Hacker News new | comments | ask | show | jobs | submit login
Goodbye Big Five: Google (gizmodo.com)
169 points by kaboro 21 days ago | hide | past | web | favorite | 133 comments



> “Your smart home pings Google at the same time every hour in order to determine whether or not it’s connected to the internet,” Dhruv tells me. “Which is funny to me because these devices’ engineers decided to determine connectivity to the entire internet based on the uptime of a single company. It’s a good metaphor for how far the internet has strayed from its original promise to decentralize control.”

The alternative is effectively DDoSing random websites from 100 million devices, which is definitively an uncool move.


Not really. It can ping whatever resource it needs "the internet" for in the first place. After all, if that's down, then no amount of "internet" connectivity will help.

I put "internet" in quotes because it's not really a well-formed concept. How much of the global network needs to be accessible to count as "internet access"? Your home LAN? Your country? A specific server in Larry Page's basement?


When it's connecting to a wifi access point your phone or device doesn't know what resource you'll actually request so instead it pings the most resilient thing a Google engineer could think of at the time without risking DDoSing someone which is Google.


We are talking about smart home things here though, which usually depend on their own services anyway.

This is more of a problem with things like Windows reaching out to msftconnecttest.com or some other generic internet service. But in the case of a smart home device it's needs are usually more well defined.

This becomes harder with a consumer router trying to determine if it is online though unfortunately because of exactly what you describe.


If you're trying to figure out if a failure is from the service you're trying to hit, or if it's the connection of the current device, you need to hit a separate, third resource. To be resilient/fast enough, for most product you'd probably hit a static file on a well known CDN. If you work at google, google.com is honestly not a bad idea.

If you just try to ping the resource you were going to access, for all you know it's the resource that's down.


This was what every tech support agent had me do in the early 2000s when I was having trouble with my home internet: 'Please type ping www.yahoo.com'.


A Google smart home device requires Google services to do just about anything useful, so it makes a lot of sense to just ping Google.


The alternative is effectively DDoSing random websites from 100 million devices, which is definitively an uncool move.

FWIW, I use whitehouse.gov. I figure it's my tax dollars at work.


I like this idea but what if there’s a government shutdown?


> The alternative is effectively DDoSing random websites from 100 million devices, which is definitively an uncool move.

The alternative is that the devices:

* ping an IP controlled by their manufacturer, and/or

* try to ping one of a catalog of multiple large sites (e.g. Google, Apple, Amazon, Facebook, etc.) instead of relying just on Google, and/or

* allow the user to override the IP they use.


> ping an IP controlled by their manufacturer

Who is the manufacturer? For many smart home devices, Google either is the manufacturer or at least the creator of the software, so it sounds like they might already be doing what you're proposing.


>>>> “Your smart home pings Google at the same time every hour in order to determine whether or not it’s connected to the internet,” Dhruv tells me. “Which is funny to me because these devices’ engineers decided to determine connectivity to the entire internet based on the uptime of a single company. It’s a good metaphor for how far the internet has strayed from its original promise to decentralize control.”

> Who is the manufacturer? For many smart home devices, Google either is the manufacturer or at least the creator of the software

Probably not Google, since the whole point of his experiment was to remove Google from his life.

Also, the original quote doesn't make much sense if you assume he was talking about Google-manufactured devices.


Meraki used to ping 8.8.8.8, which is Google, to determine connectivity. Not the smartest move.


What did they switch to?


No idea, I ditched my Meraki after leaving CSCO.


I just ping a .com nameserver.

For me, these are the most important servers for the www. More important than Google's.

Never thought to use a "random website". Is that your idea?


Although at some point you might find yourself behind a captive portal where port 53 is being redirected.

In that case, you could ping a recursive nameserver on the open internet that listens on a non-standard port.


That is the only alternative in your mind? It seems odd that required functionality of your home automation solution would not be built and maintained by you, the company creating it.


Or the alternative is not pinging, and instead determining internet connectivity when the device actually needs to use the internet for something.


The issue is that you need the server-side to have an expectation on the phone home, otherwise you have no idea that the device has lost connectivity, because you can't report that from the device if the device is lacking connectivity.


The requests wouldn't be synchronized, so probably wouldn't cause a DoS


Once an hour means they're doing ~30k qps if they have 100 million devices (and traffic is well-distributed, which admittedly is pretty easy to do), though 100 million is potentially an overestimate. Point is, you can't just fire that traffic into the nether / to domains you don't control from IoT devices. Those providers will happily cut off your automated traffic.


