Lauren Weinstein's Blog

Have you ever had your Twitter account suspended or banned/terminated, either temporarily or permanently? If so I’d appreciate hearing from you, to better understand how equitably Twitter enforces its own Terms of Service.

Please submit your relevant Twitter experiences via the form at:

https://vortex.com/twitter-issues

Information submitted there will only be made public for related reports in aggregate form with other submissions and/or anonymously, unless you indicate that you are willing to be identified publicly.

Thanks very much for your assistance with this effort!

–Lauren–

UPDATE (1 July 2017): Trump Voting Commission vice chairman Kobach — who himself was fined $1000 by a judge about a week ago for misleading a court on a voting-related matter — is now reportedly claiming that data sent to the commission (the email address option provided for that purpose apparently doesn’t even currently use basic STARTTLS email encryption!), will be stored on a “secure” server and won’t be made public. This assertion directly contradicts the letter sent to states, which specifically says that the data will be made public! As for a “secure” federal server … give me a break! That data will be in the hands of Russia and China, and up for sale on the Darknet for identity fraud, faster than you can say “Trump University.”

– – –

Across the political spectrum, states are refusing to cooperate with the voter information request from Trump’s White House Voter Commission. As of yesterday, at least 25 states — including one that’s the home state of a commission member — are refusing the request in whole or part. 

Trump is upset. “What are they trying to hide?” he’s ranting. And for once in his damned life he’s right — but not for the reasons his micro-brain postulates. It’s actually not at all about Trump’s voter fraud fantasies, it’s all about basic privacy.

These states are indeed trying hide something — they’re trying to hide the private information of their citizens from the massive privacy abuses that would occur if that data were turned over to the commission!

I’ve been running my PRIVACY Forum mailing list — https://lists.vortex.com/mailman/listinfo/privacy — here on the Internet continuously for a quarter century. In that time, I’ve seen a wide range of privacy issues and problems — from the relatively trivial to the mind-blowingly disastrous. 

But (to paraphrase the great composer and playwright Meredith Willson), I’ve never seen anything in terms of sheer bang beat, bell ringing, big haul, great go, neck or nothin’, rip roarin’ stupidity in the privacy realm that rises to the level of the Trump commission data request. 

Let’s see what they asked for from all 50 states (and to be delivered within 16 days, by the way):

• Full first and last names of all registrants, middle names or initials
• Addresses
• Dates of birth
• Political party
• Last four digits of social security number
• Voter history (elections voted in) from 2006 onward
• Active/inactive status or cancelled status
• Information regarding any felony convictions
• Information regarding voter registration in another state
• Information regarding military status
• Overseas citizen information.

And they note:

Please be aware that any documents that are submitted to the full Commission will also be made available to the public.

Bozo’s nose is flashing red! The privacy abuse meter just pinned over against the right-hand peg in the danger zone! The self-destruct announcement lady has started her countdown!

The commission’s request is insanity. And their offhand mentioning that the data will be made public (perhaps to encourage “vigilante” actions using that data?) takes that insanity and accelerates it to warp speed.

It’s truly mind-boggling. Much of that data is exactly the sorts of information that are primary fodder for privacy abuses. How often are you asked for your date of birth or last four digits of your SSN to identify yourself? Yeah, one hell of a lot!

And contrary to what the supporters of this outrageous data request are now asserting, much of that data is not public in the first place, and has specific usage and distribution restrictions placed on it by state laws when it is made available. Making that data openly available in the manner that the commission describes would in many cases be a direct violation of law. Lock them up!

For example, here in California, Title 2, Division 7, Article 1 section 19005 of the California Administrative Code specifies that:

No person who obtains registration information from a source agency shall make any such information available under any terms, in any format, or for any purpose, to any person without receiving prior written authorization from the source agency. The source agency shall issue such authorization only after the person to receive such information has executed the written agreement set forth in Section 19008.

And the code further specifies the specific ways that data obtained under this section can and cannot be used, which obviously could not be enforced under the commission’s public data dump paradigm.

The manners in which this kind of data could be abused — both by the federal government and by anyone else who gained unrestricted access to this trove after the commission made it public — would be immense. Not only are the individual information elements subject to abuse, but the ways in which this data could be combined with other personal data from other sources creates a privacy nightmare deluxe. 

If a private firm proposed to handle personal data this way, they’d be crucified.

There are of course many reasons to suspect — and various states have been saying this in no uncertain terms — that the real purpose of Trump’s commission is to devise new mechanisms for the GOP to deploy for voter suppression. I agree with this analysis.

But leaving that aside — purely from a privacy abuse standpoint the commission’s data request is beyond stupid, beyond inane, beyond dangerous — but indeed what we might have expected from a commission working for this particular Commander-in-Chump.

The states are right to push back hard against the commission’s utterly intolerable data request. And the mere fact that such an inept, idiotic, and privacy busting request was made in the first place is yet another proof that Trump’s Voter Commission is just another inept Donald Trump fraud.

–Lauren–

–Lauren–

Today the Canadian Supreme Court ordered Google to remove search results that the Court doesn’t feel should be present. The court demands that Google remove those results not just for Canadian users, but for the entire planet. That’s right, Canada has declared itself a global Google censor.

I’ve been predicting for many years this move toward global censorship imposed by domestic governments. I suspected all along that attempts by Google to mollify government censorship demands through the use of geoblocking would never satisfy countries that have the sweet taste of censorship already in their authoritarian mouths — no matter if they’re ostensibly democracies or not. Censorship is like an addictive drug to governments — once they get the nose of the censorship camel under the tent, the whole camel will almost always follow in short order.

The EU has been pushing in the global censorship direction for ages with their awful “Right To Be Forgotten.” Countries like France, China, and Russia have been even more explicit regarding their desires for worldwide censorship powers. And frankly, it’s likely that nearly every nation will begin making the same sorts of demands once the snowball is really rolling — even here in the USA if politicians and courts can devise practical end runs around the First Amendment.

The ramifications are utterly clear. It’s a horrific race to the lowest common denominator bottom of censorship, with ever escalating demands for global removal of materials that any given government finds objectionable or simply inconvenient to the current president, or prime minister, or king, or whomever.

Ultimately, the end result is likely to be vast numbers of Google Searches that return nothing but blank white pages no matter where in the world that you reside.

My dream solution to such global censorship demands would be cutting off those countries from associated Google services. With enough righteous indignation, perhaps we could get Facebook, Twitter, and other major platforms to join the club.

I tend to doubt that these firms would have too much to worry about from a financial standpoint in this regard. The perhaps billions of users suddenly cut off from Google Search and their daily fixes of social media are unlikely to tolerate the situation for very long.

Short of this approach, there are other possible ways to fight back against global censorship. Feel free to ask me about them.

I’ve actually gone into much more detail about all of this in those many past posts that I alluded to above, and I’m not going to try dig out the numerous links for them here. Stuff my name into the Google Search bar along with terms like “censorship” or “right to be forgotten” and you’ll get a plethora of relevant results.

That is, until some government orders those search results to be removed globally from Google.

Be seeing you. I hope.

–Lauren–

The best phrase that immediately comes to mind regarding the European Union’s newly announced $2.7 billion fine against Google is “A giant load of bull.” Google is far from perfect, but the EU has a long history of specious claims against Google, and this is yet another glaring example.

EU politicians and bureaucrats — among the most protectionist and hypocritical on the planet — see Google as a giant piggy bank, an unlimited ATM machine. The EU wants the easy money, rather than admitting that so many of their own business models are stuck in the 20th (or in some cases the 19th!) century.

The EU is demanding “search equality” — but there’s nothing wrong with Google’s search result rankings, which exist to best serve Google users, not the EU government’s self-serving agenda.

And that’s the key: Where are all the ordinary Google users complaining about Google’s shopping search results rankings? You can’t find those users, because anyone who prefers using non-Google sites is absolutely able to do so at any time. Google services rank so highly in search because users prefer them. Yep, free choice!

The European Union in its typical way is treating the citizens of its member countries like children, who it feels are so ignorant that Big Mommy EU has to dictate how they use the Internet. Disgusting.

I find myself increasingly thinking that we may have more to fear from EU control of the Net than we would from even Russia or China. At least the leaders of those latter two countries are pretty upfront about their attitudes toward the Internet, however totalitarian they might be.

But the EU has its own authoritarian, “information control” mindset as well, in their case painted over with a thin and rotting veneer of faked liberalism.

When actions are taken against Google like what has happened today, the EU’s mask of respectability slips off and shatters onto the ground into a million shiny shards, revealing the EU’s true face — leering with envy and avarice for the entire world to see.

–Lauren–

Earlier today over on Google+ I posted another (relatively minor) example of Google’s horrible low contrast user interfaces (YouTube image at the bottom of this post — how do you find the “How do I find it?” link?) and I suggested that this continuing behavior by Google could be seen as a form of discrimination against persons with less than perfect vision. (Please see: “Does Google Hate Old People?”: https://lauren.vortex.com/2017/02/06/does-google-hate-old-people — for one of my earlier more detailed discussions. Also “Google and Older Users”: https://lauren.vortex.com/2017/03/14/google-and-older-users — where I discuss the need for a dedicated Google employee to focus on this area.)

Every damned time I write about this topic, my inbox starts to fill with new horror stories related to issues with Google user interfaces in these contexts, that do in some cases seem to cross the threshold into discrimination, at least in an ethical sense if not a legal one.

And I certainly get plenty of people who contact me and bring up the ADA (Americans with Disabilities Act) as relates to Google.

Thankfully, I’m not a lawyer. But readers who are lawyers have not infrequently asked me regarding any interest that I might have in participating in a class action lawsuit related to Google regarding “discriminatory” user interface and related issues.

My response has always been negative. I much prefer to keep courts out of largely technical policy matters — the thought of them trying to micromanage user interfaces makes me rather nauseous.

Yet the probability of some group moving ahead with legal action in these regards seems to be increasing dramatically as Google’s user interfaces overall — plus documents, blogs, and various other display aspects — keep getting worse in terms of the disadvantaged categories of users. Nor is the fact that most Google users are not paying for Google services necessarily a useful defense — Google has become integral to the lives of much of this planet’s population.

My premise has been that Google doesn’t actually hate older users (or other users negatively affected by these issues). Not hate them per se, anyway.

However, I’m forced to agree that Google’s attitude can certainly be interpreted by many observers as a form of hate, even if characterized by a form of neglect rather than direct action.

It has long seemed the case that Google concentrates on users in Google’s perceived key user demographics, putting much less care into users who fall outside of that focus — even though the latter represents vast (and rapidly increasing) numbers of users.

Nor do I sense that this is a problem with “rank-and-file” Googlers — many of whom I know and who are great and caring people. Rather, it seems to me that the problematic attitudes in these respects are generally sourced at Google’s executive and in some cases program manager levels, who of course set the ground rules for all Google products and services.

Either way, Google’s growing vulnerabilities to legal actions related to these situations seems clear, as these problems continue spreading across the Google universe.

While it could certainly be argued that more easily readable and usable user interfaces and reference pages would benefit all users, Google need not necessarily abandon their new “standard” interfaces with their low contrast fonts in order to solve these problems. I’ve in the past suggested the possibility of a high-readability, easier use “accessibility” interface that would exist as a user selectable option alongside the standard one. And I’ve proposed consideration of interface “APIs” that would permit third parties to write specialized interfaces to help specific groups of Google users.

None of these concepts have apparently seen any traction though, and Google seems to be barreling ahead with changes that are only making matters worse for these user groups who are already being driven bats by various aspects of Google’s design choices.

I would enormously prefer that Google take the ethical stance and move forward toward solving these problems itself. Yes, this requires nontrivial resources — but Google does have the capabilities. What they seem to be lacking right now is the will to do the right thing in these regards.

If this continues to be the case, the odds are that the courts will indeed ultimately move in. And that’s an outcome that I’m unconvinced will be a good one for either Google or its users.

–Lauren–

Google has announced that beginning later this year, they will no longer scan or otherwise use messages in their free Gmail system for ad personalization purposes (this is already the case for their paid Gmail (G Suite) product.

This is a good decision to help undercut the Google haters’ false propaganda, but let’s be clear — this Gmail message scanning was always utterly harmless.

The controversies about Gmail scanning were ginned up by greedy lawyers and Google adversaries, with Microsoft’s lying and widely discredited (and now discontinued) “Scroogled” anti-Google propaganda campaign playing a significant “fake news” disinformation role (well before the term “fake news” became popular).

In fact, Gmail scanning has been closely akin to scanning for viruses and spam in messages. No humans were ever actually “reading” Gmail messages for ad personalization purposes, and the scanning that has occurred has been solely to find keywords that would help show relevant ads to any given user. 

Advertisers have never had access to this data — their ads are shown by Google without personal information being made available to those advertisers at all. One of the continuing “big lies” that Google haters propagate is the claim that Google sells their users’ personal information to third parties. They don’t. But a lack of understanding by many Google users of how Google’s ad systems actually work (Google could indeed be better at explaining this clearly) helps to feed such dramatic and completely false notions. 

The bottom line is that Gmail scanning has never posed a privacy risk, but since entirely stopping Gmail scanning puts a final nail in the coffin of these fake abuse claims, it’s an excellent move by Google. Good work.

–Lauren–

The phrase “Like a lamb to slaughter” originates from biblical times. And it when comes to the rising chorus of politicians demanding an end to public availability of strong, end-to-end encryption, it’s we law-abiding citizens who are the lambs about to have our throats cut — by our own leaders.

Every time there’s a terrorist attack, politicians around the world (including here in the USA) are back in front of the cameras demanding government access to our private encrypted communications.

Make no mistake about it, these leaders might as well be on the payroll of the terrorists and other criminal organizations, because such demands if implemented would sell us all down the river, and make our lives vastly more dangerous.

We are far, far more at risk from these politicians wrecking our communications security than we are from terrorists and other criminals themselves in the absence of such weakened technology.

Our lives are increasingly utterly dependent on the security of computer-based communications systems, and this is true even for persons who’ve never touched a computer keyboard or a smartphone.

Our financial and so many other aspects of our personal lives are intertwined with the security and sanctity of strong encryption, and for persons living under the thumb of repressive regimes, their mortal lives themselves hang in the balance when communications security becomes compromised.

Let’s be utterly clear about this. When you’re told that it’s possible to give governments access to our secure communications without fatally weakening the underlying encryption systems, you are being told a lie, plain and simple.

The very act of building a “backdoor” into these systems fundamentally weakens them, putting honest citizens at enormous risk not only for government abuses and mistakes, but also for attacks by black-hat hackers, terrorists, and other criminals of all sorts who will find ways to exploit these government-mandated flaws.

Meanwhile, terrorists and other criminals won’t sit back and use these horrifically compromised communications systems. They’ll move to existing and under development strong end-to-end encryption systems without backdoors — independent apps that are impossible for governments to effectively control.

Government demands for backdoor access to encryption are a disaster for everyone but the evil forces that these politicians claim will be destroyed.

If one assumes for the sake of the argument that our leaders aren’t actually in league with such heinous entities, one is also forced to assume that either these politicians are getting terrible technical advice — or most likely of all — are simply ignoring the known facts in furtherance of pandering and sowing fear for political gains, regardless of the negative consequences on all of us.

Of course, even though governments might try to ban such use, in practice it would likely prove extremely difficult to stop honest, law-abiding citizens from using independent, non-backdoored strong crypto apps themselves — just like evil is sure to do.

Governments don’t like to contemplate honest persons taking such independent steps to control their own destinies. Politicians by and large prefer to think of us like those sheep.

Whether or not our leaders are accurate in such a characterization, is ultimately our decision, not theirs.

–Lauren–

In my March blog posts — “How YouTube’s User Interface Helps Perpetuate Hate Speech” (https://lauren.vortex.com/2017/03/26/how-youtubes-user-interface-helps-perpetuate-hate-speech), and  “What Google Needs to Do About YouTube Hate Speech” (https://lauren.vortex.com/2017/03/23/what-google-needs-to-do-about-youtube-hate-speech), I was quite critical of how Google is handling certain aspects of their own Terms of Service enforcement on YouTube.

In “Four steps we’re taking today to fight online terror” (https://blog.google/topics/google-europe/four-steps-were-taking-today-fight-online-terror/), Google’s General Counsel Kent Walker (a straight-arrow guy whom it’s been my pleasure to meet) announced YouTube changes aimed at dealing more effectively with extremist videos and hate speech more broadly.

Key aspects of these changes appear to be in line with my public suggestions — in particular, faster takedowns for extremist content, and disqualification of hate speech videos from monetization and “suggested video” systems, are excellent steps forward.

I would prefer that hate speech videos not only be demonetized and “hidden” from suggestions — but that they’d be removed from the YouTube platform entirely. I am not at this point fully convinced that sweeping that kind of rot “under the carpet” — where it can continue to fester — is a practical long-term solution. However, we shall see. I will be watching with interest to determine how these policies play out in practice.

As I’ve noted in earlier posts, I also feel strongly that Google needs to make it more “in your face” obvious to YouTube users that they can report offending videos. I had previously mentioned that the YouTube “Report” link — that years ago was on the top-level YouTube user interface — seemed to have returned to that position (at least for YouTube Red subscribers) after a long period being buried under the top level “More” link. At the time, I speculated that this might only be an ephemeral user-facing experiment, and in fact for me at least the “Report” link is again hiding under the “More” link.

I’ve discussed this problem before. Users who might otherwise report an offending video are much less likely to do so if a “Report” link isn’t obvious. I acknowledge that one possible reason for “hiding” the “Report” link is concerns about false positives. Indeed, in Kent’s post today, he mentions the high accuracy of YouTube “Trusted Flaggers” — which suggests that my speculation in this regard (about reports from users overall) was likely correct. In any case, I still feel that a top-level user interface “Report” link is a very important element for consideration.

While I do feel that there’s more that Google needs to do in various of these regards concerning extremist and hate speech, I am indeed cognizant of their understandable desire to move in carefully calibrated steps given the impact of any changes at Google scale. And yeah, I’m indeed pleased to see Google moving these issues in the overall direction that I’ve been publicly urging.

My kudos to the associated Google/YouTube teams — and we’ll all be watching to see how these changes play out in the fullness of time.

Be seeing you.

–Lauren–

Google says they will no longer show the +1 count on external G+ buttons — like I have on all of my blog postings. Without the +1 count, these buttons are largely useless, and I will probably remove all G+ buttons from my posts to recover that space, and urge other sites to do the same. I’m sorry, Google, this one is extremely boneheaded.

I’ll bet I know why they’re doing it — Google is probably embarrassed by the relatively low counts vis-a-vis Facebook. But I support G+ and not Facebook because I consider G+ to be a superior platform, and this decision by Google is just inane.

–Lauren–

This post in PDF format:
https://vortex.com/google-ombudsman-2017-06-12.pdf

– – –

Despite significant strides toward improved public communications over the years, Google is still widely viewed — both by users and by the global community at large — as an unusually opaque organization.

Google does provide a relatively high level of communications — including customer support — for users of their paid services. And of course, there’s nothing inherently unreasonable with Google providing different support levels to paying customers as compared to users of their many free services.

But without a doubt, far and away, Google-related issues that users bring to me most frequently still relate to those users’ perceived inabilities to effectively communicate with Google when they have problems with Google services (usually free but frequently paid), and these are services that vast numbers of persons around the world now depend upon for an array of crucial aspects in their businesses and personal lives. These problems can range from minor to quite serious, sometimes with significant ongoing impacts.

Similarly and related, user and community confusion over both the broad and detailed aspects of various Google policies remains widespread, in some cases not significantly improved over many years.

The false assumption that Google sells user data to third parties remains rampant, fueled both by basic misunderstandings of Google’s ad technologies, and by Google competitors and haters — who leverage Google’s seemingly institutional public communications reluctance — filling the resulting vacuum with misinformation and false propaganda. Another of many examples is the continuing unwillingness of many users to provide account recovery and/or two-factor verification phone numbers to Google, based on the unfounded fear of those numbers being sold or used for other purposes. Confusion and concerns related to YouTube policies are extremely widespread. And the list goes on …

While Google’s explanatory documents have significantly improved over time, they often are still written at technical levels beyond the understanding of major subsets of users.

Significant and growing segments of the Google user population — including older and other special needs users who increasingly depend on Google services — feel left behind by key aspects of Google’s user interfaces — with visual designs (e.g. perceived low contrast layouts), hidden interface elements, and other primary usability aspects of growing concerns and angst.

These and other associated factors serve to undermine user trust in Google generally, with significant negative regulatory and political ramifications for Google itself, not only in the USA but around the world. This is all exacerbated by Google’s apparently deeply ingrained fear of “Streisand Effect” reactions to public statements.

It has frequently been noted that many organizations employ an “ombudsman” (or multiple persons fulfilling similar roles under this or other titles) to act as a form of broad, cross-team interface between individual corporate and/or team concerns and the concerns of the user community, typically in the contexts of products, services, and policy issues.

Google has apparently been resistant to this concept, with scalability concerns likely one key factor.

However, this perceived reaction may suggest a lack of familiarity with the wide range of ways in which ombudsman roles (or similar roles otherwise titled) may be tailored for different organizations, toward the goal of more effective communications overall.

An ombudsman is not necessarily a form of “customer support” per se. An employee filling an ombudsman role need not have any authority over decisions made by any teams, and may not even interact with users directly in many circumstances.

The ombudsman may be tasked primarily with internal, not external communications, in that they work to help internal teams understand the needs of users both in terms of those individual teams and broader cross-team scopes. In this context, their contribution to improved, effective public communications and perceptions of a firm are more indirect, but can still be of crucial importance, by helping to provide insights regarding user interactions, broader policies, and other issues that are not limited to individual teams’ everyday operational mandates.

An ombudsman can help teams to better understand how their decisions and actions are affecting users and the overall firm. The ombudsman may be dealing with classes and categories of user issues, rather than with individual users, yet the ombudsman is still acting as a form of liaison between users, individual teams, and the firm as a whole.

There are of course myriad other ways to structure such roles, including paradigms that combine internal and public-facing responsibilities. But the foundational principle is the presence of a person or persons whose primary responsibilities are to broadly understand the goals and dynamics of teams across Google, the scope of user community issues and concerns, and to assist those teams and Google management to better understand the associated interdependent dynamics in terms of the associated problems and practical solutions — and then help to deploy those solutions as appropriate.

Google’s users, the community at large, and Google itself would likely significantly benefit.

–Lauren–

In my “Questions I’m Asked About Google” #1 live video stream (https://vortex.com/google-1) a few days ago, I emphasized the importance of protecting Google Accounts with Google’s excellent 2-factor authentication system.

In response I’ve received a bunch of queries from Google users who do not understand how to set this up or use it, even though they very much want to.

These concerns fall into a number of categories. Even though I explained that it’s safe to give your phone number to Google — Google won’t abuse it — many users are still resistant, and note that they do not see a way to activate Google 2-factor protection for other authentication mechanisms (e.g. Google Authenticator App and/or Backup Codes) without first providing their phone number information.

Others want to use their existing (non-Google) mail programs after activating Google 2-factor, but are utterly confused by Google’s “application-specific passwords” system that is required to do so.

When you’re trying to get users to take advantage of the best possible security, and have successfully convinced them that this is a good idea, but your documentation is still written in a way that many non-techie users dependent on your services cannot readily understand — you have a serious problem.

Despite positive strides at Google in terms of help center and other documentation resources, Google is still leaving vast numbers of their users behind.

Google can do better.

–Lauren–

The White House has announced that the audio recording of the dinner meeting that occurred between President Donald J. Trump and then FBI Director James Comey was accidentally deleted by Eric Trump when he inadvertently recorded an episode of “Stormfront News” over the meeting audio. However, the White House is now pleased to make available a 100% accurate, verbatim transcript of that meeting that had already been prepared. In this transcript, The President of the United States Donald J. Trump is shown by P:, and James Comey is shown by C:.

P: Jim, come right in over here next to me! C’mon, closer. Give me a big hug! So glad you could make it!

C: Thank you Mr. President. It’s a tremendous honor to be here. You know how much I’ve admired you for so many years. I was beginning to become concerned when you didn’t return any of my many calls asking to keep my job as FBI Director. I feared that you didn’t want to talk to me any more and that my position was in jeopardy.

P: Nonsense Jim. You know how I feel about you. I’ve just been extremely busy. Running this great country leaves me no time for any recreation, any fun — it’s the toughest job in the world and it’s all work. Let’s sit down over here at this small, intimate table and get started with dinner. Would you prefer the Filet-O-Fish or the McNuggets?

C: The fish would be just fine, Mr. President.

P: Here you go, Jim. Take two ketchup packets. I can manage with only one.

C: Thank you, Mr. President. The stories I’ve heard about your generosity are obviously true.

P: Sorry there are no fries. I think Sean stole them from the bag.

C: No problem, sir.

P: Now Jim, I know you’re desperate to keep your job as FBI Director, and I want to be clear that I don’t expect anything from you in return for staying in that position.

C: That makes me feel much better, sir.

P: In particular, all those faxes you sent me offering your personal loyalty were totally unnecessary. All I expect from you is loyalty to the United States of America. I don’t matter at all. It’s this wonderful, diverse country and its wonderful, multicultural citizens that we care about. The vast cornucopia of diversity that makes the United States of America like the proverbial shining city on the hill.

C: You have such a wonderful way with words, Mr. President. You certainly have the best words.

P: Thanks Jim. And I want you to take all of your investigations wherever they need to go. If they lead to Vladimir, or Eric, or Ivanka, or Jared, or Flynn — I don’t want you to back off by one tiny iota. If they’re guilty, they’re guilty, and should be treated like every other simple, ordinary person just like me. I expect you to aspire to my ethical standards, and apply those lofty heights to your daily work at the FBI, just as I’ve applied them every day in my own businesses.

C: That’s a very tall order Mr. President. I’m not sure that I’m enough of a man to meet your standards.

P: I have faith in you, Jim. Now get back to your office and make me proud.

C: I’ll do my best, sir. And thank you, sir. You’re a great human being.

— End of Recording —

– – –

–Lauren–

Well, this is interesting. Shortly after I yesterday announced my new “Questions I’m Asked About Google” live video streams — still currently scheduled to launch 10:30 AM PDT (GMT-7, 17:30 UTC) tomorrow morning (June 7) — than my main inbox began flooding with anti-Google hate mail. It can’t be coincidental, and some of it appears to be coordinated.

For more information about this new live streaming effort, including links for viewing, asking questions, and directly participating, please see:

https://lauren.vortex.com/2017/06/05/announcing-questions-im-asked-about-google-live-video-streams

I had been debating whether or not I should address (e.g. “rant”) at the start of these streams about current crazy stories attacking Google. Now I don’t see how I can reasonably avoid doing this. OK, if that’s the way it’s gotta be!

Two of the beauts I’m considering touching on tomorrow morning relate to this email deluge over the last 24 hours.

One is messages I’m receiving about an article on a wacko (but relatively major) anti-Muslim site, that usually spends much of their time trying to sell the false story that Google Search “favors” Islam. Well, now they’re even upset about Google Doodles.

They claim that Google celebrated the oppression of women with a home page Doodle of a “Disneyfied veiled Muslima” on 31 May. So I had to go back and dig this one up.

Typical fake news bull being passed around as if it were real. The Doodle in question showed a representation of famed female architect Zaha Hadid, who won the Pritzker Architecture Prize on that day in 2004. And she’s not wearing a veil.

Not even close, anti-Muslim idiots.

Then I started digging through all the hate mail being triggered by an inflammatory new article in “The Intercept” (nope, I’m not giving them any link juice!) which falsely asserts evil in Google’s plans for an ad blocking system for obnoxious ads (to be deployed in their Chrome browser), in conjunction with their upcoming full launch of “Funding Choices” (which is actually a direct descendant of their now discontinued “Google Contributor” system).

Unfortunately, Google (as is all too typical with them in many cases) has not explained this very well, which creates a vacuum that deceptive articles like those from “The Intercept” fill with their own propaganda, and then the false conspiracy theories take flight en masse.

So I guess I’ll probably need to touch on this area as well tomorrow morning.

Yep, we’ll see how it goes. Please let me know if you have any questions and/or wish to participate, and again for more info (including possible scheduling provisos), please see:

https://lauren.vortex.com/2017/06/05/announcing-questions-im-asked-about-google-live-video-streams

Thanks all.

–Lauren–

–Lauren–

As I’ve noted many times, Google has world-class security and privacy teams. Great people.

But at least judging from the Google-related queries I get in my inbox every day, Google’s expanding efforts to warn users about perceived security issues are sowing increasing confusion and in some cases serious concerns, especially among nontechnical users who depend upon Google’s products and services in their daily lives.

A new example popped up today that I’ll get to in a moment, but I’ve been discussing these issues for quite a while, e.g.:

“When Google’s Chrome Security Warnings Can Do More Harm Than Good” –https://lauren.vortex.com/archive/001157.html

and:

“Here’s Where Google Hid the SSL Certificate Information That You May Need” –
https://lauren.vortex.com/2017/01/28/heres-where-google-hid-the-ssl-certificate-information-you-may-need

In a nutshell, Google’s continuing efforts at increasing user security — while utterly justifiable at the technical level — continue to marginalize many users who don’t really understand what Google is doing, are confused by Google’s security and other warnings, can’t effectively influence websites with “poor” security to make security improvements, and have no alternatives to accessing those sites in any case.

These are real people — I believe many millions of them — and I do not believe that Google really understands how important they are and how Google is leaving them behind.

Today brought yet another illustrative example that yes, even confused me for a time.

It involves cat food.

A friend forwarded me an email from PetSmart that included a link for an individualized 30% off coupon that they intended to use to buy cat food. That’s a damned good coupon, especially for those of us who aren’t rolling in dough. I wish I had a coupon like that today for Leela the Siamese Snowshoe.

The concern with this email was that every time the user clicked on the link in Gmail to access the site where the coupon could be printed, Gmail popped a modal security warning:

“Suspicious link – This link leads to an untrusted site. Are you sure you want to proceed to click email-petsmart.com?”

You can see a screenshot at the bottom of this post.

The obvious questions: What the hell does “suspicious link” mean in this context? What does Google mean by “untrusted site” in this scope?

There are no links to explanations, and if you Google around you can find lots of people asking similar questions about this class of Gmail warning, but no definitive answers, just lots of (mostly uninformed) speculation.

So I spent about 15 minutes digging this one down. Is email-petsmart.com a phishing domain targeting PetSmart users? Apparently not. It’s registered to ExactTarget, Inc. and has been registered since 2012. So while there’s no obvious authoritative mention of PetSmart there, my experience leads me to believe that they’re most likely a legit marketing partner of PetSmart, providing those emails and coupon services.

Of course, I still have no information about why Google is tagging them as suspicious. Is it the lack of https: security on the URL? Is it some aspect of their email-petsmart naming schema?

Damned if I know. Google isn’t telling me. And how would the average non-techie be expected to unravel any of this?

I told the user to go ahead and click the link. They got their coupon. Their kitties should be happy.

I’m not happy.

In the real world, most users don’t understand this stuff at the level they need to make truly informed decisions. So they’re forced — simply to get on with their lives every day — to click through such warnings blindly, to get to where they need to go.

And make no mistake about it, these kinds of scenarios are teaching these users absolutely abysmal security habits.

Google is terrific at tech. But Google is still struggling when it comes to understanding the broad range of their users and those users’ needs — particularly the non-techies — and especially how to communicate with those users effectively.

Google can do much better.

–Lauren–

Within hours of the terrible terrorist attack in Manchester earlier this week, UK politicians were already using the tragedy as a springboard to push their demands that Internet firms cripple their encryption systems and deploy a range of other Orwellian measures that would vastly weaken the privacy and security of honest citizens — while handing terrorists and other criminals the keys to our private lives, including our financial and other personal information.

This same thuggish mindset is taking root in other parts of the world, often combined with hypocritical “data localization” requirements designed to make individual nations’ citizens as vulnerable as possible to domestic surveillance operations.

There are basically four ways in which firms can react to these draconian government demands.

They could simply comply, putting their users at enormous and escalating risk, not only from government abuse but also from criminals who would exploit the resulting weak encryption environments (while using “unapproved” strong encryption to protect their own criminal activities). We could expect some firms to go this route in an effort to protect their financial bottoms lines, but from an ethical and user trust standpoint this choice is devastating.

Firms could refuse to comply. Litigation might delay the required implementation of crippled encryption, or change some of its parameters. But in the final analysis, these firms must obey national laws where they operate, or else face dramatic fines and other serious sanctions. Not all firms would have the financial ability to engage in this kind of battle — especially given the very long odds of success.

Of course, firms could indeed choose to withdraw from such markets, perhaps in conjunction with geoblocking of domestic users in those countries to meet government prohibitions against strong encryption. Pretty awful prospects.

There is another possibility though — that I’ll admit up front would be highly controversial. Rather than crippling those designated encryption systems in those countries under government orders, firms could choose to disable those encryption systems entirely!

I know that this sounds counterintuitive, but please hang with me for a few minutes!

In this context we’re talking mainly about social media systems where (at least currently) there are no government requirements that messages and postings be encrypted at all. For example, we’re not speaking here of financial or medical sites that might routinely have their own encryption requirements mandated by law (and frankly, where governments usually already have ways of getting at that data).

What governments want now is the ability to spy on our personal Internet communications, in much the same manner as they’ve long spied on traditional telephone voice communications.

An axiom of encryption is that in most situations, weak encryption can be much worse for users than no encryption at all! This may seem paradoxical, but think about it. If you know that you don’t have any encryption at all, you’re far more likely to take care in what you’re transmitting through those channels, since you know that they’re vulnerable to spying. If you believe that you’re protected by encryption, you’re more likely to speak freely.

But the worst case is if you believe that you’re protected by encryption but you really aren’t, because the encryption system is purposely weak and crippled. Users in this situation tend to keep communicating as if they were well protected, when in reality they are highly vulnerable.

Perhaps worse, this state of affairs permits governments to give lip service to the claim that they favor encryption — when in reality the crippled encryption that they permit is a horrific security and privacy farce.

So here’s the concept. If governments demand weak encryption, associated legal battles have ended, and firms still want to serve users in the affected countries, then those firms should consider entirely disabling message/posting encryption on those social media platforms in the context of those countries — and do so as visibly and loudly as possible.

This could get complicated quickly when considering messages/posts that involve multiple countries with and without encryption restrictions, but basically whenever user activities would involve nations with those restrictions, there should be warnings, banners, perhaps even some obnoxious modal pop-ups — to warn everyone involved that these communications are not encrypted — and to very clearly explain that this is the result of government actions against their own citizens. 

Don’t let governments play fast and loose with this. Make sure that users in those countries — and users in other countries that communicate with them — are constantly reminded of what these governments have done to their own citizens.

Also, strong third-party encryption systems not under government controls would continue to be available, and efforts to make these integrate more easily with the large social media firms’ platforms should accelerate.

This is all nontrivial to accomplish and there are a variety of variations on the basic concept. But the goal should be to make it as difficult as possible for governments to mandate crippled encryption and then hypocritically encourage their citizens to keep communicating on these systems as if nothing whatever had changed.

We all want to fight terrorism. But government mandates weakening encryption are fundamentally flawed, in that over time they will not be effective at preventing evildoers from using strong encryption, but do serve to put all law-abiding citizens at enormous risk.

We must resist government efforts to paint crippled encryption targets on the backs of our loved ones, our broader societies, and ourselves.

–Lauren–

 

Within hours of Google announcing their new “Store Sales Measurement” system, my inbox began filling with concerned queries. I held off responding on this until I could get additional information directly from Google. With that now in hand I feel comfortable in addressing this issue.

Executive Summary: I don’t see any realistic privacy problems with this new Google system.

In a nutshell, this program — similar in some respects to a program that Facebook has been operating for some time — provides data to advertisers that helps them determine the efficacy of their ads displayed via Google when purchases are not made online.

The crux of the problem is that an advertiser can usually determine when there are clicks on ads that ultimately convert to online purchases via those ads. But if ads are clicked and then purchases are made in stores, that information is routinely lost.

Our perception of advertising has always been complex — to call it love/hate would be a gross understatement. But the reality is that all of this stuff we use online has to be paid for somehow, even though we’ve come to expect most it to be free of direct charges.

And with the rise of ad blockers, advertisers are more concerned than ever that their ads are relevant and effective (and all else being equal, studies show that most of us prefer relevant ads to random ones).

Making this even more complicated is that the whole area of ad personalization is rife with misconceptions.

For example, the utterly false belief that Google sells the personal information of their users to advertisers continues to be widespread. But in fact, Google ad personalization takes place without providing any personal data to advertisers at all, and Google gives users essentially complete control over ad personalization (including the ability to disable it completely), via their comprehensive settings at:

https://www.google.com/settings/ads

Google’s new Store Sales Measurement system operates without Google obtaining individual users’ personal purchasing data. The system is double-blind and deals only with aggregated information about the value of total purchases. Google doesn’t learn who made a purchase, what was purchased, or the individual purchase prices. 

Even though this system doesn’t involve sharing of individual users’ personal data, an obvious question I’ve been asked many times over the last couple of days is: “Where did I give permission for my purchase data to be involved in a program like this at all, even if it’s only in aggregated and unidentified forms?”

Frankly, that’s a question for the bank or other financial institution that issues your credit or debit card — they’re the ones that have written their own foundational privacy policies. 

But my sense is that Google has bent over backwards to deploy their new system with additional layers of user privacy protections that go far beyond the typical privacy policies of those institutions themselves.

My bottom line on all this is that, yeah, I understand why many persons are feeling a bit nervous about this kind of system. But in the real world, we still need advertising to keep the Web going, and when a firm has jumped through the hoops as Google has done to increase the value of their advertising without negatively impacting user privacy in the process, I really don’t have any privacy or other associated concerns.

I only wish that all firms showed this degree of diligence.

Don’t hold your breath waiting for that.

–Lauren–

Originally posted November 13, 2011

Around four decades ago or so, at the U.S. Defense Department funded ARPANET’s first site at UCLA — what would of course become the genesis of the global Internet — I spent a lot of time alone in the ARPANET computer room. I’d work frequently at terminals sandwiched between two large, noisy, minicomputers, a few feet from the first ARPANET router — Interface Message Processor (IMP) #1, which empowered the “blindingly fast” 56 Kb/s ARPANET backbone. Somewhere I have a photo of the famous “Robby the Robot” standing next to that nearly refrigerator-sized cabinet and its similarly-sized modem box.

I had a cubicle I shared elsewhere in the building where I also worked, but I kept serious hacker’s hours back then, preferring to work late into the night, and the isolation of the computer room was somehow enticing.

Even the muted roar of the equipment fans had its own allure, further cutting off the outside world (though likely not particularly good for one’s hearing in the long run).

Occasionally in the wee hours, I’d shut off the room’s harsh fluorescent lights for a minute or two, and watch the many blinking lights play across the equipment racks, often in synchronization with the pulsing and clicking sounds of the huge disk drives.

There was a sort of hypnotic magic in that encompassing, flickering darkness. One could sense the technological power, the future coiled up like a tight spring ready to unwind and energize many thousands of tomorrows.

But to be honest, there was little then to suggest that this stark room — in conjunction with similar rooms scattered across the country at that time — would trigger a revolution so vast and far-reaching that governments around the world, decades later, would cower in desperate efforts to leash it, to cage its power, to somehow turn back the clock to a time when communications were more firmly under the thumbs of the powers-that-be.

There were some clues. While it was intended that the ARPANET’s resource sharing capabilities would be the foundation of what we now call the “cloud,” the ARPANET was (somewhat to the consternation of various Defense Department overseers) very much a social space from the beginning.

Starting very early on, ARPANET communications began including all manner of personal discussions and interests, far beyond the narrow confines of “relevant” technical topics. A “wine tasting enthusiasts” mailing list triggered reprimands from DoD when it became publicly known thanks to a magazine article, and I won’t even delve here into the varied wonders of the “network hackers” and “mary hartman” mailing lists.

In fact, the now ubiquitous mailing list “digest” format was originally invented as a “temporary” expedient when “high volumes” of traffic (by standards of the time) threatened the orderly distribution of the science-fiction and fantasy oriented “sf-lovers” mailing list. Many other features that we take for granted today in email systems were created or enhanced largely in reaction to these sorts of early “social” communications on the very young Net.

The early ARPANET was mostly restricted to the U.S., but as international points began to come online the wonders expanded. I still remember the day I found myself in a “talk” (chat) link with a party at a military base in Norway — my first international live contact on the Net that I knew of. I remember thinking then that someday, AT&T was going to start getting concerned about all this.

The power of relatively unfiltered news was also becoming apparent back then. One of my projects involved processing newswire data (provided to me over the ARPANET on a friendly but “unofficial” basis from another site) and building applications to search that content and alert users (both textually and via a synthesized voice phone-calling system — one of my other pet projects) about items of interest.

For much of the Net’s existence, both phone companies and governments largely ignored (or at least downplayed) the ARPANET, even as it evolved toward the Internet of today.

AT&T and the other telcos had explicitly expressed disinterest early on, and even getting them to provide the necessary circuits had at times been a struggle. Governments didn’t really seem to be worried about an Internet “subculture” that was limited mostly to the military, academia, and a variety of “egghead” programmers variously in military uniforms and bell-bottoms, whether sporting crew cuts, scruffy longhairs, or somewhere in-between.

But with the fullness of time, the phone companies, cable companies, governments, and politicians galore came to most intensely pay attention to the Internet, as did the entertainment industry behemoths and a broad range of other “intellectual property” interests.

Their individual concerns actually vary widely at the detailed level, but in a broader context their goals are very much singular in focus.

They want to control the Internet. They want to control it utterly, completely, in every technologically possible detail (and it seems in various technically impossible ways as well).

The freedom of communications with which the Internet has empowered ordinary people — especially one-to-many communications that historically have been limited to governments and media empires themselves — is viewed as an existential threat to order, control, and profits — that is, to historical centers of power.

Outside of the “traditional” aspects of government control over their citizenries, another key element of the new attempts to control the Net are desperate longings by some parties to turn back the technological clock to a time when music, movies, plus other works could not so easily be duplicated and disseminated in both “authorized” and “unauthorized” fashions.

The effective fall of copyright in this context was preordained by human nature (we are physical animals, and the concept of non-physical “property” plays against our natures) and there’s been a relentless “march of bits” — with text, music, and movies entering the fray in turn as ever more data could be economically stored and transferred.

In their efforts to control people and protect profits, governments and associated industries (often in league with powerful Internet Service Providers — ISPs — who in some respects are admittedly caught in the middle), seem willing to impose draconian, ultimately fascist censorship, identification, and other controls on the Internet and its users, even extending into the basic hardware in our homes and offices.

I’ve invoked fascism in this analysis, and I do not do so lightly.

The attacks on fundamental freedoms to communicate that are represented by various government repression of the Internet around the world, and in the U.S. by hypocritical legislation like PROTECT IP and SOPA (E-PARASITE), are fundamentally fascist in nature, despite between wrapped in their various flags of national security, anti-piracy profit protection, motherhood, and apple pie.

Anyone or anything that is an enabler of communications not willingly conforming to this model are subject to attack by authorities from a variety of levels — with the targets ranging from individuals like you and me, to unbiased enablers of organic knowledge availability like Google.

For all the patriotic frosting, the attacks on the Internet are really attacks on what has become popularly known as the 99%, deployed by the 1% powers who are used to having their own way and claiming the largest chunks of the pie, regardless of how many ants (that’s us!) are stomped in the process.

This is not a matter of traditional political parties and alliances. In the U.S., Democrats and Republican legislators are equally culpable in these regards.

This is a matter of raw power that transcends other ideologies, of the desire of those in control to shackle the Internet to serve their bidding, while relegating free communications for everyone else to the dustbin of history.

It is very much our leaders telling us to sit down, shut up, and use the Internet only in the furtherance of their objectives — or else.

To me, these are the fundamental characteristics of a fascist world view, perhaps not in the traditional sense but clearly in the ultimate likely impacts.

The Internet is one of the most important tools ever created by mankind. It certainly ranks with the printing press, and arguably in terms of our common futures on this tiny planet perhaps even with fire.

The question is, are we ready and willing to fight for the Net as it should be in the name of civil rights and open communications? Or will we sit back compliantly, happily gobble down the occasional treats tossed in our direction, and watch as the Internet is perverted into a monstrous distortion to control speech and people alike, rather than enabling the spread of freedom.

Back in that noisy computer room so many years ago, I couldn’t imagine that I was surrounded by machines and systems that would one day lead to such a question, and to concerns of such import.

The blossoming we’ve seen of the Internet was not necessarily easy to predict back then. But the Internet’s fascist future is much more clear, unless we fight now — right now — to turn back the gathering evil.

–Lauren–

–Lauren–