way to the bank.

Imagine if one of those incumbent ISPs like a major telephone or cable company tried a shutdown stunt like this with notice of only a couple of months? They’d be rightly raked over the coals by regulators and politicians.

Google claims that this abrupt shutdown of the Louisville system will have no impact on other cities where Google Fiber is in operation. Perhaps so — for now. But as soon as Google finds those other cities “inconvenient” to serve any longer, Google will most likely trot out the guillotines to subscribers in those cities in a similar manner. C’mon, after treating Louisville this way, why should Fiber subscribers in other cities trust Google when it comes to their own Google-provided services?

Ever more frequently now, this seems to be The New Google’s game plan. Treat users — even paying users — like guinea pigs. If they become inconvenient to care for, give them a couple of months notice and then unceremoniously flush them down the toilet. Thank you for choosing Google!

Google is day by day becoming unrecognizable to those of us who have long felt it to be a great company that cared about more than just the bottom line.

Googlers — the rank and file Google employees and ex-employees whom I know — are still great. Unfortunately, as I noted in “Google’s Brain Drain Should Alarm Us All” (https://lauren.vortex.com/2019/01/12/googles-brain-drain-should-alarm-us-all), some of their best people are leaving or have recently left, and it becomes ever more apparent that Google’s focus is changing in ways that are bad for consumer users and causing business users to question whether they can depend on Google to be a reliable partner going forward (“The Death of Google” – https://lauren.vortex.com/2018/10/08/the-death-of-google).

In the process of all this, Google is making itself ever more vulnerable to lying Google Haters — and to pandering politicians and governments — who hope to break up the firm and/or suck in an endless money stream of billions in fines from Google to prop up failing 20th century business models.

The fact that Google for the moment is still making money hand over fist may be partially blinding their upper management to the looming brick wall of government actions that could potentially stop Google dead in its tracks — to the detriment of pretty much everyone except the politicos themselves.

I remain a believer that suggested new Google internal roles such as ombudspersons, user advocates, ethics officers, and similar positions — all of which Google continues to fight against creating — could go a long way toward bringing balance back to the Google equation that is currently skewing ever more rapidly toward the dark side.

I continue — perhaps a bit foolishly — to believe that this is still possible. But I am decreasingly optimistic that it shall come to pass.

–Lauren–

]]>
https://lauren.vortex.com/2019/02/07/another-massive-google-user-trust-failure-as-they-kill-louisville-fiber-on-short-notice/feed 1
Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening https://lauren.vortex.com/2019/02/04/google-users-panic-over-google-deletion-emails-heres-whats-actually-happening https://lauren.vortex.com/2019/02/04/google-users-panic-over-google-deletion-emails-heres-whats-actually-happening#comments Mon, 04 Feb 2019 17:25:59 +0000 https://lauren.vortex.com/?p=4327 Continue reading "Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening"]]> Two days ago I posted “Google’s Google+ Shutdown Emails Are Causing Mass Confusion” (https://lauren.vortex.com/2019/02/02/googles-google-shutdown-emails-are-causing-mass-confusion) — and the reactions I’m receiving make it very clear that the level of confusion and panic over this situation by vast numbers of Google users is even worse than I originally realized. My inbox is full of emails from worried users asking for help and clarifications that they can’t find or get from Google (surprise!) — and my Google+ (G+) threads on the topic are similarly overloaded with desperate comments. People are telling me that their friends and relatives have called them, asking what this all means.

Beyond the user trust abusive manner in which Google has been conducting the entire consumer Google+ shutdown process (even their basic “takeout” tool to download your own posts is reported to be unreliable for G+ downloads at this point), their notification emails, which I had long urged be sent to provide clarity to users, instead were worded in ways that have massively confused many users, enormous numbers of whom don’t even know what Google+ actually is. These users typically don’t understand the manners in which G+ is linked to other Google services. They understandably fear that their other Google services may be negatively affected by this mess.

Since Google isn’t offering meaningful clarification for panicked users — presumably taking its usual “this too shall pass” approach to user support problems — I’ll clarify this all as succinctly as I can — to the best of my knowledge — right here in this post.

UPDATE (February 5, 2019): Google has just announced that the Web notification panel primarily used to display G+ notifications will be terminated this coming March 7. This cuts another month off the useful life of G+, right when we’ll need notifications the most to coordinate with our followers for continuing contacts after G+. Without the notification panel, this will be vastly more difficult, since the alternative notifications page is very difficult to manage. No apologies. No nuthin’. First it was August. Then April. Now March. Can Google mistreat consumer users any worse? You can count on it!

Here’s an important bottom line: Core Google Services that you depend upon such as Gmail, Drive, Photos, YouTube, etc. will not be fundamentally affected by the G+ shutdown, but in some cases visible effects may occur due to the tight linkages that Google created between G+ and other services.

No, your data on Gmail or Drive won’t be deleted by the Google+ shutdown process. Your uploaded YouTube videos won’t be deleted by this.

However, outside of the total loss of user trust by loyal Google+ users, triggered by the kick in the teeth of the Google+ shutdown (without even provision of a tool to help with followers migration – “If Google Cared: The Tool That Could Save Google+ Relationships” (https://lauren.vortex.com/2019/02/01/if-google-cared-the-tool-that-could-save-google-relationships), there will be a variety of other Google services that will have various aspects “break” as a result of Google’s actions related to Google+.

To understand why, it’s important to understand that when Google+ was launched in 2011, it was positioned more as an “identity” product than a social media product per se. While it might have potentially competed with Facebook in some respects, creating a platform for “federated” identity across a wide variety of applications and sites was an important goal, and in the early days of Google+, battles ensued over such issues as whether users would continue to be required to use their ostensibly “real” names for G+ (aka, the “nymwars”).

Google acted to integrate this identity product — that is, Google+ — into many Google services and heavily promoted the use of G+ “profiles” and widgets (comments, +1 buttons, “follow” buttons, login functions, etc.) for third-party sites as well.

In some cases, Google required the creation of G+ profiles for key functions on other services, such as for creating comments on YouTube videos (a requirement that was later dropped as user reactions in both the G+ and YouTube communities where overwhelmingly negative).

Now that consumer G+ has become an “inconvenience” to Google, they’re ripping it out by the roots and attempting to completely eliminate any evidence of its existence, by totally removing all G+ posts, comments, and the array of G+ functions that they had intertwined with other services and third-party sites.

This means that anywhere that G+ comments have continued to be present (including Google services like “Blogger”), those comments will vanish. Users whom Google had encouraged at other sites and services to use G+ profile identities (rather than the underlying Google Account identities) will find those capabilities and profiles will disappear. Sites that embedded G+ widgets and functions will have those capabilities crushed, and their page formats in many cases disrupted as a result. Photos that were stored only in G+ and not backed up into the mainstream Google Photos product will reportedly be deleted along with all the G+ posts and comments.

And then on top of all this other Google-created mayhem related to their mishandling of the G+ shutdown, we have those panic-inducing emails going out to enormous numbers of Google users, most of whom don’t understand them. They can’t get Google to explain what the hell is going on, especially in a way that makes sense if you don’t understand what G+ was in the first place, even if somewhere along the line Google finessed you into creating a G+ account that you never actually used.

There’s an old saying — many of you may have first heard it stated by “Scotty” in an old original “Star Trek” episode: “Fool me once, shame on you — fool me twice, shame on me!”

In a nutshell, this explains why so many loyal users of great Google services — services that we depend on every day — are so upset by how Google has handled the fiasco of terminating consumer Google+. This applies whether or not these users were everyday, enthusiastic participants in G+ itself (as I’ve been since the first day of beta availability) — or even if they don’t have a clue of what Google+ is — or was.

Even given the upper management decision to kill off consumer Google+, the actual process of doing so could have been handled so much better — if there was genuine concern about all of the affected users. Frankly, it’s difficult to imagine realistic scenarios of how Google could have bungled this situation any worse.

And that’s very depressing, to say the least.

–Lauren–

]]>
https://lauren.vortex.com/2019/02/04/google-users-panic-over-google-deletion-emails-heres-whats-actually-happening/feed 20
Google’s Google+ Shutdown Emails Are Causing Mass Confusion https://lauren.vortex.com/2019/02/02/googles-google-shutdown-emails-are-causing-mass-confusion Sat, 02 Feb 2019 17:14:16 +0000 https://lauren.vortex.com/?p=4311 Continue reading "Google’s Google+ Shutdown Emails Are Causing Mass Confusion"]]> UPDATE (February 4, 2019): Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening

– – –

As I have long been urging, Google is finally sending out emails to Google+ account holders warning them of the impending user trust failure that is the Google+ shutdown. However — surprise! — the atrocious way that Google has worded the message is triggering mass confusion from users who don’t even consider themselves to have ever been G+ users, and are now concerned that other Google services such as Photos, Gmail, YouTube, etc. may be shutting down and associated data deleted (“Google Finally Speaks About the G+ Shutdown: Pretty Much Tells Users to Go to Hell” – https://lauren.vortex.com/2019/01/30/google-finally-speaks-about-the-g-shutdown-pretty-much-tells-users-to-go-to-hell).

The underlying problem is that many users have G+ accounts but don’t realize it, and apparently Google is sending essentially the same message to everyone who ever had a G+ account, active or not. Because Google has been aggressively urging the creation of G+ accounts (literally until a few days ago!) many users inadvertently or casually created them, and then forgot about them, sometimes years ago. Now they’re receiving confusing “shutdown” messages and are understandably going into a panic.

UPDATE (February 3, 2019): I’m now receiving reports of users (especially ones receiving the notification emails who don’t recall having G+ accounts) fearing that “all their Google data is going to be deleted” — and also reports of many users who are assuming that these alarming emails about data deletion are fakes, spam, phishing attempts, etc. I’m also receiving piles of messages containing angry variations on “What the hell was Google thinking when they wrote those emails?”

During the horrific period some years ago when Google was REQUIRING the creation of G+ accounts to comment on YouTube (a disaster that I rallied against both outside and inside the company at the time) vast numbers of comments and accounts became tightly intertwined between YouTube and G+, and the ultimate removal of that linkage requirement left enormous numbers of G+ accounts that had really only been created by users for YouTube commenting during that period.

So this new flood of confused and concerned users was completely predictable. If I had written the Google+ shutdown emails, I would have clearly covered these issues to help avoid upsetting Google users unnecessarily. But of course Google didn’t ask me to write the emails, so they followed their usual utilitarian approach toward users that they’re in the process of shedding — yet another user trust failure.

But this particular failure was completely preventable.

Be seeing you.

–Lauren–

]]>
If Google Cared: The Tool That Could Save Google+ Relationships https://lauren.vortex.com/2019/02/01/if-google-cared-the-tool-that-could-save-google-relationships https://lauren.vortex.com/2019/02/01/if-google-cared-the-tool-that-could-save-google-relationships#comments Fri, 01 Feb 2019 23:53:54 +0000 https://lauren.vortex.com/?p=4286 Continue reading "If Google Cared: The Tool That Could Save Google+ Relationships"]]> UPDATE (February 4, 2019): Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening

UPDATE (February 2, 2019): Google’s Google+ Shutdown Emails Are Causing Mass Confusion

– – –

One of the questions I’m being frequently asked these days is specifically what could Google have done differently about their liquidation of Google+, given that a decision to do so was irrevocable. Much of this I’ve discussed in previous posts, including those linked within: “Google Finally Speaks About the G+ Shutdown: Pretty Much Tells Users to Go to Hell” (https://lauren.vortex.com/2019/01/30/google-finally-speaks-about-the-g-shutdown-pretty-much-tells-users-to-go-to-hell).

The G+ shutdown process is replete with ironies. The official Google account on G+ is telling users to follow Google on Google competitors like Facebook, Twitter, and Instagram. While there are finally some butter bar banners up warning of the shutdown — as I’ve long been calling for — warning emails haven’t yet apparently gone out to most ordinary active G+ users, but some users who had previously deleted their G+ accounts or G+ pages are reportedly receiving emails informing them that Google is no longer honoring their earlier promise to preserve photos uploaded to G+ — download them now or they’ll be crushed like bugs. 

UPDATE (February 1, 2019): Emails with the same basic text as was included in the G+ help page announcement from January 30 regarding the shutdown (reference is at the “Go to Hell” link mentioned above), are FINALLY beginning to go out to current G+ account holders (and apparently, to some people who don’t even recall ever using G+). 

Google is also recommending that you build blogs or use other social media to keep in touch with your G+ followers and friends after G+ shuts down, but has provided no mechanism to help users to do so. And this is a major factor in Google’s user trust failure when it comes to their handling of this entire situation.

G+ makes it intrinsically difficult to reach out to your followers to get contact information for moving forward. You never know which of your regular posts will actually be seen by any given following user, and even trying to do private “+name” messages within G+ often fails because G+ tends to sort similar profile names in inscrutable ways and in limited length lists, often preventing you from ever pulling up the user whom you really want to contact. This gets especially bad when you have a lot of followers, believe me — I’ve battled this many times trying to send a message to an individual follower, often giving up in despair.

I would assert — and I’m not wholly ignorant of how G+ works — that it would be relatively straightforward to offer users a tool that could be used to ask their followers (by follower circles, en masse, etc.) if they wished to stay in contact, and to provide those followers who were interested in doing so, the means to pass back to the original user a URL for a profile on a different social media platform, or an email address, or hell, even a phone number. Since this would be entirely voluntary, there would be no significant data privacy concerns.

Such a tool could be enormously beneficial to current G+ users, by providing them a simple means to help them stay in touch after G+’s demise in a couple of months. And if Google had announced such a tool, such a clear demonstration of concern about their existing users, rather than trying to wipe them off Google’s servers as quickly as possible and with a minimum of effort, this would have gone far toward proactively avoiding the many user trust concerns that have been triggered and exacerbated by Google’s current game plan for eliminating Google+.

That such a migration assistance tool doesn’t exist — which would have done so much good for so many loyal G+ users, among Google’s most fervent advocates until now — unfortunately speaks volumes about how Google really feels about us.

–Lauren–

]]>
https://lauren.vortex.com/2019/02/01/if-google-cared-the-tool-that-could-save-google-relationships/feed 1
Google Finally Speaks About the G+ Shutdown: Pretty Much Tells Users to Go to Hell https://lauren.vortex.com/2019/01/30/google-finally-speaks-about-the-g-shutdown-pretty-much-tells-users-to-go-to-hell https://lauren.vortex.com/2019/01/30/google-finally-speaks-about-the-g-shutdown-pretty-much-tells-users-to-go-to-hell#comments Wed, 30 Jan 2019 22:01:32 +0000 https://lauren.vortex.com/?p=4279 Continue reading "Google Finally Speaks About the G+ Shutdown: Pretty Much Tells Users to Go to Hell"]]> UPDATE (February 4, 2019): Google Users Panic Over Google+ Deletion Emails: Here’s What’s Actually Happening

UPDATE (February 2, 2019): Google’s Google+ Shutdown Emails Are Causing Mass Confusion

UPDATE (February 1, 2019): If Google Cared: The Tool That Could Save Google+ Relationships

– – –

For weeks now, I’ve been pounding on Google to get more explicit about their impending shutdown of consumer Google+. What they’ve finally written today on a G+ help page (https://support.google.com/plus/answer/9195133) demonstrates clearly how little that they care about G+ users who have spent years of their lives building up the service, appears to put a lie to key claimed excuses for ending consumer G+, and calls into question the degree to which any consumer or business users of Google should trust the firm’s dedication to any specific services going forward.

The originally announced shutdown date was for August. Then suddenly it was advanced to April (we now know from their new help page post that the official death date is 2 April 2019, though the process of completely deleting everyone from existence may take some months).

The key reasons for the shutdown originally stated by Google were API “security problems” that were obviously blown out of proportion — Google isn’t even mentioning those in their new announcements. Surprise, surprise:

“Given the challenges in creating and maintaining a successful Google+ that meets our consumer users’ expectations, we decided to sunset the consumer version of Google+. We’re committed to focusing on our enterprise efforts, and will be launching new features purpose-built for businesses.”

Translation: Hey, you’re not paying us anything, bug off!

And as I had anticipated, Google is doing NOTHING to help G+ users stay in touch with each other after the shutdown. In other words, it’s up to you to figure out some way to do it, boys and girls! Now go play on the freeway! Get lost! We just don’t care about you!

Since there’s nothing in Google’s new announcement that contradicts my analysis of this situation in my earlier related posts, I will herewith simply include for reference some of my recent posts related to this topic, for your possible perusal as you see fit.

I’ll note first my post announcing my own private forum that I’ve been forced to create — to try provide a safe home for many of my G+ friends who are being unceremoniously crushed by Google’s betrayal of their trust. Given my very limited resources, creating a new forum at this time was not in my plans, but Google’s shabby treatment of G+ users forced my hand. No matter what else happens in my life, I promise never to treat users of my forum with disrespect and contempt as Google has:

A New Invite-Only Forum for Victims of Google’s Google+ Purge
https://lauren.vortex.com/2019/01/05/a-new-invite-only-forum-for-victims-of-googles-google-purge

And here are some of my related posts regarding the Google+ shutdown fiasco, its impacts on users, and related topics:

Google’s G+ User Trust Betrayal Gets Worse and Worse
https://lauren.vortex.com/2019/01/29/googles-g-user-trust-betrayal-gets-worse-and-worse

An Important Message from “Google” about Google+
https://lauren.vortex.com/2019/01/22/an-important-message-from-google-about-google

Boot to the Head: When You Know that Google Just Doesn’t Care Anymore
https://lauren.vortex.com/2019/01/14/boot-to-the-head-when-you-know-that-google-just-doesnt-care-anymore

Why Google Is Terrified of Its Users
https://lauren.vortex.com/2019/01/06/why-google-is-terrified-of-its-users

Why I No Longer Recommend Google for Many Serious Business Applications
https://lauren.vortex.com/2018/12/20/why-i-no-longer-recommend-google-for-many-serious-business-applications

Can We Trust Google?
https://lauren.vortex.com/2018/12/10/can-we-trust-google

The Death of Google
https://lauren.vortex.com/2018/10/08/the-death-of-google

As Google’s continuing decimation of user trust accelerates, you can count on me having more to say about these situations as we move forward. Take care everyone. Stay strong.

Be seeing you.

–Lauren–

]]>
https://lauren.vortex.com/2019/01/30/google-finally-speaks-about-the-g-shutdown-pretty-much-tells-users-to-go-to-hell/feed 8
Google’s G+ User Trust Betrayal Gets Worse and Worse https://lauren.vortex.com/2019/01/29/googles-g-user-trust-betrayal-gets-worse-and-worse Tue, 29 Jan 2019 19:59:18 +0000 https://lauren.vortex.com/?p=4247 Continue reading "Google’s G+ User Trust Betrayal Gets Worse and Worse"]]> When I recently posted a parody “Message from Google” regarding the upcoming shutdown of consumer Google+, I did not anticipate the wellspring of reactions from Google users, including those who were not specifically Google+ users.

An Important Message from “Google” about Google+ !
https://lauren.vortex.com/2019/01/22/an-important-message-from-google-about-google

(Google Docs Version: https://lauren.vortex.com/google-plus)

I had anticipated many folks saying that the posting was funny but in key respects depressingly true — which they did — but I did not expect my inbox to be flooded with consumer and business users telling me that they were abandoning Google services or not moving operations to Google, due to Google’s shabby treatment of so many users, and I did not realize that I was going to become the focal point for desperate, loyal G+ users asking me questions that Google has been refusing to answer.

In retrospect I shouldn’t have been surprised. To this day, Google has as far as I know not emailed ordinary G+ users about what’s going on, has no informational banners up about the impending shutdown, and (believe it or not!) is still soliciting for new users to join G+ and spend their time following other users and getting to know a service that Google is about to mercilessly destroy!

It’s remarkable. Unfathomable. Disgraceful.

And the questions. G+ users are sending me their questions:

What happens to all of the external web pages and posts that link to public G+ posts? Google taking down those G+ posts will break vast numbers of non-Google pages around the web.

What happens to sites that have deeply embedded G+ APIs for displaying “Plus” counts, follower boxes, G+ site login integrations, and more? What happens to Google Contacts data integrated from G+?

What is the ultimate fate of the actual G+ posts and related data? Do they all suddenly vanish from public view, from the control of their authors? Will they continue to be used internally by Google for ad system, machine learning, or for other purposes?

The list goes on and on.

Meanwhile, Google is hardly saying anything at all. It’s obvious that they’re treating consumer G+ — and all of its loyal users — as inconvenient pariahs, tossing us all into their dumpster as quickly and unceremoniously as possible.

My inbox is full of users both angry and sad, who loved Google but are now feeling like they’ve been pushed out of a car and directly into the path of steamrollers.

I’ve always tried to help with Google-related problems when I could. But I really don’t know what to say to these jilted users abandoned so callously by Google, because frankly I feel the same way about how Google is mistreating us, and Google has not been forthcoming with explanations, answers, or even believable excuses.