> Point is, you can't just fire that traffic into the nether / to domains you don't control from IoT devices. Those providers will happily cut off your automated traffic.

Which reminds me: https://news.ycombinator.com/item?id=15911501 TP-Link firmware sends six DNS requests and one NTP query every 5 seconds https://www.ctrl.blog/entry/tplink-aggressive-ntp


Even if they don't start synchronized, something as simple as a hiccup on the receiving side of all such pings would make them more and more synchronized over time. Such is the life of anyone operating large sites.


this is a really good paper on this effect -

  https://ee.lbl.gov/papers/sync_94.pdf
they suggest factoring out the service time from the timer scheduling to defeat it. a generally more robust approach is to select a timeout interval from a distribution.


I am the only person on Earth, I think, that has had 0 problems with Apple Maps (at least, in the past year). I have never aimed for Cleveland and ended up in the Atlantic; and I've never been late or gotten lost. I think I've disagreed with its shortcuts once or twice.

Not denying your bad Apple Maps experience - just, I have no idea why mine is so trouble-free because so many have bad ones.

(For calibration, I live in NoVA)


You might be!

Occasionally I'll rent a car that only has Apple's Car Play and have to use my work iPhone to navigate (gawd forbid Apple would let us use Google Maps on Car Play;).

My experience has been universally poor:

- it provides no instructions for major actual intersections. It thinks you're staying on same main road even when there's a confusing Y in front of the driver. I have constant moments of panic when I see the intersection coming and no help from the maps.

- It provides confusing instructions on straight roads ("Turn right in 100 meters" when there's a stretch of straight road)

- It'll reference names for a road that are nowhere near what any of the signs indicate

- "Keep in right three lanes to stay on the road" - when the rightmost lane is actually a turning lane

- Something that is admittedly tricky, it struggles to provide useful instructions on more than four-way roads (e.g. if it's a 5-way or 6-way, "Turn right" has multiple interpretations). It doesn't use, at least not in my cases "bear right" or "slight right" or similar vs "turn right" or "acute right" or "sharp right" - and again, it gets the road names wrong.

- When Searching:

* it'll show me Bedford England 5000km away, but not Bedford NS 12km away

* It has some weird internal naming so searching for actual address will again not lead me anywhere near to what I want

Basically it's been a constant source of frustration beyond what I believe could reasonably be attributed to my inexperience with its UI :-/

EDIT/UPDATE: Thx for feedback; my work phone is on iOS 11, good to know that (*recently, after 4 years without it) CarPlay now supports other maps; note that I don't think it in any way makes Apple Maps experience itself any better 0:-)


FYI CarPlay supports third party maps like Google as of September. https://www.theverge.com/2018/9/18/17875256/apple-ios-12-car...


Thanks! I heard that might be coming, I'll check if there's an update waiting on my work phone :)


The other thing I want to point out on reflection : Perhaps it's incorrect to claim Apple Maps are bad, as such. If I only used Apple Maps, I might think they're just fine! For me, it's only after using Google Maps that Apple Maps seems subpar.

So perhaps it's not that GoogleMaps are good, AppleMaps are bad. It's more that while AppleMaps are good/decent, GoogleMaps these days are miraculous - almost to the point of being unfair comparison.


Google Maps is great but nothing close to miraculous. I've had a ton of frustrations with it. Most recent one: just a couple days ago it told me to get off a bus and walk to the next bus stop when the bus was already going there and I had far more than enough time to catch the next leg of the trip.


> Occasionally I'll rent a car that only has Apple's Car Play and have to use my work iPhone to navigate (gawd forbid Apple would let us use Google Maps on Car Play;).

I don't own a car with Apple CarPlay, but a recent rental had it, and it worked perfectly with Google Maps.


I was in the back seat of a car when the co-pilot tried using Apple Maps to navigate in the Seattle area. I don't know how many times it'd pipe up with "Turn right on ____ Avenue" when we were in the left most lane, almost at the stop light, with 3 lanes of full traffic to our right.

There was pre-action mention of "Turn right in 500 feet". The driver was so frustrated with it, I finally turned on Google Maps and made the co-pilot turn off Apple Maps.

On the interstate, Google mentions "In 2 miles, take Exit 17 to Middleton", "In point 5 miles, take Exit 17", and "Take Exit 17".

Additionally, I don't know if it had the lane indicator Google Maps puts up at the top [1]. You could feel the tension rise in the car as we tried getting to the various destinations throughout the week.

[1] https://www.techlicious.com/images/phones/google-maps-screen...


