Google never clear on the concept of privacy

Over the years it became more and more clear to me that Google had redefined themselves as a company based on the surveillance economy. That was not true when I joined in 2005, but gradually became true as they tried to compete against Facebook in advertising. Advertisers covet demographic information, so they don’t show a BMW ad to a poor person and they don’t show an incontinence ad to a young person. Unfortunately Google has turned into a pathetic persistent privacy invader as a result. If you go to google.com when you are not signed in, you see this notice:

Of course, if you click on the “START CHECKUP” button, it presents you with a notice to sign in:

This is of course oxymoronic – why the hell would you sign in to give them a cryptographically certified trail of your identity if you care about privacy? Their whole business model is based on assembling a detailed dossier connected to your login. Signing in is exactly the opposite of what you should do if you care at all about privacy.

This is one reason why I decided to forego working on cryptography during my years at Google – the primary purpose for cryptography at Google is to secure their business model based on surveillance.

Another Alexa failure

Today I was speaking to my wife about a listing in a book “Weird California”. I read a section that said it was “near 405 and LAX”, which caused alexa to think we were talking to it. The weird part is that it responded with “it sounds like you are interested in flatulence”. I can guarantee that at no point did we say “flatulence” that day.

A previous version of twitter

I think license plate frames were the predecessor to twitter; short witticisms that are designed to make you smile. Over time I’ve come to appreciate this line from a Joe Walsh song. The title of the song (and the next line in the chorus) is “Life’s been good to me so far.”

 

California election idiocy

If you are a registered voter in California, then you have probably already received your voter pamphlet containing arguments for and against the propositions, as well as statements from candidates for statewide offices. This year’s book is particularly ridiculous, with clear cut nut cases running for office. Not just people whose views are out of the mainstream – but people who are somehow emboldened enough to embarrass themselves in an election. Some of them may have been inspired by the fact that the US recently elected a minor TV celebrity as President. Here are some samples:

John “Jack” Crew | REPUBLICAN.

This guy’s complete statement is “Atrocity of abortion-on-demand must end”. I could sort of understand someone being against abortion, but is that really the only thing that makes you want to be a senator from the state of California? What are you going to do there – just mouth the same words over and over again?

Ling Ling Shi | NO PARTY PREFERENCE

No shit. No party would want this wingnut in their party.

His platform says:Run for God’s Heart and America’s Freedom, Challenge 2016 U.S. Presidential Election results: 2016 U.S. Presidential Election should be nullifed by the U.S. Supreme Court and U.S. should re-hold 45th U.S. Presidential Election; Challenge 10 giant chaos in U.S. Economy and Economy-Related sectors.

Kevin Mottus |REPUBLICAN

This guy’s candidate statement focuses almost exclusively on “the new 5G wireless technology and Internet of Things”. His big concern seems to be that there will be too many towers emitting wireless microwave signals. Does he even have a clue what it means to be a senator???

And then there are the candidates for Governor, starting with:

Peter Y. Liu |REPUBLICAN

His total candidate statement is a hashtag: #cesp5. I am not making this up. Here is his candidate photo: 

I’m guessing that he just graduated from High School on the basis of this photo.

Christopher N. Carlson |GREEN

His candidate statement is:
“Teach your children calculus And keep the planet safe Or feathered stones and empty bowls Will also be their fate”

@guberthecandidate

Finally, we have:

Johnny Wattenburg |NO PARTY PREFERENCE

His complete candidate statement is: “Why not!”. Not a question mark, but an exclamation point. Why the fuck not indeed?

You can’t make this shit up. It’s on the California voter guide site. Some people will chalk this up to California being the land of fruits and nuts. That’s undoubtedly part of it. There are some credible candidates in the mix, but there are also some nutcases who manage to get through the system. I’m glad that parties don’t control everything, but I’m hoping that Californians aren’t as stupid as the US at large to elect some nut case to higher office.

Privacy is hard if you hunger for data

After I left Google I started looking into Mycroft, which is an open source alternative to Amazon Alexa or Google Home but promises to provide better privacy. Unfortunately, that concept of privacy seems to be elusive to the company behind Mycroft. Not only did they send out a survey using a third party with a poor privacy reputation, but the apology for that survey was posted on the Mycroft blog, which has multiple tracking technologies that are blocked by ghostery, including ones from Google, Pinterest, and Facebook.

The usual response to such things is “but but but … so convenient for users!” or “but but but how can we track our users?” This is apparently the world we live in – even companies that apparently want to provide a better privacy story are unable or unwilling to confront what that means. The reputation of your company is only as good as the reputation of your partners.

Coincidentally, Google today sent out a reminder that sites using Google Analytics must review their data retention settings to comply with GDPR by May 25th. They attempt to make a distinction between a User-ID and an Android Advertising ID (which is unique to each phone).  In case you are unaware, the latter is a random ID that may be reset by the user, but it’s sufficiently well hidden that 99.9% of users will never find it. It is readable by all apps on an Android phone. This kind of skullduggery is a big part of the reason why I decided to leave Google.

Screw you Embassy Suites

Now I know never to stay in an Embassy Suites again.

I regularly use a different email address for every company that asks for one. At some point in the past I used a specialized email address for embassy suites, and sure enough this week I received an email to that address from a company called travelpass group. This is proof that Embassy Suites has given them my email address, which puts Embassy Suites solidly in the camp of companies that use spam to try and sell things. If you search for this company with your favorite search engine, it turns up a complaint from the Federal Trade Commission against them (and their aliases).

