Profile cover photo
Profile photo
Edward Morbius
Technological Archaeologist
Technological Archaeologist
Edward's posts

Post is pinned.Post has attachment
Google are Evil

This is absolutely equivalent to supporting the National Socialist Workers Party in Germany in 1933.

If you work for Google, quit. Now.

When Kristallnacht comes, it will be driven by Google's data.


Post has attachment
"In the future, all blogs/websites will probably be anonymous" (2004)

An issue of Reason arrives, some 13 years ago, to which economist Brad DeLong's father reacts first with a jolt -- the cover is a satellite image of his house, circled, and the text "James DeLong: They Know Where You Are!". But some soothsaying by unrepentant liar and smear-campaigner Declan McCullough, with some soft-sell "rational" persuasion, leads him to conclude:

As for the jolt of surprise -- my address has been in the telephone book forever, so anyone with a map and a crayon could always do what Reason did. My feeling of a loss of privacy is actually rather illusory.

Writes the junior DeLong:

I don't have settled (or especially informed) views on this, Dad. But I wonder if your first reaction might not have been more accurate. It takes 20 seconds to find and circle a house with a telephone book, a map, and a crayon--at $10 an hour total cost for low-wage labor, that's six cents an address. Very few people will have an incentive to organize and analyze their data on you at that cost. Those whom you want to send you magazines every month will, but how many others. I think we do have to worry about how governments--future Stasis--will use computers. And there are additional (but far lesser) potential vulnerabilities: weaknesses of the will at the personal or household level that might be exploited. One reason Ann Marie and I never let the kids watch Saturday morning cartoons was that we didn't want to be eroded by advertising-induced waves of pressure for X or Y. We hang up on all telephone solicitations immediately because we know our vulnerability to persuasion too well. And once enough people out there have figured out who we are, our internet wire transmits information both ways.

And this in -1984- 2004.

How quaint.

Post has attachment
Google's Eric Schmidt: My biggest mistake is still not realizing my biggest mistake (2013)

In the blast-from-the-past department:

Engadget's got a little fluff bit on Google's former CEO and present chairman. "Eric Schmidt: my biggest mistake at Google was not anticipating social"

No, Schmidt, your biggest mistake was failing to realize that vast hoards of highly detailed and categorized personal data are not only an asset, but a tremendous liability.

There were those of us who've had that concern for online activity pretty much since the start. And it's not getting any better -- the more I see, the more I see this all ending in tears, and Snowdens' revelations concerning the NSA and other domestic surveillance are only the tip of the iceberg.

I've been a Google user from very nearly day one. I remember well when having a search engine which turned up relevant results, on the first page, was not merely useful but novel.

Then we got news, and maps, and Google Earth. All pretty sweet.

Honestly, I started to have my doubts with Gmail. It's one thing to offer up all my interests to a single company (which made little secret of storing as much of that for as long as possible). Adding my correspondence on top of that -- and authenticating myself, that is, explicitly saying "hey, this is me" -- with every use? Not so much.

For any of those who might suspect my Kristalnacht obsession is anything new or specific to present US politics. Not by a fucking long shot.

Google: Fix this.

Post has attachment
Apropos Kristalnacht, another very good sign: E2EMail -- end-to-end email encryption

Whether they’re concerned about insider risks, compelled data disclosure demands, or other perceived dangers, some people prudently use end-to-end email encryption to limit the scope of systems they have to trust. The best-known method, PGP, has long been available in command-line form, as a plug-in for IMAP-based email clients, and it clumsily interoperates with Gmail by cut-and-paste. All these scenarios have demonstrated over 25 years that it’s too hard to use. Chromebook users also have never had a good solution; choosing between strong crypto and a strong endpoint device is unsatisfactory.

These are some of the reasons we’ve continued working on the End-To-End research effort. One of the things we’ve done over the past year is add the resulting E2EMail code to GitHub: E2EMail is not a Google product, it’s now a fully community-driven open source project, to which passionate security engineers from across the industry have already contributed.

I'm going to highlight again some of the very real challenges here:

Identification. "Who are you?" is the most expensive question in information technology. No matter how you get it wrong, you're fucked.

It's been pointed out in one of my many re-iterations of this point that it's somewhat less identity and more authorisation ("should I let you do that?") which matters. Cue HAL, "I'm sorry, Dave ...". Encryption somewhat handily addresses the authentication problem: without the proper keys, you have no access to the materials. The flip side of this is authentication, addressed in PGP via cryptographic signatures.

AI. What are you is becoming as much a problem as who, and the growth of even simple AIs as a disruptive and distracting influence in online discussion, in "fake news" generation, in Twitter feeds, in Wikipedia edits, and possibly most disturbing of all, in creating and distributing advertising (and propaganda) itself is another element (more below). I'm not entirely sure xkcd's "Mission. Fucking. Accomplished" result is as attractive as it first seemed.

Key management. The strength, and weakness, of cryptographic systems is the keys. Whilst a key allows a message to be encrypted, or signed, loss or exposure of keys creates grave magnitudes of harm. A lost key -- one which is destroyed, misplaced, or otherwise rendered unreachable -- doesn't just disable access to future texts based on it, but renders all past texts unreadable. This is a key (pun status left ambiguous) distinction between principles of physical data management, based on direct access to materials, and of informational data management, based on encryption and authentication. A safe with a lost key can, generally, be drilled out or otherwise accessed (assuming no booby traps defeating such measures). A document sufficiently encrypted will defeat all attempts to decrypt it until the heat death of the Universe.

Though anathema to many, I have and do suggest that much thought be given to some mechanism for key recovery or regeneration involving a number of trusted entities tasked with serving the greater social good. This is not an easy problem, and introduces some very real costs to service provision. Enterprises at the scale of Google are presently serving billions of users, approximately half of whom have no effective computer literacy. (And the ones who do have some degree of computer literacy fancy themselves to be space alien cats and persistent pains in the side and/or asses.) If one millionth of all users experience a lost key on a daily basis, that is millions of key-recovery actions per day, with real incurred costs likely on the order of minutes to hours of service time. The total costs for servicing such requests could run to the hundreds of millions to billions of dollars annually, barring some exceptionally inexpensive and reliable mechanisms. I would look at leveraging extant local establishments -- banks, businesses, governments, post offices, schools, libraries -- as potential partners in this effort. The problem is one not dissimilar to those experienced by other distributed institutions in earlier times.

The Four Horsemen of the Anti-Encryption Info-pocalypse: Terrorists, Drugs Dealers, Money Launderers, and Pedophiles. The fear is that any information security system powerful enough to be useful will be powerful enough to be used by those engaged in such activities. This is true. But the converse is also true: any information security system not powerful enough to be used for such activities is not powerful enough to be useful.

Just as today's civil infrastructure -- roads and highways, electrical grids, telephone systems, postal services, and financial systems -- are used for both socially beneficial and toxic ends.

The challenge is in identifying the activities, behaviours, and actors which are net harmful without destroying the interconnections and dynamics which make society possible.

Again, this isn't easy, there are absolutely instances in which I would want exceptions to rights to privacy and freedom from surveillance (many of the present occupants of 1600 Pennsylvania Avenue for starters, which may well be the case). For which both legal and technical doctrines, mechanisms, and protocols for breeching privacy, with a clear and specific social mandate should be considered. Included in this should be protections against vast fishing expeditions and broad sweeps for accidental acquaintances. A "relationship" between two parties need not be a conspiracy -- consider your grocer, hairdresser, waiter, or a bully you've encountered in the past. All are relations, not all are positive or conspiracies.

At the same time, I see a need to oblige disclosures under many instances, including most especially those who have, and might abuse, power: politicians, corporations, non-profits, governmental bodies, religious institutions, labour bodies. Society provides for structural protections for such enterprises, it should also correct a century and a half's failure to demand accountability in response.

Again: I don't have solutions here -- and solutions are not easily come by. In a more perfect world, I would suggest working with a rational and accountable governmental institution to help arrive at standards. The present political climate in the United States, UK, China, and elsewhere strikes me as highly unconducive to this. The climate in much of the EU, particularly in Germany, France, Belgium, and the Netherlands, with strong experience in the past century of the complications and dangers inherent in such systems, seems better, though that is contingent on outcome of present elections and interference in them -- itself among the activities which should be considered. Several American states strike me as more sane than others, California, Washington, New York, and Oregon among them. The existence of a Democratic or Opposition shadow government with which to develop potential legislative and policy frameworks could also be useful -- something the Democrats might do well to consider. Analogs to ALEC, though with a far more positive and socially-conscious philosophy, suggest themselves.

Technical problems. At the times I've broached the concept of a decentralised, federated, onion-routed, end-to-end encrypted information infrastructure, I've been told by those who know far more than me about building such systems is that such things would impose insurpassable performance penalties on today's Internet architecture. Speed-of-light, exceedingly poor edge distribution in many parts of the world, and even main backbone bandwidth, are issues.

My general answer is: perhaps today's Internet architecture is not a thing worth saving (more below). The reality of information streams is that the bandwidth between screen and brain is vastly more constrained than between screen and source servers. Much information is highly derivative. Some changes slowly (sites such as Wikipedia). Downloading the equivalent of a modern newspaper's output -- 200 - 500 stories a day, amounts to a few MB of text. Even with very thin edge networks, caching of such content close to the edge would address many longer-distance dissemination systems. Handheld on-device storage approaching 1 TB is possible, making source-referencing information unnecessary in many instances. The principle argument for highly interactive site design is advertising itself. There are exceedingly well-reasoned arguments for far more lightweight media design, Maciej Czeglowski of is particularly recommended.

The principle exceptions are for graphical, and especially video and audio content. Streaming video is attractive but exceedingly expensive on edge networks. The information provided can be quite useful -- despite keen observance and updating of Sturgeon's law, the minuscule fraction of YouTube which is not bullshit is exceedingly useful, and there's far more of even that than I could hope to experience in a lifetime. Even on relatively modern, though by no-means speedy, connections, I find that tools which allow me to advance-fetch, then play on a queued basis, such materials, suits virutally all needs. Podcasts, VLC, and as-yet-undeveloped A/V media tools are vastly superior to an in-browser media experience.

The business case: Advertising isn't the solution, advertising is the problem. The lie for the past two decades has been that advertising is what makes the Internet possible. The incontrovertable truth has emerged: much the Internet which advertising makes possible should simply not exist, and is a direct existential threat to the experiment of Liberal Democracy.

Neither can the present online advertising world, in which but two organisations, Google and Facebook, claim fully two thirds of all revenues, be considered a competitive free marketplace. This for numerous reasons I plan to develop at length later.

The beneficiaries of advertising are themselves largely not the institutions and activities which should benefit. The fundamental check and informer on government and business activities, the free press, the fourth pillar of free government, has been both starved and whipped to serve the lascivious interests of spectacle rather than of rational enlightenment. This is not a new problem, and my research has surfaced many previous discussions. Those with an interest might explore some of the better known: John Stuart Mill's On Liberty, Walter Lippman's Public Opinion, H.L. Mencken's "Bayard vs. Lionheart", Bernays' Propaganda. Le Bon. Mackay. I've found a small work by Hamilton Holt, a turn-of-the-century magazine publisher, Commercialism and Journalism (1909) to be a highly insightful view from the inside of the tremendous influence of advertising in both the growth, and influence on content, within the periodical publishing world (available at the Internet Archive).

There's another side to this: the equipment cost of information technology falls by approximately an order of magnitude per decade. This is a direct outcome of Moore's Law -- the 18-month doubling time corresponds to roughly a tenfold capability increase -- or cost decrease -- per decade. Put in this light, the relative growth in computer information system use in the 1950s, 1960s, 1970s, 1980s, 1990s, 2000s, and 2010s, seems to me far more comprehensible. Initially the province of a few large government bureaus and major corporations -- Thomas Watson's apocryphal "market for five computers" makes far more sense in this context -- expanded through the Fortune 100, then 1,000, then appeared on desktops, as mobile laptops, into virtually all homes, and most recently into pockets.

Similarly, IBM gave rise to the Seven Dwarfs, then the minicomputer revolution of DEC, Sun and the UNIX vendors, Microsoft, Google, Facebook, and ... Ello? An operation that's effectively a graphics design studio operating from a small commercial space in Denver, Colorado has produced one of the more compelling online offerings of the past five years.

And it is entirely advertising-free.

I consider the firm to be the equivalent of Red Hat (to UNIX vendors) and Craigslist (to newespapers). Each succeeded not in extracting more money from customers, but in demonetising an industry. Red Hat produced a better Unix than Unix (Linux) ... and gave it away for free (it still does, in the form of Fedora Core), excepting an enterprise-support offering. Craigslist produced a better newspaper classifieds than newspaper classifieds ... and gave it away for free, absent help-wanted ads.

(I'm eliding observations of some criticisms of each service -- many of which I've made myself. Yes, demonitising activities can generate further dynamics and consequences.)

But the point remains that falling costs, increased capabilities, and alternative modes funding, may provide new opportunities. A concentrated effort to establish open standards for interactions being much the other component.

Previously: Kristalnacht

Post has shared content
Slight progress: Upspin

File content is encrypted in storage and the private key is stored on the user’s client.

“Both the encryption and decryption happen on the user’s client machine, not in the network or on Upspin servers,” Google explained in the Upspin security documentation. “To share a file with a second user, that user must also be able to decrypt it. Upspin handles this automatically, using encryption techniques that allow two users to share encrypted data without disclosing their private keys to each other. The public keys of all users are registered in a central server to enable sharing even between strangers.”

I say slight progress not because I don't think this is a step in the right direction, or that it might not be a possible path to a far more promising and all-encompassing solution. But because this simply does not, yet, address the vast bulk of the problem.

Google need to rebuild their services and offerings, from Search, to Android (including its exceptionally problematic apps ecosystem and marketplace), Chrome, Gmail, and social offerings. Oh, and there's the ads side of the house. Upspin provides a possible path forward, but will have to either be fitted into the existing Google service offerings, or serve as the basis for buidling their replacements.

Either route looks to me to be a very long road. One which should have been embarked on a decade ago, if not two, and which we need yesterday needed at least five years ago. It's probably another 3-5 years out, minimum.

This shit ain't easy.

Meantime, as I've been saying:

You are here.

(And so is your data.)
Dear Googles: I hope you're giving a lot of hard thought to Brownshirt-proofing your vast troves of personal data.

Just sayin'.

Post has shared content
You are here.
Dear Googles: I hope you're giving a lot of hard thought to Brownshirt-proofing your vast troves of personal data.

Just sayin'.

Post has shared content
You are here

"I’ll never bring my phone on an international flight again. Neither should you."
Dear Googles: I hope you're giving a lot of hard thought to Brownshirt-proofing your vast troves of personal data.

Just sayin'.

Post has attachment
If Google has it, the Fascist Puppet Donald John Trump and his Brownshirts have it.

An update to a private share from two years ago.

If Google has it, the NSA and CIA have it.  If the NSA and CIA have it, Mossad, MI6, GRU, and MSS have it.  If MSS has it, then Chinese hackers have it.  And if they've got it, the hacker world does or will in 3-5 years, as Bruce Schneier and Eben Moglen have been discussing in lectures and essays.

See especially (both are long, but excellent): (Schneier & Eben Moglen at Columbia Law) (Schneier at Standford Law)

I've TL;DR'd the second on a post of +Steve Faktor's:

Post has shared content
AdSense macht frei

It's become increasingly and irrefutably evident that pursuit of online advertising revenues, and Google AdSense specifically, motivated a tremendous amount of the propaganda and disinformation "fake news" that resulted in the Fascist and Puppet Donald John Trump being elected to the United States Presidency.[1]

Sleep well, Google. No responsibility at all. It's just a value-neutral, revenue-maximising technology platform.


1. See +Lauren Weinstein's "fake news" study and results through :

Post has shared content
AdSense macht frei: Holocaust denial version

Google's genocidal conflicts of interest between advertising revenue maximisation and telling the truth admitting the reality of 6 million concentration camp deaths during WWII of Jews and other persecuted minorities gets deeper.

Apparently, Google can't find it in itself to tell the truth itself, but will allow you to pay for the privilege. A price which, after having first been exercised by Carole Caldwalladr has appreciated tenfold, from £24.01 to £289.

It's nice to see that truth, or rather, the opportunity to declare what you want the truth to be for a price, is a rising bull market.
Wait while more posts are being loaded