Cover photo
Edward Morbius



Edward Morbius

Shared publicly  - 
Google secretly installs mic-enabling spyware / surveillance on all systems with Chrome or Chromium browsers

What the actual fuck?

Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised. We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted.

I've confirmed this is present and installed on my own Debian system and that my system mic (typically disabled / zeroed via software) was enabled. I may need to physically cut the circuit.

I also see a need to start firewalling off Google IP and network space.


I've been meaning to nuke Chrome for a while (fucking Stylebot's the monkey on my back). If I can eliminate all Google software from my Debian repos that's not too much.

Correcting one error in the article: Debian don't audit every line of code. There's too much, and the security team's too small. But Debian do have a policy and constitution, and key among the elements of that is that user rights come first.

Also: anyone with tips on physically disabling Thinkpad T520 mics, I'd appreciate the info.

+Yonatan Zunger +Andreas Schou +Lea Kissner +Larry Page +Sergey Brin +Eric Schmidt +Bradley Horowitz +Peter Kasting 

+Steve Faktor +Stephen Shankland +Dan Gillmor +Danny O'Brien +Danny Sullivan +Tess Vigeland 
Google Chrome listening in to your room shows the importance of privacy defense-in-depth. New column on Privacy News.

Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.

It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".

Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.

This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required. That’s how you defend against this in depth.

Early last decade, privacy activists practically yelled and screamed that the NSA’s taps of various points of the Internet and telecom networks had the technical potential for enormous abuse against privacy. Everybody dismissed those points as basically tinfoilhattery – until the Snowden files came out, and it was revealed that precisely everybody involved had abused their technical capability for invasion of privacy as far as was possible.

Perhaps it would be wise to not repeat that exact mistake. Nobody, and I really mean nobody, is to be trusted with a technical capability to listen to every room in the world, with listening profiles customizable at the identified-individual level, on the mere basis of “trust us”.
Noah Friedman's profile photoAlain Saint Amand's profile photoRich Bodo's profile photoAchraf Toussirt's profile photo
+Edward Morbius Regarding (1), your reasoning seems faulty to me.  You argue that applications can't be trusted with the microphone and we need OS- or hardware-level controls.  Ignoring that you have OS-level controls in all OSes I'm aware of (Chrome can't record from a microphone you've muted), and that OS-level controls are just software and presumably no more trustworthy than controls in Chrome (where does the mistrust stop?), this means it doesn't matter whether Google ostensibly builds capabilities into Chrome that use the mic or they don't: they could, and because they can't be trusted, all applications should be equally suspect.

That means the comments about us "choosing to play in this space" miss your own point.  You're intentionally not relying on whether vendors claim to be choosing to play in the space or not.  You're saying you don't want to trust what people claim to do, and in that sense, Chrome is equally untrustworthy as everything else, regardless of this incident or of any feature we do or don't claim to build, no matter the opt-in state.

And as I noted, this is far from the only feature in Chrome capable of using the microphone, yet even among privacy advocates I don't see people having been up in arms for years about the other mic capabilities of the software (e.g. allowing websites to access your mic with your permission).  To me this suggests that very few people take the sort of full-paranoia stance that the software can't be trusted at all; if we build something and make it opt-in, that seems to be good enough in general.

So the swearing about us being "fucking adults", which implies not only that we're not acting like adults but that you're fed up with it, seems itself childishly petulant to me.

Regarding (2), we're not playing in the free software space.  We don't release Chrome as free software, and we don't release Chromium as a product at all.  Debian are playing in the free software space, and if they want to ship and support a product, they need to ship and support it -- and in this case, have done so, by managing the bug request in their system, communicating to us upstream what they need, etc.  So we're not trying to make free software advocates happy.  And it's not valid to claim this is a red herring.  The vast majority of angry feedback ON THIS SPECIFIC TOPIC has been about the closed nature of the source code, NOT about microphone access to begin with.  This may be a red herring to you personally, but your position is not representative even of everyone who is upset, so it's not valid for you to dismiss this concern as irrelevant.

