Cover photo
Edward Morbius
Attends Krell Independent Study



Edward Morbius

Shared publicly  - 
Google secretly installs mic-enabling spyware / surveillance on all systems with Chrome or Chromium browsers

What the actual fuck?

Chromium, the open-source version of Google Chrome, had abused its position as trusted upstream to insert lines of source code that bypassed this audit-then-build process, and which downloaded and installed a black box of unverifiable executable code directly onto computers, essentially rendering them compromised. We don’t know and can’t know what this black box does. But we see reports that the microphone has been activated, and that Chromium considers audio capture permitted.

I've confirmed this is present and installed on my own Debian system and that my system mic (typically disabled / zeroed via software) was enabled. I may need to physically cut the circuit.

I also see a need to start firewalling off Google IP and network space.


I've been meaning to nuke Chrome for a while (fucking Stylebot's the monkey on my back). If I can eliminate all Google software from my Debian repos that's not too much.

Correcting one error in the article: Debian don't audit every line of code. There's too much, and the security team's too small. But Debian do have a policy and constitution, and key among the elements of that is that user rights come first.

Also: anyone with tips on physically disabling Thinkpad T520 mics, I'd appreciate the info.

+Yonatan Zunger +Andreas Schou +Lea Kissner +Larry Page +Sergey Brin +Eric Schmidt +Bradley Horowitz +Peter Kasting 

+Steve Faktor +Stephen Shankland +Dan Gillmor +Danny O'Brien +Danny Sullivan +Tess Vigeland 
Google Chrome listening in to your room shows the importance of privacy defense-in-depth. New column on Privacy News.

Yesterday, news broke that Google has been stealth downloading audio listeners onto every computer that runs Chrome, and transmits audio data back to Google. Effectively, this means that Google had taken itself the right to listen to every conversation in every room that runs Chrome somewhere, without any kind of consent from the people eavesdropped on. In official statements, Google shrugged off the practice with what amounts to “we can do that”.

It looked like just another bug report. "When I start Chromium, it downloads something." Followed by strange status information that notably included the lines "Microphone: Yes" and "Audio Capture Allowed: Yes".

Without consent, Google’s code had downloaded a black box of code that – according to itself – had turned on the microphone and was actively listening to your room.

This episode highlights the need for hard, not soft, switches to all devices – webcams, microphones – that can be used for surveillance. A software on/off switch for a webcam is no longer enough, a hard shield in front of the lens is required. A software on/off switch for a microphone is no longer enough, a physical switch that breaks its electrical connection is required. That’s how you defend against this in depth.

Early last decade, privacy activists practically yelled and screamed that the NSA’s taps of various points of the Internet and telecom networks had the technical potential for enormous abuse against privacy. Everybody dismissed those points as basically tinfoilhattery – until the Snowden files came out, and it was revealed that precisely everybody involved had abused their technical capability for invasion of privacy as far as was possible.

Perhaps it would be wise to not repeat that exact mistake. Nobody, and I really mean nobody, is to be trusted with a technical capability to listen to every room in the world, with listening profiles customizable at the identified-individual level, on the mere basis of “trust us”.
Noah Friedman's profile photoAlain Saint Amand's profile photoRich Bodo's profile photoAchraf Toussirt's profile photo
Followup: Google are apparently disabling Google Now on Chrome and elsewhere.

NB: one of the annoyances of my Samsung Tab A + Logitech keyboard, the <fn>-<alt> keypress toggles Google Now search, but is something I'm used to hitting for keyboard-based text selection. I enter this quite often without meaning to, and it's annoying. Every. Damned. Time.

Edward Morbius

Shared publicly  - 
Regarding recent breaking news events...

Which events? All of them.

On The Media's guide is quite useful to keep in mind.
Rampant misreporting following shootings and other breaking news events is so predictable that we unintentionally developed a formula for covering them.
Nate McD's profile photo

Edward Morbius

Shared publicly  - 
Soliciting suggestions for a Privacy curriculum -- texts, essays, videos, etc., addressing privacy as a right or doctrine or form of power

This is growing out of a discussion of Google Now launched by +Yonatan Zunger​.

I'm thinking that +Electronic Frontier Foundation​, #EPIC (the Electronic Privacy Information Center), #ACLU, and others might be interested. Other useful organisational affiliations you feel appropriate are welcomed in discussion.

