Seriously don't know why anyone is surprised that a browser built by an ad-tech company pushes the user tracking tech of that company.
Just use Firefox and have done with it - there's been a series of these kinds of posts over the last couple of days with people suggesting insane workaround hacks instead of just changing their browser.
P.S. if you keep chrome because some websites only work properly there, maybe y'all should follow standards at work instead of targeting a proprietary browser like its 2001/IE6 again.
Dropping chrome is not enough. Switch to bing (Just as good as G), or ddg if you really want. Then ditch android which is the spy in your pocket. If you're installing G analytics for clients then choose an alternative (I'm open to suggestions here).
It's really time to disentangle ourselves from google. They've quietly and effectively insinuated themselves across the web. Enough is enough.
If you have your own server somewhere or access to such managed by someone you trust may I suggest using a meta-search engine like Searx [1] instead? That way you get to swat a whole cloud of flies in one fell swoop:
1: no personal tracking or profiling data for the search providers
2: no 'personalised' search
3: search results from several providers condensed into one list, i.e. more results for the same query
You can also use one of the public Searx instances [2] if you trust them enough not to do their own profiling. By default Searx does not use cookies but there are other ways of tracking individual browsers so that is not a guarantee for tracking-free browsing.
I'll second the recommendation of Searx - I appreciate DDG, but it has noticeably worse search performance (relevance of results etc) than Google, while Searx, being a metasearch engine, provides high-quality results but still maintains privacy.
I really wish iOS allowed for custom search engines, it's hard coded to just google, yahoo, bing, and duckduckgo because then that would allow for this roll-your-own pattern to be accessible when on the phone / tablet (if using an iPhone/iPad).
It's only Safari on iOS that doesn't let you change search engines. If you install Firefox you can install any search engine you want and you can customize the search URL. It still uses the Safari engine under the hood, but the user facing bits are a condensed version of desktop Firefox, including tracking protection and sync.
Bing is nowhere near "(Just as good as G)". If it was, a lot more people would have already switched. As of now, it's surprisingly behind Google in almost all but the most basic searches.
Not really, Google has pushed the "relevancy customization" to it's extreme limit and the conclusion of this process is search results that are often just garbage.
Not just in the filter bubble sense of keeping out any info that the targeted user might find unpleasant, but also in the sense that "we don't surface anything outside of very recent, very mainstream, large corporate sites" even when that's exactly what I don't want to sift through on a given search.
It's a real pain if you're trying to do research in a niche area or in an academic field that isn't hip and popular, if you're not in the 90% bracket of the distribution results for what people click on you just don't exist on Google anymore.
This phenomena is most obvious when you're searching for something that you know still exists on the web, you can remember it being a top result years ago, but has now been effectively eliminated from the results because it's not sitting on the domain of a large corporation. Bing will still surface these sites, at least for now.
> Not really, Google has pushed the "relevancy customization" to it's extreme limit and the conclusion of this process is search results that are often just garbage.
> Not just in the filter bubble sense of keeping out any info that the targeted user might find unpleasant, but also in the sense that "we don't surface anything outside of very recent, very mainstream, large corporate sites" even when that's exactly what I don't want to sift through on a given search.
I think this is why many people perceive Google Search to be "better." Those people are mainly looking for mainstream topics on a small number of mainstream sites, and Google has heavily biased their algorithm in that direction.
> It's a real pain if you're trying to do research in a niche area or in an academic field that isn't hip and popular, if you're not in the 90% bracket of the distribution results for what people click on you just don't exist on Google anymore.
> This phenomena is most obvious when you're searching for something that you know still exists on the web, you can remember it being a top result years ago, but has now been effectively eliminated from the results because it's not sitting on the domain of a large corporation. Bing will still surface these sites, at least for now.
I first tried DDG years ago. It really wasn't great. The results and astetics were not up to snuff. I went back to google. About a year ago I decided to try DDG again. I've been using DDG ever since. Maybe once a month I'll google something. I use chrome only for google products like gmail.
DDG sucks and hasn’t really improved at all. I’ve used it for a longtime but I use bangs endlessly. Unless you can provide some quantifiable metric to prove its “getting better” then it’s delusion getting the better of you.
DDG uses other search engines for results (such as bing), so unless you agree Bing is improving, it’s just a placebo.
DDG is only useful because we can all fall back on g!. It’s sad but true. There is still no substitution for Google search.
Indeed, DDG usually gives better results for me because it second-guesses precise search terms less than Google, and because its instant answers from sites like StackOverflow are high quality.
The one place it's really currently lacking is in rejection of spam sites.
To me, it comes across like a skewed, disproportionately-negative cognitive distortion, of what I won't speculate because I won't armchair/keyboard psychoanalyze.
Back the fatalism FUD truck up from going off the cliff with baseless, whiny negativity...
DDG is so good that I use GOOG maybe once a year as a secondary search engine. And I started with GS since it had a comically-terrible interface in 2000. I switched because they went evil and DDG was more than good enough being privacy-focused. The !bang searches are a big innovation and timesaver that sealed the deal.
That's kind of how I feel about DDG but am concerned that they don't offer the privacy they promise since they aren't open source and are hosted on AWS. Feel free to try something I created....jivesearch.com. You can get all the !bangs they have.
I find you have to train yourself to use DDG a bit. For example when I'm searching something JavaScript-centric but is a language agnostic concept, I have to prefix it with "javascript" whereas Google can already guess the context. On the plus side It helps you stay aware of the world outside your own! I find DDG's hashbangs incredible useful e.g. `!bi whales` (bing image search: whale) when it doesn't deliver.
I use DDG as default search for little over a year now. Mostly I am quite happy with it, and do not have to fall back to Google.
But for some searches I do have to do that. E.g. searching for a HN discussion from the last week: usually no hit. Also image and video search yield surprisingly little results. This last thing is my biggest complaint on DDG.
You would be surprised. I am using Bing alone for over a year and had to use google for 2-3 cases at max. Agreed google sometimes return different results, but you cannot say it's better, especially if you are used to seeing Bing results. I would suggest you try Bing for a month and go to google if you cannot absolutely find anything in Bing.
I switched my default search engine to Bing on my phone (when AMP started to become a thing) and it's been great.
I do still use Google on my work PC, because it knows I'm a C++ programmer and can show more relevant results. I am against the direction tracking is going, but it is useful in some cases.
Hi Vanadium....I'm a journalist and saw a post of yours on an older HN thread that I was hoping to ask you about. Any chance you'd be willing to connect so I can share details about me and what I'm working on? Cell is 847-380-0751
Programming queries, that too only occassionally. And also recently I had an issue with my MacBook Pro and Google showed the more forum answers and more accurately.
I think people are just used to a certain page, just like they are/were used to their favorite local news station. I doubt most people periodically run tests to see which search engines return the most relevant results for them.
Plus, people know that google search is the best, so why use something else? The problem is that they seem to "know" in the same sense that they know Kleenex are the best tissues; its all marketing.
Some people might do that (not care enough to try). That's not what I mean specifically. I did go back and I did try, again and again. Bing just misses so much of the context of each query, does not understand to switch context based on some specific keyword like "ubuntu"vs"linux", etc. etc. It does not understand my half-articulated searches, - in which Google just shines because it thinks the rest of the thought for me and gets the result I really want and am looking for, usually on the first page of results.
This is not about liking the visual style of the webpage(google vs bing) or how it looks. This is about quality of results and me saving time.
This is not about me being lazy not doing "good search queries". If I can search google and get a result in 5 seconds, why would I spend 1 minute figuring out the best way to phrase something, then 3 more minutes trying different things that Bing would understand? I know there is enough information in my search, because Google understands it. Why should I add more words to it (and sometimes operators) for Bing to get it? Why should I waste my time for no reason? This does not hinder my thinking ability. It's just that Google is so good that it knows what I am thinking before I am completely done with formulating the thought. Damn, sometimes I am on a wikipedia page, I stumble upon a 4-word term unknown to me in that page, I start typing it and Google knows after 2 letters, it shows the whole complete term as a suggestion! And this happens with terms starting with very common words, so it's very likely that google just knows that most people google that exact thing after going to the Wikipedia page (since google sends me to wikipedia page from the beginning). When Bing will do these little things to aid my work, I will gladly switch.
I did try, and I do wish that Bing will get better. Right now it is simply not.
(Yes, I know there are privacy implications, and those suck. But we were talking about quality of searching...)
Really? It seems to work for me for all but the most intricate searches. Recently I’ve noticed the first page of google results is getting a bit useless from all the SEO pushing commercial results to the top—ideally I’d want to filter out businesses from results. I don’t see this happening any time soon, unfortunately.
Finally, the quality of search results is mildly subjective the closer you get to “keyword search” and away from “text search”. Google handles this scenario the best interface wise, but quality it seems to have been going down since they introduced the knowledge base—too many unrelated bits of information being pulled in without being asked for.
This is visible in both the results and in the logs of any large, complex website. You'll see Bing requesting things which shouldn't ever exist, and continuously trying things which are unavailable without much persistent backoff. That still have some way to go.
All Microsoft has to do is let people white label their Bing product, look at DDG...that's Bing's engine. Most people don't know, or care. The results are good. That's actually how Google became so popular, Yahoo used Google. Bing just needs to keep integrating itself into the next big things. Unfortunately Google often will pay a handsome sum to make sure it keeps a foothold...I mean look at Siri. It went from Google to Bing to Google. No doubt there was a negotiation that caused that. Given Apple's focus on privacy, it would be a bit surprising if they don't switch again.
What's the alternative to Android though? Apple has its own well-documented issues, as well as a rather large price-tag. I just use my phone for maps and some chat services, don't need a very fancy phone. Even the iPhone 7 is listed at £449, which is already £150 more than I paid for my Sony Xperia.
I wish stuff like HP WebOS or Meego was still alive, but as far as I know, Apple and Google are the only serious players in town at the moment :-(
There are no perfect alternatives, just imperfect ones.
Apple has their own issues, but they've claimed that their business is selling you a device and software and media to run on it, and making their money from that as opposed to reselling your data. Everything they've been doing lately supports that stance, and they've already recognized it as a differentiation, hence the way they have been up-playing the privacy features of their devices lately. Since they aren't selling you as much after the fact, they are going to charge you more up-front, and since they make their money selling software, they're obsessed with controlling the marketplace.
Google gives away software and media, and sells your personal data and advertising. They're showing increasingly that they don't care about your privacy if it affects their bottom line.
You have to decide which of those business models you support, and then support it. There's no third model where a business gives everything away and cares about your privacy. That's inconsistent with a bottom line of making money, and at the end of the day that is what the business is trying to do.
For a while Google gave the impression that they cared, until they established a large enough market, and now you're seeing them make the natural transition. They've grew their cash cow by giving away stuff, now they are milking it.
Any rational company with their business model is going to do the same thing though, so if you jump ship to another ecosystem now selling you a business model that is too good to be true, don't be surprised down the line when that proves to be the case.
Google does make a ton of money from ads and tracking, but how do they not "sell software and media" too? They sell apps and media in the same manner that Apple does.
Abusing users isn't OK just because they've found additional ways to extract money from users.
Disclaimer: I was a Google fanboy until a few years ago and I disliked but trusted Google until a couple of weeks ago. Now I don't know what to do but at least I've finally got around to switching my search habits.
Oh I agree, absolutely not. I'm against Google and don't use their software. I just thought that the parent comment wasn't very accurate as it characterized Apple as selling apps and media and Google as doing neither of those things.
Google has relatively few ways to actually give them money directly for software and media. There's Google Apps (assuming you aren't a grandfathered free customer from back when it was free), and I guess YouTube Red, and, um.... is there any other way to actually pay money to Google for services rendered? I honestly can't think of another option.
(I'm ignoring their hardware here because of course that's not free, and I don't think it's even intended to be a significant source of revenue anyway)
Don't they take a cut from any transaction in the Play store?
In stores around here, you can buy gift cards with a Google logo on it (play store credit). That's about as direct a way of giving them money as i can think of.
They do, but I wouldn't consider that to be the customer paying Google directly. There's a reason why people usually use the word "tax" to refer to this (and Apple's cut on their store).
I suppose buying a gift card is technically giving Google money directly, but that isn't the same thing as payment for services rendered, it's just exchanging USD for Google Play credit, which you then spend on apps. Or in other words, you get the exact same service that you do if you skip the gift card and just pay for apps at the point of sale.
>Google has relatively few ways to actually give them money directly for software and media.
Doesn't Google sell music, e-books, and movies/TV through Google Play? They also have Google Play Music as a subscription service. I was counting the Play Store as buying applications from Google, although it isn't Google's first-party software.
They do, but the context we're talking about is paying Google for Google software, not using Google as a storefront for buying other people's software.
I didn't realize Google Play had their own subscription music service. Good to know.
Android (the Android Open Source Project) itself is not the Problem. It's the lock-in ecosystem that Google tries to establish with the Google Services Framework, Play Store and the like. What is missing, is an open and privacy-friendly alternative to GSF. Without GSF we don't have efficient push notifications (Firebase Cloud Messaging), a geolocation provider, a maps API etc.
Personally, I have been using microG (https://microg.org/) instead of GSF on my phone for many years now. However, that is still just a partial solution. While it does its best to be privacy-friendly and does not have any integrated tracking / analytics like GSF, it still has to use Google's servers for push notifications, thus tracking is still possible to some degree.
microG is certainly not perfect and I wouldn't recommend it to the average user. Expect some things to not work or even certain apps to crash. It's a techie-solution for people who value their privacy highly.
What, specifically, are Apple’s well documented issues? They have fought for user privacy in court cases and in the court of public opinion over the last couple of years.
SailfishOS is still around, which is pretty much the spiritual successor to Meego. That said, even in Finland it has a tiny fraction of the market share of Android and iOS.
You can run Lineage OS without installing gapps. It's all the Google apps, including Play, that does all the tracking. I'm not 100% certain, but I see references in the bugreport log to dm-verity so I'm pretty sure it's doing cryptographically verified boot.
And then the next question is what are the alternative store options and which is the best?
Google searching (oops! irony!) I found aptoide.com, and found they have a lot of apps: Firefox, Firefox Focus, Lastpass, Expedia, Chime Bank, etc. I don't know how their build and distribution system ensures safe binaries - didn't check it out.
I recently dropped Google Maps in favor of OsmAnd, and I'm still having growing pains. You have to download maps offline, it's not on demand. It looks like I only get 7 downloads for free. I haven't checked pricing. I'm not sure what happens if I do a phone reset, if I get a new stack of downloads or not. Local searches are super screwy, listing things like delis, pizza, hardware store, in other towns but not my own town. It's...not like Google Maps.
I'm quite surprised how many up-to-date applications can be installed via APK files or alternative markets (F-Droid) and work. For instance, thinking of Threema or Whatsapp, two continously maintained applications which do not inevitably depend on GApps.
How is the experience, though? Do you find that most mainstream apps run without issues? Or do you need to exclusively depend on one of the OSS app ecosystems like F-Droid?