Regarding (3), I think there's a false sense that, because we didn't happen to put the bits for this feature in the same .zip as our installer, there is some sort of reasonable expectation of user control.  If we ship 10 megs in the initial installer, 10 megs in software the installer downloads, and 10 megs in software that the software the installer downloads itself downloads, why is it suddenly the case that with one of those 10 meg chunks we need to ask and notify users?  This is a low-level, technical implementation detail of when the bits get downloaded.  It is not an optional, configurable part of the program, from the perspective of users.  And our fix for Debian didn't make it one: we made it possible to throw compile-time switches to pull out the feature, just as there are compile-time switches for h.264 decoding support.  Those switches don't mean we have a moral obligation to users to ask if they want h.264 support; that's up to the people packaging the product to decide.

For (4), none of your stated principles demand that the opt-in must come before downloading a piece of code, rather than before executing it.  You've simply decided that that's the standard.  And, again, the analogous functionality in the same product -- mic access for webpages in Chrome -- isn't causing mass hysteria even among privacy advocates.  So while you're welcome to any position you want, it isn't mandated under your own justifications and it isn't one that seems widely adhered to or compelling for me.  So, pardon me if I don't particularly mind that we don't live up to your standard and won't in the future, and neither does ANY OTHER MAJOR BROWSER currently.  (Life is hard when you're going to make demands that no one else makes.)  As for the specific four rules you propose, I don't see why you're putting text in bold and (again) swearing at me about items Chrome isn't even accused of doing, e.g. not remembering user choice.  I happen to agree with you that we should remember such user choices.  And, in fact, we do, so why the rant?

For (5), the distinction absolutely matters, in the same way that you don't get to bitch at OpenSSL maintainers if Microsoft includes SSL code in Windows that doesn't do something Microsoft's customers want.  That's Microsoft's issue.  OpenSSL isn't shipping or supporting Windows, and it's not their responsibility to do so.  Neither is it our responsibility to uphold Debian's principles in a product that Debian constructs and ships to their users.  We are happy to support their requests as upstream vendors of a piece of their software, and have done so in this case.  Claiming this distinction is immaterial is foolish and blatantly contradictory to reality, and it smacks of "I'll blame whoever I darn well wish to blame".

For (6-9), I don't see why you're concluding we haven't had precisely those discussions, and are extremely comfortable with the results.

So I stand by my initial statement.  We've considered this, we're taking what I think is a reasonable position, and while I can understand and respect your disagreement, I don't think that we are obligated to cater to your individual concerns, merely to listen to them and take them into account.  If after doing so we don't wind up where you'd like, well, you will need to decide how to respond to that.  If you decide you don't wish to use Chrome, by all means, please use an alternative that makes you more comfortable, based on whatever criteria you choose.  We released Chrome's source precisely to drive additional competition and improvement in the browser space, it would be poor of us to bemoan when other products succeed.

As I think we've covered the major points and anything further is likely to mostly be a retread, I am unlikely to respond further in this thread.  Hope it was helpful, even if you don't agree with where we stand.

Edward Morbius

Shared publicly  - 
+Verizon​ hit my "pure evil" list several years ago. This is merely gloss. Though thick, durable, and copious gloss.

Fuck you, Verizon. Fuck you very much.

h/t +Roberto Bayardo​.
Verizon is giving a new mission to its controversial hidden identifier that tracks users of mobile devices. Verizon said in a little-noticed announcement that it will soon begin sharing the profiles with AOL's ad network, which in turn monitors users across a large swath of the Internet.

That means AOL's ad network will be able to match millions of Internet users to their real-world details gathered by Verizon, including "your gender, age range and interests." AOL's network is on 40 percent of websites, including on ProPublica.

AOL will also be able to use data from Verizon's identifier to track the apps that mobile users open, what sites they visit, and for how long. Verizon purchased AOL earlier this year.
Verizon's tracking supercookie joins up with AOL’s ad tracking network.
5 comments on original post
John Davidson's profile photoEdward Morbius's profile photo
+John Davidson I'm leaning towards TOR routed as well. 

Edward Morbius

Shared publicly  - 
Former NSA chief strongly disagrees with current NSA chief on encryption, Motherboard reports.
Gen. Michael Hayden publicly comes out against FBI’s crypto war.
4 comments on original post
Bob Calder's profile photoJann Van Hamsterwheel's profile photoJames Lamb's profile photoBoris Borcic's profile photo
But then again, maybe he doesn't need access at all, maybe he just needs a channel to provide his information and measure the reaction to that information based on meta data compared to reaction models. In this case the flow of information and reaction to that information is more important than the information itself, when you're drowning in information, the last thing you need is more information. Hmmm.