It’s obvious that Google just doesn’t care. And perhaps that’s the saddest part of all.

–Lauren–

]]>
Paid “Ad-Free” YouTube Premium Is Now Showing Ads https://lauren.vortex.com/2019/01/26/paid-ad-free-youtube-premium-is-now-showing-ads https://lauren.vortex.com/2019/01/26/paid-ad-free-youtube-premium-is-now-showing-ads#comments Sun, 27 Jan 2019 01:17:46 +0000 https://lauren.vortex.com/?p=4231 Continue reading "Paid “Ad-Free” YouTube Premium Is Now Showing Ads"]]> UPDATE (March 16, 2019): The ads discussed below as appearing on the Roku YouTube app (even when subscribed to YouTube Premium) have now vanished for me — at least for the moment. I have no word as to whether this is a temporary or more long-term change, whether this was a test that has now terminated, or any other additional information. But I’m definitely glad to see those annoying boxes gone, especially the one that was overlaid on the playing videos themselves.

– – –

I pay for YouTube Premium because — among other things — I don’t want to see ads on videos.

But at least through the popular YouTube Roku app, YouTube is now continuously displaying BUY SEASON ads for some video program clips (complete with purchase price) in a blue box on the video control YouTube Roku app “watch pages” — and even worse, for a period of time (around 10 seconds) as a corner ad box overlay on the running videos themselves. The blue box ad is also present whenever you return to the watch page (e.g., by pausing the video), and the overlay ad appears for the same interval every time you begin running the video again. The overlay ad in particular is extremely annoying.

These ads are also present as a box on the regular web-based YouTube watch pages for these clips — where they are less obtrusive but still are ads on an ostensibly ad-free service.

YouTube Premium is promoted as a paid, ad-free service. The presence of these ads on Premium accounts (especially when overlaid on top of running videos — whether limited to Roku devices or ultimately deployed through other display devices as well) is not acceptable.

–Lauren–

]]>
https://lauren.vortex.com/2019/01/26/paid-ad-free-youtube-premium-is-now-showing-ads/feed 6
An Important Message from “Google” about Google+ ! https://lauren.vortex.com/2019/01/22/an-important-message-from-google-about-google https://lauren.vortex.com/2019/01/22/an-important-message-from-google-about-google#comments Tue, 22 Jan 2019 18:47:08 +0000 https://lauren.vortex.com/?p=4218 Continue reading "An Important Message from “Google” about Google+ !"]]> (Google Doc version: https://lauren.vortex.com/google-plus)

Google – “You can count on us!”

An important announcement about Google+

Dear Google+ users,

We have some bad news for you. We hope you’re sitting down. If you’re driving, please pull over safely before reading the remainder of this message.

We know that many of you have built major parts of your lives around Google+, beginning back in 2011. Over the years since, we have encouraged you to share your experiences and photos, to build Communities and Collections. We know that large numbers of you have spent hours every day on G+, and have built up networks of friends with whom you communicate every day on G+.

And we know that in our rush to maximize G+ participation and engagement, we made some pretty poor decisions, like that period where we integrated YouTube comments and G+ posts, requiring YouTube commenters to create G+ accounts — managing to upset both communities in the process. But you know the motto — move fast and break things!

Now we just want to get out from under Google+. And you’re going to be the collateral damage. Please understand that it’s nothing personal. It’s just business.

So we’re shutting down G+. We’ll be shutting it down this coming August, uh April, uh as soon as we can locate the Google+ SRE in charge. We’ve been trying to page them for months but they’re not answering. We’re pretty sure that there’s a G+ control dashboard in our systems somewhere — when we find it we’ll pull the switch and you’ll all be history.

We could yank your chains and claim that killing G+ is all about poor engagement and API problems and whatnot, but we know you’d see through that, and frankly we just don’t want you around anymore. You’re more trouble than you’re worth to a firm that is pivoting ever more toward serving businesses who actually pay us with actual money. Of course, many businesses now claim that they’ve lost faith in us due to our behavior killing services and mistreating users on the consumer side, but we’ll throw them some usage credits and they’ll come around. You can always buy user trust!

The ad business just isn’t what it used to be. We need new users in new places! Governments are breathing down our necks, ad blockers are reducing ad impressions and conversions, and a bunch of would be do-gooders are making a fuss about our plans to set up a censored search engine in China. You know how many Chinese are in China? More than you can count on your fingers and toes, believe us!

And speaking of business, we’ll be continuing G+ over on our enterprise/business products, at least until it becomes inconvenient for us to keep doing so. And before you ask, no, you can’t pay for continued access to consumer G+ or bundle it with Google One, and you can’t have a pony or anything like that. Get this through your heads. You’re not our target users or target demographics. We just don’t care about you.

Now, after we’ve said all that, we hope that you won’t get too upset if we ask for your help in killing off G+ with a minimum of public attention from bloggers and the media.

Since we routinely provide the means for you to download your data from Google, you can download your G+ posts before we drive a stake through the heart of the G+ data center clusters. We don’t know what the hell you’re going to do with that data, since you’re going to lose contact with all your followers and friends you’ve built up over the years on G+, but did you really expect us to bother providing a tool to help you stay in contact with them after G+ is tossed into the dumpster? We recommend that you just forget about those people, like we’re forgetting about you. It’s easy with practice.

Oh, here’s another thing. You might expect that with the shutdown of G+ so close, we wouldn’t still be soliciting for new G+ users, and you might think that we’d have “butter bar” banners up warning users of the shutdown and providing continuing updates. You might expect us to email G+ users about what’s going on.

But, c’mon, you know us better than that. Remember, we just don’t care, so there are no banners, no continuing informational updates, and — get this! — we’re still soliciting for new G+ users to sign up, without so much as giving them a clue that they’re signing up for a service that is “dead man walking” already! The poor ignorant slobs! Pretty funny, huh? And the only users we’ve emailed about the G+ shutdown are at sites using our G+ APIs, which we’re going to start dismantling in late January. It’s going to be quite a show, because that’s going to break vast numbers of websites that made the mistake of deeply embedding G+ APIs into their systems. Hey, to quote “Otter” from “Animal House” — “You f*cked up! You trusted us!”

So it’s up to you all to spread the word about what’s going on, because we’ve got better things to do than dealing with G+ losers. You’re so yesterday!

OK, ’nuff said! We’ve already spent more time on this note than we should have, and talking to you guys isn’t advancing any of our careers. Be glad that we’re posting this in a nice dark font that you can actually read — we could have used “Material Design” and then sat here chuckling, knowing that so many of you would be squinting and getting migraine headaches from trying to read this.

But we’re not cruel. We just don’t care about you. There’s a big difference! Please keep that in mind.

Thanks for being the guinea pigs in our social media experiment that was Google+. Now back to your cages!

Best,

Google, Inc.

 – – –

Lauren Weinstein / lauren.vortex.com / 22 January 2019 / https://plus.google.com/+LaurenWeinstein / https://twitter.com/laurenweinstein

]]>
https://lauren.vortex.com/2019/01/22/an-important-message-from-google-about-google/feed 2
Another Awful Google Accessibility Failure: The New “Google Contacts” https://lauren.vortex.com/2019/01/17/another-awful-google-accessibility-failure-the-new-google-contacts https://lauren.vortex.com/2019/01/17/another-awful-google-accessibility-failure-the-new-google-contacts#comments Thu, 17 Jan 2019 20:14:11 +0000 https://lauren.vortex.com/?p=4203 Continue reading "Another Awful Google Accessibility Failure: The New “Google Contacts”"]]> Google Contacts — which I use heavily — has now moved over to Google’s horrific “let’s kick people with less than perfect vision in the teeth!” user interface (UI) design. I assume it’s rolling out gradually so you may not have it yet.

But even when you do get it, you STILL may not be able to really see it, because like most of Google’s “material design” UI “refreshes” it’s terrible for anyone who has problems with low contrast fonts. Even at 175% magnification, the fonts are painful to read — and for many users are likely to be impossible to view in a practical manner. And as usual, older users will suffer most at the hands of Google’s UI design changes.

There are a few minor improvements in the new Contacts design relating to form field layouts, and your “notes” for an entry no longer need to be in a restricted-sized box. But those positive changes are rendered meaningless when the fonts overall have been made so much more difficult for so many people to read.

If you talk to Google’s internal accessibility folks about this sort of problem (and I’ve done so, numerous times) you’ll be told that the new design is fine for “most users” and meets formal accessibility standards.

Yet the single most common complaint I get about Google is from users who simply can’t comfortably read or use Google interfaces, and Google is pushing material design into more and more of their products. Google Docs (I use this one heavily also), plus Sheets, Slides, and Sites are also apparently doomed to undergo this change, according to Google.

For the moment, you can still switch back to the familiar version of Contacts (there’s a link for this buried at the bottom of the left sidebar), but we know that Google at some point always ultimately removes the ability to use the older versions of their products.

This situation is rapidly becoming worse and worse for the negatively affected users.

Of course, Google could solve this problem by providing higher contrast UI options, but such options are severely discouraged at Google.

After all, you don’t want to make things easy for those users that you don’t really care about at all, right?

For shame Google. For shame.

–Lauren–

]]>
https://lauren.vortex.com/2019/01/17/another-awful-google-accessibility-failure-the-new-google-contacts/feed 1
Thanks Google! — YouTube Cracks Down on Dangerous Videos https://lauren.vortex.com/2019/01/16/thanks-google-youtube-cracks-down-on-dangerous-videos Wed, 16 Jan 2019 23:04:05 +0000 https://lauren.vortex.com/?p=4198 Continue reading "Thanks Google! — YouTube Cracks Down on Dangerous Videos"]]> UPDATE (February 10, 2019): Another Positive Move by YouTube: No More General “Conspiracy Theory” Suggestions

When I feel that Google is making policy mistakes, I don’t hesitate to call them out as appropriate. I don’t enjoy doing this, but my goal is to help Google be better, not to see a great company becoming less so.

On the other hand, I much enjoy congratulating Google when they make important policy improvements — and yeah, it’s nice when this involves an area where I’ve long been urging such changes.

So I’m very pleased by Google’s newly announced changes to YouTube acceptable content rules, to significantly crack down on dangerous prank and dare/challenge videos on YouTube.

I’ve written about my concerns in this area many times, for example in “YouTube’s Dangerous and Sickening Cesspool of ‘Prank’ and ‘Dare’ Videos” (https://lauren.vortex.com/2017/05/04/youtubes-dangerous-and-sickening-cesspool-of-prank-and-dare-videos), approaching two years ago.

I am not unsympathetic to Google’s philosophical and practical preferences for a “very light touch” when it comes to excluding specific types of content from their YouTube platform. In a perfect world, if all video creators behaved responsibly in the first place, we likely wouldn’t be facing these kinds of challenges at all. But of course, the reality is that irresponsible creators of all sorts permeate vast swaths of the Internet ecosystem.

The new YouTube “Policies on harmful or dangerous Content” (https://support.google.com/youtube/answer/2801964), should in theory go a long way toward appropriately addressing the kinds of concerns that I and others have expressed about dangerously inappropriate videos on YouTube.

Whether the new rules will actually have the desired positive effects will of course depend on how rigorously Google enforces these rules, and in particular whether that enforcement is evenhanded — meaning that large YouTube channels generating significant revenue are subject to the same serious enforcement actions as much smaller channels. 

Time will tell in this regard. But today, as someone who very much loves YouTube and who considers YouTube to be an irreplaceable aspect of my daily life, I want to thank Google for these positive steps toward making YouTube even better for us all. Kudos to the teams!

–Lauren–

]]>
Boot to the Head: When You Know that Google Just Doesn’t Care Anymore https://lauren.vortex.com/2019/01/14/boot-to-the-head-when-you-know-that-google-just-doesnt-care-anymore https://lauren.vortex.com/2019/01/14/boot-to-the-head-when-you-know-that-google-just-doesnt-care-anymore#comments Mon, 14 Jan 2019 22:45:02 +0000 https://lauren.vortex.com/?p=4186 Continue reading "Boot to the Head: When You Know that Google Just Doesn’t Care Anymore"]]> If you’ve ever needed more evidence that Google just doesn’t care about users who have become “inconvenient” to their new business models, one need only look at the saga of their ongoing handling of their announced Google+ shutdown.

I’ve previously discussed what I believe to be the actual motivations for this action, that’s suddenly pulling the rug out from beneath many of their most loyal users (“Can We Trust Google?” – https://lauren.vortex.com/2018/12/10/can-we-trust-google). But let’s leave the genesis of this betrayal of users aside, and just look at how Google is handling the actual process of eliminating G+.

What’s the technical term for this that I’m searching for? Oh yes: disgraceful.

We already know about Google’s incredible user trust failure in announcing dates for this process. First it was August. Then suddenly it was April. The G+ APIs (which vast numbers of web sites — including mine — made the mistake of deeply embedding into their sites, we’re told will start “intermittently failing” (whatever that actually means) later this month.

It gets much worse though. While Google has tools for users to download their own G+ postings for preservation, they have as far as I know provided nothing to help loyal G+ users maintain their social contacts — the array of other G+ followers and users with whom many of us have built up friendships on G+ over the years.

As far as Google is concerned, when G+ dies, all of your linkages to your G+ friends are gone forever. You can in theory try to reach out to each one and try to get their email addresses, but private messages on G+ have always been hit or miss, and I’ve had to resort to setting up my own invite-only forum for this purpose (“A New Invite-Only Forum for Victims of Google’s Google+ Purge” – https://lauren.vortex.com/2019/01/05/a-new-invite-only-forum-for-victims-of-googles-google-purge).

If I’d been running G+ and had been ordered from “on high” to shut it down, I would have insisted on providing tools to help users migrate their social connections on G+ to other platforms, or at least to email! Google just doesn’t seem to care about the relationships that users have built over the years on G+.

You know what else I’d be doing if I ran G+ at this point? I’d be showing respect for my users. I’d be damned well warning everyone about the upcoming shutdown on a continuing basis — not just with an occasional post on G+ itself visible only to users following that official G+ user, and not relying on third-party media stories to inform the user community.

I’d have “butter bar” banners up keeping all G+ users informed. I’d be sending out emails to users updating them on what’s happening (so far as I know, only G+ API users have been contacted by email about the shutdown).

And with only a few months left until Google pulls the plug on G+, I sure as hell wouldn’t still be soliciting for new  G+ users!

Yep — believe it or not — Google at this time is STILL soliciting for unsuspecting users to sign up for new G+ accounts, without any apparent warnings that you’re signing up for a service that is already officially the walking dead!

Perhaps this shows most vividly how Google today seems to just not give a damn about users who aren’t in their target demographics of the moment. Or maybe it’s just laziness. We can assume that consumer G+ is being operated on an ever thinner skeleton crew these days. Sure, encourage users to waste their time setting up profiles and subscribing to communities that will be ghosts in a handful of weeks. What do we care?

The upshot here though isn’t to suggest that Google is required to operate G+ forever, but rather that the way in which they’ve handled the announcements and ongoing process of sunsetting a service much beloved by many Google users has been nothing short of atrocious, and has not shown respect for Google’s users overall.

And that’s nothing short of very dismal, and very sad indeed.

–Lauren–

]]>
https://lauren.vortex.com/2019/01/14/boot-to-the-head-when-you-know-that-google-just-doesnt-care-anymore/feed 2
Google’s Brain Drain Should Alarm Us All https://lauren.vortex.com/2019/01/12/googles-brain-drain-should-alarm-us-all https://lauren.vortex.com/2019/01/12/googles-brain-drain-should-alarm-us-all#comments Sat, 12 Jan 2019 17:59:42 +0000 https://lauren.vortex.com/?p=4173 Continue reading "Google’s Brain Drain Should Alarm Us All"]]> The casual outside observer can be readily excused for not noticing the multiplying red flags.

At first glance, so much seems golden for Google.

Google is still expanding its physical infrastructure by leaps and bounds. New buildings, new data centers, new offices — just last week we learned that Google will be taking over virtually the entire old Westside Pavilion for offices here in L.A. I used to hang out there many years ago, back when it was a relatively new shopping mall.

The pipeline of graduating students into Google’s HR machine remains packed to overflowing, and as usual there are vastly more applicants than positions available.

But to those of us with deeper connections to the firm and its employees, there are alarm bells sounding loudly.

Google is in the midst of a user trust and ethics crisis, and an increasing number of their best long-term employees are leaving.

Their reasons vary — after all, nobody is expected to stay with one firm forever, and there are career paths to be considered. 

However, it is undeniable to anyone who really knows Google that there is an increasing internal glumness, a sense of melancholy and in some cases anger, toward some key decisions that management has been making of late, and regarding the predicted trajectory for Google that logically could result.

As at most firms, there has always been some degree of friction at Google between management and the “rank and file” employees — traditionally staying largely internal to the firm and out of public view.

This has changed recently, with a series of controversial internal issues spilling out dramatically into the external world, in the form of employee protests and other employee actions really never seen before in modern Big Tech workplaces. 

Consternation over Google’s links to military projects, a potential censored search project for China, and a massive payout to a high-ranking employee accused of sexual harassment — the world at large has taken note of these issues and more.

Just in the last few days, a major shareholder lawsuit has been filed against Google relating to the sexual harassment case. And coincidentally a couple of days ago, the Arms Control Association named the 4000 Googlers who opposed Google’s contract with the Pentagon’s “Project Maven” as the “Arms Control Person(s) of the Year.”

There have indeed been some positive internal changes at Google resulting from this unprecedented level of employee activism — for example, Google has formalized an important and positive set of AI Principles.

For many Googlers, this has been too little, too late. Particularly among female and LGTBQ employees — but by no means restricted to those groups — the atmosphere at Google is no longer seen as welcoming and ethical. And increasing numbers of Googlers — alarmingly including those who have been at Google for many years, who have been the representatives of Google’s culture at its best, and who have constituted the ethical heart of the company — have left or are about to leave.

And this appears to be only the beginning. I’ve lost count of the Googlers I know who have asked me to keep an ear open for outside positions that fall into their areas of expertise — a bit ironic since I’m always looking for work myself. 

These kinds of situations can be devastating to a firm in the long run, in and of themselves.

They also hand Google’s political and other enemies — the haters and more — political ammunition that can be used against Google not only to the detriment of the firm at a time when Big Tech is increasingly being inappropriately framed as “enemies of the people” by Luddite forces on the left and the right — but to the ultimate detriment of Google’s users and everyone else as well.

Yet compared to Google’s competition — for example firms like Amazon and Microsoft who happily accept military combat contracts, or Apple with its highly problematic actions to help China block open Internet access by removing VPN and other apps — Google’s ethics have traditionally been a cut above the others.

As Google’s brain and ethics drains continue, as more of their best and most principled employees leave, Google’s moral advantage over those other firms is rapidly deteriorating, and the exodus of such employees is always a “canary in the coal mine” warning that something fundamental has gone awry. 

So long as Google management chooses not to directly and effectively address these issues, to not dedicate significant resources toward reclaiming the ethical, user trust, and employee trust high grounds, there is little reason to anticipate a course correction from the increasingly dark path on which Google now appears to be traveling. 

–Lauren–

]]>
https://lauren.vortex.com/2019/01/12/googles-brain-drain-should-alarm-us-all/feed 2
Finally, Some Good News About the EU’s Horrendous “Right To Be Forgotten” Law https://lauren.vortex.com/2019/01/10/finally-some-good-news-about-the-eus-horrendous-right-to-be-forgotten-law Thu, 10 Jan 2019 16:34:44 +0000 https://lauren.vortex.com/?p=4164 Continue reading "Finally, Some Good News About the EU’s Horrendous “Right To Be Forgotten” Law"]]> I’ve been highly critical — to say the least — of the European Union’s insane global censorship regime — “The Right To Be Forgotten” (RTBF) — since well before it became actual, enacted law.

But there’s finally some good news about RTBF — in the form of a formal opinion from EU Advocate General Maciej Szpunar, chief adviser at Europe’s highest court.

I’m not sure offhand when I first began writing about the monstrosity that is RTBF, but a small subset of related posts includes:

The “Right to Be Forgotten”: A Threat We Dare Not Forget (2/2012):
https://lauren.vortex.com/archive/000938.html

Why the “Right To Be Forgotten” is the Worst Kind of Censorship (8/2015):
https://lauren.vortex.com/archive/001119.html

RTBF was always bad, but it became a full-fledged dumpster fire when (as many of us had predicted from the beginning) efforts were made to enforce its censorship demands globally. This gave the EU effectively worldwide censorship powers via RTBF’s “hide the library index cards” approach, creating a lowest common denominator “race to the bottom” of expanding mass, government-directed censorship of search results related to usually completely accurate and still published news and other information items.

In a nutshell, Maciej Szpunar’s opinion — which is not binding but is likely to be a strong indicator of how related final decisions will turn out — is that global application of EU RTBF decisions is usually unreasonable. While he doesn’t rule out the possibility of global “enforcement” in “certain situations” (an aspect that will need to be clarified), it’s obvious that he views routine global enforcement of EU RTBF demands to be untenable. 

