Your ISP tracking your every move is scarier than all of them after the ISP privacy bill passed.
At least Facebook and Google give you something for it and you can route around them if you desire. No routing around ISPs unless you use a VPN but even then they are blocking those.
Broadband/cable/telcos capture everything you do and can now sell that information and do[1]. That bill was the pre-cursor to removing net neutrality by taking privacy and policy from the FCC to the FTC.
Part of Jeff Flakes argument for getting rid of the privacy protections were so that ISPs can compete with Facebook and Google and sell your data/offer ads to you. Yet Facebook and Google at least built products you wanted that you willingly gave up privacy to use and at least got something for it [2][3].
ISPs you have to pay to use and they still take your data as if you are the product. ISPs could have built products people wanted to get that data but they instead bribed 'representatives' to get it via legislation with their local monopolies. Noone wanted this bill but ISPs.
Uh, Google and Mozilla and a handful of organizations are converting all web traffic to HTTPS through subtle manipulation of standards and user interface. They even proxy mobile traffic from their search engine. ISPs can't even see what IP you're visiting because it's all fronted by CloudFlare. Even your DNS is being hidden by an HTTPS tunnel in the browser.
Your ISP soon won't be able to see anything you do online. But Google will see it all.
> The number one creepiest thing on our list of privacy-invasive practices comes courtesy of Verizon (and AT&T, which quickly killed a similar program after Verizon started getting blowback).
> Snooping through your traffic and inserting ads Which ISPs did it before? AT&T, Charter, CMA
> Hijacking your searches Which ISPs did it before? Charter, Cogent, DirecPC, Frontier, Wide Open West
All of these areas are going to be tried again by the ISPs with this law.
Ok, so Google doesn't inject ads into your web traffic. But they inject ads into websites using AdSense, and into search results, and their products, and any technology linked to their ad platform (which is basically all technology related to the web). To increase ad revenue, they snoop on any personal data you store with Google. And they use their ads to collect more info about where you go on the web.
> Hijacking your searches
So, Google doesn't need to hijack your search, because they are most people's preferred search engine. But they do proxy your browser's connection when you click on a search result from a mobile browser (AMP). They're starting to do this with your e-mail, too. And they sometimes do this with your DNS records, so they know every site you load, period. I would call that connection hijacking, tracking, and snooping.
Re: the other points in that article, they already sell your data to marketers, all their software is already pre-installed on your phone/tablet/chromebook/desktop/laptop, and they definitely track you with cookies.
Google has a competitive advantage in that they have a walled-off platform where nobody else can make money off of you. The ISPs want a shot at making money off you, too. Since both are doing virtually the same thing, I don't see a big difference. Just the means by which they do them.
Google has been reshaping the entire internet and web just to maximize the way they can profit off my personal information. I don't see the ISPs doing that. What I'm curious about is, why is the EFF so upset about what ISPs do, but not upset about what Google does, when Google's actions are literally affecting an entire industry and most of the world, and not just its own customers?
> The ISPs want a shot at making money off you, too
- Do you want your ISP tracking you and selling your private data? Do you think that is the place of an ISP?
- Does it bother you you are PAYING your ISP and they are reselling your data as well?
- Do you trust Comcast and Verizon and like that you are paying them to sell your data when you just want to use them to get online and are ok with this?
I don't think anyone argues Google has power but they aren't your 'gateway' to the internet that you pay for privacy.
Your argument is basically that you think Google has overreach so you want ISPs to take that from them or also do that?
I am against Google Fiber ISP having access that ISPs just won with bribery over innovation/product offerings that people want.
If Facebook had an ISP I wouldn't want them doing it either via the ISP.
> What I'm curious about is, why is the EFF so upset about what ISPs do, but not upset about what Google does, when Google's actions are literally affecting an entire industry and most of the world, and not just its own customers?
Products built on top of the internet are way different than products that are the base of the network. You should not be tracked at the network/gateway level ever.
If ISPs 'want a shot at making money off you' then let them build a service such as a search engine, social network or maybe like Comcast is doing with Hulu. Don't give up your rights at the gateway of the web just because you have a grudge or bias against Google.
> Google has been reshaping the entire internet and web just to maximize the way they can profit off my personal information. I don't see the ISPs doing that.
Also your points about Google are rich considering you have a @gmail account in your HN profile. If they are so overpowering why do you use them and not your ISPs email system?
Since you have no issue with ISPs selling data that you are paying them to keep private, you would be fine with Google Fiber ISP also doing that? Careful what you wish for and freedoms you give up due to bias ...
Your basic complaint is that it isn't fair that you can't opt out of your ISP pilfering your traffic. But 1) you can use https-only services, 2) you can use a vpn, and 3) you can use a different ISP. You obviously have alternatives, so there's no reason I can see that your ISP being unfair.
I care a teeny bit about privacy, but I care a whole lot more about anticompetitive monopolistic practices. IMO, ISPs are absolutely guilty of those - but my point is, so is Google. I care when somebody changes the design of the entire web for their company's sole profit.
That's why I'm pointing out Google's practices, and how I think they're doing much worse things than ISPs. If you don't care about anticompetitive monopolistic practices, and only care about privacy, then I can see how you might not mind what Google is doing. But soon, Google will be doing to you what they're making impossible for the ISP to do.
Dodging questions like these to stay focused on Google only tells great amounts about bias.
- Do you want your ISP tracking you and selling your private data? Do you think that is the place of an ISP?
- Does it bother you you are PAYING your ISP and they are reselling your data as well?
- Do you trust Comcast and Verizon and like that you are paying them to sell your data when you just want to use them to get online and are ok with this?
- Since you have no issue with ISPs selling data that you are paying them to keep private, you would be fine with Google Fiber ISP also doing that?
I am against Google Fiber ISP having access that ISPs just won with bribery over innovation/product offerings that people want. This is about the level of privacy and access ISPs should have not about Google.
- The ISPs already charge too much and little of it is going towards innovations/network advancement, instead they want to be content creators and ad platforms instead of charging more to get to gigabit and beyond. ISPs need to get back to innovating on providing better/faster internet service, what they are are network providers.
- ISPs should not be involved in content/ads/selling private data as that leads to bias and throttling, we need to have a separation of power from ISPs, the network gateway to the internet, and content creators on top of the internet.
When is it a good idea to have content creators own the network outright? All that leads to is bias, preferential treatment and monopolies (furthering them).
We have made immense mistakes in 2017 allowing ISPs to sell your private data, remove privacy protections at the network level AND the removal of net neutrality.
Net neutrality makes the network provider neutral, simple as that. ISPs you pay to get access to the network which is a utility today and to keep your data private, not sell it.
You don't think ISPs inject ads/tracking into requests after the page is rendered on subsequent requests and override ad networks? [1]
> For years, Comcast and other large telecommunication companies around the world have injected javascript into your web browsing experience to serve advertisements and account notices. Their ability to do this stems from their upstream position as your Internet Service Provider (ISP). While Comcast is only currently using their javascript injection ability to serve customer account related information, the same message sending vector could be used to serve phishing expeditions, or other types of attacks. Not to mention that whoever your ISP is has access to your browsing history, your search history, your entire internet history unless you use a VPN. Some, like AT&T, even brazenly sold parts of this information for advertising profit unless you explicitly paid them not to – a pay-for-privacy scheme.
Why do you think ISPs like Comcast lobbied so hard to bribe their way into the ad/tracking market instead of winning it on the market with products people want? Do you think they did that so that to waste profits? Or to gain them?
We pay ISPs for secure and private internet access, not to also sell off our private data.
Google and Facebook are ad/marketing companies, you expect tracking and they use your data and give you a free service in exchange.
ISPs we pay for internet access and privacy, noone expects ISPs to be selling your data or would call them ad networks, though that is what they want to be and are building with this privacy law change.
> This is our web notification system, documented in RFC 6108 https://tools.ietf.org/html/rfc6108, which has been in place for many years now. It presents an overlay service message on non-TLS-based HTTP sessions. If you click the X box or otherwise acknowledge the notice it should immediately go away. If that is not the case let me know and we'll have a look at what may be happening. [2]
But ultimately no, however there may be some possibilities:
- ISP offered 'apps'. Get people to agree to an install of some monitoring app for some [insert random marketing benefit] from ISP. Maybe if you install the app you get more data cap space etc and they can monitor browser access. Further, install this in known apps or as add-ons on setup for other apps.
- ISP offered 'VPN client' that again, gives some cheaper monetary benefit like more data cap space or more speed 'free', strips out other advertising or tracking as a benefit.
- ISP offered 'email client' that does all of the above.
- Check for subsequent request after page loads to known ad networks and replace with their own in HTTPS
- ISP level proxy MITM, modem customization for 'fast lanes' that are actually slow lanes.
- DNS level data collection not to inject but to sell marketing profiles via metadata and correlate with other data from apps.
First one is the most probable but as of right now HTTPS injection is obviously hard to do if not impossible without some social or security hole.
Nobody in here would probably fall for these attempts but most would considering the outrage that they didn't know friend harvesting was happening on Facebook. If whatever they try lowers their monthly data caps or limits then majority of people will do it.
Since ISPs are your 'gateway' to the internet and you pay them, most people assume trust and privacy, most don't know they bribed their way into the tracking/ad business, many didn't know cable tv modems had mics either. With that assumption of trust since people are paying them, they'll more easily fall for any of the possible attack/tracking vectors listed and more probably.
With the ISP privacy protections removed [3], my guess is most ISPs, due to lack of competition, end up more like hotel wifi where tracking/injection is the norm [4] as it is completely legal now. With the removal of privacy protections and net neutrality, we have killed the pristine, non tracked, private gateways to the internet we cherish.
I was planning literally this month to figure out how to implement domain traffic analytics on my LAN by using SNI via libpcap or similar (something tiny).
Will I have to configure a root cert and build a full DPI proxy to make this futureproof? >_<
Well, you can use a browser that doesn't support SNI (IE8) or one that makes it configurable (I don't know if any do).
But a large amount of sites won't work without it. It's very common to run multiple sites on same ip/port. Not sure if it's technically possible to make that work without SNI or a similar technology.
DNS over HTTPS is great for the average Joe/Jane,
but if you're technical and care about dns leaks ...
I'd suggests a DNS over TLS (unbound) + filter setup.
This way your dns traffic is still encrypted,
and you retain the capability to block/proxy.
Only if you are smart enough to know the browser has its own resolver, and that you need to turn it off first. We may not be able to turn it off in the future, meaning if you want to have privacy you have to run a privacy-specific browser.
This may end up breaking traffic as Google shifts more and more of the web into its proprietary products. For example, Google owns the .DEV gTLD, and makes .DEV domains "completely closed for the sole use of Google". It may at some point buy some other gTLD (such as ".BLOG", which it was outbid for) and decide that the only way for you to access websites with domains using that gTLD is to use Google's DNS API. It may sound crazy, but if they already shut out everyone in the entire world from having a .DEV domain, this doesn't seem much crazier to me.
Let's see where this gTLD thing goes. I can probably see an ICANN or EU intervention in case of a self-mandated requirement of this kind. But, as long as the market stay healthy, more competition can't be nothing than good.
After all, DOH is mainly a technical answer to hijacks (and monitoring). Some ASes seem to have a policy on that... Once it's ready, if it's enforced, you'll have a way to provide a custom resolver you control.
I logged my own traffic for a while in order to have an insight about this.
It came out that in a world of reverse proxies, ddos protection and large tech conglomerates, reverse dns is not a big deal (depends on you behaviour too, smaller websites with a dedicated IP are easier to catch).
But traffic analysis may be a big deal, and the risk of this kind of exposure is not something you can evaluate by yourself. Mix networks are a mitigation.
On https sites there's not a lot ISPs can track without breaking encryption. With shared IPs they may not even know the domain for certain (although as IPv6 takes off it will be easier to map IP to domain).
They can make a fair guess at which websites you're accessing. A lot of websites that are related to your particular interests aren't behind shared IP addresses these days.
Consider this:
* Build a list of domains you're interested in. There's fun community build blocking lists that can help you, if you need it.
* Periodically resolve every domain. Odds are if you're an ISP your servers already have the records cached, but it isn't too hard to resolve them all.
* Dynamically adjust your routing to specifically re-route those IP addresses to your special infrastructure (or maybe null route it if you want to block access)
* Use your special infrastructure to build up whatever profile you want about the source IP address, which of course being an ISP you'll be able to link directly to a user. Your end user won't even know.
You'll know when they access sites, be able to build up patterns of websites they access, in which order, and spot variations in that pattern.
There's a lot you can infer from metadata without decrypting the traffic. Everything from which domains you access, ports used for the communication, what order, and what sort of size the payloads are. You could identify that someone has an email account they only access after visiting, say, the Ashley Madison website. By tracking the size of communication on that is being sent to figure out if someone is sending dick picks or some such, or if it's likely just plain text.
They can track DNS lookups though. I use DNSCrypt to proxy all that traffic through elsewhere. But that just means I'm trusting some other third party to not log my DNS queries.
I use dnscrypt also, figuring that even though that puts my browsing traffic in another persons hands, they can’t easily correlate it with my address, phone number, name, etc etc
Very few ISPs can track you no matter where you physically go, as your mobile, home, and work ISPs are likely all different. And ISPs are regional, none carry the level of threat of Facebook or Google.
Of course, when states tried to reintroduce privacy protections... That covered ISPs and tech companies alike... Big tech stepped in and opposed. They weren't interested in protecting users, they just didn't want the competition.
> Very few ISPs can track you no matter where you physically go, as your mobile, home, and work ISPs are likely all different.
There's a lot of consolidation happening in that space. Verizon offers FiOS and phone service. Comcast is getting into the mobile game. That aside, any device by itself is enough to get a picture of the user using only tracing IP addresses (i.e. DNS lookups and outbound requests). They don't need to stitch together your mobile and home connections. It's enough to have two profiles on you when you're using each one.
Google also has Fiber and Fi, but in reality, I think the likelihood any given user has land and mobile access through the same company is relatively low, and you usually have the option to switch at least one of them.
AT&T is probably the biggest player in succeeding at being the ISP for you everywhere though.
I doubt it's _that_ uncommon in the UK -- most of the mobile providers offer home broadband services, often at a discount for mobile subscribers. Struggling to find specific/up-to-date numbers, but e.g. Vodafone have >300,000 home broadband customers (which is not an insignificant amount) and EE have around 900,000. I'd imagine a fair percentage of those are also mobile subscribers.
> Very few ISPs can track you no matter where you physically go, as your mobile, home, and work ISPs are likely all different. And ISPs are regional, none carry the level of threat of Facebook or Google.
True, all tracking/privacy issues are bad but you can still route around Google/Facebook with simple things even such as hosts file loopbacks, browser extensions, using Firefox instead of Chrome and using different search/social networks.
Google and Facebook are blockable, ISPs can never be blocked.
Even with a VPN you are still going through an ISP gateway with that encrypted traffic and performing DNS lookups. This will lead to throttled bandwidth, can Google and Facebook throttle you down? Facebook/Google/etc have zero control over you if you want, ISPs always got your information.
ISPs can also track entire companies now, Facebook and Google do it by individual but ISPs capture everything, you always have to connect to an ISP.
The privacy overreach by ISPs is immense due to not being able to choose to be tracked, and they are lower on the service level as they are the base entry to the web.
ISPs are your entry/gateway to the internet and now track you and can sell your data, Facebook/Google ride on top of that. ISPs could also crush others tracking, replace ads in place of other networks which was in the bill, and will squash any small/medium advertising networks outright.
ISP tracking and privacy overreaches are definitely the biggest encroachment on internet freedom ever and much more of a problem than destination/apps built on it that you have to go to or can route around.
ISPs also bought/bribed their way into this monopoly reach, they did not earn it with providing products people desire, they have local monopolies with false competition that lessen the ability of people to change providers.
I think you'd be surprised how much more similar Google is to these things. They absolutely bought and bribes their way into their monopoly reach, by paying to be the default on everyone's browsers, having other software bake Google Toolbar into their install wizards (later replaced by Chrome), etc.
Also, given the HTTPS Everywhere push (mostly led by Google), usually only sites like Google and Facebook get to see your traffic, ISPs get cut out of most of the deal.
And for most people, Google or Facebook is, in fact, their gateway to the Internet: They get everywhere they go through one of these two captive environments.
Finally, telecoms are already subject to significant regulation, even with the recently repealed privacy rule, no, ISPs can't just go selling your search history, marketing by certain political groups to the contrary. (Whereas Google and Facebook both, effectively, can.) Meanwhile, tech companies have operated with little to no regulation at all, and unlike telecoms, which have a whole federal agency dedicated to regulating them, tech companies' reach isn't restrained by much outside of the FTC, which isn't even fully staffed, and definitely isn't doing their jobs.
Any big company has to lobby a bit but the ISPs only do that and do have local monopolies with false competition so you can't really choose another competitor in many places. ISPs haven't built any market products people want to use that they will willingly give up their data for.
Google and Facebook are ad networks that tracking is inherent because they are free and they make their money from ads.
ISPs are for internet access and privacy, you pay them so they don't sell your data. Now they want to be Google/Facebook without building a search engine or social network. They bought their monopoly with bribes so they could become ad networks/tracking networks. People have the expectation that their data isn't being sold by their ISP currently, but they are and it is fully legal now.
Google and Facebook aside, do you want your ISP tracking you and selling your private data?
Google and ISPs both have monopolies, but ISPs have local monopolies and Google has global monopolies. In 2017, Google wasn't just "a" lobbyist, they were "the biggest" lobbyist, dwarfing any ISP's.
When you say "Google and Facebook aside", it feels like you are literally missing the entire point... You have an elephant in your sinking boat, and you're worried about the weight of the dog.
We know that the companies are big and possibly seen as monopolies, the question was still unanswered though.
Do you want your ISP tracking you and selling your private data? Do you think that is the place of an ISP?
If you do like your ISP tracking and selling your private data, we'll have to agree to disagree. I think there is no place for ISPs to be evading privacy and selling your data. It isn't about competition.
I expect tracking from free services I am not paying for that my data is the product. I expect tracking from companies that make their money from ad/marketing to do that.
I do not expect tracking and privacy invasions from my ISP, my front door to the internet.
My ISP is also not a small dog, it is a massive media company and a monopoly in addition to my provider. At least with Google/Facebook you can use DuckDuckGo/bing/etc or other social networks and block Google/Facebook if desired.
I can't route around my ISP, there is no local competition and what competition there is amounts to false competition. From the FCCs own data, most people only have 1 or maybe 2 real competitive ISPs in their area and virtually no competition at 100Mbps, zero options for gigabit [1].
I can easily walk around Google and Facebook and block them, my ISP is a big big mean dog because I am paying for my privacy invasion, services that run on the internet are corgis and they are free but fun to play so they attracted people's data by providing something people want. They do both lobby but that is primarily because ISPs and others do so heavily and you must compete at that level or lose.
> FCC report finds almost no broadband competition at 100Mbps speeds [1]
> Even at 25Mbps, 43 percent of the US had zero ISPs or just one. [1]
It's funny that you link Jon Brodkin, because I was going to point out all of what gave you this erroneous impression was from a select handful of media properties which have incredibly close ties with Google...
You ignored that Google and Facebook are also the front door to the Internet, and that you cannot evade their privacy violations by just "not using them". You've also continued to not address that Google is a much larger monopoly than any company you're upset about. Adding all of the ISPs together would not even approach the scale of threat provided by Google, in money or reach.
You've seemed to decide that violating your privacy and security is okay for some companies and not others without really a reasonable distinction how. Especially given that Google and Facebook are both media companies (and ISPs), and so are Comcast and Verizon.
- Do you want your ISP tracking you and selling your private data? Do you think that is the place of an ISP?
- Does it bother you you are PAYING your ISP and they are reselling your data as well?
- Do you trust Comcast and Verizon and like that you are paying them to sell your data when you just want to use them to get online and are ok with this?
It is funny you keep evading those important questions and flipping back to Facebook/Google. Just want to get you on record on the ISP question. I have already stated all are powerful and there is an expectation of tracking from advertising companies like Google/Facebook, that was not possible until the ISP privacy bill that removed privacy protections.
Also that data from broadband numbers is DIRECTLY from the FCC report the FCC created, it is just summarized on ars, does the FCC have a Google bias?[1].
The fact that you supposedly know the guys bias and associate it with Google is probably a hint of bias on your side. Maybe you just like ISPs selling your private data while paying for the service.
> You've seemed to decide that violating your privacy and security is okay for some companies and not others without really a reasonable distinction how.
I believe I explained this clearly multiple times. ISPs are literally the definitely of a 'gateway' or doorway to the internet. Facebook/Google are built on top of it and yes you can route around them or block them easily with host loopback or at firewall/routers etc, there are competitors to those apps, not so much with network gateways/ISPs [1]. Is the EFF also in Google's bias? [2]
You've seemed to decide that violating your privacy and security is okay for ISPs who previously were not able to but lobbied to have those privacy protections removed without answering whether you think that they should.
I don't believe any ISP should have access to your private data nor sell it, especially because you are paying for it. I say the same for Google Fiber and and Facebook ISP overseas if they have them. ISPs SHOULD NOT be accessing private data and selling it, they are the gateway to the internet and that is TOO MUCH POWER. If ISPs want advertising networks or tracking, build a search engine or a social network or like Comcast has in Hulu, or buy one. Only track on a destination site that I can CHOOSE NOT to use that doesn't double as my entry to the web, that has way more monopolistic tendencies in terms of control of your data.
But the ISP does not follow me from device to device, doesn't (for home providers, anyway) correlate me with location info, and generally knows far less about me.
I'd rather Comcast didn't touch my data, but no, in the end I would trust them with it far more than I would trust Google or Facebook.
I've been forwarding all outgoing connections on port 80 (and a selection of other commonly-unencrypted ports) through a VPN (in the router) for a while now - but leaving all other ports (including most importantly 443) connecting directly.
It feels like a good compromise between privacy and speed.
Latency through the VPN is worse. It's not super-worse, but it is worse.
> You’re currently leaking a ton of data via DNS and HTTP certs, aren’t you?
I'm putting DNS through the VPN as well, so no.
But HTTPS certs - yes I am. It's a compromise.
> You are indeed protected against active content injection, but that’s rarely the problem with a for-pay ISP
This is literally one of the specific problems I was trying to avoid. My ISP is Comcast (the only choice where I live) and they routinely practice HTTP injection: https://gist.github.com/ryankearney/4146814
It's not just injection, though. With plain HTTP Comcast gets to see the contents of every page I visit, if they want to. And I do not want them to.
I built this setup a little while back and am very happy with the results. It took only a few hours on a Saturday and most of it was playing with settings for fun.
Dang, I suspected it from the description of what you were doing because pfsense is so awesome for that kind of stuff.
Just thinking from the perspective of remote support, I can't really walk my folks through a pfsense setup over the phone if there is a hardware failure... :/
I love Merlin, too.
The best deal for budget users is to get the AC1900 but as the T-Mobile version. It can be found for about $60 and and you'll need a few hours to flash the Merlin software over the TMobile firmware.
Best router I've ever had, and I run it with a PiHole on a Pi 3.
Has anybody actually seen an ISP tracking user behavior? I've worked for a few 1998-2005 and never witnessed it.. however I wouldn't be surprised if they had transformed in the years since. Just curious if anyone has ever leaked info about such a program.
To be honest all a VPN does is add another layer of protection. It's not that secure because they can be subpoenaed or NSL'ed into giving data over, which is why a VPN's log policy is important to pay attention to. So in reality, you are mostly just trying to not reveal traffic to your ISP which the various LEA's can get access to far too easily (read: without a warrant).
For those really serious about privacy that's why I think actually owning a colo space where you own and control the hardware can be a preferable solution. For those who don't like that try setting up your own VPN on a VPS, etc.
One of the key things most people miss is DNS. I personally also suggest running your own DNS server, even if just a local dnsmasq that's outgoing to opendns or internic or something.
One more thing most people don't think about is attackers pivoting from other compromised devices on the internal network. If you think that Amazon/Apple/Microsoft etc device isn't sending checks out on the local network and then reporting back stuff like internal IP topology and MAC addresses you got another thing comin. Check your iptables or nftables (bpf?) and block internal hosts you know don't need access.
I'm in UK where the law requires all ISPs to store everyone's browsing history for a year - I browse the web exclusively over VPN and yes, I trust my VPN provider 100x more than I trust the British Government.
Your ISP is a near-monopoly with vast wealth and political connections, and no trust to lose. A VPN is used by a much smaller group of people who will ditch them en masse if any hanky panky comes to light. There is a ton of competition in the VPN space, and they’re mostly selling the same product, so if they lose trust, they’re done.
Private Internet Access is a common one but there are many. Torrent Freak always has the latest and any encroachments as torrent users are usually the most adamant about privacy.
Personally I've settled on ExpressVPN, largely because about 50% of their endpoints work with Netflix. They are also very popular, meaning more protection of anonymity, and I have never seen any evidence to counter their claim that they don't keep logs.
As a bonus their software works very well, better than most generic VPN clients.
I previously was using my own private VPN servers set up with Streisand, but those provide no anonymity, only masking of the endpoint.
Not outright but they definitely mess with VPNs. Before net neutrality Cox for instance blocked VPNs quite a bit [1], they are holding off for now, but with net neutrality gone expect it to return. Now that they have to inspect traffic for slow lanes, they'll just put VPNs throttled down at a minimum.
> 2003—Cox and Comcast block VPNs: Back in the early internet, both Comcast and Cox Communications placed bans on Virtual Private Networks (VPNs). This was before VPNs became as ubiquitous as they are now. Back then, the only people who really used VPNs were doing so to access a work computer remotely. Which made Cox and Comcast’s choices to block them even weirder.
Thanks for bringing this up. ISPs are huge dick-heads, and they track the shit out of their users, including censoring some content themselves.
What are some ways to prevent all the tracking? I get HTTPS makes things better in terms of confidentiality, but it does nothing to prevent the ISPs from scraping the URLs, which exposes scary amount of information, too.
Behind an untrustworthy ISP to boot? Might want to consider a hosting company that has servers around the world at that point... One in the USA for initial contact and one in the other side of the world for browsing maybe? Or what everyone else will see as your IP.
Why use paid privacy-by-policy systems (VPN) when you can use free privacy-by-design systems like Tor and i2p? In fact, even if you use a VPN browser fingerprinting is still an issue unless you use something like the Tor Browser.
two reasons: speed and security. Speed is self explanatory, security may not be obvious. I don’t believe Firefox to be on par with Chrome. It was years behind getting a sandbox, and doesn’t appear to have the engineering or QA focus on security that Edge/Chrome do.
> I don’t believe Firefox to be on par with Chrome.
You need to know that the Tor Browser disables a lot of stuff that Firefox has to lower the attack surface, and you can lock it down further using the Security Settings in the Torbutton.
Also you should look into a Whonix+Qubes OS setup, just because there's a sandbox doesn't mean you can't get hacked.
For speed: It's not really that bad for general browsing.
If we’re talking about privacy of tor vs VPN, I want my entire network protected at the gateway, so not sure how the tor network keeps up with streaming video etc?
I wasn’t aware of the attack surface reduction, I’ll take a look at that, thanks for the recommendation.
My ground truth for this is usually to ask full-time exploit dev friends which is a harder target, although that’s probably flawed in that if you’re targeted by someone determined it probably doesn’t matter the cost.
> I want my entire network protected at the gateway, so not sure how the tor network keeps up with streaming video etc?
With Qubes you can have a Whonix-ws VM have all its traffic go through Tor, and have another VM with all its traffic through some VPN to use with streaming.
What about my TV, my phone, my iPad? The way I see it the only workable solution to privacy against my ISP is to do it all at the gateway. And in that instance, I need ~50mbit which tor can’t provide.
For iOS there's Onion Browser by Mike Tigas, but it's definitely NOT as privacy resistant as a Tor Browser. For Android there's Orfox and official Tor Browser builds for Android are coming this year.
In Germany a friend asked the ISP's "data protection commissioner" (Datenschutzbeauftragter;) if he could regularly get a new IP address for privacy reasons. He did received answer saying: "this will not help you"
I suppose I can ask all my contacts to remove my details from their address books on their phones. Do not email me from gmail, Tag me should they ever take pictures of me. But that is all besides the point. We _should_ not have to jump through hoops to keep them from spying on me. Besides, _most_ people do not even know how clear the browser cache, let alone running scripts or modify their host files with every changing DNS entries.
No. Which company is more powerful with your information? That little ISP who has no real use of it, or Google, the most powerful ad agency with ties to American agencies in the world?
You may be able to bypass Google but almost everybody else won't.
Those little ISPs like Comcast, Verizon, Cox, AT&T etc. I can't imagine those small companies would want your data or want to use it after bribing politicians to get the right to do it.
Everyone knows Google tracks you, same with Facebook. They offer a service and people understand that. You aren't paying you are the product.
You are paying your ISP for access to the internet and privacy, or at least that used to be a selling point. You are paying AND you are the product and they have competitive services they want you to use so they'll mess with competitors. Your entry to the internet should be objective and independent, what you use on top of that is up to you. You can still route around Google and Facebook, you simply cannot route around your ISP.
No they don't. Maybe in a superficial sense, but the vast majority of the public doesn't have any clue how data can be combined and mined to reveal far more than they thought they were bargaining for.
Otherwise there would be no sudden Facebook scandal.
The scandal is that third party companies like Cambridge Analytica harvested the whole social graph and used it to manipulate people.
People know that Google and Facebook track as they are ultimately ad companies, and if you get a free service people know that your data is the product.
We pay for ISPs to protect privacy, not sell it off, that is the big difference.
Many people have seen Facebook tracking from the marketing/business or even small group/page side with their analytics and Facebook is known for their ads and sponsored content. Facebook is a marketing platform, everyone knows they use your data. ISPs are what you use to get online, not known as marketing companies that have ad networks, though they want to be.
I'd like to expand this because I don't see it written much, and please correct me if I misunderstand:
The scandal is that FB sold or allowed the ability for third party companies like Cambridge Analytica to harvest the whole social graph and FB sold or allowed the ability for them to use that same data on FB to target and manipulate people.
It is nuanced a bit so some background: Cambridge Analytica did violate Facebook terms of service as that wasn't truly allowed to pull down the whole social graph, but the protections against pulling friend data without their knowledge in the Facebook OpenGraph APIs weren't truly in until v2 around 2013-2014.
I know this because we used to do lots of Facebook apps/games and back then, once someone gave you access to their information, you could get all their friends and all their information and recursively pull down most of the social graph for public information. Most games were just using it for friend names, if they played the games, invites and competing with friends but there were bad apple apps out there harvesting it all down. The facebook app revolution was partly due to the data element and was open for many years.
It always surprised me how much data could be pulled, it is part of the reason Zynga was so effective as well and attracted some oligarch money. Part of the reason Facebook started locking it down is game/apps were getting more adept at pulling all data and Facebook was scared someone would become a social graph competitor, so they locked it down mainly for their own needs not really privacy.
Who knows if Cambridge Analytica had extra access beyond that to get to profiles that weren't public, but most profiles were public by default back then and people only put information online that they wanted to share publicly without as much expectation of privacy. Over time people for some reason started to trust that Facebook was protecting their data but still had the friend permissions access hole.
Back in the late 90s and early 00s people were very against sharing any real info on the web with sites previous to and like Facebook, it slowly changed as the appearance of privacy was added but truly it was still wide open if even one of your friends gave access to the app until Facebook v2 OpenGraph. With the OpenGraph v2 friend lockdown changes, you could only get a friend ref id only available to your one app that wasn't their actual facebook id and was different per app, and you could send them an invite but not pull their data until they agreed which it should have been all along.
After that change it was an era of tons of invites on Facebook and companies like Zynga threatened to leave and did try to build their own, it also shut down many Facebook game companies that could no longer get the numbers, many moved to mobile that was still wide open. Zynga was given special privileges by Facebook for a while due to this where others didn't have that access, others may have also had those special privileges. Facebook transition to mobile took a long time and some people even thought Facebook wouldn't be able to make the leap. At that time, the app/game companies on Facebook considered it Facebook killing the viral nature of some of those apps/games which was ultimately good. It was a huge mistake for Facebook not to separate app/gaming from your personal info and friends but that was the product then, they should have allowed people to setup app/gaming profiles that other app/gamer users could friend each other and not pollute your main friends list and pull all your social graph data. Games were a bit of a trojan into your social graph due to the setup back then.
It is possible that Cambridge Analytica had other access to non public data but as I mentioned, most data was public by default then and in a way CA was late to the game, many companies probably had people internally that could pull it down and possibly even from data centers, Facebook eventually built their own data centers. Then there is the whole side where the NSA had any access they wanted or needed as well to both public and private data, who knows if that was exploited or not. Cambridge Analytica used their data for nefarious purposes against the ToS of Facebook but that was bound to happen because it was the move fast days and security was an afterthought. In theory you could still have a network of apps that combine to get people to give you access to their data and friends approve it as well but most of that has moved to mobile rather than facebook apps as that is easier on mobile now and people moved there including Facebook themselves.
Really this whole adventure was spurred by the Web 2.0 era that people were being social and sharing more online and it was democracy online, more public, previous to that it was very limited. Web 2.0 launched this site, reddit, Facebook, Google social products, comment systems etc. So I think there was a temporary time where it was the Wild West of data mining and people sharing more than they should with the expectation of privacy because Facebook was a walled garden and people thought it made their data safer. Turns out that was not the case if they didn't specifically mark it private.
Many of these issues still affect mobile but that is getting better, however the Facebook apps probably pull more from mobile to build the social graph than they ever could on the web including calls, audio and other things that mobile allows you to do as it is native and not sandboxed like the web. Sandboxing via web browsers was huge back in the day because people were so worried about their private data and hacking, that went away for a while, Web 2.0 happened, mobile happened, data was misused, now it will tighten to more private/permissions again and has been for the last few years. Ultimately people knowing that data you put online or when you use apps isn't private is probably a good thing as the good that will come of all this. We might get to a right to your own data Bill of Rights amendment or similar one day.
Ultimately Facebook was not necessarily nefarious in this, companies like Cambridge Analytica that exploited Web 2.0/mobile and social networks to use that data against you, rather than just serve up ads, is where things went too far and thus the backlash. Facebook since v2 OpenGraph has been privacy/security conscious both for them to protect the social graph data and to create trust in users.
Now ISPs are getting in the game with removing privacy protections with their new law and they don't care about consumer trust as much, that is the scary one.
Wow! Clearly nuanced, this is a fantastic answer, I did not expect a worthwhile reply, let alone such a great synopsis. Thank you for typing it out. This quality dialogue is why I, and so many others frequent this forum! It's definately not an either or situation, and I hate how our regulators have, for about a half century now, sold out to the ISP/Telco mafia, which enables their continually shitty operations and service while holding on to their anti-competitive market positions. AT&T figured out quite long ago that excelling at cronyism was their most effective long-term business model. I am worried the tech giants will embrace regulation and skate the same path.
> You just download the Tor Browser. Already pre-configured.
Isn't Tor Browser fairly bad due to it being a target? I'm not sure if that changed recently, but I recall seeing lots of "don't use the Tor Browser bundle".
Tor also relies on exit nodes to exist, yet it's considered very dangerous to run one.
> Isn't Tor Browser fairly bad due to it being a target? I'm not sure if that changed recently, but I recall seeing lots of "don't use the Tor Browser bundle"
Just FUD.
> Tor also relies on exit nodes to exist, yet it's considered very dangerous to run one.
It's dangerous in some places to run an exit, not everywhere.
> No. Which company is more powerful with your information? That little ISP who has no real use of it, or Google, the most powerful ad agency with ties to American agencies in the world?
Not to be rude, but you clearly don't work in advertising or know much about it.
The major ISPs already create profiles on users & sell them to agencies & the like for physiographic profiles.
This is why Verizon's "Super-Cookie" -- not really a cookie, but a forced modification of all HTTP headers by the ISP to enable universal tracking of their users -- was all about.
I would say “that giant ISP corporation who had enough power to lobby the government into changing laws so they can get access to your browsing history to sell”
I know Google is profiling me and harvesting my data. But it's not using me to harvest my friends information.
I know Google is targeting ads at me - and they maybe AB tested. But those ads are from real companies or organisations - they aren't fake bots or astroturf groups algorithmically designed to tell me what I want to hear.
I'm sceptically watchful of Google, I feel I have a social contract with them where they use me and I use them. I think Facebook has way overstepped that mark.
I sure as hell don't think my Grandma or Dad would have realized that Google's dark pattern[1] "opt-out" dialogs asking if they want to "make Android better" actually were asking for permission to send their location on a minute-by-minute basis to Google. How do you think Google populates their "Popular Times" card on search results?[2] Do you believe that even a simple majority of people going to a hospital, say, for some embarassing infection or a psych eval realize that the fact that they are there is going to be stored permanently on a Google server?
Google for me is the company that epitomizes the idea of false consent justifying near-unlimited data collection and permanent retention. If the man on the street is not aware of what he's agreeing to when he buys an Android phone in a meaningful sense, it is not consent in any meaningful sense.
We as people in tech might be aware. We might even be fashionably cynical in trying to rationalize our awareness of Google's tricks as a "social contract." But with knowledge comes responsibility.
C'mon... Google maps will ask me turn my GPS every damn time I use it; no way "to remember this choice", but if I activated it, it is super happy to remember it.
> those ads are from real companies or organisations - they aren't fake bots or astroturf groups algorithmically designed to tell me what I want to hear.
How do you know this? As far as we know Google was also used to spread misinformation by Russian entities in the elections [1]. Correct me if I'm wrong, but Google invented targeted advertising. Hell, this is the company that boasted about A/B testing shades of blue to earn themselves $200m [2].
Sidenote: Google doesn't have access to your social information or what you "like", which was the reason behind Google+ and the big push to integrate it with Gmail and Youtube. The fact Google failed to get the same breath of social and preference information Facebook has doesn't mean they're more concerned with privacy, it just means they were late to the game and failed.
Google is more zealous about keeping its data to its own though.
I'm in the UK not US so I'm n to totally sure what sort of fake news US electors get.
However during Brexit and UK elections I get political ads and memes via FB. Google don't push that stuff at me.
Google if it (rarely) pushes politics at me pushes links from political parties or identifiable campaign groups. So if it is lies or fake then I and others can hold them to account.
FB often seems to be pushing fake stories - sometime started by fake users - actually started by who knows who. So Propaganda can't be held to account.
Actually I think Twitter problems are more similar to FB - except they maybe lack the deep profiling of social networks that FB have.
> But it's not using me to harvest my friends information.
That just isn't true. Google has several products that involve a social graph, including Gmail, contacts, chat, and pretty much anything that allows sharing.
>I know Google is profiling me and harvesting my data. But it's not using me to harvest my friends information.
But is it not though?
Because it analyzes any emails I send to your gmail account, and any SMS messages I send to your android phone. Google will argue about data vs metadata, but really it's all just data, and it's as much about me as it is you. I don't know if Google pioneered shadow profiling, but they certainly perfected it.
My room mate got a pair of home mini's over my explicit objections. He insisted that they send "bytes per hour tops" back to google when idle, and that I was just paranoid for hating them. I did some network inspection to validate that for myself.
They pretty much ceaselessly probe my network, mostly with multicast traffic, and are uploading something in the area of hundreds of kilobytes per minute when idle. I can't tell what they're uploading because they're using secure connections (presumably with pinned certificates, although I haven't checked), but if I were to baselessly speculate, I would guess they are discovering, logging and reporting the comings and goings of android phones on my network so google can follow people as they move from one home to another, possibly mapping IP's to locations.
Now for sure, I'm a lot further down the tinfoil scale than most people, but I disagree with you. As someone who actively works to avoid google, my friends sure do keep inflicting it on me.
Not necessarily. Address book access rights on Android and iOS are a gray area. I don’t have control over whether you hand over my contact info to whoever you want. So are incoming emails from outside Gmail, and a bunch of other things. So is tracking of accounts that aren’t even logged into anything, and demographic inference on top of that, etc, etc. I mean we are literally talking about a company that tracks the entirety of the web, and has an overwhelming share of people’s email, search, and video history. You’d have to be unbelievably naive to think that this information can’t be abused.
That’s not to say Google currently abuses it, but some of the ads stuff is way into the gray area territory imo, and god help us all if they decide to get evil for real.
Doesn't this also apply to Facebook? Maybe you could argue it's not current data, but at some point Facebook reached ubiquity, and collected enough data to make sophisticated inferences about everyone.
> I feel I have a social contract with them where they use me and I use them.
Right -- Google tracks you to target ads, but that's about it, and in exchange, they make useful things like search and Gmail. Facebook tracks you to target ads, but all they make is a website designed to keep you clicking and staring as long as possible. They have somewhere between zero and negative value to their users.
Disclaimer: I work for Google and these views are only my opinion, etc.
From my perspective, Google's goals are aligned with improving the world by offering information services. Search, Gmail, Maps, Translate, basically all of the Other Bets, etc.--it's easy to imagine that the people behind them are more concerned with impact on the world than on generating profit or consolidating Google's power.
To me, Facebook has no such world-improving aspirations. The extent to which I'm aware of Facebook's attempt to improve the world was the initiative to bring free internet to India, which was perceived as a play to lock more people into Facebook. Plus, I keep seeing studies of how increased Facebook usage correlates negatively with peoples' moods, so Zuckerberg's evident goal of "get everyone on Earth on Facebook" feels gross.
Things obviously aren't just this black and white, and both companies collect user data in order to generate buckets of advertising wealth (which, if you find disagreeable, probably biases you against both companies), but from a personal perspective, I'm quite happy working for Google while I don't think you could pay me enough to work for Facebook.
Come on. It’s getting kind of ridiculous how many Google employees are showing up in these discussions saying “oh, if you work at Facebook, you’re horrible! but people at Google are really trying to make the world a better place.”
I turned down a job offer from Facebook because after a lot of thought I decided I couldn’t work at such a company. I didn’t even apply to Google because Google’s attitude towards privacy and data collection is just insane. Does the average person with an Android phone really know their location is being uploaded minute by minute to Google? Was asking if they want to “make Android better” really a good faith effort to obtain consent?
> From my perspective, Google's goals are aligned with improving the world by offering information services. Search, Gmail, Maps, Translate, basically all of the Other Bets, etc.--it's easy to imagine that the people behind them are more concerned with impact on the world than on generating profit or consolidating Google's power.
> To me, Facebook has no such world-improving aspirations.
Again, come on. Clearly most Facebook employees and most Google employees are not evil moustache-twirling sociopaths. As grating as it can sound, Facebook’s stated goal of “connecting the world” is at least as valuable as “offering information services,” your idealized version of Google’s goal.
Let’s be realistic. I don’t think people should work at Google or Facebook, but I know that there are lots of factors that can go into choosing where to work, so I am hesitant to publicly say “haha, you couldn’t pay me enough to work at Facebook/Google!”
Seeing Google employees saying exactly that about Facebook is just laughable.
> Does the average person with an Android phone really know their location is being uploaded minute by minute to Google?
It doesn't seem like you have any idea how Google actually captures user's location data. Not only does Google give you the full ability to control and delete your location data [1] but the data collection is not on by default (though applications like Maps will prompt for it) and the data is always anonymized when used and most importantly the data is never shared with commercial third parties (though I believe Google may make anonymized data available to researchers whose projects pass certain ethical checks).
This data is used to drive projects like Maps and 'Popular Times' and real-time directions that people really, really like.
So while you seem to want to paint Google as manipulating people to harvest their data and sell it to the highest bidder (what Facebook basically does) nothing could be further from the truth. Facts matter.
I would personally say when it comes to handling user data Google is probably the most ethical and rigorous company in the world. I can't think of any other company that goes to such great lengths to protect user data as much as Goog does. It's been remarked many times that your data stored in Google's network is more secure than your data stored in NSA's network. Certainly you'll never see anything like private employees tracking their spouses using Google's data [2].
And here's the thing: Facebook is also pretty damn secure when it comes to user's data. Obviously they fucked up with their API but again I think a sober review of most American tech companies will show Facebook doing more to protect user data. You should be much more concerned with many of the fly-by-night websites that pump out fake news or sell cheap Chinese goods to people who don't know better. In fact it's these websites whose sole purpose is to suck up user data for profit.
The real point here of course is that while it may feel good to bash Google and Facebook it is not the best use of energy. What the US needs is what the EU is doing: real privacy regulation with real teeth that applies to any organization whose site serves American citizens.
But somehow I don't see that happening any time soon, right?
Google collects your location by default. I know so because I bought an Android phone just this month. Here is the setup screen, shown with default settings. [1]
Google encourages developers to use the Play Services SDK for location services. This means that it is impossible to provide your location to just one app (say, Lyft) without also providing it to Google. [2]
You can disable location services and Google will still find ways to monitor your location. For example, if you use gmail, Google will read any flight and hotel confirmations emails. It does this by default. [3] Install Google Trips and it will show you a list of every city you've been in.
They collect your location so much they even find ways to do it by accident. [4]
> I can't think of any other company that goes to such great lengths to protect user data as much as Goog does
Better protection is to not collect it in the first place.
For example, Apple Maps doesn't have a sign-in, and its server requests are associated with randomized rotating IDs, not your user account. Directions are broken up into multiple segments with different identifiers so that Apple can't reconstruct your trip.
> Certainly you'll never see anything like private employees tracking their spouses using Google's data
> Google encourages developers to use the Play Services SDK for location services. This means that it is impossible to provide your location to just one app (say, Lyft) without also providing it to Google. [2]
This is a straight up lie. Yes, Google encourages fused location because it provides better experience (it bootstraps location via cell towers / bluetooth / wifi which requires data from Google servers). However it does NOT make it "impossible" to directly request data from location services on the phone which DOES NOT go through Google servers.
Please don't lie.
> For example, Apple Maps doesn't have a sign-in, and its server requests are associated with randomized rotating IDs, not your user account. Directions are broken up into multiple segments with different identifiers so that Apple can't reconstruct your trip.
Apple location services use pretty much the exact same system to provide fused location - they still call back to Apple servers to request information about your neighbouring wifis / cell towers which leaks your location to their cloud as well. Plus, Apple will sell out iCloud data of their customers to Chinese government (which makes me wonder if they're selling it out to NSA as well).
>However it does NOT make it "impossible" to directly request data from location services on the phone which DOES NOT go through Google servers. Please don't lie.
Can a Lyft user disable fused location and force Lyft to request location data directly without going through Google? I'm not an Android user so this is not a rhetorical question.
By the way, "lying" is to _knowingly_ make a false statement.
but the data collection is not on by default (though applications like Maps will prompt for it)
No and no. Not only is the data collection on by default, even if you turn it off some Google apps (e.g. Maps) just don't give a damn.
I recently updated Google Maps on my Android phone (a move I regret). A couple days later I went into town. I checked my phone after I was back home and it suggested I leave reviews for the stores I visited (it listed them). That creeped the heck out of me.
I agree regulations are the best long-term solution. I think we probably agree on a lot of things regarding this issue. But I am disappointed to see the same equivocation regarding Google’s data collection.
> So while you seem to want to paint Google as manipulating people to harvest their data and sell it to the highest bidder (what Facebook basically does) nothing could be further from the truth. Facts matter.
The fact is that last winter, when reinstalling Android, I realized my phone was uploading location data to Google constantly as soon as I had clicked the misleadingly labeled “help make Android/Google Maps better” button. Curious, I decided to ask my friends and family if they knew about this—none did.
Google does ask for “permission” in the sense that it shows a misleading dialog box where the default option (visually indicated—see the Dark Patterns website for examples of this tactic) is to share everything. This is not a good faith effort to ask for consent: that is the empirical, objective truth, no matter what good intentions you might hope to ascribe to Google. Again, I invite you to see if a majority of normal people know what they are agreeing to when they set up their Android phones.
> Not only does Google give you the full ability to control and delete your location data [1] but the data collection is not on by default (though applications like Maps will prompt for it) and the data is always anonymized when used and most importantly the data is never shared with commercial third parties (though I believe Google may make anonymized data available to researchers whose projects pass certain ethical checks)
Whether data is shared with third parties is a good point, but this isn’t really meaningful when “Google” encompasses search, maps, phones, video, office software, etc. But it’s noteworth my friends at Facebook told me the exact same things about Facebook’s policies towards data—researchers need to go through approved processes there, too—it’s just that here those processes approved someone who was actually not ethical at all.
Facts matter, and to paraphrase you, although it may feel good to think that Facebook is worse than Google (and correspondingly that it’s ok to work at one but not the other), we need to look at what companies actually do, not what we think they believe they are doing.
Also, it seems you think that my claim about the average person not being aware of the extent of Google’s data collection is false. This is what I concluded after asking the people close to me, most who are not in technology. I invite you to actually go out and ask people before claiming otherwise about the results of what is well-acknowledged as a dark pattern.
A lot of people seem to default to a really cynical view of tech businesses. I share this same same sentiment with the parent comment where I feel like Google "has my back" and I know for certain there products do make my life easier. This guilty until proven innocent attitude that many people hold is getting kinda old.
Giving them your data is the price you pay for their service. If this doesn't seem fair to you then find an alternative. Enough of this scary business.
Maybe with the Equifax and Cambridge analytica incidents the broader public will start thinking about privacy more seriously. And in turn companies may start pushing privacy assurances as selling points. (Just reaching for a bit of optimism in these unnerving circumstances, I don't like it either)
>I share this same same sentiment with the parent comment where I feel like Google "has my back" and I know for certain there products do make my life easier.
I've never understood how people can have such a religious-like faith in a corporation they have never seen the inside of and in which they know not a single person who works there. Gullibility perhaps?
>This guilty until proven innocent attitude that many people hold is getting kinda old.
Do you care at all about security? Because that is the fundamental assumption behind taking any security precaution whatsoever in life, whether it's putting a lock on your door or not trusting a faceless corporation with billions of the most detailed psychological profiles in history.
> A lot of people seem to default to a really cynical view of tech businesses.
My response to this was that from 2005 to about 2015, most people defaulted to an overly rosy view of tech businesses. People like us may always have warned about privacy dangers and the like, but among ordinary people the "Google is my friend!" mentality was widespread and it seemed like no one ever grasped that these are businesses first and foremost.
The current trend is merely the pendulum swinging the other way, and perhaps it might overshoot or already have done so, but the rose-colored glasses were never going to last forever. If you are in a tech business and this bothers you, I would gently suggest that you may have gotten accustomed to the overly cushy treatment and are now overreacting.
OTOH, google's ad-models have thoroughly broken models of financing reporting that wasn't as reliant on clickbait to even get seen. While surely not the sole culprit, the need to create engagedness at all cost has increased polarization and also has a mental health cost.
Youtube is serving as a major driver of different forms of radicalization (ISIS, alt right, etc).
I'm not saying that you should resign. But I do think we all have the tendency to not evenly attempt to assuage technology risks. Partially there's an attention bias towards specific concerns (e.g. free speech / censorship), partially a negative attention bias towards things that pay our bills.
I don't have a Facebook account because I am not fond of them. But then, in Vietnam Facebook is big because it does two good things. First, it brings unofficial news to everyone -- you can follow political dissidents. In the past, people had to figure out to get over the firewalls to get to those sources of news. Second, it opens commercial niche retail channels for free to many people: You can find people selling really weird stuff online that you can't find anywhere. For now, it's still a net-positive for many people in the country and many political dissidents are happy to publish their voices on Facebook.
Now with that in mind, Facebook compiled to the Vietnamese government's requests to put their servers in Vietnam (alongside with Google) [1]. The problem is, while Google was never blocked, in the past in Vietnam, Facebook was blocked (more precisely, blocked intermittently). I don't imagine it was hard for the government to block it completely. Let's be honest, no one will join a social network if it requires you to have a VPN to access it. Why wasn't Facebook blocked anymore, all out of the sudden? The whole buddy buddy/kowtow gesture of Zuckerberg to Xi didn't help my confidence and trust either. It's very chilling to see a person with little ethical compass like him to have such an enormous amount of power.
I don't know what is more horrible, them turning in to the government the data of "dumb fucks" following dissidents' news and manipulating them, or people having to figure out how to access news via VPNs like it was in the past. At least, I know not every VPN providers give enough fucks about that country to comply with its government's request. Google was known to be kicked out of China for not complying. Can't say the same thing about Facebook.
But then, I can't do anything about any of that stuff, so I might be ok with it.
I think one of the key points that has come out of the discussions in the last year or so is that the general public cannot trust Google or Facebook or any organization to keep its best interest at heart. Their needs to be better targeted government regulation that is designed by a impartial third-party and serves the best interests of general public. The worst thing we could get out of the computer revolution is the majority of the world becoming scapegoats for a few people living in Bay Area.
Google's idea of improving the world is hardly apolitical. Consider the YouTube rule changes on firearms -- whether or not they improve the world is going to depend on your views, but Google is surely throwing its weight around in a political way.
Only in the US can actions regarding firearms be considered a political move. (Most of) Rest of the world sees it as a safety issue and is happy to give away their firearms.
The U.S. has a somewhat different take from much of the world on several civil liberties issues, including freedom of speech and freedom of religion. As an American I'm quite proud of that fact.
Proudness is quite an unimportant emotion when the betterment of human society is at stake. In fact, there are tons of examples where proudness leads to blindness (most probably close to 100% of the time). I personally explicitly try not to be proud of anything to avoid any oversight.
Anyways, its interesting to see how people frequently forget about progress and hold on to old ideas. They forget the importance of continuously fixing problems. They also forget that usually the solution to a problem is usually the simplest one (especially one that's been proven).
> (Most of) Rest of the world sees it as a safety issue and is happy to give away their firearms.
Because we should aim to be more like china, russia, europe, middle east, africa, etc. No thanks. You guys can have your tyranny. We'll stick to our rights.
Or the fact that Google has a doodle for every single holiday people never heard about, but of course skipped the Easter doodle. Yeah very apolitical indeed /s
> From my perspective, Google's goals are aligned with improving the world by offering information services. Search, Gmail, Maps, Translate, basically all of the Other Bets, etc.--it's easy to imagine that the people behind them are more concerned with impact on the world than on generating profit or consolidating Google's power.
I completely believe that the people behind them are more concerned with impact than on generating profit or consolidating Google's power, but good intentions only get you so far. Google is still abusing it's power, whether that is the goal of the people behind it or not. Google could build those systems in a way that protects their user's privacy, but choose not to, simply because they are optimizing for profit, rather than for empowering their users.
Most people aren't scared of the intentions of the good people at Google, it's that Google clearly has too many people with bad intentions in the mix as well, based on the actions that the company takes as a whole.
I'm not saying Google handles everything correctly. My comment was meant as an explanation as to why one person has a positive perspective of Google and a negative perspective of Facebook. Obviously if someone thinks Google is destroying the world, they're going to want to change my opinion/as many positive opinions of Google as possible, and I respect that even if I disagree.
To respond to your points quickly: I'd rather support a company with a moral stance I agreed with than one that was neutral. I think news media in general has a problem with sensationalism/optimizing-for-clicks/echo chambers, but I don't perceive that Google is particularly bad as an news aggregator. I think a lot of complaints about Google/Youtube overlook that most policy decisions about removals/demonetization are driven not by politics or agendas, but by advertisers, without which Google/Youtube would not exist. (And again, if you disagree and believe that targeted advertising is itself a net bad for the world, oh well.)
Personally, I think viewpoint polarization and the internet's enabling of echo chambers is the biggest problem facing the world. I know Google is often accused of making the problem worse, but I don't agree. Google News, for example, won't stop showing me Fox/Breitbart articles, even though they have to have enough data on me to know I'm super far-left.
Anyway, I did some searching (on Google, ha), but can't find any articles linking Google/Youtube usage to mental health problems, so I'd be interested if I'm wrong. The only one I remember seeing said Youtube had a positive effect on mental health. (https://www.psychalive.org/worst-mental-health-instagram-fac...)
Pretty much every major company has a mission statement about "improving the world" in some way. Can't really think of any that says that their goal is to cheat, lie, and steal to hasten the coming of the Brave New World.
If you seriously think that "people behind them are more concerned with impact on the world than on generating profit" then I have a bridge to sell. Oh, and shareholders would like a word with you, too.
There's nothing wrong with generating profit, and I would trust people motivated by profit fart more than ones motivated by the whole "making the world a better place" -- the latter tend to be genocidal maniacs -- but for companies that's exactly what they are supposed to do, generate profit. It just would be nice if they were a bit more transparent about how they do it, whether Facebook, or Google.
Google is helping the government drone people, Schmidt was the head of the Defense Innovation Board, they sell surveillance services to police departments, Google Shopping was on autopilot until a couple of weeks, making money off selling bump stocks and other gun mods to people.
I'm not trying to be rude, but I think you have to take a very narrow and convenient view of Google to end up thinking your employer is any "better" than Facebook (who I otherwise agree is awful).
Okay, get off your moral high ground. Google is an advertitizing company. I fail to see how they are any different than a broadcast network or Facebook for that matter. You put out a product and make money off of ads. “Information services to make the world a better place” are you really serious? Does everyone at Google drink the Kool-Aid this hard?
You know who should be proud of themselves for working at a company that doesn’t make money off of people’s private information, and is actually creating cutting edge technology and services that people just pay for? Amazon. Amazon has made the world a better place than Google and Facebook put together.
What is scary is the unregulated way in which massive amounts of data can be used to sway public opinion so easily. What is even scarier than this is the way in which those in power can use massive amounts of data to sway public opinion without oversight. The very notion of a republican form of government may end up needing to be reanalyzed.
Forget concentrating on Google or Facebook. There is a larger concern. If multi-national company A collects massive amounts of data and sells it to company B to use to influence elections in country C then in what way are C's people in control of their government? Especially if A and B are based in another country.
The framing of the situation is kind of twisted imo.
If we talking about politics, it seems entirely reasonable that a politician would want know what their constituents were thinking about, would tell their constituents what the constituents wanted to here and go to Washington and do what they promised. That's democracy - obviously, this democracy isn't in very good shape. But it's hard claim to that having a very fined-grained understanding of a constituency's wants is the thing that is destroying American democracy. I would lie it's more simply "lies and demagoguery". Now, it seems like Trump undoubtedly used data to fine-tune his demagoguery but I think we have to look elsewhere that data-access to explain the problem. Or - the problem with American democracy isn't groups have fragmented to many, many sub-constituencies but that significant portion of these have palpably irrational views (anti-vaxers, pizza-gate, etc).
That's problem for our democratic system. That degredation of education might be to blame. The destruction of the safety net might be to blame. Or the willingness of mainstream media to engage in propagandistic approaches equally as manipulative as the extreme right might be to blame - and that bring the point that complaints about Cambridge Analytica in a broader context seem entirely in this propagandistic stream, shifting the focus of attention and packaging a vague threat rather than giving any coherent analysis.
I'd agree with the degradation of education system you brought up but even well educated people are prone to being nudged. In the past there was a diversity of competing news reporting. In the U.S. there has been massive consolidation in ownership of media. The sources of information are becoming fewer and the targeting of information is causing people to exist in news bubbles.
As you point out we have anit-vaxers, pizza-gate, etc. and I think this is the result of people existing in news bubbles. Curated content designed to maximize dopamine, anger, fear, etc. This makes it easier to manipulate. Think of all the people who got angry, fearful when Obama suggested having talks with Kim Jon Un and who now are happy that Trump has suggested holding talks with Kim Jon Un. People are prone to this sort of hypocrisy. They most likely aren't even aware of it.
I'm not opposed to gaining a fine-grained understanding of constituent needs as such. What I do oppose is a fine grained understanding of constituent needs so that a message can be crafted to increase the chance that a policy gets enacted when that policy has nothing to do with constituent needs. The information does not appear to being used for the good but rather for the enrichment, empowerment of well connected people.
The public at large is an informational battleground in which the victor achieves power. We are pawns in a game and the purpose is not the public good. This is dangerous if people don't realize this.
Actually, as an owner of the specialized website, I can tell you that blatant invasion of privacy actually destroys publishers. Regional newspaper literary competes with YouTube and apps for advertising dollars, and Google could care less for existence of this regional newspaper, because it can show local ads on the apps. See more what we wrote here: https://medgadget.com/google
I don't think that's how authority works. In a workplace, I don't get to collect secret data on my bosses to see what they want and then say it's so I can better serve them.
If the voters are the bosses, then the politicians should live under surveillance by their voters, while we voters keep everything secret from our subordinate elected officials.
I was trying to come up with a solution. Something like retroactively classify companies that are taking money or are involved in this type of stuff register as a Political Action Committee. Because this is regulated by the FEC. Make Google, CNN, Facebook, Fox, whatever, disclose they are working for hire to politicize your experience. Then, make it so that every 5 years a company can appeal this retro-active PAC status. When they appeal they have to show, in full transparency, that they are no longer participating in these schemes by showing internal procedures, logs, their appeal process, and comments from the public. Somebody make this idea better and help promote it. It's a start
I’ve always thought that a way to get this passed would be to tell the public that you’d be effecting whichever the other sides media is. For conservatives that’d be restricting cnn, msnbc, etc and for liberals that’d be Fox News brietbart etc.
People hate the other side more than they love their side I find.
This message would not appeal to conservatives, mostly because they would not believe it. All of the narratives about the speech restrictions that replay over and over in their "bubble": Fairness Doctrine, Citizens United, campus speech codes, etc., are about limitations to conservative speech.
I agree. Blatant invasion of privacy by Google and FB is a national security issue, as recent events with Cambridge Analytica have shown. This snooping by mega corporations runs contrary to basic principles of the free society.
Tools used to exercise political influences are getting more sophisticated and powerful, but the gameplay was always the same. Before it was Radio London, then radio Free Europe, and in countries where it was possible local TVs and radios financed directly or indirectly from US or Russia to promote their views. Now it's social medias. Superpowers were always doing this to others and the only new thing here is that this is the first time it was successfully used against one of them. For the rest of the world, especially developing countries, this is the state of affairs for last 50+ years.
Yes. The swaying of public opinion is thousands of years old. But now it's far easier, much cheaper, and can be done at a much greater scale. This is especially so when only a few companies are really able to do this. In the U.S there has a been a consolidation of media control. Too few players have the control and so what is happening now is more dangerous.
Sure, but all of the examples you give are of bad actors trying to influence the opinion of the general public. In 2018, the same bad actors are using private information to change the opinions of fragments of individuals in certain electorates, who each share a certain set of beliefs/biases.
The difference is huge. Why? Because when propaganda is crafted from the unique kinks of an individual and then secretly projected back at them with button-pushing messaging, it forgoes any chance of call-out from public scrutiny.
Basically, it walks through how something as simple and subtle as search results can sway public opinion. It wouldn't get a pro-Hillary person to vote Trump but can nudge the middle one way or the other.. and with your social info, it's easy to tell who's in the middle.
Clinton only won the popular vote by a few million, so I don't think she was able to sway public opinion very much. What might have been 46% is now 48%, at worst. That's hardly mass mind control.
If FB goes down for one day it is a minor inconvenience.
If Google goes down for one day, I am literally at a standstill. No Maps, no Search, no GMail, no YouTube, no Photos! I don't know how I will get through the day without these services :(
As such, with Google, I am more than ok them using my data to target me ads since it does feel a mutually beneficial relationship.
> As such, with Google, I am more than ok them using my data
Woah, that was a very different conclusion than I was expecting. The post builds up to how terribly dependent you are, but concludes with "so I'm very happy".
I see your reasoning and your point, but don't forget what kind of relation this is (where you pay very little to nothing for most services, money-wise...).
I am happy to pay them money or pay with data. Choose your thing. We can't just keep on operating in a world where everything is free and we don't want targeted ads.
And I never used "I'm so very happy". This is where biases come in. My goal was to say that Google services are very useful (to me) and I am ok if in return I have to give them my data.
That makes sense. I will do it as well if advertising wasn't a model. In some ways, YouTube already allows that with Red.
I wonder how many people are like you though outside the tech forums and especially in developing countries (where a lot of the users for US based tech companies come from).
Yes, and even fewer people would pay for that on a continuous basis like a utility. If there was a free alternative everyone would just use that one and suggest it to their friends.
Although I suppose there could be a certain exclusivity and elite aspect to such a network, similar to how Facebook differentiated itself with exclusivity by only being available at universities in the beginning. A network that markets itself as both for higher class people willing to pay monthly and free of ads/tracking.
I believe FB makes something like $6.50 per user. Obviously Google makes money from users too, and given overlap it seems likely that one user is worth quite a bit annually. Average that out over lifetime value, and we’re talking thousands of dollars.
Imagine if the likes of Equifax treated silos of data as a liability instead of an asset to be milked. Properly valued, a breach of hundreds of millions of people’s data would end a business, even as large as Equifax.
This is interesting actually. In theory it makes sense for them to offer a subscription that gets rid of ads, and if priced well it could make them more money on a user than ads. I'm sure a few people would be pay $5.99 - $9.99 for ad-free Facebook, especially if this means getting rid of video ads too.
Yet, if too many people opt for the paid option, technically advertiser value would fall, since less users would be targetable. Moreover, $6.50 average per user means they probably make close to no money on some users, but a lot of money on others. If only their high-yielding users opt-in to an ad-less Facebook, this could mean big losses for them.
I guess this is why they haven't offered a paid version as an option ¯\_(ツ)_/¯
> I'm sure a few people would be pay $5.99 - $9.99 for ad-free Facebook
It's not about the ads, it's about the tracking, profiling, and sharing/selling our data.
If I could pay a few dollars a month (I guess Facebook would be worth $3-5/mo to me, and Google $5-10/mo) and get out of the whole tracking/voter-manipulation/profiling/sharing data/etc. thing, that'd be worth it. That would have to include that any non-essential data is not recorded or (if I previously was on the free tier and am now paying for a year or so) permanently deleted. Of course many personal things fall in the 'necessary for functionality' category, like chat history and which pages I liked, but part of the deal is not using that data for anything other than the service itself. And if I decide to go to a competitor, I don't want to be blackmailed into paying to keep it private, so I'd want to have an option to permanently take out and delete my data once I leave.
Sounds like a tough bargain, given all the restrictions I'm putting on it, but the alternative is the current state where I'm not making them any money at all. Not using it is worth it to me, despite missing out on a few things. And I don't think the requirements are unfair, I'm just asking them to provide service X for price Y without anything else, but apparently in 2018 we have to mention that we don't want anything else, like having our data misused or shadow profiles being recorded.
I’ve switched to a mix of Qwant and DuckDuckGo, depending on question
> No GMail
I’ve been self-hosting all my mail for 4 years now, works fine thanks to simple solutions such as this tutorial https://workaround.org/ispmail
> No YouTube
This is the largest issue, but most of what I consume is either music or streams, and most of the streams are also on twitch, and the music is also available for sale on CD, or on Spotify.
> No Photos
I use seafile with automated upload and a custom-built photos UI frontend to provide a photo gallery for me, and to allow me to share photos. I use the tensorflow pre-trained example model for object classification to tag the images, it’s good enough.
For most normal people, living without Google services may be complicated. But this is HN, we’re basically all software engineers capable of building our own solutions, and they don’t have to handle nearly as many edge cases. I don’t need to translate my image host into 108 languages, just english is fine (even if it’s not my native language). For people like us, it’s not that complicated to free ourselves of Google, and, in the long term, even self-host everything.
Yes, I can live without Google Map, Google Search, GMail, Photos, but Youtube is unavoidable. For me, Youtube is more than just music or cute videos. I learn programming, mathematics, physics a lot from Youtube. :(
It's still not getting completely away from Google, and they could probably still track you through IP, but I've been really happy with the NewPipe client for Android; it's attempting to provide all the features of browsing without falling back on any official API and certainly without needing an account. There are a few features that aren't out yet (most notably comments, notifications, and YT-user playlists, though it can play the latter if you get the link through another browser) but it gives you an offline subscription list and in my opinion is more comfortable to use than the official app.
> I use seafile with automated upload and a custom-built photos UI frontend to provide a photo gallery for me, and to allow me to share photos. I use the tensorflow pre-trained example model for object classification to tag the images, it’s good enough.
Possibly the most hacker_news.txt comment in this thread. "Why rely on [popular consumer service] when you could just build your own photos frontend and then set up a machine learning model attached to it? Easy!"
That’s why I said, for normal people this is insanity, but this is Hacker News - no one on this site has an excuse for using GMail. And even the photos part – every week we have another Show HN of someone building some new project with the pretrained tensorflow models.
But yes, my setup is something I don’t expect most people to build for themselves – instead I’d hope that NAS vendors would include similar functionality, and people would start using those instead.
"No one on this site has an excuse for using GMail"... C'mon, now. I get your point, but ease it up a bit.
We can still use products built by companies. The OP has stated he's okay with "paying" using his data for the ease of use and benefits of a commercial service. It's cool you built your own! But there's a reason why GMail exists and is popular.
When you realize how dependent you are on one company, why not work to reduce that? Their policies could change at any time. Or you could get banned. It's worth the effort to diversify your resources and ensure you have a backup plan.
I don't see anything wrong in it. I don't have strong qualms on protecting every part of my online or offline presence. In fact I like that I get targeted with better ads which might be more relevant to me. And Google also benefits by making higher ad revenue (based on my data) which they reinvest in the product to make it better. I don't see a problem here at all.
You cannot be honest if you are asking this question. You are comparing MapQuest with Google Maps and are asking me, in all earnest, what is that I find better in GMaps?
Similarly with Protonmail and GMail. How about email spam to start with? Or maybe email search? What about automatic filters? Or what about the fact the Protonmail is a subscription service if you want to use their advanced features.
I don't get any spam on Protonmail, they already have strong filters.
I don't use any automatic filters, but I could use their "Bridge" tools and install Bat on my Laptop and setup filters this way. Way more advance features in Bat than in Gmail.
Protonmail is subscription service, true. But just like I can afford $5 per day for a good coffee, I can afford $1 per day for a secure, encrypted email; although I can believe for someone living in third world country, $30 seem a fortune, and I don't blame you for your country's economical situation.
And if you prefer gmail for free and be their product that they analyze, dissect it and categorize you based on the content of your email then that's fine with me; I really don't care. You are simply their product, but with your HN username, I doubt I had to tell you that :)
Just because you don't use automatic filters doesn't mean every else doesn't use it. Just because you can pay $30/mo subscription doesn't mean every else can or are willing to pay it. Just because you don't want to be Google's product doesn't mean every else doesn't want to be the same. So just stop it.
You seriously had the audacity here to compare GMail (a wonderful free product) with Protonmail (a $365/yr product) and ask me why I don't find it as a good replacement. At the very least, have some empathy man.
ProtonMail Plus (the lowest paid tier) is $48/yr. And you do pay for Gmail with your data, so let's at least get the comparison right. The final cost/benefit analysis is your choice of course, but Gmail is not free
Thanks. 10 years from now it will surface Google through their arm 23andme was building your health profile and share it with health providers you shopped with. Since they don't have same data on me as on product50, the cost of my insurance will be mediocre and his will be thru the roof.
And if you don't believe me, Edward Snowden would like to have a word with you.
Forget scary. Let's talk about utility. Facebook gives you distraction but Google gives you information (YouTube, Google Search, GMail, Maps, Voice, Fiber, Project Fi, etc) and is more restrictive about how it lets partners use its platform to interact with users.
Google build genuinely useful products, and use the knowledge it gains about you to show (generally somewhat useful) ads, and generally stays out of your way.
Facebook on the other hand desperately tries to manipulate you into consuming as much time as possible on their platform at almost any cost, using lowest common denominator tricks.
It's just kind of a false choice. I use FB to keep in touch and chat with friends, find out about local events, follow various interesting people, etc. google tried to do the same thing with Google Plus and failed. But I certainly don't feel manipulated by FB, I feel they are providing me with a useful service.
I agree with everything you said except for "generally stays out of your way."
Try blocking all Google domains via a hosts file, and you'll see that they have put their hooks into all kinds of systems, and do so in ways that seriously impede how normal web-pages should function.
This. To me, the major problem with FB isn't even privacy. It's the fact that FB relies on, and encourages its users to behave like addicts.
HN has noprocrast because YC has a financial interest in their founders not wasting their time, or becoming addicts. Can you imagine FB implementing noprocrast? It goes against everything they do.
YouTube suggesting extremist videos to people in order to maximize views is giving you “information”? Can we stop pretending Google is somehow more useful to the average person than Facebook?
There's been evidence, admittedly anecdotal AFAIK, that YouTube recommendation algorithms can tend towards increasingly extremist content from quite innocuous starting points. For example:
This doesn't mean YouTube staff are purposefully designing the algorithm to specifically trend towards extremism: this can fall out naturally from human psychology and ML algorithms that note which videos increase engagement and recommend videos based on user interest and recommending videos that will increase the user's time on site.
I think this is worth looking into in a more methodical manner. You can dismiss it as cherry-picking, but I think it's something reasonable people can be concerned about. And these services and products should be looked at separately, determining which parts are good and which parts are bad.
You could write a pseudo-explanation even longer than the comment you are purporting to describe, or you could simply read the words that I wrote and not try to put words in my mouth.
Would the two of you ('jonathanyc and 'kimdcmason) please stop engaging uncharitably with each other? There might be common ground there somewhere, but you're not even trying to listen to each other. It doesn't matter at this point who's right or who's wrong or who started it or who's at fault. You're both contributing to continuing it. As one HN member to another, please help increase civility and substantive discourse.
I feel obligated to listen to and respect people who disagree with me on the issue of whether Google and Facebook are evil. But I can get and have gotten intelligent and reasoned perspective from people who aren’t spouting the names of logical fallacies as if they were hexes and caltrops.
As much as I feel obligated to engage with others constructively, I feel obliged to discourage and make others aware of nonconstructive behavior. I take your point that this thread is going nowhere, though, and I will stop. I acknowledge I may have gone too far.
If you use FB, you have to be logged in and actively engaged by you providing your identity to use it.
Google can be used without logging in or tracking.
That is the critical difference for me - to use Facebook you have to actively be part of the social graph and share your identity. Google wants you to sign in, but you don't have to (apart from Gmail etc)
To block tracking from most people you can:
* Block third party cookies in your browser.
* Use DuckDuckGo.
* Block ads.
* Use a VPN (to get differing IP addresses).
This will neuter 99% of tracking approaches that rely on cookies, IP matching, purchase history, or being logged in. For Google and others too. Some will use more exotic approaches to tracking (e.g. canvas fingerprints) but there is a browser extension arms race to handle that.
The first 3 of those things take 90 seconds to do once then forget about and never deal with again. It's not hard. VPNs are more commitment and come with their own problems, but add some extra obfuscation. If you don't want to use android then obviously you can get another phone. Firefox is viable again these days.
There are fewer and fewer excuses for this attitude - Google is not inescapable IMO, but you cannot escape Facebook if you want to use it.
It just comes down to how much you care and how much you value their services - you might need to ask yourself some hard questions about what you really value and what you are prepared to go without before complaining about how these companies are run in order to offer you free services.
(views are my own opinion)
edit: perhaps I wasn't clear: ad blockers and/or disallowing third party cookies will prevent Facebook like buttons (or tracking pixels from other parties) from tracking you as effectively, especially if you cycle your IP addresses with a VPN. You just look like a totally different user each time.
Not entirely true. Facebook, like Google, has tracking pixels on pretty much every site now. I find Google and Facebook both to be fairly terrifying in their immense power. I also fear Amazon, I used to be an avid Amazon shopper, but now I try to go out of my way to not use them if I can help it. I never thought I'd live to see companies like Apple and Microsoft being more of the good guys than their competitors (relatively speaking.)
I find it amazing that Chollet even tries to argue "There’s only one company where the product is an opaque algorithmic newsfeed, that has been running large-scale mood/opinion manipulation experiments..." when Google's ranking algorithm is so infamously fickle, and especially when its per-user bubbling is an open secret and even obliquely touted as a feature.
Google has a profile of my voice solid enough that they're comfortable making it an authentication option in Android. They have microphones in millions of homes and millions more on people's pockets, which are by the way also tracking live location and a myriad of other data.
- Android (iOS is the only alternative, and that's much worse in terms of openness)
- Maps (OSM, Apple and others don't have the same amount of business information)
- Search (I have DDG as default, but find myself returning at least once a week to google search because none of the other search engines will give good results)
- Images (Bing and DDG are even more terrible at images than they are at search)
- Gmail (I bet >50% of the email in the Netherlands goes to google, so many businesses and even schools outsource it there, not to mention most friends...)
- Embedded analytics, maps, ads, fonts, youtube, and perhaps +1 buttons. (You can block ads, and analytics isn't too hard, but if you block all of Google you'll end up with a lot of broken websites, and you'll have to unblock it every time you want to use any of the other mentioned services)
- Docs (anything else that works with real-time editing and is free to use?)
- Youtube (I rest my case)
On Facebook, all I would do is chat with people, which can be done using a hundred other applications as well. Groups for local info might be useful, but I find that easy enough to forfeit.
That's actually the same point the parent comment by thriftwy was making. The two of you are not in disagreement.
But as for your argument, didn't you just list notable alternatives for most Google products? To the extent that the competitors may be less attractive (though plenty of people say they prefer iOS, Bing, DDG, etc.), that just emphasizes how useful Google's products are. Most of them can even be used without a Google account, too.
It's strange to talk about the value Google services contribute as a bad thing. If you want to argue that value is still not worth the data they collect, that's a separate matter (and one that is logically at odds with arguing how great Google's utility is).
Tell that to people with Android phones. Google Play Services is an opaque blob that cannot be uninstalled and is necessary for nearly all Android apps. And it is constantly uploading your location minute-by-minute to Google for use in things like their "Popular Times" card on search results and who knows what else.
When you set up an Android phone you have the option of not using Google Services. Secondly, you can disable Google Play Services anytime you want. You can also turn off location history and tracking anytime you want so I'm not sure where you get the idea that none of these services or apps can be turned off or disabled.
I am not sure what comment you think you are replying to. Google Play Services cannot be uninstalled on a stock Android phone, like I said, only disabled; and disabling it means the vast majority of Android apps won’t work, like I said. These are facts that anyone can verify for themselves; you merely claiming otherwise doesn’t change this.
You also seem to be confusing Google’s various services with Google Play Services specifically.
You can, however, disable the location tracking across your device pretty easily, or even just disable location history if you want other tools to be able to use your location.
Yes, disabling core features of your device results in a worse user experience, this should not come as a surprise.
I believe there are power and compute related reasons that you actually do need there to be a central service that manages location data.
And I guess at that point you could say "but then there should be a single tool that does location management for apps and location tracking should be entirely separate", but I'm not sure why that's any better than "there's one app but you can toggle off the objectionable parts in a really straightforward way".
Or perhaps you mean that they could just provide raw GPS data and the app developers could handle everything else, but that too runs into power and usability issues. Android handles geocoding and reverse geocoding in relatively energy efficient (and reliable!) ways. If every app had to do its own geocoding, you'd have disparate experiences in apps. (Note that Apple does almost the same thing: there are builtin geocoder objects provided by the OS that convert from GPS to address over the network). You could make that a separate thing, but then you'd get people complaining that "none of my location based apps work even though I have GPS enabled".
So I guess I'm curious what your suggestion on what they should do instead is.
> I believe there are power and compute related reasons that you actually do need there to be a central service that manages location data.
That may be, but they could open up that service for me to run on my own server, rather than through them.
> And I guess at that point you could say "but then there should be a single tool that does location management for apps and location tracking should be entirely separate", but I'm not sure why that's any better than "there's one app but you can toggle off the objectionable parts in a really straightforward way".
I'm not following what you mean by this. Can you expand?
> If every app had to do its own geocoding, you'd have disparate experiences in apps.
And? I already have disparate experiences in apps for tons of reasons.
>And? I already have disparate experiences in apps for tons of reasons.
So because some things are a bad experience, we should make more things a bad experience? I don't follow. Or do you mean that you as an end user, not an app developer, should be able to configure the server used to look up the mapping of gps coordinates to street addresses used system wide, as though that isn't a giant security vulnerability? (as in, if I were Uber or Lyft, I wouldn't want to deploy my app on a platform where another app with root privileges could, for example, change the GPS lookup location to something adversarial whenever uber was in the foreground, leading to bad end user experiences).
As far as I know, apps can already do their own geocoding (no one could really stop them), they just don't because the built in ones are better and give consistent experiences.
>I'm not following what you mean by this. Can you expand?
I guess I'm not clear on what the problem with "I get my location through google play services" is. Like I understand why one might take issue with "the only way to get location data is to opt in to Google having my location history". But that's not what happens, since you can turn that off. So I'm unclear on why Play Services being the source of location data, as opposed to something else.
> So because some things are a bad experience, we should make more things a bad experience?
I don't see how disparate experiences are bad experiences. Those are two entirely different things.
> if I were Uber or Lyft, I wouldn't want to deploy my app on a platform where another app with root privileges could, for example, change the GPS lookup location to something adversarial whenever uber was in the foreground, leading to bad end user experiences
Is there any reason this can't be done today? I already have root on my platform, and, afaik, I can spoof my gps coordinates. Besides, if you don't like how a platform has set up its permissions, then don't develop for that platform.
> But that's not what happens, since you can turn that off
You can flag a button, that tells you that it is turned off. There's no way of knowing whether or not they actually keep my data.
>I don't see how disparate experiences are bad experiences. Those are two entirely different things
Inconsistent experiences is perhaps the single biggest complaint about Android as a platform. This is on comparison to iOS which has much stricter controls on how things can look and what you can do. Unified interfaces are better experiences. Predictability is a part of good ux.
>Is there any reason this can't be done today? I already have root on my platform, and, afaik, I can spoof my gps coordinates. Besides, if you don't like how a platform has set up its permissions, then don't develop for that platform
I'm honestly not 100% sure, but it wouldn't surprise me if it's the kind of thing that only possible via BusyBox or whatever.
As for the second part of your comment: losing Uber for a feature that will be used by 6 people is not a reasonable trade-off for a platform to make.
>There's no way of knowing whether or not they actually keep my data.
Well yes there is. You can see all the data Google has one you via takeout. For location specifically, there's timeline.
Unless you mean that you think they are lying and secretly storing your data in which case there's a plethora of legal reasons they can't do that. You're veering off into conspiracy territory.
(I work at Google but these opinions are mine alone)
>Than it stands that Google values money more than they value designing a system with their user's best interests in mind.
No, they value their average user over you specifically. If the average user will gain more from Uber than from the feature you suggest, it is in Google's users' best interest to not implement that feature.
>Yeah, because Google never lies about what they do with data, or how they collect it. /sarcasm
Then you can certainly name all the other times? There are a number of complaints about Google that I've heard, but being secretive about what data they collect is a new one.
> No, they value their average user over you specifically. If the average user will gain more from Uber than from the feature you suggest, it is in Google's users' best interest to not implement that feature.
No, they don't. They could make this an optional feature, and they choose not to. And I can't think of any way that preventing users from controlling there own data could be good for users.
> Then you can certainly name all the other times?
I can't name all the other times, but they misuse our data so often, they publish statistics about it:
>No, they don't. They could make this an optional feature, and they choose not to.
If adding such an optional feature causes Uber to leave the Android platform, adding the optional feature is a net loss to Android users. "You are not the user" rings true here.
To put this another way, if your "feature" harms the ecosystem, it is not, in fact, a feature.
I asked for examples of Google lying about data collection, which was the accusation you levied. You responded with Google being transparent about responding to legally binding government requests.
While you may feel that handing data over to the government is a misuse, Google is not secretive about this. They're very straightforward about the fact that they will obey lawful requests, and they're transparent both with affected users, and the general public, about when and how they comply with those requests, as evidenced by the report you just linked.
So I'll try this again: since you accused Google of lying about collecting data or lying about what they do with it, can you substantiate that accusation, by giving examples of Google lying about what data it collects, or lying about what it does with that data?
> If adding such an optional feature causes Uber to leave the Android platform, adding the optional feature is a net loss to Android users. "You are not the user" rings true here.
That's a big if. I highly suspect that Uber wouldn't want to leave one of the biggest platforms just because of a simple option that might already exist. What if Uber demanded to be able to have root on Android phones? Would Google be willing to bow to that because losing them would be a "net loss to Android users"?
I'd have to ask you to point out why giving user's more ways to manage their data "harms the ecosystem".
> I asked for examples of Google lying about data collection, which was the accusation you levied. You responded with Google being transparent about responding to legally binding government requests.
Yeah. I did. It doens't matter why they lie, it matters that they lie. Especially If they are willing to lie to me about how they use my data, they why wouldn't they be willing to lie to me about how they collect my data? And I fully admit that I have no direct proof of them lying about how they collect data, but I don't see why you would trust a company that regularly lies to it's users about what it does with that data.
You haven't actually shown an example of them lying though. Are you saying that complying with lawful requests for data, as Google explicitly stares it will do and then publicly announcing the ways it complied, as well as when lawful, announcing to the affected users, is lying? I find that difficult to believe.
> Are you saying that complying with lawful requests for data, as Google explicitly stares it will do and then publicly announcing the ways it complied, as well as when lawful, announcing to the affected users, is lying?
By not notifying their users that their data was breached they aren't being honest about how how data is being used. They could also set up the system in such a way that their user's data couldn't be mishandled, but they choose not to.
Not exactly the actions of a company that I would consider trustworthy.
>By not notifying their users that their data was breached they aren't being honest about how how data is being used.
But they do notify the user unless doing so is illegal (and then, they do so when it becomes legal). You still haven't substantiated this claim of lying, unless you are claiming that "obeying the law" is lying about how data is being used. But again, Google is clear that they will obey court orders.
> They could also set up the system in such a way that their user's data couldn't be mishandled, but they choose not to.
This is also one of those things that appeals to a small group of privacy enthusiasts, but isn't actually a good thing for the average user. The same set of changes that make it impossible to as you describe it "mishandle" data, also make it impossible to recover data in the case of user error. If you're willing to make that tradeoff that's fine, but for most people, the looming spectre of a court order is a much less worrying issue than forgetting one's password.
That may not be the case for you, and that's fine. But to say that not doing that is unethical is a stretch. See this thread[1], where a number of security professionals who to my knowledge aren't Google-affiliated (and me, who is neither a security professional, nor independent) discuss this.
It comes down to the average user's threat model not involving state level actors. Designing a broadly appealing service to respond to that threat is a disservice to the average user, because it comes at the cost of other features.
You personally may have a different threat model, and that's ok. But to claim that anyone who does not follow your exact threat model is lying or mishandling data is disingenuous and potentially harmful.
I'm not ignoring any facts. You haven't substantiated any of your accusations. You're the one who is transforming "transparently obeying lawful warrants as they disclose they will" into "lying about data usage", or at least that's the best interpretation of what you're saying I can come up with.
If you want me to engage with facts, please provide some first! I can't ignore what isn't there.
They intentionally design their products in such a way that puts their user's privacy and security in danger, by not putting the user in control of their own data. By using Advertising as the basis for their business, they have encouraged a huge race to the bottom for other online services. They also tie themselves unnecessarily into other parts of the web, and degrade the experience in efforts to consolidate power for themselves.
I disagree. Facebook is just less clever about being evil. Google instead looms in every corner that remains too complicated for most people to understand and quietly harvests data.
And the article really does a piss-poor job at trying to pursue its question. Heck, most of it is directly quoting the opinion of a Google engineer.
They are both equally scary but Facebook has been caught with their hand in the cookie jar and now everyone is aware of it. Note , I am not claiming that Google will be caught doing this.
Seriously, though, I think some of it is that Google is a little more transparent. They ingest tremendous amounts of data about you, but for the most part it's while you do things you would otherwise do. Facebook is a destination, an environment unto itself, and it's impossible to ignore that it's addictive and sucking you in over and over. So you use it, but hate it all the same because it has too much power.
I've looked at the data Google collects on me, and it's probably more frightening than what FB has managed to gather. Google has all my search queries to look at, every place I've driven, etc. All without me really noticing.
Google surely can draw a network of its ever-logged-in users just with their ad services alone:
1. You visit a page with some Google ad at home.
2. Someone else at home visits another page with some Google ad.
3. Your browsers make the request through the same IP address, marking you as potential acquaintances.
With the frequency of this happening, they can put weights on the edges to mark how closely you are related to that other person. And since they can, they will. Otherwise, it would be the loss of this great opportunity for them.
I don't see Google being any less manipulative than Facebook, with all the capable tools they have now. They are ever-present, can track you almost regardless where you visit (ads and analytics), they can gather information about your profile/network, and most importantly, they curate the information presented to you (search and ads).
I'm a little concerned with this type of posts. I understand there are other companies just as bad or maybe even worse than Facebook, but shouldn't we focus on them one at a time?
This type of articles tend to have the tone of "hey everyone does this, so maybe what FB is doing isn't so bad?"
That's a mistake and it's misleading. There is a reason The Guardian published Snowden's stories one at a time. People can't get mad at everything all at once. They get into analysis paralysis. Let's fix the issue with Facebook. Then once that's done, we can move on to Google. And then once that's done we can move on to the ISPs, and so on.
But if we throw this "the whole world is terrible and every company is bad" story at people, they aren't going to do anything.
The conversation at the root? Not so much. But yeah the rhetoric and seeming lack of nuance around it makes me roll my eyes from time to time.
Edit: instead of driveby downvotes, Id welcome some commentary on what was so incendiary about this remark to warrant swiftly taking the comment down into the negatives.
I was expecting some more points on how Google actually does scary things, too. I can recount more points off the top of my head than this article lists and the headline seems to suggest that this would be the main-point of the article. Instead, it's mostly just a platform for this François Chollet's opinion, which is even biased into quite the opposite direction.
If you are worried about your privacy, Google is way scarier. If you don't use Facebook as a social networking site, the data it will have to you is minimal. Can be made even smaller with a couple of extensions available on all browsers.
Now Google owns one of the largest ads network in existence, which means you're being tracked by Google every time you set foot on any site that runs ads. Plus, those that don't probably use Google Analytics, which is also tracking you. Plus, there's Youtube, Google office suite, GMail (even if you don't use it, half of your correspondents do, including many companies so you don't even know by domain name that you send data to Google). Plus, Google Drive, etc. Plus Android, plus Google Play, plus Google Maps, etc. The amount of your private data that is going to Google, if you have any online presence, is stunning. Google is clearly scarier.
Now, if you're worried about these data being used in partisan political battles, the picture is different. As we know by now, both US political tribes has been able to successfully collect and use Facebook social graph data for their purposes. Facebook management remains more or less neutral so far on this question - while the top management undoubtedly belongs to the blue tribe, and, as we've seen, has been glad to provide access to blue tribe campaigns, the red tribe has been able to use the data too. For Google, again, the company is managed by the blue tribe, and openly sides with it at every opportunity, but we don't know anything about how or whether the data is used for political purposes. If you are concerned about the red tribe gaining the same access to private data and control over mega-corporations as the blue one has been enjoying so far, Facebook would be scarier for you, while Google would look pretty safe - even though they have a lot of data, people with correct tribal affiliations are guarding it, so no need to worry there.
I personally prefer Google over FB. I haven't deleted my FB account because that's my contact list of some sort but I am not very active. I guess I prefer the Snapchat model where what you post doesn't stick around forever. I'm not fond of the aggressive, greedy bro attitude of FB in moving fast and breaking things. On the other hand I use Google services all the time.
Folks whining about data collection should realize Google hasn't decided to be an ad company, it's just they have succeeded monetizing it better than their more recent cloud offering and in future their hardware business. So it's not an ad company because it does everything top down based on what would make ad business succeed. It's just that the search product is popular and placing ads next to it pays well. If you're complaining about seeing ads and are not using the paid GSuite version or non google services for email for example, it means you don't care enough and perhaps should stop whining about a free service you've opted to use.
This is also somehow true about FB. they're trying to monetize their Oculus business but it doesn't pay as much as the ad business I guess.
IMO the solution to data collection isn't to completely stop it as it'll make the services less tailored to individuals and dumber. Instead I'd rather the data be collected but under full control of the individual. So I can decide who gets to access it and for how long.
> If you're complaining about seeing ads and are not using the paid GSuite version or non google services for email for example, it means you don't care enough and perhaps should stop whining about a free service you've opted to use.
This and you characterizing people opposing Facebook and Google as “whining” does not contribute to the discussion. If you think not paying for a service revokes your right to complain about it, why are you even comparing Google and Facebook at all? Your comment is neither insightful nor consistent.
I didn't say those who don't pay for a service have no right to complain.
I'm opposing the constant characterization of what Google and Facebook do [successfully and other companies do too but less successfully] which is collecting behavior signals to tailor ads and services is inherently nefarious.
But again, if one opts to receive some service for free, they sure can complain but I don't think they are guaranteed any change to that service based on their complaint.
IMO what matters is that users have alternatives and are not locked in.
> Folks whining about data collection should realize Google hasn't decided to be an ad company, it's just they have succeeded monetizing it better than their more recent cloud offering and in future their hardware business.
Yet they still don't offer paid options, that allow me to remain anonymous for almost all of their systems. I don't see how anyone can imply that Google is reluctantly in the ad business when they don't even offer alternative monetization models.
I doubt all fault lies with Zuckerberg here. Because he is doing what the system rewards, maximizing investor wealth. And that means companies will do everything to profit, and only apologize if caught. Facebook won't have cared till 2025 if they were not caught. Same with Google may be what they are doing, and they are more careful than Google in getting caught.
I'm really confused by the whole anti Facebook thing. Agree they messed up on privacy, but calling them evil, useless, etc seems over the top. I like FB and find it useful and don't care if somebody has my public profile data, since its public already
The main difference from my point of view, as a Google and a non-Facebook user, is that Google actually provides useful services. From GMail, to Maps, Drive, etc. Facebook (as I see it at least) provides zero value. It creates toxic echo-chambers and countless studies have proven again and again that it makes people miserable.
Facebook provides a ton of a value to lots of people. In many cases its their entire social circle and how they communicate with them. Just because it doesn't create value for you or I doesn't mean it creates value.
Maybe, maybe not. But, it would be a wasted opportunity not to kill Facebook right now because the political will of the resist-trump crowd makes the attempt more likely to succeed.
Yet the argument could be made that without Facebook, the duopoly on online advertising could become a monopoly by Google.
They'd definitely hop in and try at a social network again too. They have your voice, your live location, your email, your texts, your photos including a model of your face, your search history, your youtube viewing preferences, and they wouldn't miss the chance to hop in for your social graph and "likes" too.
Google edits its search results to achieve political agenda. This is worse than Facebook, which is just used by other political actors. Google does it without a profit incentive, and if its own accord.
Evidence: Search “European History” or “American Inventors” in google.com. Now go to www.google.es and search “gente europea historia” or “inventor americano”.
I feel like this is a piece that people elide pretty frequently. The Google founders have spoken about tons of things over the years, and consistently come across as being principled and passionate, even if your moral foundation is different from theirs. Zuckerberg, on the other hand, set the tone with the "dumb fucks" IM and has only recently gotten better at not projecting contempt for his users. I honestly couldn't even pin down what his ethical foundations are, given that they seem to swing with the tides of public opinion and what PR message is currently convenient ("connect the whole world! every interaction is a good one!" --> the more recent "maybe some social interactions are bad, only 'good' ones from now on!").
It's of course entirely possible that this simply means that the Google guys are better at personal PR than Facebook is, but at the very least it helps explain why the perception of each is different.
Mark Zukerberg has a foundation with his wife, and they have vowed to donate 99% of their net worth to it [1]. This is Bill and Melinda Gates level; they also pledged to donate the vast majority of their wealth (95%).
Sergey cheated on his wife with a Google employee (who was like 20 years younger and dating another executive) and got a widely publicized divorce [2]. We don't have transcripts for Sergey and Page, but how do we know they didn't also think their users were "dumb fucks", or weren't nice people in college?
I am of the opinion that to become a billionaire you have to step on a lot of people; I am not one to think that Zuckerberg or Bill Gates are moral guides for anyone, and this very much applies to Page and Brin too.
> I honestly couldn't even pin down what his ethical foundations are, given that they seem to swing with the tides of public opinion and what PR message is currently convenient
Two points on this:
1. Google's mission is to "organize the world’s information and make it universally accessible and useful". What's the "ethical foundation" behind that? Do we know this will make the world a better place? "Useful" for whom?
2. Both Google and Facebook are advertising companies. They optimize to sell ads.
I'm making no claim as to how they are as people, but rather what they see as the philosophical center of their organizations. "Cheated on his wife" and "has a foundation" couldn't be less relevant. Bill Gates, as you mention, is practically the poster child for charity, and yet the idea that that implies much useful about the principles that animated Microsoft under his tenure is foolhardy.
My statement didn't say anythjng about who they are as fully-rounded human beings, and even further, spoke only about the _perception_ of what their company's philosophies (as embodied by their founders words) are. You're flattening the nuance of my statement into a simple-minded "Sergey good, Zuck bad" that I didn't come close to expressing.
The rest of your comment is pretty much a non sequitur and this is already a pretty long response, so forgive me for not addressing it (though I'm happy to if you think I'm being unfair to your point).
> I'm making no claim as to how they are as people
Well, sorry I thought you were, but when you say "consistently come across as being principled and passionate" and talk about who Zukerberg was as a person when he was 20 (when he made the "dumb fucks" comment) and his "his ethical foundations", it very much sounds you're making claims about them as people.
> spoke only about the _perception_ of what their company's philosophies
If you say "It's of course entirely possible that this simply means that the Google guys are better at personal", by personal I'm gonna assume you mean surrounding their person, not their companies, and personal PR _is_ very flat and all about "Sergey good" or "Zuck bad". My comment was meant to give the other side of the coin: it's evident you personally see Google's founders as better people ethically, and Zuck as lacking principles, so I gave you an example of the opposite to complement your point of view and hopefully give you a more rounded vision of them. They're all people, with their flaws and strengths; neither has it all figured out.
> The rest of your comment is pretty much a non sequitur and this is already a pretty long response, so forgive me for not addressing it (though I'm happy to if you think I'm being unfair to your point).
I don't mind long comments, feel free to address it. (:
> it very much sounds you're making claims about them as people.
That's not an unreasonable interpretation, but it isn't what I intended. Their personal PR about how they run the company matters because these are unusually founder-driven companies, and even more so in terms of perception. Just as most people think of the President as more of a king, most have an image of Facebook as Mark Zuckerberg's personal playground.
> it's evident you personally see Google's founders as better people ethically, and Zuck as lacking principles
You have me wrong here. As I said, I was speaking about perceptions of them. As I said tho, that's not unreasonable, since in the name of succinctness, I presented the view and only afterwards indicated that I was focusing on perception.
Is Microsoft scarier than Google? Unlike Google, Microsoft tracks and profiles you online via their search engine and through all of the "telemetry" Windows sends back to them. Also, doesn't Microsoft operate their Azure cloud service in China that is run by a Chinese state run company?
Are you seriously suggesting that Bing doesn't track users? Who are you trying to kid.
Microsoft is able to recognize the same user across devices by using an anonymous identifier (MSID). The MSID is used to describe a persistent unique identifier used by Microsoft Advertising to deliver targeted ads and recognize the same user across devices and Microsoft services. Customers have a choice to opt out of targeted advertisements that use the MSID by visiting http://choice.microsoft.com/en-us/opt-outand turning off the control that says “Personalized Ads Wherever I use my Microsoft Account”
What on Earth? My comment takes issue with your claim that Bing is “unlike Google.” Google’s privacy policy explicitly allows them to use queries for advertising, not “unlike Bing.” Why are you trying to paint Microsoft as exceptional here?
> We use the information we collect from all of our services to provide, maintain, protect and improve them, to develop new ones, and to protect Google and our users. We also use this information to offer you tailored content – like giving you more relevant search results and ads.
>Google’s privacy policy explicitly allows them to use queries for advertising
So does Bing.
Finally, as described in the Display of Advertising section of this document, we may use search query data for the purpose of personalizing the ads we display to you as you use our services or those of our advertising partners.
Microsoft operates data centers in China that are run by Chinese state run companies that allow the Chinese government to examine any user data they want.
Microsoft Azure operated by 21Vianet (Azure China 21Vianet) is a physically separated instance of cloud services located in mainland China, independently operated and transacted by Shanghai Blue Cloud Technology Co., Ltd. ("21Vianet"), a wholly owned subsidiary of Beijing 21Vianet Broadband Data Center Co., Ltd.
Sorry, I misinterpreted what you were saying. My intent was to imply that if you're going to wrangle Google into the Facebook clusterfuck then you better put the spotlight on other companies that have done more nefarious shit than Google.
> Chollet bristled at this. “This is the laziest kind of thinking—just because two things share some superficial similarity (they’re large tech [companies]) doesn’t mean they’re equivalent,” he said.
But... the article is just a riff off of Chollet's tweets about working for Alphabet. Mostly about Facebook anyways.
I too had thoughts of Betteridge but in the opposite: it definitely applies and he article gives us a few examples.
But after a second read of the article I think the answer instead of being a flat "no", the answer would probably be more accurately answered with "depends on who you're asking"
Google is just more self-aware, which can change at any time. This is separate from their potential, and the potential is what matters here. We know Facebook had the potential to do damage for years, but we don't know how much damage they have done. As for what a company "seems", that is a sum of marketing and PR.
Does any part of that address his point though? Almost every single one of those things you mentioned is part of some federated system, which means you can be the only person in the world not using it and not have your usage affected too heavily.
Your friends can include you in text groups no matter what carrier and phone OS you use, they can include your email even if your mail server is located under your couch, you can visit websites even if you use Firefox or Safari or IE or Opera or Iceweasel or Edge or Dolphin or.... By contrast, you can't decide to be the only one in your friend group without a Facebook acct and still be included in eg event planning and photo sharing, unless your friends make th extra effort to keep a separate channel open for you. That's what the term network effects _means_.
(Yes, I'm entirely aware that the canned response to this is "they're not your real friends then" or "get better friends"; I personally don't use Facebook for anything but event planning/accepting and the occasional communication with an extended member of the family without having to go through a chain of getting people's numbers. But as to the people that don't recognize any potential benefit to a tool like FB for coordinating meaningful social events, I can't help but wonder if they just have very tiny social circles. This isn't a bad thing by any means, but it's bizarre to assume that that's how everyone socializes)
"everything here is federated" is not rebutting my point at all.
Sure, you can host your own website without GA, but then you're in a circle of 1.
Unless you don't email people with googlemail accounts, don't use GA websites, avoid android and anybody who uses it and disallow chrome browsers from accessing your content, then you're still kinda in googles reach.
Which is far more invasive than facebook, facebook at least requires you to actually be an active participant in a system that at its core is about telling people about yourself.
Google wants this data and is willing to "pay" for it with free services.
Google is also tracking you via emails sent to/from Gmail, AdSense scripts, free CDNs, Android, etc. I find Facebook to be easier to avoid, though more costly in terms of my happiness
It's the opposite for me. I don't use Facebook or any of their subs (like instagram), but google is very difficult to get rid of: youtube and android have no viable replacements, maps has some unique selling points, and I notice that I even return to the search multiple times a week because I can't find something using ddg, bing, or another search engine. And of course half my email ends up in gmail inboxes because it's either to friends (gmail) or companies (google apps for business, or whatever it's called -- see mx records of half the companies you deal with).
Edit: oh yeah and of course analytics + youtube embedding + ads + like button (when still in use) + google maps embedding makes it very difficult to get around as well, even outside of directly using their products yourself...
Note about Google-Android phones: how long you use each app and when is tracked.
To avoid this, use a custom rom without GApps. You can also "turn off" this "feature" from some menu online, but I'm pretty sure that doesn't actually stop data collection.
I hear so many people talking about this like there's literally no way about going around these issues.
Is it that unimaginable to use an alternative search engine like DuckDuck go? To use tor? To use a VPN? To disable javascript? To block ads? To put some IPs in your /etc/hosts? To use OpenOffice instead of Google Docs and MS Office? To use Proton Mail instead of Gmail?
These products even have nice user interfaces these days! Privacy isn't that hard. These companies offer a service for free (mostly). If you can't do it, I think it's mostly because you just don't care.
Facebook is ethically bankrupt, but their power is much more limited. Google is nothing less than the greatest threat to humanity. Trump, North Korea, militant Islam and Putin all pale in comparison to what Google is capable of. Only Xi's increasingly nationalist and modernized China is capable of remotely the same kind of threat, but Google has a huge lead in military robotics and will probably reach the AI tipping point first.
They have been a beautifully gilded trojan horse, beloved in the beginning, but in the end most of humanity will likely regret having given away so much to Google.
At least Facebook and Google give you something for it and you can route around them if you desire. No routing around ISPs unless you use a VPN but even then they are blocking those.
Broadband/cable/telcos capture everything you do and can now sell that information and do[1]. That bill was the pre-cursor to removing net neutrality by taking privacy and policy from the FCC to the FTC.
Part of Jeff Flakes argument for getting rid of the privacy protections were so that ISPs can compete with Facebook and Google and sell your data/offer ads to you. Yet Facebook and Google at least built products you wanted that you willingly gave up privacy to use and at least got something for it [2][3].
ISPs you have to pay to use and they still take your data as if you are the product. ISPs could have built products people wanted to get that data but they instead bribed 'representatives' to get it via legislation with their local monopolies. Noone wanted this bill but ISPs.
[1] https://www.eff.org/deeplinks/2017/03/five-creepy-things-you...
[2] https://www.flake.senate.gov/public/index.cfm/2017/3/op-ed-f...
[3] https://www.flake.senate.gov/public/index.cfm/2017/3/flake-i...