Google has a responsibility, to a limited degree, to turn over to law enforcement anything that they know about abuse that comes through their system. More likely, the trigger for that is set really low as a corporate CYA and to pass the buck. I can totally see Google's point of view on this: We're providing a free* service to you, we're not going to stick our neck out and risk ANY liability of being blamed of storing/harboring/distributing abusive content... we would rather err way over on the side of insane caution and let law enforcement sort it out.
I'd disagree. The rules seem to be either that you moderate and you're on the hook, or you don't and you're not, and you just need to respond to reported abuse. I personally think it would be better if Google acted like a blind medium; like a mailman. We've seen targeted abuse by employees to others they know, and we've seen anonymous, non-targeted abuse through application of policy, like here, and in all cases, because Google has pioneered a cutting edge zero-support system and also employs a large pile of lawyers, there is absolutely no recourse to be had unless you're famous on twitter or know a Google employee.
I worked in a 1 Hour Photo when I was in college. The standing rule we had is that any photos of naked adults were not printed (the customer was given their negatives though). In the case of naked children if it was the typical "kid taking their first bath" it was fine but if there was any doubt we had a manager review it. I think we had to call the cops a couple times (more for passing the buck than making an official decision like that ourselves) but there is/was a policy for things like that.
Why would you assume a crime by default? The presumption of innocence is only a slogan in the US, just like the above mentioned secularity. Look what happened with the guy in this post. You can't even take a photo of your own kid.
The discussion was around prints of naked adults and why stores might have policies to not develop those.
I offered an alternative reason based on the legal landscape rather than a cultural one.
> You can't even take a photo of your own kid.
You missed the part where we're discussing a sub-topic off that story, someone's experience working in a photo store, and the policies in place there.
> Why would you assume a crime by default?
I assume you mean "you" as in a photo store that finds such negatives in a job order, and not me directly?
Because as I said, your liability or even reputation if this isn't from something legal, is not worth the profit made.
I'm an atheist, and I intensely disagree with the sexualisation of everything in our society dressed as a new sexual revolution, and see it as a direct effect of capitalism.
The other day I read something about how society must “prevent the oversexualization of children” and that got me thinking, who will protect the oversexualization of society itself? The answer was obvious to me.
You say that as if there is no other reason to ban alcohol than religious belief, and not like alcohol being one of the most negative societal influences in the areas of human health, crime, public safety, and poverty. Just because humans are so cripplingly addicted to alcohol that banning was untenable doesn’t mean it was a bad idea.
What are you talking about? Which "certain" states? Iran, my old country, may be the 9th largest consumer of alcohol per capita [1,2]. There are hundreds of deaths due to wood-alcohol poisoning every year [3], mostly from people making moonshine from raisins and not being diligent enough to remove the stems, in lieu of access to safe drinking alcohol. I personally know many people who abuse alcohol just to be able to tolerate living under an oppressive theocracy, especially worsened in the last few years due to US sanctions which have made many everyday and essential goods inaccessible.
But it's very hard to find any data (let alone official data) on any of this, because nobody wants to suffer 72 lashes with 0-gague electrical cable at the hands of Iranian police for having admitted to have had a glass of wine or whatever one night.
Alcohol is an aspect of human civilization since per-historic times (as old as farming if not older) and always will be, regardless of what puritan Christians or foaming-at-the-mouth Mullahs might think of it.
Across the board (addiction, alcohol, abuse) any type of "zero-tolerance" "bring the hammer down" policy e.g. a blanket ban on alcohol has always been at best orthogonal and usually antithetical to harm reduction. As someone mentioned in the above comments, nuance is everything in providing support to the vulnerable --- ask any social worker. Religious guilt enjoys no such effectiveness.
(Sorry, two of the citations are in Persian, I couldn't find English sources. Google translate could be a workaround.)
I’ve lost track of how many people in this thread have blamed Christians. Why? Christian’s do not have a ban on alcohol. Where is this idea coming from, or are we just spreading hate?
I’m a Christian and never have met such a “puritan” Christian. Where are these “puritans” that ban things in the name of Christianity? Have you met one or is this hearsay?
Also, in many of the comments in this thread, the word “puritan” is not used.
My comment remains, this comment existed to spread hate, nothing else.
Also what other vices? The word vice generally means bad things so you’re upset that this “group” is giving life guidance? Are you equally as intolerant of a doctor telling people not to drink?
Why don't you petition the government for a redress of grievances and oust them? It's an unlimited right guaranteed by the First Amendment that can remove tyrants without causing harm.
So, according to the first amendment I can just taze the supreme court, and roll back citizens united, and reinstate roe v wade?
That's as batshit crazy as recent assertions that nothing the courts rule can be sexist; after all, women would just run for seats on the supreme court if they cared; they're a majority of the population, after all.
Since the nonsense in the last paragraph actually came from a recent supreme court majority opinion, I'm wondering if you can point to a supreme court ruling backing up your statement.
According to the First Amendment, you have a conceptually unlimited right to write petitions (complaints). Practically, it is limited by the absence of violence during assembly.
There's surprisingly few rulings on the right to petition.
If the local amateur porn producers know that 1 Hour Photo won't print their pictures, then 1 Hour Photo's employees are going to be stuck looking at far less amateur porn.
Sure, but the rule not to print naked adults might be useful and necessary to enforce a rule of "don't bring your amateur porn to this shop, please". Which I think is a reasonable request. Some might not be bothered, but the analogy to sending dick-pics comes to mind.
One example would be protecting employees from someone just bringing in photos of themselves with the sole intent of exposing themselves to the employee, as they have a captive audience.
> Sheila, a clerk at the photo store, flirts with George when he picks up his photos, commenting on a mustard stain that appears in one. He photographs everything, even Jerry taking a screwdriver to his stereo, as an excuse to see her again. A lingerie model's picture is accidentally mixed in with George's photos; he assumes it is a photo of Sheila she inserted as a come-on. Kramer convinces George to return the compliment with seductive pictures of himself.
>The Seinfeld Effect is a phenomenon closely related to the Family Guy Effect (the idea that when a meme is referenced on a popular television show, it dies out). The Seinfeld Effect occurs when a TV show references an in-joke belonging to a subculture (in most modern cases, the Internet) and makes it mainstream, causing the show's viewership to mistakenly believe the meme originated with that show.
>The effect is named after the 1989-1998 sitcom Seinfeld's habit of referencing little-known ideas, jokes, and phrases, such as "Festivus," "yada yada yada," or "not that there's anything wrong with that," and making them extremely well-known through the show's populararity to the point that many have the misconception Seinfeld invented these phrases (for the purposes of this article, 1992 is listed as the meme origin date, as that was when the episode "The Contest" popularized the idea of masturbatory celebacy contests). [...]
>There are certain shows that you can safely assume most people have seen. These shows were considered fantastic when they first aired. Now, however, these shows have a Hype Backlash curse on them. Whenever we watch them, we'll cry, "That is so old" or "That is so overdone".
>The sad irony? It wasn't old or overdone when they did it, because they were the first ones to do it. But the things it created were so brilliant and popular, they became woven into the fabric of that show's genre. They ended up being taken for granted, copied and endlessly repeated. Although they often began by saying something new, they in turn became the new status quo. It's basically the inverse of a Grandfather Clause taken to a trope level: rather than being able to get away with something that is seen as overdone or out of style simply because it was the one that started it, people will unfairly disregard it because it got lost amidst its sea of imitations even though it paved the way for all those imitators. That is, a work retroactively becomes a Cliché Storm. [...]
Thanks. I was wondering if there was a name for this after my teenage kids were rather underwhelmed by the first Matrix film the other night—especially the Bullet Time sequences.
I’ve heard great things about Google Domains but this kind of story is exactly why I probably won’t be using that service. It’s just too risky if you lose everything at once.
Honestly: don't upload unencrypted content to anyone, for exactly this reason.
I have cloud backups of family photos, but they're all through restic or rclone with the crypt filter applied. Privacy is about the right to put yourself in context.
For this type of encryption, I think the password could be “password” and that would be good enough. The primary goal is to frustrate automated scans, not targeted brute force attempts.
That's a problem with very easy solutions, considering what's at stake. Use a paperkey, NFC card, smartcard or even a printed data matrix sheet to store the keys and/or password DBs. The reason why all these aren't popular enough is that people don't consider privacy to be important - until something goes seriously wrong, like in this story.
Sorry, 99.99999% of the general population don't know what restic or rclone is. In fact, I won't be surprised if 90% of software engineers have never heard of them. These things aren't really know outside circles like hacker news.
As software engineers and the stewards of modern technology, we have a responsibility to build tools which enable capability for the rest of the people - particularly in the open source world.
People can't run their own encrypted messengers so we have Signal. People should be provided with interfaces, and advocated too, use cloud services for their data in a safe way.
Yeah, the way Google likely ties your accounts all together a wrong decision on any Google account even if not the same account for your domains could end up having all your domains stolen by Google.
What I'd like to know if if they actually deactivate multiple linked accounts when any one of them gets flagged. I have three accounts, one more for personal things, one more professional, and a third one with my current country as a location for getting local apps in the Play Store.
Google knows I am the same person, even though they are different accounts, so are the two other accounts safe when one of the three gets flagged?
As a basic consumer storing somewhat not important things on Google is potentially risky for the content on it but you aren't paying them anything so its probably worth the trade off. For a business or for something you pay for Google's support is atrocious and its not worth the hassle given all the horrendous failure modes it can put you in. One thing Google consistently is teaching people is do not pay them directly as they don't know how to treat their customers.
I have a larger issue that no one addressed. There has to be some type of special software for the medical profession that allows you to take a picture on your phone that is not stored on your phone and that you send to the doctor.
A specific medical oriented app. I’ve had a few virtual appointments where they ask me do I have an iPhone for FaceTime. I do. But what do they do for Android users? Which one of the ten soon to be discontinued Google video conferencing apps would the doctor use?
I have had a few appointments where they didn't ask me about what device I wanted to use at all, just send me a webex link and had me join in a browser.
Here’s an American one used in the UK. That had a data breach exposing sensitive images. I won’t ever trust consumer computers for sensitive medical stuff.
I’m not saying health care companies are competent. I am saying at least they have legal obligations to try to keep your information secure. Google has no such obligation.
Besides, there is less likely of a chance that a medical app targeted toward virtual care for babies would be flagging parents for sending pictures of their children to a doctor.
During COVID I had a digital gp appointment. It was specifically about some skin issues which is obviously difficult to communicate over a phone call.
They required me to send them photos to the receptionist over plain email - I complied because they weren't particularly sensitive parts of my body however it did make me mad that this was their system for dealing with sensitive health data
> There has to be some type of special software for the medical profession that allows you to take a picture on your phone that is not stored on your phone and that you send to the doctor.
No, you shouldn't have to use some special software to take a picture. Taking a photo with your phone's camera app should never trigger an account suspension.
I wouldn’t want private pictures I took just for a doctor to be synced with the cloud provider. It’s not like any of the cloud providers are HIPAA compliant.
The market leader is a system called Epic. It's like the SAP of the medical industry -- universally kind of hated; but it works well enough once set up.
I'm sort of surprised you haven't encountered it yet (and that the people writing responses to your comment haven't either).
Here's a PR piece about their secure video chat feature. (They also support emailing around photos, and the app has a built in camera, but that's old news, and not in their PR blog reel)
Private and secure are ambiguous terms that mean different things to different people. They're insisting its private and secure because there is some level of privacy and security.
Whether you would consider that private and secure enough, is a different story
> A Google spokeswoman said the company stands by its decisions, even though law enforcement cleared the two men.
Wow. Just wow. This is worse than the usual Google's automated screw-ups. In this case, Google was notified of the issue by the NYT. Yet they actively chose to continue to screw over their victims just because they can.
> In a statement, Google said, “Child sexual abuse material is abhorrent and we’re committed to preventing the spread of it on our platforms.”
Just how tone deaf can Google be, continuing to treat these innocent folks as criminals in this passive aggressive statement even after being proven wrong? Do these people have no empathy at all?
And you can’t even escape these companies by moving to another country. They have their tendrils everywhere, except in places that consciously prevent them - which is usually done by even worse tyrannies like China/Russia.
Always makes me laugh when I see employees of Google, Amazon etc. claiming to be “anti-fascist” and “standing in solidarity with the common man” etc etc…
Well not in all countries. In my country you are required to receive electronic messages from the government as well as to have a government issued ID and authentication system that forces you to have a fairly recent smartphone. For now, it is theoretically possible to use the authentication system without a smartphone but you will have to jump through an awful amount of (artificially imposed) hoops.
Not having an internet connection is NOT an option.
There is a legal process to get a special permit to avoid having to use these state mandated electronic systems but it is almost only theoretically in that you will need to have a doctor's note saying that you are unable to use such systems. E.g., by suffering by severe dementia or similar.
I'm not sure about OP, but here in Iceland having a smartphone with electronic ID built into it is not TECHNICALLY a requirement but life can be very difficult without it. It is the de-facto identification system used by every government service and banking institution.
Afaik mandatory government-provided mailbox is in Czech republic ("datovka") and Slovakia, at least for some parts of population (like enterpreneurs, lawyers, other professions that communicate with state institutions), with general mandatory use coming soon.
They serve the fiction of confirmed mail delivery. If you don't pick it up from this mailbox, it is considered delivered anyway and your problem, if you miss something here.
Governments have accessibility obligations and so their key services should absolutely be usable with something like Chromium/Linux. And it definitely shouldn't be more onerous than using a smartphone.
It is the portal for Slovak republic. You are supposed to have your national ID card, which is a smart card. To use it, you need a smartcard reader and an application, which basically listens on localhost and is kind of a intermediate between your browser, the pages than need authentication and the department of state, which handles IAM.
That application runs on Windows, Mac and Debian (9,10)/Ubuntu (18.04,20.04)/Mint (19.20) (it is not open source). Other distributions are not supported, forget ChromeOS.
It is quite onerous. You have to enter your PIN for smartcard about four times, before you see the content of the inbox.
As someone who's in college and looking/lookedfor internships to do over the summer, postal is literally not an option anymore. Companies will not offer a mailing address to their hiring team at all, and if you send something via mail they will simply not look at it. Also, post-pandemic, most interviews are done via Zoom, so how are you going to do that then? Even if you're in the same area as the company you're applying in, they just will not let you into the building.
New York City, and I don't think it's bad. The effort it takes for me to apply to jobs, and conversely, to approve/reject applicants (according to other people that I've talked to) is easier than having to sort through a ton of junk mail.
People on Hacker News like to propose "just use low-tech!" or "just self host!" often and I don't get how that's a solution. I _could_ spend hours of my day printing out and mailing my resume to companies (if they allowed me to) and waiting days-weeks for my response _after_ they made their decision (during which time I still have to pay bills and have no job) or I could apply with one button on Linkedin and get my response back instantly. It just saves so much time.
Others will say that that's a small price to pay to retain my freedom, which might be true. But what's not true is the other qualities of life that internet and big data affords me. If I don't have instagram or snapchat I literally lose all spontaneous contact with my friends and family. Sure, I _could_ mail them a letter, but with the delay in communication a lot of the intimacy is lost, and we would truthfully just talk a lot less. This, along with a lot of other problems (how do I contact my professor for help after class? go to their house?). Combined with the fact that I would have to be _extremely_ thorough and make sure that my data is scrubbed from all of Facebook/Google/Twitter/Whatever and it's subcompanies, it's just not a real solution. It's actually really annoying that so many are content with infeasible individual solutions instead of advocating for things like pushing against the EARN IT act or the like. I shouldn't have to have a computer science or cyber security degree to be private online - it should be done for me by the government. I don't know what the fuck is in that vaccine (or any medicine I take for that matter) but I can trust that it does me good because of regulations.
Often jobs like those have open houses, especially in todays hiring market. However, as you note, it’s common for follow up and hiring to require, or be much easier with online paperwork.
In some cases Google can only be avoided at a potentially life altering personal cost. Consider how many government services use reCAPTCHA, and what it means to have no access or delayed access to these services.
Elderly and marginalized people do suffer because of restricted access to online services. People who cannot access the web and its services are at an obvious disadvantage in life, and that sometimes can have severe consequences.
> This would mean that elderly people are also excluded from these services.
Having helped my 92 years old grandmother sorting out her tax returns on the government’s website, I can confirm that this is exactly what it means. And it’s the only practical way of communicating with the administration. Most local branches have been closed to the public, and the phone lines are congested all day (and cut you off after one hour waiting, which is always fun).
It is funny how some consider the internet synonymous with Google and the other big players. You don't need to use Google and the others at all these days. So many alternatives abound. The problem seems to be awareness of them. Ask me anything.
>Always makes me laugh when I see employees of Google, Amazon etc. claiming to be “anti-fascist” and “standing in solidarity with the common man” etc etc…
Having had the pleasure of sharing the elevator with said individuals in shared office buildings the "common man" part almost made me lose my coffee.
Yeah, it is obvious from all of Googles actions they have lost the script. We are a long way from the don’t be “evil mantra” and “let’s do this for humanity!”
I really wish it wasn’t so, but when your company serves the advertiser you aren’t serving humanity. The balance is off and which each passing year it isn’t getting better.
I can't fault them too badly for that. I consider myself personally against the horrors that go into gathering the constituent materials for, and the assembly of, computers. This position co-exists with the fact that I, like most others here, derive the majority of my livelihood from Doing Things With Computers, which wouldn't be possible without the computers themselves, which wouldn't be possible without the horrors.
Worse still, I live a provably better life than those of my peers whose youth did not, for whatever reason, revolve around Doing Things With Computers, let alone the far-flung people whose labour provides me with the computers on which I do those profitable things.
What if I use Huawei phone, which is banned from using Google services? Obviously, China will have all my info, but they can't (yet) ban me from boarding US trains for low social rating, so what do I care?
You never know when Huawei or China will start doing something similar. You could do better and not have your data sitting with any corporate or government entity. I love my private Nextcloud running on a Raspberry PI. It syncs all contacts, calendar, files, bookmarks, tasks, notes, phone location, and much for may family's degoogled phones and PC's. Own your data and systems.
If only that were the normal … But we've now allowed multiple generations to be trained by the "big" ISPs to believe that we're not a part of the Internet, but simply consumers of it. Back in "the old days" most people who used the Internet were fully aware that their Internet connection made them a node on the Internet and that they had the ability and right to run personal or even public services on their Internet connection. These days, people don't think that way anymore. It's just a service to be consumed, like television, and apparently it would not exist at all without so much advertising that you often cannot even see the content of a web page at all without an ad-blocker.
And you can’t even escape these companies by moving to another country.
In my personal view the internet became one big country with overlapping laws and government policies and collusion by corporations. Ever so often I use google to see what search results they can muster but otherwise I don't use cloud storage and do not find myself depending on google. For email I try to teach my friends how to use Thunderbird so they can click a button and their email is mostly GPG encrypted.
If I wanted to share files with someone that will not fit in that GPG encrypted email then I plonk them down on a mini-PC or a VM and share them over HTTPS with cache-control headers to reduce risk of file caches or SFTP with authentication. This is just my own preference and I am a stodgy cranky old bastard but if someone decides that basic auth is too much friction then it was not important for them to receive the files. I implement my own data retention and destruction policies. How my doctor or lawyer decides to store the files is up to them. I can only hope they are wise enough to not store things on their fondle-slab. An intelligent doctor should be able to handle basic authentication and/or be able to follow simple instructions for creating and sharing a GPG public key with me.
Or I could just snail-mail them an encrypted USB drive, however a GPG encrypted email should suffice for sending a few little images to a doctor. Some will bring up rubber hoses and wrenches but there are mitigations for such things. Some might even want legislation to to bandage these dark patterns but experience has taught me to not trust that corporations would be held to account at the same level and standards as citizens.
With the flick of a switch, they can deploy this technology to a global scale and way beyond protecting children. Imagine the feature propagating to their Chrome browser or their smart speakers "listening in" on what's happening in your home to "prevent" crimes by sending the cops whenever you raise your voice or say "the wrong things." This kind of power should not be in the hands of a single company.
Unfortunately prisons, which are increasingly private for-profit enterprises, will continue to exist. Think about it: if you're banned from google, how will your body continue to generate revenue?
What makes you think the body is useful? Robots will be able to do everything better, and if not, there'll be no shortage of labour. The body is mostly a cost center. If we strip down the human to a mind in a box it's so much cheaper (and no need for guards either!).
Well, you are correct in the sense that only the consciousness needs to be incarcerated in order to sustain the profit model, but:
(a) compute cost for uploaded brains is probably more than the cost for the pig slop and water/sewer bills of current model. Recall that prisons right now almost never have AC. If you're going away from corpses, you'll have to pay for that.
(b) Cost of caring for the physical body has pretty much been solved by the markets. The customer has a social network that sends money in and pays transfer fees. This network also pays per call and email. Then the customer purchases food and clothing at monopoly prices, since... it's a captive market! Just imagine the ARR hit when people stop eating.
Of course, uploading wastes precious computing resources. Which is why I was considering not uploading them, just keeping a brain in a vat. We can still charge them for nutrients, calls and VR time, but avoid all those pesky bodily costs.
Reminds me of another "Social Media Corp Gone Bizarrely Crazy" plot that I read recently, The This, by Adam Roberts. You won't anticipate how Crazy the social corp in question goes till you're halfway.
Google isn't a government entity, it's a private company. Had there been more restrictions on what tech corporations (and corporations as a whole) could do, power could have been limited by the concentrated power of government. The issue here is that Google can dictate how we live our lives so heavily without any of its users having a say on how Google and its services should be run. The promotion of Laissez-faire capitalism here in the US promoted Google's growth into it's current position.
One option is that companies with sufficiently widespread services can't close your account or block you without due process. And restrict the ability of a ban to spread between services of such a company.
Anti-trust laws, regulation on how to handle criminal activity on their platform (transfer detected pornography cases to law enforcement and allow them to decide what to do with the person and its related accounts. Google should not be handling something like this), and other privacy laws? I don't get why you tried to make this gotcha, this isn't a stretch by any imagination - the auto industry is incredibly regulated in the US and that's working well. Or just look at the privacy laws in the EU.
I’m looking at the 99 section 11 chapter privacy laws. How has that affected Google, Facebook etc?
We know what effect affective privacy policies have - the ten line policy change on Apple App Store has caused all of the ad supported platforms to announce falling revenue. The GDPR has only caused cookie pop ups.
So we should shame all the users of Google products, in this case? I'm not sure that shame really works like that and especially when (I assume) there are billions of people using the same products. There's a somewhat lower number of entities controlling the company -- maybe a more effective target.
Plot twist: (maybe) Xyz is (not) an (un)ethical company, so we should establish some sort of authority on ethics with a malleable but firm framework to guide the consistent -- and proportional to the unethics in question -- application of shame to the people using the products.
Anti-trust laws are enforced by the state, which is a legitimate concentration of power.
Unfortunately the state has dropped the ball about anti-trust, thanks to stupid economic theories from the Chicago School of Dumbfuckery. Those are the main culprits for the shit we're in.
If the government allows them to become a virtual monopoly/ doupoly, then it's possible one could see the abuses as indirectly government sanctioned. At least in so far that the company has integrated automatically with the law enforcement flow and that integration has flaws that will lead to the same sort of undesirable ham-fisted authoritarian enforcement. It also allows the government bypass search restrictions by simply buying your data.
So perhaps fascism doesn't fit perfectly, but it's pretty damn close in my opinion (especially if you use definition 3 by Wordnik "Oppressive, dictatorial control").
>So perhaps fascism doesn't fit perfectly, but it's pretty damn close in my opinion (especially if you use definition 3 by Wordnik "Oppressive, dictatorial control")
Few to none of the loudest users of “fascist” describe Cuba, Venezuela, or China with the term according this definition. Can only conclude the definition is given in bad faith, and used by people with a silent exception for “states and organizations I find ideologically appealing.”
At least to me, it seems quite appropriate to characterize the autocratic merging of government and corporate power as "fascism". Yes, it's missing some specific trappings of the original fascists, but definitions adapt and widen over time.
In fascism 1.0, singular authority vested with the head of government who then subjugated every other institution under the government. In fascism 2.0, power consolidates from the bottom up as corporations weave themselves into our individual lives, merge and collude with each other, and expand their scope in a way that subsumes existing institutions including the existing government.
It's not the same, but it rhymes. Each version seems to be heading towards a similar end state, but coming at it from a different direction. The distinction seems to be the same distinction as between totalitarianism and inverted totalitarianism. Maybe we should call it inverted fascism?
That seems more fitting. Authoritarian seems also very fitting and fits the definition of limiting options for civilians in favour of the state/or it’s organisation.
Moreover, there is evidence that Google (along with Twitter and Facebook) frequently take actions to suppress opposing views on behalf of, and in collusion with, one side of the US government, including removal of information from one side and amplification of misinformation from the other.
In some cases, it conforms more to classical fascism than many realize.
That said, in this particular case, I’m still not sure it applies.
When it comes to stopping the distribution of child abuse material, there’s no reason to believe that anyone’s acting in bad faith. We can certainly see where they have everything needed to do so (access to people’s personal data, ability to mobilize law enforcement, and a relationship with government that is amenable to suppressing criticism as “dangerous”).
But in this specific case and others like it, we actually see that law enforcement did their job - they did not overreact, they investigated as appropriate, and nobody was charged.
Google continuing to be a dick about it and holding someone’s account hostage isn’t exactly fascism yet, but it is a great demonstration to people how easily big tech can become weapons of fascism, and why it’s important to opt out of centralized big tech (while they still have the chance), to discourage public/private collusion, and reason to support efforts to keep their powers in check, the same as they would any government.
> Moreover, there is evidence that Google (along with Twitter and Facebook) frequently take actions to suppress opposing views on behalf of, and in collusion with, one side of the US government, including removal of information from one side and amplification of misinformation from the other.
This is a highly loaded paradigm, carrying an extremely misleading framing. From my perspective, US corporations and US government are indeed colluding, against an outside attack trying to tear them down to replace with a different power structure. I've had no love for the US power structure and have myself often wished to wholesale replace it, but the vision that attack is offering is so regressive that I've become extremely conservative for the time being.
> no reason to believe that anyone’s acting in bad faith
Of course nobody is acting in bad faith. Bad faith actions are decently punished by our society, so the structures that have built up operate on good faith, and produce constructive bad outcomes in spite of it.
> but it is a great demonstration to people how easily big tech can become weapons of fascism
This feels like it's missing the ultimate dynamic, by falsely asserting that fascism can only flow from the bona fide government. Whereas actually, Google's actions within Google's currently-limited sphere of influence are fascist in nature, and that sphere is growing. As I said, "similar end state, but coming at it from a different direction".
> it’s important to opt out of centralized big tech
I wholeheartedly agree, which is why I think it's important to describe the fundamental dynamics of these centralized surveillance companies before they have grown to be truly all-encompassing. Even presently, using Google is a mandatory requirement to interact with many government services (Recaptcha), and the more you make yourself known the Google the fewer roadblocks they hit you with. It's not a stretch to think as non-Google browsers ramp up their surveillance protection, that logging into a Google account will become default mandatory to pass such checks, giving Google account status the bona fide force of law.
This quote is taken out of context FYI. Here is the full version:
"The word Fascism has now no meaning except in so far as it signifies ‘something not desirable’. The words democracy, socialism, freedom, patriotic, realistic, justice, have each of them several different meanings which cannot be reconciled with one another. In the case of a word like democracy, not only is there no agreed definition, but the attempt to make one is resisted from all sides. It is almost universally felt that when we call a country democratic we are praising it: consequently the defenders of every kind of régime claim that it is a democracy, and fear that they might have to stop using the word if it were tied down to any one meaning. Words of this kind are often used in a consciously dishonest way. That is, the person who uses them has his own private definition, but allows his hearer to think he means something quite different"
Nope, the final call was made by NCMEC. The article is a bad one, didn't highlight how the process works. And it's a federal law that google is obliged to follow.
This is at best authoritarianism or corportatism not fascism. There is no ultranationalism, there is no "othering", there is no enforced hierarchy of individuals.
That's not what fascism is. Fascism is hyper nationalism where everything is done in service of the nation state. Private entities only exist insofar as they are extensions of the state.
What you're describing here is more like a cyberpunk corporatocracy, where corporations hold so much power independent of the state, that they are able to exercise their own arbitrary decisions extrajudicially, while still maintaining so much power over people so as to completely control their lives.
In fact, here you can see that the person was exonerated by the state but punished by the corporation. In fascism, nothing supercedes the state.
The article mentions two independent instances of this process within Google, where appeal is not possible even with a police report that completely exonerates the suspect.
It sounds to me as if a class action lawsuit is the most appropriate remedy for the unfortunates who are caught in this predicament. Their only problem is finding each other.
For the rest of us, it is unwise to use cloud storage for photos, for several reasons.
Could you please stop posting unsubstantive comments to Hacker News? You've been doing it a lot and we ban that sort of account because we're trying for a different sort of forum here.
They don’t block CSAM because “it’s illegal” - in fact, they can’t be forced to do it without it breaking your 4th amendment rights. Instead, all CSAM reporting and blocking is done at-will by these companies, and some don’t participate (Apple[0]), so it’s a policy decision by these companies.
I imagine unblocking someone due to them being exonerated by a government entity is legally risky - perhaps doing so would be considered enough proof/evidence to deem the entire CSAM scanning practice as a search/seizure at the request of the government.
0: https://www.hackerfactor.com/blog/index.php?/archives/929-On... • “ According to NCMEC, I submitted 608 reports to NCMEC in 2019, and 523 reports in 2020. In those same years, Apple submitted 205 and 265 reports (respectively). It isn't that Apple doesn't receive more picture than my service, or that they don't have more CP than I receive. Rather, it's that they don't seem to notice and therefore, don't report.”
With FOSTA/SESTA, Congress found what appears to be a highly effective 1st/4th amendment bypass: companies do not receive section 230 immunity for “sex trafficking” material. The government doesn’t say “thou shalt delete,” it just makes companies civilly liable for whatever happens on their platforms, which could be a death sentence at their scale. This has been overwhelmingly effective at censoring anything that even looks like sex work, no matter how consensual. If the intent was to continue protecting human trafficking cartels from modern competition while proving a viable means of censorship, it has been overwhelmingly effective.
