WARNING: Antivirus sites may be helping to SPREAD the current global malware ransomware (WannaCry) attack!

It has been reported that a researcher discovered that spread of the current worldwide ransomware attack can be halted after he registered the domain:

iuqerfsodp9ifjaposdfjhgosurijfaewrwergwea.com

and built a sinkhole website that the malware could check. Reportedly the malware does not continue spreading if it can reach this site. HOWEVER, various antivirus websites/services are now reportedly adding that domain to their “bad domain” lists! If sites infected with this malware are unable to reach that domain due to their firewalls incorporating rules from antivirus sites that include a block for that domain, the malware will likely continue spreading across their vulnerable computers (which must also still be patched to avoid infection by similar exploits). Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I’m receiving!

–Lauren–

Announcing the “Google Issues” Mailing List

UPDATE (12 May 2017): Readers have been asking me about this new list’s scope. To be clear, it is not an “announcement-only” list. Reader participation is very much encouraged, including Google-related questions. Thanks again!

– – –

Nobody can accuse me of starting too many Internet mailing lists. My existing lists (PRIVACY Forum, PFIR, and NNSquad) have been running continuously on the order of 26, 19, and 11 years respectively. Remarkably, I routinely get notes from subscribers who have been on these lists since their creation and claim to have been reading all of my associated messages — apparently without suffering any obvious brain damage to date.

Even relatively new readers will know by now that postings relating to Google have long been a very frequent component of these lists, and of my blog (which itself is around 14 years old).

The volume of Google-related postings seems likely to only be increasing. So with hopefully only relatively minor risk to the spacetime continuum, I have created a new mailing list to deal exclusively with all manner of Google-centric issues (and associated Alphabet, Inc. topics as well).

The subscription page (and archive information) for this new moderated mailing list is at:

https://vortex.com/google-issues

While a variety of postings specific to Google will continue to appear in my other mailing lists as well, this new list is my intended venue for additional wide-ranging discussions and other postings related to Google and Alphabet, that I believe will be of ongoing interest — much of which will not appear in my other lists.

Google of course has no role in the operation of my lists or blog, and while I have consulted to them in the past I am not currently doing so — all of my opinions expressed in my lists and other venues are mine alone.

I’m looking forward to seeing you over on the Google Issues mailing list!

Thanks very much.

–Lauren–

Google’s Achilles’ Heel

A day rarely passes when somebody doesn’t send me a note asking about some Google-related issue. These are usually very specific cases — people requesting help for some particular Google product or often about account-related issues. Sometimes I can offer advice or other assistance, sometimes I can’t. Occasionally in the process I get pulled into deeper philosophical discussions regarding Google.

That’s what happened a few days ago when I was asked the straightforward question: “What is Google’s biggest problem?”

My correspondent apparently was expecting me to reply with a comment about some class of technical issues, or perhaps something about a security or privacy matter. So he was quite surprised when I immediately suggested that Google’s biggest problem has nothing per se to do with any of those areas at all.

Google’s technology is superb. Their privacy and security regimes are first-rate and world class. The teams that keep all those systems going are excellent, and I’ve never met a Googler that I didn’t like (well … hardly ever). It’s widely known that I take issue with various aspects of Google’s user support structure and user interface designs, but these are subject to improvement in relatively straightforward ways.

No, Google’s biggest problem isn’t in any of these areas.

Ironically, while Google has grown and improved in so many ways since its founding some 18 years ago, the big problem today remains essentially the same as it did at the beginning.

To use the vernacular, Google’s public relations — their external communications — can seriously suck.

That is not to suggest that the individuals working Google PR aren’t great people. The problem with Google PR is — in my opinion — a structural, cultural dilemma, of the sort that can be extremely difficult for any firm to significantly alter.

This is a dangerous state of affairs, both for Google and its users. Effective external communications ultimately impact virtually every aspect of how individuals, politicians, and governments view Google services and Google itself more broadly. In an increasingly toxic political environment around the world, Google’s institutional tendency —  toward minimal communications in so many contexts — creates an ideal growth medium for Google adversaries and haters to fill the perceived information vacuum with conspiracy theories and false propaganda.

For example, I recently posted Quick Tutorial: Deleting Your Data Using Google’s “My Activity” — which ended up appearing in a variety of high readership venues. Immediately I started seeing comments and receiving emails questioning how I could possibly know that Google was telling the truth about data actually being deleted, in many cases accompanied by a long tirade of imagined grievances against Google. “How can you trust Google?” they ask.

As it happens I do trust Google, and thanks to my period of consulting to them several years ago, I know how these procedures actually operate and I know that Google is being accurate and truthful. But beyond that general statement all I can say is “Trust me on this!”

And therein lies the heart of the dilemma. Only Google can speak for Google, and Google’s public preference for generalities and vagueness on many policy and technical matters is all too often much deeper than necessary prudence and concerns about “Streisand Effect” blowbacks would reasonably dictate.

