Slashdot Mirror

Long-time Slashdot reader Lauren Weinstein shares his report on how Google is handling the end of its Google+ service. He's describing it as "a boot to the head: when you know that Google just doesn't care any more" about users "who have become 'inconvenient' to their new business models." We already know about Google's incredible user trust failure in announcing dates for this process. First it was August. Then suddenly it was April. The G+ APIs (which vast numbers of web sites -- including mine -- made the mistake of deeply embedding into their sites), we're told will start "intermittently failing" (whatever that actually means) later this month.

It gets much worse though. While Google has tools for users to download their own G+ postings for preservation, they have as far as I know provided nothing to help loyal G+ users maintain their social contacts... As far as Google is concerned, when G+ dies, all of your linkages to your G+ friends are gone forever. You can in theory try to reach out to each one and try to get their email addresses, but private messages on G+ have always been hit or miss...

And with only a few months left until Google pulls the plug on G+, I sure as hell wouldn't still be soliciting for new G+ users! Yep -- believe it or not -- Google at this time is STILL soliciting for unsuspecting users to sign up for new G+ accounts, without any apparent warnings that you're signing up for a service that is already officially the walking dead! Perhaps this shows most vividly how Google today seems to just not give a damn about users who aren't in their target demographics of the moment. Or maybe it's just laziness.
I'd be more upset about this if I actually used Google+ -- but has Google been unfair to the users who do? "[T]he way in which they've handled the announcements and ongoing process of sunsetting a service much beloved by many Google users has been nothing short of atrocious," Weinstein writes, "and has not shown respect for Google's users overall."

"I've seen this 'Smart Compose' feature described publicly with a range of adjectives," writes Lauren Weinstein, "including intrusive, wonderful, invasive, creepy, accurate, loony, mistaken, helpful, misguided -- well, you get the point, opinions are all over the map...." My foundational complaint here isn't that Google deployed Smart Compose, but rather that they enabled it by default without providing users even basic related information, including the all important "How the hell do I turn this damned thing off?" -- the very question filling my inbox of late!

So here's how you turn it off. It's easy, IF you know how.
One anonymous reader has another solution. "I'm just using Gmail in HTML-only mode now. Its actually far more usable than their new crap and I'm quite fond of the older look anyway." You could also just stop using Gmail -- but Weinstein thinks it's easier to disable the "Smart Compose feature.

"With the understanding that Google has great AI and is itching to use it whenever and wherever possible, I don't really need it analyzing my email drafts as I type them. At least in my case, its proposed wordings are nearly always -- what's the technical term? -- oh yes, WRONG.

"And the predictions intrusively and continuously interrupt my flow of typing as each one needs to be individually bypassed."

An anonymous reader quotes ITWire: Google's move to strip out the www in domains typed into the address bar, beginning with version 69 of its Chrome browser, has drawn an enormous amount of criticism from developers who see the move as a bid to cement the company's dominance of the Web. The criticism comes a few days after Chrome's engineering manager Adrienne Porter Felt told the American website Wired that URLs need to be got rid of altogether. The change in Chrome version 69 means that if one types in a domain such as www.itwire.com into the browser search bar, the www portion is stripped out in the address bar when the page is displayed.

When asked about this change in a long discussion thread on a mailing list, a Google staffer wrote: "www is now considered a 'trivial' subdomain, and hiding trivial subdomains can be disabled in flags (will also disable hiding the URL scheme)..." A Google staffer attempted to justify the change, writing: "The subdomains reappear when editing the URL so people type the correct one. They disappear in the steady-state display case because this isn't information that most users need to concern themselves with in most cases..." But this drew an angry response from a poster who questioned the statement "this isn't information that most users need to concern themselves with in most cases" and asked: "According to who? This is simply an opinion stated as a fact...."

This is not the first time Google has been criticised for its moves to change the fundamental structure of URLs. Its Accelerated Mobile Pages, introduced in October 2015, have been criticised for obscuring the original URL of a page and reducing the chances of a reader going back to the original website. Probably for this reason, Apple last year decided that version 11 of iOS would update its Safari browser so that AMP links would be stripped out of an URL when the story was shared... "This is Google making subdomain usage decisions for other entities outside of Google," said yet another poster. "My domains and how subdomains are assigned and delegated are not Google's business to decide."
The controversy moved Slashdot reader Lauren Weinstein to write a new blog post. Its title? "Here's How to Disable Google Chrome's Confusing New URL Hiding Scheme."

UPDATE (9/15/18): Google has announced that after public outcry, they'll return the 'www' to Chrome's URL's -- but only until the next release.

Slashdot reader Lauren Weinstein writes: YouTube very quietly made a very cool and rather major improvement in their video players today... YouTube is now adjusting the YT player size to match videos' native aspect ratios. This is a big deal, and very much welcome.
YouTube provided some before-and-after screenshots Friday, and acknowledged that "We launched this update on mobile awhile back (both Android and iOS) so this change also aligns the desktop and mobile viewing experiences."

Gizmodo writes: Until now YouTube forced all videos into a 16:9 ratio by windowboxing them, meaning surround them with black vertical or horizontal bars like the old days of watching widescreen movies on VHS. In that sense, this isn't a huge change -- white space instead of black -- although the location of player controls moves to fit the video's size...

The aspect adjustments are apparently automatic, retroactive to all uploaded video, and if there's a way to turn the feature off in Creator Studio it's non-obvious... Update 7/27/18 7:48pm: A YouTube spokesperson has since clarified to Gizmodo that currently there is no way to disable this feature.

Gmail's new confidential mode lets its users create "expiration dates" for emails, or require recipients to provide an SMS passcode. (And Google also claims they've removed the option to forward, copy, download or print messages.)

But Slashdot reader Lauren Weinstein warns that Google is also opening up a new vector for phishing emails: The problem arises since non-Gmail users cannot directly receive Gmail confidential mode messages. Instead...when a Gmail user wants to send a non-Gmail user such a message, the non-Gmail user is instead sent a link, that when clicked takes them to Google's servers where they can read the confidential mode message in their browser.

The potential risks for any service that operates in this way are obvious. Those of us working on Internet security and privacy have literally spent many years attempting to train users to avoid clicking on "to read the message, click here" links in emails that they receive. Criminals have simply become too adept at creating fraudulent emails that lead to phishing and malware sites.

Gmail's new confidential mode lets its users create "expiration dates" for emails, or require recipients to provide an SMS passcode. (And Google also claims they've removed the option to forward, copy, download or print messages.)

But Slashdot reader Lauren Weinstein warns that Google is also opening up a new vector for phishing emails: The problem arises since non-Gmail users cannot directly receive Gmail confidential mode messages. Instead...when a Gmail user wants to send a non-Gmail user such a message, the non-Gmail user is instead sent a link, that when clicked takes them to Google's servers where they can read the confidential mode message in their browser.

The potential risks for any service that operates in this way are obvious. Those of us working on Internet security and privacy have literally spent many years attempting to train users to avoid clicking on "to read the message, click here" links in emails that they receive. Criminals have simply become too adept at creating fraudulent emails that lead to phishing and malware sites.

Yesterday at its I/O developer conference, Google debuted "Duplex," an AI system for accomplishing real world tasks over the phone. "To show off its capabilities, CEO Sundar Pichai played two recordings of Google Assistant running Duplex, scheduling a hair appointment and a dinner reservation," reports Quartz. "In each, the person picking up the phone didn't seem to realize they were talking to a computer." Slashdot reader Lauren Weinstein argues that the new system should come with some sort of warning to let the other person on the line know that they are talking with a computer: With no exceptions so far, the sense of these reactions has confirmed what I suspected -- that people are just fine with talking to automated systems so long as they are aware of the fact that they are not talking to another person. They react viscerally and negatively to the concept of machine-based systems that have the effect (whether intended or not) of fooling them into believing that a human is at the other end of the line. To use the vernacular: "Don't try to con me, bro!" Luckily, there's a relatively simple way to fix this problem at this early stage -- well before it becomes a big issue impacting many lives.

I believe that all production environment calls (essentially, calls not being made for internal test purposes) from Google's Duplex system should be required by Google to include an initial verbal warning to the called party that they have been called by an automated system, not by a human being -- the exact wording of that announcement to be determined.
UPDATE (5/10/18): Google now says Duplex will identify itself to humans.

Earlier today, Google pushed out the biggest revamp of Gmail in years. In addition to a new material design look, there are quick links to other Google services, such as Calendar, Tasks, and Keep, as well as a new "confidential mode" designed to protect users against certain attacks by having the email(s) automatically expire at a time of the sender's choosing. Long-time Slashdot reader Lauren Weinstein shares their initial impressions of Google's new Gmail UI: Google launched general access to their first significant Gmail user interface (UI) redesign in many years today. It's rolling out gradually -- when it hits your account you'll see a "Try the new Gmail" choice under the settings ("gear") icon on the upper right of the page (you can also revert to the "classic" interface for now, via the same menu). But you probably won't need to revert. Google clearly didn't want to screw up Gmail, and my initial impression is that they've succeeded by avoiding radical changes in the UI. I'll bet that some casual Gmail users might not even immediately notice the differences.

The new Gmail UI is what we could call a "minimally disruptive" redesign of the now "classic" version. The overall design is not altered in major respects. So far I haven't found any notable missing features, options, or settings. My impression is that the back end systems serving Gmail are largely unchanged. Additionally, there are a number of new features (some of which are familiar in design from Google's "Inbox" email interface) that are now surfaced for the new Gmail. Crucially, overall readability and usability (including contrast, font choices, UI selection elements, etc.) seem so close to classic Gmail (at least in my limited testing so far) as to make any differences essentially inconsequential. And it's still possible to select a dark theme from settings if you wish, which results in even higher contrast. Have you tried the new Gmail? If so, how do you like the new interface?

Long-time Slashdot reader Lauren Weinstein argues that fixing Facebook may be impossible because "Facebook's entire ecosystem is predicated on encouraging the manipulation of its users by third parties who posses the skills and financial resources to leverage Facebook's model. These are not aberrations at Facebook -- they are exactly how Facebook was designed to operate." Meanwhile one fund manager is already predicting that sooner or later every social media platform "is going to become MySpace," adding that "Nobody young uses Facebook," and that the backlash over Cambridge Analytica "quickens the demise."

But Slashdot reader silvergeek asks, "is there a safe, secure, and ethical alternative?" to which tepples suggests "the so-called IndieWeb stack using the h-entry microformat." He also suggests Diaspora, with an anonymous Diaspora user adding that "My family uses a server I put up to trade photos and posts... Ultimately more people need to start hosting family servers to help us get off the cloud craze... NethServer is a pretty decent CentOS based option."

Meanwhile Slashdot user Locke2005 shared a Washington Post profile of Mastodon, "a Twitter-like social network that has had a massive spike in sign-ups this week." Mastodon's code is open-source, meaning anybody can inspect its design. It's distributed, meaning that it doesn't run in some data center controlled by corporate executives but instead is run by its own users who set up independent servers. And its development costs are paid for by online donations, rather than through the marketing of users' personal information... Rooted in the idea that it doesn't benefit consumers to depend on centralized commercial platforms sucking up users' personal information, these entrepreneurs believe they can restore a bit of the magic from the Internet's earlier days -- back when everything was open and interoperable, not siloed and commercialized.
The article also interviews the founders of Blockstack, a blockchain-based marketplace for apps where all user data remains local and encrypted. "There's no company in the middle that's hosting all the data," they tell the Post. "We're going back to the world where it's like the old-school Microsoft Word -- where your interactions are yours, they're local and nobody's tracking them." On Medium, Mastodon founder Eugene Rochko also acknowledges Scuttlebutt and Hubzilla, ending his post with a message to all social media users: "To make an impact, we must act."

Lauren Weinstein believes Google has already created an alternative to Facebook's "sick ecosystem": Google Plus. "There are no ads on Google+. Nobody can buy their way into your feed or pay Google for priority. Google doesn't micromanage what you see. Google doesn't sell your personal information to any third parties..." And most importantly, "There's much less of an emphasis on hanging around with those high school nitwits whom you despised anyway, and much more a focus on meeting new persons from around the world for intelligent discussions... G+ posts more typically are about 'us' -- and tend to be far more interesting as a result." (Even Linus Torvalds is already reviewing gadgets there.)

Wired has also compiled their own list of alternatives to every Facebook service. But what are Slashdot's readers doing for their social media fix? Leave your own thoughts and suggestions in the comments.

Is there a good alternative to Facebook?

Long-time Slashdot reader Lauren Weinstein argues that fixing Facebook may be impossible because "Facebook's entire ecosystem is predicated on encouraging the manipulation of its users by third parties who posses the skills and financial resources to leverage Facebook's model. These are not aberrations at Facebook -- they are exactly how Facebook was designed to operate." Meanwhile one fund manager is already predicting that sooner or later every social media platform "is going to become MySpace," adding that "Nobody young uses Facebook," and that the backlash over Cambridge Analytica "quickens the demise."

But Slashdot reader silvergeek asks, "is there a safe, secure, and ethical alternative?" to which tepples suggests "the so-called IndieWeb stack using the h-entry microformat." He also suggests Diaspora, with an anonymous Diaspora user adding that "My family uses a server I put up to trade photos and posts... Ultimately more people need to start hosting family servers to help us get off the cloud craze... NethServer is a pretty decent CentOS based option."

Meanwhile Slashdot user Locke2005 shared a Washington Post profile of Mastodon, "a Twitter-like social network that has had a massive spike in sign-ups this week." Mastodon's code is open-source, meaning anybody can inspect its design. It's distributed, meaning that it doesn't run in some data center controlled by corporate executives but instead is run by its own users who set up independent servers. And its development costs are paid for by online donations, rather than through the marketing of users' personal information... Rooted in the idea that it doesn't benefit consumers to depend on centralized commercial platforms sucking up users' personal information, these entrepreneurs believe they can restore a bit of the magic from the Internet's earlier days -- back when everything was open and interoperable, not siloed and commercialized.
The article also interviews the founders of Blockstack, a blockchain-based marketplace for apps where all user data remains local and encrypted. "There's no company in the middle that's hosting all the data," they tell the Post. "We're going back to the world where it's like the old-school Microsoft Word -- where your interactions are yours, they're local and nobody's tracking them." On Medium, Mastodon founder Eugene Rochko also acknowledges Scuttlebutt and Hubzilla, ending his post with a message to all social media users: "To make an impact, we must act."

Lauren Weinstein believes Google has already created an alternative to Facebook's "sick ecosystem": Google Plus. "There are no ads on Google+. Nobody can buy their way into your feed or pay Google for priority. Google doesn't micromanage what you see. Google doesn't sell your personal information to any third parties..." And most importantly, "There's much less of an emphasis on hanging around with those high school nitwits whom you despised anyway, and much more a focus on meeting new persons from around the world for intelligent discussions... G+ posts more typically are about 'us' -- and tend to be far more interesting as a result." (Even Linus Torvalds is already reviewing gadgets there.)

Wired has also compiled their own list of alternatives to every Facebook service. But what are Slashdot's readers doing for their social media fix? Leave your own thoughts and suggestions in the comments.

Is there a good alternative to Facebook?

Slashdot reader Lauren Weinstein believes YouTube's plan to combat conspiracy videos with "information cues" is "likely doomed to be almost entirely ineffective." The kind of viewers who are going to believe these kinds of false conspiracy videos are almost certainly going to say that the associated Wikipedia articles are wrong, that they're planted lies... Not helping matters at all is that Wikipedia's reputation for accuracy -- never all that good -- has been plunging in recent years, sometimes resulting in embarrassing Knowledge Panel errors for Google in search results...

The key to avoiding the contamination...is to minimize their visibility in the YouTube/Google ecosystem in the first place... Not only should they be prevented from ever getting into the trending lists, they should be deranked, demonetized, and excised from the YouTube recommended video system. They should be immediately removed from YouTube entirely if they contain specific attacks against individuals or other violations of the YouTube Terms of Service and/or Community Guidelines. These actions must be taken as rapidly as possible with appropriate due diligence, before these videos are able to do even more damage to innocent parties.

Chances are either you or someone you know received a Google Home over the holidays. Not only are they being marketed heavily by Google but they seem to have appeared in almost every "Holiday Gift Guide" on the internet. Slashdot reader Lauren Weinstein brings up an interesting dilemma: is Google Home fit for the elderly? Weinstein writes: You cannot install or routinely maintain Google Home units without a smartphone and the Google Home smartphone app. There are no practical desktop based and/or remotely accessible means for someone to even do this for you. A smartphone on the same local Wi-Fi network as the device is always required for these purposes. This means that many elderly persons and individuals with physical or visual disabilities -- exactly the people whose lives could be greatly enhanced by Home's advanced voice query, response, and control capabilities -- are up the creek unless they have someone available in their physical presence to set up the device and make any ongoing configuration changes. Additionally, all of the "get more info" links related to Google Home responses are also restricted to the smartphone Home app.

Slashdot reader Lauren Weinstein writes from a blog: My inbox has been filling today with questions regarding Google's new warning to Android application developers that they will no longer be able to access Android accessibility service functions in their apps, unless they can demonstrate that those functions are specifically being used to help users with "disabilities" (a term not defined by Google in the warning). Beyond the overall vagueness when it comes to what is meant by disabilities, this entire approach by Google seems utterly wrongheaded and misguided. "While the intended purpose is for developers to create apps for users with disabilities, the API is often used for other functionality (to overlay content, fill in text fields, etc.)," reports Android Police. "LastPass, Universal Copy, Clipboard Actions, Cerberus, Signal Spy, Tasker, and Network Monitor Mini are just a few examples of applications heavily using this API." It's likely Google is cracking down on apps that use Accessibility Services due to the security risks they pose. "Once granted the right permissions, the API can be used to read data from other apps," reports Android Police.
The developer of BatterySaver received the following message from Google:

We're contacting you because your app, BatterySaver System Shortcut, with package name com.floriandraschbacher.batterysaver.free is requesting the 'android.permission.BIND_ACCESSIBILITY_SERVICE.' Apps requesting accessibility services should only be used to help users with disabilities use Android devices and apps. Your app must comply with our Permissions policy and the Prominent Disclosure requirements of our User Data policy.

Action required: If you aren't already doing so, you must explain to users how your app is using the 'android.permission.BIND_ACCESSIBILITY_SERVICE' to help users with disabilities use Android devices and apps. Apps that fail to meet this requirement within 30 days may be removed from Google Play. Alternatively, you can remove any requests for accessibility services within your app. You can also choose to unpublish your app.

Alternatively, you can choose to unpublish the app. All violations are tracked. Serious or repeated violations of any nature will result in the termination of your developer account, and investigation and possible termination of related Google accounts.

If you've reviewed the policy and feel we may have been in error, please reach out to our policy support team. One of my colleagues will get back to you within 2 business days.

Regards,

The Google Play Review Team

Slashdot reader Lauren Weinstein writes: I've long been bitching about Google Home's lack of a basic function that clock radios have had since at least the middle of the last century -- the classic "sleep timer" for playing music until a specified time or until a specific interval has passed... Originally, sleep timer type commands weren't recognized at all by GH, but eventually it started admitting that the concept at least exists... Officially, GH still responds with "Sleep timer is not yet supported" when you give commands like "Stop playing in an hour"... A somewhat inconvenient but seemingly serviceable way to fake a sleep timer is now possible with Google Home. I plead guilty, it's a hack. But here we go.
The hack exploits the new "Night Mode" in the firmware, which lets you set a maximum volume for specific hours of the day, creating silent (but still-active) music streaming. "Yep, a hack, but it works," writes Lauren. "And it's the closest we've gotten to a real sleep timer on Google Home so far."

Any other Slashdot readers have their own favorite personal assistant tricks?

An anonymous reader quotes USA Today: YouTube has changed its powerful search algorithm to promote videos from more mainstream news outlets in search results after people looking for details on the Las Vegas shooting were served up conspiracy theories and misinformation. YouTube confirmed the changes Thursday... In the days after the mass shooting, videos abounded on YouTube, some questioning whether the shooting occurred and others claiming law enforcement officials had deceived the public about what really happened...

Public outcry over YouTube videos promoting conspiracy theories is just the latest online flap for the major U.S. Internet companies. Within hours of the attack, Facebook and Google were called out for promoting conspiracy theories... Helping drive YouTube's popularity is the "Up next" column which suggests additional videos to viewers. The Wall Street Journal found incidents this week in which YouTube suggested videos promoting conspiracy theories next to videos from mainstream news sources. YouTube acknowledged issues with the "Up next" algorithm and said it was looking to promote more authoritative results there, too.
At least one video was viewed over a million times, and Slashdot reader Lauren Weinstein writes that "I've received emails from Google users who report YouTube pushing links to some of those trending fake videos directly to their phones as notifications." He's suggesting that from now on, YouTube's top trending videos should be reviewed by actual humans.

Vortex.com is one of the oldest domains on the internet -- one of the first 40 ever registered, writes Slashdot reader Lauren Weinstein. So why does Google sometimes block the email he sends? Here's why. First, my message had the audacity to mention "Google Account" or "Google Accounts" in the subject and/or body of the message. And secondly, one of my mailing lists is "google-issues" -- so some (digest format) recipients received the email from "google-issues-request@vortex.com"... Apparently what we're dealing with here is a simplistic (and frankly, rather haphazard in this respect at least) string-matching algorithm that could have come right out of the early 1970s...! [A]t least in this case, it appears that Google is basically using the venerable old UNIX/Linux "grep" command or some equivalent, and in a rather slipshod way, too.
In addition, the article concludes, "I've never found a way to get Google to 'whitelist' well-behaved senders against these kinds of errors, so some users see these false phishing warnings repeatedly.

An anonymous reader writes: An engineer at Google's Mountain View headquarters circulated a 3,400-word essay internally that argued a "moral bias" exists at Google that's "shaming dissenters" and silencing their voices against "encroaching extremist and authoritarian policies." It attributes the gender gap in technology to biology-based differences in abilities (such as "speaking up" and "leading") and different personality traits (including "neuroticism"). Its suggested remedies include "Stop alienating conservatives" (calling it "non-inclusive" and "bad business because conservatives tend to be higher in conscientiousness"), and it also suggests as a solution to "de-emphasize empathy" (which "causes us to focus on anecdotes, favor individuals similar to us, and harbor other irrational and dangerous biases").

As the essay leaked over the weekend, former Google engineer Yonatan Zunger identified its anonymous author as "not someone senior," saying the author didn't seem to understand gender -- or engineering -- or what's going to happen next. "Essentially, engineering is all about cooperation, collaboration, and empathy for both your colleagues and your customers. If someone told you that engineering was a field where you could get away with not dealing with people or feelings, then I'm very sorry to tell you that you have been lied to... It's true that women are socialized to be better at paying attention to people's emotional needs and so on -- this is something that makes them better engineers, not worse ones... You need to learn the difference between 'I think we should adopt Go as our primary language' and 'I think one-third of my colleagues are either biologically unsuited to do their jobs, or if not are exceptions and should be suspected of such until they can prove otherwise to each and every person's satisfaction.'"
The leaked internal essay is now being discussed in literally dozens of news outlets. Click through for some official responses, including leaked reactions from Google's VP of Engineering, from Google's new VP of Diversity, Integrity & Governance -- and from Slashdot's readers.
Google's new VP of Diversity, Integrity & Governance -- who started just a few weeks ago -- responded internally that the document "advanced incorrect assumptions about gender," saying it's not a viewpoint Google endorses or encourages, and adding that "Changing a culture is hard, and it's often uncomfortable."

Zunger seemed to agree in part, writing sympathetically that "One very important true statement which this manifesto makes is that male gender roles remain highly inflexible, and that this is a bug, not a feature. In fact, I suspect that this is the core bug which prompted everything else within this manifesto to be written."

Google VP of Engineering Ari Balogh also responded internally that "we want to continue fostering an environment where it's safe to engage in challenging conversations in a thoughtful way. But, in the process of doing that, we cannot allow stereotyping and harmful assumptions to play any part. One of the aspects of the post that troubled me deeply was the bias inherent in suggesting that most women, or men, feel or act a certain way. That is stereotyping, and it is harmful."

Long-time Slashdot reader Lauren Weinstein believes that leaking the internal memo to the outside world was a major breach of trust that will do more damage. But he also links to an earlier essay which argues "The men of computer science and the computer industry are misogynous jerks. Not all of them of course. Likely not even the majority. But enough to thoroughly poison the well."

An anonymous reader writes: An engineer at Google's Mountain View headquarters circulated a 3,400-word essay internally that argued a "moral bias" exists at Google that's "shaming dissenters" and silencing their voices against "encroaching extremist and authoritarian policies." It attributes the gender gap in technology to biology-based differences in abilities (such as "speaking up" and "leading") and different personality traits (including "neuroticism"). Its suggested remedies include "Stop alienating conservatives" (calling it "non-inclusive" and "bad business because conservatives tend to be higher in conscientiousness"), and it also suggests as a solution to "de-emphasize empathy" (which "causes us to focus on anecdotes, favor individuals similar to us, and harbor other irrational and dangerous biases").

As the essay leaked over the weekend, former Google engineer Yonatan Zunger identified its anonymous author as "not someone senior," saying the author didn't seem to understand gender -- or engineering -- or what's going to happen next. "Essentially, engineering is all about cooperation, collaboration, and empathy for both your colleagues and your customers. If someone told you that engineering was a field where you could get away with not dealing with people or feelings, then I'm very sorry to tell you that you have been lied to... It's true that women are socialized to be better at paying attention to people's emotional needs and so on -- this is something that makes them better engineers, not worse ones... You need to learn the difference between 'I think we should adopt Go as our primary language' and 'I think one-third of my colleagues are either biologically unsuited to do their jobs, or if not are exceptions and should be suspected of such until they can prove otherwise to each and every person's satisfaction.'"
The leaked internal essay is now being discussed in literally dozens of news outlets. Click through for some official responses, including leaked reactions from Google's VP of Engineering, from Google's new VP of Diversity, Integrity & Governance -- and from Slashdot's readers.
Google's new VP of Diversity, Integrity & Governance -- who started just a few weeks ago -- responded internally that the document "advanced incorrect assumptions about gender," saying it's not a viewpoint Google endorses or encourages, and adding that "Changing a culture is hard, and it's often uncomfortable."

Zunger seemed to agree in part, writing sympathetically that "One very important true statement which this manifesto makes is that male gender roles remain highly inflexible, and that this is a bug, not a feature. In fact, I suspect that this is the core bug which prompted everything else within this manifesto to be written."

Google VP of Engineering Ari Balogh also responded internally that "we want to continue fostering an environment where it's safe to engage in challenging conversations in a thoughtful way. But, in the process of doing that, we cannot allow stereotyping and harmful assumptions to play any part. One of the aspects of the post that troubled me deeply was the bias inherent in suggesting that most women, or men, feel or act a certain way. That is stereotyping, and it is harmful."

Long-time Slashdot reader Lauren Weinstein believes that leaking the internal memo to the outside world was a major breach of trust that will do more damage. But he also links to an earlier essay which argues "The men of computer science and the computer industry are misogynous jerks. Not all of them of course. Likely not even the majority. But enough to thoroughly poison the well."

pizzutz writes: Chrome's popular Web Developer plugin was briefly hijacked on Wednesday when an attacker gained control of the author's Google account and released a new version (0.49) which injected ads into web pages of more than a million users who downloaded the update. The version was quickly replaced with an uncompromised version (0.5) and all users are urged to update immediately.
Lauren Weinstein has a broader warning: While the browser firms work extensively to build top-notch security and privacy controls into the browsers themselves, the unfortunate fact is that these can be undermined by add-ons, some of which are downright crooked, many more of which are sloppily written and poorly maintained. Ironically, some of these add-on extensions and apps claim to be providing more security, while actually undermining the intrinsic security of the browsers themselves. Others (and this is an extremely common scenario) claim to be providing additional search or shopping functionalities, while actually only existing to silently collect and sell user browsing activity data of all sorts.
Lauren also warns about sites that "push users very hard to install these privacy-invasive, data sucking extensions" -- and believes requests for permissions aren't a sufficient safeguard for most users. "Expecting them to really understand what these permissions mean is ludicrous. We're the software engineers and computer scientists -- most users aren't either of these. They have busy lives -- they expect our stuff to just work, and not to screw them over."

An anonymous reader quotes the AP: Teams of technicians worked "round the clock" Saturday to restore hospital computer systems in Britain and check bank or transport services in other nations after a global cyberattack hit dozens of countries and crippled the U.K.'s health system. The worldwide attack was so unprecedented that Microsoft quickly changed its policy and announced that it will make security fixes available for free for older Windows systems, which are still used by millions of individuals and smaller businesses. [Windows XP, Windows 8, and Windows Server 2003]
An anonymous reader writes: The patches are available for download from here. Microsoft also advises companies and users to disable the Windows Server Message Block version 1 protocol, as it's an old and outdated protocol, already superseded by newer versions, such as SMBv2 and SMBv3... Microsoft had released a fix for that exploit a month before, in March, in security bulletin MS17-010 [which] included fixes for Windows Vista, Windows 7, Windows 8.1, Windows 10, Windows Server 2008, Windows Server 2012, and Windows Server 2016.
Below the fold are more stories about the WanaDecrypt0r ransomware.

• The Los Angeles Times says the attack "shows why Apple refused to hack terrorist's iPhone," and why Google, Apple, and Microsoft resist calls for backdoors. "Though the NSA hasn't confirmed it was hacked, the purported leak of its tools shows that even supposedly secret vulnerabilities can get into the wrong hands.... when flaws the agencies discover pose a threat to the nation's businesses and consumers, they should be forced to help secure systems."
• Science fiction writer Charlie Stross blogged a humorous take on the event, sharing a "Rejection Letter" from Reality Publishing Corporation that argues the plot of his newest thriller -- MS17-010 -- "does not hold up to scrutiny." (A government agency hoards known vulnerabilities about vital infrastructure, then suddenly loses control of them...)
• troublemaker_23 shares ITWire's call for a "public statement of contrition" from Microsoft, which reminds readers that "the ransomware and exploits are just the effects. The vulnerabilities in Windows are the cause."
• There's now a first-person account about the discovery of the kill switch, which insists that registering that domain "was not a whim. My job is to look for ways we can track and potentially stop botnets..."
• Slashdot reader Lauren Weinstein says some antivirus services (and firewalls incorporating their rules) are mistakenly blocking the kill switch's site as a 'bad domain', which allows the malware to continue spreading. "Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I'm receiving!"

"An 'accidental hero' has halted the global spread of the WannaCry ransomware that has wreaked havoc on organizations..." writes The Guardian. An anonymous reader quotes their report: A cybersecurity researcher tweeting as @malwaretechblog, with the help of Darien Huss from security firm Proofpoint, found and implemented a "kill switch" in the malicious software that was based on a cyber-weapon stolen from the NSA. The kill switch was hardcoded into the malware in case the creator wanted to stop it from spreading. This involved a very long nonsensical domain name that the malware makes a request to -- just as if it was looking up any website -- and if the request comes back and shows that the domain is live, the kill switch takes effect and the malware stops spreading. Of course, this relies on the creator of the malware registering the specific domain. In this case, the creator failed to do this. And @malwaretechblog did early Friday morning (Pacific Time), stopping the rapid proliferation of the ransomware.
You can read their first-person account of the discovery here, which insists that registering the domain "was not a whim. My job is to look for ways we can track and potentially stop botnets..." Friday they also tweeted a map from the New York Times showing that registering that domain provided more time for U.S. sites to patch their systems. And Friday night they added "IP addresses from our [DNS] sinkhole have been sent to FBI and ShadowServer so affected organizations should get a notification soon. Patch ASAP."

UPDATE: Slashdot reader Lauren Weinstein says some antivirus services (and firewalls incorporating their rules) are mistakenly blocking that site as a 'bad domain', which allows the malware to continue spreading. "Your systems MUST be able to access the domain above if this malware blocking trigger is to be effective, according to the current reports that I'm receiving!"

Last summer Google revealed personalized data dashboards for every Google account, letting users edit (or delete) items from their search history as well as their viewing history on YouTube. Now Slashdot reader Lauren Weinstein writes: Since posting "The Google Page That Google Haters Don't Want You to Know About" last week, I've received a bunch of messages from readers asking for help using Google's "My Activity" page to control, inspect, and/or delete their data on Google. The My Activity portal is quite comprehensive and can be used in many different ways, but to get you started I'll briefly outline how to use My Activity to delete activity data.
CNET points out you can also access the slightly-creepier "Google Maps location history" by clicking the menu icon in the upper left corner and selecting "Other Google activity." But Weinstein writes, "I have no problems with Google collecting the kinds of data that provide their advanced services, so long as I can choose when that data is collected, and I can inspect and delete it on demand. The google.com/myactivity portal provides those abilities and a lot more."

Last summer Google revealed personalized data dashboards for every Google account, letting users edit (or delete) items from their search history as well as their viewing history on YouTube. Now Slashdot reader Lauren Weinstein writes: Since posting "The Google Page That Google Haters Don't Want You to Know About" last week, I've received a bunch of messages from readers asking for help using Google's "My Activity" page to control, inspect, and/or delete their data on Google. The My Activity portal is quite comprehensive and can be used in many different ways, but to get you started I'll briefly outline how to use My Activity to delete activity data.
CNET points out you can also access the slightly-creepier "Google Maps location history" by clicking the menu icon in the upper left corner and selecting "Other Google activity." But Weinstein writes, "I have no problems with Google collecting the kinds of data that provide their advanced services, so long as I can choose when that data is collected, and I can inspect and delete it on demand. The google.com/myactivity portal provides those abilities and a lot more."

Archive.org argues robots.txt files are geared toward search engines, and now plans instead to represent the web "as it really was, and is, from a user's perspective." We have also seen an upsurge of the use of robots.txt files to remove entire domains from search engines when they transition from a live web site into a parked domain, which has historically also removed the entire domain from view in the Wayback Machine... We receive inquiries and complaints on these "disappeared" sites almost daily."
In response, Slashdot reader Lauren Weinstein writes: We can stipulate at the outset that the venerable Internet Archive and its associated systems like Wayback Machine have done a lot of good for many years -- for example by providing chronological archives of websites who have chosen to participate in their efforts. But now, it appears that the Internet Archive has joined the dark side of the Internet, by announcing that they will no longer honor the access control requests of any websites.
He's wondering what will happen when "a flood of other players decide that they must emulate the Internet Archive's dismal reasoning to remain competitive," adding that if sys-admins start blocking spiders with web server configuration directives, other unrelated sites could become "collateral damage."

But BoingBoing is calling it "an excellent decision... a splendid reminder that nothing published on the web is ever meaningfully private, and will always go on your permanent record." So what do Slashdot's readers think? Should Archive.org ignore robots.txt directives and cache everything?

Slashdot reader Lauren Weinstein thinks Burger King should be prosecuted for successfully running an alternate version of its advertisement to trigger Google Home devices again Wednesday: Someone -- or more likely a bunch of someones -- at Burger King and their advertising agency need to be arrested, tried, and spend some time in shackles and prison cells. They've likely been violating state and federal cybercrime laws with their obnoxious ad campaign... For example, the federal Computer Fraud and Abuse Act broadly prohibits anyone from accessing a computer without authorization... Burger King has instantly become the 'poster child' for mass, criminal abuse of these devices... It was a direct and voluntary violation of law.

Slashdot reader Lauren Weinstein writes: Google has announced (with considerable fanfare) public access to their new "Perspective" comment filtering system API, which uses Google's machine learning/AI system to determine which comments on a site shouldn't be displayed due to perceived high spam/toxicity scores. It's a fascinating effort. And if you run a website that supports comments, I urge you not to put this Google service into production, at least for now.

The bottom line is that I view Google's spam detection systems as currently too prone to false positives -- thereby enabling a form of algorithm-driven "censorship" (for lack of a better word in this specific context) -- especially by "lazy" sites that might accept Google's determinations of comment scoring as gospel... as someone who deals with significant numbers of comments filtered by Google every day -- I have nearly 400K followers on Google Plus -- I can tell you with considerable confidence that the problem isn't "spam" comments that are being missed, it's completely legitimate non-spam, non-toxic comments that are inappropriately marked as spam and hidden by Google.
Lauren is also collecting noteworthy experiences for a white paper about "the perceived overall state of Google (and its parent corporation Alphabet, Inc.)" to better understand how internet companies are now impacting our lives in unanticipated ways. He's inviting people to share their recent experiences with "specific Google services (including everything from Search to Gmail to YouTube and beyond), accounts, privacy, security, interactions, legal or copyright issues -- essentially anything positive, negative, or neutral that you are free to impart to me, that you believe might be of interest."

Slashdot reader Lauren Weinstein writes: Google has announced (with considerable fanfare) public access to their new "Perspective" comment filtering system API, which uses Google's machine learning/AI system to determine which comments on a site shouldn't be displayed due to perceived high spam/toxicity scores. It's a fascinating effort. And if you run a website that supports comments, I urge you not to put this Google service into production, at least for now.

The bottom line is that I view Google's spam detection systems as currently too prone to false positives -- thereby enabling a form of algorithm-driven "censorship" (for lack of a better word in this specific context) -- especially by "lazy" sites that might accept Google's determinations of comment scoring as gospel... as someone who deals with significant numbers of comments filtered by Google every day -- I have nearly 400K followers on Google Plus -- I can tell you with considerable confidence that the problem isn't "spam" comments that are being missed, it's completely legitimate non-spam, non-toxic comments that are inappropriately marked as spam and hidden by Google.
Lauren is also collecting noteworthy experiences for a white paper about "the perceived overall state of Google (and its parent corporation Alphabet, Inc.)" to better understand how internet companies are now impacting our lives in unanticipated ways. He's inviting people to share their recent experiences with "specific Google services (including everything from Search to Gmail to YouTube and beyond), accounts, privacy, security, interactions, legal or copyright issues -- essentially anything positive, negative, or neutral that you are free to impart to me, that you believe might be of interest."

"Google Chrome users have been contacting me wondering why they no longer could access the detailed status of Chrome https: connections, or view the organization and other data associated with SSL certificates for those connections," writes Slashdot reader Lauren Weinstein, adding "Google took a simple click in an intuitive place and replaced it with a bunch of clicks scattered around." Up to now for the stable version of Chrome, you simply clicked the little green padlock icon on an https: connection, clicked on the "Details" link that appeared, and a panel then opened that gave you that status, along with an obvious button to click for viewing the actual certificate data such as Organization, issuance and expiration dates, etc. Suddenly, that "Details" link no longer is present...

The full certificate data is available from the "Developers tools" panel under the "Security" label. In fact, that's where this info has been for quite some time, but since the now missing "Details" link took you directly to that panel, most users probably didn't even realize that they were deep in the Developers tools section of the browser.
On some systems you can just press F12, but the alternate route is to click on the three vertical dots in the upper right, then select "More Tools", and then "Developer Tools". (And if you don't then see "Security", click on the " >>".)

Long-time Slashdot reader Lauren Weinstein writes: It seems like almost every day I get junk solicitation phone calls "from Google." They call about my Google business local listings, about my not being on the first page of Google search results, and so on -- and they want me to pay them to "fix" this stuff. When I look up the Caller ID numbers they use, I often finds pages of people claiming they're Google phone numbers. Sometimes the Caller ID display actually says Google!

Is Google really doing this? Negative. NONE of these calls are from Google. Zero. Zilch. Nada. These callers are inevitably "SEO"; (Search Engine Optimization) scammers of one sort or another. They make millions of "cold calls" to businesses using public phone listings (from the Web or other sources) or using phone number lists purchased from brokers. If you ever actually deal with them, you'll find that their services typically range from useless to dangerous.

Long-time Slashdot reader Lauren Weinstein writes: I'm told that Social Security Administration has now removed the mandatory cell phone access requirement that was strongly criticized... I appreciate that SSA has done the right thing in this case. Perhaps in the future they'll think these things through better ahead of time!
The web site now describes the "extra security" of two-factor cellphone authentication as entirely optional -- but security researcher Brian Krebs had also warned that the bigger risk was how easy it was to impersonate somebody else when creating an account online. He wrote Thursday that now "the SSA is mailing letters if you sign up online, but they don't take that opportunity to deliver a special code to securely complete the sign up. Go figure."

Lauren Weinstein writes with some insight on an frustrating aspect of YouTube's video hosting service: "Why does Google's YouTube seem so biased against ordinary users who upload videos? I've unfairly had my videos blocked, received copyright strikes for my own materials, and even had my account suspended — and it's impossible to reach anyone at YouTube to complain!" No, YouTube isn't biased against you — not voluntarily, anyway. But it could definitely be argued that the copyright legal landscape — particularly in the mainstream entertainment industry — is indeed biased against the "little guys," and Google's YouTube must obey the laws as written. What's more, YouTube exists at the "bleeding edge" of the intersection of technology and law, where there's oh so much that goes bump in the night ...

New submitter kruug writes: The U.S. Department of Justice filed a motion seeking to compel Apple Inc to comply with a judge's order for the company to unlock the iPhone belonging to one of the San Bernardino shooters, portraying the tech giant's refusal as a 'marketing strategy.' The filing escalated a showdown between the Obama administration and Silicon Valley over security and privacy that ignited earlier this week. The Federal Bureau of Investigation is seeking the tech giant's help to access the shooter's phone, which is encrypted. The company so far has pushed back, and on Thursday won three extra days to respond to the order. Reader Lauren Weinstein writes of this tack: "The level of DOJ disingenuousness in play is simply staggering."

Lauren Weinstein writes: The conclusion appears inescapable. Twitter apparently has voluntarily chosen to 'look the other way' while Donald Trump spews forth a trolling stream of hate and other abuses that would cause any average Twitter user to be terminated in a heartbeat. There's always room to argue the proprietary or desirability of any given social media content terms of service — or the policy precepts through which they are applied. It is also utterly clear that if such rules are not applied to everyone with the same vigor, particularly when there's an appearance of profiting by making exceptions for particular individuals, the moral authority on which those rules are presumably based is decimated, pointless, and becomes a mere fiction. Would you rather Twitter shut down no account ever, apply a sort of white-listing policy, or something in the middle?

Lauren Weinstein writes: In a time of fascist politicians spouting simplistic slogans about race, religion, terrorism, and censorship, along with whatever other pandering platitudes they believe will win them votes, prestige, power, and control — it's worth remembering how much good the Internet brings us, and how much poorer we'd all be in so many ways for the shackling of Internet services like YouTube, in the name of such self-serving proclamations and damaging false solutions.

Lauren Weinstein writes: The U.S. Air Force has just issued a solicitation for a radio-based 'Portable Anti Drone Defense' system — essentially a remote drone disruption device that can be easily used by someone familiar with — well — shooting guns. The Air Force wants three units to start with. Delivery required 30 days after awarding of the contract. It does indeed make for interesting reading, and I thought it might be instructive to dig into the technical details a bit ...

Lauren Weinstein writes: Recent claims by some (mostly nontechnical) observers that it would be "simple" for services like YouTube to automatically block "terrorist" videos, in the manner that various major services currently detect child porn images are nonsensical. One major difference is that those still images are detected via data "fingerprinting" techniques that are relatively effective on known still images compared against a known database, but are relatively useless outside the realm of still images, especially for videos of varied origins that are routinely manipulated by uploaders specifically to avoid detection. Two completely different worlds. So are there practical ways to at least help to limit the worst of the violent videos, the ones that most directly portray, promote, and incite terrorism or other violent acts? I believe there are.

Lauren Weinstein says there are smart people in government, "who fully understand the technical realities of modern strong encryption systems and how backdoors would catastrophically weaken them," but asks So why do they continue to argue for these backdoor mechanisms, now more loudly than ever? The answer appears to be that they're lying to us. Or if lying seems like too strong a word, we could alternatively say they're being 'incredibly disingenuous' in their arguments. You don't need to be a computer scientist to follow the logic of how we reach this unfortunate and frankly disheartening determination regarding governments' invocation of terrorism as an excuse for demanding crypto backdoors for authorities' use.

An anonymous reader writes: I really want to upgrade to Windows 10, but have begun seeing stories come out about the new Terms and how they affect your privacy. It looks like the default Windows 10 system puts copies of your data out on the "cloud", gives your passwords out, and targets advertising to you. The main reason I am looking to upgrade is that Bitlocker is not available on Windows 7 Pro, but is on Windows 10 Pro, and Microsoft no longer offers Anytime Upgrades to Windows 7 Ultimate. However, I don't want to give away my privacy for security. The other option is to wait until October to see what the Windows 10 Enterprise version offers, but it may not be available through retail. Are the privacy minded Slashdot readers not going with Windows 10?

For reference, I am referring to these articles. (Not to mention claims that it steals your bandwidth.) Have a question for Slashdot's readers? Take a look at other recent questions first to see if someone else has had a similar question. And if not, ask away! The more details and context you include, the more likely your question will be selected.

Lauren Weinstein writes: I had originally been considering accepting Microsoft's offer of a free upgrade from Windows 7 to Windows 10. After all, reports have suggested that it's a much more usable system than Windows 8/8.1 — but of course in keeping with the 'every other MS release of Windows is a dog' history, that's a pretty low bar. However, it appears that MS has significantly botched their deployment of Windows 10. I suppose we shouldn't be surprised, even though hope springs eternal. Since there are so many issues involved, and MS is very aggressively pushing this upgrade, I'm going to run through key points here quickly, and reference other sites' pages that can give you more information right now. But here's my executive summary: You may want to think twice, or three times, or many more times, about whether or not you wish to accept the Windows 10 free upgrade on your existing Windows 7 or 8/8.1 system. Now that we're into the first week of widespread availability for the new version, if you're a Windows user and upgrader, has your experience been good, horrible, or someplace between?

Lauren Weinstein writes: A couple of months ago, in "Seeking Anecdotes Regarding 'Older' Persons' Use of Web Services," I asked for stories and comments regarding experiences that older users have had with modern Web systems, with an emphasis on possible problems and frustrations. I purposely did not define "older" — with the result that responses arrived from users (or regarding users) self-identifying as ages ranging from their 30s to well into their 90s (suggesting that "older" is largely a point of view rather than an absolute). Before I began the survey I had some preconceived notions of how the results would appear. Some of these were proven correct, but overall the responses also contained many surprises, often both depressing and tragic in scope. The frustration of caregivers in these contexts was palpable. They'd teach an older user how to use a key service like Web-based mail to communicate with their loved ones, only to discover that a sudden UI change caused them to give up in frustration and not want to try again. When the caregiver isn't local the situation is even worse. While remote access software has proven a great boon in such situations, they're often too complex for the user to set up or fix by themselves when something goes wrong, remaining cut off until the caregiver is back in their physical presence.

Lauren Weinstein writes: While some companies have long had a "nod and wink" relationship with law enforcement and other parts of government -- willingly turning over user data at mere requests without even attempting to require warrants or subpoenas, it's widely known that Google has long pushed back -- sometimes though multiple layers of courts and legal processes -- against data requests from government that are not accompanied by valid court orders or that Google views as being overly broad, intrusive, or otherwise inappropriate. Over the last few days the public has gained an unusually detailed insight into how hard Google will fight to protect its users against government overreaching, even when this involves only a single user's data. One case reaches back to the beginning of 2011, when the U.S. Department of Justice tried to force Google to turn over more than a year's worth of metadata for a user affiliated with WikiLeaks. While these demands did not include the content of emails, they did include records of this party's email correspondents, and IP addresses he had used to login to his Gmail account. Notably, DOJ didn't even seek a search warrant. They wanted Google to turn over the data based on the lesser "reasonable grounds" standard rather than the "probable cause" standard of a search warrant itself. And most ominously, DOJ wanted a gag order to prevent Google from informing this party that any of this was going on, which would make it impossible for him to muster any kind of legal defense.

Lauren Weinstein writes: I've been waiting for this, much the way one waits for a violent case of food poisoning. France is now officially demanding that Google expand the hideous EU 'Right To Be Forgotten' (RTBF) to Google.com worldwide, instead of just applying it to the appropriate localized (e.g. France) version of Google. And here's my official response as a concerned individual:

To hell with this ... Weinstein's page links to the paywalled WSJ coverage; you might prefer The New York Times or Politico. Related: a court in Canada, according to TechDirt, would like to do something similar, when it comes to expanding its effect on Google results for everyone, not just those who happen to live within its jurisdiction.

Lauren Weinstein writes: Finally! There's something that apparently virtually all governments around the world can actually agree upon. Unfortunately, it's on par conceptually with handing out hydrogen bombs as lottery prizes. If the drumbeat isn't actually coordinated, it might as well be. Around the world, in testimony before national legislatures and in countless interviews with media, government officials and their surrogates are proclaiming the immediate need to "do something" about encryption that law enforcement and other government agencies can't read on demand. Apropos: This IT World story (and the New York Times piece it draws from — also published today) about a newly disclosed NSA program through which the agency is "reportedly intercepting Internet communications from U.S. residents without getting court-ordered warrants."

Lauren Weinstein writes "You'd think that with so many concerns these days about whether the likes of AT&T, Verizon, and other telecom companies can be trusted not to turn our data over to third parties whom we haven't authorized, that a plan to formalize a mechanism for ISP and other 'man-in-the-middle' snooping would be laughed off the Net. But apparently the authors of IETF (Internet Engineering Task Force) Internet-Draft 'Explicit Trusted Proxy in HTTP/2.0' (14 Feb 2014) haven't gotten the message. What they propose for the new HTTP/2.0 protocol is nothing short of officially sanctioned snooping."

Lauren Weinstein writes with a slightly depressing end-of-year prediction. An excerpt: "This then may be the ultimate irony in this surveillance saga. Despite the current flood of protests, recriminations, and embarrassments — and even a bit of legal jeopardy — intelligence services around the world (including especially NSA) may come to find that Edward Snowden's actions, by pushing into the sunlight the programs whose very existence had long been dim, dark, or denied — may turn out over time to be the greatest boost to domestic surveillance since the invention of the transistor."

Lauren Weinstein writes "With further confirmation of the longstanding rumor that the U.S. government (and, we can safely assume, other governments around the world) have been pressuring major Internet firms to provide their 'master' SSL keys for government surveillance purposes, we are rapidly approaching a critical technological crossroad. It is now abundantly clear — as many of us have suspected all along — that governments and surveillance agencies of all stripes — Western, Eastern, democratic, and authoritarian, will pour essentially unlimited funds into efforts to monitor Internet communications." If this is true it means that SSL/TLS to any Internet service could be useless — the authorities could simply man-in-the-middle anyone. Without knowing who has given keys over, or if anyone has given keys over... The NSA does claim encryption poses a problem for them, but honesty isn't their best attribute. The source claims that major providers at least have resisted (assuming it is happening), but that smaller companies may have folded to the pressure.

Lauren Weinstein writes "In a clear demonstration that actions do have consequences, often unintended ones, 'The New York Times' reports that Russia is again demanding a UN Internet takeover of exactly the sort repressive governments around the world have long been lusting after, and using Edward Snowden's continued presence in Russia as a foundation for this new thrust. Acting as a catalyst for a crackdown against freedom of speech on the Net was certainly not Snowden's intention — quite the opposite, it's reasonable to assume." Not to worry.

Lauren Weinstein writes "Now, what's really going on with PRISM? The government admits that the program exists, but says it is being 'mischaracterized' in significant ways (always a risk with secret projects sucking up information about your citizens' personal lives). The Internet firms named in the leaked documents are denying that they have provided 'back doors' to the government for data access. Who is telling the truth? Likely both. Based on previous information and the new leaks, we can make some pretty logical guesses about the actual shape of all this. Here's my take."

Lauren Weinstein writes "Are you ready for the imagery war — the war against personal photography and capturing of video? You'd better be. 'In some cities, like New York, the surveillance-industrial complex has its fangs deeply into government for the big bucks. It's there we heard the Police Commissioner — just hours ago, really — claim that "privacy is off the table." And of course, there's the rise of wearable cameras and microphones by law enforcement, generally bringing praise from people who assume they will reduce police misconduct, but also dangerously ignoring a host of critical questions. Will officers be able to choose when the video is running? How will the video be protected from tampering? How long will it be archived? Can it be demanded by courts? ... All of this and more is the gung-ho, government surveillance side of the equation. But what about the personal photography and video side? What of individual or corporate use of these technologies in public and private spaces? Will the same politicians promoting government surveillance in all its glory take a similar stance toward nongovernmental applications? Writing already on the wall suggests not. Inklings of the battles to come are already visible, if you know where to look."

In the end, the Streisand Effect prevailed, as you might expect, when a French domestic intelligence agency apparently browbeat a French citizen into removing content from Wikipedia. The attention caused the Wikipedia entry on a formerly obscure military radio site (English version) to leap in popularity not only in French, but in languages where it was formerly far less likely to have been noticed at all. Lauren Weinstein makes the case, though, that this sort of move isn't just something to shrug at or assume will always end so nicely. "Even though attempts at Internet censorship will almost all fail in the end, governments and authorities have the capability to make groups' and individuals' lives extremely uncomfortable, painful, or even terminated — in the process of attempts at censorship, and equally important, by instilling fear to encourage self-censorship in the first place."