What happens in this tab stays in this tab
April 17, 2022 7:48 PM Subscribe
Comic artist Leah Elliott remixes Scott McCloud in another webcomic about Google Chrome. Chrome’s original announcement on September 1 2008 featured a 38 page comic from McCloud explaining why Google was introducing the new web browser. The new comic is not about the promise of a bright and open future, but about what Chrome has become.
Drat. I have contacted the mods - thanks for the correction jazon
posted by zenon at 8:07 PM on April 17, 2022
posted by zenon at 8:07 PM on April 17, 2022
This is a remix of the 2008 comic, by Leah Elliott
Being somewhat fuzzy on the details of the original McCloud comic, I was confused by the framing on this until I read the About page. I read the entire thing wondering if McCloud and the original Chrome team had declared mutiny against Google, or what. I wish the remix was a little more up-front about what it was/who had made it/where they were coming from so I could have read it with all of those things in mind the first time.
posted by Strange Interlude at 8:15 PM on April 17, 2022 [8 favorites]
Being somewhat fuzzy on the details of the original McCloud comic, I was confused by the framing on this until I read the About page. I read the entire thing wondering if McCloud and the original Chrome team had declared mutiny against Google, or what. I wish the remix was a little more up-front about what it was/who had made it/where they were coming from so I could have read it with all of those things in mind the first time.
posted by Strange Interlude at 8:15 PM on April 17, 2022 [8 favorites]
I was gonna say, that's not how Scott McCloud draws himself these days...I also thought somehow the Chrome Team was mutinying, until I went to the about page to confirm. But otherwise this was really interesting.
posted by Tesseractive at 8:16 PM on April 17, 2022 [2 favorites]
posted by Tesseractive at 8:16 PM on April 17, 2022 [2 favorites]
You'd know if Scott McCloud had declared mutiny, because this is what he'd do:
SCOTT: No one person can do what I need to do.
(he places his hands on either side of his head as it begins to simplify)
SCOTT: I need to become...
(as his head continues to change he screws his eyes shut has he pulls his head off his body)
(in the next panel, the metaphorphosis has finished, his eyes having vanished behind his glasses as he speaks...)
THE FLOATING HEAD OF SCOTT MCCLOUD: An icon.
posted by BiggerJ at 8:22 PM on April 17, 2022 [11 favorites]
SCOTT: No one person can do what I need to do.
(he places his hands on either side of his head as it begins to simplify)
SCOTT: I need to become...
(as his head continues to change he screws his eyes shut has he pulls his head off his body)
(in the next panel, the metaphorphosis has finished, his eyes having vanished behind his glasses as he speaks...)
THE FLOATING HEAD OF SCOTT MCCLOUD: An icon.
posted by BiggerJ at 8:22 PM on April 17, 2022 [11 favorites]
shared this with a friend whose reaction was basically "wow this turned into a horror story a lot faster than I expected"
posted by DoctorFedora at 8:51 PM on April 17, 2022 [1 favorite]
posted by DoctorFedora at 8:51 PM on April 17, 2022 [1 favorite]
I have a serious problem with the end, where they go hard on the individual action path, which really is not the answer to this problem for a number of reasons. Yes, using a browser like Firefox (and I've been using Firefox for decades myself) helps protect you - but this isn't just a "you" problem - it's a societal one. And as such, we need societal solutions that actually address root causes. I've talked about HIPAA For Everything as one such solution in past threads, but that's only one way to tackle the issue.
posted by NoxAeternum at 9:45 PM on April 17, 2022 [39 favorites]
posted by NoxAeternum at 9:45 PM on April 17, 2022 [39 favorites]
I read the remix before reading the original. Very cool to see how some of the panels have been completely re-purposed.
Wish I had at least skimmed the original before reading the remix.
posted by otherchaz at 9:46 PM on April 17, 2022 [1 favorite]
Wish I had at least skimmed the original before reading the remix.
posted by otherchaz at 9:46 PM on April 17, 2022 [1 favorite]
OMNI. BOX.
posted by Fiasco da Gama at 10:55 PM on April 17, 2022 [7 favorites]
posted by Fiasco da Gama at 10:55 PM on April 17, 2022 [7 favorites]
Mod note: (Fixed the attribution! )
posted by taz (staff) at 11:05 PM on April 17, 2022 [4 favorites]
posted by taz (staff) at 11:05 PM on April 17, 2022 [4 favorites]
I had a GREAT time where I clicked what I thought was the remix... And instead was the original - reading it like 'damn this must be so deep tech insider irony' and 'wow YEAH, evil huh 🙇🏻'
Having finally got to the remix - yeah our internet sucks. I find it hard to go more detailed than that because been browbeaten into expecting the worst and demanding so little, that I have the consistent voice of 'ow, and oh well of course' - cynicism as a refuge to feel in control.
I actually think what's going to stick with me most was reading the original and... remembering when tech was just this Cool Thing to Understand? Technical solutions explained transparently, and with fun! We're all solving this internet together!
So yeah, going to remember that when a big corporation presents a 'technical explainer' - I'm not going to know how they're gonna abuse things, but they will. Process is a distraction from politics.
posted by litleozy at 2:13 AM on April 18, 2022 [2 favorites]
Having finally got to the remix - yeah our internet sucks. I find it hard to go more detailed than that because been browbeaten into expecting the worst and demanding so little, that I have the consistent voice of 'ow, and oh well of course' - cynicism as a refuge to feel in control.
I actually think what's going to stick with me most was reading the original and... remembering when tech was just this Cool Thing to Understand? Technical solutions explained transparently, and with fun! We're all solving this internet together!
So yeah, going to remember that when a big corporation presents a 'technical explainer' - I'm not going to know how they're gonna abuse things, but they will. Process is a distraction from politics.
posted by litleozy at 2:13 AM on April 18, 2022 [2 favorites]
And yet, people say I'm paranoid for actively avoiding Google.
Here are some pretty easy* replacement options:
Chromium, not Chrome.
Startpage, not Google search.
Freetube, not Youtube.
DeepL, not Google Translate.
OpenStreetMap, not Google Maps.
LineageOS, not Android.
And if you care about privacy at all, please get a proper email provider.
* there are usually better options if you are willing to invest more time, and get even more untangled from Google's web.
posted by Too-Ticky at 3:30 AM on April 18, 2022 [44 favorites]
Here are some pretty easy* replacement options:
Chromium, not Chrome.
Startpage, not Google search.
Freetube, not Youtube.
DeepL, not Google Translate.
OpenStreetMap, not Google Maps.
LineageOS, not Android.
And if you care about privacy at all, please get a proper email provider.
* there are usually better options if you are willing to invest more time, and get even more untangled from Google's web.
posted by Too-Ticky at 3:30 AM on April 18, 2022 [44 favorites]
DeepL also has the advantage of being hugely better at the languages it supports
posted by DoctorFedora at 4:43 AM on April 18, 2022 [5 favorites]
posted by DoctorFedora at 4:43 AM on April 18, 2022 [5 favorites]
Firefox 4 life, here.
Gmail only due to inertia - same account since 2004, and it’s hard to get the energy to set up something different and change my contact email in so many places…
Even if I drop my own Gmail account, my university (work) account is Gmail. Not just Gmail, but forced into using the web interface only, rather than a desktop mail client, because Google convinced the university that it’s the only way to ensure privacy of our mail. Which is rich. To ensure privacy and security I had to allow Google to install a device policy on my personal iOS devices, enabling Google to wipe portions of my devices if the U thinks there’s a privacy issue. And I can’t separate my personal stuff either. The device policy applies to every single app installed that might be able to use my university account. Any other apps, like Drive or YouTube? Even if I only ever sign in to these apps with my personal email, device policy says I need to allow Google to register them with the policy and enable tracking. They claim they won’t look at data not associated with my U account but how do I know that’s true?
Bit what ticks me off the most is that the device policy also locked me out of signing in to my own account unless I use the Google apps on my iPhone or iPad. I have 2 factor security enabled, I use an authenticator app to generate the login code. Except now when I log in it asks me to open the Gmail app on my phone and verify using that. I never, ever want to use the Gmail app for any reason for my own mail. I detest using it for my WORK mail. When I click “other authentication options” using my authenticator app code is never presented as an option. It’s utterly frustrating.
Google, keeping my work mail “private and secure”. Thanks guys.
posted by caution live frogs at 5:17 AM on April 18, 2022 [10 favorites]
Gmail only due to inertia - same account since 2004, and it’s hard to get the energy to set up something different and change my contact email in so many places…
Even if I drop my own Gmail account, my university (work) account is Gmail. Not just Gmail, but forced into using the web interface only, rather than a desktop mail client, because Google convinced the university that it’s the only way to ensure privacy of our mail. Which is rich. To ensure privacy and security I had to allow Google to install a device policy on my personal iOS devices, enabling Google to wipe portions of my devices if the U thinks there’s a privacy issue. And I can’t separate my personal stuff either. The device policy applies to every single app installed that might be able to use my university account. Any other apps, like Drive or YouTube? Even if I only ever sign in to these apps with my personal email, device policy says I need to allow Google to register them with the policy and enable tracking. They claim they won’t look at data not associated with my U account but how do I know that’s true?
Bit what ticks me off the most is that the device policy also locked me out of signing in to my own account unless I use the Google apps on my iPhone or iPad. I have 2 factor security enabled, I use an authenticator app to generate the login code. Except now when I log in it asks me to open the Gmail app on my phone and verify using that. I never, ever want to use the Gmail app for any reason for my own mail. I detest using it for my WORK mail. When I click “other authentication options” using my authenticator app code is never presented as an option. It’s utterly frustrating.
Google, keeping my work mail “private and secure”. Thanks guys.
posted by caution live frogs at 5:17 AM on April 18, 2022 [10 favorites]
Bit what ticks me off the most is that the device policy also locked me out of signing in to my own account unless I use the Google apps on my iPhone or iPad. I have 2 factor security enabled, I use an authenticator app to generate the login code. Except now when I log in it asks me to open the Gmail app on my phone and verify using that. I never, ever want to use the Gmail app for any reason for my own mail. I detest using it for my WORK mail. When I click “other authentication options” using my authenticator app code is never presented as an option. It’s utterly frustrating.
If your organization used Microsoft 365, the viable cloud productivity competitor to Google Workspace, you wouldn't have to open the email app on the device to verify your identity. You'd have to open the Microsoft Authenticator app instead. TOTP codes (like in Google Authenticator) are much easier to replicate/fake/screenshot/text than tapping one of those "confirm" notifications on an app on a mobile device, which allows for more comprehensive tracking.
If you're trying to stop phishing and account takeovers, watching users extremely closely helps tell malicious behavior and legitimate behavior apart.
By "malicious behavior" I mean someone successfully signing in as you in a location where you're not, accessing your work email account, and using it to attempt to either phish more users or send fraudulent invoices to extract money from your employer or your employer's vendors. Those "improbable location" alerts that Google Workspace/Microsoft 365 admins get feel intrusive, but also, you clearly weren't really in Vancouver two hours ago and in Lagos two minutes ago, and the sooner we can catch compromised accounts and require password changes the better.
Google, keeping my work mail “private and secure”. Thanks guys.
You're welcome! I mean if you'd rather the users in your organization give scammers hundreds of thousands of US Dollars, you can probably configure the productivity environment to require fewer security measures, and it'll be much more convenient to sign into. But as far as I know, nobody is recommending that.
The gardens have higher, spikier walls every year because people are trying to break in and set them on fire.
posted by All Might Be Well at 5:30 AM on April 18, 2022 [2 favorites]
If your organization used Microsoft 365, the viable cloud productivity competitor to Google Workspace, you wouldn't have to open the email app on the device to verify your identity. You'd have to open the Microsoft Authenticator app instead. TOTP codes (like in Google Authenticator) are much easier to replicate/fake/screenshot/text than tapping one of those "confirm" notifications on an app on a mobile device, which allows for more comprehensive tracking.
If you're trying to stop phishing and account takeovers, watching users extremely closely helps tell malicious behavior and legitimate behavior apart.
By "malicious behavior" I mean someone successfully signing in as you in a location where you're not, accessing your work email account, and using it to attempt to either phish more users or send fraudulent invoices to extract money from your employer or your employer's vendors. Those "improbable location" alerts that Google Workspace/Microsoft 365 admins get feel intrusive, but also, you clearly weren't really in Vancouver two hours ago and in Lagos two minutes ago, and the sooner we can catch compromised accounts and require password changes the better.
Google, keeping my work mail “private and secure”. Thanks guys.
You're welcome! I mean if you'd rather the users in your organization give scammers hundreds of thousands of US Dollars, you can probably configure the productivity environment to require fewer security measures, and it'll be much more convenient to sign into. But as far as I know, nobody is recommending that.
The gardens have higher, spikier walls every year because people are trying to break in and set them on fire.
posted by All Might Be Well at 5:30 AM on April 18, 2022 [2 favorites]
Regarding Android alternatives - I had used CyanogenMod, like ten years ago, to get rid of Android-vendor-specific garbage on my own personal device, and found it too flaky and fiddly to recommend to other people. I hadn't been following LineageOS closely but holy shit what an unprofessional mess. It doesn't sound like these people even had well-coordinated control of major UX changes (look at the second to last paragraph here).
Google may be evil but at least they're halfway competent. My experience of FLOSS is that they have nowhere near the funding or respect for less technical people necessary to ship software that isn't horrid.
Regarding stuff you can do - I'd like to see a US GDPR and other regulations with teeth to them. I don't think individual action is the answer here, especially when so much activity flows through your school, employer, or other organization's productivity system and so few of those are remotely independent under the hood.
posted by All Might Be Well at 5:34 AM on April 18, 2022 [4 favorites]
Google may be evil but at least they're halfway competent. My experience of FLOSS is that they have nowhere near the funding or respect for less technical people necessary to ship software that isn't horrid.
Regarding stuff you can do - I'd like to see a US GDPR and other regulations with teeth to them. I don't think individual action is the answer here, especially when so much activity flows through your school, employer, or other organization's productivity system and so few of those are remotely independent under the hood.
posted by All Might Be Well at 5:34 AM on April 18, 2022 [4 favorites]
All Might Be Well: Google may be evil but at least they're halfway competent. My experience of FLOSS is that they have nowhere near the funding or respect for less technical people necessary to ship software that isn't horrid.
Well, our priorities clearly differ. ¯\_(ツ)_/¯
Personally I prefer unprofessional and underfunded over evil.
posted by Too-Ticky at 5:40 AM on April 18, 2022 [6 favorites]
Well, our priorities clearly differ. ¯\_(ツ)_/¯
Personally I prefer unprofessional and underfunded over evil.
posted by Too-Ticky at 5:40 AM on April 18, 2022 [6 favorites]
Personally I prefer unprofessional and underfunded over evil.
You don't think lying to people and frightening them with some nonsense about their devices mining shitcoins is evil? LineageOS looks pretty evil to me, or so incompetent as to be indistinguishable from evil.
posted by All Might Be Well at 5:45 AM on April 18, 2022 [3 favorites]
You don't think lying to people and frightening them with some nonsense about their devices mining shitcoins is evil? LineageOS looks pretty evil to me, or so incompetent as to be indistinguishable from evil.
posted by All Might Be Well at 5:45 AM on April 18, 2022 [3 favorites]
Welp, I downloaded Firefox after reading this in spite having known better for years. But I do not know how to begin to escape over a decade of Gmail usage. I have other email addresses, but I don't know how to make that transition. Oh, and then there are all of the things I use Google to login with, which I assume are just as bad as anything else.
I ditched Facebook (and Twitter) a few years ago with minimal repercussions but Google seems on another order altogether (in terms of my personal Internet usage). Omni indeed.
posted by synecdoche at 5:49 AM on April 18, 2022 [11 favorites]
I ditched Facebook (and Twitter) a few years ago with minimal repercussions but Google seems on another order altogether (in terms of my personal Internet usage). Omni indeed.
posted by synecdoche at 5:49 AM on April 18, 2022 [11 favorites]
All Might Be Well: You don't think lying to people and frightening them with some nonsense about their devices mining shitcoins is evil?
No. That was clearly a stupid prank, taken too far. Bad idea. Should never have seen the light of day.
But it doesn't trigger my evil-o-meter.
I don't use LineageOS, but I think that if one insists on using Android apps (which I do not), one could do a lot worse.
posted by Too-Ticky at 5:50 AM on April 18, 2022 [3 favorites]
No. That was clearly a stupid prank, taken too far. Bad idea. Should never have seen the light of day.
But it doesn't trigger my evil-o-meter.
I don't use LineageOS, but I think that if one insists on using Android apps (which I do not), one could do a lot worse.
posted by Too-Ticky at 5:50 AM on April 18, 2022 [3 favorites]
I do not know how to begin to escape over a decade of Gmail usage. I have other email addresses, but I don't know how to make that transition. Oh, and then there are all of the things I use Google to login with, which I assume are just as bad as anything else.
Email gets used as a kind of final authority on identity in a LOT of places, so it's not just you. I haven't fully closed an email account since 2006, when I was a minor and had no financial data to risk. Network effects are extremely powerful.
If you want to transition stuff from an old Gmail account to a new account, set up forwarding from the old account to the new account. (This option may have been disabled in your Google Workspace environment.)
On the new account, set up filtering or labeling so you can easily tell what was originally sent to your old account. (If you're using a provider other than Google or Microsoft, you'll have to look up the equivalent instructions yourself.)
As you receive forwarded human-sent emails, reply to the senders, asking them to use your new address going forward. As you receive forwarded automated emails, update your preferences/change your account email/etc. where it is possible to do so. Your local community bank, videogames accounts, healthcare provider, etc. may not have a good system for this or may require you to phone them to ask for the change to be made.
If you're using email in 2022 that doesn't have multi-factor authentication (MFA), you should know I think that's a really bad decision, unfortunately, I am unable to stop you.
posted by All Might Be Well at 6:02 AM on April 18, 2022 [4 favorites]
Email gets used as a kind of final authority on identity in a LOT of places, so it's not just you. I haven't fully closed an email account since 2006, when I was a minor and had no financial data to risk. Network effects are extremely powerful.
If you want to transition stuff from an old Gmail account to a new account, set up forwarding from the old account to the new account. (This option may have been disabled in your Google Workspace environment.)
On the new account, set up filtering or labeling so you can easily tell what was originally sent to your old account. (If you're using a provider other than Google or Microsoft, you'll have to look up the equivalent instructions yourself.)
As you receive forwarded human-sent emails, reply to the senders, asking them to use your new address going forward. As you receive forwarded automated emails, update your preferences/change your account email/etc. where it is possible to do so. Your local community bank, videogames accounts, healthcare provider, etc. may not have a good system for this or may require you to phone them to ask for the change to be made.
If you're using email in 2022 that doesn't have multi-factor authentication (MFA), you should know I think that's a really bad decision, unfortunately, I am unable to stop you.
posted by All Might Be Well at 6:02 AM on April 18, 2022 [4 favorites]
On page 4 of the comic, there's a claim that Chrome collects anything you type into the search bar, whether or not you ever press return to submit the search, and that this is referred to as Chrome's "no return policy". Anybody got a citation for that? Not that I find it particularly difficult to believe, mind you, but I'm unable to find anything else about this.
posted by Sing Or Swim at 6:15 AM on April 18, 2022 [2 favorites]
posted by Sing Or Swim at 6:15 AM on April 18, 2022 [2 favorites]
Do I have to read the original to know the meaning of page 26 with just the big box with horizontal lines? or maybe mine's just not rendering properly
posted by achrise at 6:19 AM on April 18, 2022 [2 favorites]
posted by achrise at 6:19 AM on April 18, 2022 [2 favorites]
The gardens have higher, spikier walls every year because people are trying to break in and set them on fire.
No, this is incorrect. The walls are taller to make it difficult for users to switch to other platforms or tools, which hurts revenue. Making a software ecosystem "sticky" isn't a technical decision, it's just business.
posted by They sucked his brains out! at 6:35 AM on April 18, 2022 [8 favorites]
No, this is incorrect. The walls are taller to make it difficult for users to switch to other platforms or tools, which hurts revenue. Making a software ecosystem "sticky" isn't a technical decision, it's just business.
posted by They sucked his brains out! at 6:35 AM on April 18, 2022 [8 favorites]
(sigh)
Once again, "let's change software/service providers" is not an answer to this problem, for a number of reasons such as:
* What happens to the people who don't move, or are unable to do? Are they just collateral damage? Or are we going to hold their unawareness or inability to change against them?
* It's worth remembering that once upon a time, Google did at the very least pay lip service to privacy protections - the erosion was a slow process as incentives for ceasing to do so piled up. What's to say that these successors won't fall to those very same incentives?
All changing platforms does is kick the can down the road while abandoning people for the crime of not being savvy. Let's actually address the real issues at play here, and actually defend privacy. And yes, this means confronting a number of sacred cows - some we hold dearly - but it's high time we started doing so.
posted by NoxAeternum at 6:56 AM on April 18, 2022 [22 favorites]
Once again, "let's change software/service providers" is not an answer to this problem, for a number of reasons such as:
* What happens to the people who don't move, or are unable to do? Are they just collateral damage? Or are we going to hold their unawareness or inability to change against them?
* It's worth remembering that once upon a time, Google did at the very least pay lip service to privacy protections - the erosion was a slow process as incentives for ceasing to do so piled up. What's to say that these successors won't fall to those very same incentives?
All changing platforms does is kick the can down the road while abandoning people for the crime of not being savvy. Let's actually address the real issues at play here, and actually defend privacy. And yes, this means confronting a number of sacred cows - some we hold dearly - but it's high time we started doing so.
posted by NoxAeternum at 6:56 AM on April 18, 2022 [22 favorites]
"Anybody got a citation for that?"
Quick test...
Opens a brand new installation of Chrome - never used (I instead, let Microsoft track everything - who is my trusted monopolist? Microsoft, not Google. Sorry, not sorry.).
Types the letter "A" into the OMNI BOX - suggested sites include "Amazon".
Types the letters "AB" into the OMNI BOX - suggested sites include "Abercrombie" (I would NEVER shop there)
So - those suggestions are not kept local - every character you type into Chrome is sent back.
posted by rozcakj at 7:06 AM on April 18, 2022 [6 favorites]
Quick test...
Opens a brand new installation of Chrome - never used (I instead, let Microsoft track everything - who is my trusted monopolist? Microsoft, not Google. Sorry, not sorry.).
Types the letter "A" into the OMNI BOX - suggested sites include "Amazon".
Types the letters "AB" into the OMNI BOX - suggested sites include "Abercrombie" (I would NEVER shop there)
So - those suggestions are not kept local - every character you type into Chrome is sent back.
posted by rozcakj at 7:06 AM on April 18, 2022 [6 favorites]
Even if I drop my own Gmail account, my university (work) account is Gmail. Not just Gmail, but forced into using the web interface only, rather than a desktop mail client, because Google convinced the university that it’s the only way to ensure privacy of our mail.
We have something similar where I work, but since we use Microsoft for email and Google for everything else, at least there's that separation between work emails and work applications. For the applications, it is the same thing where to log in you have to accept the device policy which allows work to manage **all** your applications on the device, and last year working from home we had to allow this on our personal devices if we wanted to use particular applications like the shared drives.
However, so far it only seems to extend to chrome... my solution is to use chrome for all work things and firefox for all personal things.
Our union made a big stink about it, because people felt they were being monitored by work on their personal devices. So now we are all receiving work laptops, which they are free to monitor as much as they like and probably will. They already have software install to monitor what the students are doing with the district-issued chromebooks, which I know because I have access to that software as well. I don't use it, when they're in my classroom I can physically see what they're doing on the laptops and if they're off task and that's good enough for me.
posted by subdee at 7:13 AM on April 18, 2022 [2 favorites]
We have something similar where I work, but since we use Microsoft for email and Google for everything else, at least there's that separation between work emails and work applications. For the applications, it is the same thing where to log in you have to accept the device policy which allows work to manage **all** your applications on the device, and last year working from home we had to allow this on our personal devices if we wanted to use particular applications like the shared drives.
However, so far it only seems to extend to chrome... my solution is to use chrome for all work things and firefox for all personal things.
Our union made a big stink about it, because people felt they were being monitored by work on their personal devices. So now we are all receiving work laptops, which they are free to monitor as much as they like and probably will. They already have software install to monitor what the students are doing with the district-issued chromebooks, which I know because I have access to that software as well. I don't use it, when they're in my classroom I can physically see what they're doing on the laptops and if they're off task and that's good enough for me.
posted by subdee at 7:13 AM on April 18, 2022 [2 favorites]
It's possible to both advocate for greater change while taking practical steps now to mitigate the damage done. No one's claiming it's the final or perfect answer to this problem. But it is an answer you can act on now.
That's the theory, yes. But look at this thread, and how much digital ink has been spilled discussing alternatives versus discussing the root issues and how they can be addressed. This is something that happens over and over - societal problems are turned into individual ones, and as a result they don't actually get addressed. And as I pointed out, these aren't actually answers, because they're not addressing root causes - they're mitigation at best.
Is changing platforms something you can do now? Sure. But it's also not something that actually addresses the problem, and that needs to be kept in mind.
posted by NoxAeternum at 7:26 AM on April 18, 2022 [6 favorites]
That's the theory, yes. But look at this thread, and how much digital ink has been spilled discussing alternatives versus discussing the root issues and how they can be addressed. This is something that happens over and over - societal problems are turned into individual ones, and as a result they don't actually get addressed. And as I pointed out, these aren't actually answers, because they're not addressing root causes - they're mitigation at best.
Is changing platforms something you can do now? Sure. But it's also not something that actually addresses the problem, and that needs to be kept in mind.
posted by NoxAeternum at 7:26 AM on April 18, 2022 [6 favorites]
All Might Be Well: "If your organization used Microsoft 365, the viable cloud productivity competitor to Google Workspace, you wouldn't have to open the email app on the device to verify your identity.
My organization uses Duo push notifications for sign-in to work (including Office365 apps!), not authenticator codes. My gripe is that installing the stupid Gmail app just so that I can access my work mail meant that I must now also use the Gmail app on my iOS device to verify my identity for my PERSONAL email on any other device. I can't use the authenticator code saved in my password manager. I must use the email application that I do not ever use for my own personal email to verify my identity when I use my personal email. Which meant when upgrading my phone, I could not sign in to my personal email until after I got home and opened the stupid Gmail app on my iPad. I never asked to use the email app to verify my identity. It was added automatically. My options are "leave my personal email listed in Gmail app but turned off, and still use this stupid app to verify my identity" or "delete my personal email from every Google-associated app on my own device". No in-between.
(Google device policy grabbed on to and insists on managing all installed Microsoft apps as well, so Office365 apps are in the same boat. It's invasive as hell.)
If you're trying to stop phishing and account takeovers, watching users extremely closely helps tell malicious behavior and legitimate behavior apart ... By "malicious behavior" I mean someone successfully signing in as you in a location where you're not, accessing your work email account, and using it to attempt to either phish more users or send fraudulent invoices to extract money from your employer or your employer's vendors.
Again. My work mail? I am OK with the Duo push system. It works fine. It's secure. My U account is part of the medical center. My actual paid work is for the U.S. government, in a healthcare setting, using USAccess security card logins for everything. I am fully aware of the reason behind keeping logins for large organizations secure, and frankly using card login or mobile push is WAY more convenient than having to cycle my password every 90 days like we used to do. But enabling a more secure login method for my work account should not also include changing my authentication method for my personal email, or any apps that I use for non-work activities. A pile of apps that are not now nor were ever used for work-related activity are now inextricably tied to my work account, because of the device policy. When they tell me that I have provided permission for them to wipe my phone, how the hell am I to be sure that they'll ONLY wipe the work-related apps and not nuke my own personal account in the process? Answer, I don't.
Google, keeping my work mail “private and secure”. Thanks guys.
You're welcome! I mean if you'd rather the users in your organization give scammers hundreds of thousands of US Dollars, you can probably configure the productivity environment to require fewer security measures, and it'll be much more convenient to sign into. But as far as I know, nobody is recommending that.
That was irony, not a complaint about sign-in methods or stopping scammers. The company charged with keeping my mail private and secure is also the company that spends the most time invading the privacy of every single person who uses their products. See? Irony.
posted by caution live frogs at 8:06 AM on April 18, 2022 [4 favorites]
My organization uses Duo push notifications for sign-in to work (including Office365 apps!), not authenticator codes. My gripe is that installing the stupid Gmail app just so that I can access my work mail meant that I must now also use the Gmail app on my iOS device to verify my identity for my PERSONAL email on any other device. I can't use the authenticator code saved in my password manager. I must use the email application that I do not ever use for my own personal email to verify my identity when I use my personal email. Which meant when upgrading my phone, I could not sign in to my personal email until after I got home and opened the stupid Gmail app on my iPad. I never asked to use the email app to verify my identity. It was added automatically. My options are "leave my personal email listed in Gmail app but turned off, and still use this stupid app to verify my identity" or "delete my personal email from every Google-associated app on my own device". No in-between.
(Google device policy grabbed on to and insists on managing all installed Microsoft apps as well, so Office365 apps are in the same boat. It's invasive as hell.)
If you're trying to stop phishing and account takeovers, watching users extremely closely helps tell malicious behavior and legitimate behavior apart ... By "malicious behavior" I mean someone successfully signing in as you in a location where you're not, accessing your work email account, and using it to attempt to either phish more users or send fraudulent invoices to extract money from your employer or your employer's vendors.
Again. My work mail? I am OK with the Duo push system. It works fine. It's secure. My U account is part of the medical center. My actual paid work is for the U.S. government, in a healthcare setting, using USAccess security card logins for everything. I am fully aware of the reason behind keeping logins for large organizations secure, and frankly using card login or mobile push is WAY more convenient than having to cycle my password every 90 days like we used to do. But enabling a more secure login method for my work account should not also include changing my authentication method for my personal email, or any apps that I use for non-work activities. A pile of apps that are not now nor were ever used for work-related activity are now inextricably tied to my work account, because of the device policy. When they tell me that I have provided permission for them to wipe my phone, how the hell am I to be sure that they'll ONLY wipe the work-related apps and not nuke my own personal account in the process? Answer, I don't.
Google, keeping my work mail “private and secure”. Thanks guys.
You're welcome! I mean if you'd rather the users in your organization give scammers hundreds of thousands of US Dollars, you can probably configure the productivity environment to require fewer security measures, and it'll be much more convenient to sign into. But as far as I know, nobody is recommending that.
That was irony, not a complaint about sign-in methods or stopping scammers. The company charged with keeping my mail private and secure is also the company that spends the most time invading the privacy of every single person who uses their products. See? Irony.
posted by caution live frogs at 8:06 AM on April 18, 2022 [4 favorites]
What's the current feeling about the Brave browser? I switched to Brave a month or two ago mostly for speed and the ad-blocking, but I get the feeling that all the crypto nonsense they added put the app out of favor. I don't use any of that but I like it, so far.
posted by JoeZydeco at 8:35 AM on April 18, 2022
posted by JoeZydeco at 8:35 AM on April 18, 2022
Hm... I started out feeling fairly receptive towards the message of this piece, but there were so many tricky rhetorical maneuvers that it really turned me off. Like, am I supposed to be upset that the data that Google collects about me is stored at data centers with high physical security? Would it be better if it were easy for other people to break in and steal my data from Google? I might not like that Google has lots of data about me, but given that they do, I certainly don't want it to be easy for other people that I trust even less to gain access to that data.
There were several things like this in the piece, painting things that are innocuous or even positive as nefarious, the effect of which was to make me unsure how much to trust of the more serious accusations.
Anyway, I'm firmly with NoxAeternum on this. Despite my reservations about this piece, I agree that Google's behavior regarding tracking user data is not great in many ways. But making the solution about personal action doesn't really fix things. We need better regulations about digital privacy. The fact that businesses collecting our data are so unregulated is ridiculous.
For example, if I, as an academic researcher, want to ask a question about how people behave in an online platform, I have a huge amount of regulatory hurdles to jump through. I need to talk to an IRB (which will include people with no financial connection to me or my employer) to get the study approved. If I plan to intervene rather than just passively observe (e.g., by asking people questions, or by making any changes to the interface of a website to see how that impacts user behavior), I need to seek informed consent. I need to have a data management and privacy plan, to protect any identifiable data I've collected about my subjects. And if I fail to do these things properly, my research, or in extreme cases the research at my entire institution, can be shut down. This all governs research that is being done in the public interest, to produce scientific knowledge that will be disseminated publicly.
By contrast, if a company wants to run the exact same study but for a "business purpose," they are subject to... basically nothing. No independent body reviews the proposed work, the researchers can attempt to influence or manipulate their subjects in any way without concern to the potential for harm, and there is no regulatory body monitoring the security of subject data. This is what governs research that is done for profit, not intended to be in the public interest.
The open-ended data collection done by Google and other major tech companies, in the context of no specific research questions, simply to be used for any future questions that a researcher might want to ask, is expressly forbidden for academic researchers in the U.S. and most other countries.
As an academic, the regulations we deal with can be a real PITA in terms of requiring extra work that's not really fun for anybody, but they're absolutely vital to ensuring the public has trust in the process. And at the end of the day, the system works fine. Most good research questions still get asked and answered, and science moves forward. We absolutely could require businesses to follow similar standards of regulation regarding privacy practices, informed consent about data collection, and so on, and they would be able to continue operating and making a profit. And the digital economy would be healthier, because people would have more trust that they can engage with it freely without being taken advantage of or exposed to undue risk.
So yes, I'm happy to complain about Google's failures to live up to its previous motto of "don't be evil," but I don't think focusing on Google or the Chrome browser specifically end up addressing the fundamental problem, which is that our society needs to adopt the motto "Don't permit evil," and act to enforce it.
posted by biogeo at 8:57 AM on April 18, 2022 [17 favorites]
There were several things like this in the piece, painting things that are innocuous or even positive as nefarious, the effect of which was to make me unsure how much to trust of the more serious accusations.
Anyway, I'm firmly with NoxAeternum on this. Despite my reservations about this piece, I agree that Google's behavior regarding tracking user data is not great in many ways. But making the solution about personal action doesn't really fix things. We need better regulations about digital privacy. The fact that businesses collecting our data are so unregulated is ridiculous.
For example, if I, as an academic researcher, want to ask a question about how people behave in an online platform, I have a huge amount of regulatory hurdles to jump through. I need to talk to an IRB (which will include people with no financial connection to me or my employer) to get the study approved. If I plan to intervene rather than just passively observe (e.g., by asking people questions, or by making any changes to the interface of a website to see how that impacts user behavior), I need to seek informed consent. I need to have a data management and privacy plan, to protect any identifiable data I've collected about my subjects. And if I fail to do these things properly, my research, or in extreme cases the research at my entire institution, can be shut down. This all governs research that is being done in the public interest, to produce scientific knowledge that will be disseminated publicly.
By contrast, if a company wants to run the exact same study but for a "business purpose," they are subject to... basically nothing. No independent body reviews the proposed work, the researchers can attempt to influence or manipulate their subjects in any way without concern to the potential for harm, and there is no regulatory body monitoring the security of subject data. This is what governs research that is done for profit, not intended to be in the public interest.
The open-ended data collection done by Google and other major tech companies, in the context of no specific research questions, simply to be used for any future questions that a researcher might want to ask, is expressly forbidden for academic researchers in the U.S. and most other countries.
As an academic, the regulations we deal with can be a real PITA in terms of requiring extra work that's not really fun for anybody, but they're absolutely vital to ensuring the public has trust in the process. And at the end of the day, the system works fine. Most good research questions still get asked and answered, and science moves forward. We absolutely could require businesses to follow similar standards of regulation regarding privacy practices, informed consent about data collection, and so on, and they would be able to continue operating and making a profit. And the digital economy would be healthier, because people would have more trust that they can engage with it freely without being taken advantage of or exposed to undue risk.
So yes, I'm happy to complain about Google's failures to live up to its previous motto of "don't be evil," but I don't think focusing on Google or the Chrome browser specifically end up addressing the fundamental problem, which is that our society needs to adopt the motto "Don't permit evil," and act to enforce it.
posted by biogeo at 8:57 AM on April 18, 2022 [17 favorites]
The use of IP addresses to identify who is using Chrome must help explain an odd incident I had at work a few months ago. I was on a work computer looking up something non-work related and I got an ad for some obscure farm-related device (I forget exactly what) that I had never heard of. I comments aloud to no one in particular that I had no idea such a thing existed and one of the nurses standing nearby mentioned that her husband had just been looking at them the other day. We were both kind of creeped out by this demonstration of how Google had worked its way into her browsing habits at home, which then followed her to work.
posted by TedW at 9:03 AM on April 18, 2022 [1 favorite]
posted by TedW at 9:03 AM on April 18, 2022 [1 favorite]
This was my take in 2008 when the comic was first released.
(Disclosure: then as now I'm a Microsoft employee)
posted by Slothrup at 9:05 AM on April 18, 2022 [5 favorites]
(Disclosure: then as now I'm a Microsoft employee)
posted by Slothrup at 9:05 AM on April 18, 2022 [5 favorites]
This comic reflects many of the concepts from "Surveillance Capitalism" by Shoshana Zuboff. I consider it the most consequential book of the decade, as far as technology goes.
posted by fake at 9:15 AM on April 18, 2022 [2 favorites]
posted by fake at 9:15 AM on April 18, 2022 [2 favorites]
NoxAeternum: All changing platforms does is kick the can down the road while abandoning people for the crime of not being savvy.
Non-savvy people won't be better off if I go back to using Google and Android. And I'll be honest here: I'd prefer not to.
Incidentally, I have helped several not-so-savvy people to get away from Google in various ways. One fellow, for example, wanted to get a smartphone but did not feel at all drawn to Android. He is now happily using his smartphone, running Ubuntu Touch. He likes it just fine once it's installed (he has trouble doing that himself).
Of course, structural solutions are the better solutions. But I can't personally make those happen. So I make the changes that I can make, while in doing so voting with my wallet (and eyeballs).
posted by Too-Ticky at 9:17 AM on April 18, 2022 [4 favorites]
Non-savvy people won't be better off if I go back to using Google and Android. And I'll be honest here: I'd prefer not to.
Incidentally, I have helped several not-so-savvy people to get away from Google in various ways. One fellow, for example, wanted to get a smartphone but did not feel at all drawn to Android. He is now happily using his smartphone, running Ubuntu Touch. He likes it just fine once it's installed (he has trouble doing that himself).
Of course, structural solutions are the better solutions. But I can't personally make those happen. So I make the changes that I can make, while in doing so voting with my wallet (and eyeballs).
posted by Too-Ticky at 9:17 AM on April 18, 2022 [4 favorites]
>Types the letter "A" into the OMNI BOX - suggested sites include "Amazon".
>Types the letters "AB" into the OMNI BOX - suggested sites include "Abercrombie" (I would NEVER shop there)
>So - those suggestions are not kept local - every character you type into Chrome is sent back.
Sure--sorry, I should have been clearer about my question. The suggestion in the comic is that everything you type into the search window is saved Forevarr! in their data profile of you, whether or not you even submit the search. So if you start typing your ex's name or your secret medical problem or your embarrassing fetish, Google is storing that info about you. I'm wondering if there is anything to substantiate that. Again, not that I don't believe they would ever do anything so insensitive and unscrupulous, it's just nice when something is claimed if there's actual evidence to back it up.
posted by Sing Or Swim at 9:45 AM on April 18, 2022 [1 favorite]
>Types the letters "AB" into the OMNI BOX - suggested sites include "Abercrombie" (I would NEVER shop there)
>So - those suggestions are not kept local - every character you type into Chrome is sent back.
Sure--sorry, I should have been clearer about my question. The suggestion in the comic is that everything you type into the search window is saved Forevarr! in their data profile of you, whether or not you even submit the search. So if you start typing your ex's name or your secret medical problem or your embarrassing fetish, Google is storing that info about you. I'm wondering if there is anything to substantiate that. Again, not that I don't believe they would ever do anything so insensitive and unscrupulous, it's just nice when something is claimed if there's actual evidence to back it up.
posted by Sing Or Swim at 9:45 AM on April 18, 2022 [1 favorite]
NoxAeternum: All changing platforms does is kick the can down the road while abandoning people for the crime of not being savvy.
Would it help those people in any way if others just kept using the same platform? No.
People leaving a particular platform signals that that platform is doing something not to their liking. Which may trigger others to look closer at what is going on, and using that to at least make an informed decision to stay, leave or diminish their usage and exposure. Some platforms may care about that and change their ways (but trust leaves by express train and returns on foot), others (Yahoo!) may collapse due to lack of participation, and still others (Google) may not care enough to do anything about it.
But not doing anything at all is defaitist.
posted by Stoneshop at 9:54 AM on April 18, 2022 [2 favorites]
Would it help those people in any way if others just kept using the same platform? No.
People leaving a particular platform signals that that platform is doing something not to their liking. Which may trigger others to look closer at what is going on, and using that to at least make an informed decision to stay, leave or diminish their usage and exposure. Some platforms may care about that and change their ways (but trust leaves by express train and returns on foot), others (Yahoo!) may collapse due to lack of participation, and still others (Google) may not care enough to do anything about it.
But not doing anything at all is defaitist.
posted by Stoneshop at 9:54 AM on April 18, 2022 [2 favorites]
The comic is... very highly biased, let's say, and draws some incorrect conclusions, even if some of the spirit is correct.
(Full disclosure: I used to work on Chrome, about ten years ago, I now work on Google Maps, and I use Firefox with uBlock Origin, Privact Badger, and Decentraleyes for non-work browsing, including on my phone. [I need to refresh my list of privacy add-ons! I haven't checked for the latest and greatest in several years.] I try to avoid Google services for my personal life, though I'm not militant about it.)
Chrome (mostly) does not directly track you. Even the sync system is (or was, back when I worked on Chrome) designed so that Google receives an encrypted blob that can't be decrypted by Google's servers. The Omnibox is one obvious exception -- typing something in there is more or less like typing it into the Google Search box. There are internal controls on how that data gets stored or not, but they're opaque and firmly in the "you have to trust Google" side of the privacy story.
No, Google uses a whole slew of other techniques so that it doesn't need to track you via Chrome: for example, getting a blob Google Analytics code onto a huge proportion of web sites, tracking you via ads on third-party sites, some (limited) tracking through using your Google account to log into third-party sites, scanning your email, tracking your uses of Google Pay, and on and on.
If you want Google to not track you, definitely use something other than Google Search/Maps/Drive/Mail/etc., but also make sure that you're using good anti-trackers in whichever browser you're using. There is no good reason to allow anythird parties to see which sites you are using.
Other notes:
Yes, Maps sees what you're looking at "in Chrome." And in Firefox, Safari, Edge, or whatever browser you choose. At the very minimum, your browser has to hand your IP address and a location and zoom level over to Google in order to get the map tiles for you to view. OpenStreetMap also gets your IP address and the location and zoom level you're interested in. (Again, you need to decide how much you trust Google with that information as opposed to OpenStreetMap, but you're sending the same data to whichever place you pick.)
Ad blockers have always had somewhat spotty support in Chrome. There are, unfortunately, privacy and performance implications to allowing a third-party tool to inspect and modify every request made by your browser! Different factions within the Chrome Extensions team (and the Chrome Networking team) have had more sway over the years, but I will say that there have been a lot of problems with fake ad blockers, ad blockers "selling out," and non-ad-blocking extensions just abusing the APIs. I'm hesitant to draw conclusions about "Google's" motivations here, because the Chrome "team" is more like 50 more-or-less independent teams trying to improve their own little fiefdom within Chrome, with surprisingly little top-down control. (Which turns out to be a bad thing in practice, and is one of the reasons I don't use Chrome.)
posted by reventlov at 9:56 AM on April 18, 2022 [19 favorites]
(Full disclosure: I used to work on Chrome, about ten years ago, I now work on Google Maps, and I use Firefox with uBlock Origin, Privact Badger, and Decentraleyes for non-work browsing, including on my phone. [I need to refresh my list of privacy add-ons! I haven't checked for the latest and greatest in several years.] I try to avoid Google services for my personal life, though I'm not militant about it.)
Chrome (mostly) does not directly track you. Even the sync system is (or was, back when I worked on Chrome) designed so that Google receives an encrypted blob that can't be decrypted by Google's servers. The Omnibox is one obvious exception -- typing something in there is more or less like typing it into the Google Search box. There are internal controls on how that data gets stored or not, but they're opaque and firmly in the "you have to trust Google" side of the privacy story.
No, Google uses a whole slew of other techniques so that it doesn't need to track you via Chrome: for example, getting a blob Google Analytics code onto a huge proportion of web sites, tracking you via ads on third-party sites, some (limited) tracking through using your Google account to log into third-party sites, scanning your email, tracking your uses of Google Pay, and on and on.
If you want Google to not track you, definitely use something other than Google Search/Maps/Drive/Mail/etc., but also make sure that you're using good anti-trackers in whichever browser you're using. There is no good reason to allow anythird parties to see which sites you are using.
Other notes:
Yes, Maps sees what you're looking at "in Chrome." And in Firefox, Safari, Edge, or whatever browser you choose. At the very minimum, your browser has to hand your IP address and a location and zoom level over to Google in order to get the map tiles for you to view. OpenStreetMap also gets your IP address and the location and zoom level you're interested in. (Again, you need to decide how much you trust Google with that information as opposed to OpenStreetMap, but you're sending the same data to whichever place you pick.)
Ad blockers have always had somewhat spotty support in Chrome. There are, unfortunately, privacy and performance implications to allowing a third-party tool to inspect and modify every request made by your browser! Different factions within the Chrome Extensions team (and the Chrome Networking team) have had more sway over the years, but I will say that there have been a lot of problems with fake ad blockers, ad blockers "selling out," and non-ad-blocking extensions just abusing the APIs. I'm hesitant to draw conclusions about "Google's" motivations here, because the Chrome "team" is more like 50 more-or-less independent teams trying to improve their own little fiefdom within Chrome, with surprisingly little top-down control. (Which turns out to be a bad thing in practice, and is one of the reasons I don't use Chrome.)
posted by reventlov at 9:56 AM on April 18, 2022 [19 favorites]
biogeo: but I don't think focusing on Google or the Chrome browser specifically end up addressing the fundamental problem
For those insufficiently aware of the problem (and that set will include lawmakers) you need examples to illustrate what the underlying problem is.
posted by Stoneshop at 10:02 AM on April 18, 2022 [2 favorites]
For those insufficiently aware of the problem (and that set will include lawmakers) you need examples to illustrate what the underlying problem is.
posted by Stoneshop at 10:02 AM on April 18, 2022 [2 favorites]
Stoneshop, that's fair, and I was unclear in what I wrote there. What I mean to say is, I think it's better to say "We have a problem with a particular aspect of our society in regulating an industry, and here are examples from Google and/or the Chrome browser" than it is to say "We have a problem with Google and/or the Chrome browser, and here are examples." Because I don't think the problem is actually limited to Google, nor is Google a worse actor than most (arguably, it's better than a lot of the industry standard, but that's a pretty low bar).
posted by biogeo at 10:10 AM on April 18, 2022 [1 favorite]
posted by biogeo at 10:10 AM on April 18, 2022 [1 favorite]
My modus operandi is probably not for everyone (to say the least). My primary browser is the venerable lynx in a containerized Debian. I have the ability to open any site in lynx (text), w3m (text with tables) or Chrome OS (graphical) from inside lynx itself. Metafilter looks fine in text so that's what I used to get here today. But to login and comment on this post I switched to Chrome temporarily. The EFF Privacy Badger is my only tracking defense when graphically browsing. And to make textual browsing go a bit more smoothly I tell lynx to accept all cookies. But since I also somehow failed to provide a file to store them in they all disappear at the end of every session...
posted by jim in austin at 10:33 AM on April 18, 2022 [1 favorite]
posted by jim in austin at 10:33 AM on April 18, 2022 [1 favorite]
i think the world is entirely upside down.
if you would like to use my name, ssn, likeness, address, ip...for yor profit-making data analytics, surely i can lease them to you for a reasonably priced limited use short term license. possibly a subscription service. terms of service may change without notice.
people should 100% own 100% of their data.
posted by j_curiouser at 10:35 AM on April 18, 2022 [13 favorites]
if you would like to use my name, ssn, likeness, address, ip...for yor profit-making data analytics, surely i can lease them to you for a reasonably priced limited use short term license. possibly a subscription service. terms of service may change without notice.
people should 100% own 100% of their data.
posted by j_curiouser at 10:35 AM on April 18, 2022 [13 favorites]
But not doing anything at all is defaitist.
Then it's a good thing nobody's saying that. What is being pointed out is that individual action is poor praxis for societal issues. At best, it serves as mitigation for yourself while failing to address the actual underlying issues. At worst, it creates a false sense of mitigation while failing to address anything. Issues with data collection are beyond any one company, and need to be addressed as such.
For those insufficiently aware of the problem (and that set will include lawmakers) you need examples to illustrate what the underlying problem is.
John Oliver just recently did a feature piece on data brokers, including making the point clear to lawmakers by making it personal, LWT style.
posted by NoxAeternum at 10:54 AM on April 18, 2022 [4 favorites]
Then it's a good thing nobody's saying that. What is being pointed out is that individual action is poor praxis for societal issues. At best, it serves as mitigation for yourself while failing to address the actual underlying issues. At worst, it creates a false sense of mitigation while failing to address anything. Issues with data collection are beyond any one company, and need to be addressed as such.
For those insufficiently aware of the problem (and that set will include lawmakers) you need examples to illustrate what the underlying problem is.
John Oliver just recently did a feature piece on data brokers, including making the point clear to lawmakers by making it personal, LWT style.
posted by NoxAeternum at 10:54 AM on April 18, 2022 [4 favorites]
I've been saying something similar to j_curiouser for a while. This is just a starting point and in need of substantial modification, but: what if I owned all data about me, companies must license it from me, and if I revoke the license they must delete it? So if Google wants my data, they can provide a service (search, Gmail, etc), and if I stop using the service they can't keep data about it. Carve-outs would have to be explicit (e.g., doctors may permanently keep health data on anyone they've treated, but just like today they must protect its privacy).
Sure it's a radical departure from the status quo, and there's a huge discussion to be had about whether the government is constrained by this "keep no data unless there's a carve-out" policy (and how to enforce that), but it might be a beneficial way to frame the issue: people should own all data about themselves with limited exceptions.
posted by Tehhund at 11:06 AM on April 18, 2022 [5 favorites]
Sure it's a radical departure from the status quo, and there's a huge discussion to be had about whether the government is constrained by this "keep no data unless there's a carve-out" policy (and how to enforce that), but it might be a beneficial way to frame the issue: people should own all data about themselves with limited exceptions.
posted by Tehhund at 11:06 AM on April 18, 2022 [5 favorites]
but I don't think focusing on Google or the Chrome browser specifically end up addressing the fundamental problem
This ad company has significant control over the web, by way of its browser, the multiple platforms running this browser, and search/advertising functionality that has spread beyond its browser. While the underlying problems are generally universal to all monopolies, this is the current monopoly that needs to be dealt with.
posted by They sucked his brains out! at 11:11 AM on April 18, 2022 [3 favorites]
This ad company has significant control over the web, by way of its browser, the multiple platforms running this browser, and search/advertising functionality that has spread beyond its browser. While the underlying problems are generally universal to all monopolies, this is the current monopoly that needs to be dealt with.
posted by They sucked his brains out! at 11:11 AM on April 18, 2022 [3 favorites]
This is why I changed my name to "the product formally known as loquacious".
posted by loquacious at 11:23 AM on April 18, 2022 [2 favorites]
posted by loquacious at 11:23 AM on April 18, 2022 [2 favorites]
That Google is a monopoly, or part of an oligopoly, is a separate issue from data privacy, one that amplifies the potential harm but has a totally different treatment. We can trust bust and regulate data privacy, and we should.
posted by biogeo at 11:24 AM on April 18, 2022
posted by biogeo at 11:24 AM on April 18, 2022
Or put another way, going after Microsoft in the 90s for antitrust behavior was a good thing, but achieved little bit paving the way for the next monopolies, because we were aggressively deregulating the internet at the same time. We should break up big tech but if we don't also regulate data privacy, we're going to have the same problem 10 years later.
posted by biogeo at 11:27 AM on April 18, 2022 [1 favorite]
posted by biogeo at 11:27 AM on April 18, 2022 [1 favorite]
Or to put it another way, as is pointed out by the LWT piece I linked, data brokerage is a multi billion dollar industry with a number of players attached to it, of which Google is only one player. Focusing on Google alone is to ignore the rest of the industry.
posted by NoxAeternum at 11:32 AM on April 18, 2022 [1 favorite]
posted by NoxAeternum at 11:32 AM on April 18, 2022 [1 favorite]
That Google is a monopoly, or part of an oligopoly, is a separate issue from data privacy
I'm not disagreeing with you for the sake of disagreement. Even if the US DoJ is not doing anything to enforce existing laws against this monopoly — and the data collection practices that Google's hold on the market allow — there are other regulatory agencies outside the US that do acknowledge this ad company is a major contributor to the problem, and they are starting to do something about that larger problem.
posted by They sucked his brains out! at 12:27 PM on April 18, 2022 [2 favorites]
I'm not disagreeing with you for the sake of disagreement. Even if the US DoJ is not doing anything to enforce existing laws against this monopoly — and the data collection practices that Google's hold on the market allow — there are other regulatory agencies outside the US that do acknowledge this ad company is a major contributor to the problem, and they are starting to do something about that larger problem.
posted by They sucked his brains out! at 12:27 PM on April 18, 2022 [2 favorites]
reventlov: you need to decide how much you trust Google with that information as opposed to OpenStreetMap, but you're sending the same data to whichever place you pick.
That is of course true.
One of the things that bothers me about Google is that they get their information from so many different sources. This makes for a very wide range of different kinds of information, all gathered in the same database (of some company in a foreign country).
If I'm going to leak data (and that will happen), I prefer to scatter it over different companies, so that hopefully no one has the whole picture. For that reason alone, I would rather trust OpenStreetMap to have information about my location searches than Google. Because I don't use OSM for anything else.
posted by Too-Ticky at 1:26 PM on April 18, 2022 [2 favorites]
That is of course true.
One of the things that bothers me about Google is that they get their information from so many different sources. This makes for a very wide range of different kinds of information, all gathered in the same database (of some company in a foreign country).
If I'm going to leak data (and that will happen), I prefer to scatter it over different companies, so that hopefully no one has the whole picture. For that reason alone, I would rather trust OpenStreetMap to have information about my location searches than Google. Because I don't use OSM for anything else.
posted by Too-Ticky at 1:26 PM on April 18, 2022 [2 favorites]
I take your disagreement in good faith, They sucked his brains out! I think we disagree about this less than we agree, anyway. I just think it's helpful to think of these as separate issues, though of course they do interrelate, because the industry standard around data privacy and personal control over personal data (or the lack thereof) will continue to be a problem even if Google's monopolistic status in the industry is addressed. Therefore I think it's important to address both issues in parallel rather than focus entirely on only one.
posted by biogeo at 1:31 PM on April 18, 2022
posted by biogeo at 1:31 PM on April 18, 2022
And to be clear, I'm not saying that you're arguing that we should focus on only one! Just that we may disagree in priority or emphasis in how to think and talk about these issues.
posted by biogeo at 1:33 PM on April 18, 2022
posted by biogeo at 1:33 PM on April 18, 2022
People who are not us do not understand why privacy is important.
posted by amtho at 3:20 PM on April 18, 2022
posted by amtho at 3:20 PM on April 18, 2022
Hm... I started out feeling fairly receptive towards the message of this piece, but there were so many tricky rhetorical maneuvers that it really turned me off.
Agreed. I was nodding along until the claim that Google Assistant is "recording everything you say," which I don't believe to be accurate based on some cursory research. That seems like it's either a misunderstanding, misrepresentation, or exaggeration. It's a shame because the rest of the comic is compelling but now I'm not sure how accurate it is. It would help if it cited its sources.
(I use Firefox, for the record.)
posted by Emily's Fist at 3:45 PM on April 18, 2022 [3 favorites]
Agreed. I was nodding along until the claim that Google Assistant is "recording everything you say," which I don't believe to be accurate based on some cursory research. That seems like it's either a misunderstanding, misrepresentation, or exaggeration. It's a shame because the rest of the comic is compelling but now I'm not sure how accurate it is. It would help if it cited its sources.
(I use Firefox, for the record.)
posted by Emily's Fist at 3:45 PM on April 18, 2022 [3 favorites]
I've found myself thinking about how it is almost certainly the case that the only reason people are generally so blasé about having their every movement tracked and surveilled is due to a combination of "because Google and Facebook hide it so well" and "learned cynicism" ("they're all the same anyway"). John "Daring Fireball" Gruber is fond of an analogy: if you went shopping for jeans at the Gap and then walked to the other end of the mall, and someone greeted you at the entrance of Macy's by name, with a selection of jeans in your size, you would probably be creeped out by that! But that is, in effect pretty much exactly Google's and Facebook's business model, minus the part where they tip their hand about the level of detail with which they record every single thing you do.
Or, as I've seen it put elsewhere, of course Facebook/Google isn't listening to your conversations via your phone's mic, because they already know everything about you from your browser activity anyway.
posted by DoctorFedora at 4:06 PM on April 18, 2022
Or, as I've seen it put elsewhere, of course Facebook/Google isn't listening to your conversations via your phone's mic, because they already know everything about you from your browser activity anyway.
posted by DoctorFedora at 4:06 PM on April 18, 2022
if you went shopping for jeans at the Gap and then walked to the other end of the mall, and someone greeted you at the entrance of Macy's by name, with a selection of jeans in your size, you would probably be creeped out by that!
Honestly, my first thought was that I loathe shopping for jeans so that sounds kind of convenient. (John Gruber has perhaps never had the pain of shopping for women's jeans). Of course an unsolicited greeting is spooky... but if the Gap asked whether they could share my jeans measurements so that Macys could just present me with ones that fit, I'd say hell yeah. (Obviously consent is part of the equation.)
I mean, one obvious answer for why people let Google and other tech giants get away with stuff like this is that they're offering services that are useful or make life more convenient. That's part of why people are blase about the hidden downsides, and what's so insidious.
posted by Emily's Fist at 4:33 PM on April 18, 2022 [2 favorites]
Honestly, my first thought was that I loathe shopping for jeans so that sounds kind of convenient. (John Gruber has perhaps never had the pain of shopping for women's jeans). Of course an unsolicited greeting is spooky... but if the Gap asked whether they could share my jeans measurements so that Macys could just present me with ones that fit, I'd say hell yeah. (Obviously consent is part of the equation.)
I mean, one obvious answer for why people let Google and other tech giants get away with stuff like this is that they're offering services that are useful or make life more convenient. That's part of why people are blase about the hidden downsides, and what's so insidious.
posted by Emily's Fist at 4:33 PM on April 18, 2022 [2 favorites]
The fact that businesses collecting our data are so unregulated is ridiculous.
The fact is that regulating our data is practically impossible. To achieve any kind of effective regulation, at least most of the countries (probably somewhere approaching all) in the world would have to co-operate to put in place this regulation and to do it in a consistent way. One of the poisoned fruits of the Internet is that, once it became globally ubiquitous, it became functionally impossible to know where your data is, how it got there and who has control of it. The US (eg) could overnight decide to implement national, consistent, strong regulation (and if you believe that to be possible, I have a bridge I'd like to sell you) to control how personal data is collected, used, stored and sold and it would not amount to more than a momentary blip in the traffic of personal data, if that.
My view is that privacy is a thing of the past and I can't see how putting that cork back in the bottle is now possible. But being aware that your data is up for sale is one of the strongest protections we have available to us.
Like a couple of others, I picked up a some exaggerations in the comic (although I enjoyed reading it and have no doubt it's largely accurate) and the one in particular I noted was that Google Assistant is recording everything you say - there's no doubt it's listening to everything you say or how can it know you said 'hey Google'? But the idea it's recording anything before that seems highly unlikely, at least in countries where recording of private conversations does actually have strong regulation.
posted by dg at 5:11 PM on April 18, 2022
The fact is that regulating our data is practically impossible. To achieve any kind of effective regulation, at least most of the countries (probably somewhere approaching all) in the world would have to co-operate to put in place this regulation and to do it in a consistent way. One of the poisoned fruits of the Internet is that, once it became globally ubiquitous, it became functionally impossible to know where your data is, how it got there and who has control of it. The US (eg) could overnight decide to implement national, consistent, strong regulation (and if you believe that to be possible, I have a bridge I'd like to sell you) to control how personal data is collected, used, stored and sold and it would not amount to more than a momentary blip in the traffic of personal data, if that.
My view is that privacy is a thing of the past and I can't see how putting that cork back in the bottle is now possible. But being aware that your data is up for sale is one of the strongest protections we have available to us.
Like a couple of others, I picked up a some exaggerations in the comic (although I enjoyed reading it and have no doubt it's largely accurate) and the one in particular I noted was that Google Assistant is recording everything you say - there's no doubt it's listening to everything you say or how can it know you said 'hey Google'? But the idea it's recording anything before that seems highly unlikely, at least in countries where recording of private conversations does actually have strong regulation.
posted by dg at 5:11 PM on April 18, 2022
Do I have to read the original to know the meaning of page 26 with just the big box with horizontal lines? or maybe mine's just not rendering properly
You might enjoy reading Scott McCloud's book Understanding Comics
One way to read the sequence of images is that the horizontal lines in the sky signifying distance on page 25 become the ambiguous horizontal lines on page 26 which become ripples in fabric caused by the man behind the curtain on page 27.
posted by otherchaz at 5:45 PM on April 18, 2022 [1 favorite]
You might enjoy reading Scott McCloud's book Understanding Comics
One way to read the sequence of images is that the horizontal lines in the sky signifying distance on page 25 become the ambiguous horizontal lines on page 26 which become ripples in fabric caused by the man behind the curtain on page 27.
posted by otherchaz at 5:45 PM on April 18, 2022 [1 favorite]
Like a couple of others, I picked up a some exaggerations in the comic (although I enjoyed reading it and have no doubt it's largely accurate) and the one in particular I noted was that Google Assistant is recording everything you say - there's no doubt it's listening to everything you say or how can it know you said 'hey Google'? But the idea it's recording anything before that seems highly unlikely, at least in countries where recording of private conversations does actually have strong regulation.Who knows for certain I guess, but I would assume that the audio search requests and other commands are transcribed to text before transmitting to the cloud for processing. Alexa maintains a text history of commands which you can peruse. I assume Google could very easily store the transcribed text and not an audio recording just as well.
posted by device55 at 7:44 PM on April 18, 2022
Google is storing that info about you. I'm wondering if there is anything to substantiate that.
Billions of dollars in revenue from what was originally a tiny start-up?
They are obviously making money on this.
But... From a technical perspective... text is miniscule to store. Yet in addition to those characters you type into your OMNI BOX... Google happily stores all your email... With attachments... Don't they also have Photo/Image storage? Hmmm - videos for people to upload and stream? And random drive-storage space they give away for "free"? That kind of storage is nowhere near as cheap as storing some text.
Hypothetical example - if you were to automatically transcribe what the average person speaks in a single day (approximately 14,000 to 25,000 words) - which is about 40-pages of text, that is about 80kb of text data per day to store. If you consider the average consumer to be valuable from age 18 to 75, then that means a total lifetime storage amount of... 1.6gb - and that isn't even factoring in any compression. While there is no proof that Google Home Assistant or Amazon Alexa are sending every word back (supposedly they listen only for keywords...), I know enough about programming that if I was building an "always-on" microphone, I would just store data until other network activity happens and then send a bigger batch...
Do they do this out of the goodness of their heart and/or social responsibility?
It has been said by many people over the last "n-years" - if you're not paying for a product - you are the product.
posted by rozcakj at 7:49 PM on April 18, 2022 [3 favorites]
Billions of dollars in revenue from what was originally a tiny start-up?
They are obviously making money on this.
But... From a technical perspective... text is miniscule to store. Yet in addition to those characters you type into your OMNI BOX... Google happily stores all your email... With attachments... Don't they also have Photo/Image storage? Hmmm - videos for people to upload and stream? And random drive-storage space they give away for "free"? That kind of storage is nowhere near as cheap as storing some text.
Hypothetical example - if you were to automatically transcribe what the average person speaks in a single day (approximately 14,000 to 25,000 words) - which is about 40-pages of text, that is about 80kb of text data per day to store. If you consider the average consumer to be valuable from age 18 to 75, then that means a total lifetime storage amount of... 1.6gb - and that isn't even factoring in any compression. While there is no proof that Google Home Assistant or Amazon Alexa are sending every word back (supposedly they listen only for keywords...), I know enough about programming that if I was building an "always-on" microphone, I would just store data until other network activity happens and then send a bigger batch...
Do they do this out of the goodness of their heart and/or social responsibility?
It has been said by many people over the last "n-years" - if you're not paying for a product - you are the product.
posted by rozcakj at 7:49 PM on April 18, 2022 [3 favorites]
If you want to transition stuff from an old Gmail account to a new account, set up forwarding from the old account to the new account...
I agree with all the advice in the linked comment, but there's a better way to do the forwarding than the obvious method Google provides. I recommend using a Gmail filter instead.
That way, you can make it so that all the spam sent to your Gmail account simply gets forwarded to your new account instead of being held by Google, so you never have to sign into your Google Account just to track down the inevitable false positives; you can look in your new account's Spam folder instead.
As a bonus, the volume of spam that gets aimed at any well-established Gmail account is enough to train up almost any other service's spam filter pretty damn quick.
posted by flabdablet at 10:21 PM on April 18, 2022
I agree with all the advice in the linked comment, but there's a better way to do the forwarding than the obvious method Google provides. I recommend using a Gmail filter instead.
That way, you can make it so that all the spam sent to your Gmail account simply gets forwarded to your new account instead of being held by Google, so you never have to sign into your Google Account just to track down the inevitable false positives; you can look in your new account's Spam folder instead.
As a bonus, the volume of spam that gets aimed at any well-established Gmail account is enough to train up almost any other service's spam filter pretty damn quick.
posted by flabdablet at 10:21 PM on April 18, 2022
The fact is that regulating our data is practically impossible.
Your "fact" is nothing of the sort, as the GDPR and the response to it demonstrate. The reality is that not only are the data brokers themselves large companies who do have to physically exist - but in order for them to be able to do what they need in order to track users, they need buyin from website operators who are also companies who need to exist physically as well. And despite what techies still think (even after repeated demonstrations to the contrary), courts take a very dim view when companies try to play shell games to avoid jurisdiction and liability.
Cynicism, though it likes to pretend it's wisdom, is nothing of the sort.
posted by NoxAeternum at 2:17 AM on April 19, 2022 [4 favorites]
Your "fact" is nothing of the sort, as the GDPR and the response to it demonstrate. The reality is that not only are the data brokers themselves large companies who do have to physically exist - but in order for them to be able to do what they need in order to track users, they need buyin from website operators who are also companies who need to exist physically as well. And despite what techies still think (even after repeated demonstrations to the contrary), courts take a very dim view when companies try to play shell games to avoid jurisdiction and liability.
Cynicism, though it likes to pretend it's wisdom, is nothing of the sort.
posted by NoxAeternum at 2:17 AM on April 19, 2022 [4 favorites]
Lots of great Google-alternatives advice in this thread. Any recommendations for less expensive and "zero-knowledge" online storage than Google Drive/Google One? I use Backblaze for system backup, all I need is 100GB or less for minor file sharing between devices.
posted by Greg_Ace at 10:18 AM on April 19, 2022 [2 favorites]
posted by Greg_Ace at 10:18 AM on April 19, 2022 [2 favorites]
Keybase file system still offers 250GB per user account at no charge, last time I checked. Multiple devices can be logged into a single Keybase user account and anything put up in that account's subfolder of /keybase/private will be accessible to all of those and only those. Subfolders /keybase/team and /keybase/public also exist, allowing files to be restricted to members of specific Keybase teams or world readable via both the open-source Keybase client and the Web generally.
My experience with KBFS has been largely positive. I like the fact that I can fill up my 250GB of encrypted server blocks without coming anywhere near occupying 250GB of storage on any of my own devices; this is particularly good for phones. I also like that because of the direct upload / direct download model, the local Keybase client isn't constantly chewing up my battery looking for local file changes to sync.
Speed has always been about as good as the underlying Internet connection allows, and I like being able to mark selected files or folders for local caching so that they can still be retrieved locally even when no Internet connection is available.
However, I've also seen some weird flakiness after trying to upload a hundred gigs of stuff in one session over an Internet connection with ~20% packet loss, ending up in an irreconcilable disagreement between clients about what they could see stored on KBFS. Keybase's support staff were very helpful in getting that resolved even though I'm livestock rather than a customer, and I ended up losing no data as a result, but even so I wouldn't ever consider keeping my only copy of anything on KBFS. Then again, I generally don't ever have an "only copy" of anything I care about for more than a few minutes at a stretch.
posted by flabdablet at 10:38 AM on April 19, 2022 [1 favorite]
My experience with KBFS has been largely positive. I like the fact that I can fill up my 250GB of encrypted server blocks without coming anywhere near occupying 250GB of storage on any of my own devices; this is particularly good for phones. I also like that because of the direct upload / direct download model, the local Keybase client isn't constantly chewing up my battery looking for local file changes to sync.
Speed has always been about as good as the underlying Internet connection allows, and I like being able to mark selected files or folders for local caching so that they can still be retrieved locally even when no Internet connection is available.
However, I've also seen some weird flakiness after trying to upload a hundred gigs of stuff in one session over an Internet connection with ~20% packet loss, ending up in an irreconcilable disagreement between clients about what they could see stored on KBFS. Keybase's support staff were very helpful in getting that resolved even though I'm livestock rather than a customer, and I ended up losing no data as a result, but even so I wouldn't ever consider keeping my only copy of anything on KBFS. Then again, I generally don't ever have an "only copy" of anything I care about for more than a few minutes at a stretch.
posted by flabdablet at 10:38 AM on April 19, 2022 [1 favorite]
Well, I appreciate what they're trying to do, but... a couple of issues.
First, and I admit this is maybe a bit petty, but I don't know that anyone should be throwing stones about confusing user interfaces, when their web comic has a UI that when you press the fast-forward-looking button, takes you to what appears to be... a blank page... at the end... of the German version? Do they not realize that buttons on the outside of a UI are easier to hit than ones on the inside? Why would you put this useless "go to page 588" button there? Why do you even have that button, much less give it so much primo screen real estate? It's a fucking Kronk Lever.
Anyway.
Maybe I'm just a veteran of too many Browser Wars at this point. (The plugins, man—*drags on cigarette, sips JD*—the fuckin' plugins. ActiveX. VRML. It changes you. Sometimes... sometimes I can still hear them. At night. The Flash animations. That stupid grinning cat. Talkin' Tom. We had to leave him. Back in IE6, maybe 7. I think of him a lot, you know?)
Pushing people to change browsers only goes so far. People use the browser they use because it's what the sites they need to use are tested, and work well on.
The standards bodies were supposed to make it better, but they're a mess. Turns out there's nothing really stopping someone from setting up a new "standards body" if they don't like your idea of a standard.
Also, most of the parade of horribles—things that people can do with your personal information, e.g. selling them to political consultancies—they can do without Chrome. I mentioned this in another thread yesterday, but data brokers pull a ton of information—which many people mistakenly believe comes from their phones or Echo devices or wherever—from anodyne sources like retailer loyalty-card systems, cell phone network operators, credit card networks, etc. Maybe even your ISP. It wouldn't surprise me if future operating systems have some sort of scaled pricing depending on how much "telemetry" you let it collect. (Corporate versions will cost more, since companies don't like anyone else snooping on their employees. Home/consumer versions might be discounted or even free, in exchange for all the data an OS can collect on you... which is even more than a browser.)
Yes, you should secure your browser, and be aware of what information is being collected there. I'm not arguing that. But IMO there's a myopic focus on Big Tech—and I get it, they're big, high-visibility targets—and too little attention being paid to an entire industry of data brokers and "consumer analytics" companies who pull in and deanonymize/deaggregate (they don't call it that, but... that's what they're doing) large data sets to build profiles of individuals and razor-thin demographic groups. You could shut down Facebook and Google tomorrow, and these companies would still exist. You'd still be getting targeted ads. Any political solution needs to be aimed not just at "big tech", but at the entire ecosystem that treats consumer data as a harvestable resource that gains value the more of it you have. Because otherwise, the hits are just gonna keep on coming. It's almost impossible not to leak information, and if the value of that information outweighs the regulatory risk of having it around, someone's going to collect it.
Anyway: on the technical side, you can prevent Google from peering too far into your data by encrypting your sync data with a Custom Sync Passphrase, rather than the default of using your Google Account to encrypt it. IIRC, this will require you to manually enter the passphrase on every Chrome device that you want to sync data with, but it basically breaks the link between your data and your Google Account, so that Google can't access it. I'm sure this breaks some features somewhere, but I've had it for years and haven't felt a compelling reason to change it. It effectively turns Chrome Sync into a zero-knowledge "here's a bunch of bits, we don't know what's in there, good luck with that" service, plus or minus whatever other Google features you're using.
posted by Kadin2048 at 2:34 PM on April 19, 2022 [3 favorites]
First, and I admit this is maybe a bit petty, but I don't know that anyone should be throwing stones about confusing user interfaces, when their web comic has a UI that when you press the fast-forward-looking button, takes you to what appears to be... a blank page... at the end... of the German version? Do they not realize that buttons on the outside of a UI are easier to hit than ones on the inside? Why would you put this useless "go to page 588" button there? Why do you even have that button, much less give it so much primo screen real estate? It's a fucking Kronk Lever.
Anyway.
Maybe I'm just a veteran of too many Browser Wars at this point. (The plugins, man—*drags on cigarette, sips JD*—the fuckin' plugins. ActiveX. VRML. It changes you. Sometimes... sometimes I can still hear them. At night. The Flash animations. That stupid grinning cat. Talkin' Tom. We had to leave him. Back in IE6, maybe 7. I think of him a lot, you know?)
Pushing people to change browsers only goes so far. People use the browser they use because it's what the sites they need to use are tested, and work well on.
The standards bodies were supposed to make it better, but they're a mess. Turns out there's nothing really stopping someone from setting up a new "standards body" if they don't like your idea of a standard.
Also, most of the parade of horribles—things that people can do with your personal information, e.g. selling them to political consultancies—they can do without Chrome. I mentioned this in another thread yesterday, but data brokers pull a ton of information—which many people mistakenly believe comes from their phones or Echo devices or wherever—from anodyne sources like retailer loyalty-card systems, cell phone network operators, credit card networks, etc. Maybe even your ISP. It wouldn't surprise me if future operating systems have some sort of scaled pricing depending on how much "telemetry" you let it collect. (Corporate versions will cost more, since companies don't like anyone else snooping on their employees. Home/consumer versions might be discounted or even free, in exchange for all the data an OS can collect on you... which is even more than a browser.)
Yes, you should secure your browser, and be aware of what information is being collected there. I'm not arguing that. But IMO there's a myopic focus on Big Tech—and I get it, they're big, high-visibility targets—and too little attention being paid to an entire industry of data brokers and "consumer analytics" companies who pull in and deanonymize/deaggregate (they don't call it that, but... that's what they're doing) large data sets to build profiles of individuals and razor-thin demographic groups. You could shut down Facebook and Google tomorrow, and these companies would still exist. You'd still be getting targeted ads. Any political solution needs to be aimed not just at "big tech", but at the entire ecosystem that treats consumer data as a harvestable resource that gains value the more of it you have. Because otherwise, the hits are just gonna keep on coming. It's almost impossible not to leak information, and if the value of that information outweighs the regulatory risk of having it around, someone's going to collect it.
Anyway: on the technical side, you can prevent Google from peering too far into your data by encrypting your sync data with a Custom Sync Passphrase, rather than the default of using your Google Account to encrypt it. IIRC, this will require you to manually enter the passphrase on every Chrome device that you want to sync data with, but it basically breaks the link between your data and your Google Account, so that Google can't access it. I'm sure this breaks some features somewhere, but I've had it for years and haven't felt a compelling reason to change it. It effectively turns Chrome Sync into a zero-knowledge "here's a bunch of bits, we don't know what's in there, good luck with that" service, plus or minus whatever other Google features you're using.
posted by Kadin2048 at 2:34 PM on April 19, 2022 [3 favorites]
there's nothing really stopping someone from setting up a new "standards body" if they don't like your idea of a standard.
That's the nice thing about standards - there's so many of them to choose from!
posted by Greg_Ace at 3:58 PM on April 19, 2022 [3 favorites]
That's the nice thing about standards - there's so many of them to choose from!
posted by Greg_Ace at 3:58 PM on April 19, 2022 [3 favorites]
The fact is that regulating our data is practically impossible.
Your "fact" is nothing of the sort, as the GDPR and the response to it demonstrate.
Well, sure, there are plenty of regulatory instruments all over the place, but that's not the same as actually regulating personal information, not by a long stretch. A couple of decades of experience in regulation, including drafting then shepherding instruments through parliaments and enforcing regulations at a state and national level has convinced me that pretty much all regulation is only ever effective against those that are willing to be regulated. Wherever you have bad players that have financial incentives to avoid regulation, they will avoid regulation. It's very common for such players to do the sums and realise the cost of occasionally getting caught out is always going to be less than the cost of compliance in the first place. The history of enforcement under GDPR and similar instruments is a clear example of people deciding to run the gauntlet because the cost of getting caught is so low relative to the financial benefits.
I agree that this is a cynical approach and I don't pretend to any level of wisdom on anything, but my lived experience in the field of regulation is that cynicism is absolutely necessary for regulators. To be at all effective, you have to assume that some people will act badly when given the option (without assuming that every person will do so, or you'll go insane).
posted by dg at 4:40 PM on April 19, 2022 [1 favorite]
Your "fact" is nothing of the sort, as the GDPR and the response to it demonstrate.
Well, sure, there are plenty of regulatory instruments all over the place, but that's not the same as actually regulating personal information, not by a long stretch. A couple of decades of experience in regulation, including drafting then shepherding instruments through parliaments and enforcing regulations at a state and national level has convinced me that pretty much all regulation is only ever effective against those that are willing to be regulated. Wherever you have bad players that have financial incentives to avoid regulation, they will avoid regulation. It's very common for such players to do the sums and realise the cost of occasionally getting caught out is always going to be less than the cost of compliance in the first place. The history of enforcement under GDPR and similar instruments is a clear example of people deciding to run the gauntlet because the cost of getting caught is so low relative to the financial benefits.
I agree that this is a cynical approach and I don't pretend to any level of wisdom on anything, but my lived experience in the field of regulation is that cynicism is absolutely necessary for regulators. To be at all effective, you have to assume that some people will act badly when given the option (without assuming that every person will do so, or you'll go insane).
posted by dg at 4:40 PM on April 19, 2022 [1 favorite]
I'm not sure what should I do, exactly. Don't know if someone touched the issue in the discussion, but one of the main reasons I can't think of abandoning Google right now is security. Most of shopping I do is online, got all sorts of financial login information and account details linked to my google account because I know that if something goes wrong it is a guaranteed layer of protection I could not expect from other services. Or could I? Really could use some advice about this: how can I be protected online without having to hand out personal information in exchange?
posted by BruxoPimba at 7:13 PM on April 20, 2022
posted by BruxoPimba at 7:13 PM on April 20, 2022
I know that if something goes wrong it is a guaranteed layer of protection I could not expect from other services.
That really depends on what it is that you believe your Google account is protecting you against.
Personally I am not prepared to risk exposing any of that stuff to a Google account, and take pains to refuse all of the many invitations my assorted devices offer me to keep convenience copies there.
All my own login information and account details, financial and TOTP included, are kept in a KDBX 4 database file that I use KeePassXC to work with on my desktop devices with KeePassXC-Browser to integrate with my web browsers, and KeePassDroid to work with on my phones. I currently use Dropbox to keep that database synced across devices, as well as keeping my own periodic local offline backups of it, but if Dropbox ever goes belly-up I could swap in any other cross-platform file sync service to do the same job. Even Google Drive, at a pinch.
Making it feasible to employ only long, machine-generated, unique-per-service secrets by using any centralized password management solution to is a huge step up, security-wise, from the shitty ad-hoc passwords that too many people still rely on to such an extent that the first factor in 2FA might as well not even be there.
But it's a choice that comes with its own risks, the worst of which is total loss of all stored credentials in one hit if something goes wrong with the password manager. And if the password manager is in fact part of a Google account, and the Google account is one of the usual freebies so that the account holder is mere Google livestock rather than one of its customers, I personally rate the risk of having such an account yoinked out from underfoot without warning, and the subsequent nightmare of trying to extract anything resembling satisfaction from Google customer "support", to be far too high. I am much happier relying on open source software that manipulates a database file whose ongoing availability is my own personal responsibility.
posted by flabdablet at 4:09 AM on April 21, 2022 [4 favorites]
That really depends on what it is that you believe your Google account is protecting you against.
Personally I am not prepared to risk exposing any of that stuff to a Google account, and take pains to refuse all of the many invitations my assorted devices offer me to keep convenience copies there.
All my own login information and account details, financial and TOTP included, are kept in a KDBX 4 database file that I use KeePassXC to work with on my desktop devices with KeePassXC-Browser to integrate with my web browsers, and KeePassDroid to work with on my phones. I currently use Dropbox to keep that database synced across devices, as well as keeping my own periodic local offline backups of it, but if Dropbox ever goes belly-up I could swap in any other cross-platform file sync service to do the same job. Even Google Drive, at a pinch.
Making it feasible to employ only long, machine-generated, unique-per-service secrets by using any centralized password management solution to is a huge step up, security-wise, from the shitty ad-hoc passwords that too many people still rely on to such an extent that the first factor in 2FA might as well not even be there.
But it's a choice that comes with its own risks, the worst of which is total loss of all stored credentials in one hit if something goes wrong with the password manager. And if the password manager is in fact part of a Google account, and the Google account is one of the usual freebies so that the account holder is mere Google livestock rather than one of its customers, I personally rate the risk of having such an account yoinked out from underfoot without warning, and the subsequent nightmare of trying to extract anything resembling satisfaction from Google customer "support", to be far too high. I am much happier relying on open source software that manipulates a database file whose ongoing availability is my own personal responsibility.
posted by flabdablet at 4:09 AM on April 21, 2022 [4 favorites]
flabdablet: cross-platform file sync service
I like SyncThing. And it does not use any type of cloud. It just syncs between your devices, when you want it to, and when they are on the same network.
https://syncthing.net/
There's even a version for my Ubuntu Touch phone!
posted by Too-Ticky at 4:56 AM on April 21, 2022 [1 favorite]
I like SyncThing. And it does not use any type of cloud. It just syncs between your devices, when you want it to, and when they are on the same network.
https://syncthing.net/
There's even a version for my Ubuntu Touch phone!
posted by Too-Ticky at 4:56 AM on April 21, 2022 [1 favorite]
Last time I played with SyncThing was quite a few years ago, and I had occasional trouble with excessive CPU usage and failed conflict resolution that drove me back to Dropbox. Might be time for another look.
But of course the whole point is that it doesn't matter what file sharing service you pick, as long as it works for you. KDBX databases are typically quite small (mine holds over a thousand sets of credentials accumulated over the last fifteen years, and is still only 135kB) so pretty much anything will work. Even something as bogus as keeping one attached to a draft in an email account could work for some people. One of my offline backups lives in a USB drive attached to my car keys.
Decoupling the file sharing solution from the password storage solution, and using a well supported non-proprietary file format for password storage, avoids the single-vendor-lock-in risks inherent in services like Google accounts or LastPass or 1Password that bundle all of the above. To me, that's well worth a slightly more complicated setup with the occasional convenience speedbump.
posted by flabdablet at 5:14 AM on April 21, 2022 [1 favorite]
But of course the whole point is that it doesn't matter what file sharing service you pick, as long as it works for you. KDBX databases are typically quite small (mine holds over a thousand sets of credentials accumulated over the last fifteen years, and is still only 135kB) so pretty much anything will work. Even something as bogus as keeping one attached to a draft in an email account could work for some people. One of my offline backups lives in a USB drive attached to my car keys.
Decoupling the file sharing solution from the password storage solution, and using a well supported non-proprietary file format for password storage, avoids the single-vendor-lock-in risks inherent in services like Google accounts or LastPass or 1Password that bundle all of the above. To me, that's well worth a slightly more complicated setup with the occasional convenience speedbump.
posted by flabdablet at 5:14 AM on April 21, 2022 [1 favorite]
I appreciate the link to Chromium but I'm not a dev and just wanted to easily find where and how to download it and the site... is not super interested in that. I don't know what a "build" is. Give me a large shiny button that says "download" and tell me if it's for Mac or PC.
OMNI. BOX.
posted by pelvicsorcery at 6:03 AM on April 23, 2022 [1 favorite]
OMNI. BOX.
posted by pelvicsorcery at 6:03 AM on April 23, 2022 [1 favorite]
https://download-chromium.appspot.com/ will autodetect your operating system and offer you the results of the latest nightly Chromium build that suits it. There are also links at the bottom of the page that let you override the autodetection.
The "raw" builds delivered from that page are packaged as Zip files, not the customary click-to-open installers. I don't have a Mac or Windows box handy for testing, but I'm guessing all you need to do for Windows is extract the Zip file's contents into a folder of your choosing, then run chrome.exe from inside that folder to make the browser go. On a Mac, extracting the Zip file should make Chromium.app which I gather you can drag straight into the Applications folder.
These are nightly builds, so as well as shiny new features you'll get shiny new bugs. If I were using those, the way I'd react to bugs that bothered me is to keep installing a new build each day until they went away, then wait maybe six weeks to try a newer one.
posted by flabdablet at 2:47 PM on April 23, 2022
The "raw" builds delivered from that page are packaged as Zip files, not the customary click-to-open installers. I don't have a Mac or Windows box handy for testing, but I'm guessing all you need to do for Windows is extract the Zip file's contents into a folder of your choosing, then run chrome.exe from inside that folder to make the browser go. On a Mac, extracting the Zip file should make Chromium.app which I gather you can drag straight into the Applications folder.
These are nightly builds, so as well as shiny new features you'll get shiny new bugs. If I were using those, the way I'd react to bugs that bothered me is to keep installing a new build each day until they went away, then wait maybe six weeks to try a newer one.
posted by flabdablet at 2:47 PM on April 23, 2022
« Older How Barnes & Noble Went From Villain to Hero | Matt Araiza Is Out to Change the Way the NFL Views... Newer »
This thread has been archived and is closed to new comments
posted by jazon at 7:50 PM on April 17, 2022 [13 favorites]