Hacker News new | past | comments | ask | show | jobs | submit login
Google Suppresses Memo Revealing Plans to Closely Track Search Users in China (theintercept.com)
541 points by halestock 8 months ago | hide | past | web | favorite | 289 comments



> "The Dragonfly memo reveals that a prototype of the censored search engine was being developed as an app for both Android and iOS devices, and would force users to sign in so they could use the service. The memo confirms, as The Intercept first reported last week, that users’ searches would be associated with their personal phone number. The memo adds that Chinese users’ movements would also be stored, along with the IP address of their device and links they clicked on."

This seems to be the direction for all users of Google. The new version of Chrome signs you into the browser even if you don't want to sign into the software itself. You can't really use Google's browsing device (Google Chrome) without providing your identity, if you ever want to sign into a Google website.

Support for Firefox is more important than ever.


I installed Chromium on Ubuntu today, and on the first run was given an opportunity to opt out from Google's personalized ads being shown to me based on my entire web browsing history. It was that moment when I realized, that what I had just installed was not primarily a web browser, but a Google application with a web browsing feature built-in. Because everything in it was built to optimize Google's ad revenue. It even had an ad blocker enabled by default, which made Google's ads stand out by disabling the ads by others.


I am so saddened by how much we trust Google. I wish we regarded Google software with more suspicion. Would people have been nearly as upset if it had been Google that acquired GitHub?

I miss the days of being suspicious of Microsoft. But Microsoft isn't nearly as diabolical as Google, nor are they as competent.


I'd argue MS has become less diabolical as they've become more competent (VS Code, e.g.). Google is more complex, they are certainly looking more diabolical, not quite sure about the more competent - I suppose it only matters that they are competent enough to be dangerous.


That's because Microsoft's incentives are more aligned with ours. Better, more user-centric software == better outcomes for users, more Microsoft usage/profits.

Google, on the other hand, is fundamentally incentivized to sell ads, which requires collecting data. The more data they collect, the more money they make. As the saying goes, we are the product. No amount of hand-wringing or shaming is going to change that fundamental fact.

I think that in 100 years we're going to look back on how personal data is used the way we look at barbaric medical practices of the Dark Ages. People in general just didn't know or expect better.


> That's because Microsoft's incentives are more aligned with ours. Better, more user-centric software == better outcomes for users, more Microsoft usage/profits.

Microsoft is in the same business as Google. Search, Bing. Gmail, Outlook.com. GCP, Azure. They even operate an ad network.

Google has some bad incentives but Microsoft has all the same ones. If not, why isn't there a single button for "never send any of my personal information to Microsoft" anywhere in Windows 10?


> Microsoft is in the same business as Google.

Microsoft and Google may have competing products, but they are in completely different businesses. Microsoft is in the business of software, Google is in the business of data. That's why there's a public Bing Search API[1], but there's no public Google Search API.

[1] https://azure.microsoft.com/en-us/services/cognitive-service...


> Microsoft and Google may have competing products, but they are in completely different businesses. Microsoft is in the business of software, Google is in the business of data.

In what way are Windows and Edge "software" but Android and Chrome are not?

> That's why there's a public Bing Search API[1], but there's no public Google Search API.

The company that is operating a data service is the one not in the data business?


> In what way are Windows and Edge "software" but Android and Chrome are not?

> The company that is operating a data service is the one not in the data business?

A company in the software business charges for the usage of its software (Windows, Bing API). A company in the data business gives the software for free, and monetizes the data it collects about its users (Android, Google).


> A company in the software business charges for the usage of its software (Windows, Bing API). A company in the data business gives the software for free, and monetizes the data it collects about its users (Android, Google).

A services API isn't software. You're not buying a copy of the code and running it on your computer. And Google offers the same category of thing (paid services), e.g. the Google Maps API or G Suite, while Microsoft offers free services equivalent to google.com and gmail.com like bing.com and outlook.com.

Meanwhile Microsoft has been giving away actual software like Windows 10 for free, along with a variety of other things like IE/Edge (including for non-Windows platforms), VS Express, the Skype software, etc.

They're direct competitors operating in largely the same markets and using the same business models.


> A services API isn't software. You're not buying a copy of the code and running it on your computer.

It's called SaaS, which stands for "Software as a service"[1].

> They're direct competitors operating in largely the same markets and using the same business models.

Google generates 84% of its revenues from ads[2], Microsoft generates 95% of its revenues from software[3].

[1] https://en.wikipedia.org/wiki/Software_as_a_service

[2] https://martechtoday.com/google-posts-31-1b-in-total-revenue...

[3] https://www.microsoft.com/en-us/Investor/earnings/FY-2018-Q1...


> It's called SaaS, which stands for "Software as a service"

In other words, you're not buying a copy of the code and running it on your computer. So the provider has all your private information.

And if that's "software" then how is Google not a "software" company? All their services are that.

> Google generates 84% of its revenues from ads[2], Microsoft generates 95% of its revenues from software[3].

It's understandable that you missed this, but the distinction you're making is arbitrary. Microsoft can book ad revenue under software and service categories because the software/service is what generated the ad views. They definitely make more than 5% of their revenue from ads.

Percentages are also useless in general. If Google merged with Amazon (which has much higher revenue) then most of their revenue wouldn't be from "advertising" but how would that change their incentives at all? If anything it would be worse -- now they're providing more non-advertising services to you and have the incentive to spy on you via those services to increase their ad profitability.



It's Google's Custom Search API, designed to increase the usage of Google, not to replace it. Bing Search API allows creating new search engines that don't send user data back to Microsoft. That's why DuckDuckGo is powered by Bing, not Google.


Except that the entire reason most sites are searchable is because of the analytics includes on every single page, everywhere.

So, literally every click you make is trickling data back to Facegoogsoft, because that’s how indexing works.


In the meantime, Apple builds walled-garden devices with limited functionality so that users are forced to buy several devices.

It's unfortunate that every large vendor today has short-term incentives to screw users.


I'd argue that Microsoft is much worse, what with their utter ubiquity in corporate environments, linkedin, github and win home users. Google ruined cell phones and Microsoft ruined personal computing.


The problem is it is often difficult to decide where incompetence ends and where malicious begins. Microsoft Edge or at least EdgeHTML has a stated goal of being 100% compatible with Google Chrome. As you might guess, it isn't even close. Why? There are far too many competent people at Microsoft to say "never attribute to malice what can be described by incompetence". This isn't the kind of incompetence at Equifax.


Its sad that one has to be 100% compatible with Chrome. Is this something that someone at Microsoft really said? one should have to be compatible with the standards. If that statement is true, then it supports the claim of Google's dominance- which is unhealthy for the browser market, and users.


Maybe I didn't capture the wording perfectly. Maybe I reported what I heard and not what they said?

> any Edge-WebKit differences are bugs that we’re interested in fixing

context:

> We recommend that web developers avoid UA sniffing as much as possible; modern web platform features are nearly all detectable in easy ways. Over the past year, we’ve seen some UA-sniffing sites that have been updated to detect Microsoft Edge… only to provide it with a legacy IE11 code path. This is not the best approach, as Microsoft Edge matches ‘WebKit’ behaviors, not IE11 behaviors (any Edge-WebKit differences are bugs that we’re interested in fixing). In our experience Microsoft Edge runs best on the ‘WebKit’ code paths in these sites. Also, with the internet becoming available on a wider variety of devices, please assume unknown browsers are good – please don’t limit your site to working only on a small set of current known browsers. If you do this, your site will almost certainly break in the future.

Personally, I think operations infrastructure should take a a more hands-off approach and let people use whatever web browsers they want and focus on educating users on why and how rather than on what. However, it is not practical for a variety of reasons. I had a chance to chat with a Chrome team member. He assured me that if you are an IT department and want to deploy Chrome in your enterprise, the Chrome team is committed to stand behind you. You can start at https://enterprise.google.com/chrome/chrome-browser/ If you have custom home-grown applications that require a legacy browser, you can centrally manage lists. In practice, this means that users will just need to open Google Chrome. If they go to some address that requires a legacy browser, Chrome will automatically kick you to the legacy browser. When someone continues on the legacy browser, you can kick them back to Google Chrome and have them continue there. I think this is the better path forward especially considering that Windows 7 will end of life in 2020. While I love Mozilla Firefox, I think Chrome is your only choice when it comes to Enterprise desktop.