Google’s external communications problem is indeed their “Achilles’ Heel” — a crucial quandary that if left unchanged will increasingly create the opportunity for damage to Google and its users, particularly at this time when misinformation, government censorship, and other political firestorms are burning widening paths around the globe.

Institutionally entrenched communications patterns cannot reasonably be changed overnight, and a great deal of business information is both fully appropriate and necessary to keep confidential.

But in the case of Google, even a bit more transparency in external communications could do wonders, by permitting the outside world to better understand and appreciate the hard work and diligence that makes Google so worthy of trust — and by leaving the Google haters and their lying propaganda in the dust.

–Lauren–

YouTube’s Dangerous and Sickening Cesspool of “Prank” and “Dare” Videos


Before we delve into a particularly sordid layer of YouTube and its implications to individuals, society at large, and Google itself, I’ll make my standard confession. Overall, I’m an enormous fan of YouTube. I consider it to be one of the wonders of the 21st century, a seemingly limitless wellspring of entertainment, education, nostalgia, and all manner of other positive traits that I would massively miss if YouTube were to vanish from the face of the Earth. I know quite a few of the folks who keep YouTube running at Google, and they’re all great people.

That said, we’re increasingly finding ourselves faced with the uncomfortable reality that Google has seemingly dragged its collective feet when it comes to making sure that their own YouTube Terms of Service are equitably and appropriately enforced.

I’ve talked about an array of aspects relating to this problem over the years — including Content ID and copyright issues; YouTube channel suspensions, closures, and appeal procedures; and a long additional list that I won’t get into here again right now, other than to note that at Google/YouTube scale, none of this stuff is trivial to deal with properly, to say the least.

Recently the spotlight has been on YouTube’s hate speech problems, which I’ve discussed in What Google Needs to Do About YouTube Hate Speech and in a variety of other posts. This issue in particular has been in the news relating to the 2016 election, and due to a boycott of YouTube by advertisers concerned about their ads appearing alongside vile hate speech videos that (by any reasonable interpretation of the YouTube Terms of Service) shouldn’t be permitted on the platform in the first place.

But now I’m going to lift up another damp rock at YouTube and shine some light underneath — and it’s not pretty under there, either.

The issue in focus today is YouTube’s vast cornucopia of so-called “prank” – “dare” – “challenge” (PDC) videos, which range from completely innocuous and in good fun, to an enormous array of videos portraying vile, dangerous, harmful, and often illegal activities.

You may never have experienced this particular YouTube subculture. YouTube’s generally excellent recommendation engine tends to display new videos that are similar to the videos that you’ve already viewed, so unless you’ve looked for them, you could be completely forgiven for not even realizing that the entire PDC YouTube world even existed. But once you find them, YouTube will make sure that you’re offered a bountiful supply of new ones on a continuing basis.

This category of YouTube videos was flung into the mainstream news over the last few days, with a pair of egregious (but by no means isolated) examples.

In one case, a couple lost custody of young children due to an extensive series of horrific, abusive, “prank” videos targeting those children — that they’ve been publishing on YouTube over a long period. They’re now arguing that the abuse was “faked” — that the children agreed to do the videos, and so on.

But those claims don’t change the outcome of the equation — not in the least. First, young children can’t give meaningful, independent consent in such situations.

And here’s a key point that applies across the entire continuum of these YouTube videos — it usually doesn’t matter whether an abusive prank is faked or not. The negative impact on viewers is the same either way. Even if there is a claim that a vile “prank” was faked, how are viewers to independently judge the veracity of such a statement in many cases?

An obvious example category includes the YouTube “shock collar” prank/challenge videos. What, you didn’t know about those? Just do a YouTube search for:

shock collar

and be amazed. These are at the relative low end of the spectrum — you’re not terribly likely to be seriously injured by a shock collar, but there are indeed some nightmarish exceptions to that generalization.

So in this specific category you’ll find every imaginable combination of people “pranking” each other, challenging each other, and otherwise behaving like stupid morons with electricity in contact with their bodies.

Are all of these videos legit? Who the hell knows? I’d wager that some are faked but that most are real — but again as I noted above, whether or not such videos are faked or not isn’t the real issue. Potential copycats trying to outdo them won’t know or care.

Even if we consider the shock collar videos to be on the lower end of the relative scale under discussion, it quickly becomes obvious why such videos escalate into truly horrendous activities. Many of these YouTube channel operators openly compete with each other (or at least, claim to be competing — they could be splitting their combined monetization revenue between themselves for all we can tell from the outside) in an ever accelerating race to the bottom, with ever more vile and dangerous stunts.

While one can argue that we’re often just looking at stupid people voluntarily doing stupid things to each other, many of these videos still clearly violate Google’s Terms of Service, and it appears, anecdotally at least, that the larger your subscriber count the less likely that your videos will be subjected to a rigorous interpretation of those terms.

And then we have another example that’s currently in the news — the YouTube channel operator who thought it would be a funny “prank” to remove stop signs from intersections, and then record the cars speeding through. Not much more needs to be said about this, other than the fact that he was ultimately arrested and felony charged. Now he’s using his YouTube channel to try drum up funds for his lawyers.

One might consider the possibility that since he was arrested, that video might serve as an example of what others shouldn’t do. But a survey of “arrested at the end of doing something illegal” videos and their aftermaths suggests that the opposite result usually occurs — other YouTube channel operators are instead inspired to try replicate (or better yet from their standpoints, exceed) those illegal acts — without getting caught (“Ha ha! You got arrested, but we didn’t!”).

As in the case of YouTube hate speech, the key here is for Google to seriously and equitably apply their own Terms of Service, admittedly a tough (but doable!) job at the massive scale that Google and YouTube operate.

To not act proactively and effectively in this area is too terrible to risk. Non-USA governments are already moving to impose potentially draconian restrictions and penalties relating to YouTube videos. Even inside the USA, government crackdowns are possible since First Amendment protections are not absolute, especially if the existing Terms of Service are seen to be largely paper tigers.

These problems are by no means isolated only to YouTube/Google. But they’ve been festering below the surface at YouTube for years, and the public attention that they’re now receiving means that the status quo is no longer tenable.

Especially for the sake of the YouTube that I really do love so much, I fervently hope that Google starts addressing these matters with more urgency and effectiveness, rather than waiting for governments to begin disastrously dictating the rules.

–Lauren–

Quick Tutorial: Deleting Your Data Using Google’s “My Activity”

Since posting The Google Page That Google Haters Don’t Want You to Know About last week, I’ve received a bunch of messages from readers asking for help using Google’s “My Activity” page to control, inspect, and/or delete their data on Google.

The My Activity portal is quite comprehensive and can be used in many different ways, but to get you started I’ll briefly outline how to use My Activity to delete activity data.

Some words of warning, however. You cannot revoke deletions once they’ve been made, and deleting your data on Google can negatively affect how well those services will perform for you going forward, since you’ll be moving back toward “generic” interactions, rather than customized ones. So do think carefully before performing broad deletions! (I know that I’d be lost without my YouTube watch history, for example …)

OK, let’s get started.

First, go to:

https://google.com/myactivity

If you’re not logged into a Google account, do so now. Once you’re logged in, you can use the standard account switcher (clicking on the picture or letter at the page upper right) to change accounts.

What you should now see is a reverse chronological list of your activity when logged into that Google account, which you can scroll down starting with Today and working backwards.

If you click on the three vertical dots (henceforth, “the dots”) at a Google service type entry (e.g. Search), you can choose to expand the detailed entries for that level for that date, or delete those entries. If you click on the dots on the Today bar itself, you can choose to delete ALL of the activity entries for Today.

The real power of the My Activity interface comes into play when you click in the upper Search/Filter “by date & product” area.

After you’ve done this, you can activate the search bar by clicking in the bar and typing something, or (my personal preference) by unchecking “All products” further down.

Now you can search for activity entries filtered by product type and/or date as you’ve specified. To avoid over-deletion, I strongly recommend not selecting many product types at the same time! (When you click on specific products, the “All products” entry will automatically be unchecked.)

Once you’ve selected at least one specific product type, the Search bar will activate and the “perform this search” magnifying glass icon at the right of the bar will turn dark blue.

You can type queries into the bar to find specific entries, or you can just click on the magnifying glass without a query to list all entries for the selected Google products. If you haven’t changed the “Filter by date” settings at the top to narrow down the dates, the search will cover the default “All time” activity list for those products.

The scrollable page that results from such queries is similar in structure to what you saw for the earlier page that started with Today, and you can interact with it to get more details or delete entries in the same ways.

But look again at the top Search bar now. If you click on the dots at the right of that white Search bar that appears after a query, you’ll see that you now have a “Delete results” option.

You wanted power over your data on Google? Well, you’ve got it. Because if you click “Delete results” it will remove EVERY activity result from that query (or from an empty query entry that lists all results for the specified products). That can mean deleting every activity result from all of the selected products, going back to the relative dawn of time.

My Activity gives you extraordinary power over what sorts of activity data will be collected for your Google accounts, and as we’ve seen the ability to delete data using a variety of parameters and searches. It’s quite a technological work of art.

But again, be careful before invoking these powers. Remember, you can’t undo My Activity deletions. Or to use an old film analogy that many of you might recognize, if you’re going to use powerful incantations like “Klaatu barada nikto” — make damned sure that you pronounce them correctly!

–Lauren–