This is of course only a first step toward reining in the RTBF monster, but it’s potentially an enormously important one, and we’ll be watching further developments in this arena with great interest indeed.

–Lauren–

]]>
Why Google Is Terrified of Its Users https://lauren.vortex.com/2019/01/06/why-google-is-terrified-of-its-users https://lauren.vortex.com/2019/01/06/why-google-is-terrified-of-its-users#comments Sun, 06 Jan 2019 18:46:25 +0000 https://lauren.vortex.com/?p=4137 Continue reading "Why Google Is Terrified of Its Users"]]> Have you ever seen the “10 Things” philosophy page at Google? It’s uplifting. It’s sweet. And in significant respects, it’s as dead as the dodo:

https://www.google.com/about/philosophy.html

Even if it didn’t say so, you’d know that this page has been around at Google for a long, long time, because it still speaks of “doing one thing really, really well” and calls Gmail and Maps “new” products.

By no means is everything on that page now inoperative, but it’s difficult for some sections not to remind one of the classic film “Citizen Kane” where Charles Foster Kane himself rips his own, now “antique” Declaration of Principles to shreds.

Point number one on that nostalgic Google page is of special note: “Focus on the user and all else will follow.”

I would argue that when those words were first written many years ago, Google’s users — and the entire Internet world — were very different from today. By and large, the percentage of non-techies in Google’s user community was much smaller. You didn’t have so many busy non-technical persons, older people, and others for whom technology was not a 24/7 “lifestyle” but who were still very dependent on your services.

And of course, Google’s range of services was much narrower then, and Google services were not such a massive part of so many people’s lives around the world as those services are today.

Google has traditionally been — and still to a significant extent is — something of a “black box” to most users.  Unless you’ve been on the inside, many of its actions seem mysterious and inscrutable. Even being on the inside doesn’t necessarily free one completely of those observations.

While there have been some improvements in some respects, especially in regard to Google’s paid services, overall Google still seems to have something of an “us vs. them” attitude — keep the users at arm’s length — when it comes to the majority of their users, a tendency to wall users off in significant respects. 

Granted, when you have as many users as Google, you can’t provide “white-glove” personalized service to all of them.

But even within the practical range of what could be done to better serve users overall, one senses that Google decreasingly cares about you unless you’re a genuine paying customer, and even then only to the minimal extent required. 

Part of this is likely driven by quite realistic fears of potentially draconian actions by pandering politicians in governments around the planet, and the declining value of traditional online advertising models.

But Google’s at best lackadaisical attitude toward so many of its users is still impossible to justify. Just to note two recent examples that I’ve discussed, why would Google not choose to proactively help Chromecast users whose devices might be hijacked, even if the underlying fault wasn’t actually Google’s? And how can Google justify the sudden and total abandonment of loyal Google+ users who have spent many years building close communities, without even bothering to provide any tools to help those users stay in touch with each other after Google pulls the plug? 

It’s a matter of priorities. And at Google, only a limited number of particular users tend to be a priority.

It goes further of course. Google’s institutional fear of the “Streisand Effect” — reluctance to even mention a problem to avoid risking drawing any attention to it — rises essentially to the level of neurosis.

Google’s continual refusal to give users a truly representative “place at the deliberation table”  through user advocates, or the means to escalate serious dilemmas through ombudspersons or similar roles, are ever more glaring as related issues continue to erupt into public notice, often with significantly negative PR impacts, making Google ever more vulnerable to the whims of opportunistic regulators and politicians.

Some years ago when I was consulting to Google, I was in the office of a significantly high ranking executive at their Mountain View headquarters (one clue to knowing if someone is a significant executive at Google — they have their own office). I was pitching my concepts for roles like ombudspersons, and he was pushing back. Finally, he asked me, “Are you volunteering?”

I thought about it for a few seconds and answered no. A role like that without the actual support of the company would be useless, and it seemed obvious from my meetings that the necessary support for such roles within the company did not exist.

In retrospect, even though I’ve always assumed that his question was really only meant rhetorically, I still wonder if I should have “called his bluff” so to speak and answered in the affirmative. It probably wouldn’t have mattered, but it was an interesting moment.

One way or another, the political “powers that be” today have the long knives out for Google and other Internet-based firms. And I for one don’t want to see Google go the way of DEC and Bell Labs and the long list of other firms that once seemed invincible but now either no longer exist or are mere shadows of their former once-great selves.

Given current trends, I’m unsure if Google — even given the will to do so — can turn this around fast enough to avoid the destructive, toxic, political freight trains headed toward it. Many of my readers frequently suggest to me that even that sentiment is overly optimistic.

We shall see.

–Lauren–

]]>
https://lauren.vortex.com/2019/01/06/why-google-is-terrified-of-its-users/feed 2
A New Invite-Only Forum for Victims of Google’s Google+ Purge https://lauren.vortex.com/2019/01/05/a-new-invite-only-forum-for-victims-of-googles-google-purge https://lauren.vortex.com/2019/01/05/a-new-invite-only-forum-for-victims-of-googles-google-purge#comments Sat, 05 Jan 2019 22:28:28 +0000 https://lauren.vortex.com/?p=4126 Continue reading "A New Invite-Only Forum for Victims of Google’s Google+ Purge"]]> Several weeks ago, in the wake of Google’s shameless and hypocritical abandonment of loyal Google users and communities with the announced rapidly approaching shutdown of consumer Google+ (originally scheduled for August, then — with yet another kick in the teeth to their users — advanced to April based on obviously exaggerated security claims) I created a new private forum to help stay in touch with my own G+ followers.

This was not something that I had anticipated needing to do.

If Google had shown even an ounce of concern for their users’ feelings, and provided the means for the “families” of users created on G+ since its inception to have some way to stay in touch after Google pulls the plug on consumer G+ (to concentrate on expanding their enterprise/business version of G+), I wouldn’t even have had to think about creating a new forum at this stage.

But relying upon Google in these respects — please see: “Can We Trust Google?” (https://lauren.vortex.com/2018/12/10/can-we-trust-google) — is a fool’s errand. Google has made it clear that even their most loyal users can be booted out the door at any time that upper management finds them to be an “inconvenience” in the Google ecosystem, to be swatted like flies. Given Google’s continuing user support and user trust failures in other areas, we all should have seen this coming long ago. In fact, many of us did, but had hoped that we were wrong. 

There have been continuing efforts to find some way in conjunction with Google to keep some of these consumer G+ relationships alive — for example, via the enterprise version of G+. To date, these prospects continue to appear bleak. Google seems to have no respect at all for their consumer G+ users, beyond the absolute minimum of providing a way for users to download their own G+ posting archives.

Since Google clearly cares not about destroying the relationships built up on Google+, and since I have many friends on G+ with whom I don’t want to lose touch (many of which, ironically, are Googlers — great Google employees), I created my own small, new private forum as a way to hopefully avoid total decapitation of these relationships at the hands of Google’s G+ guillotine.

A significant number of my G+ followers have already joined. But I’ve been frequently asked if I would consider opening it up further for other G+ users who feel burned by Google’s upcoming demolition of G+, especially since many G+ users are not finding the currently publicly available alternatives to be appealing, for a range of very good reasons. Facebook is nonstarter for many, and various of the other public alternatives are already infested with alt-right and other forms of trolls who were justifiably kicked off of the mainstream platforms.

So while I am indeed willing to accept invitation requests more broadly from G+ users and other folks who are feeling increasingly without a welcoming social media home, please carefully consider the following before applying.

It’s my private forum. My rules apply. It operates as a (hopefully) benign dictatorship. I reserve the right to reject any invite applications or submitted postings. Any bad behavior (by my definitions) will result in ejection, typically on a one-strike basis. All submitted posts will be moderated (by myself and/or by trusted users whom I designate) before potentially being accepted and becoming visible on the forum. Private messaging between users is not supported at this time. I make no guarantees regarding how long the forum will operate or how it might evolve, but my intention is for it to be a low-key and comfortable place for friends to post and discuss issues of interest.

If you don’t like that kind of environment, then please don’t even bother applying for an invitation. Go use Facebook. Or go somewhere else. Good luck. You’re going to need it.

If you do want to apply for an invitation, please send an email message explaining briefly who you are and why you want to join, to:

g-forum-request@vortex.com

I look forward to hearing from you.

Take care. Be seeing you.

–Lauren–

]]>
https://lauren.vortex.com/2019/01/05/a-new-invite-only-forum-for-victims-of-googles-google-purge/feed 2
Google’s Reaction to Chromecast Hijacking Is Another User Trust Failure https://lauren.vortex.com/2019/01/04/googles-reaction-to-chromecast-hijacking-is-another-user-trust-failure Fri, 04 Jan 2019 18:23:06 +0000 https://lauren.vortex.com/?p=4122 Continue reading "Google’s Reaction to Chromecast Hijacking Is Another User Trust Failure"]]> You may have heard by now that significant numbers of Google’s excellent Chromecast devices — dongles that attach to televisions to display video streams — are being “hijacked” by hackers, forcing attached televisions to display content of the hackers’ choosing. The same exploit permits other tampering with some users’ Chromecasts, including apparently forced reboots, factory resets, and configuration changes. Google Home devices don’t seem to be similarly targeted currently, but they likely are similarly vulnerable.

The underlying technical vulnerability itself has been known for years, and Google has been uninterested in changing it. These devices use several ports for control, and they depend on local network isolation rather than strong authentication for access control.

In theory, if everyone had properly configured Internet routers with bug free firmware, this authentication and control design would likely be adequate. But of course, everyone doesn’t fall into this category.

If those control ports end up accessible to the outside world via unintended port forwarding settings (the UPnP capability in most routers is especially problematic in this regard), the associated devices become vulnerable to remote tampering, and may be discoverable by search engines that specialize in finding and exposing devices in this condition.

Google has their own reasons for not wanting to change the authentication model for these devices, and I’m not going to argue the technical ramifications of their stance right now.

But the manner in which Google has been reacting to this new round of attacks on Chromecast users is all too typical of their continuing user trust failures, others of which I’ve outlined in the recent posts “Can We Trust Google?” (https://lauren.vortex.com/2018/12/10/can-we-trust-google) and “The Death of Google” (https://lauren.vortex.com/2018/10/08/the-death-of-google).

Granted, Chromecast hijacking doesn’t rank at the top of exploits sorted by severity, but Google’s responses to this situation are entirely characteristic of their attitude when faced with such controversies.

To date — as far as I know — Google has simply taken the “pass the buck” approach. In response to media queries about this issue, Google insists that the problem isn’t their fault. They assert that other devices made by other firms can have the same vulnerabilities. They lay the blame on users who have configured their routers incorrectly. And so on.

While we can argue the details of the authentication design that Google is using for these devices, there’s something that I consider to be inarguable: When you blame your users for a problem, you are virtually always on the losing side of the argument.

It’s as if Google just can’t bring itself to admit that anything could be wrong with the Chromecast ecosystem — or other aspects of their vast operating environments.

Forget about who’s to blame for the situation. Instead, how about thinking of ways to assist those users who are being affected or could be affected, without relying on third-party media to provide that kind of help!

Here’s what I’d do if I was making these decisions at Google.

I’d make an official blog post on the appropriate Google blogs alerting Chromecast users to these attacks and explaining how users can check to make sure that their routers are configured to block such exploits. I’d place something similar prominently within the official Chromecast help pages, where many users already affected by the problem would be most likely to initially turn for official “straight from Google” help.

This kind of proactive outreach shouldn’t be a difficult decision for a firm like Google that has so many superlative aspects. But again and again, it seems that Google has some sort of internal compulsion to try minimize such matters and to avoid reaching out to users in such situations, and seems to frequently only really engage publicly in these kinds of  circumstances when problems have escalated to the point where Google feels that its back is against the wall and that they have no other choice.

This isn’t rocket science. Hell, it’s not even computer science. We’re talking about demonstrating genuine respect for your users, even if the total number of users affected is relatively small at Google Scale, even if the problems aren’t extreme, even if the problems arguably aren’t even your fault.

It’s baffling. It’s disturbing. And it undermines overall user trust in Google relating to far more critical issues, to the detriment of both Google itself and Google’s users.

And perhaps most importantly, Google could easily improve this situation, if they chose to do so. No new data centers need be built for this purpose, no new code is required. 

What’s needed is merely the recognition by Google that despite their great technical prowess, they have failed to really internalize the fact that all users matter — even the ones with limited technical expertise — and that Google’s attitude toward those users who depend on their services matters at least as much as the quality of those services themselves. 

–Lauren–

]]>
USA Wants to Restrict AI Exports: A Stupid and Dangerous Idea https://lauren.vortex.com/2019/01/02/usa-wants-to-restrict-ai-exports-a-stupid-and-dangerous-idea Wed, 02 Jan 2019 16:19:58 +0000 https://lauren.vortex.com/?p=4110 Continue reading "USA Wants to Restrict AI Exports: A Stupid and Dangerous Idea"]]> When small, closed minds tackle big issues, the results are rarely good, and frequently are awful. This tends to be especially true when governments attempt to restrict the development and evolution of technology. Not only do those attempts routinely fail at their stated and ostensible purposes, but they often do massive self-inflicted damage along the way, and end up further empowering our adversaries.

Much as Trump’s expensive fantasy wall (“Mexico will pay for it!”) would have little ultimate impact on genuine immigration problems — other than to further exacerbate them — his Commerce department’s new plans for restricting the export of technologies such as AI, speech recognition, natural language understanding, and computer vision would be yet another unforced error that could decimate the USA’s leading role in these areas.

We’ve been down this kind of road before. Years ago, the USA federal government placed draconian restrictions on the export of encryption technologies,  classifying them as a form of munitions. The result was that the rest of the world zoomed ahead in crypto tech. This also triggered famously bizarre situations like t-shirts with encryption source code printed on them being restricted, and the co-inventor of the UNIX operating system — Ken Thompson — battling to take his “Belle” chess-playing computer outside the country, because the U.S. government felt that various of the chips inside fell into this restricted category. (At the time, Ken was reportedly quoted as saying that the only way you could hurt someone with Belle was by dropping it out of a plane — you might kill someone if it hit them!)

As is the case with AI and the other technologies that Commerce is talking about restricting today, encryption R&D information is widely shared among researchers, and likewise, any attempts to stop these new technologies from being widely available, even attempts at restricting access to them by specific countries on our designated blacklist of the moment, will inevitably fail.

Even worse, the reaction of the global community to such ill-advised actions by the U.S. will inevitably tend to put us at a disadvantage yet again, as other countries with more intelligent and insightful leadership race ahead leaving us behind in the dust of politically motivated export control regimes.

To restrict the export of AI and affiliated technologies is shortsighted, dangerous, and will only accomplish damaging our own interests, by restricting our ability to participate fully and openly in these crucial areas. It’s the kind of self-destructive thinking that we’ve come to expect from the anti-science, “build walls” Trump administration, but it must be firmly and completely rejected nonetheless.

–Lauren–

]]>
Google’s China Dilemma Is Ours as Well https://lauren.vortex.com/2018/12/27/googles-china-dilemma-is-ours-as-well Thu, 27 Dec 2018 19:20:14 +0000 https://lauren.vortex.com/?p=4098 Continue reading "Google’s China Dilemma Is Ours as Well"]]> It now seems unlikely that Google will be proceeding anytime soon with their highly controversial “Dragonfly” project to provide Chinese government-controlled censored search services in China. The project has become politically radioactive — odds are that any attempt to move forward would result in overwhelming bipartisan blocking actions by Congress.

But this doesn’t mean that Google can — or that they should — leave China. About 20% of the global population is within Chinese territorial boundaries, well over a billion human beings. Even if it were financially practical to do so (which it isn’t), we cannot ethically abandon them.

Our ethical concerns with China are not with the Chinese people, they’re with the oppressive, dictatorial Chinese government.

In fact, if you ever deal directly with Chinese individuals, you’ll generally find them to be among the greatest folks you’ve ever encountered. Even if your experience is only with the multitude of Chinese-operated stores on eBay, it’s routine to receive superb customer service that puts many U.S.-based firms to shame.

So the dilemma — not just for Google but for all of us in dealing with China — is how to best serve the people of China, without directly supporting China’s totalitarian regime and their escalating and serious mass human rights abuses.

Obviously, it’s impossible to completely compartmentalize these two aspects of the problem, but there are some fairly obvious guidelines that we can apply.

Joint research projects with China — for example, in areas such as machine learning and artificial intelligence — is one category that will generally make sense to pursue, even though we realize that the fruits of such work can be used in negative ways.

But realistically, this is true of most research by humankind throughout history, and joint research projects can at the very least provide valuable insight into important work that might not otherwise be surfaced to domestic researchers.

On the other hand, participation in operational Chinese systems that wage war and/or directly further the oppression of the Chinese people should be absolutely off the table. This is the dangerous category into which Dragonfly would ultimately have resided, because the Chinese government’s vast censorship apparatus is a foundational and crucial aspect of their maintaining oppressive control over their population.

The fact that the vast majority of common queries under Dragonfly might not have been censored is irrelevant to the concerns at hand. It’s those crucial other Dragonfly queries —- censored by order of the Chinese dictators — that would drag this concept deep into an unacceptable ethical minefield.

These are but two examples from a complex array of situations relating to China. Neither Google nor the rest of us can or should disengage from China. But the specific ways in which we choose to work with China are paramount, and it is incumbent on us to assure that such projects always pass reasonable ethical muster.

As usual with so much in life, as the old saying goes (and the Chinese probably said it first) — the devil is in the details.

–Lauren–

]]>
A Terrible and All Too Common YouTube Abuse Story https://lauren.vortex.com/2018/12/26/a-terrible-and-all-too-common-youtube-abuse-story https://lauren.vortex.com/2018/12/26/a-terrible-and-all-too-common-youtube-abuse-story#comments Wed, 26 Dec 2018 19:21:24 +0000 https://lauren.vortex.com/?p=4090 Continue reading "A Terrible and All Too Common YouTube Abuse Story"]]> If you’re a regular reader of my missives, you know that one of my continuing gripes with Google — going back many years — relates to their continuing failures to devise a system to deal appropriately with user problems in need of support escalation.

I have enormous respect for Google — a great company — but their bullheaded refusal to consider solutions that so many firms have found useful in these regards, such as ombudspersons and user advocates, is a source of continuing deep disappointment.

I’ve written about these issues so very many times over the years that I’m not going to repeat myself here, beyond saying that the usual excuse one hears — that people using free services should expect to get the level of service that they’re paying for — is not an acceptable one for services that have become so integral to so many people’s lives.

But it goes way beyond this. Escalation failures are common even with users of Google’s paid business services, and for major YouTube creators in monetary relationships with Google.

In fact, YouTube-related problems are near the top of the list of why users come to me asking for help with Google issues. Sometimes I can help them, sometimes I can’t. Either way, this isn’t something I should need to be doing from the outside of Google! Google needs to have dedicated employee roles for these escalation tasks.

I won’t here plow again over the ground that I’ve covered in the past regarding YouTube problems with Content ID and false ownership claims, and the desperation of honest YouTube creators who get crunched between the gears of YouTube’s claim/counterclaim machinery.

Rather, I’ll point to a particularly vivid very recent story of a YouTube creator who had his video (monetized with over 47 million views), ripped out from under him by someone with no actual ownership rights, and the Kafkaesque failures of Google to deal with the situation appropriately.

This case is all the more painful since this creator had enough subscribers that he had a YouTube “liaison” (something most YouTube creators don’t have, of course), but YouTube’s procedures failed so badly that even this didn’t help him. I recommend that you watch his video explaining the situation (posted just five days ago, it already has over two million views):

“How my video with 47 million views was stolen on YouTube” – https://www.youtube.com/watch?v=z4AeoAWGJBw 

And keep in mind, as he points out himself, this is far from an isolated kind of case.

Google knows what’s necessary to fix these kinds of situations. You start by hiring an ombudsperson, user advocate, or create some similar dedicated roles with genuine responsibility within the firm.

Google continues to fight these concepts, and the longer that they do so, the more that they risk trust in Google being further diminished and eventually decimated.

–Lauren–

]]>
https://lauren.vortex.com/2018/12/26/a-terrible-and-all-too-common-youtube-abuse-story/feed 1
Why I No Longer Recommend Google for Many Serious Business Applications https://lauren.vortex.com/2018/12/20/why-i-no-longer-recommend-google-for-many-serious-business-applications https://lauren.vortex.com/2018/12/20/why-i-no-longer-recommend-google-for-many-serious-business-applications#comments Thu, 20 Dec 2018 23:24:16 +0000 https://lauren.vortex.com/?p=4077 Continue reading "Why I No Longer Recommend Google for Many Serious Business Applications"]]> Recently in “Can We Trust Google?” (https://lauren.vortex.com/2018/12/10/can-we-trust-google), I explored the question of whether Google should be considered to be a reliable partner to consumers or businesses, given the manner in which Google all too frequently makes significant changes to their products without documenting associated user interface and other related issues appropriately.

Even worse, Google has a long history of leaving users out in the cold when Google abruptly decides to kill products, often with inadequate or questionable claimed justifications.

Google has taken such actions again and again, most recently with the consumer version of Google+ — whose users represent among Google’s most loyal fans. Today, Google announced that G+ APIs will start to break in January — causing vast numbers of active sites and archives which depend on them for various display elements (including some of my own sites) to turn into graphical garbage without significant and time-consuming modifications.

Meanwhile, Google is speeding ahead with their total shutdown of consumer G+, on their new accelerated schedule that suddenly took months off of their originally announced rapid shutdown timetable.

If this all isn’t enough of a kick in the teeth to Google fans, Google continues extolling the virtues of the new G+ features that they plan for enterprises — for businesses — which apparently will be continuing and expanding even as the consumer side is liquidated.

But I wonder how long enterprise G+ will actually last? So many business people have contacted me noting that they no longer are willing to entrust long-term or mission critical applications to Google, because they just don’t trust that Google can be depended upon to maintain products into the foreseeable future. These entrepreneurs fear that they’re going to end up being ground up in the garbage disposal just like Google’s consumer users so often are, when Google products are pulled out from under them.

This goes far beyond Google+. These issues permeate the way Google treats both consumer and business users — very much as if they were disposable commodities, where only the largest demographic groups mattered at all.

I am a tremendous fan of Google and Googlers. But I’m forced to agree that at present it’s difficult to recommend Google as a stable resource for businesses that need to plan further than relatively short periods into the future. 

For business planning purposes, all of that great Google technology is effectively worthless if you can’t depend on it being stable and still being available even a few short years from now. 

For all the many faults of firms like Microsoft and Amazon — and I’m no friend of either — both of them seem to have learned that businesses need stability above all — a lesson that Google still doesn’t seem to have really internalized.

Both Amazon and Microsoft seem to understand that the ways in which you treat the users of your consumer products will reflect mightily on business’ decisions about adopting your enterprise products and services. For all of their vast technological expertise, Google seems utterly clueless regarding this important fact.

When I mentioned recently that I still believed it possible for Google to turn this situation around, I received a bunch of responses from readers suggesting that I was wrong, that Google will never make the kinds of changes that would truly be necessary.

I will continue to try help folks with Google-related issues to the maximal extent that I can. But I sure hope that my optimistic view regarding Google’s ability to change isn’t proven to be painfully incorrect in the end.

–Lauren–

]]>
https://lauren.vortex.com/2018/12/20/why-i-no-longer-recommend-google-for-many-serious-business-applications/feed 2
The Terrifying Moment at the Congressional Google Hearing Today https://lauren.vortex.com/2018/12/11/the-terrifying-moment-at-the-congressional-google-hearing-today Wed, 12 Dec 2018 06:51:30 +0000 https://lauren.vortex.com/?p=4066 Continue reading "The Terrifying Moment at the Congressional Google Hearing Today"]]> During a radio interview a few minutes ago, I was asked for my opinion regarding Google CEO Sundar Pichai’s hearing at Congress today. 

There’s a lot that can be said about this hearing. Sundar confirmed that Google does not plan to go ahead with a Chinese government censored search engine — right now. 

Most of the hearing involved the ridiculous, false continuing charges that Google’s search results are politically biased — they’re not.

But relating to that second topic, I heard one of the scariest demands ever uttered by a member of the U.S. Congress.

Rep. Steve King (R-Iowa) wants Google to hand over to Congress the identities of the Googlers whose work relates to search algorithms. King made it clear that he wants to examine these private individuals’ personal social media postings, his direct implication being that showing a political orientation in your personal postings would mean that you’d be incapable of doing your work on search in an unbiased manner.

This is worse than wrong, worse than stupid, worse than lunacy — it’s outright dangerous McCarthyism of the first order.

Everything else that occurred in that hearing pales into insignificance compared with King’s statement.

King continued by threatening Google with various punitive actions if Google refuses to agree to his demand regarding Google employees, and also to turn over the details of how the Google search algorithms are designed — which of course Congress would leak — setting the stage for search to be gamed and ruined by every tech-savvy wacko and crook.

Steve King has a long history of crazy, racist remarks, so it’s no surprise that he also rants into straitjacket territory when it comes to Google as well.

But his remarks today regarding Google were absolutely chilling, and they need to be widely and vigorously condemned in no uncertain terms.

–Lauren–

]]>
Recent Google Posts https://lauren.vortex.com/2018/12/11/recent-google-posts Tue, 11 Dec 2018 17:34:26 +0000 https://lauren.vortex.com/?p=4064 Can We Trust Google?
https://lauren.vortex.com/2018/12/10/can-we-trust-google

The DATA Says: Google’s “Dragonfly” Chinese Search Is Doomed
https://lauren.vortex.com/2018/11/28/the-data-says-googles-dragonfly-chinese-search-is-doomed

Save Google — but Let Facebook Die
https://lauren.vortex.com/2018/11/22/save-google-but-let-facebook-die

After the Walkout, Google’s Moment of Truth
https://lauren.vortex.com/2018/11/03/after-the-walkout-googles-moment-of-truth

Beware of “Self-Selected” Surveys of Google Employees
https://lauren.vortex.com/2018/10/30/beware-of-self-selected-surveys-of-google-employees

Why Internet Tech Employees Are Rebelling Against Military Contracts
https://lauren.vortex.com/2018/10/15/why-internet-tech-employees-are-rebelling-against-military-contracts

The Death of Google
https://lauren.vortex.com/2018/10/08/the-death-of-google

–Lauren–

]]>
Can We Trust Google? https://lauren.vortex.com/2018/12/10/can-we-trust-google https://lauren.vortex.com/2018/12/10/can-we-trust-google#comments Mon, 10 Dec 2018 19:04:21 +0000 https://lauren.vortex.com/?p=4054 Continue reading "Can We Trust Google?"]]> I consider Google to be a great company. I have many friends who are Googlers. I am dependent on many Google services and products.

But if you’ve gotten the sense that Google has been flailing around in a seemingly uncoordinated fashion lately, like a chainsaw run wild, you’re not the only one. And I’m not talking right now about their nightmare “Dragonfly” Chinese censorship project or the righteous rising tide of their own employees’ protests.

Let’s talk about the users. Let’s talk about you and me.

Some of Google’s management decisions are chopping Google’s most loyal users to figurative bloody bits.

Google has fantastic engineering teams, world-class privacy and security teams, brilliant lawyers, and so many other wonderful human and technical resources — yet Google’s upper management apparently still hasn’t really grown up.

To put it bluntly, Google management in key respects treats ordinary users like disposable bathroom paper products, to be used and quickly disposed of without significant consideration of the ultimate impacts.

There’s a site out on the Web that calls itself the Google Graveyard — they list all the Google services that have appeared and then unceremoniously vanished over the years, leaving seas of disappointed and upset users in their wake.

Today Google apparently announced that they’re pushing up the death date for consumer Google+ to April. Just recently they said it was going to be next August, so loyal G+ users — and don’t believe the propaganda, there are vast numbers of them — were planning on the basis of that original date. Google is simultaneously citing a new minor G+ security bug and is apparently using that as an excuse. But we know that’s bogus, because Google simultaneously notes that this minor bug only existed for less than a week and there was no evidence of it being exploited.

Google just wants to dump its social media users who aren’t on YouTube. No matter the many years that those users on G+ have spent building up vibrant communities on the platform. We know Google isn’t killing the essential G+ technical infrastructure, since they plan to continue it for their enterprise (paying) customers.

Who knows, maybe Google will next announce that consumer G+ will shut down 48 hours from now.

Let’s face it, you simply cannot depend on Google honorably even sticking to their own service shutdown dates and not pulling the plug earlier — users be damned! Who really cares about the impacts on those users, right?

You want another recent example? Glad you asked! Google over the last handful of days suddenly, and with no notification at all, started removing a feature from Google Voice, causing the way incoming calls are treated by the system to suddenly change for users employing that option in call screening. Because Google didn’t bother to notify any Google Voice users about this in advance, users only found out when their callers started expressing confusion about what was going on. I’m in useful discussions with the Google Voice team about this situation, and Google asserts that most users didn’t choose a mix of options that were affected by this.

But that’s not the point! For those users who did use that option set, this was a big deal, a major disruptive change that they were not told about (and in fact, still have not officially been informed about as far as I know), leaving them no opportunity to take reasonable proactive actions and limit the negative impacts.

The list of similarly affected Google products and services goes on and on.  Google adds and removes features and changes user interfaces without warning, explanation, or frequently even any documentation. They kill off services — used by millions — on short notice, and even when they give a longer notice they may then suddenly chop months from that interval, as they have with G+.

Some might argue that users who don’t pay for Google services shouldn’t expect much more than nuthin’. But that’s garbage.

Vast numbers of persons depend on Google for many aspects of their lives. In many cases, they would happily pay reasonable fees for better support and some guarantees that Google won’t suddenly kill their favorite services! Innumerable people have told me how they’d happily pay to use consumer G+ or Google Voice under those conditions, and the same goes for many other Google services as well.

And yet, except for the limited offerings in “Google One” and media offerings like YouTube and Music premium services, essentially the only other way to pay for standard Google services is through Google’s “G Suite” enterprise model, which is domain-centric and far more appropriate for corporate users than for individuals.

Google knows that as time goes on their traditional advertising revenue model will become decreasingly effective. This is obviously one reason why they’ve been pivoting toward paid service models aimed at businesses and other organizations. That doesn’t just include G Suite, but great products like their AI offerings, Google Cloud, and more.

But no matter how technically advanced those products, there’s a fundamental question that any potential paying user of them must ask themselves. Can I depend on these services still being available a year from now? Or in five years? How do I know that Google won’t treat business users the same ways as they’ve treated their consumer users?

In fact, sadly, I hear this all the time now. Users tell me that they had been planning to move their business services to Google, but after what they’ve seen happening on the consumer side they just don’t trust Google to be a reliable partner going forward.

And I can’t blame folks for feeling this way. As the old saying goes, “Fool me once shame on you, fool me twice shame on me.”

The increasingly shabby way that Google treats consumer users in the respects that I’ve been discussing here has real world impacts on how potential business users view Google.  The fact that Google has been continuing to pull the rug out from under their most loyal consumer users has not been lost on business observers, who know that even though Google’s services are usually technically superior, that fact alone is not enough to trust Google with your business operations.

Google works quite hard it seems to avoid thinking much about these negative impacts. That’s part of the reasons, I believe, why Google fights so hard against filling commonly accepted roles that so many firms have found to be so incredibly useful, such as ombudspersons, ethics officers, and user advocates.

In some ways, Google management still behaves as if Google was still a bunch of PCs stacked up in a garage. They still have not really taken responsibility for their important place in the world.

Personally, I still believe that Google can turn around this situation for the better. However, I am forced to admit that to date, I do not see significant signs of their being willing to take the significant steps and to make the serious changes necessary for this to occur.

–Lauren–

]]>
https://lauren.vortex.com/2018/12/10/can-we-trust-google/feed 4
The DATA Says: Google’s “Dragonfly” Chinese Search Is Doomed https://lauren.vortex.com/2018/11/28/the-data-says-googles-dragonfly-chinese-search-is-doomed Wed, 28 Nov 2018 18:34:25 +0000 https://lauren.vortex.com/?p=4040 Continue reading "The DATA Says: Google’s “Dragonfly” Chinese Search Is Doomed"]]> Google’s highly controversial “Dragonfly” project, exploring the possibility of providing Chinese-government censored and controlled search to China, is back in the news — with continuing protests by concerned Google employees, including public letters and other actions.

I have previously explained my opposition to this project and my solidarity with these Googlers, in posts such as: “Google Admits It Has Chinese Censorship Search Plans – What This Means” (https://lauren.vortex.com/2018/08/17/google-admits-it-has-chinese-censorship-search-plans-what-this-means) and other related essays.

There are a multitude of reasons to be skeptical about this project, ranging from philosophical to emotional to economic. Basic issues relating to freedom of speech and individual rights come into play when dealing with an absolute dictatorship that sends people to “reeducation” camps where they are tortured merely for having the “wrong” religions, or where making an “inappropriate” comment on the tightly-controlled Chinese Internet can result in authorities dragging you away to secret prisons.

There is also ample evidence to suggest that if Google proceeds to provide such search services in China, they will be mercilessly attacked by politicians from both sides of the aisle, many of whom already are in the ranks of the Google Haters.

But for the moment, let’s attempt to set such horrors and the politics aside, and look at Dragonfly in the cold, hard logic of available data. Google famously considers itself to be a “data-driven” company. Does the available data suggest that Dragonfly would be practical for Google to implement and operate going forward?

The answer is clearly negative.

Philosopher George Santayana’s notable assertion that: “Those who cannot remember the past are condemned to repeat it” is basically another way of saying “If you ignore the data staring you in the face, don’t be surprised when you get screwed.”

And the data regarding the probability of getting burned, screwed, or otherwise bulldozed by China is plentiful.

Google of course has plenty of specific data in hand about this. They tried providing censored search to China around a decade ago. The result was (as many of us predicated at the time) ever-increasing demands for more censorship and more control from the Chinese government, and then a series of Chinese-based hack attacks against Google itself, causing Google to correctly pull the plug on that project.

Fast forward to today, and Google management seems to be asserting that somehow THIS time it will all be different and work out just fine. Is there any data to suggest that this view is accurate?

Again, the answer is clearly no. In fact, vast evidence suggests exactly the opposite.

The optimistic assertions of Dragonfly proponents might have a modicum of validity if there were any evidence that China has been moving in a positive direction relating to speech and other human rights (in either or both of the technological and non-technological realms) in the years since Google’s original attempt to provide censored Chinese search.

But the data regarding China’s behavior over this period clearly demonstrates China moving in precisely the contrary direction! 

China has used this time not to improve the human rights of its people, but to massively tighten its grip and to escalate its abuses in nightmarish ways. And especially to the point of this discussion, China’s ever more dictatorially monitored and controlled Internet has become a key tool in the government’s campaign of terror.

China has turned the democratic ideals of the Internet’s founders on their heads, and have morphed their own Internet into a bloody bludgeon to use against its own people, and even against Chinese persons living outside of China.

The reality of course is that China is an economic powerhouse — the West has already sold its economic soul to China to a major degree. There is no reversing that in the foreseeable future. Neither threats nor tariffs will make a real difference.

But we still do have some free choice when it comes to China.

And one specific choice — a righteous and honorable choice indeed — is to NOT get into bed with the Chinese dictators’ Internet control and censorship regime.  

Giving the Chinese government dictators any control over Google search results would be effectively tantamount to embracing their horrific abuses — PR releases to the contrary notwithstanding.

The data — the history — teaches us clearly that there is no “just dipping your toe into the water” when it comes to collaboration with unrepentant, dictatorial regimes in the process of extending and accelerating their abuses, as is the case with China. You will not be able to make China behave any “better” through your actions. But you will inevitably be ultimately dragged body and soul into their putrid deeps. 

The data is obvious. The data is devastating. 

Google should immediately end its dance with China over Chinese censored search. Dragonfly and any similar projects should be put out of their miseries for good and all.

–Lauren–

]]>
Save Google — but Let Facebook Die https://lauren.vortex.com/2018/11/22/save-google-but-let-facebook-die Fri, 23 Nov 2018 04:13:45 +0000 https://lauren.vortex.com/?p=4017 Continue reading "Save Google — but Let Facebook Die"]]> Do you know why Facebook is called Facebook? The name dates back to founder Mark Zuckerberg’s “FaceMash” project at Harvard, designed to display photos of students’ faces (without their explicit permissions) to be compared in terms of physical attractiveness. Essentially, a way he and his friends could avoid dating “ugly” people by his definition. Zuck even toyed with the idea of comparing those student photos with shots of farm animals. 

Immature. Exploitative. Verging on pre-echos of evils to come.

Fast forward to Facebook of today. As we’ve watched Zuckerberg’s baby expand over the years like a mutant virus from science fiction, we’ve had plenty of warnings that the at best amoral attitudes of Zuck and his hand-picked cronies have permeated the Facebook ecosystem. 

It’s long been a given that Facebook ruthlessly controls, limits, and manipulates the data that users are shown — to its own financial advantage. 

But long before we learned of Facebook’s deep embeds in right-wing politics, and the Russians’ own deep manipulative embeds in Facebook, there were other clues that Facebook’s ethical compass was virtually nonexistent.

Remember when it was discovered that Facebook was manipulating information shown to specific sets of users to see if their emotional states could be altered by such machinations without their knowledge? 

Over and over again, Facebook has been caught in misstatements, in subterfuge, in outright lies — including the recent revelations of their paying an outside PR hit firm to fabricate attack pieces on other firms to divert attention from Facebook’s own spreading problems, even to the extent of the firm reportedly spreading false antisemitic conspiracy theories.

Zuck and Chief Operating Officer Sheryl Sandberg found an outgoing employee to fall on his sword to take official responsibility for this, and initially both Zuck and Sheryl publicly disclaimed any knowledge of that outside firm’s actions. But now Sheryl has apparently reversed herself, admitting that information about the firm did reach her desk. And do you really believe that control freaks like Mark Zuckerberg and Sandberg weren’t being kept informed about this in some manner all along? C’mon!

Facebook of course is not the only large Internet firm with ethical challenges. Recently in “The Death of Google” (https://lauren.vortex.com/2018/10/08/the-death-of-google), and “After the Walkout, Google’s Moment of Truth” (https://lauren.vortex.com/2018/11/03/after-the-walkout-googles-moment-of-truth), I noted Google’s own ethical failings of late, and my suggestions for making Google a better Google. Importantly, those posts were not predicting Google’s demise, but rather were proposing means to help Google avoid drifting further from the admirable principles of its founding (“organizing and making available the world’s information” — in sharp contrast to Facebook’s seminal “avoid dating ugly people” design goal).  So both of those posts regarding Google were in the manner of Dickens’  “Ghost of Christmas Future” — a discussion of bad outcomes that might be, not that must be.  

Saving Google is a righteous and worthy goal.

Not so Facebook. Facebook’s business model is and has always been fundamentally rotten to its core, and the more that this core has been exposed to the public, the more foul the stench of rotten decay that Facebook emits.

“Saving” Facebook would mean helping to perpetuate the sordid, manipulative mess of Facebook today, that reaches back to its very beginnings — a creation that no longer deserves to exist.

In theory, Facebook could change its ways in positive directions, but not without abandoning virtually everything that has characterized Facebook since its earliest days. 

And there is no indication — zero, none, nil — that Zuckerberg has any intention of letting that happen to his self-made monster.

So in the final analysis — from an ethical standpoint at least — there is no point to trying to “save” Facebook — not from regulators, not from politicians, and certainly not from itself. 

The likely end of Facebook as we know it today will not come tomorrow, or next month, or even perhaps over a short span of years. 

But the die has been cast, and nothing short of a miracle will save Facebook in the long run. And whether or not you believe in miracles, Facebook doesn’t deserve one.

–Lauren–

]]>
My Thoughts on New Studies of Toxic Emissions from 3D Printers https://lauren.vortex.com/2018/11/12/my-thoughts-on-new-studies-of-toxic-emissions-from-3d-printers Mon, 12 Nov 2018 17:33:41 +0000 https://lauren.vortex.com/?p=3997 Continue reading "My Thoughts on New Studies of Toxic Emissions from 3D Printers"]]> Some new studies are quantifying the levels of toxic emissions from conventional 3D printers using conventional plastic filaments of various types. The results are not particularly encouraging, but are not a big surprise. They are certainly important to note, and since I’ve discussed the usefulness of 3D printing many times in the past, I wanted to pass along some of my thoughts regarding these new reports. (Gizmodo’s summary is here: https://gizmodo.com/new-study-details-all-the-toxic-particles-spewed-out-by-3d-p-1830379464).

The big takeaways are pretty much in line with what we already knew (or at least suspected), but add some pretty large exclamation points.

PLA filament generally produces far fewer toxic emissions than most other filament compositions (especially ABS), and is what I would almost always recommend using in the vast majority of cases.

The finding that inexpensive filaments tend to have more emissions than “name brands” is interesting, probably related to levels of contaminants in the raw filament ingredients. However, in practice filament has become so fungible — with manufacturers putting different brand names on the same physical filament from the same factories — it’s often difficult to really know if you’re definitely buying the filament that you think you are. And of course, the most widely used filaments tend to be among the most inexpensive.

My own recommendation has always been to never run a 3D printer that doesn’t have its own enclosed build area air chamber (which the overwhelming vast majority don’t) in a room routinely occupied by people or animals — print runs can take many hours and emissions are continuing the entire time. Printing outside isn’t typically practical due to air currents and sudden temperature changes. A generally good location for common “open” printers is a garage, ideally with a ventilation fan.

The reported fact that filament color affects emissions is not unexpected — there has long been concern about the various additives that are used to create these colors. Black filament is probably the worst case, since it tends to have all sorts of leftover filament scraps and gunk thrown into the mix — the fact that black filament tends to regularly clog 3D printers is another warning sign.

Probably the safest choice overall when specific colors aren’t at issue, is to print with “natural color” (whitish, rather transparent) PLA filament, which tends to have minimum additives. It also is typically the easiest and most reliable to print with, probably for that same reason.

The finding that there is a “burst” of aerosol emissions when printing begins is particularly annoying, since it’s when printing is getting started that you tend to be most closely inspecting the process looking for early print failures.

So the bottom line is pretty much what you’d expect — breathing the stuff emanating from molten plastic isn’t great for you. Then again, even though it only heated the plastic sheets for a few minutes at a time (as opposed to the hours-long running times of modern 3D printers), I loved my old Mattel “VAC-U-FORM” when I was a kid — and who knows how toxic the plastics heated in that beauty really were (https://www.youtube.com/watch?v=lCvgvWiZNe8). Egads, not only can you still get them on eBay, replacement parts and plastic refill packs are still being sold as well!

I guess that they got it right in the “The Graduate” after all: https://www.youtube.com/watch?v=Dug-G9xVdVs

Be seeing you.

–Lauren–

]]>
After the Walkout, Google’s Moment of Truth https://lauren.vortex.com/2018/11/03/after-the-walkout-googles-moment-of-truth Sun, 04 Nov 2018 02:21:45 +0000 https://lauren.vortex.com/?p=3977 Continue reading "After the Walkout, Google’s Moment of Truth"]]> UPDATE (November 22, 2018): Save Google — but Let Facebook Die

– – –

Google has reached what could very well be an existential moment of truth in its corporate history.

The recent global walkout of Google employees and contractors included more than 20,000 participants by current counts, and the final numbers are almost certain to be even higher. This puts total participation at something north of 20% of the entire firm — a remarkable achievement by the organizers.

Almost a month ago, when I posted my concerns regarding the path that this great company has been taking, and the associated impacts on both their employees and users (“The Death of Google” – https://lauren.vortex.com/2018/10/08/the-death-of-google), the sexual assault and harassment issues that were the proximate trigger for the walkout were not yet known publicly — not even to most Googlers.

These newly reported management failures clearly fit tightly into the same pattern of longstanding issues that I’ve frequently noted, and various broad concerns related to Google’s accountability and transparency that have been cited as additional foundational reasons for the walkout.

Google today — almost exactly twenty years since its founding — is at a crossroads. The decisions that management makes now regarding the issues that drove the walkout and other issues of concern to Googlers, Google’s users, and the world at large, will greatly impact the future success of the firm, or even how long into the future Google will continue to exist in a recognizable form at all.

That so many of these issues have reached the public sphere at around the same time — sexual abuse and harassment, Googlers’ concerns about military contracts and a secret project aimed at providing Chinese-government censored search, and more — should not actually be a surprise.

For all of these matters are symptomatic of larger problematic ethical factors that have crept into Google’s structure, and without a foundational change of direction in this respect, new concerns will inevitably keep arising, and Google will keep lurching from crisis to crisis.

The walkout organizers will reportedly be meeting with Google CEO Sundar Pichai imminently, and I fully endorse the organizers’ publicly stated demands.

But management deeds are needed — not just words. After a demonstration of this nature, it’s all too easy for conciliatory statements to not be followed by concrete and sustained actions, and then for the original status quo to reassert itself over time.

This is also a most appropriate moment for Google to act on a range of systemic factors that have led to transparency, accountability, and other problems associated with Google management’s interactions with rank-and-file employees, and between Google as a whole and its users. 

Regarding the latter point, since I’ve many times over the years publicly outlined my thoughts regarding the need for Google employees dedicated to roles such as ombudsperson, user advocates, and ethics officer (call the latter “Guardian of Googleyness” if you prefer), I won’t detail these crucial positions again here now. But as the walkout strongly suggests, these all are more critically needed by Google than ever before, because they all connect back to the basic ethical issues at the core of many concerns regarding Google.

These are all interconnected and interrelated matters, and attempts to improve any of them in isolation from the others will ultimately be like sweeping dirt under the proverbial rug — such problems are pretty much guaranteed to eventually reemerge with even more serious negative consequences down the line.

Google is indeed a great company. No firm can be better than its employees, and Google’s employees — a significant number of whom I know personally — have through their walkout demonstrated to the world something that I already knew about them. 

Googlers care deeply about Google. They want it to be the best Google that it possibly can be, and that means meeting high ethical standards vertically, horizontally, and from A to Z.

Now it’s Google’s management’s turn. Can they demonstrate to their employees, to Google’s users, and to the global community, that loyalty towards Google has not been misplaced?

We shall see.

–Lauren–

]]>
Beware of “Self-Selected” Surveys of Google Employees https://lauren.vortex.com/2018/10/30/beware-of-self-selected-surveys-of-google-employees Wed, 31 Oct 2018 02:35:47 +0000 https://lauren.vortex.com/?p=3961 Continue reading "Beware of “Self-Selected” Surveys of Google Employees"]]> Late today I was sent a “press release” from “Blind: Your Anonymous Workplace Community” (“teamblind”) with the headline: 

88.4% of Google Conservatives Feel Their Political Views Not Welcome at Work

along with some response breakdowns of “liberal” – “moderate” – “conservative” and so on.

I wasn’t really familiar with Blind, but I did remember something from August where they claimed that:

65% of Google Employees Are in Favor of Censored Search

These are intriguing numbers, but as an old statistics guy from way back — ever since I read the 1954 (and still a classic) “How to Lie with Statistics” by Darrell Huff — I had to ask myself, what sort of statistically valid methodology is Blind using to gather these numbers?

Turns out — as far as I can tell at this point (and I’m certainly open to being corrected on this if I’m wrong!) — there appears to be no valid statistical methodologies in those surveys at all!

Blind’s primary model, as far as I can determine, is an app that interested users can install where various surveys are offered, and users who want to participate in particular surveys can choose to respond to them. 

To help ensure that workplace surveys are answered by actual employees of specific firms, Blind apparently verifies that users have appropriate corporate email addresses.

That serves to try keep random people out of the surveys, but doesn’t make those surveys in any way statistically valid, because they apparently remain fully “self-selected” surveys subject to the well known problems of “self-selection bias” effects.

In other words, you can’t infer any statistical information from these surveys beyond the opinions of the particular people who happened to be interested enough at any particular time to respond, and that will vary greatly depending on the nature of the questions and the types of people predisposed to install the Blind app and participate in any Blind surveys in the first place.

Your basic Statistics 101 course explains why the big polling organizations like Gallup — who do generate statistically valid surveys and polls — use carefully designed mathematical models to determine whom THEY will contact for surveys. They don’t just say “Hey, come on over and vote on this!” That’s why meticulously designed surveys of around 1000 or so people can be extremely accurate even when looking at national issues.

That’s not to say that Blind’s self-selected surveys regarding Google or other firms are worthless — they are indeed snapshots of interested users from subsets of their app’s user community. But that’s all.

It would be a tremendous error to try extrapolate from self-selected Blind surveys to any populations beyond the specific individual app users who chose to respond — so such surveys are essentially worthless for serious analysis or policy planning purposes.

This was true when Darrell Huff wrote his book in the mid-20th century, and it remains just as true today.

–Lauren–

]]>
Why Internet Tech Employees Are Rebelling Against Military Contracts https://lauren.vortex.com/2018/10/15/why-internet-tech-employees-are-rebelling-against-military-contracts Mon, 15 Oct 2018 16:24:58 +0000 https://lauren.vortex.com/?p=3927 Continue reading "Why Internet Tech Employees Are Rebelling Against Military Contracts"]]> Of late we’ve seen both leaked and open evidence of many employees at Internet tech firms in the U.S. rebelling against their firms participating in battlefield systems military contracts, mostly related to cloud services and AI systems.

Some reactions I’ve seen to this include statements like “those employees are unpatriotic and aren’t true Americans!” and “if they don’t like the projects they should just quit the firms!” (the latter as if everybody with a family was independently wealthy).

Many years ago I faced similar questions. My work at UCLA on the early ARPANET (a Department of Defense project) was funded by the military, but was research, not a battlefield system. A lot of very important positive research serving the world has come from military funding over the years and centuries.

When I was doing similar work at RAND, the calculus was a bit more complex since RAND’s primary funding back then was also DOD, but RAND provided analytical reports to decision makers, not actual weapons systems. And RAND had a well-earned reputation of speaking truth to power, even when that truth was not what the power wanted hear. I liked that.

But what’s happening now is different. The U.S. military is attempting to expand its traditional “military-industrial” complex (so named during a cautionary speech by President Eisenhower in 1961) beyond the traditional defense contractors like Boeing, Lockheed, and Raytheon.

The new battle systems procurement targets are companies like Google, Amazon, and Microsoft.

And therein lies the root of the problem.

Projects like Maven and JEDI are not simply research. They are active battlefield systems. JEDI has been specifically described by one of its top officials as a program aimed at “increasing the lethality of our department.”

When you sign on for a job at any of the traditional defense contractors, you know full well that battlefield operational systems are a major part of the firms’ work.

But when you sign on at Google, or Microsoft, or Amazon, that’s a different story.

Whether you’re a young person just beginning your career, or an old-timer long engaged in Internet work, you might quite reasonably expect to be working on search, or ads, or networking, or a thousand other areas related to the Net — but you probably did not anticipate being asked or required to work on systems that will actually be used to kill people.

The arguments in favor of these new kinds of lethal systems are well known. For example, they’re claimed to replace soldiers with AI and make individual soldiers more effective. In theory, fewer of our brave and dedicated volunteer military would be injured or killed. That would be great — if it were truly accurate and the end of the story.

But it’s not. History teaches us that with virtually every advance in operational battlefield technology, there are new calls for even more military operations, more “interventions,” more use of military power. And somehow the promised technological advantages always seem to be somehow largely cancelled out in the end.

So one shouldn’t wonder why Google won’t renew their participation in Maven, and has now announced that they will not participate in JEDI — or why many Microsoft employees are protesting their own firm’s JEDI participation.

And I predict that we’re now only seeing the beginnings of employees being unwilling to just “go along” with working on lethal systems.

The U.S. military has made no secret of the fact that they see cloud environments, AI, robotics, and an array of allied high technology fields as the future of lethal systems going forward.

It’s obvious that we need advanced military systems at least for defensive purposes in today’s world. But simply assuming that employees at firms that are not traditional defense contractors will just “go along” with work on lethal systems would be an enormous mistake. Many of these employees are making much the same sorts of personal decisions as I did long ago and have followed throughout my life, when I decided that I would not work on such systems.

The sooner that DOD actually understands these realities and recalibrates accordingly, the better.

–Lauren–

]]>
The Death of Google https://lauren.vortex.com/2018/10/08/the-death-of-google https://lauren.vortex.com/2018/10/08/the-death-of-google#comments Mon, 08 Oct 2018 21:36:59 +0000 https://lauren.vortex.com/?p=3887 Continue reading "The Death of Google"]]> UPDATE (November 22, 2018): Save Google — but Let Facebook Die

UPDATE (November 3, 2018): After the Walkout, Google’s Moment of Truth

– – –

The Death of Google
Lauren Weinstein
8 October 2018

Blog: https://lauren.vortex.com/the-death-of-google
PDF: https://lauren.vortex.com/google-death.pdf
Google Docs: https://lauren.vortex.com/google-death.gdoc

Google is dying. It may be possible to save the patient, but it’s also quite possible that Google has already passed the point of no return, especially with the array of forces now attacking it from all sides and from within. Since this situation has been largely enabled by unforced errors committed by Google itself, the prognosis can only be described as bleak.

Unfortunately, I have strong doubts that Google is capable at this time of making the kinds of “lifestyle changes” that would be required to truly save themselves. I would love to have these doubts proven to be incorrect.

A company named Google and its parent Alphabet will continue to exist for the foreseeable future, but for all practical purposes the Google that we all know appears to be in a kind of terminal decline, even as the money continues rolling in for now.

How can this be?

Today’s announcements of a Google+ security breach and the upcoming shutdown of consumer Google+ are but immediate symptoms of a malignancy that has been creeping through Google for years. UPDATE (October 11, 2018): This turns out to be more of a bug than a breach per se, and as I note below its security impact is virtually nil. However, it still should have promptly been made public.

As a big fan of Google, spending a significant amount of my time retorting the mischaracterizations and lies of the Google haters via my written posts and radio interviews, I take no pleasure in this kind of diagnosis.

I’ve watched the death throes of other major technology firms over the years, who originally seemed nothing short of invincible. 

AT&T for one. Digital Equipment Corporation (DEC) was another. Their declines took time — these are processes rather than events. It’s actually a fairly long list if you go far enough back. DEC was assimilated into other firms and its talent siphoned off in various directions. AT&T today is still large and powerful but in many ways is but a shadow of its former self, with its gems like Bell Labs long since morphed into meaningless.

The forces that are ripping Google apart are somewhat different in kind, but all the more tortuous and painful to behold.

For at its core, Google is suffering a complex and multifaceted ethical dilemma that not only threatens to decimate the firm from the inside over time, but has opened up vast gaping wounds that legions of politically-motivated Google haters are using to further evil agendas.

I’ve traveled quite the arc when it comes to Google. In their earlier days starting some 20 years ago, I was a rather intense critic — various of their early data collection and privacy practices seemed to be driven by a cavalier attitude that I viewed as unacceptable.

My first direct physical contact with Google occurred in 2006, when I was invited to Google’s L.A. offices to give a talk that I entitled “Internet & Empires” (the video of that presentation by a significantly younger version of myself is here: https://www.youtube.com/watch?v=PGoSpmv9ZVc). 

I believe it was the first talk they’d ever recorded at that office. There was no podium yet — I just sat on the edge of a table for the presentation.

My interactions with Googlers that day — both from the Q&A and our later discussions before I headed home — yielded me an immediate epiphany of sorts.

Googlers are probably the best people I’ve ever met or worked with in tech — or anywhere else for that matter. It was an honor to consult to Google internally and work directly with them for a significant period several years ago.

They’re intelligent. They care. Many of them are pretty nerdy — but I certainly plead guilty to that myself. I’ve nearly never met a Googler that I didn’t like.

But it became immediately clear that day back in 2006 that something of a discontinuity existed between “rank and file” Googlers and some individuals in Google’s upper management. Even on that first day of contact, Googlers expressed to me their frustrations in this regard, relating to the very issues that I had discussed in my talk.

Over the years since, a wide range of issues related to Google have changed dramatically for the better. Google has become a world-class leader in privacy, security, and artificial intelligence policies. This doesn’t mean that Google is perfect in these respects, and bugs can still occur, but they have excellent people working on those teams — I know many of them personally — who put their lives into this important work. 

However, in key respects it seems that the chasm between Google’s management and other Googlers has grown from a disconnect to a gaping chasm.

Google has always had what I’d charitably call “blind spots” in various areas. Over the years I’ve written publicly about these many times, and I won’t go into detail about them again here, but we can briefly review a few.

Customer service has been an ongoing problem since day one. It has certainly made significant positive strides over time, but still is massively lacking in important respects, especially when dealing with growing populations of non-techie users who depend on Google products and services, but are increasingly left behind by Google user interface designs and available help resources.

When it comes to user interfaces, readability, and similar areas, we again see a sort of “split personality” from Google. They have excellent and rapidly evolving resources for persons with severe conditions like blindness, but continue to deploy low contrast fonts and confusing user interfaces that drive many users with common visual deficiencies absolutely nuts.

Proposals to create the kinds of roles at Google that have been so successful elsewhere — such as Ombudspersons and Consumer Advocates — have continually and routinely hit brick walls at Google whenever I’ve suggested them. I’ve probably written a hundred thousand words or more on this topic alone in my various essays about Google issues.

It has been very clear that Google’s style of public communications has became a major part of their ongoing problems — because in my experience so many common false claims about Google are easily refuted when you take the time to actually do so in a way that non-techies will appreciate.

Yet Google PR has always had a tendency to clam up when something controversial occurs — until the situation has escalated to the point that silence is no longer an option, and matters have become much worse than they would have been if dealt with publicly in a prompt fashion. Google’s deeply entrenched fear of the “Streisand Effect” — the idea that if you say anything about a bad situation you will only draw attention to it — has not served them well.

Today’s belated announcement of a security breach related to Google+, which appears to be the handy excuse for Google to shut down consumer Google+ over a period of 10 months — a process that Google also announced today — encapsulates much of what I’ve said above.

Though the practical impact of the breach seems to be negligible, Google played directly into the politically-motivated hands of the lying Google haters, who have already been screaming for Google’s blood and for its executives to be figuratively drawn and quartered. 

These kinds of Google communications strategies are giving the evil haters even more ammunition to use for false accusations of political user censorship, they give the EU additional excuses to try fine Google billions extra to enrich EU coffers, and they give massive energy to the forces who want to break up Google into smaller units to be micromanaged for political gain by politicians and those politicians’ minions and toadies. 

In the case of Google+, while I don’t have any inside information about today’s announcements, it’s pretty easy to guess what happened.

I’ve been a very active user of Google+ since the first day of beta availability in 2011. But it was obvious from the outset that Google management’s view of the platform was significantly different from its many dedicated users — and there are many millions of them despite the claims of naysayers. I have a wonderful core following of Google+ users who are absolutely great people, and the loss of Google+ will make me both sad and yes, extremely angry. It’s difficult to consider this to be anything short of loyal users being betrayed by Google itself.

Because it didn’t have to happen. Google+ has obviously been operating on very limited internal support resources for quite some time — this was apparent to anyone who used G+ routinely. And there were some terrible executive decisions made along the way — perhaps mostly notably an ultimately abandoned integration of G+ and the YouTube commenting system, which cross-contaminated completely different spheres of interest with disastrous effects. I advocated against this both publicly and internally, but even though it was ultimately rescinded the damage was already done.

Another Google self-inflicted injury is the new controversy over purported plans for Google to again provide Chinese government censored search in China, a concept that Google abandoned many years ago. I’ve written a lot about this recently — I believe it’s a terrible idea and plays into the hands of Google’s adversaries — but I won’t get into the details again here, other than to note the great distress that these moves and the ways that they were handled internally have caused many Googlers who have spoken out publicly.

And yet as I’ve also recently written, when we view that leaked Google TGIF video where Google executives discuss this matter, you won’t see any evil intents, and in fact you’ll find execs emphasizing the need to continue preventing any political bias from finding its way into Google search or other Google products. So their hearts are clearly in the right place overall.

But even the best of intentions are not enough.

With the opening words of Google’s 2004 IPO Founders Letter, Larry Page and Sergey Brin wrote:

“Google is not a conventional company. We do not intend to become one.”

I can’t help but be reminded of that classic scene in “Citizen Kane” where Charles Foster Kane takes the “Declaration of Principles” that he’d written many years earlier and rips them to pieces, declaring them to now be antique.

It is indeed possible, even likely, that Google can continue onward without the kinds of changes that I and other Google supporters have advocated over the years, and still make bushels of money.

But it won’t be the same Google. It will have become the “conventional company” kind of Google, not the firm of which so many Googlers are so rightly proud, and that so many users around the globe depend upon throughout their days.

The Google that we’ve known will be dead. And with its passing, we’ll be entering into a much darker phase of the Internet that many of us have long feared and have worked so hard to try prevent.

And that loss would be terrible for us all.

–Lauren–

]]>
https://lauren.vortex.com/2018/10/08/the-death-of-google/feed 6
How to Disable Gmail’s Annoying New “Smart Compose” Predictive Typing Feature https://lauren.vortex.com/2018/10/06/how-to-disable-gmails-annoying-new-smart-compose-predictive-typing-feature https://lauren.vortex.com/2018/10/06/how-to-disable-gmails-annoying-new-smart-compose-predictive-typing-feature#comments Sat, 06 Oct 2018 16:39:29 +0000 https://lauren.vortex.com/?p=3872 Continue reading "How to Disable Gmail’s Annoying New “Smart Compose” Predictive Typing Feature"]]> UPDATE (October 6, 2018): It appears that at least some Gmail users are now getting an (apparently one-time) pop-up box giving the option to turn off “Smart Compose” when it first becomes active for them. This is definitely an improvement. However, if someone accepts that default (“Got it”) to try it out, there’s no clue provided to help the user turn it off again at some future time, without digging around in the user interface as I describe below. Many users report regretting accepting it in the first place, since they didn’t know how to turn it off afterwards.

– – –

I had sort of hoped that Google would step up to the bat on this one themselves, but my inbox is still full of queries about this — all day, every day.

Google recently deployed a feature in Gmail that tries to guess what you’re about to type, and “helpfully” fills it in for you. They activated it by default, with no information provided to users (not even a one-time pop-up information bubble) explaining how to turn it off. (Please see update above regarding this aspect.)

I’ve seen this “Smart Compose” feature described publicly with a range of adjectives, including intrusive, wonderful, invasive, creepy, accurate, loony, mistaken, helpful, misguided — well, you get the point, opinions are all over the map.

In my case, I’d say that “annoying” is the descriptor I’d sort to the top of the heap. 

With the understanding that Google has great AI and is itching to use it whenever and wherever possible, I don’t really need it analyzing my email drafts as I type them. At least in my case, its proposed wordings are nearly always — what’s the technical term? — oh yes, WRONG. Not what I intend or want to write. 

And the predictions intrusively and continuously interrupt my flow of typing as each one needs to be individually bypassed. 

More Google-enhanced “dumbing-down” I really don’t need. Luckily, like the silly little “smart reply” labels that Gmail pops up by default these days (also useless for me, but far less annoying than Smart Compose”) this feature CAN be disabled.

Of course, you have to go on the usual Google user interface scavenger hunt to figure out how to turn this new feature off, because as I noted above, Google sprung it on everyone without information about opting out from its tender mercies. (Please see update above regarding this aspect).

I would not assert that “Smart Compose” is useless. For users who do find it helpful that’s excellent, fine, and dandy. More power to them, as the saying goes. Smart Compose generally seem more acceptable and helpful for mobile use — though Google mobile voice input is so good that voice is my own preferred method to input text on mobile.

My foundational complaint here isn’t that Google deployed Smart Compose, but rather that they enabled it by default without providing users even basic related information, including the all important “How the hell do I turn this damned thing off?” — the very question filling my inbox of late! (Please see update above regarding this aspect.)

So here’s how you turn it off. It’s easy, IF you know how.

Click the desktop Gmail gear icon at the upper right. Then click Settings. You should already be on the General tab at this point. Scroll down until you find “Smart Compose” and click the “Writing suggestions off” choice. Many users assume that their changes have taken effect at this point. Nope, not yet. You next must scroll all the way to the bottom of the page and click “Save Changes” to actually cause any changes to take place.

By the way, you can also turn off the “Smart Reply” feature I mentioned above, via this same settings page. 

There are many better ways that Google could have deployed Smart Compose. Instead of enabling it by default, they could have popped an invitation to try it. Or if it had to be enabled by default, they could have popped a little box saying something like “Can be disabled on the General tab in Gmail settings” — or something along these lines. (Please see update above regarding this aspect.)

Unfortunately, the way that Google chose to launch Smart Compose is rather emblematic of continuing blind spots in Google’s attitudes toward user interface design and the needs of their very wide community of users. 

Google can easily do better, if they choose to do so by considering the needs of ALL users in these user interface decisions and designs.

–Lauren–

]]>
https://lauren.vortex.com/2018/10/06/how-to-disable-gmails-annoying-new-smart-compose-predictive-typing-feature/feed 9
Please Don’t Ask! There Are No “Google Explainers” https://lauren.vortex.com/2018/10/01/please-dont-ask-there-are-no-google-explainers Tue, 02 Oct 2018 00:58:38 +0000 https://lauren.vortex.com/?p=3854 Continue reading "Please Don’t Ask! There Are No “Google Explainers”"]]> Just a very short note! A few days ago, in “How Google Documentation Problems Can Lead to Public Relations Nightmares” (https://lauren.vortex.com/2018/09/27/how-google-documentation-problems-can-lead-to-public-relations-nightmares), I proposed that Google make available a series of tutorial resources — “explainers” so to speak, regarding a wide range of Google services, technical issues, and policies that tend to be misunderstood by significant numbers of persons in their user community and the global community at large. I suggested that both textual and video content in this vein could well serve toward improving the understanding of many things Google.

Apparently some readers misunderstood my post — or perhaps were incompletely informed about it by third parties. Because I’ve been flooded with people asking me where to find these “Google Explainer” resources.

You can’t find them. They do not exist at this time! I was making a proposal, not an announcement.

I hope that Google will move in the direction that I’ve suggested, but there are of course no guarantees that they will do so. I appreciate the emails expressing support for the concept, but this ball is firmly in Google’s court, not mine! It would not be practical for a non-Googler to write up such docs and keep them in sync with Google to the degree that would really be necessary for such resources to be genuinely useful.

Sorry about that, Chief!

Be seeing you.

–Lauren–

]]>
Criminal Behavior: How Facebook Steals Your Security Data to Violate Your Privacy https://lauren.vortex.com/2018/09/30/criminal-behavior-how-facebook-steals-your-security-data-to-violate-your-privacy https://lauren.vortex.com/2018/09/30/criminal-behavior-how-facebook-steals-your-security-data-to-violate-your-privacy#comments Sun, 30 Sep 2018 16:47:44 +0000 https://lauren.vortex.com/?p=3844 Continue reading "Criminal Behavior: How Facebook Steals Your Security Data to Violate Your Privacy"]]> One of the most fundamental and crucial aspects of proper privacy implementations is the basic concept of “data compartmentalization” — essentially, assuring that data collected for a specific purpose is only used for that purpose.

Reports indicate that Facebook is violating this concept in a way that is directly detrimental to both the privacy and security of its users. I’d consider it criminal behavior in an ethical sense. If it isn’t already actually criminal under the laws of various countries, it should be.

There’s been much discussion over the last few days about reports (confirmed by Facebook, as far as I can determine) that Facebook routinely abuses their users’ contact information, including phone numbers provided by users, to ad target other users who may never have provided those numbers in the first place. In other words, if a friend of yours has your number in his contacts and lets Facebook access it, Facebook considers your number fair game for targeting, even though you never provided it to them or gave them permission to use it. And you have no way to tell Facebook to stop this behavior, because your number is in someone else’s contacts address book that was shared and is under their control, not yours.

This abuse by Facebook of “shadow contacts” is bad enough, but is actually not my main concern for this post today, because Facebook is also doing something far worse with your phone numbers.

By now you’ve probably gotten a bit bored of my frequent posts strongly urging that you enable 2sv (two-step verification, 2-factor verification) protections on your accounts whenever this capability is offered. It’s crucial to do this on all accounts where you can. Just a few days ago, I was contacted by someone who had failed to do this on a secondary account that they rarely used. That account has now been hijacked, and he’s concerned that someone could be conducting scams using that account — still in his name — as a home base for frauds.

It’s always been a hard sell to get most users to enable 2sv. Most people just don’t believe that they will be hacked — until they are and it’s too late (please see: “How to ‘Bribe’ Our Way to Better Account Security” – https://lauren.vortex.com/2018/02/11/how-to-bribe-our-way-to-better-account-security).

While among the various choices that can be offered for 2sv (phone-based, authenticator apps, U2F security keys, etc.) the phone-based systems offer the least security, 2sv via phone-based text messaging still greatly predominates among users with 2sv enabled, because virtually everyone has a mobile phone that is text messaging capable.

But many persons have been reluctant to provide their mobile numbers for 2sv security, because they fear that those numbers will be sold to advertisers or used for some other purpose than 2sv.

In the case of Google, such fears are groundless. Google doesn’t sell user data to anyone, and the phone numbers that you provide to them for 2sv or account recovery purposes are only used for those designated purposes.

But Facebook has admitted that they are taking a different, quite horrible approach. When you provide a phone number for 2sv, they feel free to use it as an advertising targeting vector that feeds into their “shadow contact” system that I described above.

This is, as I suggested, so close to being criminal as to be indistinguishable from actual criminality.

When you provide a phone number for 2sv account security to Facebook, you should have every expectation that this is the ONLY purpose for which that phone number will be used!

By violating the basic data compartmentalization concept, Facebook actually encourages poor security practices, by discouraging the use of 2sv by users who don’t want to provide their phone numbers for commercial exploitation by Facebook!

Facebook will say that they now have other ways to provide 2sv, so you can use 2sv without providing a phone number.

But they also know damned well that most people do use mobile phones for 2sv. There are very large numbers of people who don’t even have smartphones, just simple mobile phones with text messaging functions. They can’t run authenticator apps. Security keys are only now beginning to make slow inroads among user populations.

So Facebook — in sharp contrast to far more ethical companies like Google who don’t treat their users like sheep to be fleeced — is offering vast numbers of Facebook users a horrible Hobson’s choice — let us exploit your phone number for ad targeting, or suffer with poor security and risk your Facebook account being hijacked.

This situation, piled on top of all the other self-made disasters now facing Facebook, help to explain why I don’t have a Facebook account.

I realize that Facebook is a tough addiction to escape. “All my friends and family are on there!” is the usual excuse.

But if you really care about them — not to mention yourself — you might consider giving Facebook the boot for good and all.

–Lauren–

]]>
https://lauren.vortex.com/2018/09/30/criminal-behavior-how-facebook-steals-your-security-data-to-violate-your-privacy/feed 2
How Google Documentation Problems Can Lead to Public Relations Nightmares https://lauren.vortex.com/2018/09/27/how-google-documentation-problems-can-lead-to-public-relations-nightmares Thu, 27 Sep 2018 18:40:53 +0000 https://lauren.vortex.com/?p=3830 Continue reading "How Google Documentation Problems Can Lead to Public Relations Nightmares"]]> UPDATE (October 1, 2018): Please Don’t Ask! There Are No “Google Explainers”

– – –

Google has been going through something of a public relations nightmare over the last week or so, all related to a new feature that was added to their Chrome browser — that actually was an excellent, user-positive feature! (Please see: “Ignore the Silly Panic over Google Chrome’s New Auto-Login Feature” – https://lauren.vortex.com/2018/09/24/ignore-the-silly-panic-over-google-chromes-new-auto-login-feature).

After a massive backlash — which I personally feel was almost entirely uninformed and unnecessary — Google has announced that they’ll provide a way for users to disable this useful feature (my recommendation to users is to leave it enabled).

But how did we get to this point?

This entire brouhaha relates to Chrome browser sync, which enables the synchronization of data — bookmarks, passwords, browsing history, etc. — between multiple devices running Chrome. It’s a fantastically useful feature that unfortunately is widely misunderstood.

Part of the reason for the confusion is that it really is not well documented — the associated help materials can be misunderstood even by hardcore techies, and obviously this can be even more troublesome for non-technical users. This has been exacerbated by some aspects of the associated user interface, but Google documentation and other help resources are primarily at fault.

The triggering event for this Google PR mess was the false assumption by some observers that the new Chrome auto-login feature would automatically enable Chrome sync. It doesn’t, and it never did.

But how many Chrome users realize how much flexibility actually exists in the sync system?

For example, while the default settings will sync all categories of data, there are customization options that permit users to specify exactly which classes of data they wish to sync or not sync. I tend to sync bookmarks and not much else.

The main concern expressed about sync during this controversy relates to Google seeing your synced browsing history (which again, I stress has always been possible for users to disable in the sync system).

But how many users realize that you can choose to sync any or all data classes between your devices without Google being able to interpret them at all, simply by specifying a sync “pass phrase” that encrypts the data so that it only exists in unencrypted form on your own devices — not at Google. Doing this means that Google can’t provide various centralized value-added features, but that’s your choice!

If all of this had been better documented (in ways understandable to a wide variety of users of different technical skill levels) much or all of this entire controversy could have been avoided.

While Google has made significant strides in their help and documentation resources over the years, they still have a long, long way to go, especially when dealing with the non-technical users who make up a large and growing segment of their user population. 

I have long asserted that Google (and its users!) would greatly benefit from a new class of Google-related documentation and help systems, created and maintained specifically to assist all users — including especially non-technical users — to better understand these necessarily complex systems and environments. 

I would suggest that these include textual materials specifically written for this purpose, with supplemental video content as well. Call them “Google Explainers” or whatever, but in Google parlance I would assert that ongoing deficiencies in this area represent a “Code Yellow” (extremely important) class of issues for both Google and its users.

–Lauren– 

]]>
Ignore the Silly Panic over Google Chrome’s New Auto-Login Feature https://lauren.vortex.com/2018/09/24/ignore-the-silly-panic-over-google-chromes-new-auto-login-feature Mon, 24 Sep 2018 16:41:58 +0000 https://lauren.vortex.com/?p=3820 Continue reading "Ignore the Silly Panic over Google Chrome’s New Auto-Login Feature"]]> UPDATE (September 27, 2018): How Google Documentation Problems Can Lead to Public Relations Nightmares

UPDATE (September 25, 2018): In response to complaints about this actually very positive and useful new feature, Google has announced that an upcoming version of Chrome will provide an option for users to disable this functionality. But I recommend that you leave it enabled — I certainly will.

– – –

You may have seen stories going around over the last couple of days with various observers and so-called “experts” going all wacko panicky over a new feature in Google’s Chrome that automatically logs you into the browser when you log into a Google account.

In reality, this is a major privacy-positive move by Google, not any kind of negative as those breathless articles are trying to make you believe!

Over time, many users — especially in situations where multiple people use the same computer — have come to me confused about who was really logged into what. They’d login to their own Google accounts but later discover that the browser was still logged in as someone else entirely, not only causing confusion, but the potential for significant user errors as well.

I applaud Google changing this. It improves user privacy and user security, by helping to assure that the browser and Google Accounts are using the same identities, and that you’re not accidentally screwing around with someone else’s browser data.

Some panicky observers are loudly proclaiming that they never want to login to the browser. They seem on the whole to be rather confused. You can still use the browser as Guest. You can still switch user identities on the browser via the “Manage People” function in settings.

The key functionalities of browser login are to keep track of different users’ browser settings, and to provide sync capabilities. And the sync system isn’t automatically turned on by these new changes. If you want to sync bookmarks or passwords or whatever, you still need to enable this explicitly and you still have complete control over what is being synced, just like before.

Google should be getting applause for this new Chrome auto-login feature, not silly complaints.

Kudos to the Chrome team.

–Lauren–

]]>
More Bull from the Google Haters: Search Results and Trump’s Travel Ban https://lauren.vortex.com/2018/09/21/more-bull-from-the-google-haters-search-results-and-trumps-travel-ban Fri, 21 Sep 2018 17:50:10 +0000 https://lauren.vortex.com/?p=3810 Continue reading "More Bull from the Google Haters: Search Results and Trump’s Travel Ban"]]> Here we go again. There are new stories today being breathlessly spouted by the alt-right, and being picked up by mainstream media, about internal Google emails showing employees discussing possible ways to “leverage” search results to help push back against Trump’s racist travel ban in January 2017, shortly after his inauguration.

The key aspect to note about this media brouhaha is that NONE of those ideas were EVER implemented. And the discussions themselves include participants noting why they shouldn’t be.

These discussions were the personal thoughts of individual Googlers, who are encouraged by Google to speak as openly as possible internally to help assure that Google has a wide range of opinions as input to decision-making on an ongoing basis.

I experienced this firsthand during the period ending several years ago when I consulted to Google. I had never seen such an open exchange of ideas at any large firm before. I was absolutely in awe of this — and actively participated in many internal discussions — because such interchange is an incredibly important asset — not only to Google, but to its users and to the world at large.

You want to avoid whenever possible having employees self-censoring internally about controversial matters. You want the maximum practicable interchange of ideas, many of which by definition will never actually be implemented.

We’d frankly have a much better world if such open internal discussions took place at all firms and other organizations.

What’s so appalling about this situation is that there are (or were) individuals inside Google who would purposely leak such internal discussions, obviously in the hopes of generating exactly the kinds of fanatical Google hate being demonstrated by the alt-right and their allies, and to try stifle the kinds of open internal discussions that are so important to us all.

–Lauren–

]]>
What We See on the Leaked TGIF Video Makes Us Proud of Google https://lauren.vortex.com/2018/09/17/what-we-see-on-the-leaked-tgif-video-makes-us-proud-of-google https://lauren.vortex.com/2018/09/17/what-we-see-on-the-leaked-tgif-video-makes-us-proud-of-google#comments Mon, 17 Sep 2018 19:08:36 +0000 https://lauren.vortex.com/?p=3793 Continue reading "What We See on the Leaked TGIF Video Makes Us Proud of Google"]]> Ever since an online right-wing rag recently released a leaked copy of a corporate “TGIF” meeting at Google (recorded a couple of days after the election of Donald Trump), I’ve been receiving emails from various Trump supporters pointing at various short, out of context clips from that video to try make the argument that a vast, conspiratorial political bias by Google is on display.

This is utter nonsense. And a viewing of the entire now public meeting recording (https://lauren.vortex.com/g-tgif) not only reveals a lack of bias, but should inspire a completely different set of reactions — namely confidence and pride.

For in this video we see exactly what I for one would have hoped to see from the leaders of a powerful corporation under such circumstances — expressions of personal concern, but a clear determination not to permit personal feelings to skew or bias Google search engine or other services.

As I watched this video, I found myself almost constantly nodding my head in agreement. Frankly, if I had been up there on that stage I would have been sorely tempted to state my concerns regarding the election’s outcome in somewhat stronger language. And let’s face it, events in the ensuing nearly two years since that election have proven these kinds of concerns to have been utterly justified.

The motives of the Google or ex-Googler who originally leaked this TGIF video are obvious enough — to try feed into the alt-right’s false narratives of claimed political bias at Google. 

In this respect that person failed miserably, because any fair-minded individual viewing the entire video cannot fail to see corporate leaders explicitly keeping their personal feelings separate from corporate policies. 

That’s not to say that this nefarious leaker hasn’t done real damage inside Google. Reportedly, internal access to TGIF videos has been greatly restricted in the wake of the leak. That’s bad news all around — open discussion of sometimes controversial issues inside Google is key not only to Google’s success, but is important to Google’s users and the global community as well.

And of course the leaker has now spawned a plethora of additional right-wing articles attacking various Google execs, and a range of new wacky false conspiracy theories, including the bizarre notion that the beanie propeller hats typically worn by new Google employees are actually some kind of creepy cult symbolism. Give me a break! Apparently these conspiracy idiots never saw “Beany & Cecil” (https://www.youtube.com/watch?v=cMdReHP9cb0).

Google — like all firms — is made up of human beings, and a person hasn’t walked this planet who qualifies as perfect. But when I watch this video, I see a group of people working very hard to do the right thing, to keep Google firmly on an unbiased and even keel despite personal disappointments.

And yes, that makes me very proud of Google and Googlers.

–Lauren–

]]>
https://lauren.vortex.com/2018/09/17/what-we-see-on-the-leaked-tgif-video-makes-us-proud-of-google/feed 1
Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily https://lauren.vortex.com/2018/09/17/google-backs-off-on-unwise-url-hiding-scheme-but-only-temporarily https://lauren.vortex.com/2018/09/17/google-backs-off-on-unwise-url-hiding-scheme-but-only-temporarily#comments Mon, 17 Sep 2018 15:21:17 +0000 https://lauren.vortex.com/?p=3774 Continue reading "Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily"]]> In previous posts, including “Here’s How to Disable Google Chrome’s Confusing New URL Hiding Scheme” (https://lauren.vortex.com/2018/09/07/heres-how-to-disable-google-chromes-confusing-new-url-hiding-scheme), I’ve noted the serious security and other problems related to Google Chrome’s new policy of hiding parts of site URLs.

Google has now — sort of, temporarily — backed off on these changes.

In a post over on the Chromium blog, at:

https://bugs.chromium.org/p/chromium/issues/detail?id=883038

they note that URL subdomain hiding (Google uses the term “elide” — how often do you see that one?) is being rolled back in Chrome M69, but the post also says that they plan to begin hiding — I mean “eliding” — www again in M70, but not “m” (no doubt because they realized what a potential mess that made over on Tumblr). They also say that they’ll initiate a discussion with standards bodies about this to reserve “www or m” as hidden subdomains.

The comments on that Chromium post appear to be virtually universally opposed to Google’s hiding any elements of URLs. At the very least, it’s obvious that Google should not begin such URL modifications again until after such a time (if ever) that standards bodies have acted in these regards, and I would argue that these bodies should not do so in the manner that Google is now pushing.

The www and m subdomains have been integral parts of the user experience on the Web for decades. Tampering with them now (especially www) makes no sense, and (along with the other action that Google took at the same time — hiding the crucial http:// and https:// prefixes that are key signals regarding communications security) just puts users in an even more vulnerable position, as I discussed in “Chrome Is Hiding URL Details — and It’s Confusing People Already!” (https://lauren.vortex.com/2018/07/10/chrome-is-hiding-url-details-and-its-confusing-people-already).

We can certainly have a vibrant discussion regarding additional signals that could help users to detect phishing and other URL-related attacks, but any and all changes to URL displays (including involving http, https, m, www, and so on) should only take place if and after there is broad community agreement that such changes are actually user positive.

Google should completely cease all of these URL changes, permanently, unless such criteria are met.

–Lauren–

]]>
https://lauren.vortex.com/2018/09/17/google-backs-off-on-unwise-url-hiding-scheme-but-only-temporarily/feed 1
Verizon’s 5G Home Broadband Has a Rough Start https://lauren.vortex.com/2018/09/13/verizons-5g-home-broadband-has-a-rough-start https://lauren.vortex.com/2018/09/13/verizons-5g-home-broadband-has-a-rough-start#comments Thu, 13 Sep 2018 15:28:09 +0000 https://lauren.vortex.com/?p=3765 Continue reading "Verizon’s 5G Home Broadband Has a Rough Start"]]> A few days ago, Verizon Wireless announced with great fanfare that people in their initial handful of supported cities (including here in L.A.) could use a locator site as of this morning to check for availability of the new Verizon Wireless 5G Home Broadband service, which supposedly touts some impressive specs. Actually, we should call it “5G” with the quotes made obvious, since it’s not really a standardized 5G yet, but let that pass for now.

The locator site has been present at least since that announcement but said that you couldn’t actually check addresses until something like 5 AM PDT this morning. So this morning I decided to check my address. I didn’t expect it to be covered — I heard rumors that Verizon’s initial coverage of L.A. would be very small, perhaps centered on downtown L.A., and I’m literally in the other end of the city in the distant reaches of the San Fernando Valley.

The site apparently did enable its address checking functionality this morning. Well, in theory, anyway.

The page has an annoying overlay curtain effect when you touch it (that was there several days ago as well) but as of right now the “Check availability” link immediately punches you through to another page saying that service is not available at your address — before you’ve even entered a physical address.  Are they trying to guess your approximate location based on your IP address? Naw, that would never work — too prone to error, and think of all the people using mobile devices who all appear to be coming from carrier gateways.

Hmm. There is a “change address” link — and you can actually enter your address at that one. Oops, still says not available at your address. But, wait a second. Whether you enter your address directly or not, there’s a note under that unavailability announcement:

Server is temporarily down, couldn’t able to process the request currently.

Wow, this is starting to feel like a phishing site with a backend coded by someone who clearly wasn’t a native English speaker.

And checking again just now, the site is still in this condition.

Not an auspicious beginning.

–Lauren–

]]>
https://lauren.vortex.com/2018/09/13/verizons-5g-home-broadband-has-a-rough-start/feed 2
EU Preliminarily Passes Horrific Articles 11 & 13 — Here’s How to Fight Back! https://lauren.vortex.com/2018/09/12/eu-preliminarily-passes-horrific-articles-11-13-heres-how-to-fight-back Wed, 12 Sep 2018 16:27:43 +0000 https://lauren.vortex.com/?p=3757 Continue reading "EU Preliminarily Passes Horrific Articles 11 & 13 — Here’s How to Fight Back!"]]> By a vote of 438 to 226, the massively confused and lobbyists-owned EU Parliament has preliminary passed horrific Article 11 and Article 13, aimed at turning ordinary users into the slaves of government-based Internet censorship and abuse.

The war isn’t over, however. These articles now enter a period of negotiation with EU member states, and then are subject to final votes next year, probably in the spring.

So now’s the time for the rest of the world to show Europe some special “tough love” — to help them understand what their Internet island universe will look like if these terrible articles are ever actually implemented.

Article 11 is an incredibly poorly defined “link tax” aimed at news aggregators. If Article 11 is implemented, the reaction by most aggregators who have jurisdictional exposure to the EU (e.g., EU-based points of presence) will not be to pay the link taxes, but rather will be to completely cease indexing those EU sites.

Between now and the final votes next year, news aggregation sites should consider temporarily ceasing to index those EU sites for various periods of time at various intervals, to give those sites a taste of what happens to their traffic when such indexing stops, and what their future would look like under Article 11.

Then we have Article 13’s massive, doomed-to-disaster content filtering scheme, which would be continually inundated with false matches and fake claims (there are absolutely no penalties under Article 13 for submitting bogus claims). While giant firms like Google and Facebook would have the resources to implement Article 13’s mandates, virtually nobody else could. And even the incredibly expensive filtering systems built by these largest firms have significant false positive error rates, frequently block permitted content, and cost vast sums to maintain.

A likely response to Article 13 by many affected firms would be to geoblock EU users from those company’s systems.  That process can begin now on a “demonstration” basis. The IP address ranges for EU countries can be easily determined in an automated manner, and servers programmed to present an explanatory “Sorry about that, Chief — You’re in the EU!” message to EU users instead of the usual services. As with the Article 11 protest procedure noted above, these Article 13 IP blocks would be implemented at various intervals for various durations, between now and the final votes next year.

The genuinely sad part about all this is that none of it should be necessary. Article 11 and 13 mandates will never work as their proponents hope, and if deployed will actually do massive damage not only to EU (and other) users at large, but to the very constituencies that have lobbied for passage of these articles!

And that’s a lose-lose situation in any language.

–Lauren–

]]>
“The EU’s (Internet) Island” (To the tune of “Gilligan’s Island”) https://lauren.vortex.com/2018/09/11/the-eus-internet-island-to-the-tune-of-gilligans-island Wed, 12 Sep 2018 01:20:30 +0000 https://lauren.vortex.com/?p=3740 Continue reading "“The EU’s (Internet) Island” (To the tune of “Gilligan’s Island”)"]]> UPDATE (September 12, 2018): EU Preliminarily Passes Horrific Articles 11 & 13 — Here’s How to Fight Back!

– – –

In honor of the EU’s horrific “Article 11” and “Article 13” — In the hope that they don’t pass, and that these lyrics don’t come to pass as reality.

– – –

“The EU’s (Internet) Island”
(To the tune of “Gilligan’s Island”)
Lauren Weinstein – 11 September 2018

Just sit right back and you’ll hear a tale,
A tale of a fateful trip.
When the EU tried to wreck the Net,
And just sunk their own sad ship.
Their ideas were a link tax few would pay,
And content censorship tools.
So the EU voted to proceed,
With a plan made by fools,
A plan made by fools!

(Lightning and Thunder!)

It didn’t work out like they hoped,
The world cut the EU off.
Fake claims filled the content filters fast,
And EU users were lost,
The EU users were lost!

Now the EU’s been chopped from the Net,
Like a lonely desert isle.
With Luxembourg,
And Brussels too,
And Frankfurt,
And yes Strasbourg!
The Hague as well,
And the rest,
Are here on the EU’s Isle!

<End>

]]>
YouTube’s Memory Miracle https://lauren.vortex.com/2018/09/09/youtubes-memory-miracle Sun, 09 Sep 2018 20:50:35 +0000 https://lauren.vortex.com/?p=3733 Continue reading "YouTube’s Memory Miracle"]]> The key reason why you’ll find me “from time to time” expressing criticism of various YouTube policies, is simply because I love the platform so very much. If it vanished tomorrow, there’d be a gap in my life that would be very difficult to repair.

So let’s put aside for the moment issues of hate speech and dangerous dares and YouTube’s Content ID, and revel for a bit in an example of YouTube’s Memory Miracle.

A few minutes ago, a seemingly unrelated Google query pulled up an odd search result that I suddenly recognized, a YouTube video labeled “By Rocket to the Moon.” YES, the name of a children’s record I played nearly into groove death in my youth. It’s in my old collection of vinyl here for sure somewhere, but I haven’t actually seen or heard it in several decades at least:

By Rocket to the Moonhttps://www.youtube.com/watch?v=9acg_P23oHY

Little bits and pieces of the dialogue and songs I’ve recalled over the years, in particular a line I’ve quoted not infrequently: “Captain, captain, stop the rocket. I left my wallet in another suit, it isn’t in my pocket!” As it turns out, I learned today that I’ve been quoting it slightly wrong, I’ve been saying “in my other suit” — but hell, close enough for jazz!

And speaking of jazz, I also realized today (it would have meant nothing to me as a child) that the jazzy music on this record was composed by the brilliant Raymond Scott and performed by none other than the wonderful Raymond Scott Quintette. You likely don’t recognize the names. But if you ever watched classic Warner Brothers cartoons, you will almost certainly recognize one of the group’s most famous performances, of Scott’s “Powerhouse” (widely used in those cartoons for various chase and machine-related sequences):

Powerhouse: https://www.youtube.com/watch?v=YfDqR4fqIWE

I’m obviously not a neurobiologist, but I’ve long suspected that what we assume to be memory “loss” over time with age is actually not usually a loss of the memories themselves, but rather a gradual loss or corruption of the “indexes” to those memories. Once you get a foothold into old buried memories through a new signal, they’ll often flow back instantly and with incredible accuracy. They were there all along!

And that’s why I speak of YouTube’s memory miracle. Old songs, old TV shows, even old classic commercials. You thought you forgot them eons ago, but play them again on YouTube even after gaps of decades, and full access to those memories is almost instantly restored.

In the case of this old record, I had just played a few seconds from YouTube today when the entire production came flowing back — dialogue, song lyrics, all of it. I was able to sing along as the words “popped in” for me a few seconds ahead of what I was hearing. (This leads to another speculation of mine relating to the serial nature of memories, but we’ll leave that discussion for a future post.)

YouTube had in a few seconds recreated — or at least uncovered and surfaced — the lost index that restored access to an entire cluster of detailed memories.

OK, so it’s not really a miracle. But it’s still wonderful.

Thanks YouTube!

–Lauren–

]]>
Here’s How to Disable Google Chrome’s Confusing New URL Hiding Scheme https://lauren.vortex.com/2018/09/07/heres-how-to-disable-google-chromes-confusing-new-url-hiding-scheme https://lauren.vortex.com/2018/09/07/heres-how-to-disable-google-chromes-confusing-new-url-hiding-scheme#comments Sat, 08 Sep 2018 00:37:29 +0000 https://lauren.vortex.com/?p=3707 Continue reading "Here’s How to Disable Google Chrome’s Confusing New URL Hiding Scheme"]]> UPDATE (September 17, 2018): Google Backs Off on Unwise URL Hiding Scheme, but Only Temporarily

– – –

A couple of months ago, in “Chrome Is Hiding URL Details — and It’s Confusing People Already!” (https://lauren.vortex.com/2018/07/10/chrome-is-hiding-url-details-and-its-confusing-people-already), I noted the significant problems already being triggered by Google’s new URL modification scheme in Chrome Beta. Now that these unfortunate changes have graduated to the current standard, stable version of Chrome, more complaints about this are pouring in to me from many more users.

I don’t normally recommend altering Chrome’s inner sanctum of “experimental” settings unless you’re a hardcore techie who fully understands the implications. But today I’m making an exception and will explain how you can disable these new URL handling behaviors and return Chrome to its previous (safer and logical) URL display methodology — at least until such a time as Google decides to force this issue and removes this option.

Ready? Here we go.

In the URL bar at the top of the browser (technically, the “omnibox”), type:

chrome://flags

then hit ENTER. You’ll find yourself in Chrome’s experimental area, replete with a warning in red that we’ll ignore today. In the “Search flags” box (just above the word “Experiments”), type:

steady

In the section labeled “Available” you should now find:

Omnibox UI Hide Steady-State URL Scheme and Trivial Subdomains

Obviously, the Chrome team and I have a difference of opinion about what is meant by “trivial” in this context.  Anyway, directly to the right you should now see an option box. Click the box and change the setting from:

Default

to:

Disabled

A large button labeled RELAUNCH NOW should be at the lower right. Go ahead and click it to restart the browser to make this change take effect immediately (if you have anything important in other open tabs, instead relaunch on your own later to protect your work).

That’s all, folks! The familiar URL behaviors should be restored, for now anyway.

Be seeing you.

–Lauren–

]]>
https://lauren.vortex.com/2018/09/07/heres-how-to-disable-google-chromes-confusing-new-url-hiding-scheme/feed 14
How Google Could Dramatically Improve the World’s Internet Security https://lauren.vortex.com/2018/08/26/how-google-could-dramatically-improve-the-worlds-internet-security https://lauren.vortex.com/2018/08/26/how-google-could-dramatically-improve-the-worlds-internet-security#comments Sun, 26 Aug 2018 17:47:33 +0000 https://lauren.vortex.com/?p=3682 Continue reading "How Google Could Dramatically Improve the World’s Internet Security"]]> UPDATE (October 8, 2021): It was just announced that Google will be giving free security keys to 10,000 particularly at risk Google users. Excellent to see this important step being taken!

– – –

It’s obvious that the security of SMS mobile text messaging as the primary means for 2-factor account authentications is fatally flawed. The theoretical problems are nothing new, but the dramatic rise in successful attacks demonstrates that the cellular carriers are basically inept at protecting their subscribers from SIM hijacking and other schemes (sometimes enabled by crooked insiders within the carrier firms themselves) that undermine the security of these systems.

While other 2-factor mechanisms exist, including authentication apps of various sorts, text messaging remains dominant. The reason why is obvious — pretty much everyone has a cell phone already in hand. Nothing else to buy or install.

The correct way to solve this problem is also well known – FIDO U2F security keys. Google has noted publicly that after transitioning their workforce to security keys from OTP (one-time password) systems, successful phishing attacks against Googlers dropped to zero.

Impressive. Most impressive.

But in the world at large, there’s a major problem with this approach, as I discussed recently in: “Prediction: Unless Security Keys Are Free, Most Users Won’t Use Them” (https://lauren.vortex.com/2018/08/02/prediction-unless-security-keys-are-free-most-users-wont-use-them).

I have also previously noted the difficulties in convincing users to activate 2-factor authentication in the first place: “How to ‘Bribe’ Our Way to Better Account Security” (https://lauren.vortex.com/2018/02/11/how-to-bribe-our-way-to-better-account-security).

Essentially, most users won’t use 2-factor unless there are strong and obvious incentives to do so, because most of them don’t believe that THEY will ever be hacked — until they are! And they’re unlikely to use security keys if they have to buy them as an extra cost item.

Google is one of the few firms with the resources to really change this for the better.

Google should consider giving away security keys to their users for free.

The devil is in the details of course. This effort would likely need to be limited to one free key per user, and perhaps could be limited initially to users subscribing to Google’s “Google One” service (https://one.google.com/about). Please see today’s comments for some discussion related to providing users with multiple keys.

Mechanisms to minimize exploitation (e.g. resale abuse) would also likely need to be established.

Ultimately, the goals would be to provide real incentives to all Google users to activate 2-factor protections, and to get security keys into their hands as expeditiously as is practical.

Perhaps other firms could also join into such an effort — a single security key can be employed by a user to independently authenticate at multiple firms and sites.

It’s a given that there would indeed be significant expenses to Google and other firms in such an undertaking. But unless we find some way to break users out of the box of failed security represented especially by text messaging authentication systems, we’re going to see ever more dramatic, preventable security disasters, of a kind that are already drawing the attentions of regulators and politicians around the world.

–Lauren–

]]>
https://lauren.vortex.com/2018/08/26/how-google-could-dramatically-improve-the-worlds-internet-security/feed 6
Google Admits It Has Chinese Censorship Search Plans – What This Means https://lauren.vortex.com/2018/08/17/google-admits-it-has-chinese-censorship-search-plans-what-this-means https://lauren.vortex.com/2018/08/17/google-admits-it-has-chinese-censorship-search-plans-what-this-means#comments Fri, 17 Aug 2018 16:34:23 +0000 https://lauren.vortex.com/?p=3654 Continue reading "Google Admits It Has Chinese Censorship Search Plans – What This Means"]]> This post is also available in Google Docs format .

After a painfully long delay, Google admitted at an internal company-wide meeting yesterday that it indeed has a project (reportedly named “Dragonfly”) for Chinese government-controlled censored search in China, but asserts that it is nowhere near ready for deployment and is subject to a range of possible changes before deployment (I’ll add, assuming that it ever actually launches).

Some background:

“Google Must End Its Silence About Censored Search in China” – https://lauren.vortex.com/2018/08/09/google-must-end-its-silence-about-censored-search-in-china

“Google Haters Rejoice at Google’s Reported New Courtship of China” –  https://lauren.vortex.com/2018/08/03/google-haters-rejoice-at-googles-reported-new-courtship-of-china

“Censored Google Search for China Would Be Both Evil and Dangerous!” – https://lauren.vortex.com/2018/08/01/censored-google-search-for-china-would-be-both-evil-and-dangerous

While this was an internal meeting, it apparently leaked publicly in real time, and was reportedly terminated earlier than planned when it was realized that it was being live-tweeted to the public by somebody watching the event.

The substance of the discussion is unlikely to appease Googlers upset by these plans. For all practical purposes, management appears to be justifying the new project using much the same terms (e.g., some Google is better than no Google”) used to try justify the ill-fated 2006 entry of Google into censored Chinese search, which Google abandoned in 2010 after continuing escalation of demands by the Chinese government, and Chinese government hacking of Google systems.

Given the rapid recent escalation of Internet censorship and associated human rights abuses by China’s “President for Life” Xi, there’s little reason to expect the results to be any different this time around — in fact they’re likely to go bad even more quickly, making Google by definition complicit in the human rights abuses that flow from the Chinese government’s censorship regime.

The secrecy surrounding this project — few Googlers even knew of its existence until leaks began circulating publicly — was explained by Google execs as “typical” of various Google projects while in their early, very sensitive stages.

This alone suggests a serious blind spot in Google management’s analysis. Such logic might hold true for a “run-of-the-mill” new service. But keeping a project such as Chinese censored search under such wraps within the company — a project with vast ethical ramifications — is positively poisonous to internal company trust and moral when the project eventually leaks out — as we’ve seen so dramatically demonstrated in this case.

That’s why the (now public) Googler petition — reportedly signed by well over a 1000 Googlers and increasing — is so relevant and important. It wisely calls for the establishment of formal frameworks inside Google to deal with these kinds of ethical issues, giving rank and file employees a “seat at the table” for such discussions. 

It also notably calls for the creation of internal “ombudspersons” roles to be directly engaged in these corporate ethical considerations — something that I’ve been publicly and privately advocating to Google over at least the last 10 years.

Irrespective of whether or not Google relaunches Chinese-government controlled censored search, the kinds of efforts proposed in the Googler petition would be excellent steps toward the important goal of improving Google’s ethical framework for dealing with both controversial and more routine projects going forward.

Leaks threaten the culture of internal openness that has been an important hallmark at Google since its creation 20 years ago (with this new Chinese government-censored search project being an obvious and ironic exception to Google’s open internal culture).

This internal openness is crucial not only for Google, but also for its users and the community at large as well. Vibrant open discussion internally at Google (which I’ve witnessed and participated in myself when I consulted to them a number of years ago) is what helps to make Google’s products and services better, and helps Google to avoid potentially serious mistakes.

But for any organization, when policy-related leaks occur of the sort that we’ve witnessed recently regarding Google and China, it strongly suggests that the organization does not have well functioning or adequate internal staff-accessible processes in place to appropriately deal with these higher pressure matters. Again, the kinds of proposals in the Googler petition would go a long way toward alleviating this situation.

These recent developments have brought Google to a kind of crossroads, a “moment of truth” as it were. What is Google going to be in its next 20 years? What kinds of roles will ethics play in Google’s decisions going forward? These are complex questions without simple answers. Google has a lot of serious work ahead in answering them to their own and the public’s personal and political satisfactions. 

But Google is great at dealing with hard problems, and I believe that they’ll work their way to appropriate answers in these cases as well.

We shall see what transpires in the fullness of time.

–Lauren–

]]>
https://lauren.vortex.com/2018/08/17/google-admits-it-has-chinese-censorship-search-plans-what-this-means/feed 2
Beware the Fraudulent Blog Comments Scams! https://lauren.vortex.com/2018/08/16/beware-the-fraudulent-blog-comments-scams Thu, 16 Aug 2018 16:03:24 +0000 https://lauren.vortex.com/?p=3643 Continue reading "Beware the Fraudulent Blog Comments Scams!"]]> A quick heads-up! While I’ve routinely seen these from time to time, there seems to be a major uptick in what are apparently fraudulent comment scam attempts here on my blog. They never get published since I must approve all comments before any appear, but their form is interesting and there likely is at least some human element involved, since they’re able to pass the reCAPTCHA “Are you a human?” test.

Here’s how the scams operate. It’s typical for blogs that support comments (whether moderated or not) to often permit the sender to include their name, email address, and a contact URL with their comment submission. My blog only will display their specified name, and of course only if I approve the comment.

But many blogs include all of that information in the posted comments, and many blogs don’t moderate comments, or only do so after the fact if there are complaints about individual published comments.

The scam comments themselves tend to fall into one of two categories. They may be utterly generic, e.g.: “Thanks for this great and useful post!”

Or they may be much more sophisticated, and actually refer in a more or less meaningful way — sometimes in surprising detail — to the actual topic of the original post.

The email addresses provided with the comments could be pretty much anything. What matters is the URLs that the comment authors provide and that they hope you will publish: The scammers always provide URLs pointing at various fake “technical support” addresses.

These cover the gamut: Google, Yahoo!, Microsoft, Outlook — and many more.

And you never want to click on those links, which almost inevitably lead to the kind of fake technical support sites that routinely scam unsuspecting users out of vast sums around the world every day.

It’s possible that these scam comment attempts are made in bulk by humans somewhere being paid a couple of cents per effort. Or perhaps they’re partly human (to solve the reCAPTCHA), and partly machine-generated.

In any case, if you run a blog, or some other public-facing site where comments might be submitted, watch out for these. Don’t let them appear on your sites! Your legitimate users will thank you.

–Lauren–

]]>
Fixing Google’s Gmail Spam Problems https://lauren.vortex.com/2018/08/15/fixing-googles-gmail-spam-problems https://lauren.vortex.com/2018/08/15/fixing-googles-gmail-spam-problems#comments Wed, 15 Aug 2018 17:34:06 +0000 https://lauren.vortex.com/?p=3630 Continue reading "Fixing Google’s Gmail Spam Problems"]]> The anti-spam methodology used by Google’s Gmail system — and most other large email processing systems — suffers a glaring flaw that unfortunately has become all too traditionally standard in email handling.

One of the most common concerns I receive from Google users is complaints that important email has gone “missing” in some mysterious manner.

The mystery is usually quickly solved — but a real solution is beyond my abilities to deploy widely on my own.

The problem is the ubiquitous “Spam” folder, a concept that has actually helped to massively increase the amount of spam flowing over the Internet.

Many users turn out to not even realize that they have a Spam folder. It’s there, but unnoticed by many.

But even users who know about the Spam folder tend to rarely bother checking it — many users have never looked inside, not even once. Google’s spam detection algorithm is so good that non-spam relatively rarely ends up in the Spam folder.

And therein lies the rub. Google’s algorithms are indeed good, but of course are not perfect. False positives — important email getting incorrectly relegated to the Spam folder — can be a really big deal — especially when important financial notifications are concerned, for example.

In theory, routine use of Gmail’s “filter” options could help to tame this problem and avoid some false positives being buried unseen. But the reality is that many of these important false positives are not from necessarily expected sources, and many users don’t know how to use the Gmail filter system — and in fact may be totally unaware of its existence. And frankly, the existing Gmail filtering user interface is not well suited to having large and growing numbers of filters of the sort needed to try deal with this situation (either from the standpoint of actual spam or false positives) — trust me on this, I’ve tried!

So could we just train users to routinely check the Spam folder for important stuff that might have gotten in there by accident? That’s a tough one, but even then there’s another problem.

Many Gmail users receive so much spam — much of it highly repetitive — that manually plowing through the Spam folder looking for false positives is necessarily time consuming and prone to the error of missing important items, no matter how careful you attempt to be. Ask me how I know!

This takes us to the intrinsic problem with the Spam folder concept. Gmail and most other major mail systems accept many of the spam emails from the creepy servers that vomit them across the Net by the billions. Then they’re relegated to users’ spam folders, where they help to bury the important non-spam emails that shouldn’t be in there in the first place.

Since Google accepts much of this spam, the senders are happy and keep sending spam to the same addresses, seemingly endlessly. So you keep seeing the same kinds of spam — ranging from annoying to disgusting — over and over and over again. The sender names may vary, the sending servers usually have obviously bogus identities, but (unlike some malware that Google rejects immediately) the spam keeps getting delivered anyway.

The solution is obvious, even though nontrivial to implement at Google Scale. It’s a technique used by many smaller mail systems — my own mail servers have been using variations of this technique for decades.

Specifically, users need to be able to designate that particular types of spam will never be delivered to them at all, not even to the Spam folder. Attempts at delivering those messages should be rejected at the SMTP server level — we can have a discussion later about the most appropriate reject response codes in these circumstances, there are various ways to handle this.

Specifying the kinds of spam messages to be given this “delivery death penalty” treatment is nontrivial, both from a user interface and implementation standpoint — but I suspect that Google’s AI resources could be of immense assistance in this context. Nor would I assert that a “real-time” reject mechanism like this would be without cost to Google — but it would certainly be immensely useful and user-positive.

The data from my own servers suggests that once you start rejecting spam email rather than accepting it, the overall level of spam attempts ultimately goes down rather than up. This is especially true if spam attempts are greeted with a “no such user” reject even when that user actually exists (yes, this is a controversial measure).

There are certainly a range of ways that we could approach this set of problems, but I’m convinced that the current technique of just accepting most spam and tossing it into a Spam folder is not helping to stop the scourge of spam, and in fact is making it far worse over time.

–Lauren–

]]>
https://lauren.vortex.com/2018/08/15/fixing-googles-gmail-spam-problems/feed 4
Location Tracking: Google’s the One You DON’T Need to Worry About! https://lauren.vortex.com/2018/08/14/location-tracking-googles-the-one-you-dont-need-to-worry-about Tue, 14 Aug 2018 17:33:44 +0000 https://lauren.vortex.com/?p=3616 Continue reading "Location Tracking: Google’s the One You DON’T Need to Worry About!"]]> I must keep the post brief today but this needs to be said. There are a bunch of stories currently floating around in the news globally, making claims like “Google tracks your location even when you tell it not to!” and other alarming related headlines.

This is all false hype-o-rama.

Google has a variety of products that can make use of location data, both desktop and mobile, and of course there are various kinds of location data in these contexts — IP address location estimates, cell phone location data, etc. So it’s logical that these need to be handled in different ways, and that users have appropriate options for dealing with each of them in different Google services. Google explains in detail how they use this data, the tight protections they have over who can access this data — and they never sell this data to anyone. 

Google pretty much bends over backwards when it comes to describing how this stuff works and the comprehensive controls that users have over data collection and deletion (see: “The Google Page That Google Haters Don’t Want You to Know About” – https://lauren.vortex.com/2017/04/20/the-google-page-that-google-haters-dont-want-you-to-know-about).

Can one argue that Google could make this even simpler for users to deal with? Perhaps, but how to effectively make it all even simpler than it is now in any kind of practical way is not immediately obvious.

The bottom line is that Google gives users immense control over all of this. You don’t need to worry about Google.

What you should be worrying about is the entities out there who gather your location data without your consent or control, who usually never tell you what they’re doing with it. They hoard that data pretty much forever, and use it, sell it, and abuse it in ways that would make your head spin.

A partial list? Your cellular carrier. They know where your phone is whenever it’s on their network. They collect this data in great detail. Turning off your GPS doesn’t stop them — they use quite accurate cell tower triangulation techniques in that case. Most of these carriers (unlike Google, who has very tight controls) have traditionally provided this data to authorities with just a nod and a wink!

Or how about the license plate readers that police and other government agencies have been deploying like mad, all over the country! They know where you drive, when you travel — and they collect this data in most cases with no real controls over how it will be used, how long it will be held, and who else can get their hands on it! You want someone to be worried about, worry about them!

And the list goes on.

It’s great for headlines and clickbait to pound on Google regarding location data, but they’re on the side of the angels in this debate.

And that’s the truth.

–Lauren–

]]>
Google Must End Its Silence About Censored Search in China https://lauren.vortex.com/2018/08/09/google-must-end-its-silence-about-censored-search-in-china Thu, 09 Aug 2018 19:09:20 +0000 https://lauren.vortex.com/?p=3603 Continue reading "Google Must End Its Silence About Censored Search in China"]]> UPDATE (August 17, 2018): Google Admits It Has Chinese Censorship Search Plans – What This Means

– – –

It has now been more than a week since public reports began surfacing alleging that Google has been working on a secret project — secret even from the vast majority of Googlers — to bring Chinese government-censored Google search and news back to China. (Background info at: “Google Haters Rejoice at Google’s Reported New Courtship of China” – https://lauren.vortex.com/2018/08/03/google-haters-rejoice-at-googles-reported-new-courtship-of-china).

While ever more purported details regarding this alleged effort have been leaking to the public, Google itself has apparently responded to the massive barrage of related inquiries only with the “non-denial denial” that they will not comment on speculation regarding their future plans.

This radio silence has seemingly extended to inside Google as well, where reportedly Google executives have yet to issue a company-wide explanation to the Google workforce, which includes many Googlers who are very concerned and upset about these reports.

With the understanding that it’s midsummer with many persons on vacation, it is still of great concern that Google has gone effectively mute regarding this extremely important and controversial topic. The silence suggests internal management confusion regarding how to deal with this situation. It’s upsetting to Google’s fans, and gives comfort to Google’s enemies.

Google needs to issue a definitive public statement addressing these concerns. Regardless of whether the project actually exists as reports have described — or if those detailed public reports have somehow been false or misleading — Google needs to come clean about what’s actually going on in this context.

Google’s users, employees, and the global community at large deserve no less.

Google, please do the right thing.

–Lauren–

]]>
Google Haters Rejoice at Google’s Reported New Courtship of China https://lauren.vortex.com/2018/08/03/google-haters-rejoice-at-googles-reported-new-courtship-of-china Fri, 03 Aug 2018 20:53:54 +0000 https://lauren.vortex.com/?p=3595 Continue reading "Google Haters Rejoice at Google’s Reported New Courtship of China"]]> UPDATE (August 17, 2018): Google Admits It Has Chinese Censorship Search Plans – What This Means

UPDATE (August 9, 2018): Google Must End Its Silence About Censored Search in China

– – –

It’s already happening. Within a day of word that Google is reportedly planning to provide Chinese government-dictated censored search results and censored news aggregation inside China, the Google Haters are already salivating at the new ammunition that this could provide Congress to pillory Google and similarly castrate them around the world — for background, please see: “Censored Google Search for China Would Be Both Evil and Dangerous!” (https://lauren.vortex.com/2018/08/01/censored-google-search-for-china-would-be-both-evil-and-dangerous).

While Google has not confirmed these reports, the mere prospect of their being correct has already brought the righteous condemnation of human rights advocates and organizations around the globe.

And already, in the discussion forums that I monitor where the Google Haters congregate, I’m seeing language like “Godsend!” – “Miracle!” — “We couldn’t have hoped for anything more!”

It’s obvious why there’s such rejoicing in those evil quarters. By willingly allying themselves with the censorship regimes of the Chinese government that are used to repress and torment the Chinese people, Google would put itself in the position of being perceived as the willing pawn of those repressive Chinese Internet policies that have been growing vastly more intense, fanatical, and encompassing over recent years, especially since the rise of “president for life” Xi Jinping.

Already embroiled in antitrust and content management/censorship controversies here in the U.S., the European Union, and elsewhere, the unforced error of “getting in bed” with the totalitarian Chinese government will provide Google’s political and other enemies a whole new line of attack to question Google’s motives and ethical pronouncements. You can already visualize the Google-hating congressmen saying, “Whose side are you on, Google? Why are you helping to support a Chinese government that massively suppresses its own people and continues to commit hacking attacks against us?” We’ll be hearing the word “hypocritical” numerous times during numerous hearings, you can be sure. 

We can pretty well predict Google’s responses, likely to be much the same as they made back in 2006 during their original attempt at “playing nice” with the Chinese censors, an effort Google abandoned in 2010, after escalating demands from China and escalating Chinese hacking attacks.

Google will assert that providing some services — even censored in deeply repressive ways — is better than nothing. They’ll suggest that the censored services that would be provided would help the Chinese citizenry, despite the fact that the very results being censored, while perhaps relatively small in terms of overall percentages, would likely be the very search results that the Chinese people most need to see to help protect themselves from their dictatorial leaders’ information control and massive human rights abuses. Google will note that they already censor some results in countries like France and Germany (for example, there are German laws relating to Nazi-oriented sites).

But narrow removal of search results in functional democracies is one thing The much wider categories of censorship demanded by the Chinese government — a single-party dictatorship that operates vast secret prison and execution networks — is something else entirely. It’s like comparing a pimple with Mt. Everest. 

And that’s before the Chinese start escalating their demands. More items to censor. Access to users’ identity and other private data. Localization of Google servers on Chinese soil for immediate access by authorities.

Worst of all, if Google is willing to bend over and kowtow to the Chinese dictators in these ways, every other country in the world with politicians unhappy with Google for one reason or another will use this as an example of why Google should provide similar governmental censorship services and user data access to their own regulators and politicians. After all, if you’re willing to do this for one of the world’s most oppressive regimes, why not for every country, everywhere?

As someone with enormous respect for Google and Googlers, I can’t view these reports regarding Google and China — if accurate — as anything short of disastrous. Disastrous for Google. Disastrous for their users. Disastrous for the global community of ordinary users at large, who depend on Google’s search honesty and corporate ethics as foundations of daily life.

Joining with China in providing Chinese government-censored search and news results would provide haters and other evil forces around the planet the very ammunition they’ve been waiting for toward crushing Google, towards putting Google under micromanaged government control, toward ultimately converting Google into an oppressive government propaganda machine.

It could frankly turn out much worse for the world than if Google had never been created at all, 20 years ago.

I’m still hoping that these reports are inaccurate in key respects or in their totality. But even if they are correct, then Google still has time to choose not to go down this dark path, and I would strongly urge them not to move forward with any plans to participate in China’s repressive and dangerous totalitarian censorship regime.

–Lauren–

]]>
Prediction: Unless Security Keys Are Free, Most Users Won’t Use Them https://lauren.vortex.com/2018/08/02/prediction-unless-security-keys-are-free-most-users-wont-use-them Thu, 02 Aug 2018 21:33:58 +0000 https://lauren.vortex.com/?p=3573 Continue reading "Prediction: Unless Security Keys Are Free, Most Users Won’t Use Them"]]> Various major Internet firms are currently engaged in a campaign to encourage the use of U2F/FIDO security keys (USB, NFC, and now even Bluetooth) to encourage their users to avoid use of other much more vulnerable forms of 2sv (2-factor) login authentication, especially the most common and illicitly exploitable form, SMS text messaging. In fact, Google has just introduced their own “Titan” security keys to further these efforts.

Without getting into technical details, let’s just say that these kinds of security keys essentially eliminate the vulnerabilities of other 2sv mechanisms, and given that most of these keys can support multiple services on a single physical key, you might assume that users would be snapping them up like candy.

You’d be wrong in that assumption.

I’ve spent years urging ordinary users (e.g., of Google services) to use 2sv of any kind. It’s a very, very tough slog, as I noted in:

Google Users Who Want to Use 2-Factor Protections — But Don’t Understand How: https://lauren.vortex.com/2017/06/10/google-users-who-want-to-use-2-factor-protections-but-dont-understand-how

But even beyond that category of users, there’s a far larger group of users who simply don’t see the point with “hassling” to use 2sv at all, resulting in what Google itself has publicly noted is a depressingly low percentage of users enabling 2sv protections.

Beyond logistical issues regarding 2sv that confuse many potential users, there’s a fundamental aspect of human nature involved.

Most users simply don’t believe that THEY are going to be hacked (at least, that’s their position until it actually happens to them and they come calling too late with desperate pleas for assistance).

Frankly, I don’t know of any “magic wand” solution for this dilemma. If you try to require 2sv, you’ll likely lose significant numbers of users who just can’t understand it or give up trying to make it work — bad for you and bad for them. They’re mostly not techies — they’re busy people who depend on your services, who simply do not see any reason why they should be jumping through what they perceive to be more unnecessary hoops — and this means that WE have not explained this all adequately and that OUR systems are not serving them well.

If you blame the users, you’ve already lost the argument.

Which brings us back to those security keys. Given how difficult it is to get most users to enable 2sv at all, how much harder will it be (even if the overall result is simpler and far more secure) to get users to go the security key route when they have to pay real money for the keys?

For many persons, the $20 or so typical for these keys is significant money indeed, especially when they don’t see the value of really having them in the first place (remember, they don’t expect to ever be hacked).

I strongly suspect that beyond “in the know” business/enterprise users, achieving major uptake of security keys among ordinary user populations will require that those keys be provided for free in some manner. Pricing them down to only a few dollars would help, but my gut feeling is that vast numbers of users wouldn’t pay for them at any price, perhaps often because they don’t want to set up payment methods in the first place.

That problem may be significantly reduced where users are already used to paying and have payment methods already in place — e.g. for the Android Play Store. 

But even there, $20 — even $10 — is likely to be a very tough sell for a piece of hardware that most users simply don’t really believe that they need. And if they feel that this purchase is being “pushed” at them as a hard sell, the likely result will be resentment and all that follows from that.

On the other hand, if security keys were free, methodologies such as:

How to “Bribe” Our Way to Better Account Security: https://lauren.vortex.com/2018/02/11/how-to-bribe-our-way-to-better-account-security

might be combined with those free keys to dramatically increase the use of high quality 2sv by all manner of users — including techies and non-techies — which of course should be our ultimate goal in these security contexts.

Who knows? It just might work!

Be seeing you.

–Lauren–

]]>
Censored Google Search for China Would Be Both Evil and Dangerous! https://lauren.vortex.com/2018/08/01/censored-google-search-for-china-would-be-both-evil-and-dangerous Wed, 01 Aug 2018 19:43:22 +0000 https://lauren.vortex.com/?p=3554 Continue reading "Censored Google Search for China Would Be Both Evil and Dangerous!"]]> UPDATE (August 17, 2018): Google Admits It Has Chinese Censorship Search Plans – What This Means

UPDATE (August 9, 2018): Google Must End Its Silence About Censored Search in China

UPDATE (August 3, 2018): Google Haters Rejoice at Google’s Reported New Courtship of China

UPDATE (August 2, 2018): New reports claim that Google is also now working on a news app for China, that would similarly be designed to enable censoring by Chinese authorities. Google has reportedly replied to queries about this with the same non-denial generic statement noted below.

– – –

A report is circulating widely today — apparently based on documents leaked from Google — suggesting that Google is secretly working on a search engine interface (probably initially an Android app) for China that would — by design — be heavily censored by the totalitarian Chinese government. Want to look at a Wikipedia page? Forget it! Search for human rights? No go, and the police are already at your door to drag you off to a secret “re-education” center.

Google has so far not denied the reports, and today has discouragingly only issued generic “we don’t comment on speculation regarding future plans” statements. Ironically, this is all occurring at the same time that Google has been increasing its efforts to promote honest journalism, and to fight against fake news that can sometimes pollute search results.

There’s no way to say this gently or diplomatically: Any move by Google to provide government censored search services to China would not only be evil, but also incredibly dangerous to the entire planet.

The Chinese are wonderful people, but their government is an absolute dictatorship — now with a likely president for life — whose abuse of its own citizens and hacking attempts against the rest of the world have been increasing over recent years. Not getting better, getting far, far worse.

Information control and censorship is at the heart of China’s human rights abuses that include a vast network of secret prisons and undocumented mass executions. Say the wrong thing. Try to look at the wrong webpage. You can just vanish, never to be seen again.

The key to how the Chinese tyrants control their population is the government’s incredibly massive Internet censorship regime, which carefully tailors the information that the Chinese population can see, creating a false view of the world among its citizens — incredibly dangerous for a country that has a vast military and expansionist goals.

Anybody — any firm — that voluntarily participates in the Chinese censorship regime becomes an equal partner in the Chinese government’s evil, no matter attempts to provide benign justifications or explanations.

If this all sounds a bit familiar, it’s because we’ve been over this road with Google before. Back in 2006, I happened to be giving a talk at Google’s L.A. offices the same day that Google announced its original partnership with the Chinese government to provide a censored version of Google. My relevant comments about that are here: 

https://www.youtube.com/watch?v=PGoSpmv9ZVc&feature=youtu.be&t=1448

Later related discussion that same year followed, including:

“Google, China, and Ethics” – https://lauren.vortex.com/archive/000180.html

And then in 2010 when Google wisely terminated their participation in the oppressive Chinese censorship regime:

Bulletin: Google Will No Longer Censor Chinese Search Results — May End China Operations – https://lauren.vortex.com/archive/000667.html

In the ensuing eight years, much has changed with China. They’re even more of a technological powerhouse now, and they’re even more dictatorial and censorship-driven than before. 

All the fears about censored Google search for China that we had back in 2006, including a vast slippery slope of additional dangers to innocent persons both inside and outside of China, are still in force — only now magnified by orders of magnitude.

It obviously must be painful for Google to sit by and watch their less ethical competitors cozy up to Chinese human rights abusing leaders, as those firms suckle at the teats of the Chinese government and its money. 

And in fact, Google has already made some recent inroads with China — with a few harmless apps and shared AI research — all efforts that I generally support in the name of global progress.

But search is different. Very different. Search is how we learn about how the world really works. It’s how we separate reality from lies, how we put our lives and our countries in context with the entire Earth that we all must share. The censorship of search is a true Orwellian terror, since it helps not only to hide accurate information, but by extension promotes the dissemination of false information as well.

It’s bad enough that the European Union forces Google (via the “Right To Be Forgotten”) to remove valid and accurate search results pointing to information that some Europeans find to be personally inconvenient. 

But if reports are correct that Google plans to voluntarily ally itself with Chinese dictators and their wholesale censorship of entire vast categories of crucial information — inevitably in the furtherance of those leaders’ continuing tyrannies — then Google will not only have gone directly and catastrophically against its most fundamental purposes and ideals, but will have set the stage for similar demands for vast Google-enabled mass censorship from other countries around the world.

I’m sorry, but that’s just not the Google that I know and respect.

–Lauren–

]]>