For web developers like me, Edge has such a small market share that it makes no sense to test for Edge. From what I understand above, I shouldn't have to test for Microsoft Edge. It shouldn't have any of the legacy stuff from MSIE. That being said, threats of mono culture aside, I think it is best for any corporation to move their web browser to Google Chrome. Your people will be more productive on Google Chrome because it is the browser they know and love.

https://blogs.windows.com/msedgedev/2015/06/17/building-a-mo...

If you're reading this, hello from Google Cloud Summit New York!


What if we use ungoogled-chromium instead? How effective is it at removing Google from the browser?


Take a look at ungoogled chromium

https://github.com/Eloston/ungoogled-chromium


A more appropriate direction would be "trust Google as much as you trust the government of the area you're in"

Google has clearly showed that they will kowtow to whatever the local law is. As far as I can tell they do this as a last option though, and not just because they don't believe in certain ideas of privacy.


You can't really use Google's browsing device (Google Chrome) without providing your identity, if you ever want to sign into a Google website.

That makes total sense. Google is in the business of selling ads, this requires getting as much information as possible on users, through any means possible, software downloads, online services, it's all the same in the end.


Google makes money off ads through Firefox, ie, and safari. Requiring absolute browsing data on all users goes above and beyond just meeting their bottom line.


I'm not sure if you are defending their abuse of users or just stating the reasons why they do it.


The reasons as to why they do it defend the reasons as to how they do it, the end justifies the means.


I'm not sure what you're saying. If you are walking down a quiet street at night, and a person with bad intentions needs some money, then it "makes sense" for them to beat you up and take your wallet and phone. They needed some money, so the mugger's behavior is not unexpected, and their end justified their means. That doesn't say anything about whether it's right or not, or whether people should do something to prevent muggings or not.


That doesn't answer JoshMnem's question. Justifies the means to whom? If the answer is google, I'm not sure what the point of your comment was, as that's pretty obvious...


Yes, my answer was google, I found the question to be as obvious as you found my answer to be.


Well, this is all rather pointless then!


Or you could just use Chromium.


I'd rather non-Chrome browsers such as Firefox and Safari keep some market share so we don't end up with too many "Only works in Chrome" webistes.


Chromium has many of the same problems as Chrome. I don't think Google can be trusted to not abuse their position any more.


I wonder how far they can push it before one of the larger more open distro's just goes "yep, that was far as you are going" and we end up with the Chromed Ice Weasel.


Well there is already vivaldi, iridium, and ungoogled-chromium. But a better choice, IMO, is to install Brave since they are not just removing spy-features, but enabling new ideas to incentivize support for a more privacy focused internet.


The ad model is fundamentally broken, because all roads there eventually lead to tracking and online garbage. Monocultures are bad, so I don't think people should only use Chrome-based browsers. Google once tried to do ads without going down the wrong path, but that clearly hasn't worked out.

I think that Firefox Quantum is a better alternative.


Yea, that was what my essay/overview was about, including tracing these problems back to Larry/Sergey. It is probably worth posting a link here: http://yuhongbao.blogspot.com/2018/09/google-doubleclick-moz...


How effective is ungoogled-chromium at removing Google from the browser?


Have you looked at this project?

https://github.com/Eloston/ungoogled-chromium


That has the same issue as Waterfox and other projects where you lose out on quick fixes for discovered exploits.


I've seen it, but Chromium is fundamentally a Google product and it still has some of Chrome's problems. If we want future generations to experience technology freedom, we should avoid monocultures.


there are other chromium based browsers like vivaldi and brave that might disable a lot of the google crap but i couldn't be certain of the top of my head


>"The new version of Chrome signs you into the browser even if you don't want to sign into the software itself"

Damn. I just realized that. Signing out of browser signs you out of GMail. And signing into GMail signs you into the browser. Went to download Edge but turns out it's not on Win Server. MSFT really needs to get its act together.


Out of curiosity why are you using a web browser on a server?


I used one yesterday on Windows Server 2016 Datacenter because the new version of the only application running there needed .NET 4.7.2. It started IE which after a long sequence of allowing web sites (tracking and not, included Google Analytics) eventually managed to download the installer. IE was already on the server. I really wanted to install Firefox to avoid all that absurdity of whitelisting sites.


Employer's choice of workstation OS :/


Why not Firefox?


Yep that's what I ended up eventually downloading. Edge on Win 10 is not bad actually.


Support for Firefox is more important than ever.

Agreed.

I had always been a FF user, but switched to chrome about a year ago because it was faster. The latest version of Chrome pushed me back to Firefox, as it's WAY slower and not particularly friendly to tracking, even with Ghostery/uBlock etc... installed


The only remaining google usage I have is the Android play store, though I should flash a custom rom so I can use yalp store more effectively.

I'm done with Google and refuse to support their products and services.


TBH Yalp store it's very clunky and unreliable, you will find out when you get rid off gapps like i did, it would be probably easier to use apkmirror


> The new version of Chrome signs you into the browser even if you don't want to sign into the software itself. You can't really use Google's browsing device (Google Chrome) without providing your identity, if you ever want to sign into a Google website.

It doesn't sounds like you've actually tried this.

It doesn't sign you into anything but the google website, just like before. You have to turn on browser sync to sign into the browser. Seriously, try it. Your passwords, history, etc aren't there, and nothing shows up in your history from that session. Signing out of gmail still signs you out.

The new system is annoying because it makes it more difficult (impossible?) to sync to one Google account while having another one be the primary signed in one, but it doesn't sign the browser into anything on its own.


I've tried it multiple times and logging into a Google website automatically logs you into the browser itself (not just the website). Trying to clear cookies now doesn't clear Google's cookies either. Chrome 69.


Not for me it doesn't. 69 on Mac OS.


To reproduce:

- log out of Google Chrome

- clear all cookies (requires digging deep into the settings or using devtools, otherwise Google's cookies will remain)

- restart the browser

- make sure that your picture is not displayed in the browser itself or in the browser settings and that you aren't in incognito mode

- visit the Gmail website and log in

- your picture will now be displayed in the browser software itself (not just Google websites) and in the browser settings

- clearing cookies (ctrl-shift-del on Linux) will not log you out of Google websites or the browser


Where are you two located? I have noticed Google discriminates per location. For example creating a Gmail account from Canada isn't possible without a phone number, whereas creating one from Europe is.


It probably depends on IP address reputation. For me in Russia, Google always requires a phone number, but I saw reports by others that phone isn't required for them.


Seattle


It's not just JoshMnem who has this, the same happens to me. Running 69 on Windows.


> the same happens to me

In about:settings, does it say at the top "Syncing to codefined", or is there a button you can press to "Sync as codefined". Maybe the confusion is the UI.


Ouch. It must be really fun for Googlers to hear their company is working so hard to repress dissidents trying to reveal its secret project to help China repress dissidents.


Fact of the matter is that there is a Chinese internet and a US internet. Going forward there will be a Chinese internet, that some authoritarian countries will adopt that are a part of the Chinese sphere of influence. American companies, and the American government through them want a foothold on that internet. This is the only way for them to do so.

https://www.cnbc.com/2018/09/20/eric-schmidt-ex-google-ceo-p...


The idea that this appeasement will make Google a contender in China is blazingly ignorant of Chinese politics. No foreign company will ever be allowed to gain significant market share; it would be seen as a national security threat. The only way for Google would be to forge an equal partnership with a Chinese tech giant---Tencent, Alibaba, Huawei, or maybe one of the two dominant cell carriers.

Google is selling out for nothing.


Ok, they will never be as huge as local companies, but what's the downside to trying? Google being there doesn't make chinese access to internet any worse. If anything, their government would have to pump in more money into the local companies to stop Google from gaining a foothold, which would be a positive for their citizens.


