From my travels, my impression has been that America in particular treats child nudity as completely, unexceptionally obscene, beyond even adult nudity.
Compared to a beach in Europe, where nearly half of children under 2 run naked, there seems to be no grey area or minimum acceptability in the US.
It makes me wonder if our hypersexualized treatment of child nudity /actively contributes/ to the sexualization of children in our culture.
Haha yeah, in Europe there are often naked children running around at the beach. In Germany, there are places (especially lakes) where everyone is walking around, swimming and sunbathing naked - Sometimes the whole family. For me it was quite a shock initially but now I think it's fine.
I find that a bit weird tbh. I mean, if we look at human tribes throughout the world/history, and even what is the most common nowadays in african tribes which maintain their dressing habits, they usually cover their genitals. It indicates to me it is human nature to do that. It seems to me, in some countries for several reasons, they are going against the grain, purely out of culture.
But there's something weird about it. Just like when you look at previous periods in time and now they look weird, often just reactions to previous epochs or other cultures (like the neoclacissim came as an opposition to rococo and baroque).
This feels like it. It doesn't feel natural. It feels like it is purely out of a contrarian way of thinking, about how forward thinking they are, "look how superior we are that we are completely void of instinct to cover ourselves". and perhaps somewhat of a sexual counter balance to the strictness of the rest of their culture. I'm not sure i'm explaining this in the best way. I think there is a natural middle ground, the one that we have seen throughout hunter gathere human history, and Nordic countries are just being culturally weird by going to one extreme.
Europeans don't go around naked all day. It being acceptable to see a person in the nude in certain scenarios is not the same as a complete lack of inhibition towards private parks. You talk about African tribes covering their genitals but I'm pretty sure you're gonna see them being uncovered (and being okay with it) for certain activities for a larger percentage of their day than westerners.
You’re confusing people who are naked in public in some special occasions with nudists. The tribes you speak of are not covered 100% of the time in public either.
I follow what you're saying and completely agree, especially with the "look how superior we are that we are completely void of instinct.." quote - there are many things this could apply to nowadays in today's instant gratification and influencer (for the likes) driven culture.
50% of my childhood pictures ( all from beaches in the Netherlands) would be lost (actually my aunt already destroyed some living in the UK and felling pressured for some reason) .
I find it disturbing attributing particularly sexuality to children (actually I find a lot of adult looking clothes more disturbing than a nude child).
I know that there is people with sexual disorders (I would strongly argue that pedophilic arousal is one), that commit serious crimes. I also do not advocate publishing any nonconsensual pictures on the internet.
However disallowing something just because it can be abused is rediculous. Banning this guy protects nobody from nothing. Yes they could have blocked the upload of the image to the cloud (I would be happy to locally install any nude detection AI that does not communicate with the cloud. Even something that ask me if I have consent feom all identifiable persons in an image is fine for me. I think the father would actually have been happy about this. No need for manual inspection.)
I find it ridiculous that corporations try to pretend to know more care more about children more than their own parents... When in actual fact, these corporations couldn't care less about them.
You can't really fight nature. If a child is born to horrible parents who abuse them, there is only so much anyone can do... The child's life will be ruined from the beginning, the government cannot undo the damage which has been done.
I often did run around completely naked at beaches. I don't do this anymore because now everyone has a smartphone and much more people take pictures now.
I don't think it's quite as strict as you're making it out to be.
I was in a park in Manhattan last week, which had a bunch of big sprinklers for kids to run through. No one was naked in the sprinkler, but some parents helped their children change in/out of their bathing suits out in the open.
(Then again, I only remember this because I was a tad surprised by it.)
in japan, children play a game called Kancho, where they put their index fingers together and try to insert it into the anus of their unsuspecting friend.
in america, you could destroy someone's life over that. (possibly even multiple lives)
My point was that the hypersensitive treatment of children's bodies seems to promote child hypersexualization at the cultural level.
The OP of this thread's life was wrecked in such a way that suggests our cultural norms are unhealthy.
It is therefore noteworthy to study extreme cultural practices which are HEAVILY legislated in the US (28% of 14-17 year olds report having been sexually victimized), almost always treated in a manner which results in trauma for both victim and actor, yet in a similarly advanced culture (with only 296 total child sex abuses reported last year), is literally a game you play and laugh about.
The similarity is because it's an example of something other cultures see as normal, or at least harmless, but in the US it is seen as an egregious offense.
Not hard for me to imagine a 7 year old American getting expelled and potentially prosecuted for trying to play a "Kancho" prank on a friend.
In America you can be prosecuted for being that weird kid who tries to kiss everybody. It can result in permanent sex-offender registration, and when they look at your record it won't say you were a weird kid who tried to kiss everybody. It will say something like "INDCNT ASSAULT VICTIM UNDER 12 YO". Try explaining that to employers.
And many normal cultural things in the US would be regarded as an egregious offense in Japan (which has a very rigid, conservative, homogenous culture).
"During a 2001 game with the North Queensland Cowboys, Hopoate inserted fingers in three players' backsides and anuses. The first incident occurred during the seventh minute of play. The matter was referred to the rugby league judiciary on 28 March. Hopoate was suspended for 12 weeks for what one commissioner described as "disgusting, violent, offensive behaviour""
I can give one example. In US it is absolutely normal to arrive to the conference room, sit at the table and wait for a boss to come. In Japan to sit at the table before the boss arrives and sits would be an offense - I was actually advised to stand up and wait for the boss standing as all others did.
A different article recently prompted me to wonder (I'm American): We know exactly at what age someone becomes 'legal' wrt images - do we know on which day of their life a person first becomes 'illegal'?
In the us, there is an unspoken belief that preventing criminals from ""winning"" is more important than protecting citizens.
This is why police fired into a stolen minivan that had a unrelated child and a shoplifting/carjacking suspect in it, killing both. Protecting the child took a back seat to punishing the prep.
Therefore CP laws very quickly stopped being about protecting the children and more about punishing the pedophiles.
Vindictiveness and spite are the unspoken role models of the US justice system.
Nudity in kids is seen as obscene purely because a pedophile could find it arousing. We are preemptively sexualing children in order to prevent their sexualiztion.
A child was once forced to masturbate in front of a camera by COURT ORDER. Police held them down. All because the child was a victim of child pornography and the court wanted a "comparison image" in a similar arousal state to prove it was a image of that child.
Once again, a child was victimized by the justice system, in order to punish a perp.
Never make the mistake of thinking anybody in the justice system gives a rats ass about protecting anyone.
> A child was once forced to masturbate in front of a camera by COURT ORDER. Police held them down. All because the child was a victim of child pornography and the court wanted a "comparison image" in a similar arousal state to prove it was a image of that child.
That summary is misleading and, I feel, wrong. It's not accurate to state that he was "a victim of child pornography," the complaint in this case was against him by the parent of another minor that he was "sexting" with.
That doesn't excuse the police behavior here, but you're attempting to paint a picture where the victims in these cases are outright ignored in a misguided search for justice. You're twisting this case[1] to fit your narrative, I think.
Further, he sued the government and won. The courts made it perfectly clear, the lower courts and police were absolutely in violation of this teens rights when it granted and executed this search warrant. So egregiously that "qualified immunity" doesn't even apply to the officers estate.
I wasn't going to address this, but..
> Therefore CP laws very quickly stopped being about protecting the children and more about punishing the pedophiles.
Pedophiles create a market through demand. Often it is also pedophiles that are on the supply side of this market, but not always. Merely participating in the demand side implicates you in these crimes against children as you are suborning their abuse. One could say that our system merely recognizes this fact.
I think HN would say 2 is wrong here—people often argue that piracy actually helps sales as it promotes the media. if that is accepted, then the court would be correct in asserting 1.
> Not only did he lose emails, contact information for friends and former colleagues, and documentation of his son’s first years of life, his Google Fi account shut down, meaning he had to get a new phone number with another carrier. Without access to his old phone number and email address, he couldn’t get the security codes he needed to sign in to other internet accounts, locking him out of much of his digital life.
> “The more eggs you have in one basket, the more likely the basket is to break,” he said.
I only have a google account to have access to Play store. Everything else, mail, calendar, photos and storage, has been moved off Google
Same here. Those shitty providers are a too high risk.
Many years ago Microsoft has banned my outlook account for no reason. I tried contacting the support to resolve the issue - nothing. Only after writing a letter, I received the answer from Microsoft Germany:
We banned your account because I was distributing porn through onedrive (which I was not doing). The investigation showed that Microsoft could not find any wrongdoing. The account was gone nevertheless.
This is why I say:
- skip Gmail/Outlook and all this crap, use something proper like mailbox.org with your own domain
- dont trust cloud. Backup once a month, use two clouds at the same time, have a cold storage with your backups
- biggest risk is your apple icloud account. dont be dependant on them: dont use their credit card
- dont use google/ms 2fa apps
- have multiple accounts in parallel: one for google drive, one for search, one for mail (if you need it), one for youtube, etc
Isn't the ability to migrate phone numbers a legal requirement for carriers?
Edit: yeah it is [1]
> Phone companies are required by law to port your number out when you start service with a new carrier. According to the FCC, a company can't refuse to port your number even if you have an outstanding balance or unpaid termination fees.
When porting to a new carrier, the new carrier asks for your account information and PIN for the old carrier. The new carrier provides that to the old carrier to prove that the port request came from you.
It looks like with Google you are supposed use the Google Fi app or website to obtain a “port out number” and PIN [1] to give the new carrier when they ask for account number and PIN.
If you accounts have been banned I wonder if you can still get that information?
Haven't had to do this with google (yet) but filing a complaint with the FCC usually gets you a very prompt response from the company the complaint is about, and I imagine this would be the best thing to do in this case
https://consumercomplaints.fcc.gov/hc/en-us
This is why I’m something of a two factor authentication Luddite. I (think) I understand the benefits - but the fact that every factor is an additional single point of failure freaks me out.
TOTP keys, backed up physically (as in, written down and stored somewhere safe), are probably a good way to balance the failure mode with the security.
> The more eggs you have in one basket, the more likely the basket is to break
This. Use Yahoo for your email, Verizon for your phone number, Dropbox for your backups, Facebook for your socials… It doesn’t matter which you choose, but fragment your digital life. When one part goes bad, it won’t infect the others.
Honesty, I wish self hosting was easy enough for ordinary people to do. Then there would be no reason to recommend people to fragment their digital life among dozens of ad-funded SaaS platforms. There is no reason why it has to be so hard. But not enough effort has gone into developing such systems due to obvious reasons. Sandstorm project, for example pioneered a model where users could deploy web apps like they would install mobile apps on their phone. Sadly, it didn't achieve the level of popularity it needed.
Thank you for the pointer! Definitely something worth looking deeper into. However, I was talking more about the software side of things - so that we won't be locked into a hardware platform. That said, they do have an idea in the right direction.
I'm still totally not off Google yet but this is the direction I'm going in. Fastmail for email (still need to do the POP/IMAP setup for local caching using Thunderbird), local ISP for phone number, Syncthing for syncing across PCs/Android phones (except iOS which lives in its own world) and Facebook has been deleted long ago. Just takes a while to get off Google because of years of sign-ups but I already got the financial and government services off it.
When I started using Google, their motto was still "Don't be evil." My entire business and personal life runs on it, so I have no way to switch. 300 employees emails, all documents, videos, tons of custom scripts would have to change over.
Try fetching only your photos in one archive, your Gmail in a separate archive, and then everything else in a third.
If you have "too many" Google photos and that archive fails, create albums for every year, and only download a year/album at a time. It's a huge PITA, but at least you'll get your stuff back. (Kinda: depending on how you uploaded your photos, the metadata may come back truncated or altered).
Hmm, which part fails? Works great for me.
You can schedule it to happen every 2 months for a year. And so every 2 months I get an email with links to 7 or so 50GB .tgz files. They download very quickly with no throttling and fully saturate my 1Gbs connection.
I have Nextcloud running on a Raspberry PI along with a dozen other services on yunohost.org. Nextcloud automatically backs up my family's contacts, calendars, notes, tasks, photos, files, passwords, bookmarks, phone locations and more. If you want to backup the APK's check out Seedvault. I am personally fine manually reinstalling APK's if/when needed so have not tried Seedvault yet.
Automating daily Google Takeout requests is exactly the sort of behaviour that I fear would trigger an account ban at some indeterminate future date. There are just too many unknown unknowns for me with Google now. Their ecosystem is, and has been for a while, personally relegated to burner account status.
I doubt that you can do this daily -- I don't think Takeout can work differentially.
Monthly or annual downloads though, can be scheduled manually simply by putting a note on your calendar.
If an account goes down, the thing you'll miss most may not be the recent things, but rather the many years of archives you might have in a Google account.
The biggest problem with Play store is that many apps are geographically restricted. That includes banking and public transport apps. Some apps are restricted without even the knowledge of the developer. Most of those apps have no good reason at all to be restricted like that. Such apps often cannot be accessed through Aurora. Sadly, there are no laws or provisions to challenge such unethical tactics. Using Google's services is like living with a manipulative and abusive partner.
Nowadays you can buy a NAS and plug it into your router and then click the install nextcloud option and you have it running, then you add the app on your phone. Its no where near as difficult to get these level of capability as it used to now that Docker is integrated in a user friendly way in a lot of NAS software.
I don’t trust it to be more reliable than a paid service. The thing about self hosted solutions is you’re completely on your own if something goes wrong. You need to make sure you’re backing things up, that you can restore your Nextcloud configuration if your sql database takes a dump or you fat finger and delete some config files (I’ve done both). Or if you have a power outage or lose internet connection and can’t access vital files, or even something simple like a bad software update causing issues.
While a great option, one can’t simply spin up next cloud and then move everything over like you would a Saas solution as a typical layman.
If something goes wrong with your google account (or other SaaS that would lose your data, or ban you without recourse), you are not even on your own, you're just trully fucked. It's poof gone and no local/internet tech geek will be able to help you.
If something goes wrong with your at home nextcloud, you still have the data/hw, and you can either get help troubleshooting from someone who understands what they're doing, or you can try yourself (which will take more time). You're not on your own. And even if you are, you can just shelve it, and defer the recovery for later. But unless it figuratively crashed and literally burned, you're not fundamentally prevented from recovering your data.
Yeah totally agree with this. I back up all my important data, but I’d still prefer to Apple/Fastmail/Dropbox be the primary provider of a service and back it up to my server (and other cloud services) than run and rely on my own nextcloud.
In addition, backing up the services isn't that costly these days. Backblaze provides massive storage space at cheap rates and integrates well with encrypted backup software like Duplicity, Borg or Restic. Recovery from failure is usually a breeze with these software.
There's no Proton Photos, as far as I am informed. Surprisingly, there is a Proton Calendar. But does it syncs with Calendly or Zoom, for example? I don't think so.
Currently more or less adequate solution in terms of integration is self-hosted Microsoft Exchange. I wonder how much does it cost (including Windows Server license).
The biggest failure here is Google's continued refusal to segment their services and this has been a problem since at least the Google+ days, which is more than a decade ago at this point.
During Google+, Google controversially instituted a "real name" policy. This was controversial and completely driven by Vic Gundotra who would get up at company meetings when asked about this (back when he still answered questions because believe me that ended) and said "we don't want people named 'dog fart'".
Legitimate concerns that people might have for their safety were completely brushed aside.
Anyway, the enforcement for this of course was automatic and resulted in I'm sure many false positives. But what happened when your account was flagged/ You lose access to everything.
This too was criticized at the time and people asked "well if it's a policy violation for Google+, why do people lose their Gmail?". These questions too were completely brushed off.
At this time I decided I simply couldn't and wouldn't use any other Google service because my Gmail is too important to risk by an automatic ban from a false positive on a completely unrelated product.
And here we are, a decade later, with the exact same nonsense happening.
Now of course the CSAM ban itself is ridiculous. Refusing to reverse it is ridiculous. All of that is true. But don't tie your email or your phone to a company's other services when they do blanket bans like this.
What I dont understand is why the stupid policies established by a coupled of troubled individuals years ago for failed projects are still in use today ...
Give us de +Word back... dont "improve" the stupid quotes.
This story should serve as a warning and a motivation to move away from iCloud, Google Cloud, and alike for video and photo storage.
The easiest thing is to just purchase a drive or NAS and store your media on it. If you're a bit tech-savvy, you can run your own NextCloud. I run NextCloud on Hetzner, 1TB storage box + web server for a total of $7 a month. Or you can get Hetzner to run the NextCloud for you for about $4.7 a month for 1TB storage, but then you don't have full control over it. Then there are quite nice NextCloud apps for Android and iOS that you can configure to sync your photos and videos into your cloud.
Not OP, but I also use Hetzner and their storage boxes. Servers I use will connect using samba. For temporary access from other devices I usually use FTPS, but they also offer a bunch of other protocols.
Can NextCloud do OCR on the pictures, identify people and allow search by objects in the photo? Because those are the killer features for me that make it super useful to use Google photos.
I am a software professional and run my own email and it's a massive pain in the ass. I started also using a google account just to use for all the stupid sign ups the internet makes you do, and use my real email for actual correspondence, banking, and a few other things only.
I worked in a 1 Hour Photo when I was in college. The standing rule we had is that any photos of naked adults were not printed (the customer was given their negatives though). In the case of naked children if it was the typical "kid taking their first bath" it was fine but if there was any doubt we had a manager review it. I think we had to call the cops a couple times (more for passing the buck than making an official decision like that ourselves) but there is/was a policy for things like that.
I'm an atheist, and I intensely disagree with the sexualisation of everything in our society dressed as a new sexual revolution, and see it as a direct effect of capitalism.
The other day I read something about how society must “prevent the oversexualization of children” and that got me thinking, who will protect the oversexualization of society itself? The answer was obvious to me.
You say that as if there is no other reason to ban alcohol than religious belief, and not like alcohol being one of the most negative societal influences in the areas of human health, crime, public safety, and poverty. Just because humans are so cripplingly addicted to alcohol that banning was untenable doesn’t mean it was a bad idea.
What are you talking about? Which "certain" states? Iran, my old country, may be the 9th largest consumer of alcohol per capita [1,2]. There are hundreds of deaths due to wood-alcohol poisoning every year [3], mostly from people making moonshine from raisins and not being diligent enough to remove the stems, in lieu of access to safe drinking alcohol. I personally know many people who abuse alcohol just to be able to tolerate living under an oppressive theocracy, especially worsened in the last few years due to US sanctions which have made many everyday and essential goods inaccessible.
But it's very hard to find any data (let alone official data) on any of this, because nobody wants to suffer 72 lashes with 0-gague electrical cable at the hands of Iranian police for having admitted to have had a glass of wine or whatever one night.
Alcohol is an aspect of human civilization since per-historic times (as old as farming if not older) and always will be, regardless of what puritan Christians or foaming-at-the-mouth Mullahs might think of it.
Across the board (addiction, alcohol, abuse) any type of "zero-tolerance" "bring the hammer down" policy e.g. a blanket ban on alcohol has always been at best orthogonal and usually antithetical to harm reduction. As someone mentioned in the above comments, nuance is everything in providing support to the vulnerable --- ask any social worker. Religious guilt enjoys no such effectiveness.
(Sorry, two of the citations are in Persian, I couldn't find English sources. Google translate could be a workaround.)
I’ve lost track of how many people in this thread have blamed Christians. Why? Christian’s do not have a ban on alcohol. Where is this idea coming from, or are we just spreading hate?
I’m a Christian and never have met such a “puritan” Christian. Where are these “puritans” that ban things in the name of Christianity? Have you met one or is this hearsay?
Also, in many of the comments in this thread, the word “puritan” is not used.
My comment remains, this comment existed to spread hate, nothing else.
Also what other vices? The word vice generally means bad things so you’re upset that this “group” is giving life guidance? Are you equally as intolerant of a doctor telling people not to drink?
Why would you assume a crime by default? The presumption of innocence is only a slogan in the US, just like the above mentioned secularity. Look what happened with the guy in this post. You can't even take a photo of your own kid.
The discussion was around prints of naked adults and why stores might have policies to not develop those.
I offered an alternative reason based on the legal landscape rather than a cultural one.
> You can't even take a photo of your own kid.
You missed the part where we're discussing a sub-topic off that story, someone's experience working in a photo store, and the policies in place there.
> Why would you assume a crime by default?
I assume you mean "you" as in a photo store that finds such negatives in a job order, and not me directly?
Because as I said, your liability or even reputation if this isn't from something legal, is not worth the profit made.
Why don't you petition the government for a redress of grievances and oust them? It's an unlimited right guaranteed by the First Amendment that can remove tyrants without causing harm.
So, according to the first amendment I can just taze the supreme court, and roll back citizens united, and reinstate roe v wade?
That's as batshit crazy as recent assertions that nothing the courts rule can be sexist; after all, women would just run for seats on the supreme court if they cared; they're a majority of the population, after all.
Since the nonsense in the last paragraph actually came from a recent supreme court majority opinion, I'm wondering if you can point to a supreme court ruling backing up your statement.
According to the First Amendment, you have a conceptually unlimited right to write petitions (complaints). Practically, it is limited by the absence of violence during assembly.
There's surprisingly few rulings on the right to petition.
One example would be protecting employees from someone just bringing in photos of themselves with the sole intent of exposing themselves to the employee, as they have a captive audience.
> Sheila, a clerk at the photo store, flirts with George when he picks up his photos, commenting on a mustard stain that appears in one. He photographs everything, even Jerry taking a screwdriver to his stereo, as an excuse to see her again. A lingerie model's picture is accidentally mixed in with George's photos; he assumes it is a photo of Sheila she inserted as a come-on. Kramer convinces George to return the compliment with seductive pictures of himself.
>The Seinfeld Effect is a phenomenon closely related to the Family Guy Effect (the idea that when a meme is referenced on a popular television show, it dies out). The Seinfeld Effect occurs when a TV show references an in-joke belonging to a subculture (in most modern cases, the Internet) and makes it mainstream, causing the show's viewership to mistakenly believe the meme originated with that show.
>The effect is named after the 1989-1998 sitcom Seinfeld's habit of referencing little-known ideas, jokes, and phrases, such as "Festivus," "yada yada yada," or "not that there's anything wrong with that," and making them extremely well-known through the show's populararity to the point that many have the misconception Seinfeld invented these phrases (for the purposes of this article, 1992 is listed as the meme origin date, as that was when the episode "The Contest" popularized the idea of masturbatory celebacy contests). [...]
>There are certain shows that you can safely assume most people have seen. These shows were considered fantastic when they first aired. Now, however, these shows have a Hype Backlash curse on them. Whenever we watch them, we'll cry, "That is so old" or "That is so overdone".
>The sad irony? It wasn't old or overdone when they did it, because they were the first ones to do it. But the things it created were so brilliant and popular, they became woven into the fabric of that show's genre. They ended up being taken for granted, copied and endlessly repeated. Although they often began by saying something new, they in turn became the new status quo. It's basically the inverse of a Grandfather Clause taken to a trope level: rather than being able to get away with something that is seen as overdone or out of style simply because it was the one that started it, people will unfairly disregard it because it got lost amidst its sea of imitations even though it paved the way for all those imitators. That is, a work retroactively becomes a Cliché Storm. [...]
Thanks. I was wondering if there was a name for this after my teenage kids were rather underwhelmed by the first Matrix film the other night—especially the Bullet Time sequences.
If the local amateur porn producers know that 1 Hour Photo won't print their pictures, then 1 Hour Photo's employees are going to be stuck looking at far less amateur porn.
Sure, but the rule not to print naked adults might be useful and necessary to enforce a rule of "don't bring your amateur porn to this shop, please". Which I think is a reasonable request. Some might not be bothered, but the analogy to sending dick-pics comes to mind.
I keep telling anyone who will listen that they need to move every aspect of their online identity away from the big tech giants, and make sure that each type of service (email, webpage, memory storage, document storage, backups, contacts, etc) is compartmentalized in such a way that if one gets removed then it wont affect the others in any way.
Imagine having all your memories in the form of images and videos taken away because of sloppy review work at a tech company.
I want to, really I do, but it feels like trading one devil for another.
Email is by far the biggest albatross around my neck. To migrate email requires me to setup two different failure points: purchase a domain and a Fastmail-like service. Now that is two different places that are subject to me forgetting to pay a bill, being social engineered into giving away my account, etc. To say nothing of the long tail of acquaintances who only know be my current address.
Yet still, this existential terror exists that I will Do Something Wrong (no you will never know what it was), and lose everything.
E-mail should be the first thing you migrate, precisely because it is the key to every other service you rely on. If you're randomly banned from your E-mail service, you're pretty much screwed. E-mail is too important to let someone else host. Move it as close to your own control as your technical ability allows. Do it today, in fact, do it right now.
+1! Getting your own domain name is not hard, you can still use GMail with it for now, and switch to something else if there's a problem with it. Plus xyz@yourowndomain.com is way cooler than xyz@gmail.com.
Autopay is simple to set up with any hosting provider. If you're in a financial place where the $5/mo and $10/yr payments might bounce... yeah, probably don't pay for email.
As far as the social engineering goes, personally I gladly take that risk in order to bring my email firmly into my control. If I'm going to lose access to my email, I want it to be because I did something stupid, not because an algorithm flagged my account and Google has no humans I can appeal to.
The long tail of acquaintances isn't bad either: just forward emails from Gmail to your new address. If you lose access to the Gmail account at some point, you'd have lost everything anyway, so this arrangement would be strictly better.
I'm not fully confident that I'll never cancel a credit card that pays annual subscription. Generally it's fine because alert email would come on my inbox, but it's email infrastructure so I need extra attention.
I’m not big on PayPal but I have some domain names set up for recurring PayPal payments (with cc as a backup) because PayPal is insidious with regards to how far they go to fund your account (charging multiple cards, goopy your bank account, sending you letters for debt collection, etc) which, for most things, would be exactly the opposite of what I want but for domain names it’s a huge burden lifted.
Do you use the same email or 2FA for all of those? If so, you still have a potential single point of failure if that provider decides to ban your account.
It is unlikely that both the email and 2FA will fail you at the same time, unless perhaps you are using gmail and Google authenticator (though I am not sure how much authenticator is tied to your Google identity as I don't use it).
Use email, phone and app 2FA plus printable 2FA codes, and you'll always have a way.
Frankly if all of these can be made inaccessible in one go then the setup was mighty flawed to begin with.
That sounds sorta expensive but I get it. I’m at 3tb of photos and videos. It’s becoming unmanageable… anyone aware of an self hosted multi redundancy photo storage that doesn’t involve manual copying of large amounts of files? Or other non time consuming setups that works with iPhones (me and my SO)?
I use Backblaze B2 and ‘PhotoSync’. PhotoSync is great in any case, as it can push and pull from basically anywhere. The only issue is it’s phone based.
This event happens so rarely that it would be better advice to tell people to wear a bullet proof vest and helmet when going outside. It’s more likely to benefit them than self hosting media.
Also: I wear a helmet or a belt every single time I drive even for 1km. Should I not? I never needed them. 0% use rate so far for me, might as well not have done it.
The issue is that when it happens, you're done.
Considering that you probably don't need to keep all your eggs in one basket, why not at least try?
On this note, I wish providers were forced to provide a third-party backup mechanism for important data so that if I were to lose:
- the email: it could forward my email to at least receive them
- my photos: a copy could be kept on multiple hostings
Anecdote: It's happened twice for me. Once was for an app I published they decided was against ToS, two years after I published it. And the other was an accidental account deletion when upgrading Google Apps (luckily this one was mostly recoverable... if you know the right people at Google).
The problem is finding them. If a layman looks for a cloud back up provider that isn't one of the BigTech group - uses Duck Duck Go and finds a small company offering 10GB back up for free. Unfortunately for them, that service is using AWS for storage, so ultimately despite they're best effort they're just using amazon cloud storage.
This is where the small guys kick ass vs the Googles/Microsoft. Try Dropbox, Backblaze etc. Much better experience. Apple is OK UX wise but locked in which sucks.
How is a laymen supposed to tell the difference between Backblaze - running their own servers, and a Dropbox-like - which is really just uploading your files to amazon's servers?
Assuming Dropbox encrypt the data at rest, Amazon won't have any access to it. And if they do delete stuff they now have to deal with a company instead of single individuals.
That is right, but I cant resist bringing out the trope that airpods product line alone - just one produce line! - is one of the world’s biggest businesses and dwarfs most unicorns like Dropbox.
Dropbox used Amazon until 2016, to only have their own datacentres in the last 5 years. Who's to say they decide that's not economical and move back to aws?
OneDrive IS Microsoft and iCloud IS Apple so they ARE BigTech, the same as Google? I don't see how that argues against the point?
Box is the only one in that seems to qualify? Kinda proves my point that it's not at all easy for a laymen.
So instead of depending on three of the largest tech companies with built in redundancies, you want to depend on a fly by night operator with no track record?
You would even avoid DropBox because they also chose to use proven reliable technology until their own technology was good enough?
I mean personally I use iCloud and Google Drive, but i fully understand that at any point Apple or Google could decide to hand all of my data to a government, accidently turn off all their security and let anybody access my data, delete my data, or even go bankrupt.
But the point I was making was that it was hard for a laymen to decide to avoid using any of the bigtech companies, since so many of the small upstarts are just build on-top of the existing bigtech and aren't forthcoming on if they own the datacentre or if its Azure/Aws etc, so for those who they really did have privacy as their key driver it probably would be easier to self-host, or you have to trust somebody.
The adage that there's no such thing as cloud computing, just somebody else's computer makes sense. If you're that concerned with privacy it's far easier to run your own.
There is very much such a thing as “cloud computing”. The “cloud” isn’t just a bunch of VMs. There is an entire offering on top of the VMs. Your average consumer is not going to spin up a bunch of Linode VMs and create their own backup solutions.
slip of the tongue/keyboard. It was obviously supposed to read "There's no such thing as cloud storage, just somebody else's computer." It's a fairly well known phrase[0][1]. It's even a laptop sticker[2].
And no, they're not going to spin up a VM. They should buy their own NAS and back everything up to that if they care enough about privacy to avoid cloud storage.
Sure, but we're talking about cloud storage here for a laymen, who's hardly likely to know what AWS is, and we're also talking about a laymen who just wants to backing up a file, they're not using thinking about any of that. They just want to put their file on a drive somewhere. I'm arguing that if they care that much about privacy they should back it up to a device they own, and not use on a cloud provider. You're not providing a defence against any of that. You're saying that instead of storing their files on Google's computer they should use Amazons, or Microsofts? Why? If they truly value their own privacy they should back things up to a device they own such as a NAS, and/or a trusted family members NAS.
I've also just seen, which you didn't disclose, that you work at AWS[0]. Not disclosing a vested interest doesn't exactly lend confidence to your impartiality. Either way, I'm still not sure how your argument is a rebuttal to my proposal. SO far it seems to amount to "other cloud providers exist" and "Your mistype wasn't accurate"?
HN should add a [Corp Support] tab, if Google & Co won't create their own support system, let's do it here, and add a dark pattern leaderboard for not replying/acting
I’ve heard great things about Google Domains but this kind of story is exactly why I probably won’t be using that service. It’s just too risky if you lose everything at once.
Honestly: don't upload unencrypted content to anyone, for exactly this reason.
I have cloud backups of family photos, but they're all through restic or rclone with the crypt filter applied. Privacy is about the right to put yourself in context.
For this type of encryption, I think the password could be “password” and that would be good enough. The primary goal is to frustrate automated scans, not targeted brute force attempts.
That's a problem with very easy solutions, considering what's at stake. Use a paperkey, NFC card, smartcard or even a printed data matrix sheet to store the keys and/or password DBs. The reason why all these aren't popular enough is that people don't consider privacy to be important - until something goes seriously wrong, like in this story.
Sorry, 99.99999% of the general population don't know what restic or rclone is. In fact, I won't be surprised if 90% of software engineers have never heard of them. These things aren't really know outside circles like hacker news.
As software engineers and the stewards of modern technology, we have a responsibility to build tools which enable capability for the rest of the people - particularly in the open source world.
People can't run their own encrypted messengers so we have Signal. People should be provided with interfaces, and advocated too, use cloud services for their data in a safe way.
Yeah, the way Google likely ties your accounts all together a wrong decision on any Google account even if not the same account for your domains could end up having all your domains stolen by Google.
What I'd like to know if if they actually deactivate multiple linked accounts when any one of them gets flagged. I have three accounts, one more for personal things, one more professional, and a third one with my current country as a location for getting local apps in the Play Store.
Google knows I am the same person, even though they are different accounts, so are the two other accounts safe when one of the three gets flagged?
As a basic consumer storing somewhat not important things on Google is potentially risky for the content on it but you aren't paying them anything so its probably worth the trade off. For a business or for something you pay for Google's support is atrocious and its not worth the hassle given all the horrendous failure modes it can put you in. One thing Google consistently is teaching people is do not pay them directly as they don't know how to treat their customers.
> Mark spoke with a lawyer about suing Google and how much it might cost.
> “I decided it was probably not worth $7,000,” he said.
I believe it is one of the roots of the problem. How is it even possible that getting justice in court in such a trivial case costs about three months of median income?
Well, it's really not straightforward to know what would be the outcome of such a lawsuit. Google's ToS is one thing but the main point is that random user uploading family photos is not a protected group, so Google refusing service is very much their right. The state usually cannot force otherwise.
unfortunately consumer protection is basically nonexistent in the US. (besides a lot of reporting requirements, that should be streamlined and automatic anyway.)
The real problem here is companies are not cops and should quit acting like cops.
The instant a company has evidence of a possible crime being committed they should be required to hand the evidence over to the police and then take no other action other than preventing distributing it or the like.
This is not just Google's AI goofing up on what constitutes CSAM (and it sounds like given the witch hunt about such things that Google was being reasonable in informing the police), but colleges expelling "rapists" without evidence etc. The accused never gets anything resembling a fair trial but since it's not the government doing it that doesn't matter, there's no repercussions from messing up lives based on completely incompetent investigations.
They may not be cops but they’ve created an enabling technology. They’re also the only ones who could access the data and recognize its potential for abuse. It’s not an easy situation.
But clearly if they’re referring out to law enforcement, they need to close the loop on that and take responsibility when they get it wrong.
This is more than just Google and CSAM. We have a more general problem with companies playing cop--and generally doing a terrible job of it. This case is simply one example of the problem, we should be focusing on the bigger picture.
It's time for the people to decide how they want companies that provide utilities to behave, and time for utility companies to stop telling the people how to behave.
In the olden days, if the AT&T monopoly just cut off phone service to a (convicted in court) pedo, they would get in severe trouble. We the people imposed limits on powerful companies. Even today, with the monopoly split up, this would not be legal. Let alone just deciding on their own initiative to do it.
In this case, a utility provider is cutting off service based on a digital rumor. They are judge, jury, and executioner.
The laws governing telcos were made over a period of 150 years, but most particularly in the 1920s and 1930s.
Google does not fit these laws because they do not charge for them (perhaps this should be made illegal?) and monetize them differently. Also, obviously the services are far beyond simple voice or fax. And yet, they are definitely utilities.
Utility companies must not be politically partisan or active. Mixing those two things is toxic and bad for society. It also is too much of a temptation for politicians to use the implied power of utilities over the people to silence or supress opposition.
If Google wants to be an activist company, then it will need to shed its utilities. If Google wants to provide utilities, then it needs to shut down its activism.
Google's arrogance here is astonishing. The police say no fault, and it's the subject of an NYT investigation, and they still won't restore the account. What hope do the rest of us have?
I've been an Android user for a long time, but I think this might finally push me to switch to Apple. I'm just disgusted by this.
The Eu starting to fine the living daylights out of Google for not allowing people get their data from their account per the new digital gatekeepers act that the big tech has 6 months to comply.
They did it to Microsoft when Microsoft refused to comply with the browser ballot box initiative, saying that it was "technically near impossible". They started fining them 500,000 Eur/day or something. Then Microsoft magically made the ballot box happen within 2 weeks.
Apparently having a "0 tolerance policy" on something means that even when an accusation is proven to be false, you'll still punish the accused. I am disgusted and Google should be ashamed.
You’re right, they’re not comparable: Apple was going to be scanning for CSAM on your device, without the photos even reaching their servers (by uploading a backup, texting a copy, etc). Google, so far as I can tell and as corroborated by the article, doesn’t do that. Apple and Google both already scan anything uploaded to your Photos account for CSAM and report to authorities.
No,Apple's proposal was for only scanning stuff that was being uploaded to their servers. And only matching hashes with known material, not general "nude child!" detection.
While there's problems with that too, it is a better design than what Google does.
As the article states, the scanning only occurred if you had iCloud Photos enabled. From what I recall, it worked like:
1. Use on device ML to scan for child porn before iCloud Photos upload.
2. If not found, issue a cryptographic ticket for iCloud upload and include in upload request.
…the whole point of Apple’s scheme as far as I know was to keep as much of the processing on device as possible while also keeping illegal content off of their cloud servers.
Yeah, Apple was annoying (not even that really, it’s just the idea rather than the actual effect that bothers me), but ultimately fairly benign compared to what Google does.
Also, it looks like a powerful attack vector. Just slip a questionable content onto a victim's phone - and voila, a lot of trouble is under way, probably irreversible.
Google has a responsibility, to a limited degree, to turn over to law enforcement anything that they know about abuse that comes through their system. More likely, the trigger for that is set really low as a corporate CYA and to pass the buck. I can totally see Google's point of view on this: We're providing a free* service to you, we're not going to stick our neck out and risk ANY liability of being blamed of storing/harboring/distributing abusive content... we would rather err way over on the side of insane caution and let law enforcement sort it out.
I'd disagree. The rules seem to be either that you moderate and you're on the hook, or you don't and you're not, and you just need to respond to reported abuse. I personally think it would be better if Google acted like a blind medium; like a mailman. We've seen targeted abuse by employees to others they know, and we've seen anonymous, non-targeted abuse through application of policy, like here, and in all cases, because Google has pioneered a cutting edge zero-support system and also employs a large pile of lawyers, there is absolutely no recourse to be had unless you're famous on twitter or know a Google employee.
This might be the final push I needed to migrate off of Google services. It's been all too convenient to have a one stop shop for everything, but I couldn't imagine my rage if I lost all of my child's pictures because Google decided that the picture of their first bath (no genitals or face in frame) was too risky.
What's recommended for a domain registrar to move my domains over to?
I figure I can probably self-host photo/file backups, move 2FA to Bitwarden, and migrate mail over to a paid Protonmail plan, but who can I trust for domain names? Mostly just for email aliases, but a couple for some hobby websites. GoDaddy can take a hike, and I've used namecheap before but what other options are good/trusted?
Cloudflare does DNS and domain registration. They are subject to US laws but they have been very hands off and pro free speech (too much IMO, protecting abhorrent sites) but that does give more trust in this case.
This highlights the enormous risk depending on Google, and similar service providers, for email, messaging and other important services is. It isn't so much the policies, but the fact that Google will never do anything to help you when they get it wrong.
You are always only one algorithmic fuck-up away from losing access and having to spend days and weeks dealing with the consequences.
I think the only way to deal with this is through regulation. Make it as inconvenient for Google to ignore customers as it is inconvenient for customers to be ignored by their service provider when something goes wrong.
Systemic mistreatment of customers ought to have consequences of existential proportions to a company. There is no societal benefit to companies like Google getting away with behaving this poorly.
The best way to solve this is to DE-regulate. Make Google etc explicitly not responsible for proactively monitoring people's private data and then said data will remain private.
Do you think Google et-al have done a good job of keeping their noses out of your business? In fact, I would challenge you to compare privacy in the EU vs the US.
Opinions on what should be done have more credibility when based in observable reality rather than blind ideology.
> subsequent review of his account turned up a video from six months earlier that Google also considered problematic, of a young child lying in bed with an unclothed woman.
Private and secure are ambiguous terms that mean different things to different people. They're insisting its private and secure because there is some level of privacy and security.
Whether you would consider that private and secure enough, is a different story
> “I decided it was probably not worth $7,000, [to sue Google]” he said.
This is a big part of the problem, technically you have a recourse, but the cost for individuals is a barrier to justice. Organisations have a lot of freedom to act behind the cost to litigate.
Are you located in the US? If so, I would be really concerned, not in this context but about potential violation of HIPPA. All my communication with a doctor's office goes through the "private message" of the office/hospital's website because there are regulations around that. Think about it -- what if she lost her phone and for some reason the phone is unlocked or decrypted by other means?
And even if you are not located in the US, I would recommend that your wife looks up local regulation and considers alternative methods to communicate with patients.
Not in the US, but her patients, friends or acquaintances sometimes send stuff like this out of the blue. Can't really be avoided since it's unsolicited.
I doubt a doctor as the recipient would get in trouble--they have legitimate needs to look at things. And it's not a HIPAA violation if the patient sends it. It's only a HIPAA violation if the doctor sends it insecurely.
You seem to be forgetting who writes the regulations that regulate this stuff.
Less cynically:
I think signal is likely a superior choice from a privacy and usability perspective.
However, I imagine the hospital probably wants the chat logs to be an immutable part of my medical record. That's probably helpful in the case of bogus malpractice suits, for example.
In fairness, state-of-the-art practices store all this data in an enterprise storage array at the hospital (with a remote backup in a colo or something), not on hardware owned by Big Corp.
I think one person is trying to optimize for patient convenience. I strongly feel that this is one of those cases where patients do not think about their privacy for once second.
It’d be more interesting to meet the patients where they are and find some way to securely get those images into a medical file.
AFAIK Telegram only has e2e for secret chats, which has to be enabled on a per-chat basis, doesn't support group chats, and can only be used from a single device (unlike Whatsapp which I can use on both my phone and desktop browser at the same time).
What's actually scary here is that these were newly taken photos; not existing CSAM material flagged by hash value. That means Google is doing real time image recognition on all of your photos. And that means Google has an ML model somewhere trained on millions of pictures of.... yeah this is fucked up.
While historical approaches to finding this content have relied exclusively on matching against hashes of known CSAM, the classifier keeps up with offenders by also targeting content that has not been previously confirmed as CSAM.[1]
I have a larger issue that no one addressed. There has to be some type of special software for the medical profession that allows you to take a picture on your phone that is not stored on your phone and that you send to the doctor.
> There has to be some type of special software for the medical profession that allows you to take a picture on your phone that is not stored on your phone and that you send to the doctor.
No, you shouldn't have to use some special software to take a picture. Taking a photo with your phone's camera app should never trigger an account suspension.
I wouldn’t want private pictures I took just for a doctor to be synced with the cloud provider. It’s not like any of the cloud providers are HIPAA compliant.
The market leader is a system called Epic. It's like the SAP of the medical industry -- universally kind of hated; but it works well enough once set up.
I'm sort of surprised you haven't encountered it yet (and that the people writing responses to your comment haven't either).
Here's a PR piece about their secure video chat feature. (They also support emailing around photos, and the app has a built in camera, but that's old news, and not in their PR blog reel)
A specific medical oriented app. I’ve had a few virtual appointments where they ask me do I have an iPhone for FaceTime. I do. But what do they do for Android users? Which one of the ten soon to be discontinued Google video conferencing apps would the doctor use?
Here’s an American one used in the UK. That had a data breach exposing sensitive images. I won’t ever trust consumer computers for sensitive medical stuff.
I’m not saying health care companies are competent. I am saying at least they have legal obligations to try to keep your information secure. Google has no such obligation.
Besides, there is less likely of a chance that a medical app targeted toward virtual care for babies would be flagging parents for sending pictures of their children to a doctor.
During COVID I had a digital gp appointment. It was specifically about some skin issues which is obviously difficult to communicate over a phone call.
They required me to send them photos to the receptionist over plain email - I complied because they weren't particularly sensitive parts of my body however it did make me mad that this was their system for dealing with sensitive health data
I have had a few appointments where they didn't ask me about what device I wanted to use at all, just send me a webex link and had me join in a browser.
I’ve heard too many things about how non existent Google’s customer service is to ever trust them for anything critical. You hardly ever hear stories like this from any of the other big tech companies. I’m excluding FB, because I don’t care about FB enough.
So I can walk into one of 272 Google Stores in the US and talk to a real person about any Google product I pay for like I can with Apple?
I can depend on Google to support a Google branded phone I bought in 2013 with security updates 8 years later like an iPhone 5s user could or with operating system updates for a phone I bought in 2015?
The original poster couldn’t get anyone on the line about a Google account. You can call an Apple CSR about an iCloud issue.
Reporting the images to law enforcement is good. There should be a human in the loop to separate medical images from exploitative ones.
Perma-deleting his account on an automated accusation is bad. That should hinge on, at minimum, law enforcement's decision to charge a crime. [Edit: unless the criminality of the images is obvious - again, a human needs to be in the loop.]
> There should be a human in the loop to separate medical images from exploitative ones.
No, there really should not. I would not want a facebook employee to look at my pictures. I don't use their services, but the thought is pretty off-putting. The idea that these companies have to police content is what is wrong.
There are other ways to get to offenders here. An environment that takes good care of kids will spot it. Not some poor fella that needs to look at private images.
Perma-deleting the account is destruction of evidence, so even if the criminality is obvious, an account lock makes more sense.
Even an account lock is probably a bad idea; it alerts the pedophile that they're under investigation, allowing them to destroy evidence, cut ties with coconspirators, etc.
Best to let law enforcement deal with it. In this case, assuming it somehow went to trial, the jury would almost certainly acquit, and the account would be restored.
There is the matter of the accused losing access to the account while the case was active though. That's potentially a big deal.
> “I decided it was probably not worth $7,000,” he said.
lol. Missing 4 zeros there.
Part of the reason for the brazen actions of companies like Google is that their substantial financial means and legal department sizes grant them a substantial degree of immunity to judicial review.
Also some execs behind bars won't be a bad idea.
Granted that mistakes do happen, but when they don't resolve it in a timely manner, punishment is fair.
Addendum : I don't know if companies have a govt imposed rule to report porn, in that case I'd say the root cause is the govt, not the company. Of course if the root cause is govt, and even more root cause is people themselves. People collectively generally get the govt they deserve...
> I don't know if companies have a govt imposed rule to report porn
In the US there isn't and generally cannot be a government requirement to search the customer's data. If there were, the provider would effectively acting as an agent of the government and the customer would enjoy 4th amendment protection of their privacy (absent a warrant or other, similarly targeted and justified reason).
Unfortunately, there is a bit of a wink-nod situation going on where the government quietly pressures companies to engage in these activities "voluntarily" -- in exchange for varrious forms of preferential treatment and refraining from enforcing other regulations -- and in court when a target attempts to present 4th amendment defenses everyone pretends (and testifies) that the provider was searching the customers private files of their own volition and not on the government's behalf.
In this game neither the provider nor the governments hands are clean because they are both conspiring to undermine the constitutional rights of the public.
It's long past time to break up every last Google server into fine dust particles, to be buried in a deep mineshaft with "this is not a place of honor" style warnings placed above.
controversial opinion: as much as everybody knows that China isn't exactly championing the western way of life and western democratic standards, I keep my private files in a Chinese cloud (backups are kept private in a NAS in my house).
Why?
Because they are not in contact with our authorities and, frankly, the chances my private files will be of any interest for Chinese authorities are close to zero.
Not that I have nothing in particular to hide, but as this example proves once again, if life damaging mistakes can happen, they will happen.
In a recent comment thread I noted that my father’s generation went from fighting a bitter war with Vietnam to Apple building MacBooks there. My grandfather landed on D-Day and drove Volkswagen Beetles for most of his life.
None of us know what will happen in the future. China could become a close ally. They’re already an existential economic partner.
The only path to real privacy is personal sovereignty. If you don’t control the data it is public. Period.
I am your of the same generation of your father...
My grandfather was already 40 years old when D-Day landed.
> None of us know what will happen in the future
It's safe to assume that it doesn't matter.
You could die tomorrow, so why are you worrying?
> If you don’t control the data it is public
Unless the network is firewalled by Chinese government...
Safety is not about paranoia, but about layers.
car alarms aren't there to make it impossible to steal your car, but only to make it inconvenient for the thief and convince them to steal someone else's car.
> Because they are not in contact with our authorities and, frankly, the chances my private files will be of any interest for Chinese authorities are close to zero.
The problems that befell the fellow in this story were not due to Google being in contact with the authorities. The authorities unobtrusively investigated, determined that the reports were false positives, and closed the case.
If all Google had done was contact authorities he would have never even known that he was investigated, and there would have been no impact at all on his life.
China has bans in most of the same categories that the US and other western countries do, but typically broader (e.g., they broadly ban pornography). If ISPs there are on the lookout for things China bans you are probably more likely to have a false positive there than with a western ISP.
The question then is a Chinese ISP more likely to overreact on a false positive than a western ISP? I believe China is more likely to hold a business responsible for the bad acts of that businesses customers, which I expect would lead to Chinese businesses being more likely to overreact.
This is the same situation with "private" search engines.
Your search query is ironically less likely to be shared with government if you are using Yandex, than with DuckDuckGo that is hosted by Microsoft (before it was even Amazon).
At least is an entire Country that will blackmail me, must think I am really important, not some rando that hacked iCloud to find celebrities boobs and post them online...
> Just encrypt your data rclone would do that.
yeah, but rclone is an offline backup, basically.
cloud storage is for when you need immediate access and search capabilities.
Maybe not you specificially, but for example in the U.S., there are over three million people with security clearances. That's a large pool for an adversary to choose from. Maybe all an adversary needs for one particular mission is to identify a janitor at a facility, go through some of their content to find a nude selfie that they might be embarrased if their family saw, and the adversary says, it would be a shame if your friends, family, and coworkers saw this, just prop open this door, it's just a door...
And there are a million more people who don't have security clearances and work at companies such as Alphabet, Meta, a datacenter, Boeing, etc.
> Maybe not you specificially, but for example in the U.S., there are over three million people with security clearances
it's private files, not secret state information.
things like my address book, SMS (mostly inbound alerts, nobody sends them anymore), WhatsApp backups (which are encrypted) or pictures I took with the phone's camera, nothing compromising.
Exactly, which for some people contains content that you could blackmail them with.
> pictures I took with the phone's camera
I'm glad you don't take nude selfies, or cheat on your spouse through SMS, etc; but others do, and that potentially makes them susceptible to blackmail.
What if, instead of money, the blackmailers asked Jeff Bezos for access to some AWS servers. He most likely is not the only CEO that took nude selfies and can grant access to sensitive areas. What if, it was pictures/information from before someone knew any better, had access, or were famous.
You mean like that time when the NSA got Yahoo's CEO, Marissa Mayer, to bypass multiple legally-mandated data access controls and deploy an email scanner over the objections of senior leadership?
I'm glad you're not blackmailable. Many people are. It's a national security threat for people with secrets to have those secrets compromised by a foreign power. E.g. it's discovered that someone working with classified information is having an affair. Big vulnerability there if a foreign government happens to have access to what goes on with a dating app.
Please explain why this is different from traveling to any other country.
I haven't been to the US since they made it legal for custom officers to search travelers' personal electronics without a warrant and deny entry if you refuse, because, thanks but no thanks.
> Criticize the US President all you like on every social network: not a problem.
given that this [1] already happened in my country, and also this [2] also happened (just to name a couple) and nobody paid, that there are 13,000 American soldiers on my Country's soil and that this [3] man has been POTUS and is probably running again for election, I wouldn't say "not a problem".
US could reach me at my house if they wanted to, OTOH PRC can't do much.
Here's an example of a chinese Univerity of Minnesota grad student that tweeted Winnie the Pooh (among other things) while in the US, and was later imprisoned in China for it:
I don't support China methods, but mocking the president of your country in public, from abroad, when you know what your Country is is capable of is not a smart move, ever.
It happens everywhere, different solutions, same goal: censorship and setting an example.
IIRC both Cambodia (2012) and Thailand (2014) extradited TPB founders. Thailand case was already convicted for "aiding copyright infringement" (ie. pissing off a cabal of private companies) and had skipped bail, nabbed crossing inbound from Laos. Cambodia case was unconvicted and the countries had no extradition treaty, but they nabbed him anyway. Possibly because of alleged Wikileaks affiliation. Democracy in action.
That's an incredibly bad idea, you are exposing yourself to a lot more risk, than using a western cloud.
They are not in contact with our authorities, until they decide they want to. It's not like you are a Chinese factory owner making counterfeit wranglers, I doubt they would deny any kind of request from a western government about a westerner.
Your access to the service is also under risk, at any time there could be a breakdown of relations leaving you unable to pay for the service, that would have happened already, if you had chosen Russia instead of China.
Your behavior also looks suspicious to the western intelligence apparatus. Sending potentially terabytes to Chinese servers as a private individual may very well put you on their radar.
As others have noted you are setting yourself up as a prime candidate for an intelligence asset, they could at any point blackmail you to perform any action they want.
With what would they blackmail you? The terrabytes of CSAM they could at any point plant in your account. Do you think they would be above doing that, if they had anything to gain and were aware that you exist? Or do you think your Chinese provider would require a court order to give you up? Your entire bet is that they don't know that you exist.
My main point as advice to others mostly is you shouldn't put your self in the hands of your adversary.
I don't even know how you trust their software to run on your system.
TBH my worry in this sort of setup is China cutting you off. Say tensions increase and the CCP throws down a decree that says all Chinese sites must block themselves from being reached by the US/Western Countries.
Given this story, you’d expect Google to make a yearly report saying that they successfully threw X number of pedophiles off their services, and the FBI convicted Y% of them. You’d think it would be something they and the government would love to crow about. But they don’t. Why?
> A Google spokeswoman said the company stands by its decisions, even though law enforcement cleared the two men.
Wow. Just wow. This is worse than the usual Google's automated screw-ups. In this case, Google was notified of the issue by the NYT. Yet they actively chose to continue to screw over their victims just because they can.
> In a statement, Google said, “Child sexual abuse material is abhorrent and we’re committed to preventing the spread of it on our platforms.”
Just how tone deaf can Google be, continuing to treat these innocent folks as criminals in this passive aggressive statement even after being proven wrong? Do these people have no empathy at all?
I suppose it’s defensive behavior. If they admit their mistake now then they could potentially be liable for the damages caused by their mistake years ago. Now any lawsuit would need to determine if there was an error and harm instead of just quantifying the harm.
I’d like to contribute to a crowdsource fund to prosecute cases like this.
When I was a kid the Comic Book Legal Defense Fund [0] was set up to pay for lawyers to defend comic book stores that were being targeted by over eager police departments and civil suits.
Maybe something like the Google is an Asshole Legal Defense Fund could collect donations. The article mentions $7000 as the cost to prosecute this persons case. Crowdsourcing can help with that.
I am not saying it is right, but to a large degree this is the cost that some of us 'pay' for millions having 'free' Gmail/GDrive etc. Fully automated processes that close accounts, no due process to get them timely reinstated when the machine made an error.
You are correct, if they admit a mistake here, it will open the doors to lots of claims. I sometimes think they could a lot of people to pay for the service (with $ not just having their digital lives being harvested) if they knew to be treated better when something like this happens.
The question everyone needs to ask themselves, if Google closed your account right now, for good - what would that do to your life...
7000$ is a pitance. Maybe this case is simple, but many will not be. Say they raid a house and confiscate a hard drive. Encrypted or not, that is going to be a huge thing. Arguments will be made about whether anything incriminating was stored on that drive. Just google the cost of a forensic expert witness. Both sides will need one.
Such costs are actually why so many police agencies are backing off of CP investigations. They still prosecute where evidence is clear, such as when someone emails such material openly, but they arent willing to invest the tens and hundreds of thousands of dollars necessary to handle the complex cases involving encrypted communication/storage. 7000$ would be a bare minimum for only the simplest of legal defenses in the simplest of cases.
Which to be fair, the guy lives in San Francisco. It isn't that hard to file a small claims case. I understand that there may be some legal nuisances involved, but just getting the attention of the legal review team that will have to show up to defend the case is usually enough to get them to evaluate a matter beyond the algorithms. I don't think it is fair, but is much quicker and cheaper $7,000.
What would be sought is return of property which small claims courts do have the power to enforce. A case trying to change the laws to force a company to provide services to you against their choice, with some exceptions for discrimination due to protected classes, would easily cost millions and is pretty much dead in the water from the get go. If the property value is assessed to be more than $10,000 then by all means seek relief in another court but note Google wouldn't be able to have a lawyer represent them in small claims..
If Google has to choose between sending an executive to small claims to defend the company without representation or try to resolve a dispute via settlement, they are likely to try to resolve it via settlement which is the type of relief this individual appears to be seeking.
I don't see any information about this team of non-lawyer legal experts when doing a quick search, but regardless non-lawyers with legal training are usually still pretty expensive. Again, they are much more willing to listen and actually try to resolve an issue than first-response algorithm defenders. Most small claims even require mediation before trial, so if you don't get it settled before then you can just request dismissal without prejudice.
He could probably find a lawyer willing to take the case on contingency. A jury might decide that he deserves millions in punitive damages and courts are probably the only way to force a human at google to provide support.
You've got that switched around. No charges were filed against him. So he would have to commence a suit against Google. Google would be the defendant and he would be the plaintiff prosecuting a claim.
The article mentions two independent instances of this process within Google, where appeal is not possible even with a police report that completely exonerates the suspect.
It sounds to me as if a class action lawsuit is the most appropriate remedy for the unfortunates who are caught in this predicament. Their only problem is finding each other.
For the rest of us, it is unwise to use cloud storage for photos, for several reasons.
They don’t block CSAM because “it’s illegal” - in fact, they can’t be forced to do it without it breaking your 4th amendment rights. Instead, all CSAM reporting and blocking is done at-will by these companies, and some don’t participate (Apple[0]), so it’s a policy decision by these companies.
I imagine unblocking someone due to them being exonerated by a government entity is legally risky - perhaps doing so would be considered enough proof/evidence to deem the entire CSAM scanning practice as a search/seizure at the request of the government.
0: https://www.hackerfactor.com/blog/index.php?/archives/929-On... • “ According to NCMEC, I submitted 608 reports to NCMEC in 2019, and 523 reports in 2020. In those same years, Apple submitted 205 and 265 reports (respectively). It isn't that Apple doesn't receive more picture than my service, or that they don't have more CP than I receive. Rather, it's that they don't seem to notice and therefore, don't report.”
With FOSTA/SESTA, Congress found what appears to be a highly effective 1st/4th amendment bypass: companies do not receive section 230 immunity for “sex trafficking” material. The government doesn’t say “thou shalt delete,” it just makes companies civilly liable for whatever happens on their platforms, which could be a death sentence at their scale. This has been overwhelmingly effective at censoring anything that even looks like sex work, no matter how consensual. If the intent was to continue protecting human trafficking cartels from modern competition while proving a viable means of censorship, it has been overwhelmingly effective.
EARN IT threatens to expand this to CSAM. Meanwhile, anti-CSAM legislation continues to develop in other jurisdictions, and being global entities big tech companies are exposed to that risk. Hence why Apple published explicit plans to actively scan (albeit locally on-device and with creative use of cryptography to soften the blow) for CSAM on their devices, and integrate with NCMEC. They’ve shelved this for now, but made it clear that they’re not done with this concept.
Big tech dreads the loss of their liability shield, and these measures are an attempt to stay ahead of the policymakers. It’s not as free a choice as it may appear, and the federal government does not appear restrained by the constitution here.
I’d hazard to guess that the nuance is how they process data.
Google actively inspects and analyzes data, and does so with their cloud services. Microsoft does as well. They have a reasonable means to know that a user has problematic content. Other services that sync but don’t process data do not.
In many US states, you are legally compelled to report child abuse and are subject to criminal sanction. In New Jersey it’s a misdemeanor for anyone who fails to report child abuse. In New York, mandated reporters are compelled to report and have criminal and unlimited civil liability if they do not (and immunity from liability if they do).
For a company like Google or Microsoft, the risk assessment is very complex and the smart, and arguably the morally righteous move is to report.
This isn’t Google being “evil” just incompetent. During their entire history, they’ve had one successful product - advertising.
No Android has not been a financial success. It came out in the Oracle trial that Android had only made Google $27 Billion in profit from its inception through the trial start date.
For comparison, Google pays Apple a reported $14 Billion a year to be the default search engine on iOS devices. Apple makes more in mobile from Google than Google makes from Android.
Android has immeasurable value, by way of ensuring Google didn't get locked out of the mobile ecosystem. What happens to Chrome's market share without being a default on one of the most used operating systems in the world? How about Google's traffic data for Google Maps without billions of devices they own reporting in every 60 seconds?
Android's value may not be easy to measure, but it's worth in building and maintaining Google's moat positively boggles the mind.
Google is locked out the ecosystem of people who actually have money to spend. How else do you explain how they are willing to pay a competitor $14 billion+ a year?
It doesn’t matter that Android is running on a bunch of $100 phones where they are getting a low ARPU. The Oracle trial showed how little profit came from Android.
Who do you think business would rather target iPhone users or Android users?
> How else do you explain how they are willing to pay a competitor $14 billion+ a year?
Obvious that they have more than >14B+ value extracted out of their competitor's ecosystem per year? I am not sure if you are aware of this or not but when Apple screwed FB with all the anti-tracking changes, there was one notable exception - the browser. Guess who benefited the most? All the ad dollars, which used to be spent on FB and other user-targeting based ad products, are now being diverted to search ads. Just read Google's earnings report - YT revenue declined while Search Ads revenue shot up.
> Who do you think business would rather target iPhone users or Android users?
Think 2-3 steps ahead. How do businesses target users? Via ads in a significant way. If they cannot target iPhone users anymore based on user data, what do you think they will use instead? The next best thing they know - Search Ads. Btw this is why you will Apple and Amazon's ad revenue surging as well.
What I am saying that it is at most a Pyrrhic victory that Google only managed to statistical capture the 30% poorest demographic and still has to pay its competitor to keep from being locked out of being able to reach the highest income demographic.
On top of that, Google doesn’t even compete in the worlds largest cellphone market - China. Sure most phones run “Android”. But without any Google services.
I have money to spend. What's your suggestion as an alternative to Android that isn't an Apple product (something I have no desire to have any more of in my life)?
Google has never been focused on the end user like Apple, Microsoft and Amazon. All three of them live and die by customer service. But Google could care less about the end user.
Microsoft has never cared about end users either. They of course focused on them, but only as far as how much money they could extract, and that didn't mean keeping them happy. The customers were locked-in to their monopoly OS, so why would they care about customer happiness?
To be fair, users of many internet services exposed themselves. The warnings about that were loud and clear. I don't know if using their free service counts as a formal business relationship, that might make recourse more difficult. I think the service provider has the right to close any and all relationships unilaterally.
Could you please stop posting unsubstantive comments to Hacker News? You've been doing it a lot and we ban that sort of account because we're trying for a different sort of forum here.
What's the incentive for Google to EVER give the accounts back? If they wrongly deactivate an account (like here), you get a bad article, EFF and friends ruminate about your behavior, and the world mostly moves on.
If Google wrongly gives an account back, you get a different article: "Google helped child pornographer even after discovering CP in their account". Now that gets attention. That's a scandal that leads to political action, criminal charges, etc.
To be clear, I'm not advocating for how Google behaves. They're a lot more like a utility and probably should be treated like one (alongside the protections and requirements that come of a utility, you don't hear "eletric company stopped serving house since man suspect of CP lives there").
For the responses saying "Well the police cleared them", again I don't disagree. But if you're an executive making this decision you're thinking:
1. We never give back an account in this case and avoid the massive downside risk
2. We go through a lot of work to design a process that will impact a marginal portion of customers and really really hope nobody manages to social engineer themselves past, and pray that no enterprising news outlet/politician tries to make the "Google helped CP person recover their CP story" - they already have a target on their back.
In what world would Google receive criticism for giving back accounts to people who has been proven innocent?
Google's surveillance system and automated ban hammers are already bad enough. But the actions they took following the ban in this case is egregious and 100% indefensible. At the very least, Google could've reinstated their victim's account and issued a full sincere apology upon being contacted by the NYT. If Google has any care for their users, they'd do that for every people they wrongly reported who had their names cleared. Instead, Google doubled down, continued to treat their victims as criminals in their statement, and even leaked details about intimate photos in a blatant attempt to discredit the users they wronged.
No parent should ever have to go through what Google has put them through when trying to cure their child. Most of all, they should never have to risk losing custody of their child because their child went sick. They should never lose access to their whole digital identity because they didn't know any better than to rely on Google. Yet this is what Google did to these parents, full stop.
>> If Google has any care for their users, they'd do that for every people they wrongly reported that had their names cleared. Instead, Google doubled down, continued to treat their victims as criminals in their statement, and even leaked details about intimate photos in a blatant attempt to discredit the users they wronged.
Google's users are advertisers. Ordinary people are data sources and ad viewers. Android phones and Chrome are for collecting data about people and showing them ads.
Google doesn't care about losing two data sources and ad viewers.
I edited my comment on this point and largely I agree, but as far as anyone in Google's position is concerned:
1. This is a rare edge case with asymmetric risk and an easy way to avoid said
2. A single failure could be catastrophic
3. No process is perfect especially in the face of someone actively trying to thwart it
You could try really hard to make sure it's not attackable and pray, for little benefit to Google. Or just tell people "too bad, you're on your own".
Even if this processes was assuredly bulletproof,
> In what world would Google receive criticism for giving back accounts to people who has been proven innocent?
The sort of drivel/clickbait that gets published to 'make a good story' is astounding. Or politicians, not known for honesty, could totally play this up if their base has an axe to grind against Google.
No giant corporation (especially publicly traded) is going to take such risks to revive a few wrongfully terminated email/photo accounts unless they have an obligation to (i.e. should Google be a utility). Their responsibilities aren't to be nice, or act in a good way, but to protect their profits. To the extent that I've seen corporations 'act nice' it's largely been to benefit their own employees or pursue some pet cause of an executive.
(Your use of "full stop" suggests you're not American either - so I'll rephrase, "is proven innocent a thing in any English speaking country"? I actually don't know...)
If due process was followed, and the police / state exonerated the parents, I don’t think anyone would blame Google for reactivating the accounts. They’d blame the police or whatever flawed exoneration process was used.
At least, that’s what I’d hope.
Google here looks even worse than I thought possible, and I’m a de-Googled, anti-fan, so I already had a very dim view of them.
What if the police don't feel it's interesting enough yet (or don't have funds) to investigate and put things on the backburner for lack of resources? Similar to the mountains of unprocessed rape kits.
These are interesting cases but it seems like they happen to be ones where the police bothered do anything.
Employees of this office are very small and delicate, deserve protection from local pervs. Better a thousand innocent men are locked up than one guilty man roam free.
Google is not anything like a “utility”. A utility has a natural monopoly because of the effort, expense and disruption that is required to lay down the infrastructure and the need for scale. There is no product that Google has that you can’t and shouldn’t pay for a competitors product.
With the flick of a switch, they can deploy this technology to a global scale and way beyond protecting children. Imagine the feature propagating to their Chrome browser or their smart speakers "listening in" on what's happening in your home to "prevent" crimes by sending the cops whenever you raise your voice or say "the wrong things." This kind of power should not be in the hands of a single company.
Unfortunately prisons, which are increasingly private for-profit enterprises, will continue to exist. Think about it: if you're banned from google, how will your body continue to generate revenue?
What makes you think the body is useful? Robots will be able to do everything better, and if not, there'll be no shortage of labour. The body is mostly a cost center. If we strip down the human to a mind in a box it's so much cheaper (and no need for guards either!).
Well, you are correct in the sense that only the consciousness needs to be incarcerated in order to sustain the profit model, but:
(a) compute cost for uploaded brains is probably more than the cost for the pig slop and water/sewer bills of current model. Recall that prisons right now almost never have AC. If you're going away from corpses, you'll have to pay for that.
(b) Cost of caring for the physical body has pretty much been solved by the markets. The customer has a social network that sends money in and pays transfer fees. This network also pays per call and email. Then the customer purchases food and clothing at monopoly prices, since... it's a captive market! Just imagine the ARR hit when people stop eating.
Of course, uploading wastes precious computing resources. Which is why I was considering not uploading them, just keeping a brain in a vat. We can still charge them for nutrients, calls and VR time, but avoid all those pesky bodily costs.
Reminds me of another "Social Media Corp Gone Bizarrely Crazy" plot that I read recently, The This, by Adam Roberts. You won't anticipate how Crazy the social corp in question goes till you're halfway.
And you can’t even escape these companies by moving to another country. They have their tendrils everywhere, except in places that consciously prevent them - which is usually done by even worse tyrannies like China/Russia.
Always makes me laugh when I see employees of Google, Amazon etc. claiming to be “anti-fascist” and “standing in solidarity with the common man” etc etc…
>Always makes me laugh when I see employees of Google, Amazon etc. claiming to be “anti-fascist” and “standing in solidarity with the common man” etc etc…
Having had the pleasure of sharing the elevator with said individuals in shared office buildings the "common man" part almost made me lose my coffee.
Yeah, it is obvious from all of Googles actions they have lost the script. We are a long way from the don’t be “evil mantra” and “let’s do this for humanity!”
I really wish it wasn’t so, but when your company serves the advertiser you aren’t serving humanity. The balance is off and which each passing year it isn’t getting better.
I can't fault them too badly for that. I consider myself personally against the horrors that go into gathering the constituent materials for, and the assembly of, computers. This position co-exists with the fact that I, like most others here, derive the majority of my livelihood from Doing Things With Computers, which wouldn't be possible without the computers themselves, which wouldn't be possible without the horrors.
Worse still, I live a provably better life than those of my peers whose youth did not, for whatever reason, revolve around Doing Things With Computers, let alone the far-flung people whose labour provides me with the computers on which I do those profitable things.
And you can’t even escape these companies by moving to another country.
In my personal view the internet became one big country with overlapping laws and government policies and collusion by corporations. Ever so often I use google to see what search results they can muster but otherwise I don't use cloud storage and do not find myself depending on google. For email I try to teach my friends how to use Thunderbird so they can click a button and their email is mostly GPG encrypted.
If I wanted to share files with someone that will not fit in that GPG encrypted email then I plonk them down on a mini-PC or a VM and share them over HTTPS with cache-control headers to reduce risk of file caches or SFTP with authentication. This is just my own preference and I am a stodgy cranky old bastard but if someone decides that basic auth is too much friction then it was not important for them to receive the files. I implement my own data retention and destruction policies. How my doctor or lawyer decides to store the files is up to them. I can only hope they are wise enough to not store things on their fondle-slab. An intelligent doctor should be able to handle basic authentication and/or be able to follow simple instructions for creating and sharing a GPG public key with me.
Or I could just snail-mail them an encrypted USB drive, however a GPG encrypted email should suffice for sending a few little images to a doctor. Some will bring up rubber hoses and wrenches but there are mitigations for such things. Some might even want legislation to to bandage these dark patterns but experience has taught me to not trust that corporations would be held to account at the same level and standards as citizens.
Well not in all countries. In my country you are required to receive electronic messages from the government as well as to have a government issued ID and authentication system that forces you to have a fairly recent smartphone. For now, it is theoretically possible to use the authentication system without a smartphone but you will have to jump through an awful amount of (artificially imposed) hoops.
Not having an internet connection is NOT an option.
There is a legal process to get a special permit to avoid having to use these state mandated electronic systems but it is almost only theoretically in that you will need to have a doctor's note saying that you are unable to use such systems. E.g., by suffering by severe dementia or similar.
I'm not sure about OP, but here in Iceland having a smartphone with electronic ID built into it is not TECHNICALLY a requirement but life can be very difficult without it. It is the de-facto identification system used by every government service and banking institution.
Afaik mandatory government-provided mailbox is in Czech republic ("datovka") and Slovakia, at least for some parts of population (like enterpreneurs, lawyers, other professions that communicate with state institutions), with general mandatory use coming soon.
They serve the fiction of confirmed mail delivery. If you don't pick it up from this mailbox, it is considered delivered anyway and your problem, if you miss something here.
Governments have accessibility obligations and so their key services should absolutely be usable with something like Chromium/Linux. And it definitely shouldn't be more onerous than using a smartphone.
It is the portal for Slovak republic. You are supposed to have your national ID card, which is a smart card. To use it, you need a smartcard reader and an application, which basically listens on localhost and is kind of a intermediate between your browser, the pages than need authentication and the department of state, which handles IAM.
That application runs on Windows, Mac and Debian (9,10)/Ubuntu (18.04,20.04)/Mint (19.20) (it is not open source). Other distributions are not supported, forget ChromeOS.
It is quite onerous. You have to enter your PIN for smartcard about four times, before you see the content of the inbox.
In some cases Google can only be avoided at a potentially life altering personal cost. Consider how many government services use reCAPTCHA, and what it means to have no access or delayed access to these services.
Elderly and marginalized people do suffer because of restricted access to online services. People who cannot access the web and its services are at an obvious disadvantage in life, and that sometimes can have severe consequences.
> This would mean that elderly people are also excluded from these services.
Having helped my 92 years old grandmother sorting out her tax returns on the government’s website, I can confirm that this is exactly what it means. And it’s the only practical way of communicating with the administration. Most local branches have been closed to the public, and the phone lines are congested all day (and cut you off after one hour waiting, which is always fun).
Often jobs like those have open houses, especially in todays hiring market. However, as you note, it’s common for follow up and hiring to require, or be much easier with online paperwork.
As someone who's in college and looking/lookedfor internships to do over the summer, postal is literally not an option anymore. Companies will not offer a mailing address to their hiring team at all, and if you send something via mail they will simply not look at it. Also, post-pandemic, most interviews are done via Zoom, so how are you going to do that then? Even if you're in the same area as the company you're applying in, they just will not let you into the building.
New York City, and I don't think it's bad. The effort it takes for me to apply to jobs, and conversely, to approve/reject applicants (according to other people that I've talked to) is easier than having to sort through a ton of junk mail.
People on Hacker News like to propose "just use low-tech!" or "just self host!" often and I don't get how that's a solution. I _could_ spend hours of my day printing out and mailing my resume to companies (if they allowed me to) and waiting days-weeks for my response _after_ they made their decision (during which time I still have to pay bills and have no job) or I could apply with one button on Linkedin and get my response back instantly. It just saves so much time.
Others will say that that's a small price to pay to retain my freedom, which might be true. But what's not true is the other qualities of life that internet and big data affords me. If I don't have instagram or snapchat I literally lose all spontaneous contact with my friends and family. Sure, I _could_ mail them a letter, but with the delay in communication a lot of the intimacy is lost, and we would truthfully just talk a lot less. This, along with a lot of other problems (how do I contact my professor for help after class? go to their house?). Combined with the fact that I would have to be _extremely_ thorough and make sure that my data is scrubbed from all of Facebook/Google/Twitter/Whatever and it's subcompanies, it's just not a real solution. It's actually really annoying that so many are content with infeasible individual solutions instead of advocating for things like pushing against the EARN IT act or the like. I shouldn't have to have a computer science or cyber security degree to be private online - it should be done for me by the government. I don't know what the fuck is in that vaccine (or any medicine I take for that matter) but I can trust that it does me good because of regulations.
It is funny how some consider the internet synonymous with Google and the other big players. You don't need to use Google and the others at all these days. So many alternatives abound. The problem seems to be awareness of them. Ask me anything.
What if I use Huawei phone, which is banned from using Google services? Obviously, China will have all my info, but they can't (yet) ban me from boarding US trains for low social rating, so what do I care?
You never know when Huawei or China will start doing something similar. You could do better and not have your data sitting with any corporate or government entity. I love my private Nextcloud running on a Raspberry PI. It syncs all contacts, calendar, files, bookmarks, tasks, notes, phone location, and much for may family's degoogled phones and PC's. Own your data and systems.
If only that were the normal … But we've now allowed multiple generations to be trained by the "big" ISPs to believe that we're not a part of the Internet, but simply consumers of it. Back in "the old days" most people who used the Internet were fully aware that their Internet connection made them a node on the Internet and that they had the ability and right to run personal or even public services on their Internet connection. These days, people don't think that way anymore. It's just a service to be consumed, like television, and apparently it would not exist at all without so much advertising that you often cannot even see the content of a web page at all without an ad-blocker.
If the government allows them to become a virtual monopoly/ doupoly, then it's possible one could see the abuses as indirectly government sanctioned. At least in so far that the company has integrated automatically with the law enforcement flow and that integration has flaws that will lead to the same sort of undesirable ham-fisted authoritarian enforcement. It also allows the government bypass search restrictions by simply buying your data.
So perhaps fascism doesn't fit perfectly, but it's pretty damn close in my opinion (especially if you use definition 3 by Wordnik "Oppressive, dictatorial control").
>So perhaps fascism doesn't fit perfectly, but it's pretty damn close in my opinion (especially if you use definition 3 by Wordnik "Oppressive, dictatorial control")
Few to none of the loudest users of “fascist” describe Cuba, Venezuela, or China with the term according this definition. Can only conclude the definition is given in bad faith, and used by people with a silent exception for “states and organizations I find ideologically appealing.”
Anti-trust laws are enforced by the state, which is a legitimate concentration of power.
Unfortunately the state has dropped the ball about anti-trust, thanks to stupid economic theories from the Chicago School of Dumbfuckery. Those are the main culprits for the shit we're in.
So we should shame all the users of Google products, in this case? I'm not sure that shame really works like that and especially when (I assume) there are billions of people using the same products. There's a somewhat lower number of entities controlling the company -- maybe a more effective target.
Plot twist: (maybe) Xyz is (not) an (un)ethical company, so we should establish some sort of authority on ethics with a malleable but firm framework to guide the consistent -- and proportional to the unethics in question -- application of shame to the people using the products.
Google isn't a government entity, it's a private company. Had there been more restrictions on what tech corporations (and corporations as a whole) could do, power could have been limited by the concentrated power of government. The issue here is that Google can dictate how we live our lives so heavily without any of its users having a say on how Google and its services should be run. The promotion of Laissez-faire capitalism here in the US promoted Google's growth into it's current position.
One option is that companies with sufficiently widespread services can't close your account or block you without due process. And restrict the ability of a ban to spread between services of such a company.
Anti-trust laws, regulation on how to handle criminal activity on their platform (transfer detected pornography cases to law enforcement and allow them to decide what to do with the person and its related accounts. Google should not be handling something like this), and other privacy laws? I don't get why you tried to make this gotcha, this isn't a stretch by any imagination - the auto industry is incredibly regulated in the US and that's working well. Or just look at the privacy laws in the EU.
I’m looking at the 99 section 11 chapter privacy laws. How has that affected Google, Facebook etc?
We know what effect affective privacy policies have - the ten line policy change on Apple App Store has caused all of the ad supported platforms to announce falling revenue. The GDPR has only caused cookie pop ups.
At least to me, it seems quite appropriate to characterize the autocratic merging of government and corporate power as "fascism". Yes, it's missing some specific trappings of the original fascists, but definitions adapt and widen over time.
In fascism 1.0, singular authority vested with the head of government who then subjugated every other institution under the government. In fascism 2.0, power consolidates from the bottom up as corporations weave themselves into our individual lives, merge and collude with each other, and expand their scope in a way that subsumes existing institutions including the existing government.
It's not the same, but it rhymes. Each version seems to be heading towards a similar end state, but coming at it from a different direction. The distinction seems to be the same distinction as between totalitarianism and inverted totalitarianism. Maybe we should call it inverted fascism?
That seems more fitting. Authoritarian seems also very fitting and fits the definition of limiting options for civilians in favour of the state/or it’s organisation.
Moreover, there is evidence that Google (along with Twitter and Facebook) frequently take actions to suppress opposing views on behalf of, and in collusion with, one side of the US government, including removal of information from one side and amplification of misinformation from the other.
In some cases, it conforms more to classical fascism than many realize.
That said, in this particular case, I’m still not sure it applies.
When it comes to stopping the distribution of child abuse material, there’s no reason to believe that anyone’s acting in bad faith. We can certainly see where they have everything needed to do so (access to people’s personal data, ability to mobilize law enforcement, and a relationship with government that is amenable to suppressing criticism as “dangerous”).
But in this specific case and others like it, we actually see that law enforcement did their job - they did not overreact, they investigated as appropriate, and nobody was charged.
Google continuing to be a dick about it and holding someone’s account hostage isn’t exactly fascism yet, but it is a great demonstration to people how easily big tech can become weapons of fascism, and why it’s important to opt out of centralized big tech (while they still have the chance), to discourage public/private collusion, and reason to support efforts to keep their powers in check, the same as they would any government.
> Moreover, there is evidence that Google (along with Twitter and Facebook) frequently take actions to suppress opposing views on behalf of, and in collusion with, one side of the US government, including removal of information from one side and amplification of misinformation from the other.
This is a highly loaded paradigm, carrying an extremely misleading framing. From my perspective, US corporations and US government are indeed colluding, against an outside attack trying to tear them down to replace with a different power structure. I've had no love for the US power structure and have myself often wished to wholesale replace it, but the vision that attack is offering is so regressive that I've become extremely conservative for the time being.
> no reason to believe that anyone’s acting in bad faith
Of course nobody is acting in bad faith. Bad faith actions are decently punished by our society, so the structures that have built up operate on good faith, and produce constructive bad outcomes in spite of it.
> but it is a great demonstration to people how easily big tech can become weapons of fascism
This feels like it's missing the ultimate dynamic, by falsely asserting that fascism can only flow from the bona fide government. Whereas actually, Google's actions within Google's currently-limited sphere of influence are fascist in nature, and that sphere is growing. As I said, "similar end state, but coming at it from a different direction".
> it’s important to opt out of centralized big tech
I wholeheartedly agree, which is why I think it's important to describe the fundamental dynamics of these centralized surveillance companies before they have grown to be truly all-encompassing. Even presently, using Google is a mandatory requirement to interact with many government services (Recaptcha), and the more you make yourself known the Google the fewer roadblocks they hit you with. It's not a stretch to think as non-Google browsers ramp up their surveillance protection, that logging into a Google account will become default mandatory to pass such checks, giving Google account status the bona fide force of law.
This quote is taken out of context FYI. Here is the full version:
"The word Fascism has now no meaning except in so far as it signifies ‘something not desirable’. The words democracy, socialism, freedom, patriotic, realistic, justice, have each of them several different meanings which cannot be reconciled with one another. In the case of a word like democracy, not only is there no agreed definition, but the attempt to make one is resisted from all sides. It is almost universally felt that when we call a country democratic we are praising it: consequently the defenders of every kind of régime claim that it is a democracy, and fear that they might have to stop using the word if it were tied down to any one meaning. Words of this kind are often used in a consciously dishonest way. That is, the person who uses them has his own private definition, but allows his hearer to think he means something quite different"
This is at best authoritarianism or corportatism not fascism. There is no ultranationalism, there is no "othering", there is no enforced hierarchy of individuals.
Nope, the final call was made by NCMEC. The article is a bad one, didn't highlight how the process works. And it's a federal law that google is obliged to follow.
That's not what fascism is. Fascism is hyper nationalism where everything is done in service of the nation state. Private entities only exist insofar as they are extensions of the state.
What you're describing here is more like a cyberpunk corporatocracy, where corporations hold so much power independent of the state, that they are able to exercise their own arbitrary decisions extrajudicially, while still maintaining so much power over people so as to completely control their lives.
In fact, here you can see that the person was exonerated by the state but punished by the corporation. In fascism, nothing supercedes the state.
> Just how tone deaf can Google be, continuing to treat these innocent folks as criminals in this passive aggressive statement even after being proven wrong? Do these people have no empathy at all?
They don't care a single bit about the effect their actions have on others. They only care about having to build a system, which can distinguish such cases from actually criminal ones. Because that wouldn't scale and would be bad for business $$$. So they try to turn and twist the image in the light of the public, that it is "right" what they did, so that the public does not cry out and demand change of their systems. Empathy doesn't even enter the equation for Google.
> They only care about having to build a system, which can distinguish such cases from actually criminal ones
There are only two ways to actually do that:
1) Make Google's policies 100% subservient to the United States legal system, which would look a lot like the "corporate / national lock-step unity" one sees in actual fascism
2) Google build its own court system, independent from the United States court system but with equivalent power
How about just saying in hindsight: "Hey, we were wrong! [Yes, it's possible! The allmighty Google can be wrong! Newsflash!] We are sorry, these things happen with our automated systems. Person XYZ is completely not guilty of our accusations and we will revert all actions taken from our side. It is in the nature of things, that these cases are difficult to distinguish, without information about the child as well as the parent and we need to stay vigilant about pictures of children being uploaded to our services. Please accept our apologies."
Instead of going: "Nooo! We were still right! We don't care what others say or what facts were found out!"
So I am thinking you are painting the scenario a bit wrong here, saying, that there are only 2 options. An honest apology and actions to make up for ones mistakes can go a long way. Of course I would not expect Google to act that way.
I’m amused because it’s a microcosm of the actual problem: it’s probably the default response to anything that has to do with child sexual abuse material, given without thought to context or circumstances, with too little review. But hey, I guess it’s Google’s official position that this dad is a child pornographer ¯\_(ツ)_/¯
> In a statement, Google said, “Child sexual abuse material is abhorrent
I love the use of the disclaimer "sexual" here, to make it clear they don't care about other types of child abuse (like interfering with access to health care, which Google is clearly guilty of in this case...)
I've said it before and I'll say it again: Google now has enough power that it has effectively turned into a globalist government, a government you did not vote for.
What do you think is the ratio of innocent to nefarious pictures of naked children Google encounters in aggregate?
This is relevant to how outraged one should be by this story. I think it is probably > 1:100000. As such, probably not much outrage is warranted, although it’s obviously not great for this one guy.
Wow, I'd guess the opposite when we consider the base rate. Seems like a classic Bayesian problem.
It's fairly normal for parents to take pictures of their children naked in the bathtub/at the beach/ camping/etc.
Conversely, I'd expect actual pedophiles and CSAM producers to be really quite rare.
So even a relatively low base-rate of normal parents with normal nude photos would likely dwarf CSAM upon detection.
So, if we say 1/100 are pedophiles, and 30/100 are parents, and of the parents 10% have such photos, the ratio I'd expect without getting into detection rates is like 3:1 in favor of normal parents.
> It's fairly normal for parents to take pictures of their children naked in the bathtub/at the beach/ camping/etc.
And what I understand is that each of these private photos of their children that parents take on an Android phone with Google cloud enabled gets specifically flagged to be shown to a stranger working for Google.
What's more a "professional" CP distributor would at the least encrypt or compress their photos, and probably not even use Gmail, maybe use a hijacked cracked account.* So that would lower the "true" positive rate even further.
*In fact that seems like it could be an effective form of extortion or swatting. Someone with access to your credentials could (threaten to) send CP over your account and ruin your life. Or destroy a small business.
This quite the insane realization, and it needs to be shouted from the rooftops every time the encryption "debate" comes up. Authoritarians browbeat us by overstating the diffuse possibility of harm, while whitewashing the effects of their own actions. Meanwhile their actions create centralized, institutionalized, inescapable harm - specifically here, creating a ripe target for pedophiles to remotely creep on everyday families just trying to go about their lives.
If the types of photos you mention were getting flagged as per the case in the article, we would be hearing about a lot more cases. The case itself involved a medical photo, not smiling children at the beach. As such the denominator you use isn’t relevant here.
There is a lot of child pornography in image sharing platforms. Facebook, which reports most reliably, had 20 million CSAM reports in 2021, and that’s photos posted to a social network or sent via messenger, not even in private albums. As I understand it CSAM is more focused on reporting re-uploads or transmission of known abuse material, rather than new material. So I still maintain that if we take the type of image referenced in the article as the denominator, vastly more of such photos would be child abuse material. Granted, 1:100000 is too high, I would revise that down to 1:1000.
Some fair points, but I have a couple of counter points...
One, We really need to know the base rates and false positive rates to reason well here.
Two, I think you'd also need to consider the number of people and number of photos. So like, a photo can be considered a trial, OR flagging a person can. I would imagine a given pedophile has a large number of CSAM photos, but there are few pedophiles. There are however lots of normal parents with fewer photos that might trigger a false positive, but because of that base-rate issue, even if the probability that a given photo is falsely identified as CSAM is quite low, the probability that a given person is falsely flagged/reported may NOT be low.
If it wasn't clear, people aren't objecting to the use of automated tools to prevent crime. It's that there is absolutely no avenue of appeal or review against it even if the law enforcement exonerates them and a big news media reports it.
Google has inserted itself into almost all spheres of digital life by hook or crook. It's practically difficult to avoid them in many services - especially email. And now they play judge, jury and executioner. I don't understand any of these are acceptable, much less justifiable. The old argument 'think of the kids' used to justify digital authoritarianism is such a cliché by now.
I’d put pretty good money on almost every family having pictures of their naked kids doing some shenanigans. I know I have those pictures. My parents have those pictures of me and my sister. Quite a few, as I seemed to enjoy trying to run about naked…
Bill Waterson somehow managed to sneak watercolor paintings of a naked little boy into every major newspaper under the guise of being a “comic strip”— the perv.
A lot of people don't, specifically because they are aware of the tremendous risk of an insane government or corporation ruining their life over innocent behavior.
Dare I say that it is a peek into how Black people feel when they go out in public to do...anything.
Somehow I think there more parents who sometimes need to take a photo of their naked children than there are paedophiles.
Or at least the ratio is clearly not 1:100000, maybe more like closer to 1:10.
You would need statistics how many times google have reported police and how many times it have turned out to be a false alarm. Does google even keep record of false alarms? Most likely they don't to avoid responsibility.
I'd expect it to be a lot lower than 1:10. All parents have nude children at some point, they're sort of made that way. The number of pedophiles is higher than anyone wants it to be but it's not 1:10 the number of parents or they'd be a voting bloc. Probably 1:10000
Well as a data point I have pictures of my children naked. As another data point my parents have photos of me as a child naked, and as a third data point my grandparents have photos of themselves as children naked. Whereas I don't knowingly know any paedophiles.
What are the ways to mitigate these issues for someone that wants a lot of the features of Google Photos? It seems that Amazon Photos is basically copying Google Photos and has a lot of the features. I wouldn't care if my Amazon account was closed down. And it is free if you are already a Prime member.
Telehealth had nothing to do with it other than causing the picture to be taken. The picture was taken with a Google-linked phone, the AI flagged it as CSAM. The transfer to the pediatrician was probably secure and not seen by Sauron's Eye.
>Mark’s wife grabbed her husband’s phone and texted a few high-quality close-ups of their son’s groin area to her iPhone so she could upload them to the health care provider’s messaging system.
It sounds like it was probably the texting (maybe via the Google Messages app?) that got the images flagged, rather than the telehealth system.
> When Mark’s and Cassio’s photos were automatically uploaded from their phones to Google’s servers, this technology flagged them. Jon Callas of the E.F.F. called the scanning intrusive, saying a family photo album on someone’s personal device should be a “private sphere.” (A Google spokeswoman said the company scans only when an “affirmative action” is taken by a user; that includes when the user’s phone backs up photos to the company’s cloud.)
I assume it was triggered when the photos were backed up to Google Photos based on the above quote.
..and with CSAM Apple is going to get in the same business. With this latest security update I would not be surprised if CSAM has already been deployed.
Because why on earth would you oppose protecting children? /s
This is why I don't have a Dropbox account anymore.
I am extremely fortunate that the account that was deleted without recourse only contained data I had copies of on my hard drive, and to my knowledge law enforcement isn't involved.
The article fails to mention the stress and trauma of being accused of having CSAM. That remains to this day ... I'm posting from an alt because even the false accusation carries a potentially career and family destroying stigma.
What if someone emails stock photos to Google execs that are known to trigger Google's child abuse algorithm? They would have to build a way to re-activate banned accounts to get their own accounts back.
> Mark and his wife gave no thought to the tech giants that made this quick capture and exchange of digital data possible
Well... here we are, normal people don't think it's possible to transfer an image over the internet without a megacorp being in the middle of it. Pretty strong sign something has gone wrong.
"Apple announced plans last year to scan the iCloud for known sexually abusive depictions of children, but the rollout was delayed indefinitely after resistance from privacy groups."
We have a direct primary care doctor for our children and would never send a photo with genitalia in it. Either she comes for a house call or we come to her. This article confirms my fear.
They all embed themselves deeply into our communications, for not-so-altruistic purposes--allegedly to "serve us better", realistically to train the shit out of their AIs in the hopes of growing (or at least maintaining) market share. If people weren't such cattle, a hard line would have already been drawn. If...
Just don't make knives. Period. The reasoning doesn't matter. The innocent tool that you use for cooking could be stolen, could be lost, could end up donated to a thrift store where anyone could buy or shoplift it, and the knife could end up in the hands of a serial killer.
Your intent doesn't make it right. And you have to make sure a criminal can never get their hands on one.
What's next, actual serial killers declare themselves chefs and thus can receive and share knives with other chefs "for cooking reasons"?
Please. Don't be so naive guys. Don't make knives. How the hell is that not common sense?
---
That is how rediculous your suggestion about pictures sounds to other people.
Yeah, just delay seeking medical treatment (for your child) until this coronavirus thing blows over.
The context is critical. Context is always critical.
Also, I'm not sure why an "actual" paedophile couldn't be an acupuncture professional. I mean it's not really a thing to take your kids to before the GP. To be clear: I don't think that anyone should be able to just declare themself to be some sort of qualified practitioner and make or imply that they can provide a service or results that they cannot. But I'm really unsure why someone calling themselves an acupuncture professional (whether they are qualified to or not) would entitle them to freely trade in sexual abuse material.
It doesn’t seem right for the doctor to ask the parents to take pictures then send them over SMS, email, or whatever they asked them to use. Why wouldn’t this just be done within the privacy of the doctor’s office?
You shouldn't have to travel to a doctor's office to get privacy. There is nothing wrong with a parent or a doctor taking pictures of a medical condition (rashes, etc).
It is beyond me that someone would use email to submit sensitive information. Pandemic aside, you should know better.
Also, I am sorry this happened. It is very human to respond to a person in authority - but we need to be better and start asking questions. It is our privacy at stake.
Hopefully everyone learns from this; Also, Google was doing the right things.
Where does it say that they used email to submit the information?
And I really don't see how Google insisting that banning them was the right thing to do and being cleared by police doesn't warrant undoing the ban is "doing the right things".