Lauren Weinstein's Blog

Greetings. As I’ve noted in posts such as:

The Google Account “Please Help Me!” Flood: https://lauren.vortex.com/2017/09/12/the-google-account-please-help-me-flood

Protecting Your Google Account from Personal Catastrophes:
https://lauren.vortex.com/2017/09/07/protecting-your-google-account-from-personal-catastrophes

and in various other associated missives, I’m nearly constantly being approached for informal assistance by Google users who are having problems accessing their Google accounts. Many are in a panic. Some call me on the phone and are literally crying — their whole lives are pretty much on Google and they’re desperate. Sometimes they find me from articles I’ve written or from radio discussions, in other instances via word of mouth.

I try to help when I can. I can offer direct advice to some of them (especially if they haven’t been “hard” locked out of their accounts through continued “thrashing” around on their part), for others in some situations I’m able to help them reach Google support personnel for their issues.

But I’m just one guy here in L.A. — I don’t scale well to the scope of these problems — nor do I have any official connection with Google these days.

While Google indeed offers various proactive means to protect your Google accounts, the plain truth is that many users don’t use them. In many cases, they’ve never even heard of them — or they don’t understand them.

With so much of so many people’s personal lives now dependent on Google’s great services, loss of access to your account can be devastating, and regaining access — especially if you don’t fully understand what’s going on, can be a frustrating exercise in futility.

I’ve talked in the past about the shortcomings in Google’s account recovery flows and how they affect ordinary users — it’s a very complex area. Let’s leave this aside for the moment.

Let’s instead ask the more fundamental question — how can we help Google users of all sorts — not just relatively young techies — avoid problems with their Google accounts in the first place? Remember, all sorts of persons from all walks of life, including growing numbers of the elderly in a rapidly aging overall population, are very much dependent on Google these days.

The most common ad hoc “solution” to this class of problems is telling someone else — for example a family member or friend — your Google username and password credentials. This is not at all uncommon. But from a security and privacy perspective, it’s awful.

Someone else who has your credentials has total access to your Google account and all related services, at identical privilege levels as yourself across the board. Good security practices strongly suggest that only providing minimum necessary access to third parties is by far the desirable procedure, but in the current context of Google accounts that really isn’t possible — it’s all or nothing.

Still, as an alternative to a user getting confused and losing data or getting locked out of their account (or otherwise disrupting their essential Google services), handing someone else your Google credentials is frequently seen as the only practical course of action.

In fact, there’s a significant number of Google users who have given me their Google credentials for this purpose — for some I also act as their account recovery address and I deal with their 2-factor verifications as well.

I don’t like doing this. Again, it’s awful from a privacy and security standpoint. But I won’t leave these users out in the cold.

To be sure, none of these problems are trivial to solve, especially at Google scale.

There is a better way though, that would be extremely useful for Google to implement — a concept that various other online services should consider using as well.

I propose that Google seriously explore solving this class of problems in a more controlled and structured manner, by creating a formal “Google account delegation” system.

Such a system would permit a user to delegate (that is, share with third parties in a controlled manner) specific permissions and capabilities (either individually and/or in logical groupings) for access to various aspects of the user’s Google account.

This would allow a designated third party to provide the kinds of ongoing assistance that many users desire and require — including but not limited to helping the user avoid errors that could disrupt their account access or usage in various ways — but without the need to share their primary, full Google credentials with those third parties as would be necessary today.

Delegated capabilities and permissions would be revocable by the user at any time.

I won’t in this post get into the details (to which I’ve given quite a bit of thought!) regarding what would be involved in making a concept like this deploy successfully in practice — it involves various layers ranging from upper level account capabilities down through specific Google services permissions. It’s certainly not simple but is wholly within Google’s abilities.

Given the vast numbers of persons who now depend on Google in so many ways, it makes enormous sense that these users should — if they so desire — be able to delegate specific aspects of their Google accounts to trusted individuals who could help them to manage those accounts and related services effectively, and in particular help them to avoid mistakes that can cause extremely upsetting situations such as accidentally deleted data and account lockouts, to name but two common scenarios.

Google account delegation options would be great for Google’s users, for Google itself, and for the broader community.

Google can do this.

–Lauren–

UPDATE: Please see Meltdown and Spectre for important additional information regarding Intel and other affected processors, including AMD and ARM in specific situations.

– – –

Just a very few quick words about a new Intel CPU security problem. You may have heard that a new, serious security bug has been discovered in generations of Intel CPU chips used in most consumer and business computers. I won’t get into the technical details here right now, but it’s a mess. The good news is that fixes will be rolling out in operating system updates (if you have computers that are still getting updates, that is!) — there’s nothing for most users to do themselves to manually deal with this — but these fixes will significantly degrade the performance of affected systems.

Users of computers with AMD CPU chips are (as far as we know currently) not vulnerable to this particular security bug. However, it is possible that some operating system updates to fix the Intel bug will have the side effect of unnecessarily reducing the performance of AMD CPU chips as well, if those patches don’t differentiate between the two different manufacturers. Obviously, AMD is working hard to avoid this situation in the CPU bug fix patches being developed and deployed by various entities to fix the Intel bug.

Intel has released a statement claiming that the same class of exploits can affect other CPU manufacturers. One of my readers wrote to tell me that while the specific issue now being patched does not affect AMD CPU chips, information about the broader exploit class (and other related problems that may involve manufacturers other than Intel) could be going public shortly. I do not have independent confirmation regarding these broader issues at this time.

I’ll say more about this all as additional information becomes available.

–Lauren–

UPDATE: Please see Meltdown and Spectre for important additional information regarding Intel and other affected processors, including AMD and ARM in specific situations.

Given the furor that has erupted in the wake of the latest infantile and dangerous tweet from Donald Trump — yesterday’s already infamous “my nuclear button is bigger than your nuclear button” tweet directed at the leader of the unstable and unpredictable nuclear-armed dictatorship of North Korea, I would assert that a Twitter thought experiment is in order.

We’ll draft a figure from history — Adolf Hitler (you remember him, right?) — to complete our tyrant triad along with Donald Trump and Kim Jong-un. We’ll be talking about the actual Adolf himself here, so “Godwin’s law” prohibitions against inappropriate Hitler analogies will not apply.

OK, boys and girls, let’s begin the thought experiment.

The Big Question that comes up after so many of Trump’s tweets is why do so many Twitter users posting far less provocative content have their Twitter accounts temporarily or permanently disabled or terminated, while an individual literally threatening nuclear war — about as provocative as you can get — continues to tweet with impunity?

Twitter’s legal and policy teams have a ready answer — they point to clauses in their terms of service that provide exceptions for “newsworthy” tweets.  They also exempt public office holders elected through “democratic elections.”

Interestingly, tweets from Donald Trump would seem to conveniently fall into both of these policy buckets. Ironically, so would tweets from Adolf Hitler.

One certainly couldn’t argue that Hitler’s tweets wouldn’t have been newsworthy. And yes, Hitler was democratically elected. While he was appointed chancellor of Germany in January 1933 by President Hindenburg, he was elected to the presidency in a plebiscite vote in 1934 after Hindenburg died.

Bottom line: By Twitter, Inc. standards, anything Hitler might have tweeted would be golden.

Yet we know what’s really going on with these Twitter terms of service standards — it’s all about “engagements” — likes and reshares — and the income to Twitter that results. Twitter is terrified of cutting off those income streams by upsetting large chunks of Twitter users (such as Trump’s base of racist and antisemitic followers).

The fact that Twitter is putting money ahead of ethics and public safety shouldn’t surprise us — they’re on firm historical footing.

During the rise of the Third Reich, entire major firms — like IBM — knowingly provided resources to accelerate National Socialism’s Nazi evils, as did entire countries, like Switzerland.

So the next time that Twitter gets asked about their terms of service in the context of Trump, perhaps they might want to point to Adolf and Friends as an explanatory precedent.

I suspect though that Hitler’s Twitter feed would have looked a lot different than Trump’s. For one thing, Adolf was far more intelligent and mature than Trump overall, and I’ll bet that the lion’s share of Hitler’s Twitter posts would have typically been relatively adult and subtle compared against Trump’s third grade rants (no offense meant to third-graders).

So I doubt very much that we’d have seen tweeted photos of Jews, gypsies, and others being stuffed into boxcars on the way to the death camps, nor images of his victims in the millions piled into ditches or burning in crematoriums.

More likely, we’d have seen carefully worded tweets on political issues and lots of animal photos — Hitler was indeed a dog lover and many shots of Adolf and his dogs still exist today.

It would have been an interesting Twitter feed. I might have followed it myself.

Of course this would have belied the truth of what was actually going on, as the world was well aware — and largely attempted to ignore — as the Reich rose to power and implemented its murderous policies.

By any logical analysis, the decision to remove Trump from Twitter should be far easier for Twitter than it would have been for dealing with @realAdolfHitler (by the way, a Twitter account with that handle has existed since 2009, but has never tweeted to date).

After all, while Hitler was smart enough to be fairly constrained in his public statements when he felt that this served his own purposes, Trump’s continuing Twitter streams of deranged nuclear threats and sociopathic, senile ramblings are front and center on Twitter — and Twitter is making a mint from them.

It has been argued that letting Trump rant on Twitter will be his ultimate downfall — creating all manner of potential legal problems for him in the future.  Perhaps so.

However, I draw the line when it comes to threats of nuclear war and the potential deaths of millions or billions of people.

It’s time for Twitter to call a halt to this madness. They are not merely bystanders in this nightmare, they are active participants, enablers, and unethical beneficiaries.

Twitter, it’s time for you to do the right thing and dump Trump.

By doing so, you might even save the world.

–Lauren–

I continue to be an enormous fan of Google Home — for example, please see my post “Why Google Home Will Change the World” —https://lauren.vortex.com/2016/11/10/why-google-home-will-change-the-world — from a bit over a year ago.

But as time goes on, it’s becoming obvious that a design decision by Google in the Home ecosystem is seriously disadvantaging large numbers of potential users — ironically, the very users who might otherwise most benefit from Home’s enormous capabilities.

You cannot install or routinely maintain Google Home units without a smartphone and the Google Home smartphone app. There are no practical desktop based and/or remotely accessible means for someone to even do this for you. A smartphone on the same local Wi-Fi network as the device is always required for these purposes.

This means that many elderly persons and individuals with physical or visual disabilities — exactly the people whose lives could be greatly enhanced by Home’s advanced voice query, response, and control capabilities — are up the creek unless they have someone available in their physical presence to set up the device and make any ongoing configuration changes. Additionally, all of the “get more info” links related to Google Home responses are also restricted to the smartphone Home app.

I can see how imposing these restrictions made things faster and easier for Google to bring Home to market. For example, by requiring a smartphone for initial Wi-Fi configuration of Home, they avoided building desktop interfaces for this purpose, and leveraged smartphones’ already configured Wi-Fi environments.

But that’s not a valid excuse. You might be surprised how many people routinely use the Internet but who do not have smartphones, or who have never used text messaging on conventional cell phones — or hell, who don’t even have cell phones at all!

Now, one could argue that perhaps this wouldn’t matter so much if we were talking about an app to find rave parties or the best surfing locations. But the voice control, query, and response capabilities of Home are otherwise perfectly suited to greatly improve the lives of the very categories of users who are shut out from Home, unless they have someone with a smartphone in their physical presence to get the devices going and perform ongoing routine configuration changes and other non-voice interactions. 

In fact, many persons have queried me with great excitement about Home, only to be terribly disappointed to learn that smartphones were required and that they were being left behind by Google, yet again.

I have in the past asked the question “Does Google Hate Old People” — https://lauren.vortex.com/2017/02/06/does-google-hate-old-people — and I’m not going to rehash that discussion here.  Perhaps Google already has plans in the works to provide non-smartphone access for these key Home functionalities — if so I haven’t heard about them, but it’s clearly technically possible to do.

I find it distressing that this all seems to follow Google’s pattern of concentrating on their target demographics at the expense of large (and in many cases rapidly growing) categories of users who get left further and further behind as a result.

This is always sad — and unnecessary — but particularly so with Home, given that the voice-operated Home ecosystem would otherwise seem tailor-made to help these persons in so many ways. 

And at the risk of being repetitious, since I’ve been making the same statement quite a bit lately: Google is a great company. Google can do better than this.

–Lauren–

Sometimes Facebook’s manipulative tendencies are kept fairly well below the radar. But in some cases, their twisted sensibilities are so blatant that even their own public explanations immediately ring incredibly hollow.

Such is the case with their response yesterday to a ProPublica report accusing their advertising systems of enabling explicit (and in the opinion of many experts, illegal) age discrimination by advertisers seeking employees.

This one is as obvious as Bozo’s bright red nose. Facebook permits advertisers to target employment ads to specific age groups. Facebook users who are not in the designated groups would typically have no way to know that the ads existed at all!

Facebook’s attempted explanation is pathetic:

“US law forbids discrimination in employment based on age, race, gender and other legally protected characteristics. That said, simply showing certain job ads to different age groups on services like Facebook or Google may not in itself be discriminatory — just as it can be OK to run employment ads in magazines and on TV shows targeted at younger or older people.”

The evil duplicity in this statement hits you right in the face. Sure, advertisers run ads on TV shows and in magazines that are oriented toward certain age groups. But there’s nothing stopping adults of other ages from reading those magazines or watching those shows if they choose to do so — and seeing those ads.

By contrast, in Facebook’s tightly controlled, identity-focused ecosystem, the odds are practically nil that you’ll even realize that particular ads exist if you don’t fall into the targeted range. The old saying holds: “You can’t know what you don’t know.”  Facebook’s comparison with traditional media is false and ridiculous. 

ProPublica notes that other large Web services, including Google and others, permit ad targeting by age.  But unlike Google — where many services can be used without logging in and pseudonyms can be easily created — Facebook is almost entirely a walled garden — logins and your true identity are required under their terms of service to do pretty much anything on their platform.

Given Facebook’s dominance in this context, it’s easy to see why their response to these ad discrimination complaints is being met with such ridicule. 

It’s clear that this kind of Facebook age-based ad targeting by advertisers is an attempt to avoid the negative publicity and legal ramifications of explicitly stating the ages of their desired applicants. They hope to accomplish the same results by preventing anyone of the “wrong” ages from even seeing the ads — and the excuses from these advertisers denying this charge are nothing but sour grapes at their schemes (empowered by Facebook) being called out publicly.

Preventing adult users of any age from seeing employment ads is unethical and just plain wrong. If it’s not illegal, it should be.

And that’s the truth.

–Lauren–

This evening, a reader of my blog post from earlier this year (“YouTube’s Dangerous and Sickening Cesspool of ‘Prank’ and ‘Dare’ Videos” – https://lauren.vortex.com/2017/05/04/youtubes-dangerous-and-sickening-cesspool-of-prank-and-dare-videos), asked if I knew about YouTube’s “laxative” prank and dare videos. Mercifully, I didn’t know about them. Unfortunately, now I do. And while it’s all too easy to plow the fields of toilet humor when it comes to topics like this, it’s really not at all a funny subject.

In fact, it can be deadly.

Some months back I had heard about a boy who — on a dare — ate 25 laxative brownies in one hour. The result was near total heart and kidney failure. He survived, but just barely.

What I didn’t realize until today is that this was far from an isolated incident, and that there is a stunningly vast corpus of YouTube videos explicitly encouraging such dares — and even worse, subjecting innocent victims to “pranks” along very much the same lines.

Once I began to look into this category, I was shocked by its sheer scope.  For example, a YouTube search for:

laxative prank

currently yields me 132,000 results. Of those, over 2,000 were uploaded in the last month, over 300 in the last week, and 10 just today!

As usual, it’s difficult to know what percentage of these are fakes and which are real. But this really matters not, because virtually all of them have the effect of encouraging impressionable viewers into duplicating their disgusting and dangerous feats.

Many of these YouTube videos are very professionally and slickly produced, and often are on YouTube channels with very high subscriber counts. It also appears common for these channels to specialize in producing a virtually endless array of other similar videos in an obvious effort to generate a continuing income stream — which of course is shared with Google itself.

Is there any possible ethical justification for these videos being hosted by Google, and in many cases also being directly monetized?

No, there is not.

And this is but the tip of the iceberg.

YouTube is saturated with an enormous range of similarly disgusting and often dangerous rot, and the fact that Google continues to host this material provides a key continuing incentive for ever larger quantities of such content to be produced, making Google directly culpable in its spread.

I spent enough time consulting internally with Google to realize that there are indeed many situations where making value judgments regarding YouTube content can be extremely difficult, to say the least.

But many of these prank and dare videos aren’t close calls at all — they are outright dangerous and yes, potentially deadly. And as we’ve seen they are typically extremely easy to find.

The longer that these categories are permitted to fester on YouTube, the greater the risks to Google of ham-fisted government regulatory actions that frankly are likely to do more harm than good.

Google can do so much better than this.

–Lauren–

UPDATE (January 25, 2018): This feature is now available in the standard, stable, non-beta version of Chrome!

– – –

Tired of sites that blare obnoxious audio at you from autoplay ads or other videos, often from background tabs, sometimes starting long after you’ve moved other tabs to the foreground? Aren’t these among the most disgustingly annoying of sites? Want to put them in their place at last?

Of course you do.

And as promised by Google some months ago, the new Chrome browser beta — I’m using “Version 64.0.3282.24 (Official Build) beta (64-bit)” on Ubuntu Linux — provides the means to achieve this laudable goal.

There are a number of ways to use this truly delightful new feature.

If you right click on the address bar padlock (or for unencrypted pages, usually an “i” icon), you may see a sound “enable/disable” link on the settings tab that appears, or you may need to click on “site settings” from that tab. In the former case, you can choose “allow” or “block” directly, in the latter case, you can do this from the “sound” entry on the full site settings page that appears.

There’s an easier way, too. Right click on the offensive site’s tab. You can choose “Mute site” or “Unmute site” from there. 

These mute selections are “sticky” — they will persist between invocations of the browser — exactly the behavior that we want.

You can also manually enter a list of sites to mute (and delete existing selections) at the internal address: 

chrome://settings/content/sound

And as a special bonus, considering enabling the longstanding “Tab audio muting UI control” experiment in Chrome on the page at the internal address:

chrome://flags

This lets you mute or unmute a specific tab by clicking on the tab “speaker” icon, without changing the underlying site mute status — perfect if you want to hear the audio for a specific video at a site that you normally want to keep firmly gagged. 

I have long been agitating for a site mute feature in Chrome — my great thanks to the Chrome team for this excellent implementation!

In due course we can expect this new capability to find its way from Chrome beta to stable, but for now if you’re running the latest beta version, you should be able to starting enjoying this right now.

You’re going to love it.

–Lauren–

Last month, in “Google’s Extremely Shortsighted and Bizarre New Restrictions on Accessibility Services”  —https://lauren.vortex.com/2017/11/13/googles-extremely-shortsighted-and-bizarre-new-restrictions-on-accessibility-services — I was highly critical of Google’s move to restrict Android app accessibility services only to apps that were specifically helping disabled persons. 

Google’s actions were assumed to be aimed at preventing security problems that can result when these accessibility services are abused — but these services also implement critical functionalities to other well-behaved apps that cannot currently be provided to most Android users without the use of those services.

My summary statement in that post regarding this issue was:

“The determining factor shouldn’t be whether or not an app is using an accessibility service function within the specific definition of helping a particular class of users, but rather whether or not the app is behaving in an honest and trustworthy manner when it uses those functions.”

I’m pleased to report that Google is apparently now in the process of reevaluating their entire stance on this important matter. Developers have received a note from Google announcing that they are “pausing” their decision, and including this text:

“If you believe your app uses the Accessibility API for a responsible, innovative purpose that isn’t related to accessibility, please respond to this email and tell us more about how your app benefits users. This kind of feedback may be helpful to us as we complete our evaluation of accessibility services.”

Bingo. This is exactly the approach that Google should be taking to this situation, and I’m very glad to see that the negative public reactions to their earlier announcement have been taken to heart.

We’ll have to wait and see what Google’s final determinations are regarding this area, but my thanks to the Google teams involved for giving the feedback the serious consideration that it deserves.

–Lauren–

One of the most frequent questions that I receive these days relates to the privacy of “smart speaker” devices such as Google Home, Amazon Echo, and other similar devices appearing from other firms. 

As these devices proliferate around us — driven by broad music libraries, powerful AI assistants, and a rapidly growing pantheon of additional capabilities — should we have privacy concerns?

Or more succinctly, should we worry about these “always on” microphones being subverted into 24/7 bugging devices?

The short and quick answer is yes. We do need to be concerned.

The full and more complete answer is decidedly more complicated and nuanced.

The foundational truth is fairly obvious — if you have microphones around, whether they’re in phones, voice-controlled televisions, webcams, or the rising category of smart speaker devices, the potential for bugging exists, with an obvious focus on Internet-connected devices.

Indeed, many years ago I began writing about the risks of cellphones being used as bugs, quite some time before it became known that law enforcement was using such techniques, and well before smartphone apps made some forms of cellphone bugging trivially simple.

And while I’m an enthusiastic user of Google Home devices (I try to avoid participating in the Amazon ecosystem in any way) the potential privacy issues with smart speakers have always been present — and how we deal with them going forward is crucial.

For more background, please see:

“Why Google Home Will Change the World” –https://lauren.vortex.com/2016/11/10/why-google-home-will-change-the-world

Since I’m most familiar with Google’s devices in this context, I will be using them for my discussion here, but the same sorts of issues apply to all microphone-enabled smart speaker products regardless of manufacturer.

There are essentially two categories of privacy concerns in this context.

The first is “accidental” bugging. That is, unintended collection of voice data, due to hardware and/or firmware errors or defects.

An example of this occurred with the recent release of Google’s Home Mini device. Some early units could potentially send a continuous stream of audio data to Google, rather than the intended behavior of only sending audio after the “hot word” phrase was detected locally on the unit (e.g. “Hey Google”).  The cause related to an infrequently used manual switch on the Mini, which Google quickly disabled with a firmware update.

Importantly, the Mini gave “clues” that something was wrong. The activity lights reportedly stayed on — indicating voice data being processed — and the recorded data showed up in user “My Activity” for users’ inspection (and/or deletion). For more regarding Google’s excellent My Activity system, please see:

“The Google Page That Google Haters Don’t Want You to Know About” –  https://lauren.vortex.com/2017/04/20/the-google-page-that-google-haters-dont-want-you-to-know-about

Cognizant of the privacy sensitivities surrounding microphones, smart speaker firms have taken proactive steps to try avoid problems. As I noted above, the normal model is to only send audio data to the cloud for processing after hearing the “hot word” phrase locally on the device. 

Also, these devices typically include a button or switch that users can employ to manually disable the microphones.

I’ll note here that Google lately took a step backwards in this specific respect. Until recently, you could mute the microphone by voice command, e.g., “OK Google, mute the microphone.” But now Google has disabled this voice command, with the devices replying that you must use the switch or button to disable the mic.

This is not a pro-privacy move. While I can understand Google wanting to avoid unintended microphone muting that would then require users to manually operate the control on the device to re-enable the mic, there are many situations where you need to quickly disable the mic (e.g. during phone calls, television programs, or other situations where Google Home is being discussed) to avoid false triggering when the hotword phrase happens to be mentioned. 

The correct way of dealing with this situation would be to make voice-operated microphone muting capability an option in the Google Home app. It can default to off, but users who prefer the ability to quickly mute the microphone by voice should be able to enable such an option.

So far we’ve been talking about accidental bugging. What about “purposeful” bugging?

Now it really starts to get complicated. 

My explicit assumption is that the major firms producing these devices and their supporting infrastructures would never willingly engage in purposeful bugging of their own accord. 

Unfortunately, in today’s world, that’s only one aspect of the equation.

Could these categories of devices (from any manufacturers) be hacked into being full-time bugs by third-parties unaffiliated with these firms? We have to assume that the answer in theory (and based on some early evidence) is yes, but we can also assume that these firms have made this possibility as unlikely as possible, and will continually work to make such attacks impractical.

Sad to say, of much more looming concern is governments going to these firms and ordering/threatening them into pushing special firmware to targeted devices (or perhaps to devices en masse) to enable bugging capabilities. In an age where an admitted racist, Nazi-sympathizing, criminal serial sexual predator resides in the White House and controls the USA law enforcement and intelligence agencies, we can’t take any possibilities off of the table. Google for one has a long and admirable history of resisting government attempts at overreach, but — as just one example — we don’t know how far the vile, lying creature in the Oval Office would be willing to go to achieve his evil ends.

Further complicating this analysis is a lack of basic public information about the hardware/firmware structure of these devices.

For example, is it possible in Google Home devices for firmware to be installed that would enable audio monitoring without blinking those activity lights? Could firmware changes keep the microphone active even if the manual disable button or switch has been triggered by the user, causing the device mic to appear disabled when it was really still enabled?

These are largely specific hardware/firmware design questions, and so far my attempts to obtain information about these aspects from Google have been unsuccessful.

If you were hoping for a brilliant, clear-cut, “This will solve all of these problems!” recommendation here, I’m afraid that I must disappoint you.

Beyond the obvious suggestion that the hardware of these devices should be designed so that “invisible bugging” potentials are minimized, and the even more obvious (but not very practical) suggestion of unplugging the units if and when you’re concerned (’cause let’s face it, the whole point is for them to be on the ready when you need them!), I don’t have any magic wand solutions to offer here. 

Ultimately, all of us — firms like Google and Amazon, their users, and the community at large — need to figure out where to draw the lines to achieve a reasonable balance between the vast positive potential of these devices and the very real potential risks that come with them as well.

Nobody said that this stuff was going to be easy. 

Be seeing you.

–Lauren–

You’ve probably heard that there’s an escalating “YouTube War” between Amazon and Google, that has now led to Google cutting of users of Amazon’s Fire and Echo Show products from YouTube, leaving legions of confused and upset users in the wake.

I’m no fan of Amazon. I intensely dislike their predatory business practices and the way that they treat many of their workers. I studiously avoid buying from Amazon.

Google has a number of completely legitimate grievances with Amazon. The latter has refused to carry key Google products that compete with Amazon products, while still designing those Amazon devices to access Google services like YouTube. Amazon has also played fast and loose with the YouTube Terms of Service in a number of ways.

I can understand Google finally getting fed up with this kind of Amazon behavior. Google is absolutely right to be upset.

However, Google is wrong in the approach that they’ve taken to deal with these issues, and this may do them considerable ongoing damage, even long after the current dispute is settled.

Cutting those Amazon device users off from YouTube with essentially a “go access YouTube some other way” message is not buying any good will from those users — exactly the opposite, in fact.

These users aren’t concerned about Google’s marketing issues, they just want to see the programming that they bought their devices to access — and YouTube is a major part of that.

As the firm that’s cutting off these users from YouTube, it’s Google that will take the brunt of user anger, and the situation unnecessarily sows distrust about Google’s behavior in the future. This can impact users’ overall feelings about Google in negative ways that go far beyond YouTube.

Worse, this kind of situation is providing long-term ammunition to Google haters who are looking for any excuses to try bring antitrust or other unwarranted regulatory focus onto Google itself.

Essentially, Amazon laid a trap for Google in this instance, and Google walked right into it.

There is a much better approach available to Google for dealing with this.

Rather than cutting off those Amazon device users, permit them to continue accessing YouTube, but only after presentation of a brief interstitial very succinctly explaining Google’s grievances with Amazon. Rather than making enemies of those users, bring them around to an understanding of Google’s point of view.

But above all, don’t punish those Amazon users by cutting them off from YouTube as you’re doing now.

Your righteous battle is with Amazon. But those Amazon device users should be treated as your allies in this war, not as your enemies!

And that’s the truth.

–Lauren–

Regular readers of my missives have probably grown tired of my continuing series of posts relating to my concerns regarding particular categories of videos that have increasingly contaminated Google’s YouTube platform.

Very briefly: I’m one of YouTube’s biggest fans. I consider YT to be a wonder of the world, both technologically and in terms of vast swathes of its amazing entertainment and educational content. I would be horrified to see YouTube disappear from the face of the planet.

That said, you know that I’ve been expressing increasing concerns regarding extremist and other hate speech, child exploitation, and dangerous prank/dare videos that increasingly proliferate and persist on YouTube, often heavily monetized with ads.

I have never ascribed evil motives to Google in these regards. YouTube needs to bring in revenue both for its own operations and to pay creators — and the absolute scale of YouTube is almost unimaginably enormous.

At Google’s kind of scale, it’s completely understandable that Google has a strong institutional bias toward automated, algorithmic systems to deal with content of all sorts.

However, I have long argued that the changing shape of the Internet requires more humans to “ride herd” on those algorithms, to fill in the gaps where algorithms tend to slump, and to provide critical sanity checking. This is of course an expensive proposition, but my view has been that Google has the resources to do this, given the will to do so.

I’m pleased to report that Google/YouTube has announced major moves in exactly these sorts of directions that I have long recommended:

https://youtube.googleblog.com/2017/12/expanding-our-work-against-abuse-of-our.html

YouTube will hire *human* video reviewers to a total of over 10K in 2018, will expand  liaisons with outside expert groups and individuals, and will tighten advertising parameters (including more human curation), among other very positive steps.

At YouTube scale, successful execution of these plans will be anything but trivial, but as I’ve said about various issues, Google *can* do this!

My thanks to the YouTube teams, and especially to YouTube CEO Susan Wojcicki, for these very welcome moves that should help to assure a great future both for YouTube and its many users!

–Lauren–

You may recall that back early this year I expressed concerns that direct, obvious access to SSL encryption security certificate information had been removed from Google’s Chrome browser:

“Here’s Where Google Hid the SSL Certificate Information That You May Need” – https://lauren.vortex.com/2017/01/28/heres-where-google-hid-the-ssl-certificate-information-you-may-need

As I noted then, there are frequent situations where it’s extremely useful to inspect the SSL certificate info, because the use of SSL (https: — that is, the mere presence of a “green padlock” on a connection) indicates that the connection is encrypted, but that’s all. The padlock alone does not render any sort of judgment regarding the authenticity or legitimacy of the site itself — but the details in an SSL cert can often provide useful insight into these sorts of aspects.

After the change to Chrome that I reported last January, it was not longer possible to easily obtain the certificate data by simply doing the obvious thing — clicking the green padlock and then an additional click to see the cert details. It was still possible to access that data, but doing so required manipulation of the browser “developers tools” panels which are (understandably) not obvious to most users.

I’m pleased to report that easy access to the SSL cert data via the green padlock icon is returning to Chrome. It is already present in the Linux beta version that I run, and would be expected to reach Chrome’s stable versions on all platforms in due course. 

With this feature in place, you simply click the green padlock icon and then click the obvious “Valid” link under the “Certificate” section at the top. The SSL cert data opens right up for quick and direct inspection. The version of Chrome that you’re running currently may not have this feature implemented quite yet, but it’s on the way.

My thanks to the Chrome team!

–Lauren–

I’ve been receiving many queries as to why this blog and my lists have been so quiet lately. I would have preferred to say nothing about this, but I don’t want anyone concerned that they’ve been dropped off a list or are otherwise being subjected to technical issues. The lists are OK, the servers are running for now, and there’s nothing associated amiss at your end.

The executive summary of what’s going on is that I’m not well — I’ll spare you the details — and it’s unclear what I can do about it, given the dismal, insane state of health insurance in this country, especially for persons like me who have to deal with the collapsed individual medical insurance market (that is, who don’t have an employer, and so don’t have employer provided medical insurance).

The GOP and Satan’s Sociopath in the Oval Office are working deliberately to destroy health insurance and ruin lives for the sake of enriching their uber-wealthy, vile brethren. But even without those deliberate efforts at sabotage, the healthcare system itself has already utterly collapsed for vast numbers of people without steady incomes and who are too young or don’t qualify for Medicare — which the GOP is also working to decimate. The holes in Obamacare/ACA are big enough to toss the moon through, creating horrific “Catch-22” nightmares for persons with very low income levels and who cannot reasonably see into the future to predict their next year’s income.

The upshot of all this is that I simply cannot physically keep up under these conditions, and these public venues will be very quiet until such a time, if ever, that the overall situation changes. Sorry about that, Chief.

Since I was sending this item out anyway, I wanted to mention one rather crazy tech story going around currently. Obviously there’s been any number of technology issues recently about which I’d ordinarily have said something — most of them depressing as usual.

But there’s one in the news now about Google that is just so stupid that it can make your head explode, a “Google is secretly tracking your phone” scare piece. 

And as usual, Google isn’t addressing it in ways that ordinary people can understand, so it’s continuing to spread, the haters are latching on, and folks have started calling me asking about it in panic. 

Sometimes I think that Google must have a sort of suicide complex, given the way that they watch again and again how these sorts of stories get out of control without Google providing explanations beyond quotes to the trade press. Newsflash! Most ordinary non-techies don’t read the trade press!

Yeah, I know, Google just hopes that by saying as little as possible that the stories will fade away. But it’s like picking up comic strips with Silly Putty (anyone else remember doing that?) — you can keep folding the images inward but eventually the entire mass of putty is a dark mass of ink.

You’d think that with so many opportunistic regulatory and political knives out to attack Google these days, Google would want to speak to these issues clearly in language that ordinary folks could understand, so that these persons aren’t continuously co-opted by the lies of Google haters. I’ve done what I could to explain these issues in writing and on radio, but as I’ve said before this should be Google’s job — providing authoritative and plain language explanations for these issues. It’s not something that Google should be relying on outsiders to do for them willy-nilly.

The latest story is a lot of ranting and gnashing of teeth over the fact that Android phones have apparently been sending mobile phone network cell IDs to Google. Not that Google did anything with them — they’ve been tossing them and are making changes so that they don’t get sent at all. The complaint seems to be that these were sent even if users opt-ed out of Google’s location services. 

But the whole point is that the cell IDs had nothing to do with Google location geo services, but are related to the basic network infrastructures required to get notifications to the phones. It’s basically the same situation as standard mobile text messages — you need to know where the phone is connected to the network at the moment to effectively contact the phone to send the user a text message or other notifications, or even an ordinary phone call!

In a response apparently aimed at the trade press, Google talked about MCC and MNC codes and related tech lingo that all mean pretty much NOTHING to most people who are hearing this “tracking” story. 

Let me put this into plain English.

If your cell phone is turned on, the cellular networks know where you are — usually to a good degree of accuracy these days even without GPS. That’s how they work. That’s how you receive calls and text messages. It’s a core functionality that has nothing to do with Google per se.

You know all those news stories you see about crooks who get caught through tracking of their cell phones via location info that authorities get from the cellular carriers? 

Have you ever thought to yourself, “Why don’t those morons just turn off their phones when they don’t want to be tracked?”

It’s not Google that you need to be worried about. They have powerful protections for user data, and are extremely, exceptionally strict about when authorities can obtain any of it. On the other hand, the cellular carriers have traditionally been glad to hand over largely any user data that authorities might request for virtually any reason, often on a “nod and a wink” basis. You want something to worry about? Don’t worry about Google, worry about those cellular carriers.

Nor do you need to be a crook to turn off your phone when you don’t even want the carriers to know where you are. You want to use local apps? Fine, instead of turning the phone off, disable the phone’s radios by activating the “Airplane Mode” that all smartphones have available. 

This is all of the writing that I can manage right now and will probably be all that I have to say here for an indeterminate period. I can’t guarantee timely or even any responses to queries, but I’ll try to keep this machinery running the best that I can under the circumstances.

The best to you and yours for the holiday weekend and for the entire holiday season.

Please take care.

–Lauren–

I am not an optimistic person by nature. I’ve tended — pretty much through my entire life — to always be wary of how things could go wrong. In some ways, I’ve found this to be a useful skill — when writing code it’s important to cover the range of possible outcomes and error states, and properly provide for their handling in a program or app.

Then again, I’ve never been much fun at parties. When I went to parties. Which has been very infrequently.

Mostly, I’ve spent my adult life in front of computer screens of all sorts (and before that, various forms of teletypes, other teleprinters, and even the occasional 029 keypunch machine).

I started writing publicly in the early 70s at the Internet’s ancestor ARPANET site #1 at UCLA, often on the very early mailing lists like Human-Nets, MsgGroup, or SF-Lovers (yes, and Network-Hackers, too). I even monitored the notorious Wine-Tasters list — though not being much of a drinker I uncharacteristically didn’t have much to say there.

Back then there were no domains, so originally I was LAUREN@UCLA-ATS (the first host on ARPANET) and later LAUREN@UCLA-SECURITY as well.

Much of my writing from those days is still online or has been brought back online. Looking it over now, I find that while there are minor points I might change today, overall I’m still willing to stand by everything I’ve written, even from that distant past.

My pessimism was already coming through in some of those early texts. While many in the ARPANET community were convinced that The Network would bring about the demise of nationalities and the grand rising up of a borderless global world of peace and tranquility, I worried that once governments and politicians really started paying attention to what we were doing, they’d find ways to warp it to their own personal and political advantages, perhaps using our technology for new forms of mass censorship.

And I feared that if the kind of networking tech we had created ever found its way into the broader world, evil would ultimately be more effective at leveraging its power than good would be.

Years and decades went by, as I stared at a seemingly endless array of screens and no doubt typed millions of words.

So we come to today, and I’m still sitting here in L.A. — the city where I’ve always lived — and I see how the Internet has been fundamentally broken by evil forces only some of which I foresaw years ago.

Our wonderful technology has been hijacked by liars, Nazis, pedophiles and other sexual abusing politicians, and an array of other despicable persons who could only gladden the hearts of civilization’s worst tyrants.

Our work has been turned into tools for mass spying, mass censorship, political oppression, and the spreading of hateful lies and propaganda without end.

I have never claimed to be evenhanded or dispassionate when it came to my contributions to — and observations of — the Internet and its impact on the world at large.

Indeed the Net is a wonder of civilization, on par with the great inventions like the wheel, like the printing press, like penicillin. But much as nuclear fission can be used to kill cancer or decimate cities, the Internet has proven to be a quintessential tool that can be used for both good and evil, for glories of education and communications and the availability of information, but also for the depths of theft and extortion and hate.

The dark side seems to be winning out, so I won’t pull any punches here. 

I have enormous respect for Google. I have pretty much nothing but disdain for Facebook. My feelings about Twitter are somewhere in between. It’s difficult these days to feel much emotion at all about Microsoft one way or another.

None of these firms — or the other large Internet companies — are all good or all bad. But it doesn’t take rocket science (or computer science for that matter) to perceive how Google is about making honest information available, Facebook is about controlling information and exploiting users, and Twitter doesn’t seem to really care anymore one way or another, so  long as they can keep their wheels turning.

This is obviously something of an oversimplification. Perhaps you disagree with me — sometimes, now, or always — and of course that’s OK too.

But I do want you to know that I’ve always strived to offer my honest views, and to never arbitrarily nor irrationally take sides on an issue. If the result has been that at one time or another pretty much everyone has disagreed with something I’ve said — so be it. I make no apologies for the opinions that I’ve expressed, and I’ve expected no apologies in return.

In the scheme of things, the Internet is still a child, with a lifetime to date even shorter than that of we frail individual human animals. 

The future will with time reveal whether our work in this sphere is seen as a blessing or curse — or most likely as some complex brew of both — by generations yet to come. Some of you will see that future for yourselves, many of us will not.

Such is the way of the world — not only when it comes to technology, but in terms of virtually all human endeavors.

Take care, all.

–Lauren–

I’m already getting comments — including from Buddhists — suggesting that Google Maps’ new iconography tagging Buddhist temples with the ancient symbol that is perceived by most people today as a Nazi swastika is problematic at best, and is likely to be widely misinterpreted. I agree. I’m wondering if Google consulted with the Buddhist community before making this choice. If not, now is definitely the time to do so.

–Lauren–

UPDATE (November 16, 2017): Google tells me that they are restricting use of this symbol to areas like Japan “where it is understood” and are using a different symbol for localization in most other areas. I follow this reasoning, but it’s unclear that it avoids the problems with such a widely misunderstood symbol. For example, I’ve received concerns about this from Buddhists in Japan, who fear that the symbol will be “latched onto” by haters in other areas. And indeed, I’ve already been informed of “Nazi Japan” posts from the alt-right that cite this symbol. The underlying question is whether or not such a “hot button” symbol can really be restricted by localization into not being misunderstood in other areas and causing associated problems. That’s a call for Google to make, of course.

UPDATE (December 8, 2017): Google Wisely Pauses Move to Impose Accessibility Restrictions

UPDATE (November 17, 2017): Thanks Google for working with LastPass on this issue! – Google details Autofill plans in Oreo as LastPass gets reprieve from accessibility removals

 – – –

My inbox has been filling today with questions regarding Google’s new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with “disabilities” (a term not defined by Google in the warning).

Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided.

My assumption is that Google wants to try limit the use of accessibility functions on the theory that some of them might represent security risks of one sort or another in specific situations. 

If that’s actually the case — and we can have that discussion separately — then of course Google should disable those functions entirely — for all apps. After all, “preferentially” exposing disabled persons to security risks doesn’t make any sense.

But more to the point, these accessibility functions are frequently employed by widely used and completely legitimate apps that use these functionalities to provide key features that are not otherwise available under various versions of Android still in widespread deployment.

Google’s approach to this situation just doesn’t make sense. 

Let’s be logical about this.

If accessibility functions are too dangerous from security or other standpoints to potentially be used in all legitimate apps — including going beyond helping disabled persons per se — then they should not be permitted in any apps.

Conversely, if accessibility functions are safe enough to use for helping disabled persons using apps, then they should be safe enough to be used in any legitimate apps for any honest purposes.

The determining factor shouldn’t be whether or not an app is using an accessibility service function within the specific definition of helping a particular class of users, but rather whether or not the app is behaving in an honest and trustworthy manner when it uses those functions.

If a well-behaved app needs to use an accessibility service to provide an important function that doesn’t directly help disabled users, so what? There’s nothing magical about the term accessibility.

Apps functioning honestly that provide useful features should be encouraged. Bad apps should be blown out of the Google Play Store. It’s that simple, and Google is unnecessarily muddying up this distinction with their new restrictions.

I encourage Google to rethink their stance on this issue.

–Lauren–

Traditionally, one of the aspects of T-Mobile that subscribers have really liked is how quickly and easily they could pay their bills online. A few seconds was usually all that was needed, and it could always be done in a security-positive manner.

No more. T-Mobile has now taken their online payment system over to the dark side, using several well-known methods to try trick subscribers into taking actions that they probably don’t really want to take in most instances.

First, their fancy new JavaScript payment window completely breaks the Chrome browser autofill functions for providing credit card data securely. All credit card data must now be entered manually on that T-Mobile payment page.

One assumes that T-Mobile site designers are smart enough to test such major changes against the major browsers, so perhaps they’re doing this deliberately. But why?

There are clues.

For example, they’ve pre-checked the box for “saving this payment method.” That’s always a terrible policy — many users explicitly avoid saving payment data on individual sites subject to individual security lapses, and prefer to save that data securely in their browsers to be entered onto sites via autofill.

But if a firm’s goal is to encourage people to accept a default of saving a payment method on the site, breaking autofill is one way to do it, since filling out all of the credit card data every time is indeed a hassle.

There’s more. After you make your payment, T-Mobile now pushes you very hard to make it a recurring autopay payment from that payment method. The “accept” box is big and bright. The option to decline is small and lonely. Yeah, they really want you to turn on autopay, even if it means tricking you into doing it.

Wait! There’s still more! If you don’t have autopay turned on, T-mobile shows an alert, warning you that a line has been “suspended” from autopay and urging you to click and turn it back on. They say this irrespective of the fact that you never had autopay turned on for that line in the first place.

No, T-Mobile hasn’t broken any laws with any of this. But it’s all scammy at best and really the sort of behavior we’d expect from AT&T or Verizon, not from T-Mobile.

And that’s the truth.

–Lauren–

I’m old enough to have seen a lot of seriously stupid ideas involving the Internet. But no matter how incredibly asinine, shortsighted, and nonsensical any given concept may be, there’s always room for somebody to come up with something new that drives the needle even further into the red zone of utterly moronic senselessness. And the happy gang over at Facebook has now pushed that poor needle so hard that it’s bent and quivering in total despair. 

Facebook’s new plan to fight the serious scourge of revenge porn is arguably the single most stupid — and dangerous — idea relating to the Internet that has ever spewed forth from a major commercial firm. 

It’s so insanely bad that at first I couldn’t believe that it was real — I assumed it was a satire or parody of some sort. Unfortunately, it’s all too real, and the sort of stuff that triggers an urge to bash your head into the wall in utter disbelief.

The major Internet firms typically now have mechanisms in place for individuals to report revenge porn photos for takedown from postings and search results. Google for example has a carefully thought out and completely appropriate procedure that targeted parties can follow in this regard to get such photos removed from search results. 

So what’s Facebook’s new plan? They want you to send Facebook your own naked photos even before they’ve been abused by anyone — even though they might never be abused by anyone!

No, I’m not kidding. Facebook’s twisted idea is to collect your personal naked and otherwise compromising sexually-related photos ahead of time, so just in case they’re used for revenge porn later, they can be prevented from showing up on Facebook. Whether or not it’s a great idea to have photos like that around in the first place is a different topic, but note that by definition we’re talking about photos already in your possession, not secret photos surreptitiously shot by your ex — which are much more likely to be the fodder for revenge porn.

Now, you don’t need to be a security or privacy expert, or a computer scientist, to see the gaping flaws in this creepy concept. 

No matter what the purported “promises” of privacy and security for the transmission of these photos and how they’d be handled at Facebook, they would create an enormous risk to the persons sending them if anything happened to go wrong. I won’t even list the voluminous possibilities for disaster in Facebook’s approach — most of them should be painfully obvious to pretty much everyone.

Facebook appears to be trying to expand into this realm from a methodology already used against child abuse photos, where such abuse photos already in circulation are “hashed” into digital “signatures” that can be matched if new attempts are made to post them. The major search and social media firms already use this mechanism quite successfully. 

But again, that involves child images that are typically already in public circulation and have already done significant damage.

In contrast, Facebook’s new plan involves soliciting nude photos that typically have never been in public circulation at all — well, at least before being sent in to Facebook for this plan, that is. 

Yes, Facebook will put photos at risk of abuse that otherwise likely would never have been abused!

Facebook wants your naked photos on the theory that holy smokes, maybe someday those photos might be abused and isn’t it grand that Facebook will take care of them for us in advance!

Is anybody with half a brain buying their spiel so far? 

Would there be technically practical ways to send photo-related data to Facebook that would avoid the obvious pitfalls of their plan? Yep, but Facebook has already shot them down.

For example, users could hash the photos using software on their own computers, then submit only those hashes to Facebook for potential signature matching — Facebook would never have the actual photos.

Or, users could submit “censored” versions of those photos to Facebook. In fact, when individuals request that Google remove revenge porn photos, Google explicitly urges them to use photo editing tools to black out the sensitive areas of the photos, before sending them to Google as part of the removal request — an utterly rational approach.

Facebook will have none of this. Facebook says that you must send them the uncensored photos with all the goodies intact. They claim that local hashing won’t work, because they need to have humans verify the original uncensored photos before they’re “blurred” for long-term storage. And they fear that allowing individuals to hash photos locally would subject the hashing algorithms to reverse engineering and exploitation.

Yeah, Facebook has an explanation for everything, but taken as a whole it makes no difference — the entire plan is garbage from the word go.

I don’t care how trusted and angelic the human reviewers of those uncensored submitted nude photos are supposed to be or what “protections” Facebook claims would be in place for those photos. Tiny cameras capable of copying photos from internal Facebook display screens could be anywhere. If human beings at Facebook ever have access to those original photos, you can bet your life that some of those photos are eventually going to leak from Facebook one way or another. You’ll always lose your money betting against human nature in this regard.

Facebook should immediately deep-six, bury, terminate, and otherwise cancel this ridiculous plan before someone gets hurt. And next time Facebook bros, how about doing some serious thinking about the collateral risks of your grand schemes before announcing them and ending up looking like such out-of-touch fools.

–Lauren–

Since the 3D printed wall mount for my Google Home Mini worked out quite nicely (details here), I went ahead yesterday and printed a different type of wall mount for my original Google Home (which is more suited for music listening given its larger and more elaborate speaker system — it even has decent bass response.)

Performance of the Google Home when mounted on the wall seems exemplary, both in terms of audio reproduction and the performance of its integral microphones. 

The surface of the mount meshes with the contours on the bottom of the Google Home unit, providing additional stability.

At the end of this post, I’ve included photos of the printed mount itself, the mount on the wall with Google Home installed, and a very brief video excerpt of the printing process. 

The model for this mount is from “westlow” at: https://www.thingiverse.com/thing:2426589 (I used the “V2” version).

As always, if you have any questions, please let me know. 

Be seeing you.

–Lauren–

(Please click images to enlarge.)

UPDATE (October 30, 2017): 3D Printed Wall Mount for the Full-Sized Google Home

– – –

Over on Google+ I recently posted several short items regarding a tiny plastic mount that I 3D printed a couple of days ago to hang my new Google Home Mini on my wall (see 2nd and 3rd photos below, for the actual model file please see: https://www.thingiverse.com/thing:2576121 by “Jakewk13”).

This virtually invisible wall mount is perfectly designed for the Mini and couldn’t be simpler. Technically, the Mini is upside down when you use this mount, but of course it works just fine. Thanks Google for sending me a Mini for my ongoing experiments!

I’ve since received quite a few queries about my printing facilities, such as they are.

So the 1st photo below shows my 3D printer setup. Yes, it looks like industrial gear from one of the “SAW” torture movies, but I like it that way. This is an extremely inexpensive arrangement, where I make up for the lack of expensive features with a fair degree of careful ongoing calibration and operational skill, but it serves me pretty well. I can’t emphasize enough how critical accurate calibration is with 3D printing, and there’s a significant learning curve involved.

The basic unit started as a very cheap Chinese clone printer kit that I built and mounted on that heavy board for stability. Then, hardware guy that I’ve always been, I started modifying. As is traditional, many of the additions and modifications were themselves printed on that printer. This includes the filament reel support brackets, calibration rods, filament guide, inductive sensor mount, and more. I installed an industrial inductive sensor at the forward left of the black extruder unit, to provide more precise Z-axis homing and to enable automatically adjusted print extrusion leveling.

I replaced the original cruddy firmware with a relatively recent Repetier dev build, which also enabled the various inductive sensor functions. I had to compile out the SD card support to make room for this build in my printer controller — but I never used the SD card on the printer (intended for standalone printing) anyway.

On the build platform, I use ordinary masking tape, that gets a thin coat of glue stick immediately after I put the tape down. The tape and glue can last for quite a few prints before needing replacement.

I mainly print PLA filament. I never touch ABS — it warps, its fumes smell awful and are highly toxic.

I almost always print at an extruder temperature of 205C and a bed temperature of 55C.

The printer is driven by Repetier Server which runs on 14.04 Ubuntu via Crouton running on an older CrOS Chromebook. I typically use Linux Cura for model slicing.

I know, it’s all laughably inexpensive and not at all fancy by most people’s standards, but it does the job for me when I want to hang a Google gadget on the wall or need the odd matter-antimatter injector guide servo nozzle in a hurry.

Yep, it really is the 21st century.

–Lauren–

(Please click images to enlarge.)