The downside to trying is being knowingly complicit in human rights abuse lol


I hope I am not too cynical. I think this type of thinking leads to confusing the symptoms for the underlying problem.

Ask yourself, are we complicit in human rights abuse? We all pay our taxes right? Where do our taxes go? Dictators propped up globally. How many dissidents were tortured and executed with the aid of our intelligence agencies? What about the ongoing Israeli human rights abuses -- illegal occupation and genocide are somehow less than important than Chinese speech moderation?

We are so inconsistent. If we actually care about progress then we wouldn't get distracted by each instance of a problem. These posts, our comments... they are us trying to make ourselves feel better by spinning lies. Attack the underlying problems. Our problems are social problems, legal problems.

Advocate. Spread awareness. Run for office. Volunteer. Tackle the problem.


I have similar feelings sometimes but I am conflicted on the topic. Would you be interested in a discussion on this topic?


Wouldn't that money be funded by the citizens and potentially be a waste of resources, duplicating viable products?


That's bs. Apple is making billions from China each year without any bs partnership.


Regarding iCloud, Apple has made decisions to bring Chinese iCloud in compliance with Chinese regulations. Chinese iCloud accounts, data, and encryption keys are stored with a Chinese firm overseen by the Chinese government.


Yep. Apple moved their keys to be stored locally on state-owned servers, meaning that Apple has given the Chinese government access to Chinese user data. Apple even updated their TOS for it.


Not according to Apple [1]:

>Apple says the joint venture does not mean that China has any kind of “backdoor” into user data and that Apple alone – not its Chinese partner – will control the encryption keys.

[1] https://www.reuters.com/article/us-china-apple-icloud-insigh...


China goes so far as to require Android users to install a surveillance app in some provinces (https://en.wikipedia.org/wiki/Jingwang_Weishi) so you think the Chinese government would really allow the sale of unbreakable end to end encryption domestically just because it's Apple?

What would be the point then, as anyone wanting to avoid Chinese surveillance could just buy an iPhone. They wouldn't go through huge, immense trouble rolling out a massive surveillance apparatus on this domestic internet only to allow the world's most popular phone to be sold domestically as a simple circumvention.

No, Apple obviously made a deal as they are totally dependent on China for manufacturing their phone as well, they have no leverage. The difference is, Apple's culture of secrecy seems to prevent their employees from leaking dissent externally, so whatever they did, the details aren't public.


>so you think the Chinese government would really allow the sale of unbreakable end to end encryption domestically just because it's Apple?

Yes. Apple has even said this in court filings during the FBI legal fight [1]:

>Finally, the government attempts to disclaim the obvious international implications of its demand, asserting that any pressure to hand over the same software to foreign agents “flows from [Apple’s] decision to do business in foreign countries . . . .” Opp. 26. Contrary to the government’s misleading statistics (Opp. 26), which had to do with lawful process and did not compel the creation of software that undermines the security of its users, Apple has never built a back door of any kind into iOS, or otherwise made data stored on the iPhone or in iCloud more technically accessible to any country’s government. See Dkt. 16-28 [Apple Inc., Privacy, Gov’t Info. Requests]; Federighi Decl. ¶¶ 6–7. The government is wrong in asserting that Apple made “special accommodations” for China (Opp. 26), as Apple uses the same security protocols everywhere in the world and follows the same standards for responding to law enforcement requests. See Federighi Decl. ¶ 5.

and Craig Federighi's declaration [2]:

>5. Apple uses the same security protocols everywhere in the world.

>6. Apple has never made user data, whether stored on the iPhone or in iCloud, more technologically accessible to any country's government. We believe any such access is too dangerous to allow. Apple has also not provided any government with its proprietary iOS source code. While governmental agencies in various countries, including the United States, perform regulatory reviews of new iPhone releases, all that Apple provides in those circumstances is an unmodified iPhone device.

>7. It is my understanding that Apple has never worked with any government agency from any country to create a "backdoor" in any of our products and services.

>I declare under penalty of perjury under the laws of the United States of America that the foregoing is true and correct.

Apple has leverage in China because they indirectly employ millions of people.

>No, Apple obviously made a deal as they are totally dependent on China for manufacturing their phone as well, they have no leverage. The difference is, Apple's culture of secrecy seems to prevent their employees from leaking dissent externally, so whatever they did, the details aren't public.

Lol. I'm sure Federighi perjured himself because the Apple Cult is just that strong.

[1] https://assets.documentcloud.org/documents/2762131/C-D-Cal-1...

[2] https://www.documentcloud.org/documents/2762118-Federighi-De...


The FBI is a US Government Agency, not China.

And even then, the declaration you quote (made in a US Court case referring to the FBI) was made two years before Apple gave the keys over to China.

Apple has deleted VPN apps from the Chinese store at the request of the Chinese government. They also added a clause to their TOS that allows the state-owned data company to access all user data. When they rolled this out and gave the keys to China, they only gave their users the option to delete their account, not opt out.

I'm sorry to be the one to have to break this to you but Apple is acquiescing with the Chinese government surveillance demands.


>Apple has leverage....

Yes, so much leverage that China regularly forces them to censor the App Store, and forced them to give up control of iCloud in China.

Quite different than say, how Apple handled the FBI demands or AT&T?

What concessions did Apple extract from China with respect to freedom or privacy for the Chinese people that you can point to?

Have they ever gotten VPN reinstated? Can you point to a single instance of Apple even petitioning against the government in Chinese courts?

I’ll go one better: can you find an instance on record of Apple executives like Tim Cook criticizing Chinese government policies like they do the US government? Any instance of push back at all?


Apple definitely has leverage because we now know they have not made any "special accommodations" for China in their products and services. And as far as I know, iMessage remains unblocked unlike other encrypted services like WhatsApp.

That doesn't mean that Apple can do whatever they want. They've had to shut down iBooks and iTunes Movies within months of turning it on. They've had to remove VPN apps and the NYT's app from the App Store.

But they haven't had to fundamentally cripple the security of their products and services. And that's a meaningful concession they've obtained, because they're Apple.

>I’ll go one better: can you find an instance on record of Apple executives like Tim Cook criticizing Chinese government policies like they do the US government? Any instance of push back at all?

We know they pushed back on the data localization regulation because they said so in a statement to Reuters.


That was back in February. Since then there's been some shuffling of the companies who own the servers with the keys so that China now has access.

From July 2018:

>Fast forward to today: China Telecom, a government owned telco, is taking over the iCloud data from Guizhou-Cloud Big Data. This essentially means that a state-owned firm now has access to all the iCloud data China-based users store, such as photos, notes, emails, and text messages.

https://mashable.com/article/china-government-apple-icloud-d...


That report doesn't say that Apple no longer retains control of the keys.


Nobody said that Apple no longer retains control of the keys. The point is that the Chinese government has access to Apple user data and Apple is complicit.


>Nobody said that Apple no longer retains control of the keys. The point is that the Chinese government has access to Apple user data and Apple is complicit.

The Chinese government has the exact same access to Apple user data as before, which is through Apple. Who controls the keys is what matters.


>The Chinese government has the exact same access to Apple user data as before, which is through Apple.

No, the Chinese government now owns the servers with the key storage. They now have access to all the keys and user data at rest.

If the Chinese government is accessing all the user data because they requested Apple to put the user keys on their now-state-owned servers, then why does it matter if Apple controls the keys? You're still splitting hairs.


>No, the Chinese government now owns the servers with the key storage. They now have access to all the keys and user data.

>If the Chinese government is accessing all the user data because they requested Apple to put the user keys on their now-state-owned servers, then why does it matter if Apple controls the keys? You're still splitting hairs.

Apple said literally the opposite of this to Reuters and in this statement to 9to5Mac [1]:

>Last year, we announced that Guizhou on the Cloud Big Data (GCBD) would become the operator of iCloud in China. As we said at the time, we’re committed to continuously improving the user experience, and our partnership with GCBD will allow us improve the speed and reliability of our iCloud services products while also complying with newly passed regulations that cloud services be operated by Chinese companies. Because of our commitment to transparency, there will be a series of customer communications over the course of the next seven weeks to make sure customers are well informed of the coming changes. Apple has strong data privacy and security protections in place and no backdoors will be created into any of our systems.