EARN IT threatens to expand this to CSAM. Meanwhile, anti-CSAM legislation continues to develop in other jurisdictions, and being global entities big tech companies are exposed to that risk. Hence why Apple published explicit plans to actively scan (albeit locally on-device and with creative use of cryptography to soften the blow) for CSAM on their devices, and integrate with NCMEC. They’ve shelved this for now, but made it clear that they’re not done with this concept.
Big tech dreads the loss of their liability shield, and these measures are an attempt to stay ahead of the policymakers. It’s not as free a choice as it may appear, and the federal government does not appear restrained by the constitution here.
I’d hazard to guess that the nuance is how they process data.
Google actively inspects and analyzes data, and does so with their cloud services. Microsoft does as well. They have a reasonable means to know that a user has problematic content. Other services that sync but don’t process data do not.
In many US states, you are legally compelled to report child abuse and are subject to criminal sanction. In New Jersey it’s a misdemeanor for anyone who fails to report child abuse. In New York, mandated reporters are compelled to report and have criminal and unlimited civil liability if they do not (and immunity from liability if they do).
For a company like Google or Microsoft, the risk assessment is very complex and the smart, and arguably the morally righteous move is to report.
This isn’t Google being “evil” just incompetent. During their entire history, they’ve had one successful product - advertising.
No Android has not been a financial success. It came out in the Oracle trial that Android had only made Google $27 Billion in profit from its inception through the trial start date.
For comparison, Google pays Apple a reported $14 Billion a year to be the default search engine on iOS devices. Apple makes more in mobile from Google than Google makes from Android.
Google has never been focused on the end user like Apple, Microsoft and Amazon. All three of them live and die by customer service. But Google could care less about the end user.
Microsoft has never cared about end users either. They of course focused on them, but only as far as how much money they could extract, and that didn't mean keeping them happy. The customers were locked-in to their monopoly OS, so why would they care about customer happiness?
Android has immeasurable value, by way of ensuring Google didn't get locked out of the mobile ecosystem. What happens to Chrome's market share without being a default on one of the most used operating systems in the world? How about Google's traffic data for Google Maps without billions of devices they own reporting in every 60 seconds?
Android's value may not be easy to measure, but it's worth in building and maintaining Google's moat positively boggles the mind.
Google is locked out the ecosystem of people who actually have money to spend. How else do you explain how they are willing to pay a competitor $14 billion+ a year?
It doesn’t matter that Android is running on a bunch of $100 phones where they are getting a low ARPU. The Oracle trial showed how little profit came from Android.
Who do you think business would rather target iPhone users or Android users?
> How else do you explain how they are willing to pay a competitor $14 billion+ a year?
Obvious that they have more than >14B+ value extracted out of their competitor's ecosystem per year? I am not sure if you are aware of this or not but when Apple screwed FB with all the anti-tracking changes, there was one notable exception - the browser. Guess who benefited the most? All the ad dollars, which used to be spent on FB and other user-targeting based ad products, are now being diverted to search ads. Just read Google's earnings report - YT revenue declined while Search Ads revenue shot up.
> Who do you think business would rather target iPhone users or Android users?
Think 2-3 steps ahead. How do businesses target users? Via ads in a significant way. If they cannot target iPhone users anymore based on user data, what do you think they will use instead? The next best thing they know - Search Ads. Btw this is why you will Apple and Amazon's ad revenue surging as well.
What I am saying that it is at most a Pyrrhic victory that Google only managed to statistical capture the 30% poorest demographic and still has to pay its competitor to keep from being locked out of being able to reach the highest income demographic.
On top of that, Google doesn’t even compete in the worlds largest cellphone market - China. Sure most phones run “Android”. But without any Google services.
I have money to spend. What's your suggestion as an alternative to Android that isn't an Apple product (something I have no desire to have any more of in my life)?
To be fair, users of many internet services exposed themselves. The warnings about that were loud and clear. I don't know if using their free service counts as a formal business relationship, that might make recourse more difficult. I think the service provider has the right to close any and all relationships unilaterally.
What's the incentive for Google to EVER give the accounts back? If they wrongly deactivate an account (like here), you get a bad article, EFF and friends ruminate about your behavior, and the world mostly moves on.
If Google wrongly gives an account back, you get a different article: "Google helped child pornographer even after discovering CP in their account". Now that gets attention. That's a scandal that leads to political action, criminal charges, etc.
To be clear, I'm not advocating for how Google behaves. They're a lot more like a utility and probably should be treated like one (alongside the protections and requirements that come of a utility, you don't hear "eletric company stopped serving house since man suspect of CP lives there").
For the responses saying "Well the police cleared them", again I don't disagree. But if you're an executive making this decision you're thinking:
1. We never give back an account in this case and avoid the massive downside risk
2. We go through a lot of work to design a process that will impact a marginal portion of customers and really really hope nobody manages to social engineer themselves past, and pray that no enterprising news outlet/politician tries to make the "Google helped CP person recover their CP story" - they already have a target on their back.
Employees of this office are very small and delicate, deserve protection from local pervs. Better a thousand innocent men are locked up than one guilty man roam free.
If due process was followed, and the police / state exonerated the parents, I don’t think anyone would blame Google for reactivating the accounts. They’d blame the police or whatever flawed exoneration process was used.
At least, that’s what I’d hope.
Google here looks even worse than I thought possible, and I’m a de-Googled, anti-fan, so I already had a very dim view of them.
What if the police don't feel it's interesting enough yet (or don't have funds) to investigate and put things on the backburner for lack of resources? Similar to the mountains of unprocessed rape kits.
These are interesting cases but it seems like they happen to be ones where the police bothered do anything.
In what world would Google receive criticism for giving back accounts to people who has been proven innocent?
Google's surveillance system and automated ban hammers are already bad enough. But the actions they took following the ban in this case is egregious and 100% indefensible. At the very least, Google could've reinstated their victim's account and issued a full sincere apology upon being contacted by the NYT. If Google has any care for their users, they'd do that for every people they wrongly reported who had their names cleared. Instead, Google doubled down, continued to treat their victims as criminals in their statement, and even leaked details about intimate photos in a blatant attempt to discredit the users they wronged.
No parent should ever have to go through what Google has put them through when trying to cure their child. Most of all, they should never have to risk losing custody of their child because their child went sick. They should never lose access to their whole digital identity because they didn't know any better than to rely on Google. Yet this is what Google did to these parents, full stop.
>> If Google has any care for their users, they'd do that for every people they wrongly reported that had their names cleared. Instead, Google doubled down, continued to treat their victims as criminals in their statement, and even leaked details about intimate photos in a blatant attempt to discredit the users they wronged.
Google's users are advertisers. Ordinary people are data sources and ad viewers. Android phones and Chrome are for collecting data about people and showing them ads.
Google doesn't care about losing two data sources and ad viewers.
I edited my comment on this point and largely I agree, but as far as anyone in Google's position is concerned:
1. This is a rare edge case with asymmetric risk and an easy way to avoid said
2. A single failure could be catastrophic
3. No process is perfect especially in the face of someone actively trying to thwart it
You could try really hard to make sure it's not attackable and pray, for little benefit to Google. Or just tell people "too bad, you're on your own".
Even if this processes was assuredly bulletproof,
> In what world would Google receive criticism for giving back accounts to people who has been proven innocent?
The sort of drivel/clickbait that gets published to 'make a good story' is astounding. Or politicians, not known for honesty, could totally play this up if their base has an axe to grind against Google.
No giant corporation (especially publicly traded) is going to take such risks to revive a few wrongfully terminated email/photo accounts unless they have an obligation to (i.e. should Google be a utility). Their responsibilities aren't to be nice, or act in a good way, but to protect their profits. To the extent that I've seen corporations 'act nice' it's largely been to benefit their own employees or pursue some pet cause of an executive.
(Your use of "full stop" suggests you're not American either - so I'll rephrase, "is proven innocent a thing in any English speaking country"? I actually don't know...)
Google is not anything like a “utility”. A utility has a natural monopoly because of the effort, expense and disruption that is required to lay down the infrastructure and the need for scale. There is no product that Google has that you can’t and shouldn’t pay for a competitors product.
What do you think is the ratio of innocent to nefarious pictures of naked children Google encounters in aggregate?
This is relevant to how outraged one should be by this story. I think it is probably > 1:100000. As such, probably not much outrage is warranted, although it’s obviously not great for this one guy.
Somehow I think there more parents who sometimes need to take a photo of their naked children than there are paedophiles.
Or at least the ratio is clearly not 1:100000, maybe more like closer to 1:10.
You would need statistics how many times google have reported police and how many times it have turned out to be a false alarm. Does google even keep record of false alarms? Most likely they don't to avoid responsibility.
I'd expect it to be a lot lower than 1:10. All parents have nude children at some point, they're sort of made that way. The number of pedophiles is higher than anyone wants it to be but it's not 1:10 the number of parents or they'd be a voting bloc. Probably 1:10000
Wow, I'd guess the opposite when we consider the base rate. Seems like a classic Bayesian problem.
It's fairly normal for parents to take pictures of their children naked in the bathtub/at the beach/ camping/etc.
Conversely, I'd expect actual pedophiles and CSAM producers to be really quite rare.
So even a relatively low base-rate of normal parents with normal nude photos would likely dwarf CSAM upon detection.
So, if we say 1/100 are pedophiles, and 30/100 are parents, and of the parents 10% have such photos, the ratio I'd expect without getting into detection rates is like 3:1 in favor of normal parents.
> It's fairly normal for parents to take pictures of their children naked in the bathtub/at the beach/ camping/etc.
And what I understand is that each of these private photos of their children that parents take on an Android phone with Google cloud enabled gets specifically flagged to be shown to a stranger working for Google.
This quite the insane realization, and it needs to be shouted from the rooftops every time the encryption "debate" comes up. Authoritarians browbeat us by overstating the diffuse possibility of harm, while whitewashing the effects of their own actions. Meanwhile their actions create centralized, institutionalized, inescapable harm - specifically here, creating a ripe target for pedophiles to remotely creep on everyday families just trying to go about their lives.
What's more a "professional" CP distributor would at the least encrypt or compress their photos, and probably not even use Gmail, maybe use a hijacked cracked account.* So that would lower the "true" positive rate even further.
*In fact that seems like it could be an effective form of extortion or swatting. Someone with access to your credentials could (threaten to) send CP over your account and ruin your life. Or destroy a small business.
If the types of photos you mention were getting flagged as per the case in the article, we would be hearing about a lot more cases. The case itself involved a medical photo, not smiling children at the beach. As such the denominator you use isn’t relevant here.
There is a lot of child pornography in image sharing platforms. Facebook, which reports most reliably, had 20 million CSAM reports in 2021, and that’s photos posted to a social network or sent via messenger, not even in private albums. As I understand it CSAM is more focused on reporting re-uploads or transmission of known abuse material, rather than new material. So I still maintain that if we take the type of image referenced in the article as the denominator, vastly more of such photos would be child abuse material. Granted, 1:100000 is too high, I would revise that down to 1:1000.
Some fair points, but I have a couple of counter points...
One, We really need to know the base rates and false positive rates to reason well here.
Two, I think you'd also need to consider the number of people and number of photos. So like, a photo can be considered a trial, OR flagging a person can. I would imagine a given pedophile has a large number of CSAM photos, but there are few pedophiles. There are however lots of normal parents with fewer photos that might trigger a false positive, but because of that base-rate issue, even if the probability that a given photo is falsely identified as CSAM is quite low, the probability that a given person is falsely flagged/reported may NOT be low.
I’d put pretty good money on almost every family having pictures of their naked kids doing some shenanigans. I know I have those pictures. My parents have those pictures of me and my sister. Quite a few, as I seemed to enjoy trying to run about naked…
Bill Waterson somehow managed to sneak watercolor paintings of a naked little boy into every major newspaper under the guise of being a “comic strip”— the perv.
A lot of people don't, specifically because they are aware of the tremendous risk of an insane government or corporation ruining their life over innocent behavior.
Dare I say that it is a peek into how Black people feel when they go out in public to do...anything.
If it wasn't clear, people aren't objecting to the use of automated tools to prevent crime. It's that there is absolutely no avenue of appeal or review against it even if the law enforcement exonerates them and a big news media reports it.
Google has inserted itself into almost all spheres of digital life by hook or crook. It's practically difficult to avoid them in many services - especially email. And now they play judge, jury and executioner. I don't understand any of these are acceptable, much less justifiable. The old argument 'think of the kids' used to justify digital authoritarianism is such a cliché by now.
Well as a data point I have pictures of my children naked. As another data point my parents have photos of me as a child naked, and as a third data point my grandparents have photos of themselves as children naked. Whereas I don't knowingly know any paedophiles.
I’m amused because it’s a microcosm of the actual problem: it’s probably the default response to anything that has to do with child sexual abuse material, given without thought to context or circumstances, with too little review. But hey, I guess it’s Google’s official position that this dad is a child pornographer ¯\_(ツ)_/¯
I suppose it’s defensive behavior. If they admit their mistake now then they could potentially be liable for the damages caused by their mistake years ago. Now any lawsuit would need to determine if there was an error and harm instead of just quantifying the harm.
I’d like to contribute to a crowdsource fund to prosecute cases like this.
When I was a kid the Comic Book Legal Defense Fund [0] was set up to pay for lawyers to defend comic book stores that were being targeted by over eager police departments and civil suits.
Maybe something like the Google is an Asshole Legal Defense Fund could collect donations. The article mentions $7000 as the cost to prosecute this persons case. Crowdsourcing can help with that.
7000$ is a pitance. Maybe this case is simple, but many will not be. Say they raid a house and confiscate a hard drive. Encrypted or not, that is going to be a huge thing. Arguments will be made about whether anything incriminating was stored on that drive. Just google the cost of a forensic expert witness. Both sides will need one.
Such costs are actually why so many police agencies are backing off of CP investigations. They still prosecute where evidence is clear, such as when someone emails such material openly, but they arent willing to invest the tens and hundreds of thousands of dollars necessary to handle the complex cases involving encrypted communication/storage. 7000$ would be a bare minimum for only the simplest of legal defenses in the simplest of cases.
You've got that switched around. No charges were filed against him. So he would have to commence a suit against Google. Google would be the defendant and he would be the plaintiff prosecuting a claim.
Which to be fair, the guy lives in San Francisco. It isn't that hard to file a small claims case. I understand that there may be some legal nuisances involved, but just getting the attention of the legal review team that will have to show up to defend the case is usually enough to get them to evaluate a matter beyond the algorithms. I don't think it is fair, but is much quicker and cheaper $7,000.
What would be sought is return of property which small claims courts do have the power to enforce. A case trying to change the laws to force a company to provide services to you against their choice, with some exceptions for discrimination due to protected classes, would easily cost millions and is pretty much dead in the water from the get go. If the property value is assessed to be more than $10,000 then by all means seek relief in another court but note Google wouldn't be able to have a lawyer represent them in small claims..
If Google has to choose between sending an executive to small claims to defend the company without representation or try to resolve a dispute via settlement, they are likely to try to resolve it via settlement which is the type of relief this individual appears to be seeking.
I don't see any information about this team of non-lawyer legal experts when doing a quick search, but regardless non-lawyers with legal training are usually still pretty expensive. Again, they are much more willing to listen and actually try to resolve an issue than first-response algorithm defenders. Most small claims even require mediation before trial, so if you don't get it settled before then you can just request dismissal without prejudice.
He could probably find a lawyer willing to take the case on contingency. A jury might decide that he deserves millions in punitive damages and courts are probably the only way to force a human at google to provide support.
I am not saying it is right, but to a large degree this is the cost that some of us 'pay' for millions having 'free' Gmail/GDrive etc. Fully automated processes that close accounts, no due process to get them timely reinstated when the machine made an error.
You are correct, if they admit a mistake here, it will open the doors to lots of claims. I sometimes think they could a lot of people to pay for the service (with $ not just having their digital lives being harvested) if they knew to be treated better when something like this happens.
The question everyone needs to ask themselves, if Google closed your account right now, for good - what would that do to your life...
> Just how tone deaf can Google be, continuing to treat these innocent folks as criminals in this passive aggressive statement even after being proven wrong? Do these people have no empathy at all?
They don't care a single bit about the effect their actions have on others. They only care about having to build a system, which can distinguish such cases from actually criminal ones. Because that wouldn't scale and would be bad for business $$$. So they try to turn and twist the image in the light of the public, that it is "right" what they did, so that the public does not cry out and demand change of their systems. Empathy doesn't even enter the equation for Google.
> They only care about having to build a system, which can distinguish such cases from actually criminal ones
There are only two ways to actually do that:
1) Make Google's policies 100% subservient to the United States legal system, which would look a lot like the "corporate / national lock-step unity" one sees in actual fascism
2) Google build its own court system, independent from the United States court system but with equivalent power
How about just saying in hindsight: "Hey, we were wrong! [Yes, it's possible! The allmighty Google can be wrong! Newsflash!] We are sorry, these things happen with our automated systems. Person XYZ is completely not guilty of our accusations and we will revert all actions taken from our side. It is in the nature of things, that these cases are difficult to distinguish, without information about the child as well as the parent and we need to stay vigilant about pictures of children being uploaded to our services. Please accept our apologies."
Instead of going: "Nooo! We were still right! We don't care what others say or what facts were found out!"
So I am thinking you are painting the scenario a bit wrong here, saying, that there are only 2 options. An honest apology and actions to make up for ones mistakes can go a long way. Of course I would not expect Google to act that way.
I've said it before and I'll say it again: Google now has enough power that it has effectively turned into a globalist government, a government you did not vote for.
> In a statement, Google said, “Child sexual abuse material is abhorrent
I love the use of the disclaimer "sexual" here, to make it clear they don't care about other types of child abuse (like interfering with access to health care, which Google is clearly guilty of in this case...)
controversial opinion: as much as everybody knows that China isn't exactly championing the western way of life and western democratic standards, I keep my private files in a Chinese cloud (backups are kept private in a NAS in my house).
Why?
Because they are not in contact with our authorities and, frankly, the chances my private files will be of any interest for Chinese authorities are close to zero.
Not that I have nothing in particular to hide, but as this example proves once again, if life damaging mistakes can happen, they will happen.
Please explain why this is different from traveling to any other country.
I haven't been to the US since they made it legal for custom officers to search travelers' personal electronics without a warrant and deny entry if you refuse, because, thanks but no thanks.
> Criticize the US President all you like on every social network: not a problem.
given that this [1] already happened in my country, and also this [2] also happened (just to name a couple) and nobody paid, that there are 13,000 American soldiers on my Country's soil and that this [3] man has been POTUS and is probably running again for election, I wouldn't say "not a problem".
US could reach me at my house if they wanted to, OTOH PRC can't do much.
Here's an example of a chinese Univerity of Minnesota grad student that tweeted Winnie the Pooh (among other things) while in the US, and was later imprisoned in China for it:
I don't support China methods, but mocking the president of your country in public, from abroad, when you know what your Country is is capable of is not a smart move, ever.
It happens everywhere, different solutions, same goal: censorship and setting an example.
IIRC both Cambodia (2012) and Thailand (2014) extradited TPB founders. Thailand case was already convicted for "aiding copyright infringement" (ie. pissing off a cabal of private companies) and had skipped bail, nabbed crossing inbound from Laos. Cambodia case was unconvicted and the countries had no extradition treaty, but they nabbed him anyway. Possibly because of alleged Wikileaks affiliation. Democracy in action.
In a recent comment thread I noted that my father’s generation went from fighting a bitter war with Vietnam to Apple building MacBooks there. My grandfather landed on D-Day and drove Volkswagen Beetles for most of his life.
None of us know what will happen in the future. China could become a close ally. They’re already an existential economic partner.
The only path to real privacy is personal sovereignty. If you don’t control the data it is public. Period.
I am your of the same generation of your father...
My grandfather was already 40 years old when D-Day landed.
> None of us know what will happen in the future
It's safe to assume that it doesn't matter.
You could die tomorrow, so why are you worrying?
> If you don’t control the data it is public
Unless the network is firewalled by Chinese government...
Safety is not about paranoia, but about layers.
car alarms aren't there to make it impossible to steal your car, but only to make it inconvenient for the thief and convince them to steal someone else's car.
At least is an entire Country that will blackmail me, must think I am really important, not some rando that hacked iCloud to find celebrities boobs and post them online...
> Just encrypt your data rclone would do that.
yeah, but rclone is an offline backup, basically.
cloud storage is for when you need immediate access and search capabilities.
Maybe not you specificially, but for example in the U.S., there are over three million people with security clearances. That's a large pool for an adversary to choose from. Maybe all an adversary needs for one particular mission is to identify a janitor at a facility, go through some of their content to find a nude selfie that they might be embarrased if their family saw, and the adversary says, it would be a shame if your friends, family, and coworkers saw this, just prop open this door, it's just a door...
And there are a million more people who don't have security clearances and work at companies such as Alphabet, Meta, a datacenter, Boeing, etc.
> Maybe not you specificially, but for example in the U.S., there are over three million people with security clearances
it's private files, not secret state information.
things like my address book, SMS (mostly inbound alerts, nobody sends them anymore), WhatsApp backups (which are encrypted) or pictures I took with the phone's camera, nothing compromising.
I'm glad you're not blackmailable. Many people are. It's a national security threat for people with secrets to have those secrets compromised by a foreign power. E.g. it's discovered that someone working with classified information is having an affair. Big vulnerability there if a foreign government happens to have access to what goes on with a dating app.
Exactly, which for some people contains content that you could blackmail them with.
> pictures I took with the phone's camera
I'm glad you don't take nude selfies, or cheat on your spouse through SMS, etc; but others do, and that potentially makes them susceptible to blackmail.
What if, instead of money, the blackmailers asked Jeff Bezos for access to some AWS servers. He most likely is not the only CEO that took nude selfies and can grant access to sensitive areas. What if, it was pictures/information from before someone knew any better, had access, or were famous.
You mean like that time when the NSA got Yahoo's CEO, Marissa Mayer, to bypass multiple legally-mandated data access controls and deploy an email scanner over the objections of senior leadership?
This is the same situation with "private" search engines.
Your search query is ironically less likely to be shared with government if you are using Yandex, than with DuckDuckGo that is hosted by Microsoft (before it was even Amazon).
TBH my worry in this sort of setup is China cutting you off. Say tensions increase and the CCP throws down a decree that says all Chinese sites must block themselves from being reached by the US/Western Countries.
> Because they are not in contact with our authorities and, frankly, the chances my private files will be of any interest for Chinese authorities are close to zero.
The problems that befell the fellow in this story were not due to Google being in contact with the authorities. The authorities unobtrusively investigated, determined that the reports were false positives, and closed the case.
If all Google had done was contact authorities he would have never even known that he was investigated, and there would have been no impact at all on his life.
China has bans in most of the same categories that the US and other western countries do, but typically broader (e.g., they broadly ban pornography). If ISPs there are on the lookout for things China bans you are probably more likely to have a false positive there than with a western ISP.
The question then is a Chinese ISP more likely to overreact on a false positive than a western ISP? I believe China is more likely to hold a business responsible for the bad acts of that businesses customers, which I expect would lead to Chinese businesses being more likely to overreact.
That's an incredibly bad idea, you are exposing yourself to a lot more risk, than using a western cloud.
They are not in contact with our authorities, until they decide they want to. It's not like you are a Chinese factory owner making counterfeit wranglers, I doubt they would deny any kind of request from a western government about a westerner.
Your access to the service is also under risk, at any time there could be a breakdown of relations leaving you unable to pay for the service, that would have happened already, if you had chosen Russia instead of China.
Your behavior also looks suspicious to the western intelligence apparatus. Sending potentially terabytes to Chinese servers as a private individual may very well put you on their radar.
As others have noted you are setting yourself up as a prime candidate for an intelligence asset, they could at any point blackmail you to perform any action they want.
With what would they blackmail you? The terrabytes of CSAM they could at any point plant in your account. Do you think they would be above doing that, if they had anything to gain and were aware that you exist? Or do you think your Chinese provider would require a court order to give you up? Your entire bet is that they don't know that you exist.
My main point as advice to others mostly is you shouldn't put your self in the hands of your adversary.
I don't even know how you trust their software to run on your system.
I’ve heard too many things about how non existent Google’s customer service is to ever trust them for anything critical. You hardly ever hear stories like this from any of the other big tech companies. I’m excluding FB, because I don’t care about FB enough.
So I can walk into one of 272 Google Stores in the US and talk to a real person about any Google product I pay for like I can with Apple?
I can depend on Google to support a Google branded phone I bought in 2013 with security updates 8 years later like an iPhone 5s user could or with operating system updates for a phone I bought in 2015?
The original poster couldn’t get anyone on the line about a Google account. You can call an Apple CSR about an iCloud issue.
"Apple announced plans last year to scan the iCloud for known sexually abusive depictions of children, but the rollout was delayed indefinitely after resistance from privacy groups."
They all embed themselves deeply into our communications, for not-so-altruistic purposes--allegedly to "serve us better", realistically to train the shit out of their AIs in the hopes of growing (or at least maintaining) market share. If people weren't such cattle, a hard line would have already been drawn. If...
> Not only did he lose emails, contact information for friends and former colleagues, and documentation of his son’s first years of life, his Google Fi account shut down, meaning he had to get a new phone number with another carrier. Without access to his old phone number and email address, he couldn’t get the security codes he needed to sign in to other internet accounts, locking him out of much of his digital life.
> “The more eggs you have in one basket, the more likely the basket is to break,” he said.
I only have a google account to have access to Play store. Everything else, mail, calendar, photos and storage, has been moved off Google
There's no Proton Photos, as far as I am informed. Surprisingly, there is a Proton Calendar. But does it syncs with Calendly or Zoom, for example? I don't think so.
Currently more or less adequate solution in terms of integration is self-hosted Microsoft Exchange. I wonder how much does it cost (including Windows Server license).
Nowadays you can buy a NAS and plug it into your router and then click the install nextcloud option and you have it running, then you add the app on your phone. Its no where near as difficult to get these level of capability as it used to now that Docker is integrated in a user friendly way in a lot of NAS software.
I don’t trust it to be more reliable than a paid service. The thing about self hosted solutions is you’re completely on your own if something goes wrong. You need to make sure you’re backing things up, that you can restore your Nextcloud configuration if your sql database takes a dump or you fat finger and delete some config files (I’ve done both). Or if you have a power outage or lose internet connection and can’t access vital files, or even something simple like a bad software update causing issues.
While a great option, one can’t simply spin up next cloud and then move everything over like you would a Saas solution as a typical layman.
If something goes wrong with your google account (or other SaaS that would lose your data, or ban you without recourse), you are not even on your own, you're just trully fucked. It's poof gone and no local/internet tech geek will be able to help you.
If something goes wrong with your at home nextcloud, you still have the data/hw, and you can either get help troubleshooting from someone who understands what they're doing, or you can try yourself (which will take more time). You're not on your own. And even if you are, you can just shelve it, and defer the recovery for later. But unless it figuratively crashed and literally burned, you're not fundamentally prevented from recovering your data.
In addition, backing up the services isn't that costly these days. Backblaze provides massive storage space at cheap rates and integrates well with encrypted backup software like Duplicity, Borg or Restic. Recovery from failure is usually a breeze with these software.
Yeah totally agree with this. I back up all my important data, but I’d still prefer to Apple/Fastmail/Dropbox be the primary provider of a service and back it up to my server (and other cloud services) than run and rely on my own nextcloud.
Automating daily Google Takeout requests is exactly the sort of behaviour that I fear would trigger an account ban at some indeterminate future date. There are just too many unknown unknowns for me with Google now. Their ecosystem is, and has been for a while, personally relegated to burner account status.
I doubt that you can do this daily -- I don't think Takeout can work differentially.
Monthly or annual downloads though, can be scheduled manually simply by putting a note on your calendar.
If an account goes down, the thing you'll miss most may not be the recent things, but rather the many years of archives you might have in a Google account.
I have Nextcloud running on a Raspberry PI along with a dozen other services on yunohost.org. Nextcloud automatically backs up my family's contacts, calendars, notes, tasks, photos, files, passwords, bookmarks, phone locations and more. If you want to backup the APK's check out Seedvault. I am personally fine manually reinstalling APK's if/when needed so have not tried Seedvault yet.
Hmm, which part fails? Works great for me.
You can schedule it to happen every 2 months for a year. And so every 2 months I get an email with links to 7 or so 50GB .tgz files. They download very quickly with no throttling and fully saturate my 1Gbs connection.
Try fetching only your photos in one archive, your Gmail in a separate archive, and then everything else in a third.
If you have "too many" Google photos and that archive fails, create albums for every year, and only download a year/album at a time. It's a huge PITA, but at least you'll get your stuff back. (Kinda: depending on how you uploaded your photos, the metadata may come back truncated or altered).
The biggest problem with Play store is that many apps are geographically restricted. That includes banking and public transport apps. Some apps are restricted without even the knowledge of the developer. Most of those apps have no good reason at all to be restricted like that. Such apps often cannot be accessed through Aurora. Sadly, there are no laws or provisions to challenge such unethical tactics. Using Google's services is like living with a manipulative and abusive partner.
Same here. Those shitty providers are a too high risk.
Many years ago Microsoft has banned my outlook account for no reason. I tried contacting the support to resolve the issue - nothing. Only after writing a letter, I received the answer from Microsoft Germany:
We banned your account because I was distributing porn through onedrive (which I was not doing). The investigation showed that Microsoft could not find any wrongdoing. The account was gone nevertheless.
This is why I say:
- skip Gmail/Outlook and all this crap, use something proper like mailbox.org with your own domain
- dont trust cloud. Backup once a month, use two clouds at the same time, have a cold storage with your backups
- biggest risk is your apple icloud account. dont be dependant on them: dont use their credit card
- dont use google/ms 2fa apps
- have multiple accounts in parallel: one for google drive, one for search, one for mail (if you need it), one for youtube, etc
> The more eggs you have in one basket, the more likely the basket is to break
This. Use Yahoo for your email, Verizon for your phone number, Dropbox for your backups, Facebook for your socials… It doesn’t matter which you choose, but fragment your digital life. When one part goes bad, it won’t infect the others.
Honesty, I wish self hosting was easy enough for ordinary people to do. Then there would be no reason to recommend people to fragment their digital life among dozens of ad-funded SaaS platforms. There is no reason why it has to be so hard. But not enough effort has gone into developing such systems due to obvious reasons. Sandstorm project, for example pioneered a model where users could deploy web apps like they would install mobile apps on their phone. Sadly, it didn't achieve the level of popularity it needed.
Thank you for the pointer! Definitely something worth looking deeper into. However, I was talking more about the software side of things - so that we won't be locked into a hardware platform. That said, they do have an idea in the right direction.
I'm still totally not off Google yet but this is the direction I'm going in. Fastmail for email (still need to do the POP/IMAP setup for local caching using Thunderbird), local ISP for phone number, Syncthing for syncing across PCs/Android phones (except iOS which lives in its own world) and Facebook has been deleted long ago. Just takes a while to get off Google because of years of sign-ups but I already got the financial and government services off it.
Isn't the ability to migrate phone numbers a legal requirement for carriers?
Edit: yeah it is [1]
> Phone companies are required by law to port your number out when you start service with a new carrier. According to the FCC, a company can't refuse to port your number even if you have an outstanding balance or unpaid termination fees.
When porting to a new carrier, the new carrier asks for your account information and PIN for the old carrier. The new carrier provides that to the old carrier to prove that the port request came from you.
It looks like with Google you are supposed use the Google Fi app or website to obtain a “port out number” and PIN [1] to give the new carrier when they ask for account number and PIN.
If you accounts have been banned I wonder if you can still get that information?
Haven't had to do this with google (yet) but filing a complaint with the FCC usually gets you a very prompt response from the company the complaint is about, and I imagine this would be the best thing to do in this case
https://consumercomplaints.fcc.gov/hc/en-us
When I started using Google, their motto was still "Don't be evil." My entire business and personal life runs on it, so I have no way to switch. 300 employees emails, all documents, videos, tons of custom scripts would have to change over.
This is why I’m something of a two factor authentication Luddite. I (think) I understand the benefits - but the fact that every factor is an additional single point of failure freaks me out.
TOTP keys, backed up physically (as in, written down and stored somewhere safe), are probably a good way to balance the failure mode with the security.
This story should serve as a warning and a motivation to move away from iCloud, Google Cloud, and alike for video and photo storage.
The easiest thing is to just purchase a drive or NAS and store your media on it. If you're a bit tech-savvy, you can run your own NextCloud. I run NextCloud on Hetzner, 1TB storage box + web server for a total of $7 a month. Or you can get Hetzner to run the NextCloud for you for about $4.7 a month for 1TB storage, but then you don't have full control over it. Then there are quite nice NextCloud apps for Android and iOS that you can configure to sync your photos and videos into your cloud.
I am a software professional and run my own email and it's a massive pain in the ass. I started also using a google account just to use for all the stupid sign ups the internet makes you do, and use my real email for actual correspondence, banking, and a few other things only.
Not OP, but I also use Hetzner and their storage boxes. Servers I use will connect using samba. For temporary access from other devices I usually use FTPS, but they also offer a bunch of other protocols.
Can NextCloud do OCR on the pictures, identify people and allow search by objects in the photo? Because those are the killer features for me that make it super useful to use Google photos.
> “I decided it was probably not worth $7,000,” he said.
lol. Missing 4 zeros there.
Part of the reason for the brazen actions of companies like Google is that their substantial financial means and legal department sizes grant them a substantial degree of immunity to judicial review.
Also some execs behind bars won't be a bad idea.
Granted that mistakes do happen, but when they don't resolve it in a timely manner, punishment is fair.
Addendum : I don't know if companies have a govt imposed rule to report porn, in that case I'd say the root cause is the govt, not the company. Of course if the root cause is govt, and even more root cause is people themselves. People collectively generally get the govt they deserve...
> I don't know if companies have a govt imposed rule to report porn
In the US there isn't and generally cannot be a government requirement to search the customer's data. If there were, the provider would effectively acting as an agent of the government and the customer would enjoy 4th amendment protection of their privacy (absent a warrant or other, similarly targeted and justified reason).
Unfortunately, there is a bit of a wink-nod situation going on where the government quietly pressures companies to engage in these activities "voluntarily" -- in exchange for varrious forms of preferential treatment and refraining from enforcing other regulations -- and in court when a target attempts to present 4th amendment defenses everyone pretends (and testifies) that the provider was searching the customers private files of their own volition and not on the government's behalf.
In this game neither the provider nor the governments hands are clean because they are both conspiring to undermine the constitutional rights of the public.
I keep telling anyone who will listen that they need to move every aspect of their online identity away from the big tech giants, and make sure that each type of service (email, webpage, memory storage, document storage, backups, contacts, etc) is compartmentalized in such a way that if one gets removed then it wont affect the others in any way.
Imagine having all your memories in the form of images and videos taken away because of sloppy review work at a tech company.
This event happens so rarely that it would be better advice to tell people to wear a bullet proof vest and helmet when going outside. It’s more likely to benefit them than self hosting media.
Also: I wear a helmet or a belt every single time I drive even for 1km. Should I not? I never needed them. 0% use rate so far for me, might as well not have done it.
The issue is that when it happens, you're done.
Considering that you probably don't need to keep all your eggs in one basket, why not at least try?
On this note, I wish providers were forced to provide a third-party backup mechanism for important data so that if I were to lose:
- the email: it could forward my email to at least receive them
- my photos: a copy could be kept on multiple hostings
The problem is finding them. If a layman looks for a cloud back up provider that isn't one of the BigTech group - uses Duck Duck Go and finds a small company offering 10GB back up for free. Unfortunately for them, that service is using AWS for storage, so ultimately despite they're best effort they're just using amazon cloud storage.
This is where the small guys kick ass vs the Googles/Microsoft. Try Dropbox, Backblaze etc. Much better experience. Apple is OK UX wise but locked in which sucks.
How is a laymen supposed to tell the difference between Backblaze - running their own servers, and a Dropbox-like - which is really just uploading your files to amazon's servers?
Assuming Dropbox encrypt the data at rest, Amazon won't have any access to it. And if they do delete stuff they now have to deal with a company instead of single individuals.
That is right, but I cant resist bringing out the trope that airpods product line alone - just one produce line! - is one of the world’s biggest businesses and dwarfs most unicorns like Dropbox.
Dropbox used Amazon until 2016, to only have their own datacentres in the last 5 years. Who's to say they decide that's not economical and move back to aws?
OneDrive IS Microsoft and iCloud IS Apple so they ARE BigTech, the same as Google? I don't see how that argues against the point?
Box is the only one in that seems to qualify? Kinda proves my point that it's not at all easy for a laymen.
So instead of depending on three of the largest tech companies with built in redundancies, you want to depend on a fly by night operator with no track record?
You would even avoid DropBox because they also chose to use proven reliable technology until their own technology was good enough?
I mean personally I use iCloud and Google Drive, but i fully understand that at any point Apple or Google could decide to hand all of my data to a government, accidently turn off all their security and let anybody access my data, delete my data, or even go bankrupt.
But the point I was making was that it was hard for a laymen to decide to avoid using any of the bigtech companies, since so many of the small upstarts are just build on-top of the existing bigtech and aren't forthcoming on if they own the datacentre or if its Azure/Aws etc, so for those who they really did have privacy as their key driver it probably would be easier to self-host, or you have to trust somebody.
The adage that there's no such thing as cloud computing, just somebody else's computer makes sense. If you're that concerned with privacy it's far easier to run your own.
There is very much such a thing as “cloud computing”. The “cloud” isn’t just a bunch of VMs. There is an entire offering on top of the VMs. Your average consumer is not going to spin up a bunch of Linode VMs and create their own backup solutions.
slip of the tongue/keyboard. It was obviously supposed to read "There's no such thing as cloud storage, just somebody else's computer." It's a fairly well known phrase[0][1]. It's even a laptop sticker[2].
And no, they're not going to spin up a VM. They should buy their own NAS and back everything up to that if they care enough about privacy to avoid cloud storage.
Sure, but we're talking about cloud storage here for a laymen, who's hardly likely to know what AWS is, and we're also talking about a laymen who just wants to backing up a file, they're not using thinking about any of that. They just want to put their file on a drive somewhere. I'm arguing that if they care that much about privacy they should back it up to a device they own, and not use on a cloud provider. You're not providing a defence against any of that. You're saying that instead of storing their files on Google's computer they should use Amazons, or Microsofts? Why? If they truly value their own privacy they should back things up to a device they own such as a NAS, and/or a trusted family members NAS.
I've also just seen, which you didn't disclose, that you work at AWS[0]. Not disclosing a vested interest doesn't exactly lend confidence to your impartiality. Either way, I'm still not sure how your argument is a rebuttal to my proposal. SO far it seems to amount to "other cloud providers exist" and "Your mistype wasn't accurate"?
Anecdote: It's happened twice for me. Once was for an app I published they decided was against ToS, two years after I published it. And the other was an accidental account deletion when upgrading Google Apps (luckily this one was mostly recoverable... if you know the right people at Google).
Do you use the same email or 2FA for all of those? If so, you still have a potential single point of failure if that provider decides to ban your account.
It is unlikely that both the email and 2FA will fail you at the same time, unless perhaps you are using gmail and Google authenticator (though I am not sure how much authenticator is tied to your Google identity as I don't use it).
Use email, phone and app 2FA plus printable 2FA codes, and you'll always have a way.
Frankly if all of these can be made inaccessible in one go then the setup was mighty flawed to begin with.
That sounds sorta expensive but I get it. I’m at 3tb of photos and videos. It’s becoming unmanageable… anyone aware of an self hosted multi redundancy photo storage that doesn’t involve manual copying of large amounts of files? Or other non time consuming setups that works with iPhones (me and my SO)?
I use Backblaze B2 and ‘PhotoSync’. PhotoSync is great in any case, as it can push and pull from basically anywhere. The only issue is it’s phone based.
I want to, really I do, but it feels like trading one devil for another.
Email is by far the biggest albatross around my neck. To migrate email requires me to setup two different failure points: purchase a domain and a Fastmail-like service. Now that is two different places that are subject to me forgetting to pay a bill, being social engineered into giving away my account, etc. To say nothing of the long tail of acquaintances who only know be my current address.
Yet still, this existential terror exists that I will Do Something Wrong (no you will never know what it was), and lose everything.
E-mail should be the first thing you migrate, precisely because it is the key to every other service you rely on. If you're randomly banned from your E-mail service, you're pretty much screwed. E-mail is too important to let someone else host. Move it as close to your own control as your technical ability allows. Do it today, in fact, do it right now.
+1! Getting your own domain name is not hard, you can still use GMail with it for now, and switch to something else if there's a problem with it. Plus xyz@yourowndomain.com is way cooler than xyz@gmail.com.
Autopay is simple to set up with any hosting provider. If you're in a financial place where the $5/mo and $10/yr payments might bounce... yeah, probably don't pay for email.
As far as the social engineering goes, personally I gladly take that risk in order to bring my email firmly into my control. If I'm going to lose access to my email, I want it to be because I did something stupid, not because an algorithm flagged my account and Google has no humans I can appeal to.
The long tail of acquaintances isn't bad either: just forward emails from Gmail to your new address. If you lose access to the Gmail account at some point, you'd have lost everything anyway, so this arrangement would be strictly better.
I'm not fully confident that I'll never cancel a credit card that pays annual subscription. Generally it's fine because alert email would come on my inbox, but it's email infrastructure so I need extra attention.
I’m not big on PayPal but I have some domain names set up for recurring PayPal payments (with cc as a backup) because PayPal is insidious with regards to how far they go to fund your account (charging multiple cards, goopy your bank account, sending you letters for debt collection, etc) which, for most things, would be exactly the opposite of what I want but for domain names it’s a huge burden lifted.
HN should add a [Corp Support] tab, if Google & Co won't create their own support system, let's do it here, and add a dark pattern leaderboard for not replying/acting
> Mark spoke with a lawyer about suing Google and how much it might cost.
> “I decided it was probably not worth $7,000,” he said.
I believe it is one of the roots of the problem. How is it even possible that getting justice in court in such a trivial case costs about three months of median income?
Well, it's really not straightforward to know what would be the outcome of such a lawsuit. Google's ToS is one thing but the main point is that random user uploading family photos is not a protected group, so Google refusing service is very much their right. The state usually cannot force otherwise.
unfortunately consumer protection is basically nonexistent in the US. (besides a lot of reporting requirements, that should be streamlined and automatic anyway.)
Also, it looks like a powerful attack vector. Just slip a questionable content onto a victim's phone - and voila, a lot of trouble is under way, probably irreversible.
Just don't make knives. Period. The reasoning doesn't matter. The innocent tool that you use for cooking could be stolen, could be lost, could end up donated to a thrift store where anyone could buy or shoplift it, and the knife could end up in the hands of a serial killer.
Your intent doesn't make it right. And you have to make sure a criminal can never get their hands on one.
What's next, actual serial killers declare themselves chefs and thus can receive and share knives with other chefs "for cooking reasons"?
Please. Don't be so naive guys. Don't make knives. How the hell is that not common sense?
---
That is how rediculous your suggestion about pictures sounds to other people.
Yeah, just delay seeking medical treatment (for your child) until this coronavirus thing blows over.
The context is critical. Context is always critical.
Also, I'm not sure why an "actual" paedophile couldn't be an acupuncture professional. I mean it's not really a thing to take your kids to before the GP. To be clear: I don't think that anyone should be able to just declare themself to be some sort of qualified practitioner and make or imply that they can provide a service or results that they cannot. But I'm really unsure why someone calling themselves an acupuncture professional (whether they are qualified to or not) would entitle them to freely trade in sexual abuse material.
> subsequent review of his account turned up a video from six months earlier that Google also considered problematic, of a young child lying in bed with an unclothed woman.
608 comments
[ 5.7 ms ] story [ 316 ms ] threadThat sounds like a permanent stain on his records.
We “banned” alcohol for 13 years.
America’s greatest battle is with our dark religious past. We claim to be secular but really it’s an aspiration.
How do you know those nudes are taken consensually? And what's your liability for developing ("reproducing") them?
> You can't even take a photo of your own kid.
You missed the part where we're discussing a sub-topic off that story, someone's experience working in a photo store, and the policies in place there.
> Why would you assume a crime by default?
I assume you mean "you" as in a photo store that finds such negatives in a job order, and not me directly?
Because as I said, your liability or even reputation if this isn't from something legal, is not worth the profit made.
What say you
1)Government makes companies liable for hosted third party content
2)Companies set up workflows to detect said content
3)???
4)Blame capitalism
We are talking an adults private photos, not a billboard on the freeway.
there are absolutely no reason to ban it, because that only causes more harm.
somehow many people on Earth have a remarkable resistance to nuance.
Source: human history.
It’s time to move on.
>Source: human history.
The alcohol consumption statistics of certain ME states strongly disprove your thesis.
But it's very hard to find any data (let alone official data) on any of this, because nobody wants to suffer 72 lashes with 0-gague electrical cable at the hands of Iranian police for having admitted to have had a glass of wine or whatever one night.
Alcohol is an aspect of human civilization since per-historic times (as old as farming if not older) and always will be, regardless of what puritan Christians or foaming-at-the-mouth Mullahs might think of it.
Across the board (addiction, alcohol, abuse) any type of "zero-tolerance" "bring the hammer down" policy e.g. a blanket ban on alcohol has always been at best orthogonal and usually antithetical to harm reduction. As someone mentioned in the above comments, nuance is everything in providing support to the vulnerable --- ask any social worker. Religious guilt enjoys no such effectiveness.
(Sorry, two of the citations are in Persian, I couldn't find English sources. Google translate could be a workaround.)
Edit: spelling.
[1] https://www.bbc.com/persian/iran-features-49967036
[2] https://www.who.int/publications/i/item/9789241565639
[3] https://ir.voanews.com/a/iran-alcohol/5362942.html
I’ve lost track of how many people in this thread have blamed Christians. Why? Christian’s do not have a ban on alcohol. Where is this idea coming from, or are we just spreading hate?
Also, in many of the comments in this thread, the word “puritan” is not used.
My comment remains, this comment existed to spread hate, nothing else.
Also what other vices? The word vice generally means bad things so you’re upset that this “group” is giving life guidance? Are you equally as intolerant of a doctor telling people not to drink?
Apparently you’ve never been to Baltimore. There is no dark religious past haunting that city, just corrupt politicians.
Baltimore has 10,000,000 people. The United States is larger by a factor of thirty three.
Baltimore has a population of 600k not 10m, you're off by a factor of 13
That's as batshit crazy as recent assertions that nothing the courts rule can be sexist; after all, women would just run for seats on the supreme court if they cared; they're a majority of the population, after all.
Since the nonsense in the last paragraph actually came from a recent supreme court majority opinion, I'm wondering if you can point to a supreme court ruling backing up your statement.
According to the First Amendment, you have a conceptually unlimited right to write petitions (complaints). Practically, it is limited by the absence of violence during assembly.
There's surprisingly few rulings on the right to petition.
I expect most only complain about corruption because the basics aren’t being delivered, not out of a sense of civic responsibility.
This has so many holes in it you’re making Swiss cheese look rational.
> I expect most only complain about corruption because the basics aren’t being delivered, not out of a sense of civic responsibility.
I expect you have absolutely no idea what you’re talking about.
In fact, the policy was why they examined the photo carefully.
Briefly glimpsing a negative, and being forced to make an enlargment and checking the print quality, are two different things.
And obviously you can't prohibit viewing a negative you haven't seen yet...thus prohibiting the printing.
https://en.wikipedia.org/wiki/The_Package_(Seinfeld)
> Sheila, a clerk at the photo store, flirts with George when he picks up his photos, commenting on a mustard stain that appears in one. He photographs everything, even Jerry taking a screwdriver to his stereo, as an excuse to see her again. A lingerie model's picture is accidentally mixed in with George's photos; he assumes it is a photo of Sheila she inserted as a come-on. Kramer convinces George to return the compliment with seductive pictures of himself.
https://knowyourmeme.com/memes/seinfeld-effect
>The Seinfeld Effect is a phenomenon closely related to the Family Guy Effect (the idea that when a meme is referenced on a popular television show, it dies out). The Seinfeld Effect occurs when a TV show references an in-joke belonging to a subculture (in most modern cases, the Internet) and makes it mainstream, causing the show's viewership to mistakenly believe the meme originated with that show.
>The effect is named after the 1989-1998 sitcom Seinfeld's habit of referencing little-known ideas, jokes, and phrases, such as "Festivus," "yada yada yada," or "not that there's anything wrong with that," and making them extremely well-known through the show's populararity to the point that many have the misconception Seinfeld invented these phrases (for the purposes of this article, 1992 is listed as the meme origin date, as that was when the episode "The Contest" popularized the idea of masturbatory celebacy contests). [...]
Seinfeld Is Unfunny Trope:
https://tvtropes.org/pmwiki/pmwiki.php/Main/SeinfeldIsUnfunn...
>There are certain shows that you can safely assume most people have seen. These shows were considered fantastic when they first aired. Now, however, these shows have a Hype Backlash curse on them. Whenever we watch them, we'll cry, "That is so old" or "That is so overdone".
>The sad irony? It wasn't old or overdone when they did it, because they were the first ones to do it. But the things it created were so brilliant and popular, they became woven into the fabric of that show's genre. They ended up being taken for granted, copied and endlessly repeated. Although they often began by saying something new, they in turn became the new status quo. It's basically the inverse of a Grandfather Clause taken to a trope level: rather than being able to get away with something that is seen as overdone or out of style simply because it was the one that started it, people will unfairly disregard it because it got lost amidst its sea of imitations even though it paved the way for all those imitators. That is, a work retroactively becomes a Cliché Storm. [...]
I have cloud backups of family photos, but they're all through restic or rclone with the crypt filter applied. Privacy is about the right to put yourself in context.
Wow. This is a brilliant. Did you come up with this?
Six Words on Privacy
https://safecomputing.umich.edu/six-words-about-privacy
Very well said.
People can't run their own encrypted messengers so we have Signal. People should be provided with interfaces, and advocated too, use cloud services for their data in a safe way.
Assuming, of course, that you don't use your personal account for your domains - that'd be crazy!
Google knows I am the same person, even though they are different accounts, so are the two other accounts safe when one of the three gets flagged?
Nothing happened
Works for (almost) all devices.
https://www.bbc.co.uk/news/technology-52986629
Discussion https://news.ycombinator.com/item?id=23471347
Besides, there is less likely of a chance that a medical app targeted toward virtual care for babies would be flagging parents for sending pictures of their children to a doctor.
They required me to send them photos to the receptionist over plain email - I complied because they weren't particularly sensitive parts of my body however it did make me mad that this was their system for dealing with sensitive health data
No, you shouldn't have to use some special software to take a picture. Taking a photo with your phone's camera app should never trigger an account suspension.
The health sector isn't known for having a secure anything, furthermore getting health companies to agree on one thing together is almost impossible.
I'm sort of surprised you haven't encountered it yet (and that the people writing responses to your comment haven't either).
Here's a PR piece about their secure video chat feature. (They also support emailing around photos, and the app has a built in camera, but that's old news, and not in their PR blog reel)
https://www.epic.com/epic/post/expanding-telehealth-during-t...
They are doing some interesting stuff with outpatient monitoring and treatment-specific workflows, apparently:
https://www.epic.com/epic/archive/epic-outcomes
the meaning of both words being defined by their provacy policy and ToS
Whether you would consider that private and secure enough, is a different story
Wow. Just wow. This is worse than the usual Google's automated screw-ups. In this case, Google was notified of the issue by the NYT. Yet they actively chose to continue to screw over their victims just because they can.
> In a statement, Google said, “Child sexual abuse material is abhorrent and we’re committed to preventing the spread of it on our platforms.”
Just how tone deaf can Google be, continuing to treat these innocent folks as criminals in this passive aggressive statement even after being proven wrong? Do these people have no empathy at all?
A private company is the de-facto judge, jury and executioner because it owns half the infrastructure you live your life on.
Always makes me laugh when I see employees of Google, Amazon etc. claiming to be “anti-fascist” and “standing in solidarity with the common man” etc etc…
Not having an internet connection is NOT an option. There is a legal process to get a special permit to avoid having to use these state mandated electronic systems but it is almost only theoretically in that you will need to have a doctor's note saying that you are unable to use such systems. E.g., by suffering by severe dementia or similar.
They serve the fiction of confirmed mail delivery. If you don't pick it up from this mailbox, it is considered delivered anyway and your problem, if you miss something here.
Governments have accessibility obligations and so their key services should absolutely be usable with something like Chromium/Linux. And it definitely shouldn't be more onerous than using a smartphone.
It is the portal for Slovak republic. You are supposed to have your national ID card, which is a smart card. To use it, you need a smartcard reader and an application, which basically listens on localhost and is kind of a intermediate between your browser, the pages than need authentication and the department of state, which handles IAM.
That application runs on Windows, Mac and Debian (9,10)/Ubuntu (18.04,20.04)/Mint (19.20) (it is not open source). Other distributions are not supported, forget ChromeOS.
It is quite onerous. You have to enter your PIN for smartcard about four times, before you see the content of the inbox.
I learned it like this, its since recently that applying by email more commonly an option.
People on Hacker News like to propose "just use low-tech!" or "just self host!" often and I don't get how that's a solution. I _could_ spend hours of my day printing out and mailing my resume to companies (if they allowed me to) and waiting days-weeks for my response _after_ they made their decision (during which time I still have to pay bills and have no job) or I could apply with one button on Linkedin and get my response back instantly. It just saves so much time.
Others will say that that's a small price to pay to retain my freedom, which might be true. But what's not true is the other qualities of life that internet and big data affords me. If I don't have instagram or snapchat I literally lose all spontaneous contact with my friends and family. Sure, I _could_ mail them a letter, but with the delay in communication a lot of the intimacy is lost, and we would truthfully just talk a lot less. This, along with a lot of other problems (how do I contact my professor for help after class? go to their house?). Combined with the fact that I would have to be _extremely_ thorough and make sure that my data is scrubbed from all of Facebook/Google/Twitter/Whatever and it's subcompanies, it's just not a real solution. It's actually really annoying that so many are content with infeasible individual solutions instead of advocating for things like pushing against the EARN IT act or the like. I shouldn't have to have a computer science or cyber security degree to be private online - it should be done for me by the government. I don't know what the fuck is in that vaccine (or any medicine I take for that matter) but I can trust that it does me good because of regulations.
Most of the jobs I've worked for have come via old school phone calls.
https://news.ycombinator.com/item?id=32304320
Having helped my 92 years old grandmother sorting out her tax returns on the government’s website, I can confirm that this is exactly what it means. And it’s the only practical way of communicating with the administration. Most local branches have been closed to the public, and the phone lines are congested all day (and cut you off after one hour waiting, which is always fun).
Having had the pleasure of sharing the elevator with said individuals in shared office buildings the "common man" part almost made me lose my coffee.
I really wish it wasn’t so, but when your company serves the advertiser you aren’t serving humanity. The balance is off and which each passing year it isn’t getting better.
Big Tech monopolies need to be resisted
I can't fault them too badly for that. I consider myself personally against the horrors that go into gathering the constituent materials for, and the assembly of, computers. This position co-exists with the fact that I, like most others here, derive the majority of my livelihood from Doing Things With Computers, which wouldn't be possible without the computers themselves, which wouldn't be possible without the horrors.
Worse still, I live a provably better life than those of my peers whose youth did not, for whatever reason, revolve around Doing Things With Computers, let alone the far-flung people whose labour provides me with the computers on which I do those profitable things.
It's difficult to morally reason about.
So you are forced to use an iPhone or Pixel phone, forced to search with Google, forced to use AWS.
Even though open alternatives exist for all these who would love your support.
I would better let Google have all my photos and track my location than my father ...
In my personal view the internet became one big country with overlapping laws and government policies and collusion by corporations. Ever so often I use google to see what search results they can muster but otherwise I don't use cloud storage and do not find myself depending on google. For email I try to teach my friends how to use Thunderbird so they can click a button and their email is mostly GPG encrypted.
If I wanted to share files with someone that will not fit in that GPG encrypted email then I plonk them down on a mini-PC or a VM and share them over HTTPS with cache-control headers to reduce risk of file caches or SFTP with authentication. This is just my own preference and I am a stodgy cranky old bastard but if someone decides that basic auth is too much friction then it was not important for them to receive the files. I implement my own data retention and destruction policies. How my doctor or lawyer decides to store the files is up to them. I can only hope they are wise enough to not store things on their fondle-slab. An intelligent doctor should be able to handle basic authentication and/or be able to follow simple instructions for creating and sharing a GPG public key with me.
Or I could just snail-mail them an encrypted USB drive, however a GPG encrypted email should suffice for sending a few little images to a doctor. Some will bring up rubber hoses and wrenches but there are mitigations for such things. Some might even want legislation to to bandage these dark patterns but experience has taught me to not trust that corporations would be held to account at the same level and standards as citizens.
Edit: I recently read this book called "The Every" which explores a similar scenario https://www.goodreads.com/en/book/show/57792078-the-every
(a) compute cost for uploaded brains is probably more than the cost for the pig slop and water/sewer bills of current model. Recall that prisons right now almost never have AC. If you're going away from corpses, you'll have to pay for that.
(b) Cost of caring for the physical body has pretty much been solved by the markets. The customer has a social network that sends money in and pays transfer fees. This network also pays per call and email. Then the customer purchases food and clothing at monopoly prices, since... it's a captive market! Just imagine the ARR hit when people stop eating.
Reminds me of another "Social Media Corp Gone Bizarrely Crazy" plot that I read recently, The This, by Adam Roberts. You won't anticipate how Crazy the social corp in question goes till you're halfway.
Our best bet is to shame those using products of unethical companies.
We know what effect affective privacy policies have - the ten line policy change on Apple App Store has caused all of the ad supported platforms to announce falling revenue. The GDPR has only caused cookie pop ups.
Plot twist: (maybe) Xyz is (not) an (un)ethical company, so we should establish some sort of authority on ethics with a malleable but firm framework to guide the consistent -- and proportional to the unethics in question -- application of shame to the people using the products.
Unfortunately the state has dropped the ball about anti-trust, thanks to stupid economic theories from the Chicago School of Dumbfuckery. Those are the main culprits for the shit we're in.
So perhaps fascism doesn't fit perfectly, but it's pretty damn close in my opinion (especially if you use definition 3 by Wordnik "Oppressive, dictatorial control").
Few to none of the loudest users of “fascist” describe Cuba, Venezuela, or China with the term according this definition. Can only conclude the definition is given in bad faith, and used by people with a silent exception for “states and organizations I find ideologically appealing.”
In fascism 1.0, singular authority vested with the head of government who then subjugated every other institution under the government. In fascism 2.0, power consolidates from the bottom up as corporations weave themselves into our individual lives, merge and collude with each other, and expand their scope in a way that subsumes existing institutions including the existing government.
It's not the same, but it rhymes. Each version seems to be heading towards a similar end state, but coming at it from a different direction. The distinction seems to be the same distinction as between totalitarianism and inverted totalitarianism. Maybe we should call it inverted fascism?
In some cases, it conforms more to classical fascism than many realize.
That said, in this particular case, I’m still not sure it applies.
When it comes to stopping the distribution of child abuse material, there’s no reason to believe that anyone’s acting in bad faith. We can certainly see where they have everything needed to do so (access to people’s personal data, ability to mobilize law enforcement, and a relationship with government that is amenable to suppressing criticism as “dangerous”).
But in this specific case and others like it, we actually see that law enforcement did their job - they did not overreact, they investigated as appropriate, and nobody was charged.
Google continuing to be a dick about it and holding someone’s account hostage isn’t exactly fascism yet, but it is a great demonstration to people how easily big tech can become weapons of fascism, and why it’s important to opt out of centralized big tech (while they still have the chance), to discourage public/private collusion, and reason to support efforts to keep their powers in check, the same as they would any government.
This is a highly loaded paradigm, carrying an extremely misleading framing. From my perspective, US corporations and US government are indeed colluding, against an outside attack trying to tear them down to replace with a different power structure. I've had no love for the US power structure and have myself often wished to wholesale replace it, but the vision that attack is offering is so regressive that I've become extremely conservative for the time being.
> no reason to believe that anyone’s acting in bad faith
Of course nobody is acting in bad faith. Bad faith actions are decently punished by our society, so the structures that have built up operate on good faith, and produce constructive bad outcomes in spite of it.
> but it is a great demonstration to people how easily big tech can become weapons of fascism
This feels like it's missing the ultimate dynamic, by falsely asserting that fascism can only flow from the bona fide government. Whereas actually, Google's actions within Google's currently-limited sphere of influence are fascist in nature, and that sphere is growing. As I said, "similar end state, but coming at it from a different direction".
> it’s important to opt out of centralized big tech
I wholeheartedly agree, which is why I think it's important to describe the fundamental dynamics of these centralized surveillance companies before they have grown to be truly all-encompassing. Even presently, using Google is a mandatory requirement to interact with many government services (Recaptcha), and the more you make yourself known the Google the fewer roadblocks they hit you with. It's not a stretch to think as non-Google browsers ramp up their surveillance protection, that logging into a Google account will become default mandatory to pass such checks, giving Google account status the bona fide force of law.
"The word Fascism has now no meaning except in so far as it signifies ‘something not desirable’. The words democracy, socialism, freedom, patriotic, realistic, justice, have each of them several different meanings which cannot be reconciled with one another. In the case of a word like democracy, not only is there no agreed definition, but the attempt to make one is resisted from all sides. It is almost universally felt that when we call a country democratic we are praising it: consequently the defenders of every kind of régime claim that it is a democracy, and fear that they might have to stop using the word if it were tied down to any one meaning. Words of this kind are often used in a consciously dishonest way. That is, the person who uses them has his own private definition, but allows his hearer to think he means something quite different"
https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim...
Wait for the next EU lawsuit against Google, you will drown under all the comments claiming it is an attack on American companies.
What you're describing here is more like a cyberpunk corporatocracy, where corporations hold so much power independent of the state, that they are able to exercise their own arbitrary decisions extrajudicially, while still maintaining so much power over people so as to completely control their lives.
In fact, here you can see that the person was exonerated by the state but punished by the corporation. In fascism, nothing supercedes the state.
It sounds to me as if a class action lawsuit is the most appropriate remedy for the unfortunates who are caught in this predicament. Their only problem is finding each other.
For the rest of us, it is unwise to use cloud storage for photos, for several reasons.
https://news.ycombinator.com/newsguidelines.html
I imagine unblocking someone due to them being exonerated by a government entity is legally risky - perhaps doing so would be considered enough proof/evidence to deem the entire CSAM scanning practice as a search/seizure at the request of the government.
0: https://www.hackerfactor.com/blog/index.php?/archives/929-On... • “ According to NCMEC, I submitted 608 reports to NCMEC in 2019, and 523 reports in 2020. In those same years, Apple submitted 205 and 265 reports (respectively). It isn't that Apple doesn't receive more picture than my service, or that they don't have more CP than I receive. Rather, it's that they don't seem to notice and therefore, don't report.”
Why would it matter where it's held?
EARN IT threatens to expand this to CSAM. Meanwhile, anti-CSAM legislation continues to develop in other jurisdictions, and being global entities big tech companies are exposed to that risk. Hence why Apple published explicit plans to actively scan (albeit locally on-device and with creative use of cryptography to soften the blow) for CSAM on their devices, and integrate with NCMEC. They’ve shelved this for now, but made it clear that they’re not done with this concept.
Big tech dreads the loss of their liability shield, and these measures are an attempt to stay ahead of the policymakers. It’s not as free a choice as it may appear, and the federal government does not appear restrained by the constitution here.
Google actively inspects and analyzes data, and does so with their cloud services. Microsoft does as well. They have a reasonable means to know that a user has problematic content. Other services that sync but don’t process data do not.
In many US states, you are legally compelled to report child abuse and are subject to criminal sanction. In New Jersey it’s a misdemeanor for anyone who fails to report child abuse. In New York, mandated reporters are compelled to report and have criminal and unlimited civil liability if they do not (and immunity from liability if they do).
For a company like Google or Microsoft, the risk assessment is very complex and the smart, and arguably the morally righteous move is to report.
No Android has not been a financial success. It came out in the Oracle trial that Android had only made Google $27 Billion in profit from its inception through the trial start date.
For comparison, Google pays Apple a reported $14 Billion a year to be the default search engine on iOS devices. Apple makes more in mobile from Google than Google makes from Android.
And I usually find myself on your side of these discussion, trying to avoid hyperbole. I don’t think ‘evil’ is hyperbolic in this case.
Standard disclaimer; I work for AWS.
Android's value may not be easy to measure, but it's worth in building and maintaining Google's moat positively boggles the mind.
It doesn’t matter that Android is running on a bunch of $100 phones where they are getting a low ARPU. The Oracle trial showed how little profit came from Android.
Who do you think business would rather target iPhone users or Android users?
> How else do you explain how they are willing to pay a competitor $14 billion+ a year?
Obvious that they have more than >14B+ value extracted out of their competitor's ecosystem per year? I am not sure if you are aware of this or not but when Apple screwed FB with all the anti-tracking changes, there was one notable exception - the browser. Guess who benefited the most? All the ad dollars, which used to be spent on FB and other user-targeting based ad products, are now being diverted to search ads. Just read Google's earnings report - YT revenue declined while Search Ads revenue shot up.
> Who do you think business would rather target iPhone users or Android users?
Think 2-3 steps ahead. How do businesses target users? Via ads in a significant way. If they cannot target iPhone users anymore based on user data, what do you think they will use instead? The next best thing they know - Search Ads. Btw this is why you will Apple and Amazon's ad revenue surging as well.
On top of that, Google doesn’t even compete in the worlds largest cellphone market - China. Sure most phones run “Android”. But without any Google services.
Then you don't understand the strategy behind Android. This is a fantastic article to help you explain: https://techcrunch.com/2011/03/25/search-googles-castle-moat...
TL;DR: Android was one of the best moats Google could build for its data-and-ads business.
Note that it was the telehealth provider who provided the images to Google in the first place, not the SF techie dad.
If Google wrongly gives an account back, you get a different article: "Google helped child pornographer even after discovering CP in their account". Now that gets attention. That's a scandal that leads to political action, criminal charges, etc.
To be clear, I'm not advocating for how Google behaves. They're a lot more like a utility and probably should be treated like one (alongside the protections and requirements that come of a utility, you don't hear "eletric company stopped serving house since man suspect of CP lives there").
For the responses saying "Well the police cleared them", again I don't disagree. But if you're an executive making this decision you're thinking:
1. We never give back an account in this case and avoid the massive downside risk
2. We go through a lot of work to design a process that will impact a marginal portion of customers and really really hope nobody manages to social engineer themselves past, and pray that no enterprising news outlet/politician tries to make the "Google helped CP person recover their CP story" - they already have a target on their back.
— Dwight K. Schrute
At least, that’s what I’d hope.
Google here looks even worse than I thought possible, and I’m a de-Googled, anti-fan, so I already had a very dim view of them.
They didn't do anything. Investigation/State scrutiny shouldn't be considered an act of guilt that requires a vouchsafing.
These are interesting cases but it seems like they happen to be ones where the police bothered do anything.
Google's surveillance system and automated ban hammers are already bad enough. But the actions they took following the ban in this case is egregious and 100% indefensible. At the very least, Google could've reinstated their victim's account and issued a full sincere apology upon being contacted by the NYT. If Google has any care for their users, they'd do that for every people they wrongly reported who had their names cleared. Instead, Google doubled down, continued to treat their victims as criminals in their statement, and even leaked details about intimate photos in a blatant attempt to discredit the users they wronged.
No parent should ever have to go through what Google has put them through when trying to cure their child. Most of all, they should never have to risk losing custody of their child because their child went sick. They should never lose access to their whole digital identity because they didn't know any better than to rely on Google. Yet this is what Google did to these parents, full stop.
Google's users are advertisers. Ordinary people are data sources and ad viewers. Android phones and Chrome are for collecting data about people and showing them ads.
Google doesn't care about losing two data sources and ad viewers.
1. This is a rare edge case with asymmetric risk and an easy way to avoid said
2. A single failure could be catastrophic
3. No process is perfect especially in the face of someone actively trying to thwart it
You could try really hard to make sure it's not attackable and pray, for little benefit to Google. Or just tell people "too bad, you're on your own".
Even if this processes was assuredly bulletproof,
> In what world would Google receive criticism for giving back accounts to people who has been proven innocent?
The sort of drivel/clickbait that gets published to 'make a good story' is astounding. Or politicians, not known for honesty, could totally play this up if their base has an axe to grind against Google.
No giant corporation (especially publicly traded) is going to take such risks to revive a few wrongfully terminated email/photo accounts unless they have an obligation to (i.e. should Google be a utility). Their responsibilities aren't to be nice, or act in a good way, but to protect their profits. To the extent that I've seen corporations 'act nice' it's largely been to benefit their own employees or pursue some pet cause of an executive.
Proven innocent is not a thing, there is only "declined to prosecute [because there was no crime]."
(Your use of "full stop" suggests you're not American either - so I'll rephrase, "is proven innocent a thing in any English speaking country"? I actually don't know...)
Ethical, moral responsibility? Being a nice entity. And it takes zero effort to do so, especially once he is cleared by the cops?
You know, stuff like Don't be evil? Oh wait...
This is relevant to how outraged one should be by this story. I think it is probably > 1:100000. As such, probably not much outrage is warranted, although it’s obviously not great for this one guy.
Or at least the ratio is clearly not 1:100000, maybe more like closer to 1:10.
You would need statistics how many times google have reported police and how many times it have turned out to be a false alarm. Does google even keep record of false alarms? Most likely they don't to avoid responsibility.
It's fairly normal for parents to take pictures of their children naked in the bathtub/at the beach/ camping/etc.
Conversely, I'd expect actual pedophiles and CSAM producers to be really quite rare.
So even a relatively low base-rate of normal parents with normal nude photos would likely dwarf CSAM upon detection.
So, if we say 1/100 are pedophiles, and 30/100 are parents, and of the parents 10% have such photos, the ratio I'd expect without getting into detection rates is like 3:1 in favor of normal parents.
And what I understand is that each of these private photos of their children that parents take on an Android phone with Google cloud enabled gets specifically flagged to be shown to a stranger working for Google.
That sounds pretty insane to me.
*In fact that seems like it could be an effective form of extortion or swatting. Someone with access to your credentials could (threaten to) send CP over your account and ruin your life. Or destroy a small business.
There is a lot of child pornography in image sharing platforms. Facebook, which reports most reliably, had 20 million CSAM reports in 2021, and that’s photos posted to a social network or sent via messenger, not even in private albums. As I understand it CSAM is more focused on reporting re-uploads or transmission of known abuse material, rather than new material. So I still maintain that if we take the type of image referenced in the article as the denominator, vastly more of such photos would be child abuse material. Granted, 1:100000 is too high, I would revise that down to 1:1000.
One, We really need to know the base rates and false positive rates to reason well here.
Two, I think you'd also need to consider the number of people and number of photos. So like, a photo can be considered a trial, OR flagging a person can. I would imagine a given pedophile has a large number of CSAM photos, but there are few pedophiles. There are however lots of normal parents with fewer photos that might trigger a false positive, but because of that base-rate issue, even if the probability that a given photo is falsely identified as CSAM is quite low, the probability that a given person is falsely flagged/reported may NOT be low.
Bill Waterson somehow managed to sneak watercolor paintings of a naked little boy into every major newspaper under the guise of being a “comic strip”— the perv.
Dare I say that it is a peek into how Black people feel when they go out in public to do...anything.
Google has inserted itself into almost all spheres of digital life by hook or crook. It's practically difficult to avoid them in many services - especially email. And now they play judge, jury and executioner. I don't understand any of these are acceptable, much less justifiable. The old argument 'think of the kids' used to justify digital authoritarianism is such a cliché by now.
The guy in the article works in the tech industry and lives in a city where a lot of journalists live, so he could get his story into the media.
What about others?
I’d like to contribute to a crowdsource fund to prosecute cases like this.
When I was a kid the Comic Book Legal Defense Fund [0] was set up to pay for lawyers to defend comic book stores that were being targeted by over eager police departments and civil suits.
Maybe something like the Google is an Asshole Legal Defense Fund could collect donations. The article mentions $7000 as the cost to prosecute this persons case. Crowdsourcing can help with that.
[0] https://en.wikipedia.org/wiki/Comic_Book_Legal_Defense_Fund
Such costs are actually why so many police agencies are backing off of CP investigations. They still prosecute where evidence is clear, such as when someone emails such material openly, but they arent willing to invest the tens and hundreds of thousands of dollars necessary to handle the complex cases involving encrypted communication/storage. 7000$ would be a bare minimum for only the simplest of legal defenses in the simplest of cases.
If Google has to choose between sending an executive to small claims to defend the company without representation or try to resolve a dispute via settlement, they are likely to try to resolve it via settlement which is the type of relief this individual appears to be seeking.
The question everyone needs to ask themselves, if Google closed your account right now, for good - what would that do to your life...
They don't care a single bit about the effect their actions have on others. They only care about having to build a system, which can distinguish such cases from actually criminal ones. Because that wouldn't scale and would be bad for business $$$. So they try to turn and twist the image in the light of the public, that it is "right" what they did, so that the public does not cry out and demand change of their systems. Empathy doesn't even enter the equation for Google.
There are only two ways to actually do that:
1) Make Google's policies 100% subservient to the United States legal system, which would look a lot like the "corporate / national lock-step unity" one sees in actual fascism
2) Google build its own court system, independent from the United States court system but with equivalent power
Are either of those scenarios desirable?
Instead of going: "Nooo! We were still right! We don't care what others say or what facts were found out!"
So I am thinking you are painting the scenario a bit wrong here, saying, that there are only 2 options. An honest apology and actions to make up for ones mistakes can go a long way. Of course I would not expect Google to act that way.
Probably the button simply doesn’t exist to undo the termination 30/60/90 days later. Good luck getting them to admit it.
I've said it before and I'll say it again: Google now has enough power that it has effectively turned into a globalist government, a government you did not vote for.
I love the use of the disclaimer "sexual" here, to make it clear they don't care about other types of child abuse (like interfering with access to health care, which Google is clearly guilty of in this case...)
Well crafted weasel words, PR folks!
Why?
Because they are not in contact with our authorities and, frankly, the chances my private files will be of any interest for Chinese authorities are close to zero.
Not that I have nothing in particular to hide, but as this example proves once again, if life damaging mistakes can happen, they will happen.
china extradited from us
Produces many independent cases of China successfully extraditing suspects from the US and vice versa.
I haven't been to the US since they made it legal for custom officers to search travelers' personal electronics without a warrant and deny entry if you refuse, because, thanks but no thanks.
My guess is that the "trigger" for "any other country" is much higher.
Criticize the US President all you like on every social network: not a problem.
Save a screenshot of Winnie the Pooh: you're playing with fire.
given that this [1] already happened in my country, and also this [2] also happened (just to name a couple) and nobody paid, that there are 13,000 American soldiers on my Country's soil and that this [3] man has been POTUS and is probably running again for election, I wouldn't say "not a problem".
US could reach me at my house if they wanted to, OTOH PRC can't do much.
[1] https://en.wikipedia.org/wiki/1998_Cavalese_cable_car_crash
[2] https://en.wikipedia.org/wiki/Abu_Omar_case
[3] https://www.politico.com/news/2020/10/07/trump-demands-barr-...
> Save a screenshot of Winnie the Pooh: you're playing with fire.
I imagine this is sarcasm.
Winnie the Pooh has never actually put anyone in real troubles.
https://www.washingtonexaminer.com/news/university-of-minnes...
I don't support China methods, but mocking the president of your country in public, from abroad, when you know what your Country is is capable of is not a smart move, ever.
It happens everywhere, different solutions, same goal: censorship and setting an example.
https://time.com/4644297/saturday-night-live-katie-rich-susp...
In a recent comment thread I noted that my father’s generation went from fighting a bitter war with Vietnam to Apple building MacBooks there. My grandfather landed on D-Day and drove Volkswagen Beetles for most of his life.
None of us know what will happen in the future. China could become a close ally. They’re already an existential economic partner.
The only path to real privacy is personal sovereignty. If you don’t control the data it is public. Period.
I am your of the same generation of your father...
My grandfather was already 40 years old when D-Day landed.
> None of us know what will happen in the future
It's safe to assume that it doesn't matter.
You could die tomorrow, so why are you worrying?
> If you don’t control the data it is public
Unless the network is firewalled by Chinese government...
Safety is not about paranoia, but about layers.
car alarms aren't there to make it impossible to steal your car, but only to make it inconvenient for the thief and convince them to steal someone else's car.
Funny, censorship (which this case somewhat is) is about making things not public. Though I somewhat agree.
based on what?
At least is an entire Country that will blackmail me, must think I am really important, not some rando that hacked iCloud to find celebrities boobs and post them online...
> Just encrypt your data rclone would do that.
yeah, but rclone is an offline backup, basically.
cloud storage is for when you need immediate access and search capabilities.
And there are a million more people who don't have security clearances and work at companies such as Alphabet, Meta, a datacenter, Boeing, etc.
it's private files, not secret state information.
things like my address book, SMS (mostly inbound alerts, nobody sends them anymore), WhatsApp backups (which are encrypted) or pictures I took with the phone's camera, nothing compromising.
Exactly, which for some people contains content that you could blackmail them with.
> pictures I took with the phone's camera
I'm glad you don't take nude selfies, or cheat on your spouse through SMS, etc; but others do, and that potentially makes them susceptible to blackmail.
What if, instead of money, the blackmailers asked Jeff Bezos for access to some AWS servers. He most likely is not the only CEO that took nude selfies and can grant access to sensitive areas. What if, it was pictures/information from before someone knew any better, had access, or were famous.
https://www.reuters.com/article/us-yahoo-nsa-exclusive-idUSK...
The problems that befell the fellow in this story were not due to Google being in contact with the authorities. The authorities unobtrusively investigated, determined that the reports were false positives, and closed the case.
If all Google had done was contact authorities he would have never even known that he was investigated, and there would have been no impact at all on his life.
China has bans in most of the same categories that the US and other western countries do, but typically broader (e.g., they broadly ban pornography). If ISPs there are on the lookout for things China bans you are probably more likely to have a false positive there than with a western ISP.
The question then is a Chinese ISP more likely to overreact on a false positive than a western ISP? I believe China is more likely to hold a business responsible for the bad acts of that businesses customers, which I expect would lead to Chinese businesses being more likely to overreact.
They are not in contact with our authorities, until they decide they want to. It's not like you are a Chinese factory owner making counterfeit wranglers, I doubt they would deny any kind of request from a western government about a westerner.
Your access to the service is also under risk, at any time there could be a breakdown of relations leaving you unable to pay for the service, that would have happened already, if you had chosen Russia instead of China.
Your behavior also looks suspicious to the western intelligence apparatus. Sending potentially terabytes to Chinese servers as a private individual may very well put you on their radar.
As others have noted you are setting yourself up as a prime candidate for an intelligence asset, they could at any point blackmail you to perform any action they want.
With what would they blackmail you? The terrabytes of CSAM they could at any point plant in your account. Do you think they would be above doing that, if they had anything to gain and were aware that you exist? Or do you think your Chinese provider would require a court order to give you up? Your entire bet is that they don't know that you exist.
My main point as advice to others mostly is you shouldn't put your self in the hands of your adversary.
I don't even know how you trust their software to run on your system.
PS: If you think all these are farfetched and paranoid, I will remind you that China routinely takes hostages to achieve diplomatic concessions https://en.wikipedia.org/wiki/Hostage_diplomacy#China
My future proof solution will be hosting my data on bare metal in Iceland.
They are quite serious about data privacy.
You can get customer service from Google's hardware just like Apple.
It's the software/services that have awful/non-existent customer service.
I can depend on Google to support a Google branded phone I bought in 2013 with security updates 8 years later like an iPhone 5s user could or with operating system updates for a phone I bought in 2015?
The original poster couldn’t get anyone on the line about a Google account. You can call an Apple CSR about an iCloud issue.
"Apple announced plans last year to scan the iCloud for known sexually abusive depictions of children, but the rollout was delayed indefinitely after resistance from privacy groups."
> “The more eggs you have in one basket, the more likely the basket is to break,” he said.
I only have a google account to have access to Play store. Everything else, mail, calendar, photos and storage, has been moved off Google
Self-hosting mail, calendar and media is too complex task for 99% of population. This is not a solution.
Currently more or less adequate solution in terms of integration is self-hosted Microsoft Exchange. I wonder how much does it cost (including Windows Server license).
I don’t trust it to be more reliable than a paid service. The thing about self hosted solutions is you’re completely on your own if something goes wrong. You need to make sure you’re backing things up, that you can restore your Nextcloud configuration if your sql database takes a dump or you fat finger and delete some config files (I’ve done both). Or if you have a power outage or lose internet connection and can’t access vital files, or even something simple like a bad software update causing issues.
While a great option, one can’t simply spin up next cloud and then move everything over like you would a Saas solution as a typical layman.
If something goes wrong with your at home nextcloud, you still have the data/hw, and you can either get help troubleshooting from someone who understands what they're doing, or you can try yourself (which will take more time). You're not on your own. And even if you are, you can just shelve it, and defer the recovery for later. But unless it figuratively crashed and literally burned, you're not fundamentally prevented from recovering your data.
Monthly or annual downloads though, can be scheduled manually simply by putting a note on your calendar.
If an account goes down, the thing you'll miss most may not be the recent things, but rather the many years of archives you might have in a Google account.
As for hosting... I just rent colo space and cut out all the cloud stuff.
Neo Backup - Currently maintained, and available on fdroid.
Titanium backup and restore - I don't think it is still maintained, but it still works.
Seedvault which does not require root can't backup a lot of things.
Depending on your phone, you may be able to backup everything with twrp, but it doesn't work with some new-ish phones.
It feels like they built it to say that you can, but your data is still just as locked as before…
If you have "too many" Google photos and that archive fails, create albums for every year, and only download a year/album at a time. It's a huge PITA, but at least you'll get your stuff back. (Kinda: depending on how you uploaded your photos, the metadata may come back truncated or altered).
Many years ago Microsoft has banned my outlook account for no reason. I tried contacting the support to resolve the issue - nothing. Only after writing a letter, I received the answer from Microsoft Germany:
We banned your account because I was distributing porn through onedrive (which I was not doing). The investigation showed that Microsoft could not find any wrongdoing. The account was gone nevertheless.
This is why I say:
- skip Gmail/Outlook and all this crap, use something proper like mailbox.org with your own domain - dont trust cloud. Backup once a month, use two clouds at the same time, have a cold storage with your backups - biggest risk is your apple icloud account. dont be dependant on them: dont use their credit card - dont use google/ms 2fa apps - have multiple accounts in parallel: one for google drive, one for search, one for mail (if you need it), one for youtube, etc
This. Use Yahoo for your email, Verizon for your phone number, Dropbox for your backups, Facebook for your socials… It doesn’t matter which you choose, but fragment your digital life. When one part goes bad, it won’t infect the others.
Synology Diskstations are rather easy to setup and not very expensive.
Edit: yeah it is [1]
> Phone companies are required by law to port your number out when you start service with a new carrier. According to the FCC, a company can't refuse to port your number even if you have an outstanding balance or unpaid termination fees.
[1] https://telzio.com/blog/what-to-do-when-a-carrier-refuses-to...
It looks like with Google you are supposed use the Google Fi app or website to obtain a “port out number” and PIN [1] to give the new carrier when they ask for account number and PIN.
If you accounts have been banned I wonder if you can still get that information?
[1] https://support.google.com/fi/answer/10888419?hl=en
As it looks from LinkedIn comments, they still do.
It's such a shame because having these services be healthy and popular benefits everyone.
hah, we're a hetzner costumer for .. years now, but I had no idea they have this :D
https://www.hetzner.com/storage/storage-box
so you can connect the NextCloud to the storage account? which protocol do you use for this?
It has gotten significantly better in the last year or so, but it's still pretty bad and pretty slow.
[1] https://apps.nextcloud.com/apps/recognize
lol. Missing 4 zeros there.
Part of the reason for the brazen actions of companies like Google is that their substantial financial means and legal department sizes grant them a substantial degree of immunity to judicial review.
Also some execs behind bars won't be a bad idea. Granted that mistakes do happen, but when they don't resolve it in a timely manner, punishment is fair.
Addendum : I don't know if companies have a govt imposed rule to report porn, in that case I'd say the root cause is the govt, not the company. Of course if the root cause is govt, and even more root cause is people themselves. People collectively generally get the govt they deserve...
In the US there isn't and generally cannot be a government requirement to search the customer's data. If there were, the provider would effectively acting as an agent of the government and the customer would enjoy 4th amendment protection of their privacy (absent a warrant or other, similarly targeted and justified reason).
Unfortunately, there is a bit of a wink-nod situation going on where the government quietly pressures companies to engage in these activities "voluntarily" -- in exchange for varrious forms of preferential treatment and refraining from enforcing other regulations -- and in court when a target attempts to present 4th amendment defenses everyone pretends (and testifies) that the provider was searching the customers private files of their own volition and not on the government's behalf.
In this game neither the provider nor the governments hands are clean because they are both conspiring to undermine the constitutional rights of the public.
Imagine having all your memories in the form of images and videos taken away because of sloppy review work at a tech company.
Does it though?
Also: I wear a helmet or a belt every single time I drive even for 1km. Should I not? I never needed them. 0% use rate so far for me, might as well not have done it.
The issue is that when it happens, you're done.
Considering that you probably don't need to keep all your eggs in one basket, why not at least try?
On this note, I wish providers were forced to provide a third-party backup mechanism for important data so that if I were to lose:
- the email: it could forward my email to at least receive them
- my photos: a copy could be kept on multiple hostings
etc
How is a laymen supposed to tell the difference between Backblaze - running their own servers, and a Dropbox-like - which is really just uploading your files to amazon's servers?
That's the point I was trying to make.
OneDrive IS Microsoft and iCloud IS Apple so they ARE BigTech, the same as Google? I don't see how that argues against the point?
Box is the only one in that seems to qualify? Kinda proves my point that it's not at all easy for a laymen.
You would even avoid DropBox because they also chose to use proven reliable technology until their own technology was good enough?
But the point I was making was that it was hard for a laymen to decide to avoid using any of the bigtech companies, since so many of the small upstarts are just build on-top of the existing bigtech and aren't forthcoming on if they own the datacentre or if its Azure/Aws etc, so for those who they really did have privacy as their key driver it probably would be easier to self-host, or you have to trust somebody.
The adage that there's no such thing as cloud computing, just somebody else's computer makes sense. If you're that concerned with privacy it's far easier to run your own.
And no, they're not going to spin up a VM. They should buy their own NAS and back everything up to that if they care enough about privacy to avoid cloud storage.
[0] https://pocketnow.com/no-such-thing-as-the-cloud [1] https://www.reddit.com/r/programming/comments/argram/the_clo... [2] https://www.redbubble.com/shop/there+is+no+cloud+stickers
I've also just seen, which you didn't disclose, that you work at AWS[0]. Not disclosing a vested interest doesn't exactly lend confidence to your impartiality. Either way, I'm still not sure how your argument is a rebuttal to my proposal. SO far it seems to amount to "other cloud providers exist" and "Your mistype wasn't accurate"?
[0]https://news.ycombinator.com/item?id=32556018
Use email, phone and app 2FA plus printable 2FA codes, and you'll always have a way.
Frankly if all of these can be made inaccessible in one go then the setup was mighty flawed to begin with.
- iCloud 2FA is another Apple device.
- I don’t care enough about my Google account to have 2FA. Besides the occasional SMS.
- Microsoft 2FA is Microsoft Authenticator.
Apple iCloud - 2TB as part of a bundle.
Google Drive - I haven’t had to start paying for it yet.
Amazon Drive - part of Amazon Prime
Email is by far the biggest albatross around my neck. To migrate email requires me to setup two different failure points: purchase a domain and a Fastmail-like service. Now that is two different places that are subject to me forgetting to pay a bill, being social engineered into giving away my account, etc. To say nothing of the long tail of acquaintances who only know be my current address.
Yet still, this existential terror exists that I will Do Something Wrong (no you will never know what it was), and lose everything.
As far as the social engineering goes, personally I gladly take that risk in order to bring my email firmly into my control. If I'm going to lose access to my email, I want it to be because I did something stupid, not because an algorithm flagged my account and Google has no humans I can appeal to.
The long tail of acquaintances isn't bad either: just forward emails from Gmail to your new address. If you lose access to the Gmail account at some point, you'd have lost everything anyway, so this arrangement would be strictly better.
(For the first time ever, I wish I had a DALL-E 2 account)
1) AI bot
2) Beg HN/twitter for insider help
3) Lawyers
That's absolutely insane for a product set that has become central to one's life
> “I decided it was probably not worth $7,000,” he said.
I believe it is one of the roots of the problem. How is it even possible that getting justice in court in such a trivial case costs about three months of median income?
That is possibly the most idiotic comment I've read on this thread. Of course it matters.
Your intent doesn't make it right. And you have to make sure a criminal can never get their hands on one.
What's next, actual serial killers declare themselves chefs and thus can receive and share knives with other chefs "for cooking reasons"?
Please. Don't be so naive guys. Don't make knives. How the hell is that not common sense?
---
That is how rediculous your suggestion about pictures sounds to other people.
The context is critical. Context is always critical.
Also, I'm not sure why an "actual" paedophile couldn't be an acupuncture professional. I mean it's not really a thing to take your kids to before the GP. To be clear: I don't think that anyone should be able to just declare themself to be some sort of qualified practitioner and make or imply that they can provide a service or results that they cannot. But I'm really unsure why someone calling themselves an acupuncture professional (whether they are qualified to or not) would entitle them to freely trade in sexual abuse material.
Isn’t that also a description of breastfeeding?
also, while we might find it unwise to make a video, but also we were not there.