Edward Morbius

Shared publicly  - 
The battle to defeat the now-final TPP begins. We want your ideas for slogans to put on our protest signs!
Trade negotiators from the U.S. and its 11 Pacific Rim partners announced their agreement on the Trans-Pacific Partnership Agreement (TPP) today, concluding the final round of closed negotiations in Atlanta and marking the culmination of seven years of secrecy. Throughout all that time, the U.S.
24 comments on original post
Thomas Arildsen's profile photoPaolo Redaelli's profile photo

Edward Morbius

Shared publicly  - 
Dear Lazyplus: Does anyone have any idea of what's going on at

Some months back I saw that they'd stopped accepting new account registrations. Now the email account I'd previously configured (and have been actively using) was disabled "due to inactivity". Contact for the services administrator(s) is sparse at best.

Have I missed news of shutdown somewhere?
paul beard's profile photoThe Real Slim Shady's profile photoJeremy Nixon's profile photoRob Shinn's profile photo
+Jeremy Nixon Meh.  It's more AJAXy than anything in the 90s.

Edward Morbius

Shared publicly  - 
Economics and Fair Pricing

I've found few good histories of economics, and fewer still which are readable. Roger E. Backhouse's The Ordinary Business of Life approaches the first goal but fails the second. Still, it's notable in that it covers the train of economic thought from Greek and Roman times to the present, covering most major developments.

And a very telling aspect is that to the time of Adam Smith, an extraordinary amount of emphasis was paid to what a just price should be. In many times, prices were actually fixed  by law or tradition.

While modern market theory allows markets to set prices, fundamentals of supply and demand in a competitive market (note: not "free" but "competitive"), with free entry and exit, all parties as price takers, and equivalent information should trend to the marginal cost of production.
In the past few days, quite a few people asked me to write something about the case of Martin Shkreli, the hedge fund manager who acquired a pharmaceutical company and promptly raised the prices of various lifesaving drugs (which no competitor made) by four to five thousand percent. While there's a lot of interest in the economics of the situation (would a single-payer health care system prevent this?), I don't actually know enough about health care economics to have anything very interesting to say about that. But there's something else about this that I found interesting.

The large majority of people reacted to Shkreli's actions with profound revulsion. (Even before he decided to up the ante by answering a reporter's question about why he did this with "You're a moron.") There was a general sense that there oughta be a law, and many (I suspect) feel that the fact that there isn't, actually, a law about this points to a fundamental failure in our society.

The hard part about this is figuring out what that law ought to be.

The sense of revulsion is clearly not random. Shkreli's decision to raise prices (since reversed) would have netted him a handsome profit, at the expense of the lives of some patients who could no longer afford it, the health of other patients who would not take enough medicine, and the financial ruin of yet others who would be forced to pay hundreds of thousands of dollars in a year, or as much as they could before their finances gave out completely. It was "conduct that unjustifiably and inexcusably inflicts or threatens substantial harm to individual or public interests."

That last sentence is one that I've always found very interesting. It comes from the Model Penal Code, a 1962 attempt by a collaboration of jurists around the United States to write a reference standard for what criminal law should be. (No state uses it verbatim, but most states have since based their criminal codes on it) That sentence is an attempt to answer the question of "what is 'crime,' anyway?": that is, what are the things that there oughta be a law against?

Most of the rest of the MPC is trying to put meat on that one sentence: what is justified? (It answers by starting from the concept of "necessity," and ideas such as self-defense and so on follow from that) What is excusable? (That is, can the person be held responsible for the act?) It's a fascinating discussion, but the key point in this is that the MPC's authors were attempting to capture a very fundamental question about what types of behavior society ought to defend itself against.

I think that most readers would agree that Shkreli's behavior very much fits within the bounds of that concept – the general notion of "what ought to be a crime." However, there's a second layer to making something a crime, which in this case is the hard part. 