RSA conference: not clear on the concept

I’ve been amused by the fact that the RSA conference uses a badge that has NFC in it, so that when you visit a vendor booth, they can scan the badge and read information on it. When I read the badge with the NFC on my phone, it showed an opaque blob that was evidently encrypted (or encoded obscurely). I guess that means that RSA doesn’t want YOU to know what is on your badge, but wants their vendors to know. Last year I started a tradition to repeatedly bend the badge and break the RFID tag inside the badge so it is no longer readable (it seemed to be tougher to crack this year). Then I put an NFC tag behind the badge that contains only the URL to theonion.com. Of course the vendors are all expecting to see an encrypted blob on it, so they don’t get the joke. I do it for my own amusement.

Don’t like what it says on the NFC tag? Use your own!
On top of that, this year they sent out a “survey” link to a webpage on qualtrics.com, which is blocked by a browser extension I use. I’ve always known that marketing came ahead of privacy at the RSA conference.

On cloud APIs

Cloud APIs are like fair-weather friends. They work as long as it is convenient to do so, and they get to set the terms of the friendship. Today I received a notice from Google that the “free” maps API would no longer be free, but would instead require you to provide a credit card, in return for which they would give you a “free” tier of usage. I guess if you go over your limit, then you will pay for the usage. Fair enough, but it requires you to do your own rate limiting. As an alternative they could stop serving your clients and send a warning when you go over your limit, but that might allow you to escape the first month of over-charges.

I find it easier to just reduce my dependencies, so I removed the maps from iacr.org. They weren’t necessary anyway.

Amazon Alexa vs Google Home

I recently left my job at Google, so I finally feel free to post my opinions about Google products. I’ve used both Amazon Alexa as well as Google Home, but they are quite different beasts.

TL;DR; Don’t buy a Google Home. They are an atrocity when it comes to privacy.

Let’s first review why they exist at all. Amazon is all about commerce, and they want you to make your purchases through them. Much of our commerce is routine repurchase of consumer items that we have purchased in the past. Most people buy the same toilet paper each time, or the same toothpaste, or the same salad dressing. If it worked for you in the past, then it probably works to buy it again. Amazon realizes this and wants to make it easy to re-order something that you have purchased from them in the past. They tried this with the “dash button“, but those were not a great idea and never caught on. On the other hand, the Amazon Echo (Alexa) device is linked to your Amazon account, and you can easily say “order more toilet paper” and have Amazon know what you are talking about if you previously ordered toilet paper from them. This reduces the friction on a routine purchase, and it’s a win for both Amazon and (mostly) the customer. The only fly in the ointment is that you might end up ordering at a higher price.

By contrast, Google’s business is advertising. Oh sure they have tried to get into other things (like cloud, home delivery, and media), but they are still mostly advertising. The holy grail of advertising is to show the right ad at the right time to the right person, and for this Google thinks they need to know everything about you. When you set up a Google Home device, it demands that you link it to your account, but unlike Amazon, it requires you to sign up for very invasive tracking of your phone. This includes search history linked to your account, YouTube watch history linked to your account, and location history linked to your account. While you might not mind providing this data to Google, it won’t make your Google Home device function much better (Google will dispute this because they live in an immense bubble). Google doesn’t need to know which street you drove down today in order to play music for you or set a timer or answer a question. It’s just another data grab by Google.

The way I got around this with the Google Home device was to create a dummy account, put it on the phone, configure the device, and then remove the account from my phone. That way the account only exists on the Google Home device. This cripples any ability to add capabilities to the Google Home device, but you won’t be missing much.

There are a few major uses for the Alexa and Google Home devices:

  1. Playing music or podcasts. Here the Alexa is probably better, because most people who purchase an Alexa device have Amazon Prime, which includes quite a bit of free music.  For most people this means you can tell it to “play the Beatles” and it will actually play music from the Beatles. With the Google Home device if you tell it to play the Beatles, then it will play precisely one song by the Beatles and then wander off into playing a different artist. It had one job, and it won’t do that job unless you have a paid music account like Spotify or Google Play Music. The Google Home device is pretty useless for music without it (unless you really don’t care what noise emanates from the device). If you don’t have Amazon Prime, then the Alexa device is in the same boat.  Most infuriating of all is the fact that if you upload your music to Google Play Music, then you may not play your own music on Google Home unless you pay for a Google Play Music account. Oddly I was able to program my raspberry pi to do this, so it’s not a fundamental limitation – Google just doesn’t want it to work. Fuck you very much.
  2. Setting a timer for cooking. This is surprisingly useful for brewing tea or letting something cook for ten minutes. The timer on your oven could theoretically do this, but they seem to hire the worst UI designers on the planet. Both devices could do this (though it hardly justifies buying one).
  3. Asking for the weather forecast in any location. Both devices seem to do a pretty good job at this, and frankly I haven’t compared them much because I live in California and the weather is pretty uneventful.
  4. Factual questions like “who was president in 1896?” It turns out that both Alexa and Google Home know that it was Grover Cleveland. My perception is that Google Home is more capable of answering these questions, but I don’t have specific examples.
  5. Home automation. I’ve fiddled with this a little bit, but frankly I want my devices to work, and adding remote functionality almost always causes them to develop new failure modes. The light switch on my wall has worked for fifty years and will be still be working long after these assistant devices disappear.

It remains to be seen how important these devices will become. Google’s dream is to become your buddy and know everything about you so they can show you better ads. Amazon’s dream is for you to make all your routine purchases through them without looking at the price. I’m personally more interested in having an appliance that doesn’t have an ulterior motive. Perhaps the Mycroft project will produce this in the future (more on this later).

Back to blogging

I recently quit my job at Google after 12 years, so I had to stop posting on the internal Google+ site. I’ve used social media of various types over the years, but I’m growing increasingly disillusioned with them, and I long for the way the web used to work (well sort of work, anyway). I’m going to try writing in this blog instead.

Stand by for an increasing flow of sarcasm.