You seem to think there's some material difference by storing the keys or data in China. There isn't. China's power over Apple comes from the fact that they can block their access to operate in China. It's not technical or legal. Chinese iCloud data was just as vulnerable to requests from the Chinese government when it was stored in the US.

[1] https://9to5mac.com/2018/01/10/apple-will-begin-storing-chin...


You are wrong. Apple merely said "no backdoors will be created into any of our systems".

And no backdoors into any of Apple's systems are necessary because a government-owned company will be operating iCloud, including the keystore.

Apple's terms of service make this very clear:

"You understand and agree that Apple and GCBD will have access to all data that you store on this service"

https://www.apple.com/legal/internet-services/icloud/en/gcbd...


Apple told Reuters that is not what's happening:

>Apple says the joint venture does not mean that China has any kind of “backdoor” into user data and that Apple alone – not its Chinese partner – will control the encryption keys.

https://www.reuters.com/article/us-china-apple-icloud-insigh...


So Apple is saying one thing to the media and another thing in their legally binding customer agreement.

Someone should ask Apple which one it is, because these statements seem completely irreconcilable to me.


Yep - saying there are "no backdoors" isn't the same as giving front door access.


The old mantra: physical access is root access.


> That report doesn't say that Apple no longer retains control of the keys.

Even if it does (which is unclear), do you think Apple will be able to refuse if the Chinese government asks for them? I wouldn't be surprised of "the laws and regulations of China" say that Apple is required to turn them over.


>Even if it does (which is unclear), do you think Apple will be able to refuse if the Chinese government asks for them? I wouldn't be surprised of "the laws and regulations of China" say that Apple is required to turn them over.

Apple says that they respond to valid legal requests, but that isn't any different than when iCloud data was stored in the US. If you thought that Apple would cave to any request for data from the Chinese before, then there's no material difference by storing Chinese iCloud data in China.


Thinking that China doesn't have physical access to servers located on China (with all apple keys on it) is just not how real world works.


https://www.theverge.com/2018/7/18/17587304/apple-icloud-chi...

For iCloud, Apple partnered with a local Chinese entity.


That is because Chinese manufactures still need Apple and Foxconn, iPhones are made (assembled) in China. Once that changes (i. e. in a few years) watch how new regulations will destroy or at least reduce the iPhone business.


Apple has less than 10% of the market share in China.


And it shrinks.

> With only seven million iPhones sold in China during the second quarter of 2018, Apple's market share in the country dropped by 12.5 percent year on year to 6.7 percent, according to a report by the International Data Corporation (IDC)

And you can imagine why is that so.

> Xiaomi pokes fun at Apple with phone, laptop, fitness tracker, and Bluetooth earphones bundles that cost the same as the new iPhones.

Actually mocking the Apple might became the cultural thing in China.

> Huawei has taken the act of mocking the newly launched iPhones to the next level in seemingly funny way. In Singapore, those who were waiting overnight for the release of the iPhone XS and XS Max, were handed power banks by the China-based tech giant. Some people wearing Huawei t-shirts started giving away power banks to the hundreds of people waiting in line to get their hands on the newly announced iPhones. Not just that, there’s a message on the power bank’s box which reads – “Here’s a power bank. You’ll need it. Courtesy of Huawei.”


Mocking Apple? Your example sounds like a good advertising campaign by a competitor not some "pervasive cultural shift".

It's like saying that the EU hated MS when Bill Gates got a pie in the face a few years ago.

Plotting a curve with a single data point...


>Google is selling out for nothing.

I don't understand the notion. Google already censors anything they like with very advanced methods that even provide them with plausible deniability, high specificity etc. And I bet they're better than the Chinese at tracking literally everything you do online and connecting that with your real, offline identity, complete with your entire social network graph, your biometrics, SSN, income, race, personality type, political affiliations etc etc... And they already provide that data to governments upon request. Not a legal request, but an API request.

The only thing I'd want explained about the article is how it would be physically possible to track users more closely than they currently do in the western world.


Censorship is a government action. When people and private companies do it, it's called filtering. There's a world of difference between an individual or company having control over data vs. a government. People and companies with heavy influence can mess things up a quite a bit, sure, but they can't arrest, imprison, sentence or put anyone to death.


Censorship is not at all limited to government action. It is "the suppression or prohibition of any parts of books, films, news, etc. that are considered obscene, politically unacceptable, or a threat to security."

Anybody with suppressional power over information can do it.

"Filtering" is not descriptive of what is happening either, that word trivializes and even gives the action a positive connotation. Filtering removes stuff nobody wants, it cleans, it gets rid of debris and trash.

Beware of word subversion! If you try to make morally bankrupt actions harder to describe depending on the actor then you're attempting speech and thought control.


That world of difference is a very small world given the kind of collusion that goes on these days. In China, it's probably about the size of a desktop globe.


Censorship can also be unofficial, when there is no law for it, but someone from the government unofficially advises that the company should "filter" some information and they comply.


And this time we actually have legitimate, real, censorship to fight.


This is cognitive dissonance. You can create rationalizations for the worst of actions, and that's exactly what this is. The motivation is simply money and growth. China is a huge market that may, in the future, become the single most lucrative market in the world. They want in on this and are willing to toss any values they may have once held to pursue the profit and power potential of this market.


Perhaps they are playing the long game. Actions against their values taken now will give them more power to act in line with their values in the future.


Sure, that must be it.


"Whoever fights monsters should see to it that in the process he does not become a monster." - Nietzsche


In terms of tracking everything and having a file on everyone Google and Western governments are already there. The only saving grace is that they don't use that information all the time to get people in trouble -- but they could, just look at the whole airport security thing. However, in terms of the ability to abuse, they are already well at par with anything China can do. And really it does not matter if they help China or not, China is more than capable of doing it all themselves given enough time. The difference will be that Western companies and governments will be left out of all of that... which to them is not good.


There's a major problem with this. Actions are what decide the values of an individual or a company. Nearly all horrible actions throughout history were certainly rationalized by at least one actor as reasonable and just, if not outright good. I've no doubt that your rationalization is likely similar to the rationalizations that the numerous US companies (IBM, Coke, Ford, Bayer, GM, Chase, etc) used when deciding to aid and support the Nazis.

Of course in hindsight you judge these companies not by their rationalizations, but by their actions. And this is how it should be. Rationalizations or Machiavellianism are ironically myopic. The means (or rationalizations) do not justify the ends. The ends are rarely predictable and often are far different than what we may ever expect. By contrast we live, each and every day, through the direct consequences of the means. Many people find China's actions morally dubious, and Google is now directly engaging in behavior that will, at the minimum, enhance the ability of Chinese authorities to track and 'handle' individuals who run afoul of state interests. These actions are what inform you of Google's values.


Are you certain that's the only way for them to do so? I suspect that smart people could find effective technical means to undermine and circumvent the Great Firewall of China.


It’s not that hard to circumvent actually. Also in major tech companies in China, employees can just use company network to access websites blocked by the firewall. But if you provide that as a service to general public, it’d get shutdown when it get popular


I'm sure hey are actively working to solve that. Some details here are disturbing.

https://www.hrw.org/report/2018/09/09/eradicating-ideologica...


how long do you think china is going to tolerate Google doing that?


Aren't you also forgetting the EU internet?

With GDPR and the "right to be forgotten" censorship?


> there is a Chinese internet and a US internet.

Well, that may supply an alternative to those barred from the US internet, cf. https://news.ycombinator.com/item?id=18043141

It would be fun to watch that develop.


That sounds like a suspiciously confident prediction given the nature of the internet.


> Fact of the matter is that there is a Chinese internet and a US internet.

Sure, that's today. But you'd be crazy if you thought the CPC would be around forever.


Could we discuss at least a little bit that this culture of "I must not be blamed" is toxic ?

Companies must sometimes choose between pest and cholera. Having search in China would let millions of Chinese citizens improve themselves a LOT. It would make Chinese censorship a lot harder as well. It would have pretty damn good effects. A billion people would get access to a LOT of information they don't currently have access to.

And it would collaborate with a criminal regime. You can criticize that ... evil !

Not doing it, while less criticizeable, would imho be more evil.


I dunno, they seemed to be more angry about the Pentagon contract.


Like with any other issue, there are always be haters and supporters. You assume all googlers oppose this ? I'm sure there are still many googlers that are fine to work on this. I'm not googlers but I would have no issue on working with something like this.


I guess we’ll get a new blog post from Pichai about the people he fired because tracking users against their wishes, exposing data against their wishes, and compelling employees to delete their own files “contrary to our basic values and our Code of Conduct.” [0]

Fortunately Google is an ethical company and not hypocritical when it comes to very important issues.

Maybe this will be positive and result in new US law like the foreign corrupt practices act of 1977 [1] that prevents US companies and their subsidiaries from bribing officials in other countries, even when local law allows it. So forcing US companies to follow the minimal US laws protecting privacy even if to comply with other laws will be a net positive for humanity.

[0] https://www.blog.google/outreach-initiatives/diversity/note-...

[1] https://en.wikipedia.org/wiki/Foreign_Corrupt_Practices_Act


Reminds me of this tweet: https://twitter.com/nmgrm/status/1038790691529273345

>programmers get upset about the words “master/slave” in software now, but are happy to keep constructing a global surveillance economy and becoming middle caste


I don't think Sundar is going to have the same response as to Project Maven. It would be hypocritical because he was involved in this project from the beginning. Project Maven, on the other hand, he probably only learned about because of the controversy.

My prediction is that he is going to sick with his version that this was an experiment, the headcount was necessary to fully explore the idea, it became obvious that it wasn't possible to do ethically, Google isn't going to do it.

The real question to me is what this is going to do to Google's internal transparency.


> prevents US companies and their subsidiaries from bribing officials in other countries

That's how US lost Africa, and China acquired it.


While the US certainly lost business because of this, it’s hard to say that they lost Africa when there’s still huge FDI in Africa [0] even compared to China the US had $50B in 2014-the last year I found both country data- vs China’s $32B. FCPA is 40 years old.

China will surpass the US in Africa, but they’ll surpass the US in everything economic, eventually.

[0] https://www.statista.com/statistics/188594/united-states-dir... [1] https://www.brookings.edu/blog/africa-in-focus/2018/07/25/fi...


Disclaimer: I work for Google. I also think that there is an anti-Google bias on hacker news, holding Google to a standard not applied to others and taking any excuse to roll out the same old tired rants in response to almost any Google post (DAE Google Reader etc).

If what I read is true then this is the first thing that has truly rocked my confidence that the company generally tries to do the right thing (while making money of course, we're not a charity). I expect significant internal backlash if they proceed and I hope they learn from this.


https://www.acm.org/membership/google

https://www.acm.org/code-of-ethics

> A computing professional should...

> 4.1 Uphold, promote, and respect the principles of the Code. The future of computing depends on both technical and ethical excellence. Computing professionals should adhere to the principles of the Code and contribute to improving them. Computing professionals who recognize breaches of the Code should take actions to resolve the ethical issues they recognize, including, when reasonable, expressing their concern to the person or persons thought to be violating the Code.

> 4.2 Treat violations of the Code as inconsistent with membership in the ACM. Each ACM member should encourage and support adherence by all computing professionals regardless of ACM membership. ACM members who recognize a breach of the Code should consider reporting the violation to the ACM, which may result in remedial action as specified in the ACM's Code of Ethics and Professional Conduct Enforcement Policy.

Please voice your concern. Your voice as a Googler is louder than mine.


"I also think that there is an anti-Google bias on hacker news".

Nah mate. When a company isn't paying me, I am unrestrictedly free to be objective.

The problem, with companies (and with mafia, etc) starts once you take the money.

So, from that perspective, what you read from most of us, is more objective than anything you read on your internal mailing lists.

We, unlike your HR, don't care about morale, perception and corporate tracking pixels of stuff one isn't supposed to see or read.

HN crowd for the most part are smart and informed people. So, don't look at it as bias, look at it as assessment.


So are you as critical with every other company that does business in China. Are you gonna throw out half of the products in your house which are Made In China? Are you also criticizing Apple and Tesla for doing business in China?


It isn't just about doing business in China, but the nature of the business (and propping up the Chinese regime).

Apple have had plenty of stick about their practices too. I think they just have too many diehard followers that the negative information gets drowned out by the positive.

I think there's a perception that Google is the one company that many people are (or were) supportive of, because of their past stance with regard to China. Google's former motto of "Don't be evil" convinced a lot of people that they have strong ethical standards. This may have been true in the early days. To me, it has not been true ever since Schmidt became CEO. I've been actively avoiding Google as much as possible since around 2005, because it was glaringly obvious even then that they were out to destroy privacy.

I also avoid Apple. Never liked their software, and they have pretty much the same problems wrt privacy.


"The problem, with companies (and with mafia, etc) starts once you take the money."

So true!


The problem is then compounded by stock options.


A couple of months ago there was a post on the frontpage about some Google service being redesign. All the top comments about it found some non-obvious negative spin on it. That was the time when it became obvious to me how strong the anti-Google sentiment had become at HN.

Look no further than this page. The top comment compares the Chinese Government's surveillance with being forced to sign into Chrome. There would have been a lot more interesting intellectual discussions to be had about this topic: China, corporate responsibility, are the Chinese better off with just Baidu...


It is just a reflection of the accumulated negative sentiment. If you categorize the users, on one end, you'd have a group that would complain about the redesign (but not care about world hunger as a problem, because it doesn't affect them), and on the other the egalitarian crowd that would react to Google's motives more than Google's moves (in China or elsewhere). Lately, it looks like Google is actively trying to alienate anything inside the user spectrum in search for profits.

Unfortunately we can't reach an engaging intellectual discussion on this. In the same way we can't about North Korea dedication about giving up the nukes, or women being able to drive in Saudi Arabia, because people are starving in family prisons and are being hanged and skinned alive, in 2018.

Sometimes the overall picture obscures the interesting intricate details, and as humans are emotional souls, in a very survivalist fashion, they react to what threatens them the most.


> holding Google to a standard not applied to others

When Microsoft was deemed "evil" under Balmer, Google acted like it was a "cool startup which didn't do evil" and used that positive PR to grow as they were seen more "ethical" than the competition. That's why they are held to higher standards today.

Microsoft for instance never claimed they had any sort of moral compass other than the morals of making money.


Now that Microsoft is the underdog they are claiming exactly that. https://www.nytimes.com/2018/05/07/technology/microsoft-mora...


I also think that there is an anti-Google bias on hacker news

I think you are correct. But I don't think it's people being anti-Google because it's Google, or tribalism, or whatever. It's people being anti-bad things, and Google has evolved into a bad thing.


A bias is defined as an unfair leaning towards one opinion regardless of stimulus. If you're saying that Google is being evaluated fairly, you are disagreeing with the parent's claim that HN is biased.


HN isn't biased, but it is an interesting example of collective hypocrisy without any individual changing their mind.

Google is and always has been a privacy disaster waiting to happen, and we know lack of privacy and bad government are a potentially lethal (in the strictest and most literal sense!).

Historically, there has been a strong pro-Google bias in the tech sector that ignores this, possibly because of all the cool technical work they do. Still exists in my opinion, I've talked to techies who don't seem to realise that Google is an advertising company.

The current process is all the pro-technical-coolness people going quiet and all the pro-privacy people speaking up because Google has started to make poor decisions.


While I cannot speak for user comments after this one, nobody is referencing Google Reader here. The stakes are higher here than general "Google ain't what they was back in the Good Old Days", they are "People could be detained, tortured, (please just be hyperbole...) killed because of searches they made that were tracked by this Google Joint Venture and handed over to a repressive government".


But that's kind of my point. This is substantively different and is pretty serious. And no, I haven't seen any particularly unreasonable comments in this thread.


So, here's an honest question: How do they find people to work on these products if the general consensus is that this is a bad thing to do? How do they keep word of these projects from spreading within the company?

It seems if enough people feel strongly about this, then at least one would quit after being assigned to this project, and even if there's an NDA and they can't relate the details of why they quit, it would be alarming enough to say "I felt compelled to quit because I could not in good conscience work on the project I was assigned." I'm not sure an NDA can protect against something like that.


"(1) A major corporation is like a construction set. It can be used to put together the whole world. (2) Because of the growing division of labor, many people no longer recognize the role they play in producing mass destruction. (3) That which is manufactured in the end is the product of the workers, students, and engineers."

This last thesis is illustrated with an alarmingly clear image. The same actor, each time at a washroom sink, introduces himself as a worker, a student, an engineer. As an engineer, carrying a vacuum cleaner in one hand and a machine gun in the other, he says, "I am an engineer and I work for an electrical corporation. The workers think we produce vacuum cleaners. The students think we make machine guns. This vacuum cleaner can be a valuable weapon. This machine gun can be a useful household appliance. What we produce is the product of the workers, students, and engineers."

From an introduction to Harun Farocki's "Inextinguishable Fire": https://www.harunfarocki.de/films/1960s/1969/inextinguishabl...


The suggestion from the link is that some people involved didn't fully understand what they were working on. And obviously they weren't able to keep word spreading in this case.

But obviously a number of people must have known. I don't know how they approach and recruit these people, it's above my paygrade.


You just get asked to work on project blah. And you're like okay, what do I do? Figure out this system for them, okay. And you work and focus on the technical details.

I mean, I really appreciate all of you who seem to dig in and dive into the what and why of every system you work on, but I often just do work. I get tunnel vision and do the things I have to do. I don't really care about much outside of that spectrum unless it impacts what I have to accomplish.


Oh, I do that too-- especially those times I have to drill down several layers deep into the ugly undocumented guts of an abstraction some other developer left knots in.

But somehow I never climb back out to find the bug I just fixed is part of a giant censorship machine.

Are you saying there is a greater than zero chance that you've accidentally done work on a similarly unethical system?


I've worked on something that I didn't realize was... perhaps not in the sphere of things I want to work on for 1 year.

When you're focused on technical details, cost evaluations, etc, you're not exactly thinking about what the thing is used for, or why. At least, I wasn't and I assume it works the same way for others.

It's really easy to just get assigned to a project, and start working on it.


Just some editorial advice: put the lede in the first paragraph. The disclaimer should be lightened up, unless that's what you want people to engage with.

Edit: I wrote this because I was sad that people were arguing with the disclaimer, not the author's more substantive point. I don't mean to be patronizing or condescending in any way.


Agreed, reading that comment has made me re-think how I scan and react before taking everything in.


It's true. The google group in question is still active and visible to any Google employee.

However, you should put this in perspective. Google is still one of the most transparent companies of its size. People intentionally collected and shared high sensitive company information. At most companies, security would show up at the desk of everyone involved in this with a box to pack their stuff. At Google, they got an email which asked them to delete the document.

Also, keep in mind that we are talking about a project that is not launched, probably never will be and, if you give Google's leadership the benefit of the doubt, was never going to be.


> Disclaimer: I work for Google. I also think that there is an anti-Google bias on hacker news, holding Google to a standard not applied to others and taking any excuse to roll out the same old tired rants in response to almost any Google post (DAE Google Reader etc).

I hate to break this to you, but the anti-Google bias is well beyond HN. Google is pissing off conservatives who think you censor them, civil rights activists who are being ignored, privacy activists who want Google to be accountable, regular users who simply can't figure out how to get Google to stop tracking them, developers who go unheard on your message boards, influencers who are tired of Google unilaterally imposing their will on the internet (coughAMPcough), and a ration of other people who are just tired of Google having it's nose in literally everything they touch.

Google is held to the standard it wants to be held to. You think Project Zero can just go around blackmailing competitors forever without eventually pissing someone off? When was the last time Microsoft or Apple publicly disclosed a Google Zero Day? Google does that all the time.

You can't try to maintain 99% market share in search and not expect people to hold you to a high standard. Google put itself here and now has it in it's collective head that it's "too big and important to fail."

Even you are going around the internet saying that Google can do no wrong despite being confronted with an endless stream of evidence proving otherwise. LISTEN. TO. PEOPLE.


> When was the last time Microsoft or Apple publicly disclosed a Google Zero Day?

Microsoft and Apple don't have as good of a pentesting team. PZ publishes exploits that affect Google software all the time.


Is this the Google complaint line? I didn't know this existed! I'd like to complain about the stupid "Al Jazeera is funded in whole or in part by the Qatari government", "teleSUR is funded in whole or in part by the Latin American government" [where is the capital of that government?], etc. messages I have to see every time I watch a trustworthy news program. Why don't those messages show up when viewing dreck like CNN and Fox News?


> If what I read is true then this is the first thing that has truly rocked my confidence that the company generally tries to do the right thing

Officially removing "Don't be evil" wasn't enough of a hint for you?



https://www.fastcompany.com/3056389/why-google-was-smart-to-...

Not really misinformation, thanks for sticking up for a helpless company though.


If a literal link to their code of conduct with the motto in tact isn't enough to convince you, then I don't see what will. You're free to keep spreading misinformation as you please.


Genuine question: why is there not more outrage over Bing working in China? Surely there's as much user tracking/censorship as Google is doing?


Microsoft and Bing never started with the mantra of "Don't be evil". Microsoft also has a much more established history of working with different government agencies and foreign governments. The perceived contrast from what people expect from Google and what Google is doing now is just that much more glaring/obvious.


Yep claiming to be a force for good when behaving like an amoral organization only concerned with profit optimization is what irks people.

pretending to be something you aren't is whats frustrating


And that is part of the reason why Microsoft has been hated/less trusted than Google for so long (and still is).

Google is making a very big mistake ruining this image and supposedly core principles with the actions it's been taking in the past couple of years. They won't recover for decades from this, just like Microsoft still hasn't fully.

Google's "Don't be evil" has been a huge branding asset, but it seems Google has been too eager to step all over it and throw it in the garbage lately. I wonder if it will be worth it. I hope it won't be.

These days I distrust almost every move Google makes by default, and I imagine there is a growing number of people like me. Google may think "eh, so what, we'll just lose a few percent of our users, but gain all of those juicy killer machines and censorship contracts instead," but now people like me will also be first in line to support governmental action against the company (GDPR, etc), while before I would've been the first in line to defend it. So Google won't be losing just users or even advocates, but it's also turning them into vocal enemies - all in the name of continuing to grow those quarterly profits.


> These days I distrust almost every move Google makes by default, and I imagine there is a growing number of people like me.

Google has lost its way, not just with this, but with AMP/Chrome/URLs, and their impending destruction of one of the great achievements of modern technology -- the decentralized, open WWW. The Web was always under attack but to see the fatal blows delivered by Google is very depressing.

I've already removed Facebook's companies entirely from my life. This year, I'm working on moving away from Google as much as possible.


The Web would have been dead no matter what Google did. Its death was as inevitable as any human's - just a matter of which organs fail, in what order, and when.

If there's one thing we can learn from all this, it's that decentralization of a network is best understood as a temporary process for electing the monopoly node(s).


The Web is not dead yet, and its death is not inevitable. It has been under attack since at least the days of America Online, and it survived that. Google's market share with the browser (all Chromium-based browsers) puts them in a position where they might succeed in destroying it this time. I wouldn't give up completely just yet. People need to speak up, including Google employees. Other companies like Automattic and Cloudflare need to stop enabling schemes like AMP. Large content publishers should say "no" to AMP, because it is not in their long-term best interests. A visit to a restricted shell of your content on someone else's AMP server/cache is not a real visit to your website.


Google has not lost their way. They walked away from billions in China when the government tried to hack Gmail accounts. Google made it so ALL people can afford a smartphone not just the rich like Apple.

Apple on the other hand

https://www.amnesty.org/en/latest/news/2018/03/apple-privacy... Campaign targets Apple over privacy betrayal for Chinese iCloud ...


Smartphones are not necessarily good things. I think they are damaging attention[1] and causing a lot of negative effects on society (social media, fake information, etc.). Humans shouldn't be online at all times.

[1] https://hbr.org/2018/03/having-your-smartphone-nearby-takes-...


They did it for a reason -- to sell ads. If they truly wanted it so people could afford it, they'd not be making billions of profits each year. They give you things for free at the cost of your privacy. Apple otoh is upfront about it.


> support governmental action against the company (GDPR, etc)

The GDPR is a hugely pro-Google law. Large corporations can easily afford to wade through its complexity to find ways to comply that do not have a meaningful impact on profits, up to and including getting the law changed, if necessary, ideally by making it more complex.

Their smaller competitors can't.


I think it is just due to the fact that Google has such a massive market share. In comparison, Bing seems pretty insignificant and would make less of an impact.


Some at Microsoft, especially foreigners working in China, had some issues about it, but Microsoft has always been really consistent about how it operates in China, which, for better or worse, has always been close to the desires of the Chinese government.


this is one of the reasons why I left MS working on Bing (though, not the most important at that time)


Everyone knows that Microsoft has no backbone though.


>Emails demanding deletion of the memo contained “pixel trackers” that notified human resource managers when their messages had been read, recipients determined.

This seems like the worst part (not that the rest is not bad), anyone has an idea of what this "pixel trackers" are and how they actually work?


Pixel trackers are invisible images which are the size of a single pixel hidden within a given email (Not visible in most mail clients). These images are sourced from a unique url (unique per email address) which when accessed are tracked by the web service as a view of a given email from a given individual. These are usually used in marketing emails to see how effective their campaigns are.

more info @ https://en.ryte.com/wiki/Tracking_Pixel


Pixel trackers are just small embedded images in the email that when they are fetched from a server, the server logs it. Pretty simple way to track whether or not someone has opened an email. It's my understanding that gmail however downloads all images and then serves them from Google servers to avoid this issue entirely.

Traditional email clients like Outlook/Thunderbird are susceptible to this kind of attack. That's why they often ask you before loading images.

https://smallbusiness.chron.com/set-email-tracking-pixel-493...


All Google does is proxy the images to hide your IP address. The images are proxied on-read so read receipts are still being leaked.

A Google employee has confirmed to me that they tested killing email read receipts but it was shelved as it broke too many partner integrations.


Variants of "pixel trackers" still work fine on Gmail despite this. To this day a lot of marketing, recruiters and others are tracking when you open their message on Gmail.


How are these variants working? Curious about how they are getting around google hitting all of them.


I assume Google doesn't request the image until the email is opened.


Even with images disabled?


No, disabling images breaks pixel tracking. One way to quickly sanity check a mail client's priorities is whether it gives you the option to disable images by default.

Some clients that don't allow you to disable by default: Polymail, Gmail on iOS, Inbox (Google) on IOS

If it's free, you're the product...


Ha I thought you were wrong, but it turns out that indeed, you can disable image loading in the Gmail Web interface, in the Android app, but not on iOS: https://support.google.com/mail/answer/145919?co=GENIE.Platf...


This is the reason why you never enable images in your email client.

Gmail sucks a bit because it always enables certain images in email and that means that google pixel trackers are really hard to block if you use google mail. If I were an employee, I’d switch to a non-google email client.

The privacy issue is problematic, but their functionality is also buggy. Untrained users will misinterpret them as they can get triggered by previews or other functions beyond just reading the message.


Do you mean desktop Gmail enables certain images, even if you disable images by default? That's news to me, can you give examples of some sites for whose emails this is true?


I mean gmail.com accessed via browser.


Just want to throw out that pixel trackers are EXTREMELY common - you probably have an insane amount in your inbox now and a lot of email software uses them by default. Not saying this is okay, just giving that context.


I turn off downloading images by default. They'll have to work harder to know if I read my email.


At one time gmail went ahead and fetched the images anyway, but didn't display them. The tracking still could record the "open event" although it didn't get a hit directly from the user's browser, rather through Google's image cache server.

I don't know if that's still the case.


> At one time gmail went ahead and fetched the images anyway, but didn't display them.

SMH. I read things like this and I really just hope the internet implodes one day.


The hypocrisy of Google embedding pixel trackers to monitor their own employees while forbidding external images in their gmail service to prevent companies trying to abuse users with pixel trackers is painfully blatant.

Do as I say, but my company is super special so we'll just do whatever we feel like.


Probably something like <img src="http://google.com/pixel.gif?mailid=23949129"> in a mail. When you download the image, Google knows you have read the mail.


> This seems like the worst part (not that the rest is not bad), anyone has an idea of what this "pixel trackers" are and how they actually work?

This is very old tech. "Invisible" image linked to a url. Pretty much every ad email has pixel trackers for data ( impressions, etc ). It's used heavily in marketing.

Not sure why google would use such primitive tech. There are better ways to verify that an message has been opened and read.


can you share some alternatives? My email client blocks images, but I would like to learn about other methods that are being used to improve privacy


It's a small transparent pixel loaded from a website (assuming the email client loads HTML). I'd make a unique image called mywebsite.com/jaclaz_read.png and when that image was loaded I'd know you read my email.


I see, never knew they were called "pixel trackers".

I am particularly "old style", I know, but I tend to use not whenever possible email clients that load the html, so an old habit turns out to be also (at least partially) "safer".


In large companies like this you rarely get a choice for which email client you are allowed to use, or a say in which software you are allowed to install.


Yep, I can understand that, but I thought that this was an elite, a subset of high rank developers that surely (or at least I would hope so) could have a bit more of leeway by the management and/or be capable of work around this kind of nonsense.

Of course in the US a lot of practices revolving around "controlling employees" are allowed and even considered "normal" whilst in Europe they are seriously frown upon.


That seems so odd. Doesn't Google's corporate email system have read receipts like Microsoft Outlook?


Worse than knowing they had been read is that fact that it can (and was probably intended to) detect who may have leaked the email if it made it to the outside, who is was leaked to, and how far it had spread.


You must be young.

    <img src=“https://internal.google.com/track” width=“1” height=“1” />


> “Leadership misled engineers working on [Dragonfly] about the nature of their work, depriving them of moral agency,” said a Google employee who read the memo.

Lying to our own colleagues now are we? The end justifies the means I guess. Wait, what was the end again?


"Oh, what a tangled web we weave, when first we practice to deceive..."


No offense, but Google is gonna launch that search engine regardless. Even if it's gonna have to outsource coding to China itself.


How does that justify lying about it?

If you're going to lie to your colleagues better have a very good reason ready. "They won't help me if they knew the truth" is not a good reason.


Well sure, they censor/manipulate their users, why wouldn’t they do the same to their employees?


That fiasco earlier this year with James Damore comes to mind.


Damore was fired for perpetuating gender stereotypes. Even he confirmed it. That isn't unique to Google, and employee policy is not manipulation of search results.


Do you have a source of him confirming it? Genuinely curious. I'm just going off of his interview with Joe Rogan.


>Damore has confirmed to multiple outlets that he was terminated for “perpetuating gender stereotypes.”

https://www.vox.com/identities/2017/8/8/16106728/google-fire...


Ok thanks, I think I misunderstood what you were saying.

I thought you meant that he went on record saying something like "I'm perpetuating gender stereotypes".

Instead, it looks like he's just confirmed that Google thought he was perpetuating gender stereotypes, and that's what he was fired for, which is no surprise.


It doesn't really matter what he thinks he did, because NLRB deemed it a legal reason for firing him. It's not unique to Google, and considering he's suing for discrimination against white conservative men I don't think his lawyer would let him say something like that anyways.


I mean, he did go on record saying "I'm perpetuating gender stereotypes" by virtue of writing that memo.


Not at all equivalent.


You do realize that anything you do for your employer belongs to your employer? And that protecting trade secrets is part of practically every employer agreement?

There are whistleblower exceptions, but generally, if you can't be trusted to keep secrets, you're not a professional.


This is whistleblowing.


Whistleblowing only applies to things that are illegal. Just because you have a personal objection to something doesn't mean you can leak whatever you want.


Just to be clear, you're saying that it is unprofessional to tell the press if you know your colleagues aided in the torture and imprisonment of a dissident?


Google is doing what already happens in China. What if the torturer used Google to look up torturing techniques? We should just leak all of their source code. To go even further, the taxes China collects the imports you buy may be paying the torturer. I'm going to need you to give all your credit card information for me to make sure.


No, sorry, you can't evade moral culpability like that. Congress was correct to call Yahoo's actions regarding Shi Tao "inexcusably negligent behavior at best, and deliberately deceptive behavior at worst".


Dragonfly is about as far removed from Shi Tao as your Chinese import purchases. And since when has Congress having a vocal opinion on anything ever been anything but pandering to their voters?


Having a plan to directly feed the Chinese search and user data is very far from "removed".

Why do they have that plan? Because there is absolutely zero chance china would allow them to operate without it.


That's unclear. Google hasn't launched, so they haven't done anything wrong yet, as far as users in China are concerned. This is all internal politics, which seems to be getting increasingly nasty.


If you leak your company's plans to rob a bank to the press, you're still a whistleblower, even if the bank hasn't been robbed yet. Whistleblowers are under no moral or professional obligation to let people become victims before coming forward.

If supplying search history to a government known to imprison or torture dissidents is an immoral activity, then bringing it to light is whistleblowing. You can make a cogent argument that it's morally fine to do that, but you can't simultaneously say that facilitating spying is immoral and that it's unprofessional/immoral to reveal plans to that effect.


That would be a better argument if they were planning to do something illegal.


I readily acknowledge that it is perfectly legal to aid the PRC in imprisoning and torturing dissidents.


You keep making these arguments using hyperbolic examples that have little or nothing to do with what Google might (depending on how the internal politics work out) end up launching.

Predicting the future is tricky, particularly when it involves the decisions of complicated political processes where the decision-makers (most likely) disagree. Plans often change. We can't possibly know what they're going to do. Maybe nothing; plenty of large corporate projects never launch.


It's not hyperbole when this literally happened to Shi Tao, right down to the torture and imprisonment facilitated by Yahoo. This isn't some conspiracy theory: it's well-documented.

I certainly hope that Google doesn't follow the same path! But US tech companies have been complicit in human rights abuses in the past, so the public has every reason to remain vigilant.


Do you really think PRC torturing and imprisoning dissidents is hyperbole? Really?


Yes. Of course terrible things do happen in China. But the assumption that Google's product will cause this to happen is currently just someone's imagination.

The product hasn't launched yet, might not ever launch, and we don't know how the product will work if it did launch. I'd hope they're thinking about how to make sure nobody gets in trouble, but we currently don't know what precautions they came up with.

There are lots of companies working in China. We know of one incident involving Yahoo. Do we assume without evidence that any other companies working there have caused dissidents to be tortured?


That is the weakest, most cowardly response you could ever give.


> A computing professional has an additional obligation to report any signs of system risks that might result in harm. If leaders do not act to curtail or mitigate such risks, it may be necessary to "blow the whistle" to reduce potential harm.

Leadership was actively advancing the project and promoting obscurity / secrecy. Sundar did not act to mitigate risks of harm to free information and dissidents. People were not given enough clarity to make good moral decisions.

The entire project reeks of a top-down ethics violation. You can't with a straight face introduce AI ethics guidelines, while you have backdoor meetings with need-to-know engineers building a surveillance and information manipulation system.

An objective party within Google should work hard to protect Google's values. To me, an outsider, Sundar can't be trusted anymore on responsible ethical AI (and by extension: AI itself). Probably some misaligned incentives there.

> As a leader in AI, we feel a deep responsibility to get this right.

So get it right. Start by fixing the wrongs and keeping consistency with your messaging.

Or tell me how the planning of a opaquely censored, dragnetted, privacy-intruding, and authoritarian-friendly search platform is consistent with:

1. Be socially beneficial.

2. Avoid creating or reinforcing unfair bias.

3. Be built and tested for safety.

4. Be accountable to people.

5. Incorporate privacy design principles.

7. Be made available for uses that accord with these principles.

We will work to limit potentially harmful or abusive applications.

We will not design or deploy AI in the following application areas:

Technologies that cause or are likely to cause overall harm. Where there is a material risk of harm, we will proceed only where we believe that the benefits substantially outweigh the risks, and will incorporate appropriate safety constraints.

Weapons or other technologies whose principal purpose or implementation is to cause or directly facilitate injury to people.

Technologies that gather or use information for surveillance violating internationally accepted norms.

Technologies whose purpose contravenes widely accepted principles of international law and human rights.

The only thing consistent with the AI ethics guidelines (a plan going forward, already abandoned on release) is the pledge to technical excellence. I am sure, as the leader in Search, that Google is able to build a fine custom solution for the Chinese government.


Honestly at this point I wonder how much there is between what US agents can do with a FISA warrant and what Chinese agents can do with their surveillance - if there is a difference it’ll be pretty small I imagine.

I’m not trying to justify Dragonfly but just pointing out that tech companies are being pushed into more censorship and tracking by governments all over the world.


Are there major Chinese companies currently investing in the development of systems specifically tailored to help total surveillance of US citizens by the US government?


This whole thing feels like it's going to hit Google straight in the face like a ton of bricks.

At a minimum there is some serious streisand effect potential.


> This whole thing feels like it's going to hit Google straight in the face like a ton of bricks.

Does it? I feel like Google has been doing similar stuff for a long time and nobody really cares.


I don't think so. Half of US's electorate already see Google as hypocrite. Only ones will be truly annoyed is a certain fraction of its own employees.


Computers are magic.

Half of the US electorate is completely ignorant about what's going on. The people that do know have no sway over a self-serving Congress.


That would be really horrible, living in a country where Google functions as a quasi-government entity consolidating everyone's access to useful resources on the WAN and tracking users, on some secret police's behalf, under the guise of marketing.

Who can even imagine such a thing.


Why is there no such outrage over google closely tacking search users in America?


Because Google doesn't come to your house, take you in for questioning and then pressuring you into confessing that you did something wrong which disturbed civil order.

Stories about what happens in China: https://chinachange.org/


You're absolutely right. We take people from other countries and put them in a facility on Cuba and deny them their rights. We treat our own citizens better, and enforce these same standards on China because we must Make America Great Again.

Here's Last Week Tonight's recent episode focusing on forced confessions in the US: https://www.youtube.com/watch?v=ET_b78GSBUs

HBO's miniseries "The Night Of" is a great look into the inner workings of the US justice system, and how it's designed to get people to take plea deals (aka forced confession): https://www.usatoday.com/story/life/tv/2016/07/10/the-night-...

The fact that you bring up these essentially sovereign nation internal issues as if they are fundamental transgressions against human rights (which maybe they are) while ignoring rights violations under your own nose, shows that your perspective on these issues is highly underdeveloped.

China has many problems, and I'm sure forced confessions are probably a larger problem over there than in the US, but for the most part their citizens don't need armchair observers to fight for their rights. They don't need proselytizers, evangelists, or colonists either.


Isn't it nice how we can have TV shows that point out the problems in the US while also being filmed, financed and distributed within the US. John Oliver would have been deported if he did the same in China.


They would still send your data to the government when there is a subpoena I suppose


If they didn't comply with subpoenas, people would be complaining that Google thought it was above the law.


It does seem there’s little difference from what they’re trying to do in China then.


There's a massive difference. Complying with subpoenas is not the same as giving the government on-tap access to all data at their leisure. And for all the US's problems, the rule of law and respect for the rights of citizen's and responsibilities of the state toward them in the administration of justice is leaps and bounds better and more transparent in the United States.


if you say so..


There is a big relationship between Google and the US government for the sake of retrieving user information and logs for legal purposes.


Ryan Gallagher seems to own this story like John Carreyrou did Theranos. Pretty much every scoop about Dragonfly has been reported by him.


I began working on the Google DoubleClick Mozilla essay earlier in the year, though I am not as famous.


Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: