Slashdot Mirror

← Back to Domains

Domain: google.com

Stories and comments across the archive that link to google.com.

Stories · 3,747

  1. Icelandic Court Rules: Wikileaks Will Get Contributed Credit Card Money

    Yro · Money · · posted by timothy · from the this-page-is-in-icelandic dept. · 168 comments
    New submitter mordur writes "An Icelandic District Court has ordered the payment processing company Valitor to immediately reopen the merchant account (Icelandic original) of DataCell and start processing credit card payments for the Wikileaks organization. Noncompliance on behalf of Valitor will result in daily fines of ISK 800.000 (approx. USD 60.000). Under pressure from the USA based international credit card companies, Valitor stopped all service to DataCell, and thus to Wikileaks, just hours after having started processing payment in July 2011. The court found that Valitor had failed to prove that the processing of payments for Wikileaks was contrary to the business policies of the international credit card companies, nor had the company proved that DataCell was in breach of the service agreement between the companies by serving Wikileaks."

  2. Google Releases Android 4.1 Source Code

    News · Android · · posted by Unknown · from the getting-better-each-time dept. · 211 comments

    Unlike previous releases, where months passed between Google announcing a new version and the code being released, Google has made good on their promise to release the source code to Jelly Bean in record time. Unfortunately, the gitweb instance on kernel.org is still down so you'll have to download the entire thing to take a peek. Hopefully the Cyanogenmod team will find time to start on a community enhanced version soon.

  3. Google Releases Android 4.1 Source Code

    News · Android · · posted by Unknown · from the getting-better-each-time dept. · 211 comments

    Unlike previous releases, where months passed between Google announcing a new version and the code being released, Google has made good on their promise to release the source code to Jelly Bean in record time. Unfortunately, the gitweb instance on kernel.org is still down so you'll have to download the entire thing to take a peek. Hopefully the Cyanogenmod team will find time to start on a community enhanced version soon.

  4. Criminals Distribute Infected USB Sticks In Parking Lot

    It · Security · · posted by Unknown · from the our-dear-friend-social-engineering dept. · 298 comments
    New submitter sabri writes "The Dutch news-site Elsevier is reporting that cybercriminals attempted to steal data from a multinational chemicals company by 'losing' spyware-infected USB sticks on the company's parking lot. Their attempt failed as one of the employees who found the stick dropped it off at the company's IT department, who then found the spyware and issued a warning. So next time, don't expect to find someone's dirty pictures on a USB stick you just found..."

  5. Controlling Linux Using an Android Phone As Mouse, Keyboard, and Gamepad

    Hardware · · posted by timothy · from the purely-awesome dept. · 93 comments
    beefsack writes "Miniand have demonstrated how to control Linux using a Samsung Galaxy S2. Using an MK802 with the ARM build of Droidmote server bundled into an MK802 Lubuntu image with uinput enabled, Miniand demonstrates (video) using an Android phone as a keyboard, mouse, and gamepad over Wi-Fi to the device." Update: 07/10 00:07 GMT by U L : reader ancienthart pointed toward Premotedroid, an (possibly, I could find no license in the code but the code is there) open source alternative.

  6. Japanese 13-Year-Old Arrested For Virus Creation

    Yro · Japan · · posted by timothy · from the at-least-it's-not-singapore dept. · 150 comments
    An anonymous reader writes "Last year, Japan criminalized virus creation and just saving a virus on [one's] own computer. According to Yomiuri Shimbun, Kyoto police have arrested a 13-year-old (Japanese language original), second grade of junior high school student from Tokyo, for allegedly creating a computer shutdown virus and operating an exchange board of hackers. Kyoto police also arrested a 23-year-old construction worker for allegedly teaching how to make a virus on their board and saving a virus on his computer."

  7. China Begins Stockpiling Rare Earths, Draws WTO Attention

    Hardware · Business · · posted by timothy · from the stockpiling-is-the-pejorative-for-conserving dept. · 227 comments
    eldavojohn writes "A report by China Securities Journal claims that China is now stockpiling rare earths although it has not indicated when this stockpiling started. Many WTO members have complained about China's tightening restrictions on exports of rare earths while China maintains that such restrictions are an attempt to clean up its environmental problems. A WTO special conference scheduled for July 10th will hopefully decide if China's restrictions are unfair trade practices or if the US, the EU and Japan are merely upset that they can't export their pollution and receive rare earths at low prices. Last year, China granted its mining companies the right to export 30,200 tons but in actuality only 18,600 tons were shipped out of country."

  8. World's Hardest Sudoku

    Games · Math · · posted by Soulskill · from the addition-is-tricky dept. · 179 comments
    jones_supa writes "A Finnish PhD in mathematics, Arto Inkala, has allegedly created the world's toughest sudoku puzzle. 'There's no straightforward way to define the difficulty level of a sudoku. I myself doubt if this is the hardest in the world, but definitely harder than my previous ones,' Inkala sets off humbly. The news agencies around Europe are nonetheless excited (Google translation of Finnish original). The particular difficulty in this version lies in the number of deductions you have to make in order to fill in a single number on the grid. 'It is a common misconception that the less initial numbers, the harder the puzzle. The most challenging ones have 21-25', the creator adds."

  9. Google Killing Off Mini, Video, and iGoogle

    Tech · Google_Fb · · posted by Soulskill · from the bulldozing-an-old-playground dept. · 329 comments
    New submitter Trashcan Romeo writes "Three years ago, it accounted for 20% of all visits to Google's home page. Two years ago, Lifehacker readers voted it the best start-page service. Today it was announced that iGoogle will be retired — or in the company's parlance, 'spring cleaned' — on November 1, 2013." Google Video is also getting the axe this summer. It hasn't accepted new videos since 2009, and all of the old ones will be migrated to YouTube. The company is also getting rid of Google Mini, Talk Chatback, and their Symbian search app.

  10. Is the Google Nexus Q Subtraction by Subtraction?

    Hardware · Google_Fb · · posted by timothy · from the 33-LEDs-for-maximum-multimedia-masonic-mystery dept. · 128 comments
    Once upon a time, it was easy to characterize Google’s domain and business model: they provided well-organized internet search results through a simple, friendly interface, and made money through targeted advertising. Over the years, the company has grown more complex even faster than has the — still admirably spare — Google home page, as it’s either assimilated or originated all kinds of adjuncts to pure search. The Nexus Q, as the company’s first-ever fully home-grown consumer electronics product (as opposed to Google-branded but jointly developed phones and tablets) shows just how far that path has led, and hints at cooler things to come. By default, though, the device is severely limited, intended basically as an overqualified gateway to content stored at Google’s Play media store, or at (Google-controlled) YouTube. And if that weren’t constrained enough, it requires another Android device (phone or tablet, say) as a remote control. The Q is equipped with impressive hardware internally, though, which might soon be exploited with software more flexible than that which comes loaded. The Q was announced at the recent Google I/O conference, and instantly drew both admiring gasps and dismissive chortling. The case is distinctively odd: it looks a bit like a Death Star the size of a Magic 8 Ball, with an equator lit by a string of 32 LEDs, with a bit sliced off to provide a base. You can link it to an HDMI-equipped screen with a longer cable, if you’d like, but you won’t be stacking anything on top. It combines a fast processor, a 1GB chunk of RAM, and 16GB of solid-state storage with an integrated power supply (which means no wall wart) and — probably the most interesting of its hardware features — a built-in stereo amplifier, described as 12.5 watts per channel, or (a bit coyly) as “25W.”

    Aside: Since stereo amps are commonly described by their per-channel rating (so a “100 watt stereo amp” doesn’t typically mean 50 watts per *channel* but rather “100 watts per channel), I’m glad the specs at least call this out in the same size of typeface. They should also specify the total harmonic distortion when driven at their rated power; that’s one place that other class D amps especially tend toward misleading figures. (I’ve asked Google to supply this information.) On the other hand, it’s worth mentioning that a decent 12.5W/channel isn’t necessarily something to sneeze at. Just because some receivers have 7 or more channels and behemoth claimed power ratings, with efficient speakers just a few watts can fill any less-than-cavernous room with decent sound, especially if it won’t be pushing giant bass drivers. Google recommends bookshelf speakers as a good match, which makes sense both because they tend toward efficiency and small-to-medium rooms and because users with more complex systems probably don’t want to be tied to the internal amplifier anyhow.

    With a dual-core Cortex A9 and a full gig of RAM, this is severalfold more capable than a mere gadget needs to be — or, rather, it *could* be more capable. Which brings me to this: biggest problem I see with the Q isn’t the price, even though a lower price would no doubt bring it closer to an impulse buy for more people.

    No, The real drawback to an eccentrically shaped, limited purpose, $300 piece of home entertainment gear is that it’s got to overcome a raft of competitive alternatives as well as wallet friction. This is the electronics version of “Extraordinary claims require extraordinary evidence.” The total worth of owning it has to compensate (and then some) for not using the same money on other stuff — or simply saving it, and particularly for the risk that for all its potential the Q will end up orphaned. (See also, Chumby.)

    By restricting the feature set to Google’s own media store, Google is placing a bet that users (enough of them, at least) will be satisfied with that as their sole source, and guaranteeing a revenue stream. They’ve also bet at least some small piece of the farm that users will appreciate what strikes me as a hyper-specific music-sharing scenario. As demonstrated on the I/O stage, multiple users with Android devices as controllers can each add items to the device’s playlist, and take advantage of predictive search to find more items that might appeal. This “social streaming” is nifty, but requires a fiddly involvement in the “play music over speakers” process than typical users might find tiresome and twee, and it limits the in group with control of the device to Android users. That cuts out the huge chunk of smartphone users with some version of That Other Phone. It’s hard to know to predict sometimes what will become popular enough to spawn massive sales (cf Pet Rocks, hula hoops, and Scientology), but based on that demo this seems like a feature likely to be disproportionately enjoyed by Silicon-Valley style tech-heads rather than typical (“mere”) users.

