Tag: Google

Categories
Aside Links

Google is researching ways to make encryption easier to use in Gmail

Google is researching ways to make encryption easier to use in Gmail:

In response to Edward Snowden’s mass surveillance revelations, Google is working to make complex encryption tools, such as PGP, easier to use in Gmail.

PGP, or Pretty Good Privacy, is an encryption utility that historically has been difficult to break. But Google has “research underway to improve the usability of PGP with Gmail,” according to a person at the company familiar with the matter.

If Google is actually going to throw engineers and designers (most important: lots, and lots, and lots of UI and UX designers!) towards improving the basic usability of PGP that would be incredible. However, given people’s suspicion of the company given the NSA disclosures I have to wonder whether any public offering from Google will be regarded as some kind of a trojan horse by some civil liberties groups and the cynical public alike.

Categories
Links

How advertising cookies let observers follow you across the web

Back in December, documents revealed the NSA had been using Google’s ad-tracking cookies to follow browsers across the web, effectively coopting ad networks into surveillance networks. A new paper from computer scientists at Princeton breaks down exactly how easy it is, even without the resources and access of the NSA.

Source: How advertising cookies let observers follow you across the web

Categories
Aside

Surveillance Whakery

otakugenx:

More surveilance whakery.  Gotta thank the republicans and democrats for taking away our privacy.

The second image is terrific!

Categories
Aside Links

In-depth with Android Wear, Google’s quantum leap of a smartwatch OS

We take a look at how Android Wear works, and even manage to break some stuff.

This is the most in-depth analysis that I’ve seen of the Android Wear API and functionality. I have doubts that predicating most/many of the ‘active’ uses of the Wearable through voice is going to be a super popular thing: I can’t recall the last time that I saw someone ask Siri a question, or used Google’s voice-based search. I’m sure that some people do engage in such behaviours, but I’ve never once seen it while riding public transit or walking around the cities I’ve visited or lived in. As a result, I’m left wondering: who is actually using voice-based commands to control their devices? And will expanding the kinds of devices that can receive such commands actually lead to mass changes in how people engage with technologies?

Source: In-depth with Android Wear, Google’s quantum leap of a smartwatch OS

Categories
Links

Google Music for Mac (Desktop Application)

I’ve been using this OS X desktop app for Google Music for a few weeks now and absolutely love it.[1] One of the big weaknesses of Google Music (as made available by Google) is the absolute reliance on the web browser for desktop playback. In my case, I tend to have 4–5 windows, each with 10–40 tabs, on most work days.

In that mess of windows and tabs, hunting for the lone tab controlling my music is a royal pain in the ass. To the point where I’d rather use iTunes.

If Google doesn’t flat out hire the developers of the (unofficial) desktop app then I pray that Google at least leaves the developers/API sufficiently alone so that they can keep providing this very awesome application for us unwashed masses. Otherwise I’m going to have to spend a lot more time in iTunes (again).

  1. Note that if you haven’t played with your security settings, and are running a contemporary version of OS X, by default you won’t be able to install or run the application. To run the application open ‘Preference’ >> ‘Security’. In the ‘General’ tab click the unlock botton (lower left corner) and enter your administrative credentials. Then, on the same tab, select ‘Mac App Store and identified developers’; you should subsequently be able to authorize the Google Music application. You may have to repeat this process each time you update the application.  ↩
Categories
Writing

Brief Thoughts on Google’s ‘Shared Endorsements’ Policy

Simon Davies, one of the world’s most prominent privacy advocates, has filed formal complaints across the EU concerning Google’s ‘Shared Endorsements’ policy. Per this policy, Google may use:

the images, personal data and identities of its users to construe personal endorsements published alongside the company’s advertised products across the Internet

The legality of recent changes to Google’s policies that allow the company to share personal data across all its products and services are currently being investigated by a number of EU data protection authorities. The data protection issues and violations highlighted in my complaint go the heart of many of the aspects under investigation. Indeed the Shared Endorsements policy is made possible only through company-wide amalgamation of personal data.

In effect, Davies argues that the amalgamation of Google’s services under the company’s harmonized privacy policy/data pooling policy may be illegal and that, moreover, individuals may not know that their images and comments might be revealed to people they know upon leaving reviews of products and services in Google-owned environments.

Admittedly, I find that the shared pooling of information across my networks can be incredibly helpful (e.g. highlighting the reviews/opinions of people I know concerning various subjects and topics). Knowing that a colleague with whom I share book interests likes a book is more helpful to me than a review from someone that I don’t know. At the same time, I review products that I’ve purchased online quite often: given how helpful others’ reviews can be when I’m purchasing a product it seems like a courtesy to provide information into a private-commons. So, while I would prefer a review from a colleague I’m perfectly willing to make purchasing decisions based on what absolute strangers say/write as well.

The more significant issue with Google’s products, in my opinion, emerges from how the company’s business decisions are narrowing the range of commentary individuals may engage in. Such self-censorship is largely attributable to linking all comments to a person’s real name/public identity. Personally, this means that I often avoid leaving some book reviews, not because I’m ‘ashamed’ of the review but because I worry about whether it could detrimentally affect my future publishing opportunities. My reviews are (I think) reasonably high quality and fair but I refuse to leave some without some degree of pseudonymity. There is no reason to believe that my decision is unique: those in similar, tight-knit, industries likely experience similar pressures to avoid reviewing/commenting on some products, despite being experts concerning the product(s) in question.

I am not from  a ‘marginalized’ or ‘repressed’ social population, and Google is seemingly deploying platforms that are meant to serve people like me: people who freely review products online and who find it acceptable that such reviews are publicly shared and oftentimes highlighted to specific users. And yet, even I avoid saying certain (legal) things based on the (unknown) consequences linked to such speech acts. Despite being reasonably savvy concerning the collection, use, and sharing of personal information even I do not fully appreciate or understand how Google collects, retains, processes, or disseminates information I provide to the company. If even I am censoring legitimate speech because of the vicissitudes of Google’s privacy policies and uncertainties associated with providing content on their platforms then there is (to my mind) a very serious problem at the very base of the company’s contemporary data-integration and disclosure operations.

Categories
Quotations

2013.11.4

The NSA allegedly collected the phone records of 320 million people in order to identify roughly 300 people who might be a risk. It’s just bad public policy.

Eric Schmitt, in “Google’s Eric Schmidt calls NSA surveillance ‘outrageous’
Categories
Writing

The Painful Process of Updating Android

Android fragmentation is a very real problem; not only does it hinder software developers’ abilities to build and sell apps but, also, raises security issues. In a recent report from Open Signal, we learn that 34.1% of Android users are using the 2.3.3–2.3.7 version of Android, whereas just 37.9% of users using 4.x versions of the operating system, most of whom are themselves using a years-old version of Android. In effect, an incredibly large number of Android users are using very outdated versions of their mobile phone’s operating systems.

It’s easy to blame this versioning problem on the carriers. It’s even easier to blame the issue on the manufacturers. And both parties deserve blame. But perhaps not just for the reasons that they’re (rightly!) often crucified for: I want to suggest that the prevalence of 2.3.x devices in consumers’ hands might have as much to do with consumers not knowing how to update their devices, as it does with updates simply not being provided by carriers and manufacturers in the first place.

Earlier this month I spent some time with ‘normal’ gadget users: my family. One family member had a Samsung Galaxy S2…which was still using version 2.x of the Android operating system. Since February 2013, an operating system update has been available for the phone that would bring it up to Android version 4.1.2, but my family member neither knew or cared that it was available.

They didn’t know about the update because they had received no explicit notice that an update was available, or at least didn’t recall being notified. To be clear, they hadn’t updated the phone even once since purchasing the device about two years ago, and there have been a series of updates to the operating system since purchase time.

The family member also didn’t care about there being an update, because they only used the phone for basic functions (e.g. texting, voice calls, the odd game, social networking). They’re not a gadget monkey and so didn’t know about any of the new functions incorporated into the updated Android operating system. And, while they appreciate some of the new functionality (e.g. Google Now) they wouldn’t have updated the device unless I had been there.

A key reason for having not updated their phone was the absolute non-clarity in how they were supposed to engage in this task: special software had to be downloaded from Samsung to be installed on their computer,[1] and then wouldn’t run because the phone’s battery had possess at least a 50% charge,[2] and then it took about 3 hours because the phone couldn’t be updated to the most recent version of Android in one fell swoop. Oh, and there were a series of times when it wasn’t clear that the phone was even updating because the update notices were so challenging to understand that they could have been written in cipher-text.

Regardless of whether it was Rogers’, Samsung’s, Google’s, or the tooth fairy’s fault, it was incredibly painful to update the Android device. Painful to the point that there’s no reason why most people would know about the update process, and little reason for non-devoted Android users to bother with the hassle of updating if they knew what a pain in the ass it was going to be.

The current state of the Android OS ecosystem is depressing from a security perspective. But in addition to manufacturers and carriers often simply not providing updates, there is a further problem that Android’s OS update mechanisms are incredibly painful to use. Only after the significant security SNAFUs of Windows XP did Microsoft really begin to care about desktop OS security, and Google presently has a decent update mechanism for their own line of Nexus devices. What, exactly, is it going to take for mobile phone manufacturers (e.g. Samsung, HTC) and mobile phone carriers (e.g. Rogers, TELUS) to get their acts together and aggressively start pushing out updates to their subscribers? When are these parties going to ‘get’ that they have a long-term duties and commitments to protect their subscribers and consumers?[3]

  1. In theory there is an over the air update system that should have facilitated a system update in a relatively painless way. Unfortunately, that system didn’t work at all and so Samsung’s software had to be used to receive the updates.  ↩
  2. Really, this made no sense. To update the device it had to be plugged into a computer; why, then, did the phone (which was charging because it was plugged into the computer) need to have a 50%+ charge?  ↩
  3. I actually have a few ideas on this that will, hopefully, start coming to fruition in the coming months, but I’m open to suggestions from the community.  ↩
Categories
Aside Links

1TB Comes to Flickr

thisistheverge:

Yahoo unveils the new Flickr with one terabyte of free space

Looks wild.

As a pretty heavy Google user, I look forward to seeing if Google ups their own storage offerings to ‘compete’ with Yahoo!

Categories
Aside Links

Chinese hackers who breached Google gained access to sensitive data, U.S. officials say

Hackers who breached Google database appeared to seek identities of Chinese spies in U.S. who might be under watch.

This story is incredibly significant: it clarifies an additional target of the Aurora attacks in 2009 (the database that Google stored FISA warrant information in) and, as an extension, provides a notion of why NSA was involved in the investigation (i.e. any revelation of FISA information constitutes a national security issue).

I suspect we’ll never get the full story of what all occurred, but this article very nicely supplements some of the stuff we learned in Levy’s book In the Plex, as well as popular reporting around the series of attacks on major Western companies that happened in late 2009. It also reveals the significant of meta-data/information: it wasn’t necessarily required for attackers to know what specifically waas being monitored to take action to protect agents; all that was needed was information that the surveillance was occurring for countermeasures to be deployed.