I've actually found Apple Maps navigation when driving (though not just for looking up stuff) generally better than Google's in most of the above situations — particularly with regard to getting in the correct lane, multi-exit roundabouts (Ireland!!), and warnings for upcoming turns at the correct times.

Apple Maps did route me up a to the top of a mountain on a single-lane two-way road in France, but I had "avoid tolls" enabled so it might have been my fault. Can't say it wasn't scenic though.

The search, however, is absurd! It does constantly return places on the other side of the planet! And God-forbid you misspell anything by a single character. I wish there was a plugin for Apple products that would just return the "Did You Mean" result from a Google search. I'd gladly trade a little bit of privacy for crowdsourced spellcheck at this point.


> gawd forbid Apple would let us use Google Maps on Car Play

They do support third party navigation now

https://www.apple.com/ios/carplay


Yup, Waze works as well and supports confirming and pinning reports.


Is there a UK restriction in place? In the US google maps (and waze) both work fine over carplay, map on the car screen and all.


How often do you miss a turn?

Perhaps there's a setting I've missed, but for me Apple Maps seems to "lock" onto a particular route, and if I miss a direction it'll keep trying to get me back onto that route no matter how convoluted it would be, rather than updating to the new 'best route' like Google Maps usually manages.

Other than that, which I recognize as partially user error, Apple Maps works at least as well as Google. If anything I like their routing better... so long as there's no unexpected issues.


Same for me and I've used Apple Maps all over the US. Although there have been instances of Google Maps finding something Apple Maps couldn't, I've never actually gotten wrong directions.


I used to have a lot of problems with Apple Maps, but they've gotten a lot better over the years.

That said - there is a lot of feature parity that Apple Maps does not meet Google Maps on (i.e. - searching for something along your route is near impossible on Apple Maps, whereas that's a natural seamless integration on Google Maps).

Additionally, and this might be just because I'm more used to Google Maps, but the UI is way easier to follow in Google Maps - it feels more natural and in-sync with my actual position as a driver. If I have to turn off an intersection, I sometimes feel like I'm guessing if it's the right exit with Apple Maps, but never have such confusion on Google's.

Lastly - and this is also certainly anecdotal, but almost always Google Maps estimates are far more accurate for me than Apple Maps. Apple Maps has several times taken me a different route than Google Maps to my work, only for it to take another 5-10 minutes than normal. I've tried it several times and it just doesn't match up.

Apple Maps sometimes feels closer to a burden to bear since I've chosen Apple for so much - I wish it worked as well dearly, since Apple tries to make you use it so often, but because of the experience I'm much more willing to copy an address and paste it myself into Google Maps than get that sweet integrated sensation I crave.


> If I have to turn off an intersection, I sometimes feel like I'm guessing if it's the right exit with Apple Maps, but never have such confusion on Google's.

Happens to me on Google, but I don't have Apple to compare it with. But I definitely do miss or take the wrong turns because of this.


I also find Apple Maps perfectly adequate for navigation around urban areas and some less urban areas as well, in USA and Europe. I found google maps better (but still not that great) in some more remote parts of Russia.

The two companies have different approaches to businesses, landmarks. I find Apple much better for places I"m familiar with -- generally has the info I am looking for without as much noise. But when I'm a tourist in someplace unfamiliar I find google clearer so far.


Did you try Yandex Maps for Russia?


Yes, and indeed they were generally better than the two American choices.


I'm not familiar with Nova. Is that short for Nova Scotia?


Northern Virginia/DC Suburbs and by extension, everything north of Quantico and north as far, as, I dunno, Gaithersburg in MD to the north.

Some of the worst traffic in the country, and absolutely awful roads.


Northern Virginia


Probably Northern Virginia.


When we bought our newly built home in bay area 5 years ago, it took Apple maps 3 years to find it correctly. So many people went to wrong address as they did not follow my advise to use google maps. Apple maps auto-corrected the address to another place ~10 miles away.

Other than that, I did not have much issues.


I've never had any issues with it locally, and in fact I like it better than Google Maps in a lot of subtle little UX ways BUT I live less than 10 miles from Cupertino so it'd be crazy if they weren't really accurate here. I was in China a few weeks ago, where Google Maps is blocked, and was very impressed with the quality of the maps even in quite remote areas. Having access to reliable English/Pinyin maps in China is a new experience for me. On the other hand, in my travels to Mexico and even some rural parts of the US, I have seen a lack of detail in their maps compared to Google's.

The Uber/Lyft app dependency on Google is surprising but probably shouldn't be. I wonder/hope it's different on iOS?


Apple Maps is the way to go in China, unless you read Chinese and can use one of the local apps. Apple have done a great job here.


Apple was really slow to the party on transit directions. And it doesn't have biking directions. For me driving trips are less than 20% of my trips so not having both transit and biking is a deal breaker.

I do like the parking spot rememberer though.


Apple maps has taken me to the wrong side of Tokyo more than once. I won't use it anymore. I'm in Nova now, perhaps it's better here due to more data being available? I've never tried it here and probably won't -- there's nothing Waze won't do for me that Apple Maps will.


No, you're not. I travel a lot in Asia and never had any problems with Apple Maps. It's been my main navigation system for more than a year.

The only complaint I might have is absence of certain venues/places that GoogleMap has, but this is something I can live with, putting privacy first.


I was in Dallas once, tried to get to the Dallas Zoo. Apple Maps couldn't get me there to save its life. I had to use Google Maps because Dallas decided to put exits inside of exits on the highway and Apple Maps would spit out the name of the second exit instead of what it was really called.


Despite the tirade of anti-facebook/google/amazon blogs and posts in the last 5 years, I'm still not convinced that "being tracked" in my day-to-day life is a negative thing. I still don't perceive that my privacy is lost when I use those services. That information is shared with companies who use the data more-or-less responsibly with respect to my life.

Personally I prefer having a majority of my internet experience centralized in one place. Calendar, Email, files, maps, news, search, entertainment, etc. This saves a lot of time and effort in my life. Is it worth it?


My only fear with having everything centralized is that Google can decide you did something wrong and cut you out of so many important things in your life, without recourse.

https://news.ycombinator.com/item?id=15989146 is just one example I found with minimal searching.


You might also enjoy Cory Doctorow's "Scroogled": https://craphound.com/scroogled.html

Though for whatever reason the formatting on that appears terrible (to me in my uMatrix locked down Firefox)


I had a nice umatrix config saved to the cloud but it got deleted somewhere in the last one year (I had to temporarily switch to chrome). Did that happen to you too?


Until they don't.

Just because you don't balk at the current usage (that you know of), doesn't mean they aren't, or won't, do something you won't balk at. Anything learned can't be unlearned, and so by definition you've allowed them collect any data they are able to, and to do anything they wish with the data they collect.


So far they haven't really done much wrong. But, the problem is, the potential for wrong doing is so enormous. Google has so much power to control the fate of every business on this planet: I think this is just begging for abuse. It's remarkable that they've gone this long without any more serious scandals.


Well I'm not sure this mentality won't have consequences, I find myself doing what you do. Not precisely because of trust or because I think they're well behaved but simply because I don't care about the tracking and, while I'm not certain, I do hope nothing bad comes of it.

In fact, I actually bought the pixel 3 just two weeks ago. It's nice.


They use it responsibly now, but that assumes they’ll always use it responsibly. And what happens in the worst case scenario, when some actor takes over who may not care for laws and constitutions?


Hence the GDPR: it's perfectly fine to track your every move as long as they get explicit, opt-in consent for doing so.


> Despite the tirade of anti-facebook/google/amazon blogs and posts in the last 5 years, I'm still not convinced that "being tracked" in my day-to-day life is a negative thing

I made a similar observation before, and despite reasonable points raised I was downvoted to oblivion both here and at lobste.rs.

It is one of those things you can't say[1] here.

[1] http://www.paulgraham.com/say.html


I was tracked by an abusive ex for months via my Google account. Location history allowed them to show up at places they knew I would be at, and they had access to my email and who knows what else before I figured out what they were doing.

If you're a dissident, a journalist[1] or a political party member[2], there are powerful people who might want to track or silence you. If you're the wrong type of minority in the wrong place at the wrong time, there are people who might want to put you in camps[3] or murder you[4].

A KGB-style surveillance apparatus that's used to better target ads can be abused by anyone with an agenda, no matter how petty their motivation is.

[1] https://www.washingtonpost.com/news/worldviews/wp/2018/02/01...

[2] https://qz.com/1089384/the-communist-app-store-chinas-endles...

[3] https://www.reuters.com/investigates/special-report/muslims-...

[4] http://time.com/chechnya-movsar/


How is it Google's fault that someone else had access to your account and (for all intents and purposes) impersonated you? If someone gets access to any of your important accounts on your behalf (which would include your primary email), you will have a lot of opportunities to get screwed over. Email access alone can be enough, in a lot of cases.


> How is it Google's fault that someone else had access to your account

Please don't strawman my anecdote. I never said it was Google's fault.

However, I did say that Google's surveillance system enabled a level of stalking that's never been this accessible to laymen and nation-states alike.


> I did say that Google's surveillance system enabled a level of stalking

*Google's surveillance system in conjunction with irresponsibly giving one's account login to one's ex

Fixed that for you.


* Had a device stolen and password stolen either through spying or a key logger.

Fixed that for you.


In which case, just what is the relevance of your report to kawfey's comment?


What was the point of sarcastically dismissing me by making up something that I never said?

To answer your question, scroll up two posts, because I already answered it:

> However, I did say that Google's surveillance system enabled a level of stalking that's never been this accessible to laymen and nation-states alike.


I did notice what you wrote but you still do not see how you shift blame on to Google (despite careful use of the word "enabled") all the while conveniently ignoring key facts (device stolen, password stolen, etc.) that indicate personal responsibility.

If someone stole the key to my house, and went on to steal important things, is it the fault of the company that makes the locks? Did the lock company "enable" the stealing to happen?

But then blaming someone/ something else for what one is personally responsible for is as old as humanity.


Weird that you continue to straw man my comment after I called you out on making up outright lies. First I'm met with sarcasm and assumptions, next I'm met with condescension and an attempt to straw man my anecdote as a thinly veiled crucifixion of Google.

Here is the comment I addressed with my anecdote:

> I'm still not convinced that "being tracked" in my day-to-day life is a negative thing. I still don't perceive that my privacy is lost when I use those services.

Perhaps context is necessary, or perhaps you should consider why you're so driven to make assumptions about my posts.

> If someone stole the key to my house, and went on to steal important things, is it the fault of the company that makes the locks? Did the lock company "enable" the stealing to happen?

This is a poor analogy. Before locks, people could still break into your house.

Before Google et al., you needed expend significant resources to track a person 24/7 to the nearest 3 meters. As I said in my previous post, fine-grained tracking is more accessible to the general public now than it's ever been before.

This was my point.


The fact remains that your anecdote bears no relation whatsoever--as in it neither supports nor refutes--kawfey's comment (which you quoted here). Therefore, if it is not "a thinly veiled crucifixion of Google" (as myself and the sibling commenter gathered from your comment) then what is it?


> The fact remains that your anecdote bears no relation whatsoever--as in it neither supports nor refutes--kawfey's comment

Here's the poster's comment:

> I'm still not convinced that "being tracked" in my day-to-day life is a negative thing.

I provided an anecdote where "being track" in my day-to-day life was a negative thing. I don't believe it's that hard to follow.


> I provided an anecdote where "being track[ed]" in my day-to-day life was a negative thing.

No, you provided an anecdote where having your "password stolen" (by an abusive ex) was a negative thing.

If someone stole the key to your house, and went on to steal important things, is it the fault of the company that makes the locks? Does that make the act of locking, day after day, a negative thing?


> There’s no way I can delete my Gmail accounts completely as I did with Facebook. First off, it would be a huge security mistake; freeing up my email address for someone else to claim is just asking to be hacked.

Does Google really free up your email address for re-allocation when you delete your account? I do recall that was in issue at one point with Yahoo Mail. No email provider should allow the reassignment of previously used email addresses for precisely this reason.


I believe Google never garbage collects deleted @gmail.com usernames.

According to [0]: "Your Gmail address can’t be used by anyone else in the future."

[0] https://support.google.com/mail/answer/61177?hl=en&topic=238...


Maybe this is true today. But as the grandparent pointed out, Yahoo did release unused usernames back in 2013. Who is to say that Google won't decide to do that some day?

https://techcrunch.com/2013/08/26/yahoo-releases-recycled-us...


Security was the main reason why, when I asked years ago.


This used to be possible. I know because I once deleted my email and then realized I missed something I needed to transfer, so just re-created my email again to receive that email.


How long between deleted and re-opening? The support page I linked talks about being able to restore a deleted account within some period of time.


Yahoo deleted tons of what they perceived to be abandoned accounts and then made them available to the public:

https://yahoo.tumblr.com/post/52805929240/yournameyahoocom-c...

Seems really crazy considering how email is often the verification for password recovery.


Yeah, Yahoo is crazy for doing that, but a lot of email provides allowed re-use of email addresses back then. I think that happening today with literally the largest email provider is a stretch.

Everyone knows if you allow email re-use, it breaks the most obvious security features for everything on the internet.


Google doesn't recycle Gmail addresses. For anyone moving to paid email providers thinking they'd be a lot better, there are some paid providers who are very quick to recycle addresses on their domains: Fastmail, Posteo and Mailbox.org recycle email addresses on their domains within a few months, thus increasing the vulnerability of their current customers (where you delete one of the aliases on your account) and past customers. There may be many others too, but these are the ones I know of.


Great experiment. It really shows how badly we are dependent on Google. Everything relies on it, seems like it would be best if it was regulated as a public utility, enjoying monopoly but also having to serve the public good also when it doesn't necessarily align with its commercial interest (like in EU energy companies have to give you a link to the grid).

It also shows that it doesn't have real competitors, being so broad in scope and having all that data before others did.


Part of the challenge there is it's bigger than a public utility.

Let's assume for the sake of argument that the US nationalizes it. That leaves EU, Australian, Canadian, &c Google customers out in the cold---it's unlikely either the US or those other countries will be comfortable with continued service by a national utility to customers outside that nation. Perhaps some kind of subsidiary model could be constructed, but the details of how are non-trivial.


We could make it more like NATO?


I've pretty much run in that mode for years. No big problems. With Ghostery and Privacy Badger turned up to high, and third party cookies blocked, Google doesn't get much through. My phone, a ruggedized Android model from Caterpillar Tractor, has no Google apps other than the Google Play Services middleware. I've never had Facebook on a phone.

Mail is on Thunderbird and an IMAP server at an ISP. My email address is on my own domain. If I want to make something available to others, I put it on Github, or an "outgoing" directory on my web site. Documents are edited with LibreOffice. Browsing is with Firefox on the desktop and Fennec on the phone. A few sites don't load properly, but they're marginal ones for which there are better alternatives. More often, the site loads but the ads don't, which is nice. I don't see many ads.

It's just easier this way. The junk level is way down.


I think we as a community need to embrace a more holistic approach to the problem of privacy.

It's great that some of us can protect privacy by going crazy on each channel that leaks our personal data. But the remaining >7B people on the planet will still leak a lot of personal details, undermining their authority over their choices. If the data creep continues we'll one day find ourselves in a dystopia, and we'll be the people to blame. Much like the 2008 crisis is the fault of bankers because it was easiest for them to figure out that the human project is headed towards suffering.


This is a whole series. She already did Amazon and Facebook:

https://gizmodo.com/c/goodbye-big-five


The Facebook one is weird. There are some strange thought processes going though her head, which she kinda acknowledges. Stuff like:

> I have to admit that the enjoyment of a holiday dedicated to dressing up is somewhat degraded when not using Facebook’s apps.


Worth noting that by blocking all Google IPs, the author is not only cutting out Google services, but also any other application that relies on Google services. For example, there's a bit in there about not being able to use Dropbox because it uses Captcha.


Or an alarming amount of sites completely unrelated to Google that use Google captchas.


google recaptcha is a scourge. 90% of the time i'm met with it, i just close the tab and don't use the service. the other 10% is usually something i already use so i can't easily do that. but i hate it so much that i will switch eventually (e.g., https://spideroak.com/ or setting up an instance of https://nextcloud.com/ instead of dropbox).


Google fonts are used by all websites. And from Referrer header, Google has your browsing history.


Google also hosts a plethora of standard JS libraries. I wonder how many web pages fail to work with their JS at all if you block Google?


Google font logs are not dumped into their analytics and they take a number of steps that greatly reduce requests made for fonts in the first place.

https://developers.google.com/fonts/faq#what_does_using_the_...


There is no mention of which browser they refer to. I don't use Chrome, and I see requests to fonts on every website. And requests do contain Referer (what I browse) and, of course, my IP.

And in Private browsing, no caches should be saved anyway.


They're not referring to what browsers do, they're referring to the Response Headers they return with the resources, e.g. the max-age for the CSS files is one day, the max-age for the fonts files is one year.

> And in Private browsing, no caches should be saved anyway.

That's one of the trade-offs the user is choosing to make and one of the reasons why those that use Private browsing at all, use it selectively. I believe Private browsing will not re-download web fonts if the browser has already cached them in a non-private window but that's a performance and bandwidth distinction, the CSS request will still be made.

The page explicitly states that they use Google Fonts log data in aggregate to show font popularity, that's it. They don't set a cookie and request headers and ips are relatively poor identifiers for individuals. I don't think they use Google Fonts to track one's browsing habits, you're free think that I'm insufficiently paranoid.