Please re-share this post where you feel it's appropriate and direct comments to the original.

Ground rules: submissions or questions regarding sources / submissions / topics only. This isn't a discussion on the merits of privacy (provide references to your viewpoints) or on Google, Google Now, or any other extant services (those are welcome on my earlier post, linked below). Off-topic comments will be deleted.

I limit comments to Circled users only, and the G+ Android App doesn't allow for ready toggling of that setting. If you'd like to comment and cannot, message me directly and I'll add you.

(+Danielle Buckley​​ it'd be awfully convenient if it did, or better, if this were a per-post setting.)

#Privacy #PRISM #SurveillanceState #EdwardSnowden.
G+'s +Yonatan Zunger describes his new project, Google Now, and departure from his G+ chief architect role Google Now is an ambitious project to provide… - Edward Morbius - Google+
Frank Tell's profile photoEdward Morbius's profile photo
Kicking this off, some suggestions. I'll back-fill in more specific references / URLs later, but as a general guide.

Cory Doctorow, data as toxic / nuclear waste.

Yonatan Zunger, on forced disclosure / real names as an amplifier of existing power imbalances, i.e., it amplifies power for the empowered, further disempowers those lacking it.

Probably Bruce Schneier's Data and Goliath, and, hell, pretty damned near everything else he's written. (though extracting chapters would be useful).

Cardinal Richelieu. "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

Sun Tzu, Art of War, deceptions & information.

Almost certainly Machiavelli.

John Kenneth Galbraith on the notion of countervailling power.

+David Brin​​​'s Transparent Society.

Jeffrey Rosen's The Unwanted Gaze.

The Birth And Death Of Privacy: 3,000 Years of History Told Through 46 Images

This itself has numerous other references.

The Constitution of the United States, especially the 4th & 5th amendments.

The Universal Declaration of Human Rights.

Louis Brandeis, Right to Privacy, ~1890s?

First wiretapping statutes & court decisions, pro & con.

Various Internet Privacy Acts and arguments / discussions.

US FBI's COINTELPRO. Church Committee hearings.

Banking disclosure and privacy laws, regulations, and practices, US and elsewhere.

Plato, Pliney, Aristotle on privacy & sunshine.

Edward Morbius

Shared publicly  - 
The season has started -- behold the Christmas Marxdowns
Isaac Kuo's profile photoEdward Morbius's profile photo
+Isaac Kuo It's a revolutionary concept.

Edward Morbius

Shared publicly  - 
But who is eponymous named for?
Gran Dan's profile photoLev Osherovich's profile photoMarla Caldwell's profile photoEdward Morbius's profile photo
+Jon Eckberg Wouldn't a prononym be something which ends up replacing the name of its inventor? That they are then pinned with the name of their invention or creation?

Edward Morbius

Shared publicly  - 
On forecasting / measuring impact of scientific discovery

Otto von Guericke, author of the 1672 classic, Experimenta Nova Magdeburgica, an account of experiments being conducted in Magdeburg, Germany. This included a great deal on vacuums and other bits, and a single paragraph on some noodling around he'd done with a sulpher sphere to which he'd fitted a crank, and observed attraction of various objects, crackling noises, and, in the dark, a visible glow.

Not a whole lot of publishing output.

And yet, as James Burke writes in his 1978 book Connections: "It was enough to set off a century of discovery".

Presuming you're reading these words on something powered by electricity, you're reaping the benefits at this very moment.

So, just how is it we assess impact of scientific research again? At what stage of the game?

+Joerg Fliege​ because science, research, academic impact, and Germans.
John Poteet's profile photoJoerg Fliege's profile photoEdward Morbius's profile photoNate McD's profile photo
+Joerg Fliege Excellent commentary. Von Guericke's life and circumstance particulars are pretty fascinating. More at Wikipedia:

He was commanded by Frederick the Great to detail the findings of his experiments, perhaps one of the earlier forms of an academic journal writing, though in his case it was a book, summarising years of research.

I'm finding your UK research impact metrics reading fascinating (which probably speaks to some mental or psychological defect on my part), and simultaneously heartening and otherwise. Among first impressions, not only does it define positive attributes of impact, but it details what isn't considered high-impact work. Clarity of definitions (via negative definition) is useful, though I'll have to examine those to see if what's largely dismissed as scuttwork isn't really useful.