Google tracks you via Play Services. And any Google application comes with Play. So if you're trying to get away from Google tracking, you have to get completely out of the eco system including Play Store. So yeah F-Droid (haven't used it) or what I just mentioned in another answer, Aptoide (haven't used it but searched for some common apps and found them).
Sure, I get that. But everything is a trade off. I'm probably not as concerned about the privacy issues inherent in Play & GSF, but I'm at least somewhat concerned. Just trying to figure out what exactly I'd be giving up, and in what ways I'd make my life more difficult. (Obviously that's a pretty me-specific thing, so I'm probably not gonna get a great answer here. But I think it's worth thinking about.)
Google Play Services and other nonfree Google software can be installed on top of LineageOS, but LineageOS does not include them in its installation. I've used Lineage extensively with F-Droid as my apps source.
I can't resist the sarcasm. In that thread, others argue vehemently that you should sacrifice your money for your values. So arguing that the more privacy-conscious phone is too expensive, is... an unexpected argument :-)
I've found Startpage and its sister site IxQuick to be a good alternative to Google. Same search results with a lot of detritus filtered out, keeps you out of Google's search bubble, and it has built in proxy features.
Instead of Bing, which tracks you for monetization on Microsoft's behalf (though I trust Microsoft with my information more than Google), try DuckDuckGo. It uses Bing as a back end but, like Startpage, proxies the query so your information and identity never hits Microsoft's servers. It's also a much cleaner page code-wise than any other search engine I've seen. It often comes up with more relevant results than Startpage; I find myself often searching both for the same subject so I don't miss what I'm looking for.
Honestly, does using Google even matter anymore unless you are trying to search for something extremely obscure?
Most of the time, my searches are directly for products (ie, Amazon.com, Target.com, Walmart.com), people (ie fb.com), Wikipedia (first few hits on Google), locations (yelp.com, Google maps, ___ maps), recommendations (yelp.com, etc), hotels or travel (expedia.com, kayak.com, hotwire.com, united.com, southwest.com, etc) or Stackoverflow (first page of Google) — I’d wager any modern search engine such as Bing or DDG can easily present all the relevant Stackoverflow/Stackexchange/Stack{...} results you could ever desire.
It’s not the same as the old days of random (important) data sprinkled across the personal/hobby pages of some knowledgeable people across Geocities — is there even a need for using Google anymore?
You are introducing a concept worse than google not deleting cookies. Limiting the web to a handful of sites kills the concept of the web. I would suggest spending as much time out of the top 20 popular sites as possible. Diversity is key.
Just to chime in, I’ve found Spotlight on iOS to cover about 85% of my needs. It uses Bing for web results, but I often don’t even need the web results.
Everything else I just invoke DuckDuckGo or Startpage.
I actually missed this, that said the pertinent details that would concern me and others like me are covered right here:
> As is expected with Apple now, searches and results are all encrypted and anonymized and cannot be attributed to any individual user. Once you click on the ‘Show Google results’ link, of course, you’re off to Google and its standard tracking will apply. Clicking directly on a website result will take you straight there, not through Google.
In effect, this is much like using Startpage instead of google.com, at least up until you load a full results page (which I actually haven't done in quite a long time now that I think about it).
It would be nice also for websites to have an alternative to recaptcha. I hate to have to train google's models for free just to access a website. I'd prefer to do some work for data that can be openly accessed (OpenStreetMap for example).
I quit using all websites that use Google captcha. I also don't want to train Google's models and spend 2-3 minutes doing free work for Google just to sign into Discord. It's extremely annoying using a VPN with Google services too, as you 9/10 times have to do lengthy captchas. I miss early-mid 2000's captchas.
I'm pretty much done with Google now, and I think a lot of tech users will start pulling this way too.
Honestly I don’t think I even do that many actual searches any more, maybe I work too much, or am just odd?
The most frequent services I use, after thinking about it, are:
- local business/food/bars (hours, reviews)
- driving directions
- accessing email to confirm a signup/lookup a receipt/license etc
- events, theater showtimes
- flight prices
- pay bills etc
- check reviews/HN/ random articles.
Most of these I access directly or could be provided by any basic app/search engine.
After reviewing this list, you are left with a few extremely low margin services and a dismal grouping of actual usage, at least seemingly from Google’s point of view.
I’m not saying I’m better than a non power user (mom etc), but are they really worth more? Does clicking on Pinterest links half of the day, or forwarding political/funny emails really have value to 3rd party companies? (Google etc)
Maybe in the short term, there is a circular, ad revenue generation model, but is it really sustainable?
From a monetization perspective, why not just charge $99 for chrome vs charging $0.00005 * x-thousand and being seedy via ads? Not going to pay now, since trust is blown, but here’s to anyone in the future.
> Because nobody pays for software
I find this really annoying and silly. People spend money on many other useless stuff, but not software. We have reached a point were software and internet services is expected to be free.
I can't believe that this needs to be said here, but don't use Microsoft products if your goal is to avoid dark patterns and user monetization. Microsoft is at least 10 times more corrupt than google.
lol, nope. Like, what unit does one even measure corruption in?
GP appears to be expressing a rote dislike of MS uncritically carried through from the 90s. Nowadays they're nowhere close to Google or FB in terms of EITHER anti-competitive business practices or user/consumer/human hostile product designs.
No kidding, two sides of the same coin. Not claiming a sacred cow, but least MS has a viable business model outside of selling user data. Duck Duck Go is a better search engine than Bing or Google, anyway.
You should be good if you're using Android without Google services, I think.
That's exactly the rub. We don't really know.
My Windows phone is going defunkt and the only alternative I really see is either an iPhone, or then back to a dumb phone (a 4G wifi hotspot function would be great, but I haven't found a reasonable dumb phone supporting that).
I'll be damned before I carry any Android device on me.
Replicant runs on a total of around 5 devices. LineageOS runs on a lot of devices, the only difference is that LineageOS includes proprietary drivers, but not proprietary userland.
So, Lineage is a more realistic alternative. They're unlikely to spy on you through the drivers, at least it's more unlikely than being spied on by Apple by using an iPhone.
The problem with that approach is that I don't want to fiddle with my phone. I don't fancy installing custom roms and I don't need the frustration about a device running 99% fine, except for those annoying 1% that you need right now.
I see an analogy in GNU/Linux, which I started to use in 1999 (yeah, on the desktop). It was really good fun. I liked compiling my own kernels because I could. It's great when you can compile, say, Postgresql to the exact specifics of your box, etc.
But then you get to the point where you just want that damn thing to work. You don't want to waste a couple hours or more in figuring out how to burn a cd. let alone games (a situation, which is much better now). So, at one point and as much as I like GNU/Linux, the philosophy behind free software and the endless possibilities of tinkering with your system I switched back to Windows.
It's probably even worse with a phone. I want that damn thing to just work and I don't see that with keeping an Android phone Google free.
At least Apple is not in the business of selling my privacy to the sleaziest of sleaze in order to make a quick buck.
Edited to add : Thanks for the Librem 5 suggestion. I'll look into it.
My phone on Lineage OS 15 without Google stuff just works. There is nothing that does not work. It is flawless.
Actually, it works better than an average Android phone, or than the same phone with stock system:
- better battery life (it used ~ 2% battery during this very work day, with a few texts and one call) because it quite literally does nothing if I don't use it (granted, I use ForceDoze and that helps a lot).
- It never shows any sign of slowness, is never laggy like I can witness on many phones around me (and I use Firefox Mobile, which is supposed to be slow from what I read).
- I didn't have to disable any unwanted app.
Well, except for EAP SIM Wifi authentication, which does not work on any custom ROM that I know of and flashing a custom ROM is indeed a stressful experience, especially the first time.
Librem 5 will be pricey but seems like a good option when it is ready.
Maybe I should indeed do some research and look into it seriously. Your experience sounds really good and, provided I go that route, should save me a bundle (iPhones, especially the new lineup) are brutally expensive in Europe.
Your reply (and others in the thread) once again shows what a valuable resource HN can be.
This is my only chance right now unfortunately. As I've written here before I use open source closed loop insulin systems and Android is the most convenient OS to run them without needing to reinstall every now and then as you do in iOS.
I'd like something more linux-y, maybe with support for Android that I can run xDrip and AndroidAPS. But nothing else from Google. Anyways Signal, Email and Firefox are the other apps I need from the system.
I'm stuck on deciding what my primary mail provider will be. I do not mind paying a few bucks a month, would anyone have a suggestion? Regarding drive replacement, I will probably host a nextcloud instance.
I've also been using ProtonMail since the beginning of last year and neither a heavy mail user, but need it still. I'm paying for it and using my own domain. Some things to consider:
1) The web UI is probably not very nice and snappy if you use email a lot.
2) No IMAP for Linux (still).
3) If you happen to be like me (a bit of an idiot sometimes) and lock your phone so you don't get access to your authenticator AND you forgot the security keys, all your old emails will be PGP garbage from now on.
4) The Android app is a bit so-so... Bugs happen.
The good parts are it works, doesn't spy on you, encrypts everything client-side and is based in Switzerland outside of US and EU jurisdiction.
Really, the most important thing is to control the domain, so that changing the provider later is not a big deal. I've been using FastMail and it is great, but the hardest part was moving away from @gmail.com
If you just want pure email, migadu.com works very well. I like the fact that they price based on emails sent, not domains or addresses. This lets me run a different domain with a regex based catchall for account registrations so that my personal inbox remains clean.
They do require you to purchase your own domain but you should do that anyway to ensure that a provider can't lock you out of your digital life.
I can drop a vouch in for Protonmail. Been using them for a bit over a year now. They also recently added full PGP integration, with the ability to assign public keys to contacts, as well as the ability to use your own private key.
Im a longtime ios user thinking of switching to android soon - can you elaborate on android spying? All android devices? How do they spy and what do they gather? I hadnt come across this in my research so far
I'm not OP but I've been an Android user since the release of the T-Mobile G1 and have been trying to get rid of Google stuff for a while:
> All android devices?
No, not all Android devices. Only the ones with the Google Services Framework installed (or, if you're as paranoid as I am, any other Google service that is running as root).
To give you an overview, Google's power over Android users basically rests on the following pillars:
1. Google Services Framework (GSF): AFAIK every Google app requires the GSF to be installed on your phone these days. The GSF runs as root, includes all kinds of analytics libraries. It also links your phone to your account if you decide to set it up on your phone (which, theoretically, you don't have to but, in practice, you are often forced to). If you indeed do that and connect your phone to your account, things like contacts, calendar entries and so on get synchronized automatically.
Even worse, there's also a way for the GSF to back up all your apps' data and upload them to the Google servers. I'm just mentioning this to make it clear that the GSF really has access to everything on your phone.
Solution: Use MicroG (https://microg.org) as a GSF replacement. This, in turn, requires using a custom ROM like LineageOS and, thus, your phone's bootloader to be unlockable. Not all Google apps will work with MicroG but most do in my experience (see below).
2. Google Play Store: Most apps are only available on the Play Store, so if you want to use any of these you'll have to use the Play Store in one way or another. The Play Store, however, needs the Google Services Framework. And even if you got rid of the GSF and replaced it with MicroG (see 1), you would still have to install the Play Store as a system app, giving it root access to your phone.
Solution: Apart from getting rid of the GSF (see 1), use F-Droid for open-source apps and something like Yalp Store (or the Aurora fork) to download apps from the Play Store. (There are also ways to download apps from the Play Store using F-Droid, see e.g. https://github.com/NoMore201/playmaker) You won't be able to obtain paid apps this way, though. (Or, more precisely, you won't be able to download apps that you haven't already paid for.)
2. In-app payments ("Android Pay")
As you might expect, these are also tied to the Play Store and the GSF.
Solution: I haven't tried this in a long time but you might be able replace the GSF with MicroG and just have the Play Store installed and tied to your Google account in order for in-app payments to work. No guarantees, though.
3. Google SafetyNet (part of GSF, as well)
From my POV, this is the most painful Google "feature". It's a Google library that apps like Netflix and online banking apps use to verify that the device they're running on has not been "tampered" with. (What "tampered" means exactly is unclear -- it definitely includes rooted devices but the precise definition is Google's secret.)
If you want to use apps like Netflix, there is no real way around SafetyNet. This is because, if installed on your phone, SafetyNet will download a binary blob from Google, execute it and send its output (basically all the information the blob collected about your phone) to the Google servers. The latter will then do the verification process and notify the Netflix servers (or your bank's servers) about the result. The Netflix servers can then tell the Netflix app on your phone to lock you out if need be.
Solution: While MicroG can't circumvent this, it does support SafetyNet these days by emulating the original SafetyNet implementation. So it, too, will download the binary blob and execute it.
Put differently, in order to use Netflix and most online banking apps you will still have to make sure that your phone passes the SafetyNet test. Here, you've got two options:
Option b): Don't use root or any of those modifications in the first place. (I.e. you could just run LineageOS without root and you should be fine.) The problem with non-rooted devices is that they also don't allow you to run a firewall or apps like Xprivacy for more fine-grained privacy control. (When it comes to firewalls not requiring root, NetGuard does come close, though. However, it should be noted that you won't be able to use VPNs anymore.)
4. Google services that are tied a Google account, e.g. Gmail, Drive, Maps, Picasa, Home, Google Now/voice assistant etc.
As already mentioned, they all require the GSF to be installed on your phone.
Solution: I would recommend staying away from them but if you really need them you should be able to replace the GSF with MicroG and they should still work. There might be exceptions, though, depending on how deeply they are integrated with your phone. (The voice assistant might be one such example.)
5. Google services that are not tied to a Google account, e.g. Maps
Solution: Same as 4) and/or use an OpenStreetMaps-based app like OsmAnd as a replacement for maps.
This is one thing that I genuinely have never understood: if it's this challenging (and effectively impossible for non tech savvy users) to make android devices safe / private / secure and also feature-complete - why, oh why are so many people still using them? This is not me fanboying Apple, it's just sort of mind boggling to me.
This is from someone who used a nexus 6p for two years, and some older stuff before that - but who has recently switched back to iPhone for its ease of use and privacy stance.
Coming back to iOS from Android can be painful - there's too much "you're holding it wrong" mentality in the platform and its UX. If your use cases fit the design, everything's great. The moment they don't, it's extremely frustrating.
(This is very similar to Windows vs macOS, by the way.)
Indeed! I find that the degree of customizability that Windows allows to be more than sufficient for my needs; but I have no doubt that there are people who have different needs that are not accommodated.
If you think it's "challenging" to use Android devices without Google, you should try using your iPhone without Apple. At least with Android you have the option of installing a custom ROM based on AOSP with no Google services.
I think that's a very good point. Also, the vast majority of Android users doesn't mind the tight integration with Google in the first place and among the minority that does, there are only very few people with the technical expertise to change anything about it. So most people end up surrendering themselves to Google because 1) they don't see any other option and 2) it's also the most convenient "solution".
While it's definitely a lot of work, the author of the sibling post is right: Getting rid of Google services is fairly easy. The issue is rather that you might still want them in some cases. Then, it's often not so much a security issue but a rather a matter of getting them to work with your restricted setup.