    It looks flexible with that collection of parts and ports, though, and Google’s explicitly announced that hacking is encouraged, which sounds impressive and provides hope that the 16GB of storage will have a use more interesting than as a giant cache. It’s easy to come up with cool scenarios for a tiny computer-with-amplifier, from zone controller for a flexible home audio system to the brains of a lightweight browsing station (perhaps with a purpose-built version of Cyanogen Mod?) or a home-control infobot like 3com's short-lived Audrey. A security system or weather app (think of a display for weather sensors mounted outside the house, coupled with a crowdsourced alert system for severe weather, and grabbing data from Weather Underground, too) would make it more appealing to me. The multicolor LED band could serve the same function that Ambient Devices pushed for its connected gadgets that used color and other indicators to convey information based on data streams from stock tickers to holiday calendars. Liliputing reports on some partial success in loading Android apps, but heavy on the partial: getting a game to appear on screen isn’t the same as being able to play it.

    Why so difficult? Besides the lack of a touch-screen input, the version of Android 4.0 on the Q isn’t the does-everything Ice Cream Sandwich that many users are used to. The Nexus series of phones and tablets has first-class access to a collection of hundreds of thousands of apps; for the Q, exactly three apps are listed in the specs: Google Play Music; Google Play Movies and TV; and YouTube.

    Until a greater selection of apps appears (whether from outside developers or from Google), the Q’s software is pared down to a degree likely to frustrate users who are used to playing all kinds of media from other devices — including smartphones that aren’t even as musically gifted on the hardware side.

    In some ways, and especially with the intentionally sparse software set, Google will be competing with itself with this device, especially for users who’d rather employ separate sound amplification: the current generation of Chromebook plays streaming video just fine (and has a screen and a keyboard), and does a lot more besides. If you want to hook up to a larger screen permanently and thus don’t need a smaller one at all, the Samsung-made Chromebox costs only about 10 percent more, and seems a more flexible choice, since besides being a full-featured web-centric smart client, the Chromebox outputs video via a (full sized, no less!) HDMI port, and will play content from providers other than Google’s Play, like Netflix and Vimeo — and that’s just for video sources — as well as from locally stored media. Similarly, Google TV hardware fills much of the same niche, and it comes with a browser.

    Also in competition, of course, are dedicated network media players from Boxee, Roku, and Apple, and (at prices that start a touch lower, thanks to the subsidize-then-sell-games business model) consoles like Microsoft’s Xbox 360. All of these offer a mature interface for streaming music and movies that might be less state of the art and exotic than the Q’s, but more accessible and more flexible.

    I do have an Android phone, and have been considering a Roku box; now, I’m planning to set up the Q with a set of bookshelf speakers to see how livable (or frustrating) it turns out to be. I hope that the touted hackability means that its capabilities really do get a boost soon from tinkerers: for this Death Star, that may be the only hope.

  11. Cubify 3D Printers Aren't Just for Squares (Video)

    Idle · · posted by Roblimo · from the plastic-goodies-for-the-whole-world dept. · 134 comments
    There are other 3D printers out there, but Cubify claims theirs is easier to use, has easier cartridge changes, and is all-around nicer and cooler than their competition. And Timothy Lord found them at Google I/O 2012, which means Google thinks they're cool, too. Wow. At only $1300 for their basic model (plus $50 each for the plastic "print" cartridges), every home should have one of these. Or maybe two or three. Or maybe Hackerspaces will buy all of them, and that's where we'll go to satisfy our lust for 3D printing.

  12. Google Trying New Strategy to Fix Fragmentation

    Tech · Android · · posted by samzenpus · from the lets-stay-together dept. · 355 comments
    CWmike writes "Google announced a new version of Android this week with some impressive new features, but it's unclear if it's done enough to solve a problem that has dogged its mobile OS: fragmentation. Even as it announced the imminent launch of Android 4.1, or Jelly Bean, the majority of users are still running Gingerbread, which is three major releases behind. According to Google's own figures, just 7 percent are running the current version, Ice Cream Sandwich, which launched last October. That means apps that tap into the latest innovations in the OS aren't available to most Android users. It also means developers, the lifeblood of the platform, are forced to test their apps across multiple devices and multiple versions of the OS. So when Google's Hugo Barra announced a Platform Developer Kit during the opening keynote at I/O this week, the news was greeted with applause. The PDK will provide Android phone makers with a preview version of upcoming Android releases, making it easier for them to get the latest software in their new phones. But is the PDK enough to secure for developers the single user experience for big numbers of Android users that developers crave? In a 'fireside chat' with the Android team, the packed house of developers had more questions about OS fragmentation than Google had answers."

  13. GLIBC 2.16 Brings X32 Support, ISO C11 Compliance, Better Performance

    News · Gnu · · posted by Soulskill · from the new-and-shiny dept. · 95 comments
    An anonymous reader writes "The GNU C Library version 2.16 was released with many new features over the weekend. The announcement cites support for the Linux x32 ABI, ISO C11 compliance, performance improvements for math functions and some architectures, and more than 230 bug fixes."

  14. Android-Controlled Battle Robots Go To War (Video)

    Features · Android · · posted by Roblimo · from the using-your-tablet-as-an-instrument-of-destruction dept. · 41 comments
    Let's pretend for a moment that your name is Google. You want to have lots of developers working with your stuff. So you hold a Google Input|Output 2012 event. You have Sergey Brin showing off Google Glass, but most of your show consists of talks with titles like Integrate Web Intents into Your Web Application Today and What's New in Android?... which is all great fun, but also a tad boring. Luckily, somebody at Google piped up and said, "I know! We need Android-controlled fighting robots!" And they contacted the Stupid Fun Club, and Lo! There were Android-controlled robots fighting on the show floor, and all was right with the world.

  15. Android-Controlled Battle Robots Go To War (Video)

    Features · Android · · posted by Roblimo · from the using-your-tablet-as-an-instrument-of-destruction dept. · 41 comments
    Let's pretend for a moment that your name is Google. You want to have lots of developers working with your stuff. So you hold a Google Input|Output 2012 event. You have Sergey Brin showing off Google Glass, but most of your show consists of talks with titles like Integrate Web Intents into Your Web Application Today and What's New in Android?... which is all great fun, but also a tad boring. Luckily, somebody at Google piped up and said, "I know! We need Android-controlled fighting robots!" And they contacted the Stupid Fun Club, and Lo! There were Android-controlled robots fighting on the show floor, and all was right with the world.

  16. Android-Controlled Battle Robots Go To War (Video)

    Features · Android · · posted by Roblimo · from the using-your-tablet-as-an-instrument-of-destruction dept. · 41 comments
    Let's pretend for a moment that your name is Google. You want to have lots of developers working with your stuff. So you hold a Google Input|Output 2012 event. You have Sergey Brin showing off Google Glass, but most of your show consists of talks with titles like Integrate Web Intents into Your Web Application Today and What's New in Android?... which is all great fun, but also a tad boring. Luckily, somebody at Google piped up and said, "I know! We need Android-controlled fighting robots!" And they contacted the Stupid Fun Club, and Lo! There were Android-controlled robots fighting on the show floor, and all was right with the world.

  17. Google I/O Day Two

    Tech · Google_Fb · · posted by samzenpus · from the twice-as-nice dept. · 46 comments
    Yesterday Timothy was at Google I/O watching the keynote but there is still plenty of announcements on day two. Today's first big theme: Chrome. Tim reports: "Brian Rakowski VP for (and inventor of) Chrome, shows device transferability among devices of tabs, bookmarks, with a multi-part contrived story, looking at his opened tabs from home and work, etc. from a phone running Chrome. Not only can open tabs from there, but (and this is cool), 'we've made sure the back button works as well.' So you can open a page from a different computer, and have the browsing history of that tab as well. This Chrome syncing affects settings, bookmarks, etc. Also, for those transferred tab pages, pre-loading! So when you click on a tab, it's been loading and now should be read, BAM." As before we'll be updating the story live (below the fold) with his updates as they stream in. Update: by Sam : And now the big One More Thing from Rokowski: iOS version is here. "Later today, Chrome will be rolling out in the Appstore." Works as it does on other devices -- nicely draggable, etc. "Makes browsing the web on your iPhone really fun." After showing iPhone, says "While we were at it ..." And Yep, on the iPad, too. More space to work with there.

    Shows that syncing works here, too: his other devices' tabs and bookmarks are all listed. And (nice); credentials, too, are synced and auto-filled across devices. So a NYT login can work if you were logged in to it on an another device, even if you've never logged in there on the one you're using now.

    Incognito ("a feature near and dear to my heart") works, too: Scattered laughter at "I hope you find that using incognito on a touch device is a great experience."

    Going Google: Pichai talks up the use of the Google Apps infrastructure, throws out some stats for adopters: Govt. agencies in 45 states, 66 of top 100 univs, and over 5m businesses. A few cute commercials follow: a business meeting via Google, and a few funny examples of multi-person collaboration (Hall and Oates coming up, word by not-quite-right word, with the line "Oh, oh, here she comes, she's a man eater").

    Next big topic: Google Drive. Example shown of searching text stored on Google Drive, from an iPad -- for the words "certified mail." Only, and this is the applause point, those words weren't stored as text: they were in a scanned document, which Google has OCR'd.

    More applause for the next step: "It works for things that aren't even text." Searches for "pyramid," knowing he has some pictures taken in Egypt (but not tagged or labeled); up comes the pyramid he was looking for, also automatically tagged for content just based on the image itself. it's a demo, but even with the skepticism that should invite, it's impressive.

    Demo next of showing multiple logins to Google Drive (hard to not call it Google Docs); shows that updating on a laptop instantly, smoothly updates the same document open on a phone's screen.

    And, bigger news: Google apps now work offline. (Hoots of joy from the audience.) Gives an example of working offline (unplugs ethernet, shows New York Times is unreachable as proof), saving, closing Chrome, reconnecting to a network, and on network reconnection, the offline changes are pushed, synced across devices.

    Works on Windows, Mac, iOS, ChromeOS, "all your devices" says Pichai. What about Linux? Editing docs work, and ChromeOS has Linux core, but what about Ubuntu, Red Hat / Fedora, etc? I'd like these to be 1st-class options.

    Chromebook updates: "We're very excited by the new model we're working on" -- 3x faster than early Chromebooks. Also, as of today, to be available in retail outlets, in particular at 100 Best Buy locations "all across the country."

    Google's 1st VP of engineering Urs Hoelzle, talks about App Engine, says "we want to give everyone out there the kind of infrastructure we have at Google." Throws out more stats: 1 million active apps; 7.5 billion hits/day. Announces Google Compute Engine: on-demand (Linux?) virtual machines. Screaming and standing from audience: "You haven't seen anything yet." His bullet points: "Scale, Performance, Value" are a bit business-pamphlet cliche sounding -- even includes the line "Passing these savings on to you." But neat stuff.

    Compares in-house 1000-core cluster (more figures comparing cost would have been good) to 10,000 core, doing genomics research, finding likely matches in a large dataset. Instead of waiting 10 minutes between matches found by the algorithm, connected to virtual machines of Compute Engine, the displays illustrates with moving lines and clicks a new match ever few seconds.

    A few minutes later, he reveals that a mysterious counter in the background (counting up, reaching large numbers) is showing the cores available to the genome research project of the first example. Switching back to that, the illustrated matches are now clicking like castanets, the lines per-match are filling the display.

    Back to Pichai, Evolution of Chrome apps:
    • always avaliable
    • authentic app experience
    • enhanced device access (this mostly for developers, of course.) Making sure that apps can access and use all the capabilities of the device they're running on.

    Now, 2 performers from Circ du Soleil on stage, while images from their shows play in the background; I wonder where this is going to go.

    Demo is a preview: a surreal game / VR world with complex, photo-realistic gymnasts and layers of flowers moving in 3D space, built in HTML with CSS animations / filters. Fast; the high-res video, controlled in real time by using a camera -- user turning head, or shifting body, serve as controller. "Wonderfully portable" -- works just as well on a tablet, vs. a conventional browser.

    Says casually that this is running on a Chromebook -- that I think should have drawn big applause, but didn't.

    New Chromebox flashed on screen, Pichai exits rather abruptly with a plea for the gathered developers to keep making cool apps, and now ... on video, we're back to the same rooftop where yesterday wing-suited skydivers landed on the roof. Sergey is wearing his Glass headset, and they switch occasionally to his (low rez, view). It looks like they're going to repeat the jump, but with more explanation: Sergey is walking around the roof, demoing how they tracked those jumpers and maintained network connection to their transmitted video -- looks like around a dozen people wrangling parabolic antennas at the edge of the roof, trying to catch those signals. In the background (this is much cleaner than Caligula, but nearly as extravagant), the trick bikers are rolling around the roof, warming up with small tricks. :For those of you in downtown San Francisco," he says, "this would be a good time to peek out your windows."

    We're occasionally switched to a view of the inside of the blimp, and another shot of the outside, and are promised a countdown. 30 second count-down about to start. Lucky, they say, that the fog is holding back.

    The starship Heart of Gold! They're in the air, to massive applause, flying and weaving ... the 3d chute opens, with a puff of smoke; Sergey provides an explanation -- that gives a cue for the folks with antennas about how to aim them. One chute down! All chutes down; Camera following around Sergey falls, he makes a wounded sound "awww!" but it's picked up quickly. Or wait, was that his Glass headset that fell? Maybe so. Now he's switched to the sun-glass version.

  18. Google I/O Day Two

    Tech · Google_Fb · · posted by samzenpus · from the twice-as-nice dept. · 46 comments
    Yesterday Timothy was at Google I/O watching the keynote but there is still plenty of announcements on day two. Today's first big theme: Chrome. Tim reports: "Brian Rakowski VP for (and inventor of) Chrome, shows device transferability among devices of tabs, bookmarks, with a multi-part contrived story, looking at his opened tabs from home and work, etc. from a phone running Chrome. Not only can open tabs from there, but (and this is cool), 'we've made sure the back button works as well.' So you can open a page from a different computer, and have the browsing history of that tab as well. This Chrome syncing affects settings, bookmarks, etc. Also, for those transferred tab pages, pre-loading! So when you click on a tab, it's been loading and now should be read, BAM." As before we'll be updating the story live (below the fold) with his updates as they stream in. Update: by Sam : And now the big One More Thing from Rokowski: iOS version is here. "Later today, Chrome will be rolling out in the Appstore." Works as it does on other devices -- nicely draggable, etc. "Makes browsing the web on your iPhone really fun." After showing iPhone, says "While we were at it ..." And Yep, on the iPad, too. More space to work with there.

    Shows that syncing works here, too: his other devices' tabs and bookmarks are all listed. And (nice); credentials, too, are synced and auto-filled across devices. So a NYT login can work if you were logged in to it on an another device, even if you've never logged in there on the one you're using now.

    Incognito ("a feature near and dear to my heart") works, too: Scattered laughter at "I hope you find that using incognito on a touch device is a great experience."

    Going Google: Pichai talks up the use of the Google Apps infrastructure, throws out some stats for adopters: Govt. agencies in 45 states, 66 of top 100 univs, and over 5m businesses. A few cute commercials follow: a business meeting via Google, and a few funny examples of multi-person collaboration (Hall and Oates coming up, word by not-quite-right word, with the line "Oh, oh, here she comes, she's a man eater").

    Next big topic: Google Drive. Example shown of searching text stored on Google Drive, from an iPad -- for the words "certified mail." Only, and this is the applause point, those words weren't stored as text: they were in a scanned document, which Google has OCR'd.

    More applause for the next step: "It works for things that aren't even text." Searches for "pyramid," knowing he has some pictures taken in Egypt (but not tagged or labeled); up comes the pyramid he was looking for, also automatically tagged for content just based on the image itself. it's a demo, but even with the skepticism that should invite, it's impressive.

    Demo next of showing multiple logins to Google Drive (hard to not call it Google Docs); shows that updating on a laptop instantly, smoothly updates the same document open on a phone's screen.

    And, bigger news: Google apps now work offline. (Hoots of joy from the audience.) Gives an example of working offline (unplugs ethernet, shows New York Times is unreachable as proof), saving, closing Chrome, reconnecting to a network, and on network reconnection, the offline changes are pushed, synced across devices.

    Works on Windows, Mac, iOS, ChromeOS, "all your devices" says Pichai. What about Linux? Editing docs work, and ChromeOS has Linux core, but what about Ubuntu, Red Hat / Fedora, etc? I'd like these to be 1st-class options.

    Chromebook updates: "We're very excited by the new model we're working on" -- 3x faster than early Chromebooks. Also, as of today, to be available in retail outlets, in particular at 100 Best Buy locations "all across the country."

    Google's 1st VP of engineering Urs Hoelzle, talks about App Engine, says "we want to give everyone out there the kind of infrastructure we have at Google." Throws out more stats: 1 million active apps; 7.5 billion hits/day. Announces Google Compute Engine: on-demand (Linux?) virtual machines. Screaming and standing from audience: "You haven't seen anything yet." His bullet points: "Scale, Performance, Value" are a bit business-pamphlet cliche sounding -- even includes the line "Passing these savings on to you." But neat stuff.

    Compares in-house 1000-core cluster (more figures comparing cost would have been good) to 10,000 core, doing genomics research, finding likely matches in a large dataset. Instead of waiting 10 minutes between matches found by the algorithm, connected to virtual machines of Compute Engine, the displays illustrates with moving lines and clicks a new match ever few seconds.

    A few minutes later, he reveals that a mysterious counter in the background (counting up, reaching large numbers) is showing the cores available to the genome research project of the first example. Switching back to that, the illustrated matches are now clicking like castanets, the lines per-match are filling the display.

    Back to Pichai, Evolution of Chrome apps:
    • always avaliable
    • authentic app experience
    • enhanced device access (this mostly for developers, of course.) Making sure that apps can access and use all the capabilities of the device they're running on.

    Now, 2 performers from Circ du Soleil on stage, while images from their shows play in the background; I wonder where this is going to go.

    Demo is a preview: a surreal game / VR world with complex, photo-realistic gymnasts and layers of flowers moving in 3D space, built in HTML with CSS animations / filters. Fast; the high-res video, controlled in real time by using a camera -- user turning head, or shifting body, serve as controller. "Wonderfully portable" -- works just as well on a tablet, vs. a conventional browser.

    Says casually that this is running on a Chromebook -- that I think should have drawn big applause, but didn't.

    New Chromebox flashed on screen, Pichai exits rather abruptly with a plea for the gathered developers to keep making cool apps, and now ... on video, we're back to the same rooftop where yesterday wing-suited skydivers landed on the roof. Sergey is wearing his Glass headset, and they switch occasionally to his (low rez, view). It looks like they're going to repeat the jump, but with more explanation: Sergey is walking around the roof, demoing how they tracked those jumpers and maintained network connection to their transmitted video -- looks like around a dozen people wrangling parabolic antennas at the edge of the roof, trying to catch those signals. In the background (this is much cleaner than Caligula, but nearly as extravagant), the trick bikers are rolling around the roof, warming up with small tricks. :For those of you in downtown San Francisco," he says, "this would be a good time to peek out your windows."

    We're occasionally switched to a view of the inside of the blimp, and another shot of the outside, and are promised a countdown. 30 second count-down about to start. Lucky, they say, that the fog is holding back.

    The starship Heart of Gold! They're in the air, to massive applause, flying and weaving ... the 3d chute opens, with a puff of smoke; Sergey provides an explanation -- that gives a cue for the folks with antennas about how to aim them. One chute down! All chutes down; Camera following around Sergey falls, he makes a wounded sound "awww!" but it's picked up quickly. Or wait, was that his Glass headset that fell? Maybe so. Now he's switched to the sun-glass version.

  19. Google Unveils Nexus 7 Tablet, Nexus Q 'Social Streaming Device'

    Tech · Google_Fb · · posted by Unknown · from the introducing-slash-liveblag dept. · 261 comments

    Through some stroke of fortune, your friendly editor Timothy Lord is at Google I/O watching the keynote. We'll be updating the story live (below the fold) with his updates as they stream in. Starting things off, he reported a few features of Android Jelly Bean. First, graphics will be triple-buffered for extra smoothness; the graphics demo was reportedly impressive enough that the audience swooned. Text input has been improved with new dictionaries and a predictive keyboard that will learn better over time. Additionally, voice typing will now work offline. English will be initially supported, with Farsi, Thai, and Hindi support to follow. Hit the link below to see further updates, including details on the Nexus 7 tablet and the Nexus Q streaming device.

    Update: 06/27 17:16 GMT by S : Camera: Toss photos by just flicking them away — actually, you can now do this with apps on the home screen, too. Pinch for a quick sideshow view; it's much faster than one by one, and makes a quick strip-view to slide back and forth. Undo for photo delete -- nice.

    Google Beam: More than a million NFC-enabled devices are out now: In Jellybean, send someone a photo or contact info by tapping phones. Works with big files, too.

    Notifications: You can expand and collapse them, they are actionable, and you can get a lot more info directly from notifications than in previous versions. Rather than opening an app from notifications (as from a missed call), you can call right from the notification itself. Similarly, you can read mail (that is, Gmail) right from the notification list. Canned responses to messages are also available directly from notifications. You can see full photos, Foursquare check-ins, etc. Notifications expand as they bubble to the top of the list, but you can also make them expand with a two-finger drag gesture.

    Google search: Using Knowledge Graph. The graph allows new "card" answers to Google searches — a bit like "I'm feeling lucky," but with more multimedia right there. Search for 'What movies was Angelina Jolie in,' and you get back a headshot and a filmography.

    Voice Search: Quick spoken answers to spoken questions. The demo question was: "Show me pictures of pygmy marmosets." Yep, there are the pictures.

    "Google now" (lower case n): "Gets you just the right info at just the right time." It uses things like search, location, and calendar history to figure out what info you might need and when. If you looked for a flight, and it's updated, Google will alert you and show you the new one. It keeps track of your favorite sports teams. (The guy next to me says, "that's scary cool.. and kind of creepy.") Call up public transportation or an upcoming flight and you get details like how long each trip will be and where to transfer. I'm surprised it doesn't tell you which side of the street is shadier to walk on. Google knows now when you're traveling, and tells you, among other things, what time it is back home.

    Note for developers: Jelly Bean will start to release to open source in mid-July. Devs can grab the Preview SDK from developer.android.com right now.

    Android Engineering director Chis Yerga says Google Play is now up to 600,000 apps and 20 billion downloads Thousands of books and movies, as well as millions of songs. You can store 20,000 tracks for free in your music library. Yerga introduced movie sales, not just rentals. They're also adding TV: buy episodes, or whole seasons — 'perfect for when you're on the bus.' To start, their partners include Disney, NBC, Sony Pics, Paramount, and small ones like Magnolia. There will also be magazines: premium ones (Esquire, Wired) and lots of the pedestrian ones, too.

    Brief, but important new features: App encryption (big applause from audience), and smart App updates — only the parts of the APK that update need to be transferred.

    What everyone was waiting for: Asus-built Nexus 7, brandished from the stage. It's super thin, light and portable, and has a 1280x800 display. Inside: Tegra 3. Quad-core CPU, 12-core GPU. "That's basically 16 cores, which makes everything, including games, incredibly smooth.' It has Wi-Fi, Bluetooth, NFC, a gyro, an accelerometer, and up to 9 hours of video playback. It weighs 340 grams — like a paperback book. Fits nicely in one hand.

    Mag reader gets you form-factor optimized version of magazines, with various swipe-activated interactive features. There were chuckles from audience on showing the cover of 'Shape' magazine. A bikini picture as a demo of interactive "Premium reading experience" on Google play, available for certain magazines. I'm surprised that was the choice. It seems like the kind of thing women developers might not appreciate, or at least that I'd anticipate would have been nixed based on that presumption.

    Google has also added a "what's this song" widget, which leads you to (of course) the store, where you can buy the identified song.

    Apps on N7 + Jellybean: The Nexus 7 is the first device that ships with Chrome as a standard browser! YouTube app provides high-def video optimized for the N7. Google Maps: you've got the usual features (public transit, etc.), but also, "learn about a place before you get there." It has pannable 3D images inside places (where they have the footage, of course: it's not complete magic). They demonstrated panning inside a bar. BUG: "Make available offline" in a tappable menu means you don't need a data connection. Google Currents, news reader, etc., now has Google Translate built right in, transparently: choose a new language and see your news in Arabic, say, or any supported language, just like that. Games: They showed an amazing game demo (Horn) with lens flare, environment effects, and individually rendered leaves. Another game has zombies and lots and lots of blood (Dead Trigger). Not for kids, but great graphics.

    The Nexus 7 price: They will launch "starting at" $199, including a $25 credit in the Google Play store, and several things as teases, including a Transformers movie and the Bourne Dominion book. It will be available in the U.S., Australia, Canada, and the UK to start, with more countries coming.

    Mysterious: Project Tungsten. It involves Android and Google Play — the first consumer product Google has ever built from ground up: The "Nexus Q." Q is a small (tiny!) Android computer, which "connects to all the media you have stored in the cloud." It's designed to plug into the best speakers and TV in your home, and always be connected to the cloud. It pulls content directly from Google Play, and is controlled by (but not streaming through) your phone / tablet as a remote. It's a small black orb; looks like a little Death Star. It'll use an NFC connection to your phone: "This is how you get your software," he said, as the phone leaned against it for a moment.

    It runs on the same chip as the Galaxy Nexus. And 25-watt amp built right in (!?). It has optical digital audio and micro HDMI outs, too. Dual-band Wi-fi, ethernet, NFC, BT, and a port to encourage 'general hackability' (which got big applause). It's an odd-looking little thing — you won't be stacking anything on top of it. OK, I am drooling: there's a multi-colored LED-lit line around the equator (imagine Luke diving in with his tiny X-wing) which lights in patterns based on music.

    It's a 'social connected device': multiple people controlling it from their own tablets in the same space results in their songs from different devices getting spread. Anyone can move songs around the queue, or control the listening experience. "Pretty cool, my friends can now play their music in my living room." Neat tech, but not the very newest possibility in the world. Slightly more cumbersome possibility it replaces: carrying one's whole movie library around. Basically, you can take over the TV connected to the Nexus Q, in order to stream stuff. It will cost $299. They're taking pre-orders now, and the device will start shipping in mid-July.

    Google+: Tomorrow is the one-year anniversary of G+. They played a cute video of hangouts, showing live video streaming to group. There's a vibrant community of astronomers, knitters, musicians, etc. 250 million G+ users now, with 50pct daily logins. Users tend to spend more than 12 minutes a day in the stream, up from 9 a few months ago (is that an impressive number?) Google+ is now accessed more from mobile than from desktop. They keep getting the same request from users: "Native tablet version?" That's the big G+ announcement today: native G+ for tablets. Photos, text, video, etc. are stylized slightly differently from each other for easy scanning. Hangout experience is an emphasis, too. Swipe to accept and invite, just like a phone call. Automatic video switching to whoever's talking. Looks slick and sweet. Everything is launching on the iPad, too, "very soon." All the new features also now immediately available for phones. Final note: they're introducing a sort of organization around events. "The substance of a real world event is [now] lost online" -- invites are brittle. Announcement: Google Plus Events, for stuff before, during, after. It includes deep integration with Google Calendar.

    Before: Invitation, scheduling, organization. You can choose ready-made, cinematic themes. Eh, that looks sort of weak, but then, people sure bought a lot of trapper keepers in the '80s, and Hallmark is a successful business. During: Streaming, involvement, etc. "Everyone's photos get lost," with typical current mix of devices, systems, etc. But you can enable "party mode," which shares all the photos people are taking, if they've turned it on. Also, a current-photos slideshow. This is also controlled from Notifications — a green icon shows if one has turned on Party mode. OK, this is pretty neat — it beats my long-time idea that weddings should all have stations for dumping pictures from SD cards. After: put all those photos in chronological order: all the pics from all the guests who had party mode on, in one stream. Also, analyze photos, for most engagement or plus-ones, and ones in which you're tagged; can also sort by photographer.

    Now Sergey is up on stage for a Google Glass demo...

    Sergey is talking with his friend JT — they're live-streaming from about a mile ahead and thousands of feet up. They're in a blimp. They're communicating through a Hangout using Google Glass. He's about to jump with the glasses on . He's wearing a wing suit and has a GoPro camera. They're looking right at Moscone Center. And there they go! They're flying through the air, broadcasting the view live. They're aiming for the Moscone. Since I'm inside a big building, this could all be special effects, and I wouldn't know. And now they've landed on the room. Audience applause is hurting my ears.

    And they have bikers up there, to speed them along the roof, also with Glasses. The bikers zoomed along the roof, doing flips, all streamed live. They rappelled down the side of the building to get onto the appropriate floor, then biked right up to the stage. Ludicrous. "Special delivery for Sergey." Now the skydivers and other guys have all reached the stage.

    More on Glass: Lots of sensors, networking, location awareness, multiple radios for data communications. The project started 2.5 years ago. They showed a photo of Thad Starner wearing a clunkier version from back then. Now it's more like one side of a pair of fat-framed sunglasses. Lead designer Isabel Olsson (Senior Industrial Designer) talks about it: the display is above the eye; designed to be close to your senses, but not block them. The latest prototype weighs less on the nose than many sunglasses. They showed a few demos: playing tennis, first person service. Jumping into a ball pit. They stressed the importance of scaleable design: put all components to one side, so there can be wide frame compatibility. It looks symmetrically (could be be reversed and put on the other side?), but the demos all seem to show it on the right side (from the user's perspective) of the head.

    Aspirations / purposes for Glass:
    - Communications, documentation: Sometimes for grand or spectacular purpose (skydivers), but also mundane moments among geo-distant friends (the weather in NY or wherever), a baby growing up, etc.
    - Search result medium
    - Real-time dashboard (how fast are you going on your bike?)
    - Interactive communication -- you're at the market and see something odd, or want to ask your spouse about the product you're supposed to pick up.

    They showed a heartwarming demo: it looks like an Apple commerical, which may or may not warm the hearts of the people who made it. Sergey talked a bit about why they're showing these particular features. A) They're excited about it, B) These are things they can show us -- there are other uses, but they're tough to demonstrate, and C) they're a small team, with only a limited ability to test them out in different contexts. Sergey also announced Google Glass Explorer Edition. It's a rough-around-the-edges version for developers. Preorders are available for US-based I/O attendees to start. Cost is $1,500, and they plan to ship it to you sometime next year.

  20. Google Unveils Nexus 7 Tablet, Nexus Q 'Social Streaming Device'

    Tech · Google_Fb · · posted by Unknown · from the introducing-slash-liveblag dept. · 261 comments

    Through some stroke of fortune, your friendly editor Timothy Lord is at Google I/O watching the keynote. We'll be updating the story live (below the fold) with his updates as they stream in. Starting things off, he reported a few features of Android Jelly Bean. First, graphics will be triple-buffered for extra smoothness; the graphics demo was reportedly impressive enough that the audience swooned. Text input has been improved with new dictionaries and a predictive keyboard that will learn better over time. Additionally, voice typing will now work offline. English will be initially supported, with Farsi, Thai, and Hindi support to follow. Hit the link below to see further updates, including details on the Nexus 7 tablet and the Nexus Q streaming device.

    Update: 06/27 17:16 GMT by S : Camera: Toss photos by just flicking them away — actually, you can now do this with apps on the home screen, too. Pinch for a quick sideshow view; it's much faster than one by one, and makes a quick strip-view to slide back and forth. Undo for photo delete -- nice.

    Google Beam: More than a million NFC-enabled devices are out now: In Jellybean, send someone a photo or contact info by tapping phones. Works with big files, too.

    Notifications: You can expand and collapse them, they are actionable, and you can get a lot more info directly from notifications than in previous versions. Rather than opening an app from notifications (as from a missed call), you can call right from the notification itself. Similarly, you can read mail (that is, Gmail) right from the notification list. Canned responses to messages are also available directly from notifications. You can see full photos, Foursquare check-ins, etc. Notifications expand as they bubble to the top of the list, but you can also make them expand with a two-finger drag gesture.

    Google search: Using Knowledge Graph. The graph allows new "card" answers to Google searches — a bit like "I'm feeling lucky," but with more multimedia right there. Search for 'What movies was Angelina Jolie in,' and you get back a headshot and a filmography.

    Voice Search: Quick spoken answers to spoken questions. The demo question was: "Show me pictures of pygmy marmosets." Yep, there are the pictures.

    "Google now" (lower case n): "Gets you just the right info at just the right time." It uses things like search, location, and calendar history to figure out what info you might need and when. If you looked for a flight, and it's updated, Google will alert you and show you the new one. It keeps track of your favorite sports teams. (The guy next to me says, "that's scary cool.. and kind of creepy.") Call up public transportation or an upcoming flight and you get details like how long each trip will be and where to transfer. I'm surprised it doesn't tell you which side of the street is shadier to walk on. Google knows now when you're traveling, and tells you, among other things, what time it is back home.

    Note for developers: Jelly Bean will start to release to open source in mid-July. Devs can grab the Preview SDK from developer.android.com right now.

    Android Engineering director Chis Yerga says Google Play is now up to 600,000 apps and 20 billion downloads Thousands of books and movies, as well as millions of songs. You can store 20,000 tracks for free in your music library. Yerga introduced movie sales, not just rentals. They're also adding TV: buy episodes, or whole seasons — 'perfect for when you're on the bus.' To start, their partners include Disney, NBC, Sony Pics, Paramount, and small ones like Magnolia. There will also be magazines: premium ones (Esquire, Wired) and lots of the pedestrian ones, too.

    Brief, but important new features: App encryption (big applause from audience), and smart App updates — only the parts of the APK that update need to be transferred.

    What everyone was waiting for: Asus-built Nexus 7, brandished from the stage. It's super thin, light and portable, and has a 1280x800 display. Inside: Tegra 3. Quad-core CPU, 12-core GPU. "That's basically 16 cores, which makes everything, including games, incredibly smooth.' It has Wi-Fi, Bluetooth, NFC, a gyro, an accelerometer, and up to 9 hours of video playback. It weighs 340 grams — like a paperback book. Fits nicely in one hand.

    Mag reader gets you form-factor optimized version of magazines, with various swipe-activated interactive features. There were chuckles from audience on showing the cover of 'Shape' magazine. A bikini picture as a demo of interactive "Premium reading experience" on Google play, available for certain magazines. I'm surprised that was the choice. It seems like the kind of thing women developers might not appreciate, or at least that I'd anticipate would have been nixed based on that presumption.

    Google has also added a "what's this song" widget, which leads you to (of course) the store, where you can buy the identified song.

    Apps on N7 + Jellybean: The Nexus 7 is the first device that ships with Chrome as a standard browser! YouTube app provides high-def video optimized for the N7. Google Maps: you've got the usual features (public transit, etc.), but also, "learn about a place before you get there." It has pannable 3D images inside places (where they have the footage, of course: it's not complete magic). They demonstrated panning inside a bar. BUG: "Make available offline" in a tappable menu means you don't need a data connection. Google Currents, news reader, etc., now has Google Translate built right in, transparently: choose a new language and see your news in Arabic, say, or any supported language, just like that. Games: They showed an amazing game demo (Horn) with lens flare, environment effects, and individually rendered leaves. Another game has zombies and lots and lots of blood (Dead Trigger). Not for kids, but great graphics.

    The Nexus 7 price: They will launch "starting at" $199, including a $25 credit in the Google Play store, and several things as teases, including a Transformers movie and the Bourne Dominion book. It will be available in the U.S., Australia, Canada, and the UK to start, with more countries coming.

    Mysterious: Project Tungsten. It involves Android and Google Play — the first consumer product Google has ever built from ground up: The "Nexus Q." Q is a small (tiny!) Android computer, which "connects to all the media you have stored in the cloud." It's designed to plug into the best speakers and TV in your home, and always be connected to the cloud. It pulls content directly from Google Play, and is controlled by (but not streaming through) your phone / tablet as a remote. It's a small black orb; looks like a little Death Star. It'll use an NFC connection to your phone: "This is how you get your software," he said, as the phone leaned against it for a moment.

    It runs on the same chip as the Galaxy Nexus. And 25-watt amp built right in (!?). It has optical digital audio and micro HDMI outs, too. Dual-band Wi-fi, ethernet, NFC, BT, and a port to encourage 'general hackability' (which got big applause). It's an odd-looking little thing — you won't be stacking anything on top of it. OK, I am drooling: there's a multi-colored LED-lit line around the equator (imagine Luke diving in with his tiny X-wing) which lights in patterns based on music.

    It's a 'social connected device': multiple people controlling it from their own tablets in the same space results in their songs from different devices getting spread. Anyone can move songs around the queue, or control the listening experience. "Pretty cool, my friends can now play their music in my living room." Neat tech, but not the very newest possibility in the world. Slightly more cumbersome possibility it replaces: carrying one's whole movie library around. Basically, you can take over the TV connected to the Nexus Q, in order to stream stuff. It will cost $299. They're taking pre-orders now, and the device will start shipping in mid-July.

    Google+: Tomorrow is the one-year anniversary of G+. They played a cute video of hangouts, showing live video streaming to group. There's a vibrant community of astronomers, knitters, musicians, etc. 250 million G+ users now, with 50pct daily logins. Users tend to spend more than 12 minutes a day in the stream, up from 9 a few months ago (is that an impressive number?) Google+ is now accessed more from mobile than from desktop. They keep getting the same request from users: "Native tablet version?" That's the big G+ announcement today: native G+ for tablets. Photos, text, video, etc. are stylized slightly differently from each other for easy scanning. Hangout experience is an emphasis, too. Swipe to accept and invite, just like a phone call. Automatic video switching to whoever's talking. Looks slick and sweet. Everything is launching on the iPad, too, "very soon." All the new features also now immediately available for phones. Final note: they're introducing a sort of organization around events. "The substance of a real world event is [now] lost online" -- invites are brittle. Announcement: Google Plus Events, for stuff before, during, after. It includes deep integration with Google Calendar.

    Before: Invitation, scheduling, organization. You can choose ready-made, cinematic themes. Eh, that looks sort of weak, but then, people sure bought a lot of trapper keepers in the '80s, and Hallmark is a successful business. During: Streaming, involvement, etc. "Everyone's photos get lost," with typical current mix of devices, systems, etc. But you can enable "party mode," which shares all the photos people are taking, if they've turned it on. Also, a current-photos slideshow. This is also controlled from Notifications — a green icon shows if one has turned on Party mode. OK, this is pretty neat — it beats my long-time idea that weddings should all have stations for dumping pictures from SD cards. After: put all those photos in chronological order: all the pics from all the guests who had party mode on, in one stream. Also, analyze photos, for most engagement or plus-ones, and ones in which you're tagged; can also sort by photographer.

    Now Sergey is up on stage for a Google Glass demo...

    Sergey is talking with his friend JT — they're live-streaming from about a mile ahead and thousands of feet up. They're in a blimp. They're communicating through a Hangout using Google Glass. He's about to jump with the glasses on . He's wearing a wing suit and has a GoPro camera. They're looking right at Moscone Center. And there they go! They're flying through the air, broadcasting the view live. They're aiming for the Moscone. Since I'm inside a big building, this could all be special effects, and I wouldn't know. And now they've landed on the room. Audience applause is hurting my ears.

    And they have bikers up there, to speed them along the roof, also with Glasses. The bikers zoomed along the roof, doing flips, all streamed live. They rappelled down the side of the building to get onto the appropriate floor, then biked right up to the stage. Ludicrous. "Special delivery for Sergey." Now the skydivers and other guys have all reached the stage.

    More on Glass: Lots of sensors, networking, location awareness, multiple radios for data communications. The project started 2.5 years ago. They showed a photo of Thad Starner wearing a clunkier version from back then. Now it's more like one side of a pair of fat-framed sunglasses. Lead designer Isabel Olsson (Senior Industrial Designer) talks about it: the display is above the eye; designed to be close to your senses, but not block them. The latest prototype weighs less on the nose than many sunglasses. They showed a few demos: playing tennis, first person service. Jumping into a ball pit. They stressed the importance of scaleable design: put all components to one side, so there can be wide frame compatibility. It looks symmetrically (could be be reversed and put on the other side?), but the demos all seem to show it on the right side (from the user's perspective) of the head.

    Aspirations / purposes for Glass:
    - Communications, documentation: Sometimes for grand or spectacular purpose (skydivers), but also mundane moments among geo-distant friends (the weather in NY or wherever), a baby growing up, etc.
    - Search result medium
    - Real-time dashboard (how fast are you going on your bike?)
    - Interactive communication -- you're at the market and see something odd, or want to ask your spouse about the product you're supposed to pick up.

    They showed a heartwarming demo: it looks like an Apple commerical, which may or may not warm the hearts of the people who made it. Sergey talked a bit about why they're showing these particular features. A) They're excited about it, B) These are things they can show us -- there are other uses, but they're tough to demonstrate, and C) they're a small team, with only a limited ability to test them out in different contexts. Sergey also announced Google Glass Explorer Edition. It's a rough-around-the-edges version for developers. Preorders are available for US-based I/O attendees to start. Cost is $1,500, and they plan to ship it to you sometime next year.

  21. The Google Transparency Project Transparency Project

    Yro · Government · · posted by timothy · from the correctly-formatted-theocratic-calls-for-caning dept. · 50 comments
    Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

    1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

    2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

    3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

    With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

    On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

    I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

    Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

    I immediately wrote back:

    But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

    If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

    (It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

    The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

    But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

    So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

    Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

  22. The Google Transparency Project Transparency Project

    Yro · Government · · posted by timothy · from the correctly-formatted-theocratic-calls-for-caning dept. · 50 comments
    Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

    1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

    2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

    3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

    With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

    On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

    I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

    Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

    I immediately wrote back:

    But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

    If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

    (It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

    The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

    But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

    So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

    Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

  23. The Google Transparency Project Transparency Project

    Yro · Government · · posted by timothy · from the correctly-formatted-theocratic-calls-for-caning dept. · 50 comments
    Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

    1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

    2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

    3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

    With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

    On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

    I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

    Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

    I immediately wrote back:

    But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

    If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

    (It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

    The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

    But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

    So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

    Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

  24. The Google Transparency Project Transparency Project

    Yro · Government · · posted by timothy · from the correctly-formatted-theocratic-calls-for-caning dept. · 50 comments
    Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

    1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

    2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

    3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

    With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

    On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

    I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

    Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

    I immediately wrote back:

    But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

    If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

    (It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

    The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

    But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

    So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

    Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

  25. The Google Transparency Project Transparency Project

    Yro · Government · · posted by timothy · from the correctly-formatted-theocratic-calls-for-caning dept. · 50 comments
    Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

    1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

    2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

    3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

    With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

    On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

    I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

    Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

    I immediately wrote back:

    But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

    If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

    (It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

    The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

    But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

    So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

    Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

  26. The Google Transparency Project Transparency Project

    Yro · Government · · posted by timothy · from the correctly-formatted-theocratic-calls-for-caning dept. · 50 comments
    Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

    1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

    2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

    3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

    With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

    On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

    I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

    Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

    I immediately wrote back:

    But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

    If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

    (It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

    The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

    But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

    So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

    Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

  27. The Google Transparency Project Transparency Project

    Yro · Government · · posted by timothy · from the correctly-formatted-theocratic-calls-for-caning dept. · 50 comments
    Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

    1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

    2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

    3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

    With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

    On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

    I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

    Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

    I immediately wrote back:

    But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

    If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

    (It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

    The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

    But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

    So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

    Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

  28. The Google Transparency Project Transparency Project

    Yro · Government · · posted by timothy · from the correctly-formatted-theocratic-calls-for-caning dept. · 50 comments
    Regular contributor Bennett Haselton writes "As Google releases more data about their compliance with requests from foreign governments, they should clarify their stance on exactly when they will comply with requests to turn over user data to foreign law enforcement." Bennett expands on that thought below; read on for some details of just why that kind of disclosure matters, in making sense of Google's own efforts to provide transparency. Google, as part of its ongoing Transparency Project, announced last week the release of its latest data on takedown requests and user account information requests from governments around the world. I'm glad that notorious human rights violators like Turkey are still scoring 0 for 88 in their requests to get Google to turn over information on users allegedly breaking Turkish law. But Google should still clear up some ambiguities in its stated policies about when it will remove content in response to a government request, and (especially) when it will turn over user information to foreign law enforcement. Google's FAQ on user data requests says that "whenever we receive a request we make sure it meets both the letter and spirit of the law before complying." This, however, raises a few questions:

    1. Does "the letter and spirit of the law" refer to U.S. law, or the law in the country from which law enforcement sends the request? Presumably if a user in China or Saudi Arabia were using their Google account to send messages that criticized their own government, in violation of local "laws," Google would not turn over that user's information to that country's law enforcement on demand. That should be an easy call, since China and Saudi Arabia are dictatorships. But what about democratic countries like Canada and Germany, which nonetheless have anti-hate-speech laws that are inconsistent with American free speech guarantees? If German law enforcement demanded the identity of a German account holder who was publishing Nazi propaganda (which would be legal in the U.S., but is illegal in Germany), what would Google do?

    2. What if foreign law enforcement claims that a Google account holder is doing something which would be illegal even in the U.S. — but the request comes from a country where law enforcement is known to be corrupt? And what if the claim is such that Google can't verify the veracity of the claim by simply looking at the account contents? (For example, if law enforcement claims that a criminal gave the police a gmail.com address as a Dropbox for them to respond to a ransom demand, Google can't verify that claim just by looking at the contents of the inbox.) In such cases, does Google respond to the request anyway, even if the police might be lying in order to unmask a Google account holder who hasn't done anything illegal?

    3. Does the answer to either #1 or #2 above depend on whether Google has offices in the country making the request, and can be more easily pressured to comply with their demands?

    With regard to governmental requests to remove content, Google has also not explicitly stated whether they use local laws or U.S. laws as a guideline. However, based on the incidents in the Notes section, the rule seems to be: Google will remove content only if it violates Google's own terms of service, but if content violates local laws in a given country, Google may block access to that content from that country, even if the content doesn't violate Google's policies. For example, Google restricted users in Thailand from viewing YouTube videos that offended the Thai monarch, and restricted Turkish users from viewing two videos that criticized Atatürk. As insulting as this is to the free speech rights of the people of those nations, Google could argue that if they hadn't restricted those videos, the entire YouTube site would have been blocked in those countries (which it has been in the past, in both Thailand and Turkey). And at least having your YouTube videos blocked in your home country won't put you in physical danger.

    On the other hand, having your identity unmasked and turned over to your government could put you at risk of arrest and a long prison sentence, as happened to Shi Tao after Yahoo disgracefully turned his information over to Chinese officials. So it's a good thing that Google's compliance rate with user data requests is much lower. But given the higher stakes, it's all the more important for Google to clarify when they will comply with such requests.

    I sent a message to Google's press office asking about their policy of following the "letter and spirit of the law" in complying with data requests, and whether that referred to U.S. law or the law in the country whose government made the demand. I got back a response copied and pasted from the user data requests FAQ:

    Like all law-abiding companies, we comply with valid legal process. We take user privacy very seriously, and whenever we receive a request we make sure it meets both the letter and spirit of the law before complying. When possible and legal to do so, we notify affected users about requests for user data that may affect them. And if we believe a request is overly broad, we will seek to narrow it.

    I immediately wrote back:

    But when you say you make sure a request "meets both the letter and spirit of the law", whose law are you talking about — U.S. law, or the law of the country where the request originated?

    If Saudi Arabia has laws on the books against criticizing the King, and the Saudi police use that as the pretext to demand that you turn over a subscriber's identity because that user criticized the government, I presume you don't comply with requests like that. But does that mean that you only turn over subscriber identities if the foreign law enforcement can show that the subscriber did something that would be illegal under U.S. law?

    (It's always a bit awkward trying to turn a cut-and-paste job into a real conversation.) Google's PR said they had nothing more to add, but I've asked some mid-to-highly-placed friends at the company to see if they could get someone to comment in more detail, and I'll follow up if they get back to me.

    The question came up when I was at a conference talking with some activists from Latin America, who were asking about the safest way to email a sensitive message or document out of the country over an encrypted connection, to a contact person in the U.S. I said that even though they had already heard about solutions like Tor and PGP, the simplest solution in their case would just be to use Gmail to send the message or the file, since their connection to Google's Gmail servers in the U.S. would be encrypted over https://. (Once the message is sent out from Gmail's servers to its recipient, it would be transmitted unencrypted, but by that point the law enforcement in the sender's home country would no longer be able to intercept it.) Another techie pointed out that Google had long been complying with many foreign governments' requests for user data, as documented on their Transparency Project page, and said that should be taken into account before recommending for anyone to use Google products in a hostile country.

    But if you look at the Transparency Project chart for user data requests, it looks like Google does not regularly hand out user data to regimes that are major human rights violators (the only two such countries appearing on the list are Russia and Turkey, and Google has apparently complied with exactly 0% of their requests). I'm not a fan of everything that every other country on that list has done, but they're mostly democratic nations that are probably not abusing the data request process as much as, say, Venezuela would.

    So even without specific assurances from Google, I still think that Gmail is safer than PGP for the purpose of sending an encrypted message out of a hostile country without attracting attention to yourself. Remember, if you send a message to someone encrypted with PGP, and a third party intercepts the message, the interceptor can still see that the encrypted portion is bookended with the words "BEGIN PGP ENCRYPTED MESSAGE" and "END PGP ENCRYPTED MESSAGE" — so even if they can't tell what you said, they still know that you went out of your way to send an encrypted email. (Similarly, if you're using Tor, an eavesdropper can't tell what you did over your encrypted Tor connection, but they could still detect that you're using Tor, either by studying the traffic patterns or by keeping a list of known Tor servers and watching to see if you connect to one of them.) By contrast, everyone who connects to Gmail, connects automatically over an encrypted https:// connection, so an eavesdropper would not detect anything unusual about your usage of Gmail that might tip them off that you were trying to hide something. Gmail is the safest of the major mail providers in this regard; Hotmail serves your messages over an encrypted connection only if you opt in to that feature, and Yahoo Mail doesn't provide that option at all. So it's precisely because Gmail is an almost-perfect secure communications solution, that I'd really like to be able to trust it even more, by getting a clearer statement from Google about when exactly it would turn over a subscriber's identity to a government.

    Google seems like they're trying to do the right thing in response to demands from foreign countries with less-than-stellar human rights records. With regard to user data requests, Google must be following some internal rule, and the right thing to do would be to tell us what the rule is.

  29. Google Touts Worker Tracking As Own CEO Goes MIA

    Tech · Google_Fb · · posted by Soulskill · from the coming-soon-to-a-boss-near-you dept. · 272 comments
    theodp writes "On Thursday, Google announced a product that enables a business to see where all its workers are at all times. Called Maps Coordinate, it combines a paid-for business version of Google's standard maps product with an application downloaded to a worker's smartphone, creating a real-time record of worker locations. Ironically, Google touted its worker tracking solution on the very same day that CEO Larry Page was a surprise no-show at Google's Annual Shareholder Meeting, leaving Executive Chairman Eric Schmidt to explain his absence. Schmidt explained that Page had lost his voice and, as a result, would likely also miss next week's I/O conference and possibly next month's quarterly earnings call. While a Google spokeswoman declined to comment further on Page's condition, Schmidt added that Page will continue as CEO while he recovers. So, why not reassure those worried about the situation by publicly tracking Page's location via Maps Coordinate? After all, Google's a true believer in eating its own dog food, right?"

  30. Google Touts Worker Tracking As Own CEO Goes MIA

    Tech · Google_Fb · · posted by Soulskill · from the coming-soon-to-a-boss-near-you dept. · 272 comments
    theodp writes "On Thursday, Google announced a product that enables a business to see where all its workers are at all times. Called Maps Coordinate, it combines a paid-for business version of Google's standard maps product with an application downloaded to a worker's smartphone, creating a real-time record of worker locations. Ironically, Google touted its worker tracking solution on the very same day that CEO Larry Page was a surprise no-show at Google's Annual Shareholder Meeting, leaving Executive Chairman Eric Schmidt to explain his absence. Schmidt explained that Page had lost his voice and, as a result, would likely also miss next week's I/O conference and possibly next month's quarterly earnings call. While a Google spokeswoman declined to comment further on Page's condition, Schmidt added that Page will continue as CEO while he recovers. So, why not reassure those worried about the situation by publicly tracking Page's location via Maps Coordinate? After all, Google's a true believer in eating its own dog food, right?"

  31. Android App Lets You Steal Contactless Credit Card Data

    It · Crime · · posted by timothy · from the get-mugged-without-breaking-a-sweat dept. · 221 comments
    mask.of.sanity writes "An Android application capable of siphoning credit card data from contactless bank cards has appeared on the Google Play store. The app was developed by a security penetration tester for research purposes and will steal card numbers and expiry dates, along with transactions and merchant IDs. It requires a near field device capable phone, or accessory."

  32. Liu Yang Becomes China's First Female Astronaut

    Science · Space · · posted by timothy · from the holding-up-half-of-heaven dept. · 229 comments
    China launched Saturday a rocket bearing three astronauts and an experimental orbiting module intended to presage a full-fledged space station at the end of this decade. While that's big news in itself, the launch also marks the first trip for a female Chinese astronaut. The BBC has a brief video, including part of a pre-launch press conference introducing 33-year-old astronaut Liu Yang, as well as her crewmates.

  33. Support Site For Hospital Respirators Found Riddled With Malware

    It · · posted by Soulskill · from the what-could-possibly-go-wrong dept. · 48 comments
    chicksdaddy writes "A web site used to distribute software updates for a wide range medical equipment, including ventilators has been blocked by Google after it was found to be riddled with malware and serving up attacks. The U.S. Department of Homeland Security is looking into the compromise. The site belongs to San Diego-based CareFusion Inc., a hospital equipment supplier. The infected Web sites, which use a number of different domains, distribute firmware updates for a range of ventilators and respiratory products. Scans by Google's Safe Browsing program in May and June found the sites were rife with malware. For example, about six percent of the 347 Web pages hosted at Viasyshealthcare.com, a CareFusion Web site that is used to distribute software updates for the company's AVEA brand ventilators, were found to be infected and pushing malicious software to visitors' systems."

  34. ESA Announces the Summer of Code In Space 2012

    Science · Eu · · posted by timothy · from the winners-get-to-stay-on-earth dept. · 23 comments
    New submitter juli1 writes "The European Space Agency announced the second edition of the Summer Of Code In Space (SOCIS2012), a similar initiative to the Google Summer of Code but more related to space software. The goal is to support students in contributing to open source projects that are connected to the space domain. Students' contribution is reviewed by selected mentoring organizations and likely reversed to the main branch of each project. According to the time-line, mentoring organizations can apply now and accepted students would start their projects beginning of August and write code until October. Upon successful completion of the program, students will receive 4000 euros."

  35. Google Blockly — a Language With a Difference

    Developers · Google_Fb · · posted by Soulskill · from the less-than-elegant-language-names dept. · 141 comments
    mikejuk writes "There are aspects of Google that increasingly don't make sense. First they dump App Inventor — a graphical language for Android apps — in a fit of spring cleaning and closures — and now they have launched another Scratch-like graphical language, Blockly. However Blockly is different. It works like Scratch or App inventor but it is written in JavaScript. This means it can be included in any web page or web app very easily. This, in turn, means that it can be used for education, getting people to learn to program, or as an easy-to-use script generator for the app. The FAQ gives the example of automating GMail filters and management. The additional difference is that Blockly can compile its programs to JavaScript, Dart or Python so you can take the script and develop it further. This is a really good idea. As long as Google doesn't throw this one out in a fit of reorganization and spring cleaning, it's a welcome new language."

  36. Google Blockly — a Language With a Difference

    Developers · Google_Fb · · posted by Soulskill · from the less-than-elegant-language-names dept. · 141 comments
    mikejuk writes "There are aspects of Google that increasingly don't make sense. First they dump App Inventor — a graphical language for Android apps — in a fit of spring cleaning and closures — and now they have launched another Scratch-like graphical language, Blockly. However Blockly is different. It works like Scratch or App inventor but it is written in JavaScript. This means it can be included in any web page or web app very easily. This, in turn, means that it can be used for education, getting people to learn to program, or as an easy-to-use script generator for the app. The FAQ gives the example of automating GMail filters and management. The additional difference is that Blockly can compile its programs to JavaScript, Dart or Python so you can take the script and develop it further. This is a really good idea. As long as Google doesn't throw this one out in a fit of reorganization and spring cleaning, it's a welcome new language."

  37. Russian Programmers Dominate At Google Code Jam

    Developers · Google_Fb · · posted by timothy · from the steady-diet-of-brain-food dept. · 159 comments
    New submitter Migala77 writes "Now that the third round for Google Code Jam is finished and only 25 contestants are left, we can look at which nationalities performed well and which didn't. Code Jam contestant foxlit has the stats, and some interesting things can be seen. Although there were over 3000 contestants from India in the qualification round (17% of the total) , only 3 of those managed to reach the third round (0.7% of the round 3 contestants) . This in contrast to Russia with 77 out of 747, and Belarus with 13 out of 114 reaching the third round. The U.S. performed somewhat below average too, with only 25 out of 2166 contestants making it to the third round."

  38. Ask Slashdot: Why Aren't You Running KDE?

    Tech · Gnome · · posted by samzenpus · from the what's-your-flavor? dept. · 818 comments
    First time accepted submitter mike_toscano writes "At least some of us have recently seen Linus' most recent comments on his experience with Gnome 3 — he didn't have many nice things to say about it and as you know, he's not the only one. On the other hand, there have been some great reviews and comparisons of KDE with the other options (like this one) lately. Sure, early releases of 4.x were painful but the desktop today is fully-functional and polished. So the question: To those who run *nix desktops and are frustrated by the latest Gnome variants, why aren't you running KDE? To clarify, I'm not asking which desktop is better. I'm really talking to the people who have already decided they don't like the new Gnome & Unity but aren't using KDE. If you don't like KDE or Gnome, why not?"

  39. Publicly Funded GMO Research Facing Destruction In Italy

    Yro · Biotech · · posted by timothy · from the for-great-justice dept. · 245 comments
    ChromeAeonium writes "Shortly after the events in Rothamsted Research in the UK, where a publicly funded trial of wheat genetically engineered to repel aphids was threatened by activists with destruction and required police protection, another publicly funded experiment involving genetically engineered crops faces possible destruction (original in Italian). The trial, which is being conducted by researchers at the University of Tuscia in Italy on cherries, olives, and kiwis genetically engineered to have traits such as fungal disease resistance, started three decades ago. When field research of GE plants was banned in Italy in 2002, the trial received an extension to avoid being declared illegal, but was denied another in 2008, and following a complaint from the Genetic Rights Foundation, now faces destruction on June 12th, despite appeals from scientists. The researchers claim that the destruction is scientifically unjustifiable (only the male kiwis produce transgenic pollen and their flowers are removed) and wish to gather more information from the long running experiment."

  40. After Launch Day: Taking Stock of IPv6 Adoption

    Tech · Networking · · posted by timothy · from the perhaps-romania-loves-broccoli-too dept. · 244 comments
    darthcamaro writes "So how did World IPv6 Launch go? Surprisingly well, according to participants at the event. Google said it has seen 150% growth in IPv6 traffic, Facebook now has 27 million IPv6 users and Akamai is serving 100x more IPv6 traffic. But it's still a 'brocolli' technology. 'I've said in the past that IPv6 is a 'broccoli' technology,' Leslie Daigle, CTO of the Internet Society said. 'I still think it is a tech everybody knows it would be good if we ate more of it but nobody wants to eat it without the cheese sauce.'" Reader SmartAboutThings adds a few data points: "According to Google statistics, Romania leads the way with a 6.55% adoption rate, followed by France with 4.67%. Japan is on the third place so far with 1.57% but it seems here 'users still experience significant reliability or latency issues connecting to IPv6-enabled websites.' In the U.S. and China the users have noticed infrequent issues connecting to the new protocol, but still the adoption rate is 0.93% and 0.58%, respectively."

  41. Basque Country Gov't Decrees State-Produced Software Should Be Open Sourced

    News · Opensource · · posted by timothy · from the if-they-can-why-can't-texas? dept. · 38 comments
    New submitter lsatenstein writes with this snippet from The H:"The regional government of Spain's Basque Country has decreed that all software produced for Basque government agencies and public bodies should be open sourced. Joinup, the European Commission's open source web site, cites an article in Spanish newspaper El Pais [English translation], saying that the only exceptions will be software that directly affects state security and a handful of projects which are being conducted in conjunction with commercial software suppliers."

  42. AT&T Expects Data-Only Phone Plans Within 2 Years

    Mobile · Att · · posted by Soulskill · from the not-in-any-big-rush dept. · 97 comments
    An anonymous reader writes "AT&T CEO Randall Stephenson said today that he expects wireless carriers to start offering data-only cellphone plans within the next 24 months. 'Analysts see such plans as a logical extension of trends in wireless technology. Smartphones with data service can already use it for Internet phone calls and texting through services such as Skype. Phone calls are also taking a back seat to other things people do with their smartphones. AT&T has been recording a decline in the average number of minutes used per month.' He says there isn't a specific plan in the works — he just think it's inevitable."

  43. Cost of Pre-Screening All YouTube Content: US$37 Billion

    Tech · Google_Fb · · posted by Unknown · from the assuming-screeners-are-omniscient dept. · 345 comments
    Fluffeh writes "The folks that push 'Anti-Piracy' and 'Copying is Stealing' seem to often request that Google pre-screens content going up on YouTube and of course expect Google to cover the costs. No-one ever really asks the question how much it would cost, but some nicely laid out math by a curious mind points to a pretty hefty figure indeed. Starting with who to employ, their salary expectations and how many people it would take to cover the 72 hours of content uploaded every minute, the numbers start to get pretty large, pretty quickly. US$37 billion a year. Now compare that to Google's revenue for last year."

  44. Political Campaigns Mining Online Data To Target Voters

    Politics · Privacy · · posted by Soulskill · from the watching-you-through-your-webcam-too dept. · 131 comments
    New submitter nicoles writes with this quote from an AP report: "The Romney and Obama campaigns are spending heavily on television ads and other traditional tools to convey their messages. But strategists say the most important breakthrough this year is the campaigns' use of online data to raise money, share information and persuade supporters to vote. The practice, known as 'microtargeting,' has been a staple of product marketing. Now it's facing the greatest test of its political impact in the race for the White House. ... The Romney team spent nearly $1 million on digital consulting in April and Obama at least $300,000. ... Campaigns use microtargeting to identify potential supporters or donors using data gleaned from a range of sources, especially their Internet browsing history. A digital profile of each person is then created, allowing the campaigns to find them online and solicit them for money and support."

  45. The Netherlands Rejects ACTA, and Does One Better

    Politics · Government · · posted by timothy · from the don't-hold-your-breath-for-the-us-congress-to-join dept. · 112 comments
    New submitter Peetke writes "The Dutch House of Representatives unanimously accepted a motion to urge the Cabinet to reject ACTA [Dutch original] (if they ever get the change to do so; it may already end in the European Parliament). Additionally, an even stronger motion was accepted to reject any future treaty that may harm a free and open Internet. This is a good day for the Internet."

  46. Who Sends Google the Most Takedown Notices? Microsoft

    Tech · Google_Fb · · posted by Soulskill · from the going-for-the-high-score dept. · 148 comments
    nk497 writes "Google has released details on the copyright takedown notices it's received over the past year, and the most requests by far have been from Microsoft. Over the past year, Google has received DMCA takedown notices for 2,544,209 URLs over Microsoft-related piracy, with NBC and the RIAA ranking second and third. Many of the reports do not come directly from companies such as Microsoft, but via firms set up only to chase copyright issues. The most popular targets appear to be file-sharing sites. 'These days it's not unusual for us to receive more than 250,000 requests each week, which is more than what copyright owners asked us to remove in all of 2009,' said Fred von Lohmann, Google senior copyright counsel, adding it takes on average 11 hours for Google to take action."

  47. Volunteers Use Annular Eclipse To Measure Sun More Accurately

    Science · Japan · · posted by timothy · from the maybe-it's-just-been-eating-differently dept. · 75 comments
    Anonymous Squonk writes "The measurement of the sun currently in use was actually calculated over 120 years ago, and is off by hundreds of kilometers. Thousands of ordinary Japanese citizens worked together to improve this estimate. By measuring the borders of the 'ring of fire' effect of the recent eclipse, and using the known size and distance from the Earth of the sun, the radius of the Sun was measured as 696,010 kilometers, with a margin of error of only 20 kilometers."

  48. Assange Stands 'Real Chance' of Election In Australia

    Politics · Australia · · posted by timothy · from the good-hair-party dept. · 204 comments
    Okian Warrior writes "Various new sources are reporting the results of a recent Labor Party poll, indicating that Julian Assange would be elected to the Australian senate, should he choose to run. From the Sun Daily article: 'Controversial WikiLeaks founder Julian Assange stands a real chance of winning an upper house seat in his native Australia if he presses ahead with plans to stand for election, a poll showed Saturday. A survey conducted by the ruling Labor party's internal pollsters UMR Research and published in the Sydney Morning Herald newspaper showed 25 percent of those polled would vote for the whistleblowing website chief.'"

  49. 'First Base' In Greek Courts For ISP-Level Blocking

    Yro · Piracy · · posted by timothy · from the thought-you-liked-it-that-way dept. · 86 comments
    arisvega writes "At a first level (the lowest court level in the Greek judiciary system) an order has been issued (article in Greek, Google translation is fair enough) for a 'plan on behalf of Internet Service Providers regarding he implementation of technological measures to deny access to internet users for webpages through which illegal copies of copyrighted work are being distributed.' The order seems to be general and descriptive, and is a manifestation of the implementation process for an even more general and vague larger-scale EU directive, which is the common source that caused the rulings recently posted on slashdot regarding the UK, the Netherlands and Finland. This appears to be one of the reasons that prompted Anonymous to launch defacing attacks on Greek government websites some three months back."

  50. Facebook IPO Stumbles Out of the Gate

    News · Facebook · · posted by Soulskill · from the go-big-or-go-home dept. · 423 comments
    Facebook's much-hyped IPO kicked off today, but an anonymous reader points out that things didn't go quite as smoothly as investors hoped. "Public trading didn't get underway until about 11:30 a.m. ET, half an hour after it was supposed to. The delay was likely caused by the huge amount of interest in the stock – especially by retail investors. In the first few minutes of trading, Facebook shares were only up between 5 and 10 per cent and by noon were essentially back down to the IPO price of $38. Many observers had expected the stock to double in price by the end of the day, if not sooner." The NY Times has a data visualization showing how Facebook's IPO compares to other tech IPOs throughout the years, and how the first day of trading treated all of those companies. Meanwhile, the debate is lively over whether the social networking giant will be a good investment. "The banks helping take Facebook public want us to value this 8-year-old upstart at as much as $104 billion, more than Disney or Kraft Foods, though those companies earn three and four times more. That top valuation is also more than 100 times Facebook's earnings last year, versus 13 times for the average company. At such a high price, it will take years for this so-called earnings multiple to fall to a more reasonable level, and that's assuming the company can maintain its torrid earnings growth."