A Googler’s Leaked Google “Diversity” Manifesto — Lose-Lose-Lose

Views: 2114

UPDATE (August 9, 2017):  Here’s My Own Damned “Google Manifesto”

UPDATE (August 7, 2017):  Audio from My Radio Discussion About the Leaked Google “Diversity” Manifesto Controversy

– – –

The topic of the leaked — and already widely viewed and discussed — Google “diversity” document (an internal opinion “manifesto” authored by a single Googler, not a statement of Google policy) is sufficiently depressing that I’m already getting tired of the queries I’m receiving about it.

I view the leak itself as an extraordinarily serious breach of trust. This breach stands apart from a separate issue — was it appropriate for such a missive to have been written and disseminated even in Google’s extraordinarily frank and open internal discussion ecosystem? That discussion environment overall provides major benefits to Google and ultimately to its users.

While the issues are separate, they together create a cascade of damage, a true lose-lose-lose situation.

It seems impossible to tease out any positive aspects from the manifesto. Even if we leave aside its foundational and the other fallacies which permeate its structure, any reasonable, dispassionate observer would predict that such a document could only do damage — not only to individuals but potentially to Google itself if it was propagandized by Google Haters — which now indeed seems to be the case if I judge by various of the queries filling my inbox.

Enough such damage would have been done if the manifesto had stayed purely internal to Google. That such an inflammatory document might have been expected to have a significant risk of being leaked does not in any way excuse the leaking, which has poured a tanker car of gasoline onto the already blazing fire.

What perhaps saddens me the most about this situation is that I’ve seen similar twisted, sexist claims — as in that Googler’s manifesto — so many times over the years. For all our talk, for all our efforts, such malignant views continue to persist. In the age of negative role models from vile sociopaths like Donald Trump, they may even be expanding.

I touched on some of this several years ago in “Meet the Guys: The Jerks of Computer Science” (https://lauren.vortex.com/2017/02/27/meet-the-guys-the-jerks-of-computer-science) several years ago, and I am unconvinced that the situation described there has improved in any notable aspect to date.

And all of this — both the abominable manifesto itself and the leaking of same — gives me the strong urge to punch my fists into my screens and pray for the aliens to show up to put Earth out of its misery.

But we can’t always have a happy ending.

Be seeing you.


Beware the Browser Extensions Privacy Trap!

Views: 3381

There’s a story going around currently about a group of researchers who claim to have de-anonymized a variety of browser users’ search data. The fact that proper anonymization of data is a nontrivial task is quite well known. Sloppy “anonymization” can be effectively as bad as no anonymization at all.

But the interested observer might wonder … where did these researchers get their search data in the first place?

It turns out that the main source of this data are the individuals or firms behind third-party browser extensions and apps, which provide or sell the user data that they collect to data brokers and to other entities.

And so we open up a very big can of worms.

The major browsers (e.g., Google’s Chrome) provide various means for users to install extensions and applications (also known as “add-ons” or “plugins” or “apps”) to extend browser functionalities. While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by such add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained.

Ironically, some of these add-on extensions and apps claim to be providing more security, while actually undermining the intrinsic security of the browsers themselves. Others (and this is an extremely common scenario) claim to be providing additional search or shopping functionalities, while actually only existing to silently collect and sell user browsing activity data of all sorts.

The manner in which these apps and extensions end up being installed can be insidious, and relates to the fundamental complexity of the underlying security models, which are not understood by the vast majority of users, especially non-techie users. For the record, similar confusion exists regarding smartphone app security models, e.g. for Android.

The bottom line is that most users, faced with a prompt to install an extension or app that claims to provide useful functions, will simply grant the requested permissions, no matter how privacy and/or security invasive those permission actually are.

And why should we expect these users to do anything differently? Expecting them to really understand what these permissions mean is ludicrous. We’re the software engineers and computer scientists — most users aren’t either of these. They have busy lives — they expect our stuff to just work, and not to screw them over.