DDG has improved substantially recently. I've had some technical search queries that gave me 2-3 results on DDG, and when I used the !g bang to lookup in Google, I got a "no results" page. =P
You might want to take a look at AT Internet, they're GDPR compliant and have been in the business for a long time. It's more of a B2B company though. They have big companies as clients, mostly in France and Europe (BBC)
Is there a good alternative for google photos? I remember I looked for one few months ago after I got a little freaked out by google facial recognition, but didn't find any good alternative.
> Then ditch android which is the spy in your pocket.
To what? iOS spies even more by default (no way to disable AGPS vs. opt in on Android) and doesn't allow using privacy-enabling apps by default (system-wide ad/tracker blocker, real Firefox, Signal, local maps, etc.) unless you hack your phone. Worse, it doesn't let you develop for your own phone without rebuilding weekly or paying a yearly fee for the privilege. Between the two evils of Google and Apple, Google remains the lesser evil by a long stretch.
Being unable to disable AGPS is not the same as "iOS spies even more". Apple charges more because they don't sell you data or spy on you. There are system-wide ad-blockers, Firefox Focus is great, and there is a Signal app. Apple is actually going out of there way to make Safari harder to track - https://www.wired.com/story/apple-safari-privacy-wwdc/
They're also the only company who has been strong enough to stick up for their customers and publicly decline the US government assistance or backdoors into their products.
> Being unable to disable AGPS is not the same as "iOS spies even more".
True but I'd like to point out that different standards are being applied here when talking about Android's lack of privacy vs iPhone's privacy friendly policies. Namely there is a large post above on how Google Services Framework has access to everything in your phone so it is bad (and we need to do everything to get rid of it) simply because of what it _can_ do, rather than of what it actually does (because what it does largely depends on user settings, like for example if you want to backup your whole phone, obviously that's going to package and save all your phone's contents on Google servers).
Most of the privacy features you mention seem targeted to stop a certain type of information gathering (that of web based adtech, obviously those are Apple's competitors so it's not surprising) while it's not covering the biggest issue IMO with smartphones: information gathering by the system applications that you have no control over. Do we know how much information does Apple collect with their system software and store it associated with your AppleID and you have no control over that? I never used an iPhone so I'm curious, especially things like: location (nearby cell tower information, GPS and wifi networks), contacts, phone call log, SMS log, process list/applications running or installed, DNS logs, API calls logs.
> Being unable to disable AGPS is not the same as "iOS spies even more".
I just showed you one way that iOS spies on you that you can't turn off. All other default data collection is exactly the same between iOS and Android. N + 1 > N. Q.E.D.
> There are system-wide ad-blockers
Where? I'm talking about blocking ads and trackers in all apps, not just in web views.
> Firefox Focus is great
It doesn't use Gecko or Spidermonkey. It is not real Firefox.
> and there is a Signal app.
Which, as I already said, you can't set as your default SMS app.
> They're also the only company who has been strong enough to stick up for their customers and publicly decline the US government assistance or backdoors into their products.
Even Google has declined to assist the US government. There is no difference here. Everywhere else, iOS is significantly worse.
> Apple charges more because they don't sell you data or spy on you.
Apple charges more because they know they have enough rubes that will buy into their marketing spiel, even convincing some software engineers to buy programmable devices they aren't allowed to program. Google doesn't sell your data either, and as I've already shown, Android spies on you less.
Most "full ad-blocking" requires being rooted on an Android device too. And you've obviously not done very much research about what data Apple collects vs Google. Simply using each OS will show you a big difference in philosophy. Google makes you approve all permissions when you install an app without clearly stating what it means. iOS apps have to ask for specific permission the first time they want to use GPS, camera, microphone, etc. Default apps? Yeah that's annoying, but it's not like you can't use Signal. And Google is currently working with the US government on many projects, which has caused many Googlers to quit the company.
> And you've obviously not done very much research about what data Apple collects vs Google.
I showed you exactly how Apple collects more data from iOS than Google does from Android. You're trying to Pee-wee Herman your way out of this with an "I know you are but what am I?"
> Google makes you approve all permissions when you install an app without clearly stating what it means. iOS apps have to ask for specific permission the first time they want to use GPS, camera, microphone, etc.
You're wrong — Android also asks for permission at the time the app wants to use a feature. More importantly, this has nothing to do with what data Google or Android collects, which is the whole point of this thread.
> it's not like you can't use Signal.
Moving the goalposts. You can't use Firefox. An SMS app is nearly useless if it can't be set to the default.
> And Google is currently working with the US government on many projects, which has caused many Googlers to quit the company.
Again, not by sharing user data with them, which is the whole point of this discussion.
Signal is not an "SMS app". Signal is an end-to-end encrypted messaging app, that just happens to also support SMS. Note that if you use Signal as your SMS app, to send SMS messages, they are not encrypted.
The whole point is that it falls back to SMS if the other party doesn't have Signal, so you don't have to think about it beforehand. It most certainly is an SMS app, and not being able to set it as the default makes it nearly useless.
>> There are system-wide ad-blockers
> Where? I'm talking about blocking ads and trackers in all apps, not just in web views.
Apple allowed them for about a year before reversing course. Lookup Adguard's blog posts for detailed history.
Their app was fantastic (I've still got an old version installed which is still working great on iOS 12.1) and allowed the use of standard tracking lists for systemwide blocking / firewalling.
My guess for why Apple reversed course is that they had no easy way of stopping spyware-masquerading-as-adblockers without blocking all.
That’s pretty much the reason Google has a browser in the first place. Most normal users don’t really grok the difference between ”browser” and ”Google” anyway.
>Most normal users don’t really grok the difference between ”browser” and ”Google” anyway.
I doubt that. With the marketshare on Windows it is very likely, that people deliberateley install Chrome. So they know what a browser is, now that they have at least 2 installed.
Google push Chrome crazy hard whenever you touch a Google service, and they have a crazy bundling game in play - they bundle with flash, acrobat reader, some free A/V products - wherever they can get marketshare.
Plus some pre-built PCs come with Chrome preloaded.
To expand on that, every single person I know who has actively tried to avoid Chrome, have all been fairly technical, but still somehow been lured into installing Chrome, at least once if not more.
If I remember correctly, that's what Google said when Chrome was introduced. Browsers at that time did not adequately support their services, so they made their own browser.
That's not necessarily a bad thing. A render engine monoculture makes web dev easier---if I could have all the hours back I spent on taking perfectly working code on Safari and Chrome and making it work on Firefox, I'd take them in a heartbeat.
And if they implemented these "features" as part of the core browser update rather than as an extension, it would have been okay?
There may be a legitimate debate worth having here, but basing the complaint on the good code hygiene practised by Mozilla's developers is silly.
These so-called "compromises" were nothing in any practical sense. Meanwhile, every web page you visit leaks the fact of your existence a hundred different ways and 99% of us don't care much.
They just did it again to gain a count of users who turned telemetry off.
In general, I see firefox's point that using the system extensions to deliver autouodates and allow them to iterate more quickly. However, it also feels like whenever we see these extensions that they're something shady.
I don't know why you're being downvoted, but what your saying is true.
Firefox activates limited telemetry for folks who turn off the heavy stuff. While your firefox browser shows that no telemetry is taking place, the browser will silently send information about your browser, os, and other information to Mozilla.
Personally, the privacy implications don't concern me as much as a browser that is deliberately lying to and deceiving it's users (though I can certainly see how it can be privacy concern).
If someone wants true and total control over their browsing experience, neither firefox or chrome are a good choice (imo).
You can't disable it installing new extensions behind your back without telling you, though. These are "system extensions" and you can't opt out of them.
System extensions are not really extensions, they're just parts of built-in browser functionality that have been implemented by programmers with good code hygiene.
It's unfair to describe these as "installing random extensions without asking" because you would then have to admit that it's equally true of every new feature of every software program that is ever updated.
That is a logically incoherent statement. The only mechanism Mozilla has for "installing secret extensions" is via software updates. If you turn that off, they can't install anything.
It's sad to see people jumping between the same browsers, when the amount of change between each jump is getting smaller and smaller. All of them are becoming more hostile, just at different rates.
The outlier is (was?) IE, it kept the same interface and configurability while others continued dumbing down (although things are changing with Edge too) and it seems the massively anti-user decisions the other browsers made never really took hold at MSFT until most recently when they began sticking telemetry up the wazoo.
If you care more about user control than web standards compatibility then perhaps IE is the best choice... for now. At least it is more compatible than the "fringe" browsers like Dillo and NetSurf, or even the text-based ones. Opera, before it became another WebKit-shell, might be another good one.
(Disclaimer: No affiliation with MSFT, just someone who has watched these browser wars for a long time and saw this gradual "illusion of choice" take hold. I use various browsers depending on which site it is.)
I think the core motivation of the Vivaldi team is also a browser that's maximally customisable, so Vivaldi is another viable option that's not 'dumbed down.'
Shows how powerful Google's brand still is with the software industry. Company was built on it, and now for at least a decade it's been exploiting that brand power to subvert any/all expectations of control over our data. And frankly we're all to blame for having the wool pulled over us.
I tried to switch to Firefox lately after this new speedy version had been released.
I really underestimated how good Chromium is.
Basic stuff, like in page search(Ctrl+F) is awful after Chromium experience. Resistance to copying omni-bar is silly.
Crashes every day. The UX is bad compared to Chromium.
Spent month dealing with it and just abandoned this endeavor.
Really sad, i want Firefox to be better.
"Resistance to copying omni-bar"? It seems to work OK for me. What are you trying to do and how does Firefox resist it?
"Crashes every day"? I can't remember the last time I had a Firefox crash; maybe this is OS-dependent. (I use it on Windows and on FreeBSD; how about you?)
"The UX is bad compared to Chromium" -- obviously if you're used to one program's UX then another's may seem obtuse. What about the Firefox UX is actually bad as opposed to different? (For what it's worth, to me FF and Chrome seem very similar to use.)
(I think I agree about ctrl-F, which on some particular pages seems to misbehave on Firefox in ways I don't understand.)
I'm one of those people who can't use Firefox thanks to the frequent crashing. It happens for me at least once a day, particularly when I have the same site open in multiple tabs. I get a yellow bar saying a script is slowing down this website, and ALL the tabs lock up thanks to it. If you're lucky enough to kill all the impacted tabs (you're rarely that lucky, it's that unresponsive) your browsing experience from then on will be bad, and the whole browser will need restarting.
I haven't seen a Chrome crash in years, yet the Firefox ones are very frequent. Not that I want to switch, I might be the only one here who is happy with Chromium on all my PCs!
Interesting! I occasionally get the "a script is slowing down this website" message, but not nearly so often and killing the affected tabs seems to work OK. I guess some pages are super-extra-bad for Firefox. Or perhaps some extension you have is causing grief? (Though that should be much less able to happen in the era of WebExtensions.)
I think he was referring to the fact that Mozilla is still unsure about unifying the address and search bars. They only show an unified bar on fresh profiles, IIRC. What he thinks is wrong with keeping distinct bars, besides being different from Chrome, I don't know.
If whoever downvoted the above would care to tell me what they find unsatisfactory about it, I'm all ears. (For the avoidance of doubt, I mean that; I'm not just being snarky.)
I haven't had Firefox crash in years, and I use nightly for all of my day-to-day browsing. Chrome crashes or locks whenever I iterate on a canvas based game after some amount of refreshes.
I was thinking more in terms of replacing traditional desktop apps that work with USB like sensors, single-board comp dev, and hardware diagnostic tools (protocol analyzers etc) it’s nice to be able to quickly update a webapp and have native access to usb as needed.
Displaying colors properly on wide gamut displays is one. Can't use Firefox because of it — I can't design in the browser if it renders everything wrong on my iMac.
Do you mean Firefox doesn't have a way to return the zoom level to its default? (It has two; you can do ctrl-0 or you can click on the zoom-level indicator in the URL bar.)
Or do you mean you can't tell it to default to a zoom level that isn't 100%? (That seems to be true.) I confess that's never a thing it's occurred to me to want; it feels like if I wanted every website's text to look larger or smaller, I'd probably want everything to look larger or smaller and would adjust my OS's scaling level. But I know some OSes handle that better than others, and maybe there are good reasons for wanting different scalings for websites than for everything else. Still, it's not clear to me that this is so obviously important a thing that "doesn't even have" is fair.
This has been a sticking point for me too when trying to transition to FF from Chrome. My main monitor is a 4k 24-inch, and at that pixel density, the Windows HiDPI scaling isn't always enough to get the text the correct size for comfortable viewing. For text-heavy sites like HN, Reddit, and Wikipedia, being able to set a default 125% zoom in the browser is very nice, while still being able to keep the default zoom for sites like Youtube where video player size is more important than text size.
Considering the cost to implement would probably be pretty low, I think it is a fair complaint against the browser. Still, privacy concerns may supersede convenience in this particular case, and I think I might try again to switch.
Another confirmation that engineers and product developers are no longer in control at Google.
Engineering and product first is how Google won the game initially, very easy to forget that when the money rolls in massively and the power structures move away from those driving forces.
Microsoft already went through this engineering/product growth to bizdev/marketing control to stagnation and is already in the return to engineering/product first phase. Basically their own Ballmer era is what Google is entering.
Bizdev + marketing are hugely important, but the products and engineering need to be the focus. It is much easier to bizdev and market a product and engineering led system/focus, though success through this is always forgotten when massive success comes around because engineering/research and development are hard to quantify and put metrics to which the power structures move away from.
Let's hope there are factions of engineering/product focused people in Google that can gain back control.
"Okay, users are confused by how they're logged into Google but not Chrome, or Chrome but not Google - let's make them one and the same".
"Okay, but once you're logged into Chrome now, every post we check to see if we have the Google cookies to keep that sync... so that means when you clear the cookies the Google ones will automagically reappear"
"Ugh, let's just notify the user that clearing the cookies won't clear the Google ones"
"Yeah, that works".
Come on, we're all developers here, we all know how these conversations work.
Furthermore, I see all this anger about this technical decision affecting peoples privacy, but have not yet seen someone provide a good engineering solution to the problem it was trying to solve.
Example Use Case: I was contacted by my poor old mother recently who said that she was logged into "The Google" but was seeing the wrong emails! She was horribly confused.
What had happened was that my sister had checked her email on my mothers computer and forgot to log out. My mother was logged into Chrome (as it correctly said on the top right of the browser) but didn't understand that logging in/out of Gmail was a different thing.
To blame non technical users for being confused here is unfair at the least. And I'm sure there are millions of them with the same problem.
A technical user who cares about privacy can:
- not log into Google and use an external email client for Gmail
- use Gmail in incognito
- disable Chrome auto log in via the preferences (although I haven't tried this myself some people say it works, although I've seen conflicting info about if this works in future versions of Chrome).
- use Firefox (but if you are still using Gmail I'm rolling my eyes here)
I personally don't think it is too evil that Google cares more about people like my mother than advanced privacy conscious technical users.
Also I can't see how auto syncing ones account with Chrome really damages privacy any more than what is there now? If you are logged into Gmail they have your cookies while you browse the web anyway. If you privacy conscious enough that you log out of Gmail every time you are done, fair enough, but I would suggest not using Gmail at all in that case.
But most importantly I'd like to hear a better engineering solution for people like my mother?
I'm not generally a fan of the privacy hysteria around Google/FB, etc. But I think the solution here is pretty clear: Don't build a login system for your browser. It's inherently confusing.
What's confusing is having a zillion usernames and passwords for every site on the internet, and "doing it right" (which only a tiny percentage do) requires installing password manager extensions in your browser. In practice billions of users use the same insecure password everywhere including their banks.
You may or may not like the implications of centralizing authentication to a few players, but it is a massive improvement in security and usability over what we have now.
I am quite happy with this change, and hope to see "log into chrome" as the equivalent of "log into all websites that use google auth". It will simplify not only my own life, but all of my customers' lives (my B2B SaaS service uses Google auth).
Logging into your browser is not the same as logging into all the sites you use. And you certainly don't need browser login to enable it - just use OAuth. This is a solved problem.
I suggest you try spending a few hours in my support channels.
The problem is that users are confused by the fact that "logging into your browser is not the same as logging into all the sites you use". You can literally sign into chrome with one google account and then sign into google with a totally different google account. Futhermore chrome has different "people" (browsing profiles) which confuses them even more; there's three different things that look vaguely like identity here.
You think this is just fine, Mr. Oauth, but I guarantee you it's a giant mess for the 99.9% of humans who have no idea what oauth is.
Chrome usability would be significantly improved by collapsing "logged into chrome" and "logged into google" into a single thing.
It seems to me like you provided no arguments how is login-into-browser feature clarifying things. You even mentioned people being _confused_ about it.
People don't need to understand oauth to use it.
(and before you pull that one again - I am supporting technically-illiterate people quite often)
It would be a world of simplicity if I logged into the browser with my google account, a little picture of myself showed in the top right corner of the browser chrome (instead of in various places in different apps), and that identity is what was used for per-app Google auth.
I should also mention, there's another place it gets used - in Chrome extensions. That should use the same identity.
Google login then becomes one reasonable choice for "log into the internet". Right now it's too fractured to be a coherent identity.
> I should also mention, there's another place it gets used - in Chrome extensions. That should use the same identity.
That's actually good use case for the browser login feature. (when one is using some google-acc-connected extension)
But for ordinary users I don't think this solution would work flawlessly, because it is different than ones before (and users learn new things slowly).
However if that would be the actual implementation (force logging everywhere into the same acc) I agree it would be simpler for end-users. But it is not, therefore original point (browser login is confusing people) still stands. And therefore teaching users to rely on it does not seem like a good idea.
I realized that Chrome now (M69) forces the forced-logging-in solution (not sure, cannot test atm). Then my post is mostly moot (can't edit already), and for simple-users is this change probably good.
People don't need to know what OAuth is to use it. I've built and provided support for a site used by thousands of adults and even children! They rarely had problems understanding OAuth. So, maybe make a better argument than "you just don't have experience with support".
> What's confusing is having a zillion usernames and passwords for every site on the internet, and "doing it right" (which only a tiny percentage do) requires installing password manager extensions in your browser. In practice billions of users use the same insecure password everywhere including their banks.
That should be OS level. The fact that the OS does not provide good, lightweight ways for mortal users to whip up additional user-accounts for guests and family-members without breaking a lot of things should not mean that Google makes their own into the browser and adds yet-another-layer-of-login.
I log into things from my apple laptop, my android phone, and occasionally from a chromebook I have lying around. Credentials shouldn't be tied to one OS or one OS maker. I'm happier with authentication baked into Chrome, which straddles all three.
> But most importantly I'd like to hear a better engineering solution for people like my mother?
Sounds like not having to be logged into your web browser would be a good start, then you'r mother wouldn't have been confused between being logged into chrome and logged into gmail. This is a problem google created in the first place and now you're giving them credit for fixing it.
> I personally don't think it is too evil that Google cares more about people like my mother than advanced privacy conscious technical users.
They care about her so they can harvest her data and manipulate her.
Everybody at Google, for anything they do, should ask a simple question on any proposal ... how does this impact user privacy for those that care?
Given Google's size and power it's irresponsible for them to not do so.
And given that there are really smart people working for Google, including a whole department working on analyzing the threats and preserving user privacy, I won't believe for a second that nobody thought of this. Which may mean that they don't care, even if they did once. And again, given their size, their power, their potential for harm, that's not OK. With great power comes great responsibility, bla, bla.
So I'm not buying that.
Also, now that the shit has hit the fan, lets see what they do in response. Probably nothing ;-)
This idealism reminds me of a post I saw here a long time ago about a software developer union. One of their stated goals was "to advocate for people whose job was displaced by automation".
Both read to me immediately like high octane, weapons grade, 200 proof naiveté.
"Everyone at UPS, for anything they do, should ask a simple question on any proposal ... how does this impact bicycle couriers?"
"Everyone at Amazon, for anything they do, should ask a simple quesiton on any proposal ... how does this impact local mom and pop general stores?"
The organization you're talking about is diametrically configured to oppose the thing you're saying they should be mindful of. I just don't even know how it's a thing you can imagine is possible in this world.
This comment reads to me like someone saying. "When anyone in the world is about to shoot another person, they should stop.. think about what they're doing and then _not_ shoot them. This would reduce the number of shootings dramatically."
I uh.. atleast to some degree agree with all the above things.. despite that, there's a whole axis of maximum confused exasperation I feel reading about them.
I can see how the programmer example is analogous to the others and shows naïveté.
I don't see how any of those is analogous the parent's suggestion. Privacy is not a business rival to Google (as Amazon to small shops or UPS to bike couriers).
True, the attribute privacy hurts one of Google's profit channels; but then, it also makes the product less attractive [1] to the users it needs and exposes it to legal liability, or may leak information that hurts users and hurts profitability in other ways. Even if Google benefits from loss of privacy in some respects, it is hurt in other ways by not consistently, predictably enforcing privacy boundaries.
Neither is true for Amazon vs mom-and-pop or UPS vs independent bike couriers.
Lumping them together is unfair and only communicates "there exists a superficial similarity to an argument that's stupid".
[1] I get it, "if you're not paying, you're not the customer..." My point should be clear though.
Google's takes money from group B, and use their tools and tech to convince group A to give money to group B.
Data about A is the fuel for the machines that allow them to provide value for group B. I removed the indirection in my metaphors to try and communicate how the "consciousness" of a large company views the assertion. If you view google as a sentient entity, it looks upon comments like the GP as though they're coming from children.
I could've added more parity by replacing the business rivals with the words "decentralization" on all of my examples, but I think it muddies the message for no gain.
"Google should think about what it's doing to people's privacy!" sounds naive to me because google does exactly this! The levy of google's smartest are constantly trying to find ways to gather more data, or infer more things from the data they've got.
Privacy is more of a business rival to google than any other company. Alexa, Google Assistant, Siri -- they're all just new pump jacks.
Really, the whole concept of the parent shows a lot of naiveté I didn't even address. 7/10 engineers on a floor agreeing not to take the "mind control plebs" ticket doesn't do a thing when there's enough people to complete it anyways. Your gesture didn't do anything.
Publicly martyring your career for your idealism DOES add a nugget of fuel to society's awareness and opinions about the thing, but I suspect the issue is just too oblique right now for that fire to get started.
Off topic, but I have a sneaking suspicion that Facebook / Google are >100 years ahead of everyone else in sociology. At some point the code's just cracked, and taking away the keys doesn't do anything but deepen the moat around Facebook / Google.
If those companies are ever defeated in war, I suspect that their contribution to society will be similar to Unit 731, Ahnenerbe, or any of number the other non consensual human experimentation throughout the years. We'll tut tut about the unethical mongrels while telepathically scheduling the chores of our vat grown slaves made possible by the abuses of this era.
Or maybe engineers will just agree to stop sometime soon and that'll be that!
Industries are regulated because they don't naturally do what society wants. Regulation changes their incentives and behavior to make that happen.
A leopard can't change its spots and an ad-tech company is never going to design their products with preserving privacy first, because they can't [1]. It's like a body rejecting an organ transplant.
If our last hope depends on any kind of unity of intent among members of our profession then we're doomed.
It's at this point I am tempted to unpack what precipice we're about to go over when our last hope disappoints. Instead i'll stop on an optimistic note: everything is terrible and nothing matters, but humans will keep doing human stuff for as long as we can. By some measures things will continuously improve and by some others we'll regress and retry old tyrannies under new epochs. The ebb and flow can't be arrested by unity while we all hate each other like we do.
Fortunately, we'll only keep on hating each other until we get something else we hate even more. Make no mistake, some day we'll all come together to hate something else again. The unity of action that'll afford will allow us to do some pretty remarkable things. Hopefully the thing we all hate together actually deserves it this time. It doesn't always work that way ;(
Mhm. In the same way that imbuing stoats with a sense of empathy will help restore endangered bird numbers.
As another comment stated, direct governance in the form of regulation is the appropriate tool for this problem. Other options, especially hoping for an application of a particular ethical framework, is dreams.
You're saying it's idealism, I wouldn't call it that.
This to me is the social contract that binds our relationship as consumers with these companies.
If I cannot trust them, it means I can no longer recommend Google.
And I already stopped recommending Google's products a while ago. What changed now is that ... I'm actively recommending against them to everyone I know and that is using a Google product that I happen to notice.
Of course, I'm a single individual, I can only influence my friends and my Twitter followers maybe, and I'm sure most of the time I'm preaching to the choir.
But I felt that way when I was recommending against Microsoft, since 2005. And guess what, enough people started to do it and it started eroding on their influence and market share, coupled with their own blunders of course, the classic "inovator's dilemma".
And as a datapoint, I think one of the primary reasons for why Windows Phone was a failure was because developers rejected it, due to it coming from Microsoft. Now you can talk all you want about market share, monetization and tell people that developers go where the money is, but I remember people hacking for Android phones ever since they hit the market and it took a really long time for Android to become barely profitable for app developers (it still isn't actually), not to mention a worse experience compared with Apple's APIs, yet developers embraced Android. Thus that lost sex appeal and trust that Microsoft had back in the days of Windows 95 was lost and they still haven't recovered, which prevented them from getting a foothold in a market that really matters for their future.
Nowadays Microsoft is doing fine, but they had to make some drastic changes to regain the lost trust, as they were going downhill, even if it wasn't necessaril and please notice that in spite of their best efforts, they still haven't regained that trust. Notice what happened when they acquired GitHub. Not the kind of reaction you expect when you buy something for 7.5 billion. Although I'm sure people will get over it soon, if they don't screw it, like they screwed Skype that is.
So you know ... I might be idealistic, my colleagues too, but judging by HN's reaction and the reaction of people I follow on Twitter, to me it's clear Google's image has changed and it does matter because we can influence their future.
Companies can choose to not care. But that's how they eventually become irrelevant.
> how does this impact user privacy for those that care?
Can you answer this for me?
Given the scenario - when you clear cookies all cookies are cleared but new cookies for google services are set again, what is the privacy concern for end users?
You're kidding, right? Selling user privacy is how Google makes their money. Other than Facebook, there probably isn't a single company out there less interested in protecting user privacy.
Don't they have anybody from the legal department to oversee the decisions of developers? A wrong decision could cost them millions in fines in these days.
Hackernews needs it’s own version of infowars where people can declare and believe in their most absurd and cynical conspiracy theories regarding tech.
What makes this a cynical and absurd conspiracy theory? Is it that cookies are being kept so as to not break browser login, or that the decision-making was driven by software engineers?
If that is the case, I recommend some basic privacy and security training for every engineer. I believe the root cause at Google is elsewhere though, its goal is to make money, lots of it.
Yet, it coincidentally has the properties to keep your ad tracking identity in tact, so Google can serve you ads based on your online profile. What a wonderful side effect. I'm sure they had no idea that would be the case, just pure luck.
That feels like whitewashing part of the blame that applies to engineers and product developers. We don't get to say "oh it's those pesky money people, how dare they", while drawing a salary from the same pockets.
Engineers losing control to money types and bureaucrats is a gradual process. It is not that one day Google strikes out the second word from its unofficial motto ("do not be evil"). Engineers might dislike each small step in that direction, but it is not enough to make them pack up and move (house, family, kids, etc.). Pretty quickly they are tamed by both money people and the bureaucrats -- still appreciated and paid, but as brains to be tasked, with no ability to influence company policy.
People accept a LOT with gradual changes over a few years that they would never accept as an upfront bulk package. This is not just in engineering. But there is a flip side to this -- once bureaucrats are in control and engineers who stay accept "that is the way we do it" as a justification they often lose energy and become set in their ways. This is more dangerous to a company than a rotting executive class. My 2c.
I wouldn’t call Microsoft as a company returning control to Engineers and product.
I bought a surface pad for my dad. Setting up was a pain, my dad had constant issues where he’d do something and didn’t know how to get out of it. UX was inconsistent. Bing ads everywhere. Yuck! It still very much felt like features were created for someone to get a promo.
Google at the moment feels like a ruthless data driven company. “Our charts show that with this change people use more google services. It invades user’s privacy and pisses off a bunch of HN users but who cares? This will make us a trillion dollar company, and it is working!”
And this is why everyone should fear Google. If they are willing to do this, as their AI capabilities advance, their actions show they value their stock price far above their users privacy. God knows what they’ll do next. It’s not the first time they’ve done something like this.
On the other hand. The current US govt is in bed with Google. They lobby like crazy. The govt will not do anything. Gogo is a behemoth that can pretty much get away with anything now. May be the EU will. I really hope they get fined for this.
> Google at the moment feels like a ruthless data driven company. “Our charts show that with this change people use more google services. It invades user’s privacy and pisses off a bunch of HN users but who cares? This will make us a trillion dollar company, and it is working!”
Despite my familiarity with the Paperclip Maximizer, it has still been instructive to think it through in real time. It's a nice way to think about priorities in life.
> I wouldn’t call Microsoft as a company returning control to Engineers and product.
I would not either, but this just reinforces the opinion that it is very hard for a company to get out of this state. Once engineers are domesticated even if the leadership wants to reinvigorate the company (and I think Microsoft's would like), empowering tame engineers is unlikely to produce earth-shattering results. Product improvements, sure; new technologies, probably not. My 2c.
Yes, right after they got caught helping drug pushers and had to pay a $500,000,000 fine.[1]
"Google executives, including CEO Larry Page, knew about this stuff and condoned it":
"Mr. Page, now Google’s chief executive, knew about the illicit conduct, said Mr. Neronha, the U.S. attorney for Rhode Island who led the multiagency federal task force that conducted the sting. “We simply know from the documents we reviewed and witnesses we interviewed that Larry Page knew what was going on,” he said in an interview after the August settlement… “Suffice to say this was not two or three rogue employees at the customer service level doing this on their own,” said Mr. Neronha, the U.S. attorney. “This was corporate decision to engage in this conduct.”"
This is way, way beyond most company scandals. It made the front page of the Wall Street Journal. Page could have ended up doing federal prison time.
They disagree with the direction the company is going so they ... quit? They apply at some other company comparable to Google, uproot their family, move across country, and get a job somewhere else?
I don't blame the engineers one bit. I certainly don't expect the poor engineer that had to implement the cookie changes to refuse and quit his job over it.
That’s how values work. You VALUE them, meaning—objectively—you are willing to make some sacrifice for them.
Same goes for working for a predatory financial institution, a manufacturer who makes dangerous products, or for that matter, a company with a toxic culture.
How is this different from working for a tobacco company? Decades ago we had the same conversation about people who ”were just following orders.”
If you aren’t able to change your organization, change organizations. If not, fine, but you cannot escape having proven that you don’t actually value consumer privacy or what-have-you more than your hot supper. You just consider it a nice ideal to bandy about in conversation.
Summary: Those who are complicit certainly deserve their share of the blame. At the very least, you can say of them, “they value money more than privacy.”
If you don’t think so, maybe YOU don’t value these things that much, which is why you won't hold anyone else accountable for them.
If you take the engineer off the hook because “they can’t change things,” you know what inevitably happens? You discover that the product and eng managers can’t change things either. In theory, maybe, but in practice they are given accountability for revenue and growth targets, so what choice do they have?
Let’s move up the ladder. Can we blame the directors and ELT. No, the markets hold them accountable for growth, and every company plays dirty, so what choice do THEY have?
Pretty soon everyone is shrugging, and now you understand how SYSTEMIC problems persist: Nobody is held personally accountable because no one person can make change without sacrifice, and sometimes not even then, it would take mass walkouts or protests , and each person is but a drop in the bucket.
This mechanism of not holding people accountable because they don’t have sufficient authority or power to make unilateral change is how all systemic injustices persist. Racism, sexism, class distinctions, corruption in government, predatory corporations, all of them.
They persist because individuals say, “What can I do? Nothing, so I might as well go along with it.” And if everyone accepts this...
The next thing you know, they’re writing software to assist opressive regimes oppress their citizens.
Agree in spirit, but in the case of Google/Alphabet there is somewhere for the buck to stop: AFAIK Larry + Sergei (+ maybe Eric?) control more than half of the equity in terms of voting power, so if they want too promote their principles at the expense of revenue growth they can do that regardless of the feelings of other shareholders.
This is more speculative, but I think public markets don't really react adversely to visionary CEOs / founders putting principles over growth, so it's not like they would make all their paid-in-equity engineers take a pay cut for their principles either.
All participants are equally complicit, but some are more equally complicit than others :-)
p.s. I know the market seems to like Apple’s perspective on privacy, but unless we can examine an altrnate universe where iPhones aren’t selling like hotcakes, it’s tough to know whether the market values the eithics involved, or just thinks it’s a fine strategy.
If the latter, the market doesnkt really value their values, but rther their ability to make money. Which is mot the same thing.
We can examine an alternate universe where iPhones aren’t selling like hotcakes actually.
> With only seven million iPhones sold in China during the second quarter of 2018, Apple's market share in the country dropped by 12.5 percent year on year to 6.7 percent, according to a report by the International Data Corporation (IDC)
Apple have some very particular values in China though, storing iCloud data and encryption keys on state-owned servers. But the trend to decline started a long before that recent Apple decision.
> If you head over to Xiaomi China’s official store (via XDA-Developers) you’ll see three new bundles unsubtly named the XS, XS Max, and XR sets. Included in each bundle is a new Xiaomi phone — either the Mi Mix 2S, Mi 8, or Mi 8 SE, respectively — a Xiaomi Notebook, a Mi Band 3, and a Bluetooth earpiece/earphones, all for the same price as their namesake iPhones.
Apple could already make tons of money off of user data right now. Do you not think people have suggested this within Apple? It'd be ridiculous to assume so.
They are leaving a ton of money on the table taking their privacy stance right now.
Well as a consumer, I value their perspective on privacy, and am willing to throw money at them to protect it. Sadly, I don't think most other consumers factor in privacy to that extent.
To be fair, the OP was complaining about short-term biases from management. The entire ethical discussion is pushed way over its actual relevance (really, how big an ethical flaw is not deleting a cookie? Google will identify you anyway, cookie or not).
That said, about this:
> and now you understand how SYSTEMIC problems persist: Nobody is held personally accountable
It looks completely backwards. Environments that fix systemic problems are overwhelmingly on the side of not blaming individuals and looking only at the system. You are probably thinking about goal misalignment problems, and yet, just going after the individuals is still counterproductive if the system won't support the ones that do the right thing.
> > and now you understand how SYSTEMIC problems persist: Nobody is held personally accountable
> It looks completely backwards. Environments that fix systemic problems are overwhelmingly on the side of not blaming individuals and looking only at the system.
That's a fascinating exchange. I find myself siding more with you than with braythwayt, but still uncertain because the idea is new to me. Is there a good writeup of arguments for both sides?
I don't think these two ideas are as opposed as you're implying. They're describing two different perspectives on the same process. To wit:
1. Individuals have values and ethics that they'll make a reasonable effort to comply with. Society recognizes this and rewards and punishes individuals for the ethical bent of the projects they are clearly responsible for.
2. As the size and complexity of a project grows responsibility becomes diffuse until there's no single individual to hold responsible for any given decision. Once this happens the informal, personalized ethical safeguards begin to break down.
3. Once the informal individual scale safeguards have dissolved they usually can't be rebuilt. Instead they need to be replaced with formal safeguard mechanisms that operate at the project scale.
I don't know of any good writeup on the side of blaming the individual. On the side of fixing the system, I think the canon would be to look at systems theory (at the more human centered flank, like Meadows). You can get to the same conclusion on administration theory from Deming and his following, or any of the X-safety groups, like work-safety, aviation-safety, nuclear-safety, etc.
What really confuses the discussion is that a well working system that deals with ethical failures does necessarily hold people personally accountable. But you can't fix it by focusing on the "holding people accountable" part, it never works. You have to focus on the "system" part.
Putting yourself in a weaker position due to your views doesn't scale and thus doesn't work. For one hero there are ten conformists at the same level of skill, waiting for him/her to leave. While it's brave, it is also pointless. The problem as you state it can be solved only by explicit consensus, being it a law or just a manifesto. Modern privacy has no professional and power-y organization under it, except for few self-distanced like GNU, FSF, etc. Moreover, by staying at google engineers who have an opinion probably can influence much more than those who left.
Citation needed. How do you know that? Maybe it's more like this: For every conscientious person deciding not to take a stand because they think it's pointless, there are ten conscientious persons also deciding not to take a stand because they think it's pointless.
Maybe when one person speaks up, others will be emboldened.
It is called a hunger strike and for that you must be literally hungry anyway. All other strikes are solved by dealing with few instigators. I doubt that it really requires any citation, since it is a manager’s textbook case.
If your argument is that they can do more good by staying, fine. I say the exact same thing about staying in Ontario despite the recent election of a wannabe Trump populist.
But if you say, “Ontario made this stupid decision,” I can’t tell you, “I didn’t vote for this, I can’t change it, I’m not responsible.”
I have to tell you, “It sucks, and as a citizen I bear some of the responsibility, and here’s what I’m doing in the hopes of fixing it.”
My only argument is that people who stay have some accountability. Accountability doesn’t mean they are automatically bad people, but it does mean we can ask them, “What are you doing about it?” And they don’t get to shrug and say, “Nothing I can do, so my conscience is clear.”
You are weakening your own case by grandstanding. No sane person would expect you to "take responsibility" for some politician you didn't like (or help) to get elected in Ontario (a place with 14 Million people, but of limited global impact). You staying in Ontario (even without engaging in political activism) is not at all comparable to directly working on products you consider immoral in a company with an engineering workforce roughly one thousands the size of that but vastly bigger global impact. Neither in terms of personal culpability, sacrifices required or plausible positive effect your decisions might have.
I see your point, but personally believe that we shouldn't dismiss high morals of those who realized to work for misbehaving businesses. It is just impractical to think that these grounds are unbreakable in general, so why care at all. Why not give them vote box instead.
Collective action problems are an awful mess. By the time it's clear to everyone that a problem exists, few individuals can get results in return for impoverishing and isolating themselves by taking a stand. The few who can are so dependent on the system that they aren't going to do anything without the threat of a guillotine or FBI raid.
This is a toothless, short-sighted, and self-serving philosophy that does not solve any problem.
I will explain, but first let it be known that I am a scorned Google user. I jumped on board the magic carpet of every Google service as soon as I could and loved it the whole time, but it has become clear to me that Google and my values no longer align. So I'm leaving.
However, telling the workers to "just quit" won't solve anything. In fact, it guarantees that the company will have a higher percentage of people you morally disagree with leading to, by your moral standards and actions, a more evil product.
Additionally, quitting because you disagree with company politics is the least meaningful protest you could levy. Inaction from the sidelines is just as damning as internal complicency. If you want to split moral hairs and feel Superior because you quit, go for it but don't pretend like you're a hero or in any way part of the solution. To be specific, Google won't reverse it's whole company plan and Buck the entire industry trend due to a _temporary_ uptick an employee turnover of a few percentage points (if that).
Change can come from internal activism and external Market pressures. Quitting is neither of those and actively contrary to the former.
“If you can’t change your organization, change organizations.”
If the argument is that by staying they can create change, our views are compatible.
If the argument is that “although they may try, they can’t change anything, but they should still stay,” then my argument is that they have chosen to be complicit, and it is appropriate to hold them to account.
Nobody is really telling anyone to quit, but the argument above is that if they don’t quit, they cannot be held accountable. I reject that notion.
> “If you can’t change your organization, change organizations.”
> Nobody is really telling anyone to quit, but the argument above is that if they don’t quit, they cannot be held accountable. I reject that notion.
This is a false dichotomy.
The world exists in grey areas. Just because you are passionate about security and privacy does not mean joe the google engineer is culpable for the _industry accepted_ practices you disagree with.
People are fallible and so are companies. If everyone had to change-or-quit every company they worked at, no one would work anywhere. Your philosophy is not sustainable, logical, or implementable. In the spectrum of immoralities, fingerprinting users is pretty far down on the list, although it is certainly present.
> However, telling the workers to "just quit" won't solve anything. In fact, it guarantees that the company will have a higher percentage of people you morally disagree with leading to, by your moral standards and actions, a more evil product.
Not necessarily.
Thank God Albert Einstein "just quit" as opposed to returning to Germany to influence it from the inside and change it from within.
Perhaps that engineer could go on to work for companies that care more about privacy and help them succeed, or explain to others why he left and convince others to as well.
Movements are not collections of popular supermen who do extraordinary things. You make it seem as if, unless you can completely change the course of the company, don't bother. Same as "don't vote your vote doesn't matter."
I drew a different conclusion from reading the parent. The issue with "your vote doesn't matter", however true it may be, is that the decision not to vote results in removing yourself from the decision-making process, giving more power to those you oppose. That seems to be specifically what the parent is arguing not to do, as someone who has quit no longer has any power within the organization.
That may be true in a closed system, but Google is not a closed system, and that person can do any number of things outside of that system.
A person leaving is essentially a vote. It says I no longer have faith in the decision makers of this current group of leaders at google. You no longer will offer your value to them - that on its own, is most likely a loss (they would not have kept you if you didn't offer value.) On top of that, you add value to a potential competitor, or the EFF, or here on HN, where many have already switched to Firefox.
On its own, it doesn't mean much. But collectively, it could be devastating.
If not, oh well. My job isn't to ensure Google decides to be good and not evil. But I can determine if I will support something evil or not. And I choose not.
>Change can come from internal activism and external Market pressures. Quitting is neither of those and actively contrary to the former.
False. A mass exodus of employees can certainly increase market pressures as it signals instability; it can also be extremely difficult (sometimes impossible) for new hires to understand big legacy code bases -- so quitting can be a form of legal/indirect sabotage
We saw what happened when you try to do that on their mailing-lists.
Between things decided by data and management I'm not sure what a single developer can influence. I guess it sill more than by quitting, because you won't say anything in the exit interview in case you want to come back.
I agree that values are important, but I have a problem with comparing this Google situation to other situations that literally kill people. An engineer who values privacy could reasonably think that staying at Google and fighting the privacy fight is the best way to keep pushing his or her values.
I reckon it´s not only money that they give value. Other intangibles might apply (as all family related issues).
I agree that engineers might also have something to say, but we don´t actually have a clue if some of them actually expressed they concerns for this change, unless you have some insight from inside the company that you may not be able to share.
Even if some of them left as you suggest, I´m pretty sure Google wouldn´t have any problem to find some other engineers that would happily implement anything without questions.
Nevertheless, I agree that concerns should be raised by everyone in the org, but the only ones that might lead to an actual change is stock holders/board of directors.
Sure. If you have the monopoly, you don't need people to love you.
While Google could easily find engineers to implement anything, they can't as easily find people who know what to implement: People with a deep understanding of the web. The power grab we could observe over the last year has alienated a lot of people. In hindsight we will know whether that grab worked for them.
Right now, they are burning through goodwill at a high rate.
I think you're misreading his comment. And your followon comment is showing your assumptions:
>If you take the engineer off the hook because “they can’t change things,”
He never said this, and in my reading is not trying to say this. What I read him trying to say is:
"Quitting is not the only way to handle the problem."
Or the harsher:
"The solution is not to run away from the problems."
More or less the equivalent of:
"If the US is going downhill, the solution isn't to run away from the country, but work to fix it"
As an engineer you're part of the company. And putting a recent unfortunate case aside, Google is relatively open to engineers voicing their opinions. If you're fatalistic or meek, sure, you can leave. But that's the weakest of all options.
The decades I was thinking about referred to the business of tobacco companies. I was very much alive while public opinion swang against them, and I recall lively debate about the ethics of working for tobacco companies, the loss of tax revenue from tobacco companies, the ethics of tobacco companies sponsoring sport, and so on.
As for the Nazis, there are some parallels, just as there are for other social problems like racism. But in my initial comment, I preferred to stick to a more direct comparison involving employment with a fantastically profitable and legal company.
> I certainly don't expect the poor engineer that had to implement the cookie changes to refuse and quit his job over it.
There are no poor engineers at Google.
That is, ironically, the point people are making: if you make that much money doing something so (arguably) distasteful, you deserve scorn. It's in the "you can't have your cake and eat it too" family.
Are you really comparing a software developer completing tickets based on requirements to Nazis being told to kill? The fact that you need to draw that comparison tells me you are going overboard.
No, I’m not comparing engineers at Google to prison camp guards.
I’m comparing the argument that the Google engineer is just following orders to the argument that camp guards were just following orders.
I’m not the one who brought up the exact same defense. But if that defence is brought up, Perhaps the person emplying that argument should be asked if they meant to make the comparison indirectly by using the same argument.
Your argument is wrong in every regard that matters and this is in no way comparable to the military.
The contract you sign when you get the job tells you to follow those instructions. And you have laws that say that you can be a whistleblower if they are illegal. Well this may be immoral or unethical but it doesn't strike me as illegal. So your only option is to refuse the implementation and quit your job.
Is the problem solved? No. Then that wasn't a solution and the responsibility wasn't on the engineer's shoulders. When you have a leaking pipe staining the wall don't blame and just repair the wall. Fix the pipe.
You're letting some irrational anger/hate cloud your judgement and it shows. You came up with a comparison with Nazis (!!!) and nothing anywhere close to reasonable opinion on who's really to blame and what the solution is. You're the guy who hates the person in the call center for following those questionable and possibly abusive scripts. Obviously it's on them.
That may be but the comparison is obviously a shock and awe type exaggeration. By virtue of Nazis being people that also did normal things you could bring it up in any discussion. But would you? Would you tell someone encouraging "the troops" that they're no different from Nazi supporters? It's the exaggeration that's the problem here. The same kind of exaggeration you hear when certain politicians scream "you are protecting terrorists and pedophiles!" to argue against encryption.
@braythwayt considered an engineer following orders to implement an unethical (illegal?) "feature" is directly comparable to Nazis following orders to commit genocide. Even in principle. But...
The Nuremberg Principles define War Crimes. It's quite literally what they're for. Do you not understand this massive difference? All laws take magnitude into consideration. Look at the jurisprudence. It's all related to acts far above what's being discussed here. But if you really really want to draw the parallel between a "regular" act and a the kind of crimes that see this principle applied then keep this in mind [0]:
> An individual must be involved at the policy-making level to be culpable for a crime against peace ... the ordinary foot soldier is not expected to make his or her own personal assessment as to the legality of a conflict. Similarly, such an individual cannot be held criminally responsible for fighting in support of an illegal war, assuming that his or her personal war-time conduct is otherwise proper
You're both conveniently ignoring the fact that this defense was attempted mostly by generals, captains, field marshals. Foot soldiers were never on the same footing as the superiors. Not in the execution of their duties, not in taking responsibility.
> At some point they will find an engineer to do it anyway.
And at some point when <future Google mostly comprised of scum> is thoroughly obviously malicious, we can expect/hope/encourage them to lose customers until they collapse.
The rats will move on as well, but at least the more virtuous employees can be elsewhere before the end implosion.
That's just addressing the issue in a really tangential way. You want to fix it, go for the people who come up with the idea. Even a company that employs almost exclusively ethical engineers will still have a few willing to compromise. Go for the head and the body will follow. Change starts at the top.
Most people working at Google don't work on these things. They work on products that genuinely help users. Should they quit just because someone else at the company is doing stupid things? Wouldn't that just leave the idiots in control of the massive resources of the company, unrestrained by internal pressure from good employees?
If you're not willing to do that then it means you don't care. That's what values and principles are: you have to make sacrifices, it's not enough to say you have them.
I'm not necessarily making any judgement here, I'm not saying "those assholes, why don't they quit?". I'm just saying that you cannot be unwilling to make a sacrifice for your "values" and then claim you have "values". Pick one.
Sure you can. If Value A (some given ethic or aesthetic) is sufficiently less valued than Value Set B (family, personal happiness, financial security, career success), then most likely the hypothetical holder of these values will make no attempt to protect Value A when Value Set B would be negatively affected as a direct result.
Come on, Google offices are only in tech hubs where these engineers can easily find a decent job. Not necessarily as highly paid as Google (applying to other tech giants is always a lottery) but they can still make a very good living in the same city.
> They apply at some other company comparable to Google, uproot their family, move across country, and get a job somewhere else?
Not all job changes are so drastic. Refusing to implement this behavior might be as simple as just requesting to switch teams within Google. If one chooses to leave, finding another high paying job in the same area is not typically a great challenge for a Google engineer. No uprooting necessary...
> I certainly don't expect the poor engineer that had to implement the cookie changes to refuse and quit his job over it.
I frankly can't disagree more with this statement. That's how you get VW's defeat devices etc. Engineering ethics matter. And engineers are not "poor". Maybe not everyone realises it but we, engineers, have substantial powers. We need to exercise them.
> They apply at some other company comparable to Google, uproot their family, move across country, and get a job somewhere else?
Why do they have to uproot their family? Why can't they just work from home? I don't understand why we still insist on making people physically show up for jobs that can be done from home in someone's PJ's.
They disagree with the direction the company is going so they ... quit? They apply at some other company comparable to Google, uproot their family, move across country, and get a job somewhere else?
Google isn't the only tech company in Silicon Valley.
It’s actually very simple: anyone who makes a living from working on this product owns a share of the blame. Nobody in this industry can claim to have their hands tied; it’s not difficult for folks talented enough to land a job at Google to instead find work that doesn’t involve violating privacy at web scale. If you write code or participate in meetings intended to execute on a corrupt vision then you are tainted.
I disagree. Specifications require implementation, and the implementation literally comes out of the engineers' fingers - if none of the engineers agreed to implement something they thought was unethical, then it's mostly irrelevant what the product definition says.
Yeah, they do. That's exactly how it works with real (certified, legally-enforced labeling of) engineering. That is, civil engineers push back against (excessive) safety-cutting to save money while drawing a salary from the same companies that want to implement such design changes. They only differ in how effectively they have organized to prevent being overruled.
Exactly, there are plenty of other companies to go working for. People working for Google at best accept a compromise, at worst are actively working against their customers (should I say users?)
That said, as a customer I'm using an Android phone because IMHO anything else is a worse choice for a number of reasons. At least I'm signed out of any Google service except Play.
Having play services (https://github.com/opengapps) on LineageOS is not like that. You can go to Privacy Guard and deny any permissions from Play Services.
Yes we do. Just like Tesla employees get to critizise Musk for his Twitter market manipulation while still working their day job and drawing a sallery, and Americans can criticize Trump whithout moving out of the country.
Just because you are a benefitting part of an organization, it doesn’t mean you cannot disagree with management and if you disagree it doesn’t mean you have to quit or stop being critical.
Twitter market manipulation is entirely Elon Musk's fault, not something Tesla and its employees are responsible for (except, perhaps, for some inner circle who might have stopped him). On the other hand, the newly revised Chrome is a core product: disagreeing with management but allowing it to be distributed isn't enough.
The idea that technical people are all impeccably ethical is not very plausible. Consider the scientists who promoted the claim that smoking was harmless long after it clearly was not, the engineers who concocted VW's diesel-emissions fraud, and the developers who produced Madoff's fake accounting. And, of course, this particular deception is hardly the first fall from grace on the internet.
I don't think anyone is seriously promoting that idea. The implication, rather, is a more modest proposal: That, of a company's staff, the bean counters and executives are at least on average more bottom-line-motivated and hence more likely to push for changes that will pull in cash at the expense of honesty, privacy or consistency with user expectations, when compared with the technical types.
This is simply too naive. We need regulation to stop global tech monopolities shamelessly exploiting their dominant position, be it Google, Microsoft, Facebook, Amazon, Apple, Samsung and so on. I doubt this can be done properly on any other level than national.
Something I wonder is: would we have anywhere near as much of a problem with a handful of companies monopolising the information technology industry, if we didn't have Intellectual Property laws?
People often forget that patents, copyright, etc. are just an arbitrary social construct with little real justification for their existence. Yet the overall effect they have is to make it considerably harder to start a new company to compete with a tech giant.
It may be that the problem is that we have too much regulation rather than too little.
That's from the gospel of the Libertarian Church of the Invisible Hand.
This approach doesn't work in the real world because Google's consumers are neither perfectly informed nor perfectly rational. It also ignores the fact that major corporations can enlist the help of the US government in maintaining and extending their de facto monopolies.
Still, it's hard to argue that Google Chrome is a monopoly, when it's not even the default in most user OSs (the exceptions bring ChromeOS and some of the Android vendors.)
Only market forces can alter the course now. A decision has been made at the CEO level to aggressively use Google’s grip on the browser and search engine markets in any way that helps their bottom line and has been calculated to not trigger a massive PR backlash among the general public. The rank-and-file Googlers tasked with enabling these misdeeds have a simple choice: remain complicit or refuse to work on these products and accept the potential consequences.
>>A decision has been made at the CEO level to aggressively use Google’s grip on the browser and search engine markets in any way
Now it's obvious to everyone but I am almost certain that Google did this already with search at least since 2008. The low hanging fruit was picked with Matt Cutts being their PR mouthpiece, and what's left to do now stinks. They can't hide behind the "search" and ads are separated lie. Special mention to his pal, Danny Sullivan, the "fair and balanced" search expert.
Edited to ad: If they claim that SERPS are unbiased and not connected to ad revenue, doing otherwise would fraud. Tens of $billion worth.
Perhaps the (you won't be signed out of your Google account) language was something an engineer or product developer insisted on. Perhaps they figured that was their part, and that it's up to the rest of us to take 10 minutes and switch to Firefox so data-driven Google knows this was a bad idea.
Mozilla are winding down their efforts to make Firefox competitive. They are not planning to make a full servo browser anytime soon and they are transfering resources to VR and other things. This is disapointing.
You can't blame them, their user base is in free fall.
>>Basically their own Ballmer era is what Google is entering.
If its just one person, it often easy to fix the problem by eliminating that one person(like Microsoft).
But if an entire cartel is at work in the top layers. Like the political brotherhood, to say. It will be impossible to solve the problem until an eventual IBM like corporation will come to happen. Basically you fire one exec, and the brotherhood will bring one from their golf buddies to replace them, and this process will go on. No one know what's to be done to fix the problem, because whatever new boss you will get will be the same as the old boss.
I'm also fairly sure by now that the 20% spare time project culture/process is fairly dead by now.
No political exec will let some programmer create a project leading to creation of a new threat to their fiefdom.
I'm guessing most of Google's growth will now come only from Acquisitions.
Mainstream people dont need and dont value products being great in every detail.
I don’t know what they need. But as google is still successful with a search engine that used to be great a decade ago because it delivered results for exactly what i was looking for and nothing else, and now is more a „whatever you search, we‘ll serve you some results no matter if words you search really appear there, they seem to be happy being served anything wether it’s what they ordered or not...
For the minority with high demands on products his is difficult because we have to look for new providers again and again after the logic of growth makes companies shift to cater there products to the mainstream... after using us as beta testers and advertisers.
Isn't it native to assume all the Engineer oppose to this ? Some, maybe many will be happy to work on this. This is not an illegal thing that is enforced and has severe punishment.
> Microsoft already went through this engineering/product growth to bizdev/marketing control to stagnation and is already in the return to engineering/product first phase.
Microsoft were always a marketing first company. Even in the early days they sold BASIC and DOS before they'd even written a line of code. And Windows certainly didn't become the dominant desktop OS through being the best at engineering (in the 80s and 90s they were usually amongst the worst in terms of performance and stability).
Having good engineering and being product focused doesnt mean you'll have a successful product. In fact all too often it takes underhanded stunts to get your neck in front simply because most people are not like us, they're not engineers. So you'd be amazed at how little most people would care about what's happening here (assuming they even understand it in the first place)
No, of course they didn't. But that doesn't mean they didn't still modify the codebase of the DOS (I cant recall what it was called) that they bought.
Besides, my point clearly wasn't who originally authored MS-DOS but rather that MS didn't even have a product to sell -let along a well engineered one- back when they first visited IBM.
Microsoft BASIC was the original Microsoft product, written by Paul Allen and Bill Gates in 1975. It was already wildly successful and the default microcomputer BASIC dialect by the time they had talks with IBM.
MS-DOS was originally 86-DOS, née QDOS, by Seattle Computer Products.
I was talking about Altair BASIC, Micro-Soft (as they were then called) first product and it was pitched to Ed Roberts (MITS founder) to run on his Altair before any code had been written on their (Micro-Soft's) BASIC interpreter. So I was absolutely correct to state they didn't have a product to sell there.
And yes, MS-DOS was originally a SCP product - however you've left out the important part: when Microsoft visited IBMs headquarters to sell their disk operating system after Digital Research struck out with IBM (though accounts regarding what happened there differ wildly depending on who you ask), Microsoft did not have a CP/M nor DOS clone at that time which is why they approached Tim Patterson of SCP and later bought the OS for a pittance compared to what Microsoft then licenced it for. Thus once again I'm completely correct to say Microsoft didn't have a product to sell.
I don't know why you and the former poster have gotten so hung up on who originally created MS-DOS since I was only discussing it's licensing to IBM. But hopefully you now understand the point I was making.
> very easy to forget that when the money rolls in massively
I agree with the problem but not the cause. I don't feel that this has anything to do with being complacent. If anything, this is the downside of being a publicly traded company that has the pressure to meet Wall Street's myopic expectations of growth every quarter.
> Basically their own Ballmer era is what Google is entering.
It was not just Ballmer. When Gates was in charge, the technology was never the priority. Gates understands the tech, but MS never worked trough technology towards their goals. They used their monopoly power and bought tech, almost never build it.
MS products started to gradually improve after Gates stopped being the chief technology officer of the company.
Yup, same. Switched to ff and bing. Was surprisingly frictionless. Next week I'll be off gmail too. Up yours google. The week after, I'm getting rid of my android phone.
I'm a high school IT teacher and have some influence over hundreds of students each year. I've already started to sprinkle in some discussion about privacy and will be sure to inform my students about the issues. Of course I won't brow beat my students, but i will encourage them to make informed decisions.
In aggregate, over time this kind of behaviour by google will hurt them. No such thing as too big to fail in tech.
Wouldn't we expect Bing to log/analyze/correlate user behavior as hard as they possibly can? Or are you betting that Firefox at least won't cooperate with Bing in such an endeavor because it's not a Microsoft product?
Can we make this the top comment or something, so that google folks can see this!. I am sure HN is a good enough influencer for folks at Google to rethink!
I had an iPhone 6s+ for a year and couldn't stand the UI and poor ergonomic choices. I was also unable to do basic things easily like SSH without paying outlandish amounts of money for things similar to JuiceSSH. It's locked down in userspace much more than Android and it's noticeable. Things like unzipping/unraring files, using a file explorer, always had problems with downloaded files, etc were totally impossible.
I want to go to an iPhone because Google is starting to really piss me off, but the year with the iPhone keeps turning me away. I wish there were other options.
I've wanted to go back to a S40/candybar type device for a while. So far this has been vetoed by my wife who fears that I'll be even more disconnected since I'll then only have access to all messaging on the PC.
Anyone knows if Telegram/Signal etc exists for KaiOS or similar?
I use FastMail with my own domain. I used to use Google Apps before it.
But before switching email services, do yourself a favor and ditch webmail interfaces first. Pick up a desktop/native email client and switch to IMAP / SMTP.
On MacOS a solid option for us power users is MailMate (https://freron.com/) ... markdown composer, GMail shortcuts, useful bundles, fast, uncluttered, it's basically what I wanted Thunderbird to be. Development on Thunderbird is apparently ongoing too and they just released version 60. Apparently Web Extensions are in the works too.
Transitioning to a native client is painful at first, but it's worth it.
GMail's web interface is a piece of shit lately anyway.
Would like to add to your excellent suggestions. When you switch away from Google, set your gmail to forward and delete your email (to your new email address). That way you won't leave any emails on gmail but you can keep it up until you've completely migrated.
It's awesome for emails containing snippets of code, code with syntax highlighting being my use case.
And for formatting in general, the resulting email (composed in MailMate) will be very friendly to clients that prefer to display emails as plain text, since the text version is going to be very clean.