The problem is that law in general, and criminal law in particular, is absolutely terrible at subtlety. It is possessed of big hammers and bigger hammers, and even a criminal investigation is a significant harm to someone. (Although our legal system works rather hard to pretend that it isn't, which is an issue for another day) And because we attempt to be "a nation of laws, not judges," we don't want laws (especially criminal laws) which are vague in their definition, and up to the whims of individual judges to interpret. There are very good reasons for that, of course: if law is up to judges, then the law becomes hard to predict, so everyone shies away from being even close to a gray area; it becomes subject to the personalities of judges, so knowing them becomes more important than knowing the law, and thus creates a situation rife for two tiers of justice.

So for a law to be useful, it needs to delineate a fairly clear category of conduct which is against the law, and which can be determined by the procedures of criminal investigation and trial to have happened or not to have happened.

And for this reason, it's fundamentally impossible, and even undesirable, for "what is legal" and "what is ethical" to coincide. The reason is that ethics are always situational: (sorry, Kant) that is, they depend on the totality of the circumstances surrounding the event. To take a simple example, if you say that "killing people is wrong," you're certain to be asked "well, what if someone is coming at you with an axe?," or "well, what if someone is coming at your family with an axe?" There are plenty of possible answers to this question, but each of them highlights that the abstract statement about killing must always be qualified with the possibility of situational modifiers. Laws, on the other hand, need to be specified clearly and crisply, so that they can be enforced, and their boundaries cannot pre-specify every possible situation.

As a result, we expect that there should be things which are both legal and ethical (say, giving people cookies) and things which are both illegal and unethical (say, hacking strangers to death with an axe). There should also be things which, while ethical, are illegal, and for good reason. (My favorite example of this is "killing Nazis," but I recognize that many people will argue the ethics of this with me. However, ethical or not, there's an excellent reason that it isn't legal for ordinary citizens to go around shooting people in the streets, which is that this would lead to utter chaos as everyone decided that they had a good reason to shoot someone different. The meta-purpose of having civil order outweighs the individual ethical value of killing some individual malefactor) And likewise, there are things which will be unethical, but still legal.

Sharp business practices will inevitably fall into this category, because it's impossible to enumerate ahead of time all of the ways in which people will attempt to cheat or rob one another. No matter where your laws are, so long as business is possible, someone will find a way to do something malicious. (And this is hardly specific to business; even if you ban that outright, extreme Bolshevik style, people will misuse one another in plenty of other ways)

I should note that this fourfold division is simply for the case where the law attempts to mimic justice as closely as possible; it's not even counting the fact that law is by no means constrained to do that, and can just as easily be a tool of injustice as of justice. (Its history is quite full of that)

Justice as an aim of law is a nontrivial statement: it implies that the purpose of having a rule of law, beyond the establishment of predictable civil order and predictable consequences for action, is to legitimize and stabilize the state monopoly on force by having the law act as a fair arbiter of disputes, so that people will be willing to accede to its decisions rather than take matters into their own hands. This is far from a universal concept: when those in power are secure enough in their power, they do not necessarily need any legitimization of their monopoly on force, and so law becomes simply an instrument of civil order, which includes the maintenance of their power. And conversely, we often see cases where this power is not universal but the law nonetheless fails at those aims, and indeed in those cases the result is a collapse of the state monopoly on force. It's no coincidence that criminal gangs, run by powerful warlords, tend to be powerful precisely in the places where people have good reason not to turn to the police for help.

But returning to the ideal case, where the law attempts to embody justice as closely as it can while still being equally predictable by all, we see that there will always be differences between the two concepts. And I strongly suspect that Shkreli's conduct is in one of those areas where the difference is most significant and will always be hardest to minimize.

The challenge would be to draft a law against what Shkreli did which doesn't either rely on knowledge of his mental state ("in order to make money at people's expense" – it seems exceptionally likely to all concerned that this is why he did it, but how would you go about defining that in a way that could be proven in a court?) or also bar practices which are rather important. (e.g., we probably don't want to say that it's illegal to have any business relating to a lifesaving good, or that any business which touches on such a thing is required to have its prices set by popular vote, because then we will have a sudden and significant lack of such businesses)

I haven't thought through the particulars of whether this case could be legislated against in depth, but I suspect most strongly that even if it could, a Shkreli2.0 would promptly show up and find some way around that, as well. The fact is that it is not possible for criminal law to defend against all ills, and we shouldn't expect it to.

So what should be done in such a case? Well, I'm tempted to suggest that an appropriate response would have been for him to get a good, swift kick in the nuts – another one of those actions which likely falls under "ethical, but illegal for good reason." (Although this may also raise the question of the category of "... but worth it anyway") 

What did end up happening, a public outcry which forced him to reverse his decision, is sort of a model of what you would like to happen in general: because while the law is constrained to be very black-and-white, social pressure is not. 

However, this is far from a reliable mechanism. First, it's not always effective: I'm still not certain why he decided to fold to public pressure in this case, as he doesn't seem overly concerned with being considered harmful. Second, it's often misaimed: how often does public pressure go against things which are simply unpopular? We should remember that one of the main reasons we have a Constitution and a judicial branch (and a rule of laws, rather than judges) is to try to prevent the rule of the majority from becoming the oppression of the minority – and even with all these mechanisms, our record on that is spotty to say the least. Essentially, a trust in social mechanisms alone is trust in a system which is as dangerous as the law itself; more flexible, but also far more unpredictable.

The only real answer, I think, is defense in depth: a combination of laws and social pressures which regulate one another, each understanding that the other will frequently fail, and each responsible for holding the other in check when they do.

The system worked in this case, as it fails in many others. It is nowhere near perfect. But it's at least a start.

Those who wish to read more about the Model Penal Code may find a good place to start in Markus Dubber's Criminal Law: Model Penal Code, ( one-third of which is the MPC itself, and the rest of which is a discussion of the whats and whys of the MPC, and a study of its reasoning. It's an invaluable tool in helping to understand the ideas underlying many theories of law and justice.

Those who like the "there are four kinds of..." approach to things in general may find a good place to continue in Pirkei Avot, a chapter of the Mishnah which consists of discussions of wisdom and ethics, and which heavily uses this style. It's available both online and in printed form at many places (e.g., and there's an excellent introduction to it – really, a discussion of the underlying concepts of ethics and why we have them – by the Rambam. (
173 comments on original post
Steve S's profile photoFerdinand Zebua's profile photo
Steve S
"Free market" is a PR nonsense term.

Edward Morbius

Shared publicly  - 
I posted a couple of days ago how I'd (once again) been locked out of one of my increasingly numerous (if not always relevant) Google accounts. Still not resolved -- real-world issues are somewhat more pressing, and those I most need to communicate with I can. And yes, I've got a standing offer for insider help (which again shows the breakdown of official procedures).

But it absolutely does reiterate the standing challenges that online services, particularly those built on surveillance, face in balancing user privacy concerns with establishing identity.

And of course, Google isn't the only company facing this dilemma, as +Violet Blue​​​'s excellent piece here on Facebook illustrates. Her own conclusion isn't far from the one I'm fairly rapidly approaching: that I'm better off managing my own online services directly, without the considerable assistance and expertise of various service providers. Both the frustrations and risks are far too great.

And again, "Who are you" is the most expensive question in information technology. No matter how you get it wrong, you're screwed.

HN discussion:

PIng: +Eric Grosse​​​, +Lea Kissner​​​, +Andreas Schou​​​
Paul Gray's profile photoEdward Morbius's profile photoWilliam Rutiser's profile photo
+Paul Gray​ I've been reading +Robert Reich​'s Saving Capitalism over the past few days. One point he makes is the minuscule staff that's requried to support many millions or even billions of users -- ratios of 1m - 100m to 1 aren't uncommon.

But that often works best in the early growth phases of companies. As they grow, the userbase falls lower on the basic technical competence role, and the legacy userbase grows, with increased challenges regarding both spoofing and loss of credentials, the support needs mushroom. Google's struggling with this, as is Facebook.

That same many:one multiplier for outbound capability turns into a liability when the communication is reversed, and many users (or would-be users) are seeking to be heard by the company.

Edward Morbius

Shared publicly  - 
EFF Staff Attorney Nate Cardozo has an op-ed in the San Jose Mercury News, arguing that if your business model depends on fooling customers, it deserves to fail.
Pervasive collection of data on what we look at online is met with puzzlement or apathy by the users of whom Internet companies are taking unfair.advantage.
4 comments on original post
J Stone's profile photoDawn Hardin's profile photoThom Thomas's profile photoPaul Frank's profile photo
J Stone
This is why we can't have nice things.
Shame on you guys - .

Edward Morbius

Shared publicly  - 
On bugs features introduced in testing

And Web animations.

Fuck Web animations.
Edward Morbius's profile photoBob Calder's profile photoSteve S's profile photo
+Edward Morbius Ugh. In my mind that's like putting granite wheels on your chariot as an homage to Fred Flintstone. Painful. :)

Edward Morbius

Shared publicly  - 
So, Google have locked me out again

No, not my Edward Morbius account.

Not TheRealSlimShady1944.

Not even the utterly random pseudonymous accounts I use for several Android devices (got burned with registering The Real Me once, learned my lesson).

No, this one's the account I use under my real name, not necessarily as my preferred email contact, though it's been my on-the-road go-to for some time.

The problem I've got is that, well, being seriously on-the-road, Google felt it preferable to shut it down.

Fuck you very much.

I've got very limited access to my other-than-major-NSA-feed email service options that I've been using for some time, though really, that's also getting somewhat intractable for its own reasons. But the last message I managed to drip out from that address has failed to see the associated Gmail account restored.

There's the rapidly dying Android device (aged as it was, all-but-obsolete, and now with a very intermittently functioning charger) from which I was able to receive an email ... but not transact a log-in to my Google account manager page.

Attempts to log in from either my laptop (pre-existing) or tablet (new) fail with a helpful (NOT) message from Google Security.

As with the world of credit cards, we're rapidly finding that the degree of latitude between "unauthorised access" and "denial of service" is exceptionally slim. Again: The question "who are you" is proving to be the most expensive one in IT. No matter how you get it wrong, you're fucked.

And, again finding ways in which the question need not even be asked could well be one way out. Say: publish everything publicly. But encrypt it against the nominal owner's PGP key(s) and, optionally, a set of escrow keys which, with some minimal quorum, would suffice to recover data, should that prove necessary. This would remove the requirement of asserting identity, replacing it instead with the access to appropriate crypto keys to actually read data.

Though, again, encryption and key management has its own sets of problems and challenges. I'm posing this option not because I'm convinced it is the correct solution, but to invite thoughtful attacks on the concept itself to see what weaknesses might exist (oh, say, poorly chosen passwords, bad crypto algos, data loss triggered by key loss). Frustrating as this is, I'm not claiming the solutions are simple.

As with my previous experiences with Google, and now several other cloud providers, there are multiple routes to failure. The alternate dredmorbius email account I'd set up under was cancelled, without any warning, due to "inactivity" -- of at best a few weeks, best I can tell.

Setting up my own managed service has been mentioned as an option, and is something I'm seriously considering. Several problems remain unsolved by that, including the possibility of loss-of-domain (or other address), and of the challenges of running an anonymous identity off a service I directly and traceably pay for. That is a characteristic I'd like to maintain under the several-years-long experiment this particular ID has been in maintaining a reasonably well-concealed online presence (not Major Global Power proof, but reasonably Casually Inpired Cuss resistant).

There's nothing I've seen in the various pages offered me by Google to, oh, I don't know, talk to an actual person about getting the fuck-up fixed. As previously, I do have SSH keys I can use to help assert my identity. I've got frequent correspondents who'd be able to vouch for me. There are even, in this case, identity documents and phone numbers which can be provided.

My understanding is that Andreas Schou, Lea Kissner, and Eric Grosse, all at Google, work in and around identity-type stuff. While I'm not down with Google being a giant Information Retrieval Information Suck a'la Terry Gilliam's Brazil, I would kinda sorta appreciate if you'd think through the logistics of getting those parts of Identity Management you are taking on for the 2.77 billion folks who've created some sort of Google profile to date (, and not losing them via false-positive flagging.

Because what you're doing now kinda sorta exactly sucks.

Or are you trying to tell me that men who don't wear masks cannot be trusted?
This file itself does not contain any profile data, but it does have links to the 50000 sub-sitemap files that do. For each of these sub-sitemap files, we download, parse, and count the number of Google+ and Google- profiles links. Tallying the data from all 50000 files together gives us two ...
Steve S's profile photoEdward Morbius's profile photoDawn Hardin's profile photo
+Steve S Appreciated.

Edward Morbius

Shared publicly  - 
Dear Lazyplus: Computing for the Visually Impaired?"

I've been spending time with friends, one of whom is extremely visually impaired. Blind in one eye, best corrected vision of 20/60 in the other, result of retinal degeneration via glaucoma (get your eyes checked, Geeps). As an example of the level of accomodation required, when laying out table settings, they require plates with a strong contrast between them and the background tablecloth or placemat. Fancy patterns which might obscure the plate boundary are a problem.

I spent an hour or so at the local Apple store looking for options which might be useful for the visually disabled, and, as in my previous explorations of same, was profoundly disappointed.

It is possble to set high contrast, black-and-white/greyscale, and a few other options, globally across the operating sytem.

IT IS NOT POSSIBLE TO GLOBALLY SET MINIMUM FONT SIZES. Which quite frankly leaves me gobstopped. +Apple​ what the fuck are you thinking?

Safari's "Reader Mode" is, again, useful, and it's possible to scale fonts to a size which are readable. But this must be done on every single page which needs to be viewed as such. There's no setting to make this a default view.


Again, +Apple​ , what the actual fuck?

A few additional considerations:

1. The person involved is elderly and generally not particularly computer-literate, nor inclined to become so. They can learn a specific routine, and occasionally figure out things on their own, but neither have nor are inclined to pursue even modestly advanced features. Their frustration threshold is low.

2. They're largely familiar with Apple products. Given the alternatives of Apple, Microsoft, or Linux, Apple is almost certainly the preferred option from a general usability and security model.

The thought that occurs to me as I write this is that there might in fact be a browser designed for the visually disabled, though I've heard of no such thing, which takes my advice and says fuck Web fonts, CSS, etc., fuck it all ( Straight-up bare-ass naked presention of the semantic Web page would be a vast improvement in virtually all cases.

If not, this is something I can approach in functionality via Firefox and uMatrix, possibly with Stylish and a local default stylesheet which addresses most standard Web annoyances. Consistent presentation across multiple Web sites is VASTLY preferable to any level of site-specific branding, in this case. I've got some basic standard stylesheets which might make for good starting points, they can almost certainly be customised to suit specific needs.

And, if not Apple, then what? There's a quite aged iMac here that's more than overdue for replacement. A newer iMac could work, and will likely be in the cards regardless for other household members (applications and access to existing online services). But the old machine could be converted to a Linux variant, likely with sufficient capabilities to address immediate needs. I'm considering this but am open to pointers.
Edward Morbius's profile photoGretchen S.'s profile photoJeremy Nixon's profile photo
iOS has better stuff for this than OS X. On iOS you can set it to enlarge the fonts systemwide. But, app developers have to support it.

I'm actually digging into all this right now. My boss told us a couple weeks ago that we need to be looking at accessibility, so I am, and I've discovered that on iOS, supporting things like VoiceOver, where the UI is spoken to you, is actually pretty easy. So I'm doing it. I didn't do it before because it just didn't occur to me that it would be this easy. (And, the app in question is company-internal, so I figured if anyone were in need of such a thing I'd have been told. Which is probably a silly thing to assume.)

Edward Morbius

Shared publicly  - 
Notes on a few moments playing with G+ on Android

The Krell have seen fit to bestow me with a new Android device, a 10" (25cm) tablet running (for now) what I believe is Android 5-ish (I'm a tad paranoid to toggle over to the System Information and losing my G+ post in the process...

I've long suspected that a key reason that the G+ desktop client was so pants was that more cycles were being dedicated to the Mobile or App  versions, for devices more modern than my admittedly quite aged early-gen Android phone (now largely relegated to increasingly nonfunctional tablet status).

My current investigations sharply undermine that previous assessment. Usability of the Mobile Web version of G+ under Chrome or Firefox, or the App, or the Desktop Web client, are all appropximately equally as  bad if not worse than one another. Notifications are utterly unusable (apologies to anyone I'm not following up to presently). Input to this dialog, via Bluetooth keyboard, is exceptionally unreliable as focus continually shifts elsewhere on the screen (particularly when using the backspace key).

It's utter rubbish. Any way you slice it. On Google's preferred platforms.
Lev Osherovich's profile photoPer Siden's profile photoEdward Morbius's profile photo
+Per Siden An improved and lower-friction interface for navigating most especially through the Notifications queue would be peachy.

Also a way to annihilate the multi-column cards fuckwittage of the stream. Haet haet haet.
Edward's Collections
Technological Archaeologist
I'm strongly reconsidering participation in G+ following the YouTube Anschluss, November 2013.  Content subject to deletion at any time.

Comments privileges on my posts are limited.  Email me if you cannot comment and would like to be added.

Google have time and again violated several key principles:

Respect.  Of my time, my attention, my expressly stated desires, and most of all, my intelligence by repeating these and other insults time and again.

Trust. I will share very limited slices of me online.  Time and again Google reached for more, and time and again I had to push back.  This last violation (which, had I not already gone fully pseudonymous would have fully outed me as it did others) was one step too far.  I extend trust once, not twice.

Privacy.  This is the immediate concern here, and I've tried to create a walled space within which I can act.  I no longer feel safe to act there.

This incident again has made painfully clear that Google don't understand the fundamental nature of privacy, of social norms, and of spaces.  Of the desire for individuals to keep different aspects of their life and online activity, even within a single pseudonymous identity, separate.  Yes, there are some smart people at the Plex, but socially, you're collectively beyond retarded.  And I no longer care.

I'm actively looking for alternative platforms to use.  
For the time being I'm retaining the Gmail account associated with this ID ( though I'll be migrating that as well (and am accepting recommendations).  Correspondents are strongly encouraged to use my GPG key:  C210 9883 FFB4 3AC1 DEBF  9A2C AC6F 1E84 420A B7BD

I may be found:

As "dredmoribus" on Reddit:  

Primary content and engagement on "the dreddit", a/k/a Dr. Edward Morbius's lair of the Id.

On the subreddit   My primary publishing point for now.

Blogging on DreamWidth: (presently inactive)

All of which is subject to change, of course (though Reddit's likely to be a good contact).

RSS/Atom feeds for the above are:
Feel free to drop those in your newsreader of choice.  It's a bit clunky, but notably less so than G+ itself is.

I do plan on leaving a tombstone account on G+ with forwarding information and last details, though I'll be removing most or all of my content eventually.

G+ was to an extent an experiment to see if I could participate on terms I was comfortable with in a large commercial social networking space.  The answer to that question has been found, and it is "no".

░░░░░███████ ]▄▄▄▄▄▄▄▄              Bob is building an army
   ▂▄▅█████████▅▄▃▂             ☻/  against Google Plus
Il███████████████████].      /▌    Copy and Paste this all over 
  ◥⊙▲⊙▲⊙▲⊙▲⊙▲⊙▲⊙◤..     / \    Youtube if you are with us!


I don't do IM / Google Chat / Hangouts.
They're horribly intrusive and annoying.

I've blocked them in the G+ UI.  I don't check them. 
I've disabled all access / invite privileges.  
I'm not ignoring you, I simply don't see you.

If you want to reach me directly, either send a private G+ post, or email me (
I may respond to one or the other of those.

I thought I had a comments moderation policy here.  Apparently I don't.  Apologies for the oversight.

 See my /r/dredmorbius subreddit policy for the general parameters.

In particular, if you're requested to provide references, or context for naked links (particularly multimedia Audio / Video), do so.

I don't mind opposing viewpoints.  Viewpoints must be substantiated on request.  Failure to substantiate, or engaging in disruptive tactics, is grounds for deletion and/or banning.

The arbitration policy for moderation disputes is:  Moderation battles are short and boring: the moderator wins.


"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged."  
 - Cardinal Richelieu (a/k/a  Armand Jean du Plessis, Cardinal-Duc de Richelieu et de Fronsac)

E pluribus unum


You can #Quack that:

Nature abhors a maximum.
 - William Ophuls

"Pseudonyms and anonymity are also an established part of many cultures -- for  good reason."
  - Alma Whitten, former Director of Privacy, Product and Engineering, Google

I am not Prince Hamlet, nor was meant to be;
Am an attendant lord, one that will do
To swell a progress, start a scene or two,
Advise the prince; no doubt, an easy tool,
Deferential, glad to be of use.

Somewhere, there are two kids in a garage building a company whose motto will be "Don't be Google".
Bragging rights
I don't exist. I'm not here.
Basic Information
Other names