For maps, I'd add Here (https://wego.here.com/) to the Apple Maps and Mapquest options she chose. It's the mapping solution that Microsoft got from Nokia, and is used by a lot of in-car navigation systems IIRC.

It suffers by comparison to Google Maps mostly in the lack of integration with the full database of businesses/reviews/etc. though I think it probably has most of the business listings. I suspect its traffic info is weaker as well, though I haven't really checked.


I get the world's Google dependency. I really do. I tried most of their mainstream services myself and they were indeed as good as I'd been told. But they're online only. And their Office apps tank next to Microsoft Office. And nothing I've seen matches the utility of Outlook. Besides, the prospect of transferring all my meticulously collected birthdays from Outlook to Gmail didn't float my boat at all. In the 00's I eventually switched from IE to Firefox, and have never tried Chrome.

One employer used Gmail, and I happily used it whilst employed there, but that didn't do nearly enough to change my mind.

And so I never did buy into Google like the linked article describes. To this day I cannot imagine a scenario in which I'd trust my world to a single vendor, in a single location.

It's no surprise that the non-technical great unwashed don't think this way, but it surprises me that technically literate and able people do not care for reducing or eliminating the risk posed by depending on a single vendor for... everything.

Especially given what we know about Google.


I am guessing that if she has already dropped Microsoft that is why she can't use Bing maps. Not as ubiquitous as Google Maps, or as featured as even Apple maps, but still ahead of Mapquest :-)


> I create new email addresses on Protonmail and Riseup.net (for work and personal email, respectively) [..]

I wouldn't do that. Riseup is providing email on a very tight budget. They are activists and every free account they give out is using some precious resources. Unless you really need it for specific purposes I believe it's better to go to fastmail or protonmail for "general purposes" email needs.


A lot of commenters in here are saying "oh yeah, I've done something similar, not that hard/different." What they're glossing over is how the author also blocked all Google IPs, meaning that Google Cloud Platform is no longer available, along with assorted services. This means authentication like captchas, anything that uses maps besides Google's own offering (Lyft, Uber, Yelp, etc), and photos being hosted on their version of AWS S3 is included.

There is a ton of web and data infrastructure being hosted/ran by Microsoft, Google, and Amazon that we often don't think about. The only big service provider I can think of besides those three is Digital Ocean, and it's not a 1:1 comparison, since they're more like infrastructure.

*edit: Basically, if you find Amazon so abhorrent that you want to cut them out of your life, you can't unless you eschew huge swathes of the internet. Which might work for you. But think about that: they own the digital land under our feet.


jQuery foundation, nobody thinks about how much they might know about you...


I've taken similar steps, though have not gone so far as to set up a vpn block to all google ips. I do have as much fingerprinting and privacy protection as possible enabled in Firefox though. I find the worst experience is captcha, it will no longer give me free passes and I regularly have to sit there for several minutes providing training data that they reject. It's to the point where I just avoid sites that require it. Newegg is a particularly egregious offender as they seem to require a very high degree of certainty.


What set up are you using in Firefox for fingerprint and privacy protection?


Extensions: uBlock, Privacy Badger, Decentraleyes, DDG Privacy Essentials, HTTPS Everywhere, and most importantly Containers

I try to keep as many sites as possible into relevant containers. Facebook and Google get their own containers just for them (there are additional addons which will handle this for you as getting all of Google siloed off is cumbersome otherwise).

I also make use of the built in tracker blocking, blocking all third party cookie use entirely. There's also an option to resist fingerprinting that I enable, which does a ton of things [1]

[1]: https://wiki.mozilla.org/Security/Fingerprinting


(not the GP)

For blocking I'm using uMatrix, plus uBlock Origin and Ghostery. There's a lot of overlap and it might not be the most efficient, but there are reasons. This is fine for sites that I'm on regularly, but is annoying for one-offs. I actually flip to Chrome with only uBlock Origin for some purchases and for some specific websites that work better there (like GMail), though I could probably use the Firefox beta channel builds as a non-locked-down browser for that.

uMatrix generally blocks third-party items, though it defaults to allowing CSS and images from anywhere and I haven't changed that. uBlock Origin provides list-based blocking instead and is a failover if I give up and temporarily turn off uMatrix for a site. Ghostery is useful for a quick reference of why various things are blocked in terms of website categories (trackers, discussion, ads, etc.).

I'm also using DeCentralEyes, which provides locally-injected versions of a lot of CDN-based resources.


Is trading Google cloud products for Apple cloud products really such a big change? I could see the truly privacy paranoid running away from all cloud services and running their own everything, but just switching cloud providers doesn't seem like a meaningful difference to me. OK, so now Apple has all of your data instead of Google. Either way it's in the hands of a big corporation, and by extension, the government.


Apple's business model relies first and foremost on selling hardware, not knowing as much as possible about you. Recently they realized they can turn this into a selling point, so they try to do more locally and NOT store your data server-side. Technically this is a lot more challenging but I appreciate the privacy aspect.

Here's a paper they put out about how they handle learning from their users in aggregate without knowing anything about specific users—they call it differential privacy:

https://machinelearning.apple.com/2017/12/06/learning-with-p...


Apple has a phone number you can call and talk to someone who can actually fix your problems. Google does not.

Wife's appleid got broken into last year and some stuff was purchased with funds in the account. One call, and we got our money back and the account all reset. After being the administrator of a google business account for a few years, I was astonished. I'm not really ok with how much information apple OR google has on their users, but I am absolutely sure that apple is doing a better job and is more trustworthy.


Google's core business is advertising, while Apple's core business is hardware. One has a much greater incentive to collect, store, and exploit users' data.


and yet Apple comes up with some of the biggest privacy blunders in their offerings.


So much of this is overblown... and I say this as someone who goes out of their way to avoid using Amazon/Google/etc for privacy reasons.

The biggest problem with debating privacy and security these days is the sheer paranoia running rampant from people who don't understand the workings behind the scenes, coupled with the people behind the scenes assuming defensive tones from the get-go whenever stuff is brought up.


For maps, I use HERE maps on Android and it works great. Offline capability is particularly good. I am not sure if it is available on iOS.


This non-tech person's attempt looks to me is futile, just switching from Google to Apple or other companies doesn't mean you won't be tracked. To me the best solution will be self-hosting cloud services for email, calendar, and using TomTom or Garmin GPS.


... except that Google still has most of my emails as people who send me them or whom I send to are using Gmail...


This. Same with Facebook. Even if I choose to not use a particular service, these services still know about me because so many other people I interact with do use these services. I get that as a Gmail user, you've agreed to allow them to read emails for whatever they choose. However, I did not. If I hit reply to a Gmail account, I'm not agreeing to the ToS. Just because I visit a site that has chosen to use G*/FB does not mean that I agree to the ToS. A website's cookie notices give me the option to leave if I don't agree, but by then, all of the tracking has already started without my agreement.


Anyone know why she chose RiseUp.net for personal email?


I feel like this comes from a good place, but a lot of it seems self-inflicted and/or over-dramatized. Most privacy-conscious folks have been saying from day one that smartphones and smart-homes are a bad idea in that regard. Dumb-phones exist. Printing directions out is ... not that hard. Etc.

Overall, though, I am glad this is becoming more of a thing in terms of mass appeal. Hopefully the pendulum will swing the other way to a greater awareness of shiny-new-tech-that-comes-with-strings.


> I feel like this comes from a good place, but a lot of it seems self-inflicted and/or over-dramatized.

Agreed, and too absolutist. You can take a reasonable stance without upending your life. So you can't get away from maps integration in apps, that's ok, still using the competition helps. Same with browser choice and others. I can decry all the plastic waste and still type on a keyboard with plastic parts.


Taking an absolutist stance is the point of the authors experiment. You wouldn't do this in practice if you were just trying to improve your privacy, but in an experiment to see just how far Google's reach extends it makes sense to block everything and see what unexpected 3rd party services also fail - such as Uber or Dropbox


> Next up: Microsoft.

That will be pretty easy. Only thing I used of Microsoft website for is to get .NET for a one-off project that required it.


And you never use GitHub either?

Don't forget: https://en.wikipedia.org/wiki/List_of_mergers_and_acquisitio...


Yes, and that will include static sites hosted on GitHub Pages.

Avoiding Microsoft is often a problem when exchange documents with someone and the files don't work well with whatever not-Office you choose (Apple Page/Numbers/Keynote, LibreOffice, etc.).

I wonder if they can even attempt to block receiving or placing phone calls from/to a number with Skype on the other end.


Thanks for reminding me of this tragedy :(


Random stuff you don't know about might be on Azure. But yes, their general services reach is probably lower.


It seems like it's mostly used by large corporations for intranets. Ebay, EasyJet and maybe Samsung are most likely to be the ones internet users would encounter.

[0]: https://azure.microsoft.com/en-us/case-studies

[1]: https://www.quora.com/What-are-publicly-known-biggest-custom...


Why the title was changed from article's one? Mods?


Turn off internet. Would be much easier xD




Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: