Apple’s New Cookie Policy Looks Like a Potential Disaster for Users

UPDATE (September 15, 2017): Google’s Stake Through the Hearts of Obnoxious Autoplay Videos

– – –

Apple wants to play Big Brother. Really Big Brother. Big Brother who knows oh so much more than you do about what you want from your web browsing experience. Apple’s plans for this hostile takeover were actually laid out publicly last June, but the you-know-what is just starting to really hit the fan now.

This is going to eventually sock you in the face if you use Apple’s Safari browser, or even other browsers like Google’s Chrome on iOS 11 devices such as the iPhone (those non-Apple browsers still must use Apple’s WebKit framework on iOS). 

This gets very technical very quickly, so I’m going to try leave the techie part aside for now as much as possible, and lay out in broad strokes the mess that Apple is about to create for its users — and for the broader Internet.

In a nutshell, Apple has created a nightmarish witch’s brew of a system to ostensibly protect users from web cookies. In the process, they’re going to breaking stuff left, right, up, down, and in directions you’d need more than three dimensions to describe.

Most of us (except for European Union bureaucrats) are long since past abject and unreasoning fear of web cookies. While they can be abused, they’re also critical for routine operations at most sites, including such basic functions as persistent logins and a long list of other crucial functions. 

Up until now, it has been generally the case that “first-party” cookies — cookies sent by the same site that you’re browsing — are generally considered to be safe. “Third-party” cookies — coming from other sites — may be completely safe as well (delivering images, enabling cross-site logins, and much more), though they can also have a more checkered reputation when used for tracking purposes (so various controls on third-party cookies have become relatively common).

But now Apple, in a move that clearly seems to be based more on their public relations needs then on genuine concerns about user privacy, will apparently also be taking default control of first-party cookies as well, in a manner that could unleash vast collateral damage across the Internet.

Advertising groups are livid, fearing that the new system will decimate even user opt-in ad personalization systems, and end up favoring ads via sites like Facebook and Google where users tend to stay logged in perpetually.

And indeed, an examination of Apple’s specs for their new cookie control system — even after multiple readings — is enough to give you a headache for the ages. Since we hopefully can agree that consistent rules regarding cookie management are important to making modern websites work, then we should also be able to agree that a plan to throw a unilateral monkey wrench into that paradigm is a recipe for user confusion across the board.

Apple’s plan is basically to use an enormously complicated (and basically opaque) system to “mystically divine” whether particular cookies are good or evil, irrespective of how they were served to the user, and then apply Apple’s own rules about how those cookies may be used and how long they may persist, based on (for example) whether you’ve visited a site in the last 24 hours for one classification, or in the last 30 days for another. (Why 24 hours? Why 30 days? ‘Cause Apple says so.)

I don’t have any love for abusive Web ads or secretive tracking — but we also must understand that ads are what pay for most of the Web sites that we expect to use for free. Apple’s approach is incredibly heavy-handed and primed for all manner of creepy undesirable breakages and other negative side-effects affecting honest sites. 

Contrast this with Google’s much more sensible plan to by default block some particular classes of ads in Chrome (obnoxious autoplay videos for example), rather than tampering with the underlying cookie mechanisms on which the foundational structure of most websites now depend.

In the end of course, the real bad players that Apple claims are its focus will figure out ways to work around Apple’s system, leaving the good websites to deal with broken cookies and confused, upset users.

Back to its earliest Steve Jobs days, Apple has always been a control freak. “Our hardware! Our OS! You’ll pay through the nose — and you’ll convince yourself that you like it!”

As far as I can discern right now, Apple’s new cookie control scheme is much less about user privacy than it is about Apple trying to take control over basic Internet functionalities — everyone else be damned.

–Lauren–

The Google Account “Please Help Me!” Flood

Since I again started discussing how to protect Google Accounts — e.g. very recently in “Protecting Your Google Account from Personal Catastrophes” — https://lauren.vortex.com/2017/09/07/protecting-your-google-account-from-personal-catastrophes — I’ve been flooded with queries by Google users with confusion over Google Account issues of all sorts.

Most of them have indeed never heard of Takeout or Inactive Account Manager and many are confused about account recovery numbers and addresses, 2-factor setups, usage, and much more.

I even got a note from a Googler thanking me for that article, noting that he had never even heard of Inactive Account Manager himself!

At last count, I have over 140 specific queries (and rapidly rising) on these topics from just the last few days that I’m trying to triage. I can handle most of these through explanations myself — I always try to help where I can — but frankly it’s extremely time consuming — and doesn’t help to keep the lights on around here.

And it’s just so very wrong that I’m doing this, rather than Google having a staffer filling this kind of role to take care of these Google users — these people in desperate need of such assistance.

I know the excuses and I know the scaling concerns but it’s shameful nonetheless. If I can do this much myself from the outside, surely Google has the resources to get somebody to do as much from the inside, who is actually getting paid for their efforts at public outreach and assisting these dedicated Google users?

I’m sure it’s not a matter of money for Google. They just need to truly care about their users who depend on Google just like the rest of us, but who are being rapidly left behind under the status quo.

C’mon Google! You can do this!

–Lauren–

Protecting Your Google Account from Personal Catastrophes

UPDATE (September 12, 2017): The Google Account “Please Help Me!” Flood

– – –

In response to many queries, I’ve written quite a bit about issues that can sometimes go wrong with Google Accounts, and how to proactively help to avoid these situations, e.g.:

“The Saga of a Locked-Out Google User” – https://lauren.vortex.com/2017/09/05/the-saga-of-a-locked-out-google-user

“I’ve been locked out of my Google account! What can I do? How can I prevent this in the future? HELP!” – https://lauren.vortex.com/archive/001159.html

“Do I really need to bother with Google’s 2-Step Verification system? I don’t need more hassle and my passwords are pretty good.” – https://plus.google.com/+LaurenWeinstein/posts/avKcX7QmASi

Yet while Google Account problems can sometimes occur despite users’ best efforts, proper use of the tools and systems that Google already provides can go a long way toward avoiding these unfortunate events — with use of recovery addresses/mobile phone numbers, and 2-factor authentication tools among the most important. Unfortunately, many users don’t bother to pay attention to these until *after* they’re having problems.

There are other extremely useful Google tools for protecting your Google Account as well, and like so many good things Google, the firm (for reasons difficult for many observers to fathom) doesn’t always do a particularly good job of publicizing these — demonstrated by the fact that so many even long-time Google users don’t even know that these exist until I mention them. Let’s cover a few of these.

A biggie is Google Takeout, at:

https://google.com/takeout

This is an incredible resource, providing the capability for you to download virtually all of your data stored at Google — selectively or en masse — across the wide range of Google services. This is a world-class tool — if only every other firm offered something like this. You can download your data to take it elsewhere, or just on general principles if you prefer. It’s up to you. The next time that some Google Hater starts ranting the lie that Google somehow locks up your data, you’ll know how to respond to them.  

One limitation to Takeout is that you must use it while you still have access to your Google Account. If you’re locked out or otherwise unable to use the account, you can’t access Takeout to reach your data.

So what happens to your data if you’re in an accident, or become ill, or worse? Nobody likes to think about these sorts of possibilities, but they’re very real.

Google’s “Inactive Account Manager” is the tool that lets you proactively plan for such situations:

https://support.google.com/accounts/answer/3036546

This tool lets you designate a Trusted Contact who will have access to the parts of your Google data that you specify, if your Google Account becomes inactive for a period of time that you indicate. With so much of our lives online now, this is an extremely important tool that you’ve likely never heard of before. 

But remember, like with Takeout, you must set it up *before* the need to actually use it arises.

Related to Inactive Account Manager, there is another Google Accounts associated link that none of us ever wants to visit, though realistically many of us may eventually need to.

A Google form to “Submit a request regarding a deceased user’s account” exists at:

https://support.google.com/accounts/troubleshooter/6357590 

Its purpose is self-explanatory, and as it notes, proactive use of Inactive Account Manager can avoid needing this form in many situations — but Google has provided this form as a means to communicate with them directly in these circumstances when necessary.

Google has obviously given a lot of thought to these issues, and their teams have put a lot of work into implementations and deployments of associated services and tools. 

My primary criticisms in this context are that despite these excellent efforts, too many honest users still fall through the cracks and become trapped in account lockout situations through no faults of their own — and often with no perceived practical recourse — and that Google often does a poor job of publicizing the high quality tools that they have already created to deal with a range of user account issues.

Google’s technology is always excellent. Their public communications, outreach, and user support — especially for non-techie users — can be significantly less so.

One thing is certain. Google and its immensely talented Googlers have the capacity to significantly improve in these latter three areas, given the will to do so and an appropriate allocation of resources to these ends.

I have faith that Google will ultimately accomplish this, in the interests of Google itself, for their vast numbers of users, and toward the betterment of the community at large.

–Lauren–

The Saga of a Locked-Out Google User

ALSO (March 25, 2016): I’ve been locked out of my Google account! What can I do? How can I prevent this in the future? HELP! 

– – –

With the help of the Google Accounts team (thanks!), whom I reached through my informal channels at Google, a desperate user who contacted me — locked out of her G account since before the Labor Day weekend — including all of her associated personal and business data — has now been restored to full access.

This is by no means the first time that I’ve been involved in such a situation. In fact I’ve proceeded this way on multiple occasions when Google users reach out to me in desperation, after failing with all of the “normal” Google account recovery methods — through no fault of their own.

I am glad to help when I can, but as I emphasize to them, I do not currently have any official connection with Google, and I cannot guarantee any particular results.

Even more to the point, I shouldn’t be needed to do this at all!

Google Account recovery procedures and appeal flows should be designed to deal with these situations correctly in the first place.

It’s wrong that users feel it necessary to come to me with these kinds of Google problems, having gotten my name from their friends, web pages, or stories they heard about on radio.

By the time that they reach me, they’re upset beyond measure, and feel that Google has abandoned them.

Google can do a whole lot better!

Again, thanks very much to the Accounts Team and everyone else at G who helped to get this user back online with her Google account.

–Lauren–

The Vile Monster Donald Trump Stabs the DACA Dreamers in their Backs

Donald Trump has now clearly revealed himself to be the monster that so many of us have long suspected him to be. A vile, racist, lying creature of evil.

Remember how he kept saying that the DACA Dreamers would be OK? These are 800 thousand kids who know no home other than the USA — brought here very young by their parents and not of their own free will. Kids who have grown into productive jobs of all kinds — and in our own military protecting our country. Kids who have provided the government with their personal information because they were promised that it would never be used against them.

Remember how Trump repeatedly said that they had nothing to worry about? That he was going to show them great heart?

That’s all now exposed as the worst kind of lies by a man who isn’t even really a man any more — he’s the Gollum of politics, a perverted little creature whose mind has been twisted by greed and power. Trump is such a quivering coward that he sent out his minion Jeff Sessions to announce the termination of DACA — rather than showing up to make the announcement himself.

The GOP must cast him out of the White House as the vermin he is, a malignant disease in the body of this great country. He must be banished back to his world of real estate cons and gold-plated toilets.

And Congress must act to permanently protect the DACA Dreamers. Right now.

Or the same ignominious fate awaiting Trump awaits you all as well.

You can count on it.

–Lauren–

How Twitter Bends over Backwards to Keep Hate Speech Online

Plowing through my inbox this morning, I came upon a disturbing message from a person asking for my help in dealing with a racist, antisemitic Twitter user.

This Twitter user — self-identified as being in South Africa — had tweeted that he considered Jews being processed into lamp shades and soap as positive aspects of the Holocaust.

Twitter’s Terms of Service seem fairly explicit on this score:

Examples of what we do not tolerate includes, but is not limited to behavior that harasses individuals or groups of people with … references to mass murder, violent events, or specific means of violence in which/with which such groups have been the primary targets or victims …

Obviously that South African Twitter user’s tweet falls squarely into this category.

Yet my correspondent insists that they’ve been reporting that user to no avail — the vile tweet is still online.

Or is it?

I can definitely see it from here in L.A.

But when I noted this situation on Google+, within minutes a follower in Germany commented that he couldn’t see it. In fact, it’s specifically marked by Twitter as being “withheld” from him.

He graciously performed a few experiments with a VPN and quickly verified what we both had been suspecting.

Twitter appears to be geoblocking that hate speech in Germany, where strong laws against such speech are on the books, but is permitting that same hate speech to appear elsewhere, even though it clearly is in violation of Twitter’s own stated Terms of Service.

Effectively, Twitter is playing the complicit stooge with this disgusting Twitter user, “bending over backwards” to assure that their antisemitic garbage gets the widest possible global audience, while not running afoul of Germany’s specific laws.

This is a disgrace. It is yet another example of Twitter’s apparent willingness to give racists, antisemites, sexists, bullies, and other purveyors of hateful evil every possible benefit of the doubt.

For all of their talk, it’s clear that in key respects Twitter is still voluntarily tolerating obvious hate on their platform.

Twitter’s management should be ashamed of itself. Twitter’s employees are being humiliated. And the company’s stockholders should feel mortified.

–Lauren–

Why Google Doesn’t Promote Their Great “My Activity” Feature

A couple of evenings ago, during a discussion of Google issues on the national radio venue where I frequently guest, I urged listeners to visit Google’s excellent “My Activity” feature (https://google.com/myactivity).

I’m used to getting “Now I understand, why didn’t anybody ever explain this to me that way before?” emails after my Google discussions, but the response to my mentioning My Activity was very strong and somewhat different, more like “Wow, this is great. Why the hell does Google hide this feature?”

Google doesn’t actually hide it, but the number of persons noting that they’d never before heard of My Activity got me thinking.

In fact, it’s not just radio audiences who seem to be largely unaware of MA, but it’s interesting how many highly technical, long-term Google users have expressed surprise when I’ve mentioned it to them — they were unaware of it also.

And this is really a shame, because MA is a fantastic tool, providing world-class access and control to users for their data on Google, in a comprehensive form that puts most other Internet firms to shame.

I’ve discussed MA in some detail previously, e.g.:

The Google Page That Google Haters Don’t Want You to Know About – https://lauren.vortex.com/2017/04/20/the-google-page-that-google-haters-dont-want-you-to-know-about

and:

Quick Tutorial: Deleting Your Data Using Google’s “My Activity” – https://lauren.vortex.com/2017/04/24/quick-tutorial-deleting-your-data-using-googles-my-activity

Yet this still begs the question. While references to MA show up in various Google services and help pages, there’s no evidence that I know of to suggest that Google ever has deployed a serious continuing “outreach” to the public in general to make them aware of MA — and so it appears that most people still don’t even realize that such an important feature exists — a feature, I might add, that directly retorts the false propaganda of Google Haters.

And therein may be the clue to this mystery. 

Google seems to have — perhaps since its earliest days — a deeply ingrained institutional fear of “Streisand Effect” blowbacks. Google seems to often believe that even having utterly false, fake, damaging propaganda about Google being widely circulated is somehow less of a risk than being upfront and direct about complex issues, even though Google is entirely on the side of the angels in those issues.

Here’s my guess. I suspect that Google is concerned that too much attention to the comprehensive nature of MA would cause too many users to become concerned regarding the scope of user data being presented, even though MA provides users with the ability not only to view and delete that data as they wish, but also to indicate their ongoing Google data collection preferences.

Google may be concerned that users will be “creeped out” by seeing their search and other activity histories in detail, even though those users are being given complete control over that data in the process.

Obviously I don’t know that these are actually Google’s concerns regarding MA. But to the extent that they might be, I would consider such concerns to be misguided at best, and not beneficial to Google or its users.

I base this largely on the sorts of experiences I noted above. When I “reveal” MA to people — techies and non-techies alike — the response I get is almost always the same — enthusiastic approval. 

And I think that the reason for this is fairly obvious. Most Internet users already assume that a lot of data is being collected from them in the course of providing the services that they depend upon. That horse is long since out of the barn.

The key question now is the degree of control that firms provide users over that data — and this is where Google’s My Activity shines so very brightly as a tremendously user-positive feature.

But yes, people need to know about it before they can use it!

All else being equal, one might assume Google preferring that users delete as little of their data as possible. The more data Google has, the better they can customize services, train machine learning algorithms, and perform other functions that benefit both Google and its users. 

But I would argue that overall, the benefits all around of widespread awareness and use of My Activity far outweigh any perceived negatives, and that, frankly, Google should be out there promoting its availability widely — not depending on third parties like me to sing its praises publicly.

Google will be 20 years old next year. It’s time for Google to outgrow its youthful fears of Streisand attacks around so many corners. Googlers do great work and Google is a great company. Google should fully embrace the ability of the public to appreciate what Google does, rather than so often treating the public as something to be somehow feared.

–Lauren–

Is Google a Cult?

Fired Google engineer James Damore, author of the infamous internal Google anti-diversity memo, and currently basking in the warm, apparently mutual embrace of the Nazi alt-right, seems to now be making something of a career out of spewing anti-Google propaganda, especially via right-wing media venues.

Amidst the accumulating pile of garbage claims that’s he’s been making, one in particular caught my eye, his statement that Google is “almost like a cult.”

My original tongue-in-cheek response to that bizarre comment was to suggest that the only “cult” I’ve seen inside Google is the “cult of coffee” — it could be argued that Google runs on equal parts of electricity, brains, and a vast river of that miracle brew. That’s a cult that I enthusiastically endorse!

But this really isn’t funny, and one has to wonder how Damore’s twisted view of Google actually developed.

One clue is that he was hired into Google directly from Harvard, where his behavior had apparently already forced the administration to publicly apologize for his sexist antics. So he presumably had no real experience inside the cultures of other major firms, and so no personal data points for realistic comparisons.

As the “old guy” in the room, I have the advantage of having seen the inner workings of a variety of technology and other firms over a significant span of years, with AT&T Bell Labs and Digital Equipment Corporation (DEC) in their heydays being perhaps the most relevant in this context.

I consulted to Google a few years ago for a considerable span, in an “embedded” mode that gave me access to the vast majority of internal resources that are available to full-time employees, and naturally I’ve interacted with significant numbers of Googlers (Google employees) at various levels, so I feel fairly confident about my understanding of Google’s culture.

Google is not a cult.

Google in fact has the healthiest overall internal corporate culture in my experience, an open internal culture that indeed encourages robust discussion to a degree that I’ve never seen at other large firms.

This is not only important for Google, it’s crucial to Google’s users as well.

During my time inside Google, I witnessed (and in fact participated in) discussions regarding various controversial internal issues, the ultimate results of which were very much positive for Google’s users. Were some of these discussions a bit heated at times? Sure, we’re dealing with human beings with human emotions, not robots.

But — and this is crucial — they were always respectful, not just in keeping with Google’s rules for employee conduct, but as should be the case for all corporate discussions, anywhere and everywhere.

And this is where Damore went seriously astray. His sexist “manifesto” was couched in the same sort of fake science, pseudo-statistical arguments and jargon long used by racists in their propagandistic efforts to belittle and berate blacks. We’ve seen it all before. It’s as ludicrous now as it was then.

Yet that’s not even the half of it. Much more than simply scientifically bogus, Damore’s screed was broadly and accurately interpreted inside Google as a barely veiled threat against women at Google, a toxic attempt to “push them back into their place” and poison their abilities to work with men on teams going forward. Whether or not this was actually Damore’s intent is impossible to judge with certainty, but the damage was done, and even the naivete of the young is not an excuse for this kind of attack. His utterly unrepentant stance toward the events leading to his firing at least strongly suggests that this was exactly his intention, however.

Damore is apparently not without his supporters inside Google — the leaking of internal Google discussions and the subsequent targeting of innocent Googlers by the Nazi alt-right is clear enough evidence of that. In any large organization today, you’re bound to have at least a few employees willing to try poison a culture toward the furtherance of their own hateful political motives.

But the vast, overwhelming majority of Googlers are immensely proud of Google, and they have every right to be. And I believe that they will assure that Google’s open internal culture will survive Damore and the attacks against Google that he has inspired.

That’s very good news for Googlers, and for Google users like you and me.

–Lauren–

Limits of Speech: How Trump’s Nazis Forced the Internet to Grow Up

Political theorist Niccolò Machiavelli’s 16th century treatise “The Prince” is frequently dismissed as merely being a discussion of how to obtain and retain power — through any means necessary. But in actuality it’s far more, and addresses a much more complex question in which Machiavelli was intensely interested: Why throughout recorded history does evil so often triumph over good?

Or in terms of a contemporary maxim: Why do the good guys so often finish last?

Machiavelli recorded what he believed to be the uncomfortable truth that explains this seeming paradox.

Good so often fails to win out because it typically wishes to reach its goals through logic, fair process, and “good means” — while evil will lie, cheat, slash and burn in any and all ways necessary to reach its objectives, giving evil an enormous asymmetric advantage.

Machiavelli therefore postulated that if good really wants to succeed with its stated good goals, it must sometimes be willing to not play fair with evil, and be willing to suppress some of its natural instincts to always employ “honorable means” — for the sake of winning the war against evil.

Actor Cyril Cusack, in his role as a British spymaster in 1965’s “The Spy Who Came in from the Cold” expressed this “the ends justify the means” philosophy quite succinctly in a famous monologue, where he noted that “Our policies are peaceful, but our methods can’t afford to be less ruthless than those of the opposition.”

Of course in reality none of this necessitates a 1:1 correspondence between the behaviors of good and evil — but it does suggest that giving evil an “even break” is the surest way to be streamrolled by that evil.

And so we come to the horrific recent events in Charlottesville, and the sea changes now shaking the Internet and broader American society to their very cores.

I think it’s fairly safe to say that none of us working on the early ARPANET (that evolved into the Internet), ever dreamed in our worst nightmares that decades later we’d need to leverage this technology to fight bigots, sexists, racists, antisemites, and other public purveyors of the worst kinds of uncivilized hate who are being gleefully encouraged by a vile, lying, sociopathic President of the United States.

For the sake of brevity I’m referring to all of these groups — neo-Nazis, white supremacists, white nationalists, the KKK, the alt-right — all of them, as “Trump’s Nazis” — or simply Nazis for short. For they and Donald Trump are in a mutual embrace in the worst traditions of 1930s Germany, and represent an existential threat to the most intrinsic and important aspects of our wonderful country.

The sight of Trump’s Nazis marching openly in the streets of Charlottesville, torches proudly held high, screaming antisemitic, racist — even explicitly Hitler-era slogans at the tops of their lungs — was a plain enough signal that something had fundamentally changed in the USA, and that the rules we’ve been using up to now for dealing with such hate would need to be rapidly recalibrated.

The tragic death of Heather Heyer — murdered by one Trump’s Nazis — added an immediate urgency to reactions, even before Trump’s disgraceful attempts to draw a false equivalency between Nazis and those persons protesting Nazis — including his nauseating, repeated assertions that there were “many fine people” among the torch-bearing, Nazi-slogan screaming Charlottesville demonstrators. We’ve now heard that Heather’s brave mother is refusing to speak or meet with Trump, and that she’s receiving death threats as a result.

Since the beginnings of the Internet, we have all to a certain extent tended to treat it in some respects like a wonderful technological toy, where the real world implications of its impacts could generally be viewed rather lackadaisically much of the time.

Internet firms published Terms of Services — in many cases prohibiting hate speech — but these tended to be lightly and unevenly enforced. Trump’s Nazis quickly learned how to game associated Internet ad systems to generate income from all manners of racist, antisemitic, and other forms of video and written propagandistic hateful rhetoric.

In the wake of Trump’s election, some major Internet firms finally began to see the serious risks that their “hands off” attitude toward hate speech had exacerbated, and began taking early steps toward effectively dealing with these issues (please see: “No Donald Trump — We Will Not ‘Come Together’ with the Alt-Right Racists” — https://lauren.vortex.com/2017/08/13/no-donald-trump-we-will-not-come-together-with-the-alt-right-racists — and — “YouTube’s Excellent New Moves Against Hate Speech — But There’s More Work for Google to Do” – https://lauren.vortex.com/2017/06/18/youtubes-excellent-new-moves-against-hate-speech).

Then came Charlottesville, and what already had been heavy surf turned into a tidal wave of concern.

In the last week, we’ve seen Internet-related firms and others finally reacting with the kind of strong, ethical actions that many of us have long been urging in the context of dealing with hate groups on the Net.

Various of Trump’s Nazis and hate sites have finally been banned, and even the ACLU yesterday announced that it would no longer support the “speech rights” of groups that bring firearms to demonstrations — a change of staggering significance for the venerable organization.

There are naturally still some holdouts, “purists” who insist that Trump’s Nazis should be given a fair hearing, fair process, the benefit of the doubt.

DreamHost, an Internet service with whom I’ve been a satisfied customer for six years, announced that they would continue to host Nazi sites. In response, I immediately cancelled my account and told them in no uncertain terms why I was doing so.

The Electronic Frontier Foundation (EFF), proclaimed that this week’s moves against Nazis were “dangerous” — and expressed concerns that such actions might snowball into the suppression of other sorts of groups in the future.

Somewhat similarly, there have been concerns in some quarters that the public identifications of publicly marching, hateful slogan-yelling Nazis are unfair in that they might “upset” some of their lives if they were exposed to friends, families, and employers — or that the risks of incorrect identifications are too high.

I have no sympathy whatsoever for the publicly marching Trump’s Nazis whose lives might be upended by being identified. That’s worlds away and completely different from, for example, the unjustifiable exposing of innocent Google employees being targeted after leaks of internal discussions. I do agree that misidentifications of public Nazis should be minimized and quickly corrected. And I agree with EFF that risks exist regarding future reactions and possible future bannings.

But these concerns pale in comparison to the immensely more critical risks that immediately face us, which are impossible to overstate in terms of importance.

Literal Nazis are marching and yelling hate slogans openly in our streets, and murdering our citizens. The President of the United States is for all practical purposes — at best — an explicit Nazi sympathizer.

The old rules simply can no longer apply. In recent weeks, and especially in the last week, a war for the ethical core of America has broken out along multiple fronts, and it is no longer acceptable for any corporations, other organizations, or individuals themselves to proclaim a “neutral” stance in the face of the evil that now openly claims our streets and accurately proclaims the support of our smugly smiling President.

At the very least, we must de-emphasize and derank these hate groups on our search and social media platforms, and ethical firms must refuse to host them in any manner. I do not call for government censorship in this context. But these companies have every right to rigorously enforce their own Term of Service against hate.

Some observers have expressed concerns that driving these hate groups and individuals “underground” will make it more difficult to “monitor” their despicable activities. Don’t worry, they’ll still be kept under watch, and being kicked back out of the mainstream — which our technology permitted them to infiltrate — will significantly limit their abilities to monetize their hate and attract new converts.

Beyond the horrific tragedy of Charlottesville, it is another tragedy that we find ourselves in the position of having to endorse the fundamental tenets of Machiavelli’s observations regarding the struggles between good and evil.

It would be joyous indeed if we could realistically fight the specter of Trump’s Nazis with kindness, fairness, with logical discussions, and with unlimited, unrestricted free speech. Yet in a battle against armed Nazis in the streets and a president who supports them with his rhetoric, that cheerfully optimistic paradigm has been rendered both impotent and impossible.

Together, we will beat back Trump’s hatemongers, and we will keep our great country great — even in the face of such shameless evil.

But there is no standing by the sidelines this time. All legal means — even ones that we would ordinarily consider to be painful or distasteful — must be employed toward winning this war — and it is a war — for the soul of our country and for the sake of our children and future generations of Americans.

–Lauren–

No Donald Trump — We Will Not “Come Together” with the Alt-Right Racists

In the wake of the deadly alt-right demonstrations in Charlottesville, replete with explicit racist, antisemitic, Nazi-era imagery and chants, it’s been widely noted that Donald Trump has refused to specifically condemn the alt-right, Neo-Nazi, white supremacist, white nationalist movement that triggered the violence, nor to explicitly note the apparently dedicated alt-right beliefs of the driver who murdered one and injured many by plowing his car into a crowd of persons protesting against these groups.

That Trump has been reluctant so far to condemn these hate groups and their members, who insist that they’re doing what Trump wants them to do, and who are such a major portion of his voting base, is not at all surprising.  Perhaps in coming days he’ll feel the political need to say something more direct — but we know he’ll only do so under extreme duress.

Part of his original insipid, blame everybody on “many sides” attempts at creating false equivalence between these genuine and wannabe Nazis — vis-a-vis the protesters against them — was the all too familiar call for us to “come together as one.” But what does that really mean?

We can apply Spock-like logic to this one.

Fundamentally, we have two sides in this conflict. One side is blatantly and proudly racist, sexist, and antisemitic, spouting the same hate that their forebearers have been spewing since before the Civil War.

The other side is opposed to these hateful paradigms. 

Despite what Trump seems to imply and fervently wish, there is no moral equivalency between these two diametrically opposed attitudes. Especially in the wake of WWII — largely fought against exactly these kinds of hateful ideologies under discussion here — we’ve worked very hard to keep the Neo-Nazis and their ilk compartmented and isolated, away from the mainstream of civilized society. And until fairly recently, we were pretty successful at this.

The rise of the Internet, social media, and the income streams flowing from Net-based advertising changed this dynamic, and the election of Donald Trump was seen by these groups as a green light to go mainstream again.

They have grossly miscalculated. Major Internet firms are now pushing back on their lying, hateful propaganda in a variety of ways — see: “Google Has the Alt-Right Running Scared” (https://lauren.vortex.com/2017/08/12/google-has-the-alt-right-running-scared).

And the “coming together” pleas are being widely recognized as the illogical and banal babblings that they are.

Because — let’s face it — exactly who is going to come together? And how?

Are the alt-right racists and antisemites going to give up generations of Confederacy-inspired dogma? Are the rest of us supposed to accept their hateful view of the world? Or are we urged to somehow “compromise” — perhaps we move 50% toward accepting their hate, while they move 50% away from their hateful ideologies?

Ridiculous.

They’re not going to join us. And we’re most certainly not going to join them — no compromise is possible with such evil.

The only practical and ethical path forward is to push that evil back into its corner where it used to be, by condemning attempts at false equivalence and cutting off their ability to leverage our technological platforms to finance and spread their wickedness.

To the extent that their speech is not inciting violence (though all too often it does exactly that) they have a First Amendment right to spout their filth free of government interference — but the rest of us are not required to countenance their malevolence in our social media or search ecosystems.

When vampires suggest to you that “we come together” it’s pretty clear where you’re going to end up if you accept their recommendation.

It’s the same with the alt-right, their cohorts, and anyone who supports or tolerates them.

Our job now isn’t to come together with such evil — it’s to drive a stake through the heart of their newfound mainstream acceptability, and to fully take back our great country from their spreading malignancy.

–Lauren–

Google Has the Alt-Right Running Scared

There’s an old saying that it’s often difficult to “see the forest for the trees” — meaning that the details can obscure our ability to understand the overall aspects of a situation. But this past week, we’ve had an unusual opportunity to get an “overhead” view of the racist, sexist, antisemitic alt-right in operation, and the patterns that have emerged are of significant interest.

In particular, fired Googler James Damore’s rapid embrace of the alt-right, and their reciprocal embrace of him as their “useful idiot” of the moment, are extremely telling, especially the latter’s public targeting of individual Google employees (please see: “Google Employees Are Being Targeted by Alt-Right Racists” – https://lauren.vortex.com/2017/08/10/google-employees-are-being-targeted-by-alt-right-racists). 

If you mainly frequent “mainstream” media, I don’t blame you if you’re not aware of this twisted new romance and its direct ties to the pro-Trump media machine, all well documented in this excellent article.

After all, exploring the sordid swamps of alt-right websites is not everyone’s cup of tea.

But if you take the time to do so (I recommend not doing this after a meal, by the way) it quickly becomes obvious why wannabe Nazis (and the genuine Nazis, for that matter) have so quickly elevated Damore to alt-right hero status, already weaving his interviews — that he gleefully provided to alt-right superstars — into their propaganda writings and videos, with a full-bore attack against Google.

It’s all about the money.

For most of their existence, the major search and social media firms have generally treated the vast majority of content as being pretty much equivalent in terms of their appropriateness, a laissez–faire approach as it were, with the exception of clearly illegal materials.

But especially in the wake of Trump’s election, it has become clear that the essentially egalitarian nature of related ad network systems in particular have provided a massive funding stream to the worst of the alt-right hate sites and their affiliated fake news and propaganda operations, which — under the influence of their Russian masters — played a major role in electing the vile, lying sociopath now (occasionally, when he’s not playing golf) in the Oval Office.

Recently, the major firms like Google, Facebook, and others have taken steps that many of us have long recommended, and have begun more rigorously enforcing their existing Terms of Service (TOS) to reign in hate speech content that has been suckling on their ad money teats for far too long. These firms are free to determine what is or is not suitable for their platforms. The First Amendment — frequently touted by the hate groups — only applies to government actions related to speech.

Fact-checking systems are being deployed by Google and Facebook. Google has taken steps to eliminate monetization of various hate-related materials, especially in the case of YouTube videos. Google’s YouTube is also taking actions to prevent many hate and associated videos from appearing in “suggested video” listings, further limiting the reach of this vile content.

While it could be argued (and in fact I have argued) that much of this material should be removed from these platforms entirely under TOS rules, the paradigms of preventing the monetization of hate speech, and limiting its ability to surface for unsuspecting users who never asked to see it, appear to be useful approaches.

And if you visit the alt-right swamp sites, you’ll quickly see the panic ensuing over the realization that their income flows from the mainstream ad systems and ad networks are at serious risk.

Which brings us back to James Damore, who seems (likely unknowingly) to be playing a 2017 version of the unenviable role “Fool King for a Day” from the classic 1973 film “The Wicker Man.”

The alt-right doesn’t actually care about Damore of course. They see him as an easily disposable figurehead. He’s someone that they can use to amplify their ranting displeasure with Google’s finally taking reasonable actions to reign in the monetization of alt-right hate, lies, and other bile. He’s someone to carry high on a paper mache throne as they march on Google offices in a desperate attempt to regain their previous ability to leverage these platforms for their hate, lies, and other evils.

Some in the alt-right have already accurately concluded that their efforts in these regards will very likely fail, so they’re calling for their hate-brethren to create their own search and social media ecosystems — all hate all the time, as it were. Some such systems are already operational. To assist with their site branding, I’ll note that a serviceable Swastika is available as Unicode character U+534D (you might want to flip it over to match Third Reich standards, but that’s up to you).

I approve of such “all the rotten apples in a few barrels” approaches. 

I do not call for government censorship of their evil rants. If they wish to use their own systems for their vile propaganda, and solicit funds from like-minded creatures of the night, I have no objection, so long as the flow of click income from unsuspecting, ethical folks visiting mainstream sites has been eliminated.

Once you get above the treetops, the shape of the forest can be fairly straightforward to discern, and so it is with the war between the alt-right and Google.

Keep up the good work Google. We’re proud of you.

–Lauren–

Google Employees Are Being Targeted by Alt-Right Racists

In a post earlier today — Reactions to My Own “Google Manifesto” (https://lauren.vortex.com/2017/08/10/reactions-to-my-own-google-manifesto) — I noted the level of moronic, racist, antisemitic, and other alt-right bile that I’ve received in response to Here’s My Own Damned “Google Manifesto” (https://lauren.vortex.com/2017/08/09/heres-my-own-damned-google-manifesto), which was posted a day earlier.

Now I’m hearing from Googlers — Google employees, some of whom I’ve known for years — who feel physically threatened by the escalating situation triggered by the sexist proclamations of now fired Googler James Damore, who has allied himself with alt-right racists, and apparently is now comparing the well-paid, perk-rich jobs at Google with Soviet-era forced labor (at least if we judge from the newly featured “Goolag” t-shirt on what appears to be his new Twitter account — which is currently unconfirmed).

But it’s not this twisted clown that is of primary concern. Alt-right superstars are latching onto these circumstances in ways that threaten actual physical violence — which is of course in keeping with their Nazi heritage.

Individual Googlers who argued against Damore’s sexist manifesto — their identities made public when internal Google discussions were leaked — are being targeted by alt-right superstars and others in the alt-right ecosystem — in postings that have enormous readerships. Plans for potentially violent marches on Google offices have also been announced.

Back when I was consulting to Google several years ago, I never would have imagined that leaking of this sort or magnitude would ever take place, particularly leaks that could foreseeably trigger physical violence of the worst sort.

This is an intolerable state of affairs.

That we’ve reached this dangerous juncture is a direct consequence of normalizing racist, antisemitic, sexist hate groups thanks to the tacit support of Donald Trump and his white supremacist cronies.

And the tech industry overall bears responsibility as well. As a group we were far too slow to recognize that the racist and otherwise lying hate spew of “fake news” and false rhetoric — pouring forth from the “new” alt-right and traditional white supremacist groups — cannot safely be permitted to monetize or otherwise leverage our search and social media platforms to spread their filth.

For many years I’ve been battling against the prevalent attitude in tech that our job is just to build the systems and let the content fall where it may — “all content created equal” as it were.

All content is not equal. And by handing these groups our giant megaphones of servers, switches, and bandwidth, we are complicit in the monstrousness that has now been unleashed — not just here in the USA, but around the world.

We helped to release this evil genie from his bottle. As extraordinarily difficult as the task will be, it’s our responsibility to stuff him back inside.

–Lauren–

Reactions to My Own “Google Manifesto”

UPDATE (August 10, 2017): Google Employees Are Being Targeted by Alt-Right Racists

– – –

The now fired Google employee who wrote the now infamous sexist internal memo has been busy giving interviews to alt-right racists of the worst kind, where he’s spouting fake science of the same sort promoted by segregationists decades ago, and blaming everyone but himself for this situation.

Meanwhile, I’ve been reading the reactions to Here’s My Own Damned “Google Manifesto” that I posted less than 24 hours ago. Some of these are in various public venues, most are arriving in my inbox –(https://lauren.vortex.com/2017/08/09/heres-my-own-damned-google-manifesto).

We can leave aside for now the majority of these reactions — which agree with me that Google not only was correct to fire that jerk, but really had no ethical alternative to doing so. I appreciate these of course, but they don’t provide us with the really interesting data.

On the other hand, the negative reactions are most telling.

A relative few attempt to make reasoned arguments in favor of the ex-Googler, but of course fail miserably since the “science” arguments on which he based his rant are so fundamentally and completely flawed.

But polite disagreements are always welcome.

As you’ve no doubt surmised by now, the vast bulk of the disagreeing reactions were anything but polite.

It’s not just that they’re vile, crude, obscene, sexist, racist, antisemitic, threatening, and otherwise so despicable. What’s fascinating is how just plain stupid the authors appear to be.

Apparently most of them dropped out of school at third grade. Or perhaps its inbreeding. In any case, you’d be hard pressed to find a more illustrative collection of alt-right morons — incapable of correctly writing sentences even of just a few words, spelling skills roughly equivalent to your average brick, and of course “stuck” caps-lock keys. Many are unable to even spell common obscenities correctly. Sad!

Perhaps most amusing are the ones who incorrectly assume from my first name that I’m female (and have apparently never bothered to view my “official” photo — https://lauren.vortex.com/lauren.jpg), and so are not only using inappropriate obscene terminology for referencing me, but are also rudely and obscenely suggesting physically impossible personal interactions.

I don’t often quote the Bible, but Proverbs 13:20 seems appropriate here:

Walk with the wise and become wise,
for a companion of fools suffers harm.

In other words, you’re judged by the company you keep.

And given the sexists, racists, antisemites, and other alt-right lowlifes with which our ex-Googler has now allied himself, I’d assert that we’re getting a clearer picture every day of how deeply permeating this particular fool’s twisted belief structure has become.

One thing’s for sure. Google is well rid of him.

–Lauren–

Here’s My Own Damned “Google Manifesto”

UPDATE (August 10, 2017): Reactions to My Own “Google Manifesto”

– – –

I feel like vomiting. Since the saga of the leaked, sexist “manifesto” authored by a (most appropriately fired) ex-Google employee started to hit the media, I’ve been feeling increasingly ill.

Not just ill. Also depressed. And angry. The last is the worst. I don’t like to be angry. As the old TV meme says, you wouldn’t like me when I’m angry.

I’ve been writing about this for days and doing multiple radio interviews on the topic. Each time, I’m even more angry.

I don’t care much about the jerky ex-Googler himself, whom we now know performed a sexist skit at Harvard for which the administration formally apologized — making it clear that his sexist attitudes were not suddenly formed after he joined Google.

Nor do I care about his educational background — I’ve known great scientists who couldn’t punch their way out of a paper bag when it comes to understanding the real issues of people and social policies.

Hell, he’s still young, and perhaps he can still be salvaged.

Or perhaps not, given the example of a vile, 71-year-old sociopath, by all accounts a sexist and serial woman abuser since his youth, now splitting his time between playing President of the United States and playing golf while running up a historic leisure travel bill on the taxpayers’ dime.

So it’s not really the immature kid’s manifesto alone that is most sickening — it’s the reactions after it was leaked from Google that show the depths of depravity that creatures like Donald Trump have normalized.

It’s therefore not surprising that criminals and other alt-right, racist superstars of the worst sort have rushed to the defense of the fired Googler, and are proclaiming boycotts against Google.

Good luck with that, guys.

In fact, the racist, sexist, antisemitic Nazis and Nazi-wannabees — or in other words, a large percentage of Trump’s support base — have been increasingly pissed off at Google, Google’s YouTube, and other major Silicon Valley firms.

Why? Because observers (including myself) have been urging these firms to stop treating the lying, fake news, false propaganda spewing sites as if they were legitimate news or fact sources, and now the large search and social media firms are beginning to crack down on those endless spews of violent hate speech and the Russian-directed lie machines. It particularly irks the hate-complex when they can no longer monetize their filth or use major suggestion engines to try sucker in new converts.

In a horrid, ironic way we probably need to thank Trump for the fact that the dangers represented by the white supremacists and their assorted bands of cronies have finally became too obvious to be ignored, now that they’ve gone public after crawling out from under their rocks.

And I for one don’t care in the least how long it took for these major firms to finally act against them — the point is that actions are now being taken, and everyone who cares about keeping the USA great, and not permitting it to be flushed down the toilet of racist, sexist, alt-right sickos, should be supporting these ongoing anti-hate efforts.

The fired Googler case isn’t even a close call. His sexist manifesto was chocked-full of the same kind of fake science, fake extrapolations, garbage arguments that you can find virtually word for word in old essays arguing that blacks are inferior and unsuitable for technical jobs of any kind.

Disseminating that kind of garbage inside Google, without Google then taking action to condemn his screed, would have led to a toxic work environment — especially for women — that Google could not ignore. To NOT have fired him would have been absolutely wrong. He ended his own ability to effectively work in the team-oriented environment of Google going forward. He wrote what he wanted to write, but seemingly didn’t understand that one must be responsible for the consequences of your words on your coworkers.

Of course, the fact that the Nazi crowd has rallied around that author doesn’t mean that the problem is solely in their sphere.

That fact is that Google — like virtually all tech-oriented firms — has had diversity problems and has been working diligently to improve the diversity of their own workplace. That’s part of what makes the now fired Google employee’s manifesto so harmful — it was seemingly calculated to throw a monkey wrench into Google’s efforts in this regard.

And to be utterly clear about this, these diversity issues when it comes to women in the tech workplace have nothing whatever to do with “biology” as he claimed — but have everything to do with men treating women like dirt, as I’ve seen throughout my career and noted in: “Meet the Guys: The Jerks of Computer Science” – https://lauren.vortex.com/2017/02/27/meet-the-guys-the-jerks-of-computer-science

So these problems are not new, but we now face the specter of the alt-right racists and their ilk — cheered on by Donald Trump and his cronies — trying to turn back the clock to normalize or even expand conduct that is unacceptable in any civilized 21st century society.

There is no more middle ground. The time for neutral stances regarding sexism, racism, and associated hate leaders and hate groups has long since passed.

If you do not take a firm stance against such hate, you are by definition helping to pave the way for the expansion of its malignancies.

When firms like Google — imperfect as are we all — act to push back on sexism, racism, and other hate as in this case and more generally across their ecosystems — they should be strongly supported in those actions.

In a very real sense, we’ve reached the point where we each must decide if we’re absolutely and firmly opposed to alt-right and other hatemongers, or if we’re willing to continue tolerating them, and so in essence tacitly partnering with them. None of us can sit this one out.

Make your choice.

–Lauren–

Audio from My Radio Discussion About the Leaked Google “Diversity” Manifesto Controversy

Last night I spoke for several minutes on the national “Coast to Coast AM” radio program about the controversy over the Google employee who wrote an inflammatory internal post regarding Google’s diversity efforts, in which he asserted that women are biologically unsuited for technical work. That document was leaked from Google and has now become a global story.

The MP3 audio file of my interview for download is:

https://lauren.vortex.com/lauren-c2c-8-6-2017.mp3

or you can hear it directly via this player:

Brief segments of this clip at the beginning and end include discussion of an unrelated social media issue in the United Kingdom.

My full blog post regarding this Manifesto controversy is:

“A Googler’s Leaked Google ‘Diversity’ Manifesto — Lose-Lose-Lose” – https://lauren.vortex.com/2017/08/05/a-googlers-leaked-google-diversity-manifesto-lose-lose-lose

As always, my thanks to show host George Noory and the entire C2C team for so frequently providing me the opportunity to discuss the realities of technology and technology policy issues with their very large audience. Background information about the program is at: 

https://www.wired.com/2006/02/coast-to-coast-am-is-no-wack-job/

Be seeing you.

–Lauren–

A Googler’s Leaked Google “Diversity” Manifesto — Lose-Lose-Lose

UPDATE (August 9, 2017):  Here’s My Own Damned “Google Manifesto”

UPDATE (August 7, 2017):  Audio from My Radio Discussion About the Leaked Google “Diversity” Manifesto Controversy

– – –

The topic of the leaked — and already widely viewed and discussed — Google “diversity” document (an internal opinion “manifesto” authored by a single Googler, not a statement of Google policy) is sufficiently depressing that I’m already getting tired of the queries I’m receiving about it.

I view the leak itself as an extraordinarily serious breach of trust. This breach stands apart from a separate issue — was it appropriate for such a missive to have been written and disseminated even in Google’s extraordinarily frank and open internal discussion ecosystem? That discussion environment overall provides major benefits to Google and ultimately to its users.

While the issues are separate, they together create a cascade of damage, a true lose-lose-lose situation.

It seems impossible to tease out any positive aspects from the manifesto. Even if we leave aside its foundational and the other fallacies which permeate its structure, any reasonable, dispassionate observer would predict that such a document could only do damage — not only to individuals but potentially to Google itself if it was propagandized by Google Haters — which now indeed seems to be the case if I judge by various of the queries filling my inbox.

Enough such damage would have been done if the manifesto had stayed purely internal to Google. That such an inflammatory document might have been expected to have a significant risk of being leaked does not in any way excuse the leaking, which has poured a tanker car of gasoline onto the already blazing fire.

What perhaps saddens me the most about this situation is that I’ve seen similar twisted, sexist claims — as in that Googler’s manifesto — so many times over the years. For all our talk, for all our efforts, such malignant views continue to persist. In the age of negative role models from vile sociopaths like Donald Trump, they may even be expanding.

I touched on some of this several years ago in “Meet the Guys: The Jerks of Computer Science” (https://lauren.vortex.com/2017/02/27/meet-the-guys-the-jerks-of-computer-science) several years ago, and I am unconvinced that the situation described there has improved in any notable aspect to date.

And all of this — both the abominable manifesto itself and the leaking of same — gives me the strong urge to punch my fists into my screens and pray for the aliens to show up to put Earth out of its misery.

But we can’t always have a happy ending.

Be seeing you.

–Lauren–

Beware the Browser Extensions Privacy Trap!

There’s a story going around currently about a group of researchers who claim to have de-anonymized a variety of browser users’ search data. The fact that proper anonymization of data is a nontrivial task is quite well known. Sloppy “anonymization” can be effectively as bad as no anonymization at all.

But the interested observer might wonder … where did these researchers get their search data in the first place?

It turns out that the main source of this data are the individuals or firms behind third-party browser extensions and apps, which provide or sell the user data that they collect to data brokers and to other entities.

And so we open up a very big can of worms.

The major browsers (e.g., Google’s Chrome) provide various means for users to install extensions and applications (also known as “add-ons” or “plugins” or “apps”) to extend browser functionalities. While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by such add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained.

Ironically, some of these add-on extensions and apps claim to be providing more security, while actually undermining the intrinsic security of the browsers themselves. Others (and this is an extremely common scenario) claim to be providing additional search or shopping functionalities, while actually only existing to silently collect and sell user browsing activity data of all sorts.

The manner in which these apps and extensions end up being installed can be insidious, and relates to the fundamental complexity of the underlying security models, which are not understood by the vast majority of users, especially non-techie users. For the record, similar confusion exists regarding smartphone app security models, e.g. for Android.

The bottom line is that most users, faced with a prompt to install an extension or app that claims to provide useful functions, will simply grant the requested permissions, no matter how privacy and/or security invasive those permission actually are.

And why should we expect these users to do anything differently? Expecting them to really understand what these permissions mean is ludicrous. We’re the software engineers and computer scientists — most users aren’t either of these. They have busy lives — they expect our stuff to just work, and not to screw them over.

I recently helped an older Chrome user whom I know clean out their Chrome browser on Windows 10. As is routine for me, I used Chrome Remote Desktop for this purpose (please see: “Google Asked Me How I’d Fix Chrome Remote Desktop — Here’s How!” – https://lauren.vortex.com/2017/07/24/google-asked-me-how-id-fix-chrome-remote-desktop-heres-how).

He must have had 25 or 30 “crap” extensions installed that I needed to individually remove (some of which appeared to have been “slave” extensions installed by other “master” extensions). He claimed not to have knowingly installed any of them. Almost certainly, these were all prompted installations at sites he visited once or twice, with which he could have easily interacted without installing any of these add-ons at all.

But these sites push users very hard to install these privacy-invasive, data sucking extensions, and as noted above most users will grant requested permissions, implicitly assuming that they’re protected by the browser itself.

Underlying browser security models can complicate the situation. For example, one of the most common — and most easily abused — categories of permissions requested by extensions and apps is one that grants read and write access to all data at all websites you visit — or even that *plus* all data on your computer!

Now, here’s the kicker. While these sorts of permissions are the golden ticket for abuse by crooked and sloppy extensions or apps, there are many legitimate, well-written add-ons that also require such permissions to operate.

But how is the average user to make a reasonable determination in this context, faced with a site urging them to install an add-on that is being portrayed as necessary? Most users don’t have a site reputation database at hand for reference — they just want to get on with what they’re trying to do online.

I will note here that I know of various corporate environments where security policies absolutely prohibit the installation of apps or extensions with such broad permissions, with few if any exceptions (e.g. unless they’re of internal origin and have passed rigorous internal security and privacy audits).

I don’t have a brilliant “magic wand” solution to this set of problems.

Personally, I install as few browser extensions and apps as possible unless I am absolutely confident in the reputation of their origins, and I absolutely minimize the installation of any add-ons that require broad permissions either to websites or the local machines. Sometimes there are situations where an app or extensions looks very useful and enticing — but I still need to say “no go” to them the vast majority of the time.

One last thing. I urge you to check right now to see what extensions and/or apps you have installed, and remove the ones that you don’t need (or worse, don’t even recognize). For most versions of Chrome, you can do this by entering on your browser address bar:

chrome://extensions

and:

chrome://apps

On the extension list, a little trash can at the right is where you click to remove an extension. On the app list page (page select is at the bottom of that page), right click to access the menu that includes a “Remove from Chrome” entry. On Chrome OS, you may not be able to access the app page(s) using the link above. If the link doesn’t work in this case, click on the white circle in the bottom of screen toolbar to bring up the app page.

Is this all too complicated? Yep, it sure is.

Be seeing you.

–Lauren–