Ricochet is the best place on the internet to discuss the issues of the day, either through commenting on posts or writing your own for our active and dynamic community in a fully moderated environment. In addition, the Ricochet Audio Network offers over 50 original podcasts with new episodes released every day.
Is Google Docs the Latest Front in Google Censorship?
People are getting locked out of innocuous Google Docs for supposedly violating the terms of service. From The Verge:
Google Docs users are reporting various bugs today that result in them getting locked out of their documents. Most of the issues center on a mysterious Terms of Service violation.
The reports largely come from journalists. It’s unclear whether the error is targeting media companies and reporters, or if it’s just coincidence because reporters tend to spend a lot of time in the app (and on Twitter). Nevertheless, this bug is concerning, considering it implies that Google is scanning documents for content and something is misfiring on the company’s end.
We reached out to Google for clarification and received this statement back: “We’re investigating reports of an issue with Google Docs. We will provide more information when appropriate.”
Supposedly it’s just a glitch for now. But it reveals that Google scans the content of your Google Docs, which some might find a wee bit unsettling.
How long before they start censoring your work files for “inappropriate” content?
What about the files you have saved in Google Drive? Woe be to any conservative political organization that uses Google Drive or Google Docs for their work. They might as well email all of their proprietary info directly to the DNC.
Published in Technology
I have serious concerns about the fact that Google and Facebook have become the de facto gatekeepers for the information most people see. The problem is made worse by the fact that both companies are publicly, and unabashedly, left-wing in their politics; they have an unprecedented ability to mold public discourse.
Having said that, I strongly oppose any legal remedy for this problem. I object to the argument that, because a business has become wildly successful, they lose the right to do as they like with their own property. Google and Facebook are private-sector businesses, so technically they do not censor; they exercise editorial control over the content they carry on their services, and they have every right to do so.
But I do worry about the power they wield. This is one of those situations where I honestly don’t see a good solution.
Germany or some data center in a remote part of the US: that matters little. You’re focusing on the tangential. The real issues are
Regarding item #2, there is always an element of trust, i.e., they could be lying about that. On the other hand, such lies would eventually out and their business would be destroyed, thus there’s a disincentive to deception. This is the marketplace at work. Think of it as crowdsourcing of business information as explained in the Cluetrain Manifesto.
This is an imperfect world where one cannot be absolutely certain of anything. With Google, we know they are mining your data. With these other guys, there’s a chance they are not.
With companies that promise encryption and privacy at the server level, you’ve really gotta keep track of their ownership over time.
Example: I used to store data using MEGA (created by Kim Dotcom), which used end-to-end encryption. Then it was bought out by a Chinese company. Luckily, Kim Dotcom himself advised users of the ownership change so they would know the service was no longer secure.
I appreciate the information from the inside, the belly of the beast as it were.
If certain content cannot be displayed in one country, does that mean Google has to apply that to users in all countries? It seems like it would be difficult to confine the restrictions to national boundaries. For example, if a US user uploaded some Nazi content that would violate German law, would that document not be sharable or restricted in some other way?
Of course. Security requires vigilance; it’s not for the lazy. Presumably, they lost some business when the Chicoms bought them.
Always remember:
Oddly, Kim Dotcom still links to mega.co.nz on his personal website. Weird.
If you’re worried about privacy, then regardless of what you did after the buyout you’re still at risk. When you click “delete” on a cloud file (or a local file, for that matter), the data isn’t destroyed. A pointer is modified, that’s all. Actually zeroing out the data is rarely done. With a local hard drive you can run utilities that overwrite all the sectors with zeroes or randomness, but you can’t usually do that with cloud data.
Your recourse is basically either not using cloud storage or accepting that there’s no perfect privacy to be found.
Eventually you’re always going to have to trust someone. Say you read what I wrote above and decided to encrypt all your files locally before shipping them off to the cloud. That would mean you no longer have to trust the cloud provider, since they can no longer read your files. But you do have to trust the encryption software. Did you write it yourself? Sure it has no backdoors? Sure it’s actually doing the encryption it claims to be doing?
Maybe you’re an engineer and wrote your own encryption software. Do you fully trust the software tools (compiler, etc.) you used to build it? Read about the Ken Thompson Hack and be afraid. Do you fully trust the operating system you’re running on? (Really? Windows or Apple? If it’s Linux at least you could potentially examine the source code – but fewer do that than read TOS, I’ll bet.)
My personal view is that privacy is pretty much dead. I’m not happy about it. I think my employer is generally fighting a delaying action. But technological forces are just not on the side of privacy.
Anyone who finds it unsettling hasn’t really thought about how Google works. Google is a data collection company. In some cases they provide that data for free* (Search, Maps, etc.); in other cases they sell the data. They collect data in all different ways, and in exchange for access to your data they offer you a lot of convenience. They give you well designed software with a lot of nice features, and in exchange learn a lot about you. We trust (to an extent) that the data will be anonymized and aggregated before it’s used or sold, and basically that they won’t be evil. In my view it’s a reasonable exchange, but everyone should be aware of the deal they’re making. If you store data with Google, you’re giving them access to it. You have a reasonable expectation that your data is not going to be shared with the public, but your data is on their servers and stored on their terms. Caveat emptor.
*Free in the sense that you don’t have to pay directly, although it may cost you time to filter out the advertisements.
Good question – I don’t know. Possibly sharing would be restricted in Germany. Try it and find out! :)
Determining a user is from Germany is actually not trivial, either. We basically check the IP address and geolocate it. But if the user is on a VPN this doesn’t necessarily work. My wife used to work for a company based in Denmark, so whenever she was on the corporate VPN she’d see the Internet from that perspective: Amazon would default to Danish, for example. So if you want to view Nazi content in Germany, you can just use a VPN to get around geo restrictions.
This works for the good guys, too, though. China restricts a LOT of the Internet (the so-called “Great Firewall of China”). But there are ways around it. Google does a lot of good work in this area, providing free VPN access to people in oppressive regimes to get around their firewalls.
That’s exactly how mega.co.nz worked. The file was encrypted locally and then uploaded to their servers.
The service might still work that way, but with a ChiCom owner there’s much less trust that the system isn’t being tampered with.
I might just post a memo that says “Betcha those feebs can’t crack this” and attach a few +10M files containing line noise.
Obviously. That’s already been mentioned more than once. Nevertheless, we are faced with a choice between an organization that admits to intruding on privacy and one that purports not to intrude, with some credibility.
Yes, it’s an imperfect world. What was your first clue? All you can do is maximize your privacy.
It’s not that hard to write your own; I’ve done it just for fun. If you use steganography, it won’t even be clear to anyone that there’s a secret to unlock. Of all the pictures I’ve ever uploaded to this site, which ones contain encrypted messages? How much effort would anyone put in to find out?
The point is this: security is about erecting barriers to dissuade attackers so they’ll move on to softer targets. They need not be perfect. I don’t have to be able to outrun the bear; I just have to be able to outrun you.
It’s extremely hard to write your own and have it be secure.
Again, it need not be perfect.
Do you ever lock your house? If so, do you have a lock that no one can pick? If your lock is not perfect there’s no point in locking your house, amirite?
It’s very hard to install a lock and have it be secure. I mean, the locksmith you hired knows how to get in.
In the world of computer security, yes, it needs to be perfect. Because it’s going to be pounded on by countless bad guys who are going to think of a million things you didn’t think of.
And here’s the catch: they will always find something, eventually. Perfect is not actually achievable. The closest you can get is to have your security implemented by experts who are specialists in the field, and then have it tested and tested and tested (and then tested some more), and then proven by years in the field, and improved by patches when holes are inevitably found.
This is only true for high-value targets like celebs, politicians, and financial institutions. Even among those targets, relatively few have been compromised by technical means. Social engineering and carelessness are the more common pathways. It’s either extremely weak passwords or some HR chick who clicks on a link in a phishing email (Lockheed Martin).
If the situation were as dire as you imply, technical security breaches would be commonplace. This is reminiscent of the Fermi paradox; if those countless bad guys are successfully pounding on everyone, where’s the result of their efforts?
Professionally-designed security systems are broken all the time. WPA2 just had a very public breach last week, for crying out loud.
But hey, if you want to secure your docs using home-brew steganography in your photo collection, be my guest. Most people won’t do this, and IMO would be wise not to.
Sure, but I was describing what is necessary for security. If you’re OK with weak security because nobody wants your stuff, then that’s not security; that’s just admitting that you don’t have anything you need to protect.
It only takes once, which is kind of my point. When you implement your security, you get one chance to get it right. The bad guys then get as many tries as they need to break it.
I agree with you that social-engineering exploits are the bigger risk. My point is simply that if you actually need security — and maybe you don’t — you shouldn’t implement it yourself. You should use proven technology created by professionals, and even then assume that it will be penetrated.
Yeah, I heard about tens of millions of WiFi networks in homes and workplaces around the world being compromised. Or maybe the opposite of that. Hey, I bet there are still plenty of people using WEP without consequence. There’s a much higher probability of your house being burglarized than your WiFi network being compromised.
Look, just because a vulnerability is found, that doesn’t mean it has any practical consequence for the vast majority of people. They are simply not worth exploiting. Jewelry stores and banks typically have better physical security than homes for a reason. Higher-value targets need better security. The president needs a security detail; I don’t. Likewise, a major defense contractor needs better infosec than I do at home for reasons I already explained.
In spite of the security vulnerabilities we hear about on an almost daily basis, hardly any individual is compromised that way. As I noted above, social engineering is the real weakness. A human is almost invariably in the loop. The software than needs a patch is for the meat robots.
I’ve always thought Google works the way you describe, and I find it unsettling. So there.
Google scans the content of EVERYTHING. That’s what Google does. The same technology that allows it to scan and organize the world wide web to provide relevant links in response to search requests allows it to scan your gmails and googledocs. It does so mostly for the purpose of figuring out what advertisements to shove in your face, but there’s no technical reason why it can’t put the scanning ability to censorial purposes if it chooses to. I have no idea if it’s chosen to or not.
Fair enough. Perhaps I should have said “surprising” or “unexpected” instead.
AFAIK we (Google) do not scan your mail or docs to determine your user preferences (which we use as one of many signals for advertising). There was an experiment years ago with showing contextual ads in Gmail, but it was discontinued because people hated it.
In general our philosophy is that search terms are a better demonstration of user intent and interest that just overall user preferences, and hence a better signal for advertising.
None of which is to say that we can’t scan mail and docs. Sure we can – the content is stored on our machines. And we do that for certain things. If you use the Gmail mobile app you might have noticed that we show suggested one-liner responses to some emails (someone notifies you they’re sick and can’t make it to whatever, we suggest: “Sorry to hear it. Feel better!” or “Thanks for the heads up.” or something). The suggestions are contextual.
How you feel about this sort of thing is up to you, of course, but hopefully it’s helpful to hear how it works from an insider.
I don’t know what you do at Google, but I know that when I’ve sent email (I use gmail) about purchasing a wash machine, I’ve seen ads for wash machines. I’ve even seen ads for products discussed on Ricochet. Perhaps Google has changed what it looks for over time, but the phenomena has been noticeable enough over time that I think describing it as just a long ago experiment is not credible.
I use other mail accounts and mail servers in addition to gmail, and I think I’ve seen it with those, too. Maybe I should do some tests to be sure.
Video shared without endorsement, as there’s no way to tell if the guy’s telling the truth, but that being said…
What I’m guessing you’re seeing is something called user lists. The way this works is you search for something, we take note of it, and an advertiser has created a user-list targeted ad that matches your search. Then when you visit a site that uses Google AdSense, we may show you an ad related to what you searched for.
This can be pretty disconcerting. And annoying, because we haven’t closed the loop on it: when you stop being interested in the thing (maybe you bought it), we usually don’t know that and keep showing you ads for it after you’ve lost interest. This is a hard problem to solve, for various reasons.
But I stand by my claim about Gmail. The experiment we did that was discontinued was displaying contextual ads within Gmail. You aren’t seeing that, are you? AFAIK we don’t use email content to determine user preferences. I admit I may not have complete information here, but I do work in ads.
As an engineer I find it fairly hard to believe this claim. It’s not completely impossible, but it would be easy to fake the video or just be mistaken about how the signals propagated.
I know the difference between a search and an email. I’m describing ads that seem to be responsive to email content.