A friend of mine, back in the late 1980s, worked in a library and spent time at a Library of Congress repository facility, filing microform version of NTIS reports -- interim progress reports for nationally sponsored research, much of it comprising monthly or other episodic updates. Whether or not any of these were ever read, I cannot say.

Each microfiche card held up to 100 pages of reports, and even in a fairly modest set of filing cabinets, filing a room, there would have been millions of such pages.

The requirement of defending your use of research dollars itself suggests that a more efficient use would favour fewer, larger projects, which goes pretty much directly against the guidance of the NIH video you posted a few days ago -- more small projects == yet more time devoted to defending funding.

Edward Morbius

Shared publicly  - 
+Nick Alcock​: I had a nightmare last night: Donald Trump buys Google! G+ to be renamed to TrumpFace! Google Search to become simply "Trump"."

(From comment to +Noah Friedman​'s post)

Discuss: privacy implications.
Jeremy Nixon's profile photoNoah Friedman's profile photoNick Alcock's profile photoEdward Morbius's profile photo
+Jeremy Nixon Well, I'm sure you'd be shocked, shocked to learn that there'd be gambling allowed.

Edward Morbius

Shared publicly  - 
Why can I not interact in the following was with G+ Android App content?

1. Copy a specific link from a post or comment?
2. Copy specific text from a post or comment?
3. Individually zoom/expand link-associated images (actually, I've got the reason here, more below)?

These are all fundamental affordances of a native Web page. None are supported in the G+ app.

Oh, that huge-ass accidental-click-magnet target for links: that massively inflates G+ article referral statistics. Since a large portion (>50% in my own use) are accidental, this provides false relevance metrics to G+, which suggests again that the "feature" is aimed at individual G+ management metrics and not user experience.

Ping +Danielle Buckley​.
Edward Morbius's profile photoPer Siden's profile photo
+Edward Morbius yes, that's what I tried to say, haha.

Edward Morbius

Shared publicly  - 
Essay based on Jennifer Grannick's DefCon presentation this year

Twenty years from now,

• You won’t necessarily know anything about the decisions that affect your rights, like whether you get a loan, a job, or if a car runs over you. Things will get decided by data-crunching computer algorithms and no human will really be able to understand why.

• The Internet will become a lot more like TV and a lot less like the global conversation we envisioned 20 years ago.

• Rather than being overturned, existing power structures will be reinforced and replicated, and this will be particularly true for security.

•Internet technology design increasingly facilitates rather than defeats censorship and control.

It doesn’t have to be this way. But to change course, we need to ask some hard questions and make some difficult decisions.

Grannick is Director of Civil Liberties at Stanford Law School, and works (or worked) with the EFF.
Blackhat’s keynote speaker says it’s up to us to make sure the Net is our liberator, not our oppressor
2 comments on original post

Edward Morbius

Shared publicly  - 
G+'s +Yonatan Zunger describes his new project, Google Now, and departure from his G+ chief architect role

Google Now is an ambitious project to provide ubiquitous voice-accessed interfaces to Google Search and related services, as a sort of universal personal assistant. Among the closest analogs I can think of is the Librarian from Neal Stephenson's Snow Crash.

The trust elements of this, from the past few years' Google experience, is the biggest make-or-break factor. Google have previously proven staggeringly tone-deaf to concerns over privacy, appropriateness, and disclosure. There are some recent signs of shift here, but I'm far from convinced the lessons have been learned.

Yonatan describes his new role with the project in a recent post:

There's been plenty written about both always-on mics and centralised data stores. Some in the past five years. Some in the past 50. Prior art goes back variously 500 to 5,000. I'd suggest constructing a bibliography / syllabus, making it required team reading, and sharing it with the rest of us. I'll be happy to contribute to sources, though I've got to think about that a bit myself. The conflicts posed between Bruce Schneier and David Brin on the Surveillance Society, and Yonatan's own essay (still on what's been left unobscured by recent service changes on my G+ profile I believe) on the relationship between power and anonymity, are going to be key.

The lessons of Google Glass and its various "creep factors" should be instrumental. Compare the Google promo video (skydiving, acrobats, roller coasters) with the one indellible image: Robert Scoble in the shower. (My apologies for reviving that image.)

Glass recording video and imagery was a key concern. Mics are another, and, well, they're all over the place, but Google does and will draw fire for this. In large part because it provides a One Large Dump archive.

(I should add that provisioning of a similar service from any of the major US telcos, all of whom appear to be fully in the palm of national security and law enforcement apparatus, would be an even bigger non-starter. AT&T, Verizon, or Sprint offering such capabilities would be DOA. T-Mobile very probably so. Trust in any of these organisations is effectively nil, or more accurately, negative.)

What Google Now does with other people's data is a key issue. See Benjamin Mako Hill's essay on Google having most of his mail because it has all of yours. Or Facebook likely having much information on me despite no personal use of it. Or how electronic address books are treated by many systems and sources (Android apps being a particular level of concern).

A poorly-remembered construct is that Privacy isn't so much about what you can do as what you will or won't do. It's a highly social construct. Another book: The Unwanted Gaze, by Jeffrey Rosen, is another bit of highly recommended reading:

Schneieder and Eben Moglen have both pointed out that services which provided highly centralised access to data and materials are exceptionally attractive targets. They also become possible sources of unanticipated compromise -- the Dutch practice of recording religious affiliation, for example, in the early 20th century. Not a concern, until a hostile takeover of that enterprise led to it falling into another organisation's hands with different motives and concerns: Nazi Germany used the registry to round up Jews, including Anne Frank's family.

Among counterarguments is that such services can offer stronger security than those of smaller/weaker and/or individual/personal service provisioning. My concern is that the aggregation itself poses systemic risks which cannot be engineered around, and that ultimately systems which provide such capabilities on a distributed and/or personal basis are highly preferred. Putting work into building those systems, and finding a viable business case for them (the largest challenge IMO) is key.

Any system, distributed or otherwise, has to deal with the self-sabotaging behavior of users themselves. As I've said repeatedly, in part from experiences getting locked out by Google (though also other services): "Who are you?" is proving to be the most expensive question in information technology. No matter how you get it wrong, you're screwed.

I lean toward systems in which you simply don't need to ask that. Implementation details are left as an excercise to the reader….

A few years back I did my first extensive travelling with an early-generation smartphone. The advantages to having Google in my pocket, and access to maps, local information, links to comms for immediate contact, etc., were immediately and powerfully obvious. Even for more mundane uses the technology is powerful -- local comms and query capabilities utterly change the experience of using public transit, for example (even with highly imperfect systems).

The risks as well.

I no longer use a smartphone, and often travel without any phone. I've an Android tablet, and it's useful, but as with my first Android phone, represents some pretty grudging trade-offs between privacy, and security risks, and utility. The pain points of improving the score are fairly high. Again, what appears lacking is a credible business model. The motivations and incentives of the present Android app marketplace are actively hostile to privacy, security, and general respect for the public's interests.

Which suggests that among the best things that could be done to enhance privacy, and, incidentally, trust, would be to make privacy-promoting systems and services more attractive commercially, to both vendors and the public.

Which if that were a task I could arbitrarily allocate Yonatan's talents, I'd like to see happen.

Republished by Slate. Translations available in French (Français), Spanish (Español), Chinese (中文) For almost 15 years, I have run my own email server which I use for all of my non-work corresponde...
William Rutiser's profile photoMoshe Vardi's profile photoSaravanan Thirumuruganathan's profile photoAdriano Holanda's profile photo
+Frank Tell And Barbie Hello....

Edward Morbius

Shared publicly  - 
There is no de-coupling between GDP growth, energy and resource usage. So how do we get to sustainability?

From a comment earlier in the year. "Yes, we will have completely changed mankind's approach to global economics by turning the quest for endless growth into the quest for endless sustainability by 2115" #22C
Economic growth is tearing the planet apart, and new research suggests that it can’t be reconciled with sustainability
1 comment on original post
Steve S's profile photoEdward Morbius's profile photoMarla Caldwell's profile photoJulien Baboud's profile photo
We just need to find a way to emigrate to parallel universes. Problem solved.
Edward's Collections
Technological Archaeologist
I'm strongly reconsidering participation in G+ following the YouTube Anschluss, November 2013.  Content subject to deletion at any time.

Comments privileges on my posts are limited.  Email me if you cannot comment and would like to be added.

Google have time and again violated several key principles:

Respect.  Of my time, my attention, my expressly stated desires, and most of all, my intelligence by repeating these and other insults time and again.

Trust. I will share very limited slices of me online.  Time and again Google reached for more, and time and again I had to push back.  This last violation (which, had I not already gone fully pseudonymous would have fully outed me as it did others) was one step too far.  I extend trust once, not twice.

Privacy.  This is the immediate concern here, and I've tried to create a walled space within which I can act.  I no longer feel safe to act there.

This incident again has made painfully clear that Google don't understand the fundamental nature of privacy, of social norms, and of spaces.  Of the desire for individuals to keep different aspects of their life and online activity, even within a single pseudonymous identity, separate.  Yes, there are some smart people at the Plex, but socially, you're collectively beyond retarded.  And I no longer care.

I'm actively looking for alternative platforms to use.  
For the time being I'm retaining the Gmail account associated with this ID ( though I'll be migrating that as well (and am accepting recommendations).  Correspondents are strongly encouraged to use my GPG key:  C210 9883 FFB4 3AC1 DEBF  9A2C AC6F 1E84 420A B7BD

I may be found:

As "dredmoribus" on Reddit:  

Primary content and engagement on "the dreddit", a/k/a Dr. Edward Morbius's lair of the Id.

On the subreddit   My primary publishing point for now.

Blogging on DreamWidth: (presently inactive)

All of which is subject to change, of course (though Reddit's likely to be a good contact).

RSS/Atom feeds for the above are:
Feel free to drop those in your newsreader of choice.  It's a bit clunky, but notably less so than G+ itself is.

I do plan on leaving a tombstone account on G+ with forwarding information and last details, though I'll be removing most or all of my content eventually.

G+ was to an extent an experiment to see if I could participate on terms I was comfortable with in a large commercial social networking space.  The answer to that question has been found, and it is "no".

░░░░░███████ ]▄▄▄▄▄▄▄▄              Bob is building an army
   ▂▄▅█████████▅▄▃▂             ☻/  against Google Plus
Il███████████████████].      /▌    Copy and Paste this all over 
  ◥⊙▲⊙▲⊙▲⊙▲⊙▲⊙▲⊙◤..     / \    Youtube if you are with us!


I don't do IM / Google Chat / Hangouts.
They're horribly intrusive and annoying.

I've blocked them in the G+ UI.  I don't check them. 
I've disabled all access / invite privileges.  
I'm not ignoring you, I simply don't see you.

If you want to reach me directly, either send a private G+ post, or email me (
I may respond to one or the other of those.

I thought I had a comments moderation policy here.  Apparently I don't.  Apologies for the oversight.

 See my /r/dredmorbius subreddit policy for the general parameters.

In particular, if you're requested to provide references, or context for naked links (particularly multimedia Audio / Video), do so.

I don't mind opposing viewpoints.  Viewpoints must be substantiated on request.  Failure to substantiate, or engaging in disruptive tactics, is grounds for deletion and/or banning.

The arbitration policy for moderation disputes is:  Moderation battles are short and boring: the moderator wins.


"If one would give me six lines written by the hand of the most honest man, I would find something in them to have him hanged."  
 - Cardinal Richelieu (a/k/a  Armand Jean du Plessis, Cardinal-Duc de Richelieu et de Fronsac)

E pluribus unum


You can #Quack that:

Nature abhors a maximum.
 - William Ophuls

"Pseudonyms and anonymity are also an established part of many cultures -- for  good reason."
  - Alma Whitten, former Director of Privacy, Product and Engineering, Google

I am not Prince Hamlet, nor was meant to be;
Am an attendant lord, one that will do
To swell a progress, start a scene or two,
Advise the prince; no doubt, an easy tool,
Deferential, glad to be of use.

Somewhere, there are two kids in a garage building a company whose motto will be "Don't be Google".
Bragging rights
I don't exist. I'm not here.
  • Krell Independent Study
    1610 - present
  • Timelord University
    (Date of coursework irrelevant.)
Technological Archaeologist
Basic Information
Other names