There's also a browser extension working with GMail's web interface too, but it doesn't work as well as MailMate: https://markdown-here.com/
I'd love to tell people the only way to replace gmail is to get either your own mail server or at least your own domain, but this is an unreasonable goal.
However.... re-decentralization resonates quite well these days when it comes to the web. I wonder what it would take to be re-applies to email.
This is kind of FUD. I’ve been running my own mail server for over a year now, and my E-mails don’t magically disappear into some blacklist. Do you have to be careful when configuring your server? Yes. Can you get on a blacklist erroneously? Yes. Does not going with a hosted solution mean you cannot participate in E-mail? No way.
I don’t know where this myth comes from that running your own mail infra means your mail will be marked as spam. You’re not the first (or second or third) person to mention it though.
It takes a long time to build up IP reputation if you run your own infrastructure. Even today after a year+ on the same IP, DKIM/SPF/DMARC, senderscore of 100 and transactional email only, Yahoo still randomly blacklists us for weeks at a time. Good luck getting in touch with a human to figure out why when you aren't Gmail or another big player in the industry.
Aside from Yahoo though, we generally haven't experienced any blacklisting or deliverability issues. It does require time to setup properly and maintain however, you can't just set it up and forget about it.
That's exactly part of the problem. If email went back to decentralization properly, the whole idea of ip reputation could go away, which is genuinely wrong and against email in the first place.
As someone who's had his entirely legitimate, wholly none-spamming email accounts blacklisted (numerous times) because he used the same shared server as someone less than saintly, I can attest that this is actually a genuine and existant concern.
Sure, it's 'easy' to get around, by throwing more money and complexity at the problem, but it isn't some made up tale.
I would not use a shared server for E-mail hosting, for this exact reason. Even if you are the only person on the IP, you need to watch out your first couple of months because the IP you have could have been misused in the past. If you find your new host’s IP on a blacklist, request a new IP from your provider.
Maybe this is too much tinfoil, but it feels like Google has a bit of a perverse incentive here to make their spam blacklist unnecessarily trigger-happy. After all, anyone they block will just think running their own mail server is too hard these days and might switch back to using Gmail...
I think "get your own mail server" doesn't necessarily imply that you're doing all of the setup yourself. Using a provider like fastmail (or Google apps, fwiw) is a good way to be sure that you set it up right.
Granted you can't set up your own Google Mail domain for free today like you once could, but some of us are grandfathered in... I am, and I'm still looking at this as a better alternative to Gmail because even though it is Gmail, I can take my address with me if I do ultimately change my mind about Gmail.
(That's the first step, at least. You can never take @gmail.com with you, but if you want to start moving away, you could forward to your own domain and start thinking about where you would host it.)
Erm, no. Yes, DMARC, SPF, DKIM is needed, with static IP and a properly configured and authenticated mail system, but once that's OK, it's fine.
I've been running my mail server for 10 years now, I got on blacklists 2 times: once due to a worm that got in through PHP, the other was a client's laptop that got a virus and used outlook express to send mail.
>I've been running my mail server for 10 years now, I got on blacklists 2 times
So how's that an argument that "it's fine"? Sounds like 2 times more than a regular person would want to deal with such issues within a decade, much less a small company. And it can take long to clear those things out if you're small fish...
Testing proton mail. If mail delivery is solid then that will do, otherwise outlook.com will be good enough. I'm ungoogling my life and strangely enough, MS is the less bad option right now.
MS is not the most trustworthy company either, see Windows 10.
If you're going to the hassle of actually switching, at lest don't do it from one big corp to the next.
Personally I use https://www.webfaction.com and am very happy with it. Also heard good things about FastMail, but Australia has some crazy laws coming so not sure about that. ProtonMail seems solid as well.
I visited HN for years before registering and making my first comment.
Those who leave comments are a small fraction of the total HN traffic.
If you saw the a recent thread which asked people why they stalk HN, you'd understand that many visitors aren't start up guys, programmers or even technical in nature.
In other words, I bet HN's actual traffic log will show mobile devices and Windows as the predominant OS.
No direct data. But that's the impression I have gotten over the years. I've seen a ton of posts at the frontpage that talk about moving away from Apple for whatever reason, which are always heated debates. I've never seen any post of people jumping from Windows to mac or linux (I believe that's not a situation a lot of people on HN are in).
it might be my filter bubble, but if I google "hacker news mac vs windows" the only results I get are posts where people are moving away from Mac to something else[1].
I also believe most of these topics are just talk. But the point I was making is that whenever someone talks about "I'm leaving Mac for whatever reason" it blows up and everyone and their mom weighs in to give their opinion. It's not uncommon to have these on the frontpage. Why? Because most people use Mac so they have something to say.
However when someone says "I am moving away from windows because of X" it never hits the frontpage since most people don't care since they are not on windows.
This is obviously not great quantitative research. But if I go into any co working space or coffee shop where people work on their laptops. I find a lot of people on macs, and all the technical ones are on HN. Whenever I meet technical people with a windows laptop they are never on HN.
I thought this was quite well established that HN is very apple'y, so I'm having a hard to come up with proper data to back this up.
> But I speculate, a good collection of today's "chrome leavers" here already use another browser - and are just adding fuel to the fire.
Haha you got me! I did leave Chrome (for privacy reason) for Firefox. Not during this big debate, but during a previous one (when Firefox came out with the big Quantum update and it started to perform on the same level as Chrome). Though I haven't stated I would leave today.
It's not a big change like migrating to another country. Most plugins have add ons for all big browser platforms. I do think that you'll see a decent amount of people in this discussion on HN change browser. But for Google this is just a blip in the graph.
The less empty detail is regulatory. "Big tech" is getting increasingly scrutinized over both monopoly abuse and privacy issues. Certainly this is another piece of evidence to regulators that Google is abusing their position.
I assume this is based on a lot of (web/mobile) devs being on HN and them using macOS predominantly based on conferences etc.?
I'd agree with that assessment, macOS probably first, Linux second, but then you have to remember how many Windows users there are. The HN regulars are probably mostly on Mac/Linux, but I'd imagine just the drive by Windows traffic would put it at the top spot.
I tried looking up stuff about windows spying on users, and most of what I'm seeing is useless (debunked articles, generally clickbait stuff). Is there anywhere I could look to read more about this if true?
It took me several days to root out all of the programs and services in my enterprise windows 10 install which were spying on me or attempting to install software without my consent, had to prevent cortana from running, block windows servers with hosts file, delete scheduled tasks, adjust group policy, disable updates, and firewall my own computer.
All this so that I could have an OS that isn't actively spying on me, and play games on it. Thank goodness valve is making progress on linux...
The browser is looked upon as the portal to the Internet.
When accessing web-sites over a public network, I sort of expect (not necessarily like or agree) to be tracked and others to know what I'm doing. I'm always in the mindset of "what ever I do within this window, others will see" (regardless of browser).
For what I do on my local desktop? No. Not at all.
Another reason is that the official Firefox builds for at least GNU/Linux doesn't employ standard exploit mitigations (stack canaries, position independent code, read-only GOT).
Honest question: How can you trust FF when they less than a year ago silently modified installers for a small % of users, to include tracking - which then sent all browsing data to a 3rd party?
Not irony. The stuff is not on Google, it's on the Internet and directly accessible via links. It's in fact what any company wants, the holy grail: for people to mix its brand with the category of business. It will pass and be replaced by some other fad.
For me the performance was not quite up to the mark and had to switch back to Chrome. I guess someone (big corp ideally) should just take the v8 and the html rendering engine from Chrome and build a wrapper and keep it open sourced.
Seems like the consensus is that things have improved drastically since the "quantum" update, although there have been a handful of issues on specific hardware (which may or may not have been fixed in the meantime).
I'd suggest to just try it, it's completely free and pretty straightforward to install after all.
I really recommend switching to a password manager - it's also easier to access the passwords from other devices. For example I can use the same passwords on Firefox desktop and on Safari - iPhone (including auto-fill on iOS 12). I have good experience with 1Password (subscription paid).
You should use a password manager, there's been a few cases already where malware shows how trivial it is to steal and decrypt into plain-text passwords stored by the browser.
Unless you have adversaries personally attacking you, your main threat is automated malware. In that case, I think that it's vastly more likely that said malware would target super-popular and totally-insecure software like the Chrome password manager, rather than something not very popular and quite secure like KeePassXC.
I personally recommend Bitwarden as a good compromise between security and usability. It's totally open source, so you can run the API and webservice on your own hardware if you want.
It's hubris. Right now Google know they have the power to shape things the way Google want. That's true, but it's also true that users are more powerful than Google, becoming increasingly aware of the value of their privacy, and that Chrome is paid for with their data.
Yup I switched to FF, despite its poorer performance (on Mac, anyway). My personal mail is Fastmail. My search engine is DDG. I do use Chrome for debugging web applications, as I just haven't been able to get myself accustomed to the FF dev tools... That's probably what I'll work on next.
I'd say 95% of people are happy that their accounts are all synchronised and follows them around. They pick up any device and carry on where they left off, similar to how Kindle bookmarks are synchronised across your devices.
IMHO the vast majority are not interested in understanding in the technology, they just want their stuff to work.
80 years ago if you had a car then generally you'd need some understanding, 30 years ago spark plugs needed changing every 5k miles, points needed cleaning etc etc. Now anyone can hop in a car and without doing anything the first problem you'd probably have is the tyres wearing out.
People don't want to know how or why, they just want it to be reliable and easy to use.
>I'd say 95% of people are happy that their accounts are all synchronised and follows them around.
I actually really like this feature and find it really convenient for my usage habits.
I also don't really care that Google is tracking me, I give them my data and in return they provide some really useful services for me. They only thing that bothers me about the privacy issue is the off-chance that an individual will be able to browse my personal data but as long as it's mixed with everything else I don't really care (I understand it's a slippery slope though).
We geeks love to complain about Google invading our privacy yet we eagerly devour their services (search, maps etc...) which are very much as good as they are because of all of the data Google has. If privacy advocates want to keep the moral upper hand they should avoid using Google services altogether (logged-in or not) because at the moment we, the "ignorant masses", are helping Google improve those services with our data.
Google doesn't need to read my mail to make a good webmail interface. Google doesnt need to track me 24/7 to tell me where XYZ restaurant is on the map. These are complex services, but nothing magical about them - if Google didn't kill all competition in the space by offering a (admittedly, very good) free service, you would probably be paying a couple of bucks a year for one of the ~5 leading apps in competition with eachother.
>Google doesn't need to read my mail to make a good webmail interface.
No, but they _are_ able to better catch spam, categorize your emails for you, highlight the emails that are most important to you, suggest pre-written responses for you, and more -- by incorporating your data into the service.
>Google doesnt need to track me 24/7 to tell me where XYZ restaurant is on the map.
No, but they _are_ able to suggest restaurants you'd probably like, compare them to other places you've been/rated, warn you about traffic on your commute, show you photographic places you might be interested in, and more -- by incorporating your data into the service.
I don't think anyone is arguing that Google _could_ provide these services without using your data. Obviously, they could. I think the debate stems from whether those services are worth the data they depend on.
I wouldn't (and don't: see Google Apps) use any Google service that costs $5/month. In the same vein, if the features of those services got gutted in the name of "we won't use your data anymore", I wouldn't use the services either (assuming I could find a competitor that provides a better service... probably with my data).
I want personalized search. I want the ads I'm forced to see to be things I'm actually interested in. I want Chrome to log me into everything automatically. I want my data synced across all my devices. I want technology to just work for _me_.
The people who fix your computers or help you over the phone are the family friends who are geeks/programmers. Once the geek herd has moved on to something else, then the mass follows whatever they're currently using, because they're the ones that advocate the change. It will take a few years, but once Google has lost the geek vote, they will die a slow death like Microsoft did. At this point my money is on Microsoft taking the geek mindshare back.
This looks exactly like what happened when Chrome started killing IE.
For that matter, Apple aggressive marketed to the techie-and-designer crowd for years, even while everyone knew aiming products at programmers was far lower margin than mass-market stuff. The payoff wasn't bottom line profits, it was cachet and technical support and useful software that ran nicely on Macs.
For something like Chrome, one price of alienating devs is, among other things, that everyone who thinks "damn, I wish I had an extension for X, I guess I'll make one!" develops it for Firefox instead.
Google strikes off a right balance between annoying and convenient. It's kicking off all Privacy concerned people, Ad Block people, overopiniated people off it's platform indirectly.
Websites get less money from Firefox users per user then Chrome users. If Firefox users make less money, going to future, devs will not optimize for it.
If the only remaining Firefox users block Ads and block analytics, I do not think google or some other search engine will pay to them to keep their default. There is literally no benefit of having such people on your platform.
I have been a FF user since.. well, Netscape. Yet, FireFox-specific bugs have always been a lower priority.
Because, it's "a bug effecting 100 users" vs "a bug effecting 900 users"
When you consider FF users are harder to monetise (admit it, we generally are), you can start saying "a bug effecting ~50 potential customers, vs ~800".
*(fortunately, now that IE/Edge is out of the picture, those types of issues are rare)
We might be harder to monetize with ads but are we harder to monetize beyond that? I'm a Firefox user and you'll have to pry ublock from my cold, dead hands but I do pay for a bunch of online services.
I think the main problem with Firefox is the tiny user share, not the composition of said share. We need to make Firefox more mainstream and the problem will solve itself. Unfortunately it's an uphill battle, Firefox is not cool anymore.
That was not what I was suggesting. Fact of the matter is that it is easier to get it right the first time in the browser you work in than the browser you don’t. A growing backlog of Chrome bugs and a shrinking backlog of Firefox/whatever else browser front end developers switch to with product teams pushing feature development over bug fixing and then suddenly Chrome is the “unreliable” one.
ActiveX wasn't really used outside of enterprises. It was also used for creating wave-effects on an image, cool stuff.
The desktop was never threatened, most people were on dialup. Javascript was about changing link colors, not creating "software".
Since IE was so much better than the competition it didn't really matter that it got monopoly. Until it stagnated. Same as today, since Chrome was so superior it didn't really matter that all other browsers faded into niches. Until google started abusing it.
Maybe we should start prioritizing open software rather than waiting for a monopoly to be formed?
The reason for why Fusion 360 is "free" isn't because autodesk are nice guys, it's because that's an effective way to ensure that they won't have to deal with competition in the future.
Only a small fraction of Chrome's user base will notice, and not even all of those will care. There are likely tech-savvy people reading this on Chrome 69 right now.
Office of 20 here. Now almost everyone's in agreement that we'll move off Chrome. And we'll recommend our families and friends do the same.
This is how Firefox (pre-bloat) gained traction at the expense of IE, and this is how chrome gained traction at the expense of Firefox/IE.
And now this is how chrome's market share will decline as tech leaders, journalists and then the public find out how much of a privacy nightmare it really is.
Same here. Recommending my family, team and relatives to either use Edge or Firefox.
Of 70 of them, 15 switched to FF, 32 to Edge, just after 2 months of me saying.
I just made the commitment to move back to Linux from Windows 10 last week.
I was hoping to at least stick with chromium, now I'm reconsidering that.
Now that I think about it, should I really be trusting Android? Is iOS any better? Apple does appear to show some commitment to privacy, but their anti repair stance is crazy. Will I have to switch to custom Android ROM with all the Google services neutered?
With regards to privacy I trust Apple more than Google, if only for the fact that their business doesn't operate on the principle of violating your privacy.
trust apple to make you pay 500 dollaridoos for broken glass back repair when Samsung makes you pay 50 dollars at max. the apple support tax you have to pay is really insane. doesn't help that they basically want every company to follow their model so they can go even more insane(Right to repair laws)
I started using an iPhone, partially to get away from google services.
I don’t know for sure if I can trust Apple with my data, but on the balance of probabilities I feel slightly safer with the company that makes its revenue from hardware sales, vs the company that makes its revenue from advertising.
I agree and disagree. They didn’t get to where they are now by playing games and leaving major design decisions to seemingly the intern marketing dept. I think it’s safe to assume that information/sentiment moves much more quickly in these modern times. I second the recent HN comment that mentioned why Google chose this particular hill to die on.
Do you think they care that techies get annoyed at Chrome? If you’re browsing google.com - which most people on the internet outside of China are doing - without Chrome, you get an intrusive notice telling you that installing Chrome is the best thing you can do.
Approximately 99.99% of those people do not know what cookies are, nor do they care.
IMHO When you've got a company as large as Google that is able to do things like openly use dark patterns to trick users into giving up their location data and 99.99% of people aren't aware or use their dominant search page to nag users into using a browser that won't respect privacy setting or remove Google's tracking cookies that's the point you need to start thinking about government intervention.
Google is behaving like a malware company.
We were in this situation with Microsoft in the late 90s-early 00s. I was glad when they got a slap on the wrist and told to stop taking the piss. I hope the EU will do the same for Google.
They don't care directly - they care because it's still the same old world where techies install and configure the browser for them on their computers.
Handhelds are different, but computers are just like back in the ol' days. This is how IE lost.
News like this, and the "forced" sign-in just illustrates to me how desperate Google has become to "own all your data".
I lost all trust in public cloud after Snowden, but somehow remained convinced that yes, Google reads my email, but that's about it.
I migrated everything but email to a selfhosted solution, and simplified things a lot. Recently i've also migrated mail away from Google.
These past years have sadly proven (to me) i was right. What makes me even more sad is that the common user has very few options to avoid it.
To the best of my knowledge, Apple doesn't track you, neither on Mac OS or iOS, but there's a steep price, one that most consumers are not ready to pay.
Linux may be ready for the desktop, but it's still a long way away from my parents installing it.
My best guess that Chrome works this way would be due to combining the sign-in cookies with the general cookies of the browser (e.g. 1 cookie store instead of 2).
So when you log in to Google, you log in to Chrome - and vice versa. For non-technical users this is a convenience feature, though for many it does come with privacy concerns.
Judging by the comments re cookie clearing, there is some part of the login still separate from that, but as it re-establishes itself the cookies come back and you stay logged-in to Google.
Is this perhaps preventable by having a "Guest" Chrome account? What happens then?
It doesn't have to be malicious for it to harm privacy, help them track users for advertising and to be anti-competitive.
The implementation details around cookie recreation don't matter if users are still being tracked. Especially bad if this lets them track you on third party sites that contain Google Plus buttons or advertising iframes.
By ensuring users always remain logged in to the browser they gain a strong advantage over other companies that track users. Users attempting to remove tracking cookies shouldn't find Google ones permanently bundled with the browser.
The intent was likely to aid convenience and avoid users being unexpectedly logged out, but combined with Google automatically logging users into the browser this is a sign that the Chrome team is paying less attention to user privacy than they used to.
Perhaps users who regularly clear all cookies will start using guest accounts instead. Myself I'm more concerned about the general trend of unexpected behavior.
It is either malicious, or it is negligent. Either way it erodes trust significantly. Given the trend of changes in Chrome lately, if your alarm bells aren’t ringing yet, you are probably not paying attention.
I have switched to Firefox and have used this as an opportunity to begin my transition away from GMail.
Because based on their history big tech companies (possibly with the exception of Apple) lost any benefits of a doubt.
When they screw up like that I now assume that it's intentional and unless they run into a massive pr disaster or an EU fine of a couple billions they give exactly zero fucks about their users.
Title of the post is not right, the author issued a (technically important) correction[1]:
> Brief correction: Cookies seem to get removed and re-created immediately. At least the cookie content and creation date seems to change. Nonetheless: After hitting the "remove all" button you still don't end up with an empty cookie jar.
Just got the update at work, and miraculously my uBlock adblocking extension was removed and DuckDuckGo as the default search engine replaced with Google. Looks like all my customizations were replaced by defaults. Now I'm wondering whether it was our IT's fault or due to Google actions.
This can happen if somehow sync got enabled when you signed in.
Sync kicked in, noticed a mismatch between your current setup and the one you had set up many years ago while testing the “sign into chrome” process and set your setting to the one in the cloud.
Sync is disabled by Corporate IT by default. Not suggesting any malevolence, just wanted to check whether anyone else experienced a similar suspicious event as well.
No IT staff in my shop. And the last 3 version upgrades have removed all my extensions, while trying to force the Google Drive extension on my installation. So the thing is, I’m heavily reliant on 1Password, and force uninstalling that extension has made Chrome useless to me. I refuse to reinstall my extensions again and I refuse to log in to Chrome to have my extensions synced. If they want to break my browser on autopilot, they can fuck off.
Isn't this an unsurprising, logical consequence of "signing into google"=="signing into chrome"? If you're still signed into Chrome you're going to get those cookies recreated by Chrome immediately.
Has anyone tested this behavior if you aren't signed in, or have disabled the google/chrome login equivalence?
Yes, seems like it’s pretty much a technical restatement of how "signing into google"=="signing into chrome" works. It is interesting to see it in this light, however. It’s easier to justify through UI (“It’s just one Google service logging in to another”) than it is when you look at it in a technical or historical light, of what being a browser used to mean.
Pretty clever. Sign into Google services on chrome, get Google cookies and get signed into chrome as a convenience. Clear cookies on chrome doesn't sign out of chrome. Signed into chrome and no cookies means you get Google cookies restored as a convenience.
Everyone here is blaming marketing but somebody pretty technical came up with that.
So this means if you want to clear all your cookies you have to sign out of Google? I really don't see what the big deal is it looks like the button is pretty darn clear about what it does and does not do, perhaps they could include a link to sign out of google as well?
If the log-into chrome would just reflect the login state into google's services, I think it would be much less controversal and actually useful.
Imagine little indicators that show which identity providers you are logged into, like Facebook, Google, Twitter, .... You could do this by passively reading the site cookies in an extension (are you allowed to do that nowadays in extensions?). Even better, if you are not logged into, say, Facebook, block third party cookies from their domains so it's harder for them to track you.
I think I have a good idea for a weekend project...
Could this be only when you are logged-in to your account in chrome?
I.e.
"if you are logged-in to chrome, it won't delete google cookies because it need it for you to be logged-in to chrome (because of some UX excuse, like user confusion why it's logged-out from chrome).
If you are logged out of chrome, it will delete everything."
If it works this way, I would be willing to give them benefit of doubt, since there is reasonable UX reason to do it this way (given that logged-in to chrome now equals to logged-in to gmail). I personally would expect that deleting cookies will not log me out of chrome.
> Latest version of Chrome doesn't remove Google cookies when you clear browsing data. I feel like Google is adding super cookies to track users even after clearing browser data.
I find the behavior of HN’s community as a whole, and its effect on submissions and comment scores interesting. I wish there was a way to discuss it, in like a meta-HN.
A few days ago I posted an article about how the EU proposes a new law that could give up to 6 years in jail for social media posts. A discussion got started but for some readon the post was immediately “flagged” and that put an end to all discussions and upvotes on it. Yours, I notice, was “dead” so probably flagged as well?
Probably because the site you linked sucks. Also the 'discussion' was pretty disappointing, some whining about the site and some inflammatory trolling. By one and the same person.
So all cookies are equal, but some are more equal than others?
Privacy implications aside, and boy are they some big ones, Google should be worried about this leading to accusations of abusing the monopoly power of their browser.
It still does a lot of callbacks to Google. the solution here is definitely switch to Firefox, but if you're really stuck on Chrome you could try Ungoogled chrome [1].
We’re not talking about the case of individual users. If you have a monopoly position in one market, you cannot unfairly use it to give you an advantage in another market.
Imagine if Google started delisting sites with Facebook Partner Network ads on them...
I just switched to Edge and it looks great. One of the reasons I had used Chrome and had recommended all my customers to use Chrome was the ability to print to PDF, which Firefox did not have (not sure if it does now). Edge does and will be recommending all my clients to try out Egde.
All browser have had the ability to do that, for many years now, if you install a PDF printer driver. Adobe was the first with a commercial one, but I'm sure there are free ones now.
No idea what GP's role is, but given corporate environments, installing a PDF printer driver isn't always a quick process. This is particularly true if they're working with customers from many different companies, each with their own IT considerations.
Recommending Chrome is an easy enough way to get that functionality.
Wondering how long till the community forks Chromium and makes a foundation for a reasonable Chromium fork. I'm more of a Firefox kinda guy, but I mean it seems like the only way that users will regain control over their browser. I know Vivaldi is based off at least parts of Chromium but I don't think it's fully open source yet and it's not (at least last I checked) simple enough to install on Linux (I can't just apt-get install it effortlessly like I can Chromium for example).
I'm counting the seconds to the google press release or blog post that says it was confusing for users that they were suddenly signed out of gmail after they deleted all cookies.
Nope, Even if you go to Settings -> cookies then delete the cookies one by one. The cookies just come back magically. I completely stopped using Chrome for this reason.
Wow, that is pretty shitty. Given the number of times over the years that I've had to wipe all Google cookies and site data to fix issues with offline mode in Google Docs, this does not bode well for being able to use Chrome successfully to access even Google's own services in future.
yes, you can. google cookies are being rewritten until you logout. once out, you can remove the cookies. once you re-login, the cookies come back.
basically they've added a step: logout before cookie removal.
I can't help to think that the new Google's CEO is not setting the right standards and values for the company. Google's been on a roll recently with privacy violations and related "doing evil" news. Someone on top must be encouraging it, or at least not hold people accountable.
Imagine if “rm” just decided to occasionally set aside files instead of removing them. The “star” in “rm star” means “remove everything”, not “remove, asterisk” where at the bottom of the page the asterisk lists exceptions like some kind of marketing weasel. Sheesh.
Brave browser (https://brave.com/) is privacy focused (built-in Tor Tabs, for example) and uses Chromium on the backend (with the Google parts stripped).
It's ad replacement scheme is unethical. It forces publishers to only partner with them and not multiple competing companies, atleast with Chrome publishers can partner with other networks then Google. I won't root for it.
Glad I switched back to Firefox when Quantum came out.
Now I kinda hope Mozilla will make an official addon like Facebook Container but for Google services. We're being tracked too much, and it's time to fight back and making it easy to the average user to do it is the only way to change that.
Also looking for a way to change Firefox's default Apple + Shift + 5 to not try and take a Firefox screenshot, as Apple + Shift + 5 is my Skitch shortcut.
Is there any reason to believe Google would not be tracking Chrome installations even without persistent cookies? Does this actually make any difference?
I Uninstalled Chrome a few days ago, more due to the fact I don't need it. Safari has been my default for a long time, specially due to the fact I can use 1Blocker across the phone, iPad and my Mac. FF's Containers has replaced Chrome's profile features for me. Infact I have gone ahead and made a seperate container for Google and defaulted google domains to it, just like what the FaceBook container does.
I really wish I could be back on Safari to sync between all my devices. Pity they killed their Windows version, a lot of us don't have a choice of OS at work.
Surprised about all the fuzz. The good part about Chrome is one may create many sessions/users in Chrome. So, I use one dedicated Chrome user to access Google services and use another not logged into Google user in a different session for everything else. There is really no problem if one knows how to use Chrome.
Really good part is that it's possible to create a shortcut to a site/service from a particular user session in Chrome and launch that shortcut as a headless standalone window that looks like Windows native app, not a browser. The shortcut is connected to the user session it was created from. So, for example, I have Gmail icon on my desktop and taskbar that launches a dedicated window to access mail without even starting Chrome browser session for Google user. Simultaneously I have Chrome opened with another, not Google, user/session. Problem solved--check mail, calendar, whatever in one sandboxed environment and browse the web in another one.
Chrome 69 on Mac puts Close/Minimise/Maximise buttons in an additional bar when in fullscreen mode. It's super irritating to see an additional bar when you move mouse to top of screen.
I have downgraded to Chrome 68 and disabled auto updates.
Since Firefox 60 you don't need Chrome for that, so I'm back to Firefox. Firefox isn't perfect, and that was OK because there was always Chrome. Now it starts to feel like it is Firefox or nothing, which isn't ideal.
Wow,more bad news on the privacy front for Chrome users. I hate to beat a dead horse, but I'm glad I switched back to FF. I'm absolutely loving the multi-account container feature.
I have been a Firefox user for years. I have realized that in spite of it being more open, it is absolutely necessary to keep up to date with what Mozilla is up to. E.g. came across this today - https://blog.ungleich.ch/en-us/cms/blog/2018/08/04/mozillas-...
In a small company every manager can weight more factors. As it gets bigger and specialization grows a manager must reduce what it considers to focus on more specific tasks.
In a small company, a development manager can weight privacy concerns and use it judgment to change features. In a bigger company the development manager must delivery whatever it reaches him as a request, only the privacy department can make decisions regarding that.
I suspect that they use metrics for making decisions and the total number of users is growing. Those who understand and care for privacy are only a small portion of the user base and don't play a role in metrics. And if they play a role in metrics, they are probably accounted as leeches because they use google products but don't pay back because they block ads. Therefore a totally useless user base... maybe.
Updated tweets indicate it deletes the cookies then immediately creates new ones? This is probably related to that login-state sync between the browser and Google account previously discussed; it'd be really weird to me if deleting my cookies logged me out of my browser account, but that means it's also really weird if it logs me out of Gmail if I'm still in my Google account in the browser itself.
But for an SEO like me, I will really get a hard time dropping google as it still control almost the powerful SERPFs in the net. Will still find better ways and start re-evaluating things as an alternative, anyone here with suggestion will be very much welcome and appreciated. cheeky moves. Might as well just use it doing business related things and use firefox as personal browser.
I'm in the same boat. Just switched away from Gmail and Chrome. Love my Pixel 2 XL for its astonishing camera, but very seriously considering a switch to the iPhone.
In this case, I can assure you that iPhone8Plus/iPhoneX and successors camera is freaking awesome. Awesome enough to make me start doing photos for pleasure.
Just use Firefox and have done with it - there's been a series of these kinds of posts over the last couple of days with people suggesting insane workaround hacks instead of just changing their browser.
P.S. if you keep chrome because some websites only work properly there, maybe y'all should follow standards at work instead of targeting a proprietary browser like its 2001/IE6 again.