Boom! Anti-Google Propaganda Fills My Inbox!

Well, this is interesting. Shortly after I yesterday announced my new “Questions I’m Asked About Google” live video streams — still currently scheduled to launch 10:30 AM PDT (GMT-7, 17:30 UTC) tomorrow morning (June 7) — than my main inbox began flooding with anti-Google hate mail. It can’t be coincidental, and some of it appears to be coordinated.

For more information about this new live streaming effort, including links for viewing, asking questions, and directly participating, please see:

https://lauren.vortex.com/2017/06/05/announcing-questions-im-asked-about-google-live-video-streams

I had been debating whether or not I should address (e.g. “rant”) at the start of these streams about current crazy stories attacking Google. Now I don’t see how I can reasonably avoid doing this. OK, if that’s the way it’s gotta be!

Two of the beauts I’m considering touching on tomorrow morning relate to this email deluge over the last 24 hours.

One is messages I’m receiving about an article on a wacko (but relatively major) anti-Muslim site, that usually spends much of their time trying to sell the false story that Google Search “favors” Islam. Well, now they’re even upset about Google Doodles.

They claim that Google celebrated the oppression of women with a home page Doodle of a “Disneyfied veiled Muslima” on 31 May. So I had to go back and dig this one up.

Typical fake news bull being passed around as if it were real. The Doodle in question showed a representation of famed female architect Zaha Hadid, who won the Pritzker Architecture Prize on that day in 2004. And she’s not wearing a veil.

Not even close, anti-Muslim idiots.

Then I started digging through all the hate mail being triggered by an inflammatory new article in “The Intercept” (nope, I’m not giving them any link juice!) which falsely asserts evil in Google’s plans for an ad blocking system for obnoxious ads (to be deployed in their Chrome browser), in conjunction with their upcoming full launch of “Funding Choices” (which is actually a direct descendant of their now discontinued “Google Contributor” system).

Unfortunately, Google (as is all too typical with them in many cases) has not explained this very well, which creates a vacuum that deceptive articles like those from “The Intercept” fill with their own propaganda, and then the false conspiracy theories take flight en masse.

So I guess I’ll probably need to touch on this area as well tomorrow morning.

Yep, we’ll see how it goes. Please let me know if you have any questions and/or wish to participate, and again for more info (including possible scheduling provisos), please see:

https://lauren.vortex.com/2017/06/05/announcing-questions-im-asked-about-google-live-video-streams

Thanks all.

–Lauren–

Announcing: “Questions I’m Asked About Google” Live Video Streams

Every day, for many years now, my email inbox has been loaded down with questions that relate to Google, one way or another. Even with my collection of “canned” responses for the most common questions, there’s significant effort involved in dealing with these queries effectively — and I don’t consider simply ignoring them to be an ethical option.

So let’s see if we can leverage some Google 21st century tech in these regards.

Inspired by Google’s own John Mueller’s excellent Webmaster Central video hangouts, I’m experimentally launching a similar live video program (with archived versions available for later viewing on YouTube), that I’m calling “Questions I’m Asked About Google” (QIAAG).

The first of my live QIAAG programs is currently scheduled for this coming Wednesday, June 7, at 10:30 AM PDT (GMT-7, 17:30 UTC). I’m aiming for a half hour length or so, but I’ll be playing it by ear.

The main topic for the debut program is Google Account issues — protection, recovery, problems, solutions, killing off some false rumors, and more regarding these critical gateways to pretty much everything you do with Google. You’re not limited to asking questions on this particular subset of Google-related topics by any means, but this is my primary focus for the first stream.

John provides Google’s answers to webmaster queries mostly related to how webmasters interact with Google for the best search results and avoidance of related problems.

My program is decidedly unofficial. It is not being conducted in concert with Google, and while I have in the past consulted to Google, everything I discuss will of course be based on public information.

That said, when I examine the depth and breadth of the sorts of queries I receive about Google services (everything from Gmail to YouTube and beyond), from Google users who often feel that they have been unable to get answers that they can readily understand from Google itself, I believe my effort may be able to help at least a little bit.

I’ll be doing these programs live (“these” assumes more than one — we’ll see how it goes!) to facilitate interaction with viewers who want to join the live hangouts directly or otherwise submit questions during the program itself. An additional advantage of conducting these live is that this undercuts my natural tendency toward lengthy editing of prerecorded material.

Again, when the live streams end they will be available for later viewing on YouTube. You can view the live or archived programs, or submit questions, without being logged into Google. If you wish to participate in the live hangouts themselves, you must be logged in, of course.

There are several main links involved with these programs.

The link to view the live stream on YouTube at its scheduled time, or the archived version until a few days before the next live stream:

https://vortex.com/live

After this link switches to the next live program, the previously archived programs will continue to be available via their native YouTube URLs, at the associated YouTube channel:

https://youtube.com/vortextech

To ask Google/YouTube/etc. questions at any time (including during the live streams), please use the form at:

https://vortex.com/questions

Prior to shows, you can also email me questions at:

lauren@vortex.com

If you with to join in and participate in the live video hangouts, the link is:

https://vortex.com/join

This link will go active for the upcoming current hangout very shortly before the show. You can also email me letting me know if you wish to participate.

Please always use these links when possible, since the URLs of the pages to which they actually redirect may be updated at any time.

That’s pretty much the story. The first live stream is definitely subject to scheduling changes if I run into unforeseen problems, though right now the technical logistics seem pretty well nailed down. If there are postponements or other scheduling changes, the main links above will redirect to pages giving more information. The length of these programs, and the scheduling of additional programs going forward, will depend on whether or not they seem to be usefully contributing to helping folks with these Google-related kinds of issues. 

I look forward to your participation. Your thoughts, questions, or comments are most welcome. Thanks!

Be seeing you.

–Lauren–

Google Security’s User Confusion Continues

As I’ve noted many times, Google has world-class security and privacy teams. Great people.

But at least judging from the Google-related queries I get in my inbox every day, Google’s expanding efforts to warn users about perceived security issues are sowing increasing confusion and in some cases serious concerns, especially among nontechnical users who depend upon Google’s products and services in their daily lives.

A new example popped up today that I’ll get to in a moment, but I’ve been discussing these issues for quite a while, e.g.:

“When Google’s Chrome Security Warnings Can Do More Harm Than Good” –https://lauren.vortex.com/archive/001157.html

and:

“Here’s Where Google Hid the SSL Certificate Information That You May Need” –
https://lauren.vortex.com/2017/01/28/heres-where-google-hid-the-ssl-certificate-information-you-may-need

In a nutshell, Google’s continuing efforts at increasing user security — while utterly justifiable at the technical level — continue to marginalize many users who don’t really understand what Google is doing, are confused by Google’s security and other warnings, can’t effectively influence websites with “poor” security to make security improvements, and have no alternatives to accessing those sites in any case.

These are real people — I believe many millions of them — and I do not believe that Google really understands how important they are and how Google is leaving them behind.

Today brought yet another illustrative example that yes, even confused me for a time.

It involves cat food.

A friend forwarded me an email from PetSmart that included a link for an individualized 30% off coupon that they intended to use to buy cat food. That’s a damned good coupon, especially for those of us who aren’t rolling in dough. I wish I had a coupon like that today for Leela the Siamese Snowshoe.

The concern with this email was that every time the user clicked on the link in Gmail to access the site where the coupon could be printed, Gmail popped a modal security warning:

“Suspicious link – This link leads to an untrusted site. Are you sure you want to proceed to click email-petsmart.com?”

You can see a screenshot at the bottom of this post.

The obvious questions: What the hell does “suspicious link” mean in this context? What does Google mean by “untrusted site” in this scope?

There are no links to explanations, and if you Google around you can find lots of people asking similar questions about this class of Gmail warning, but no definitive answers, just lots of (mostly uninformed) speculation.

So I spent about 15 minutes digging this one down. Is email-petsmart.com a phishing domain targeting PetSmart users? Apparently not. It’s registered to ExactTarget, Inc. and has been registered since 2012. So while there’s no obvious authoritative mention of PetSmart there, my experience leads me to believe that they’re most likely a legit marketing partner of PetSmart, providing those emails and coupon services.

Of course, I still have no information about why Google is tagging them as suspicious. Is it the lack of https: security on the URL? Is it some aspect of their email-petsmart naming schema?

Damned if I know. Google isn’t telling me. And how would the average non-techie be expected to unravel any of this?

I told the user to go ahead and click the link. They got their coupon. Their kitties should be happy.

I’m not happy.

In the real world, most users don’t understand this stuff at the level they need to make truly informed decisions. So they’re forced — simply to get on with their lives every day — to click through such warnings blindly, to get to where they need to go.

And make no mistake about it, these kinds of scenarios are teaching these users absolutely abysmal security habits.

Google is terrific at tech. But Google is still struggling when it comes to understanding the broad range of their users and those users’ needs — particularly the non-techies — and especially how to communicate with those users effectively.

Google can do much better.

–Lauren–

Fighting Government Crippled Encryption by Turning It Off Entirely!

Within hours of the terrible terrorist attack in Manchester earlier this week, UK politicians were already using the tragedy as a springboard to push their demands that Internet firms cripple their encryption systems and deploy a range of other Orwellian measures that would vastly weaken the privacy and security of honest citizens — while handing terrorists and other criminals the keys to our private lives, including our financial and other personal information.

This same thuggish mindset is taking root in other parts of the world, often combined with hypocritical “data localization” requirements designed to make individual nations’ citizens as vulnerable as possible to domestic surveillance operations.

There are basically four ways in which firms can react to these draconian government demands.

They could simply comply, putting their users at enormous and escalating risk, not only from government abuse but also from criminals who would exploit the resulting weak encryption environments (while using “unapproved” strong encryption to protect their own criminal activities). We could expect some firms to go this route in an effort to protect their financial bottoms lines, but from an ethical and user trust standpoint this choice is devastating.

Firms could refuse to comply. Litigation might delay the required implementation of crippled encryption, or change some of its parameters. But in the final analysis, these firms must obey national laws where they operate, or else face dramatic fines and other serious sanctions. Not all firms would have the financial ability to engage in this kind of battle — especially given the very long odds of success.

Of course, firms could indeed choose to withdraw from such markets, perhaps in conjunction with geoblocking of domestic users in those countries to meet government prohibitions against strong encryption. Pretty awful prospects.

There is another possibility though — that I’ll admit up front would be highly controversial. Rather than crippling those designated encryption systems in those countries under government orders, firms could choose to disable those encryption systems entirely!

I know that this sounds counterintuitive, but please hang with me for a few minutes!

In this context we’re talking mainly about social media systems where (at least currently) there are no government requirements that messages and postings be encrypted at all. For example, we’re not speaking here of financial or medical sites that might routinely have their own encryption requirements mandated by law (and frankly, where governments usually already have ways of getting at that data).

What governments want now is the ability to spy on our personal Internet communications, in much the same manner as they’ve long spied on traditional telephone voice communications.

An axiom of encryption is that in most situations, weak encryption can be much worse for users than no encryption at all! This may seem paradoxical, but think about it. If you know that you don’t have any encryption at all, you’re far more likely to take care in what you’re transmitting through those channels, since you know that they’re vulnerable to spying. If you believe that you’re protected by encryption, you’re more likely to speak freely.

But the worst case is if you believe that you’re protected by encryption but you really aren’t, because the encryption system is purposely weak and crippled. Users in this situation tend to keep communicating as if they were well protected, when in reality they are highly vulnerable.

Perhaps worse, this state of affairs permits governments to give lip service to the claim that they favor encryption — when in reality the crippled encryption that they permit is a horrific security and privacy farce.

So here’s the concept. If governments demand weak encryption, associated legal battles have ended, and firms still want to serve users in the affected countries, then those firms should consider entirely disabling message/posting encryption on those social media platforms in the context of those countries — and do so as visibly and loudly as possible.

This could get complicated quickly when considering messages/posts that involve multiple countries with and without encryption restrictions, but basically whenever user activities would involve nations with those restrictions, there should be warnings, banners, perhaps even some obnoxious modal pop-ups — to warn everyone involved that these communications are not encrypted — and to very clearly explain that this is the result of government actions against their own citizens. 

Don’t let governments play fast and loose with this. Make sure that users in those countries — and users in other countries that communicate with them — are constantly reminded of what these governments have done to their own citizens.

Also, strong third-party encryption systems not under government controls would continue to be available, and efforts to make these integrate more easily with the large social media firms’ platforms should accelerate.

This is all nontrivial to accomplish and there are a variety of variations on the basic concept. But the goal should be to make it as difficult as possible for governments to mandate crippled encryption and then hypocritically encourage their citizens to keep communicating on these systems as if nothing whatever had changed.

We all want to fight terrorism. But government mandates weakening encryption are fundamentally flawed, in that over time they will not be effective at preventing evildoers from using strong encryption, but do serve to put all law-abiding citizens at enormous risk.

We must resist government efforts to paint crippled encryption targets on the backs of our loved ones, our broader societies, and ourselves.

–Lauren–