I recently helped an older Chrome user whom I know clean out their Chrome browser on Windows 10. As is routine for me, I used Chrome Remote Desktop for this purpose (please see: “Google Asked Me How I’d Fix Chrome Remote Desktop — Here’s How!” – https://lauren.vortex.com/2017/07/24/google-asked-me-how-id-fix-chrome-remote-desktop-heres-how).

He must have had 25 or 30 “crap” extensions installed that I needed to individually remove (some of which appeared to have been “slave” extensions installed by other “master” extensions). He claimed not to have knowingly installed any of them. Almost certainly, these were all prompted installations at sites he visited once or twice, with which he could have easily interacted without installing any of these add-ons at all.

But these sites push users very hard to install these privacy-invasive, data sucking extensions, and as noted above most users will grant requested permissions, implicitly assuming that they’re protected by the browser itself.

Underlying browser security models can complicate the situation. For example, one of the most common — and most easily abused — categories of permissions requested by extensions and apps is one that grants read and write access to all data at all websites you visit — or even that *plus* all data on your computer!

Now, here’s the kicker. While these sorts of permissions are the golden ticket for abuse by crooked and sloppy extensions or apps, there are many legitimate, well-written add-ons that also require such permissions to operate.

But how is the average user to make a reasonable determination in this context, faced with a site urging them to install an add-on that is being portrayed as necessary? Most users don’t have a site reputation database at hand for reference — they just want to get on with what they’re trying to do online.

I will note here that I know of various corporate environments where security policies absolutely prohibit the installation of apps or extensions with such broad permissions, with few if any exceptions (e.g. unless they’re of internal origin and have passed rigorous internal security and privacy audits).

I don’t have a brilliant “magic wand” solution to this set of problems.

Personally, I install as few browser extensions and apps as possible unless I am absolutely confident in the reputation of their origins, and I absolutely minimize the installation of any add-ons that require broad permissions either to websites or the local machines. Sometimes there are situations where an app or extensions looks very useful and enticing — but I still need to say “no go” to them the vast majority of the time.

One last thing. I urge you to check right now to see what extensions and/or apps you have installed, and remove the ones that you don’t need (or worse, don’t even recognize). For most versions of Chrome, you can do this by entering on your browser address bar:




On the extension list, a little trash can at the right is where you click to remove an extension. On the app list page (page select is at the bottom of that page), right click to access the menu that includes a “Remove from Chrome” entry. On Chrome OS, you may not be able to access the app page(s) using the link above. If the link doesn’t work in this case, click on the white circle in the bottom of screen toolbar to bring up the app page.

Is this all too complicated? Yep, it sure is.

Be seeing you.


Google, Personal Information, and Star Trek

Views: 868

Rarely does a day go by when I don’t get an email from some outraged soul who has seen on some wacky site — or perhaps heard on a right-wing radio program somewhere — the lie that Google sells users’ personal information to advertisers. I got a phone call from one such person very recently — an individual who hardly would calm down enough for me to explain that they’d been bamboozled by the Google Haters.

‘Cause Google doesn’t sell your data. Not to advertisers, not to anyone else. But the falsehood that they do so is one of the most enduring of fabrications about Google.

To be sure, Google is partly responsible for the long life of this legend, because frankly they’ve never done a really good job of explaining for non-techies how the Google ad system works, and Google ad relevance is often so accurate that users naturally assume (again, falsely) that their browsing habits or other data were handed over to third parties.

Here’s what actually happens. Let’s say that you work in warp engine design and testing. So you’re frequently using Google to search for stuff like antimatter injectors and dilithium crystals.

Now you start seeing “top of page” search results ads from some mining operation on Rigel XII for exactly the raw crystals that you need, and at an attractive price with free shipping, too! (Yes Trekkies, I realize that in this early episode they were actually referred to as “lithium” crystals — go tell it to Spock.)

But you wonder: Did Google provide my search history to those ragtag and somewhat disreputable bachelor miners — out there on a planet that is so windy that you clean pots by hanging them out to be sandblasted?

How else could that ad have been targeted to me?

The answer is simple, and you don’t need a dose of Venus Drug to understand it. (OK, happy now, Trekkies?)

The miners create an ad that is aimed at users who are looking for warp drive paraphernalia, based on the logical keywords — like dilithium, for example.

When Google’s ad personalization algorithms detect that your search terms are relevant to that ad, Google displays it to you. The miners back on Rigel XII don’t even know that you exist at this point. They didn’t display the ad to you, Google did.

Now, if you proceed to click on their ad and visit the miners’ sale site, you’ll be providing more information to them, much as you would when visiting other sites around the Web.

But if you don’t click on the ad, there’s no connection between you and the advertiser.

And you don’t have to simply accept Google’s default handling of ad personalization. Over at:


you can change Google ad personalization settings or even disable ad personalization entirely.

So the next time that someone tries to fervently sell you the big lie that Google is selling your personal data, tell them that they’re wrong and that they’re a stick in the Mudd.

Be seeing you.


To Protect Global Free Speech, Google May Need to Take Some Drastic Actions

Views: 1270

Eleven and half or so years ago, a younger and more darkly bearded version of myself gave an invited talk at Google’s L.A. offices that I called “Internet & Empires” (https://www.youtube.com/watch?v=PGoSpmv9ZVc). Things were still pretty new there — I believe I was the first external speaker that they taped, and since there was no podium yet I presented the talk while sitting on the edge of a table (which actually turns out to work pretty well).

The talk had been scheduled well in advance, so it was a total coincidence that Google had earlier that day announced their (ultimately ill-fated) agreement with China to censor Chinese search results as demanded by the Chinese government.

I had already planned to talk about topics such as censorship and net neutrality. I even had managed to work in a somewhat pithy reference to the classic 1956 sci-fi film “Forbidden Planet” and the downfall of the Krell.

Back at the time of that talk, I was fairly critical of Google’s privacy and data management practices in some key respects. In ensuing years, Google evolved into a world-class champion for data privacy, user control over data, data transparency, and data portability. I’ve been honored to work with them and to put considerable thought into the complex ways that Google-related issues can be seen as proxies for critical policy issues affecting the entire Internet.

During the talk, I mentioned the newly announced China situation. I explained that while I understood the reasoning behind the decision to launch a censored version of Google Search for China (essentially, that some access to Google Search was better than none, and might help push China toward reforms), I suspected that this effort would end badly.

My main concern was based on history. Once authorities and governments start down the censorship path, they virtually always attempt to expand its reach, both in terms of content and geography. Government censorship is in many ways the classic example of the “camel’s nose under the tent” — you almost inevitably end up with a complete camel smashing everything inside.

And so it was with China and Google. China kept demanding more and more control, more and more censorship. Ultimately, Google reversed their decision, and wisely ceased participation in China’s vast censorship regime. Some other firms have not been as ethical as Google in this regard, and are still kowtowing to China’s censorship czars.

Fast forward to today. Depressingly, we find that in major respects the censorship and net neutrality issues that I discussed more than a decade earlier are in even worse shape now.

Dominant ISPs have been using dishonest political gamesmanship — often outright lies — to trample net neutrality, as if they weren’t already raking in the dough from often captive subscribers.

And in the censorship realm, the threats are more ominous than ever — not just from totalitarian countries like China or Russia, but from western countries as well — like Canada. Like France. And more broadly, from the European Union itself.

Today we’ve learned that Apple has reportedly surrendered to Chinese officials and has suddenly removed VPN apps from the Chinese users’ version of Apple’s App Store. These apps are crucial not only to the free speech of Chinese users but also in many situations to their physical safety in that dictatorial regime.

In some countries, a single Facebook post deemed to be critical of the local royal or elected despot — or other government officials — can trigger decades-long prison sentences.

And even in the so-called “enlightened” western environs of Canada, France, and the European Union more generally, domestic officials are attempting to impose global censorship over Google search results (via the horrific “Right To Be Forgotten” and other twisted means) — all in an effort to each become censors dictating what everyone else on this planet can see.

Success in such efforts would result in a lowest common denominator rush to the bottom, with politicians and other leaders around the world all attempting to cleanse search results of any materials that they find to be politically or otherwise personally offensive — or even simply inconvenient.

Unfortunately, all of this is very much in keeping with the predictions that I made in that Google talk years ago.

And here’s a new prediction. While Google will valiantly battle these oppressive forces in courts, in the long run the masters of censorship will continue to expand their choking grip on free speech globally, unless more drastic measures are deployed by free speech champions.

Imagine that you own a large store stocked with all manner of merchandise for a wide variety of customers. Now let’s say that you had some customers who insisted that they wanted to continue patronizing your store, but that they personally disapproved of various items that you stocked, and demanded that you remove them — even though those items were still very important to the vast majority of your other customers.

Most likely you’d tell the customers making those demands to either grow up — realize that they are not the only fish in the sea — or to take their business elsewhere. Period.

This is very much the kind of situation that Google and various other large Internet service firms are now facing. Users around the world demand access to the services that these firms provide, but increasingly their own governments are demanding to dictate not only what users in their own countries can access and see, but are also demanding the right to censor other users everywhere on Earth.

Here’s my admittedly drastic proposal to deal with these scenarios: Cut those countries off from the associated services. No more Facebook, no more Google Search or Gmail for them. No more cloud services. And so on.

Let these countries’ leaders deal directly with their citizens who would no longer have access to the global services on which they’ve come to depend for their business and personal communications, entertainment, and much more in their daily lives.

Tough love? You betcha. But this could end up being necessary.

If the would-be global censorship czars can’t behave like decent 21st century adults, with an understanding that they do not have the right to dictate planetary content controls, then let them build their own services in their own countries using their own money — but no longer would they be permitted to leverage our services to dictate terms to the rest of us.

Obviously, given the vast sums of money at stake, taking such a path would be a very difficult decision for these firms. But I would assert that permitting domestic governments veto power over your global services will be absolutely deadly in the long run, and that the time to stamp out this malignancy is now, before it spreads even more and has achieved a veneer of a new, repressive status quo.

In fact, the odds are that serious threats of service cutoffs would likely serve to cause some major rethinking in government circles, well before actual cutoffs would be necessary.

The Chinese “death by a thousand cuts” torture seems applicable here. Given escalating censorship trends, it’s difficult to postulate how to successfully fight this scourge through litigation alone in the long run. Meanwhile, individual censorship orders are likely to expand massively both in scope and number, eating away ever more of global free speech by increasing degrees each and every time.

While continuing to fight this trend in the courts is of course an appropriate primary tactic, I’m ever more convinced that the sorts of drastic actions outlined above — details to be determined — should be under consideration now, so that rapid deployment is possible if current censorship trends continue unabated.

It is indeed extremely unfortunate that we’ve reached the point where actions such as these must even be seriously contemplated, but that’s the reality that we now are facing.

Be seeing you.


Google Introduces “Invisible” Gmail Messages!

Views: 918

A Google “Project Fi” user contacted me on Google+ this afternoon, expressing his extreme displeasure at a Gmail message (please see image below) that he received a week or so ago from that project. His comment: “I’m sure they’re trying to tell me something, but I can’t really read it.”

Not surprisingly, it’s in the dandy new Google low-contrast font style — oh so pretty and oh so useless to anyone with less than perfect vision.

Perhaps he saw my recent post “How Google Risks Court Actions Under the ADA (Americans with Disabilities Act)” — https://lauren.vortex.com/2017/06/26/how-google-risks-court-actions-under-the-ada-americans-with-disabilities-act — in any case he thought that I might be able to help with this overall accessibility issue.

Well, I’m willing to keep writing and talking about this until I’m Google blue, green, yellow, and red in the face — but so far, I’m not having much luck.

I’ll keep on tryin’ though!