News

Posted in Shoddy Security

Major security holes found in Google’s Nest

Don’t use “smart home” technology. Just don’t.

After last week’s heated debate about whether Google Nest owners should be able to turn off their webcam’s recording LED, this week they have something more conventional to worry about – security flaws.

The list of vulnerabilities recently discovered by Cisco Talos researchers relate to one model, the Nest Cam IQ Indoor camera.

As $249 webcams go, this one has plenty of features, including a 4K resolution sensor, facial recognition, noise and echo cancellation, and Google’s Voice Assistant integration to control other Nest products.

There are eight CVE-level vulnerabilities in total, five relating to the Weave protocol binary built into the camera (used to set it up), and three in the Openweave interface (this being the open source version of Weave).

Some of these exploits allow the device to be taken over, or hijacked.

Google claims it’s patching the affected hardware, but cautions that updates may take a while to roll out.

Meanwhile, lots of Nest users are still angry about Google’s decision to cripple the toggle for the Nest cam’s LED status light.

Posted in Menacing Monopoly

Robert Epstein: To break Google’s monopoly on search, make its index public

Could making Google’s search index public reduce the threat that it poses without breaking up the company? Robert Epstein thinks so.

Different tech companies pose different kinds of threats. I’m focused here on Google, which I’ve been studying for more than six years through both experimental research and monitoring projects. (Google is well aware of my work and not entirely happy with me. The company did not respond to requests for comment.)

Google is especially worrisome because it has maintained an unopposed monopoly on search worldwide for nearly a decade. It controls 92 percent of search, with the next largest competitor, Microsoft’s Bing, drawing only 2.5%.

Fortunately, there is a simple way to end the company’s monopoly without breaking up its search engine, and that is to turn its “index” — the mammoth and ever-growing database it maintains of internet content — into a kind of public commons.

There is precedent for this both in law and in Google’s business practices. When private ownership of essential resources and services—water, electricity, telecommunications, and so on — no longer serves the public interest, governments often step in to control them.

An interesting idea, certainly one worthy of further discussion.

Doesn’t Google already share its index with everyone in the world? Yes, but only for single searches. I’m talking about requiring Google to share its entire index with outside entities — businesses, nonprofit organizations, even individuals — through what programmers call an application programming interface, or API.

Perhaps we’d all be better off if our laws caught up with the times and required companies like Google to make certain information available through APIs, just as public agencies must provide records in response to Freedom of Information Act requests.

Posted in War on Privacy

Google Chrome was always a surveillance browser

Washington Post columnist Geoffrey Fowler has decided he’s done with Chrome because he doesn’t like being spied on:

You open your browser to look at the Web. Do you know who is looking back at you?

Over a recent week of Web surfing, I peered under the hood of Google Chrome and found it brought along a few thousand friends. Shopping, news and even government sites quietly tagged my browser to let ad and data companies ride shotgun while I clicked around the Web.

This was made possible by the Web’s biggest snoop of all: Google. Seen from the inside, its Chrome browser looks a lot like surveillance software.

It’s wonderful that Fowler has seen the light. It’s a shame it took him so long.

Google Chrome has always been surveillance software. It didn’t become one — it has always been a means by which the Monster of Mountain View can vacuum up user data. That’s why it was created.

This site is over ten years old and has been warning that Google is “the web’s biggest snoop of all” for the entirety of that time. People in the tech press have known that surveillance underpins Google’s business model, yet they have chosen to use and recommend Google’s offerings anyway.

It seems like that is starting to change.

For Fowler, the last straw is Google’s refusal to protect users by limiting the extent to which cookies can be used for tracking purposes.

Google itself, through its Doubleclick and other ad businesses, is the No. 1 cookie maker — the Mrs. Fields of the Web. It’s hard to imagine Chrome ever cutting off Google’s moneymaker.

Like Matthew Green, he also felt betrayed when Google modified Chrome to make automatic sign-ins the default.

I felt hoodwinked when Google quietly began signing Gmail users into Chrome last fall. Google says the Chrome shift didn’t cause anybody’s browsing history to be “synced” unless they specifically opted in — but I found mine was being sent to Google and don’t recall ever asking for extra surveillance.

And so he has made the switch to Firefox.

Let’s hope many more people do likewise.

Posted in Poor Quality Assurance

Google Calendar crashes and burns, leaving many feeling adrift and angry

Ruh roh

Users around the world can no longer access Google Calendar, with people reporting an error message when they try to access the app and some sharing an overwhelming feeling that they should go home for the day.

“Google Calendar is currently experiencing a service disruption,” said Google’s G Suite Twitter account, instructing users to follow updates through a service Web page. Google directed The Washington Post to the same page, which states: “We’re investigating reports of an issue with Google Calendar. We will provide more information shortly. The affected users are unable to access Google Calendar.”

The outage has become an event on social media. Twitter created an event page with funny GIFs symbolizing the distress many people are experiencing.

If they didn’t store so much of their private data with one company, this wouldn’t be a problem.

Posted in Menacing Monopoly

Small business owners are sick of being unfairly treated by Google and they’re taking their complaints to regulators

A must-read from The New York Times.

“As a small business, it’s like David versus Goliath,” said Andrew Ding, the owner of the Handpulled Noodle. The shop’s Google listing is how most customers find his restaurant, yet, he said, he has no control over how his business is represented. There is no way for him to get rid of the ad next to the Google listing.

“Google is it,” Mr. Ding said in an interview. “I would love for small business owners that don’t have the clout or the influence to have more say about how their business is represented.”

There are countless small business owners out there like Andrew Ding.

Executives at Yelp have pushed for action against Google for years, but the U.S. authorities have done nothing. The EU has stepped in to partially fill the vacuum, but small businesses in the United States need a regulator in their own country on the job.

Posted in Menacing Monopoly

DOJ antitrust chief has Google in his sights

It’s about time.

In a speech today, the top antitrust official at the United States Department of Justice assailed Google and Amazon as “digital gatekeepers” that are the “only significant players” in several crucial markets.

Alphabet Inc.’s Google loomed large over [Makan] Delrahim’s speech — first as a potential beneficiary of the U.S. government’s antitrust case against Microsoft Corp., and then as a company that pursued potentially problematic agreements itself in the search market.

Delrahim described “coordinated conduct that creates or enhances market power,” citing a proposed 2008 agreement between Google and Yahoo to have the former power search ads for the latter. The department told the companies it would file suit against the agreement and the companies backed away, Delrahim said.

The DOJ recently launched an industry probe and is reportedly investigating Google, while the FTC is looking into Amazon.

Interestingly, Delrahim is a former lobbyist for Google, and this has prompted calls for him to recuse himself from the Google investigation by other Google critics.

Posted in Menacing Monopoly

Google is fleecing publishers: Company made $4.7 billion from the news industry in 2018, study says

This unfair arrangement needs to end.

$4,700,000,000.

It’s more than the combined ticket sales of the last two “Avengers” movies. It’s more than what virtually any professional sports team is worth. And it’s the amount that Google made from the work of news publishers in 2018 via search and Google News, according to a study to be released on Monday by the News Media Alliance.

The journalists who create that content deserve a cut of that $4.7 billion, said David Chavern, the president and chief executive of the alliance, which represents more than 2,000 newspapers across the country, including The New York Times.

“They make money off this arrangement,” Mr. Chavern said, “and there needs to be a better outcome for news publishers.”

Google, of course, wants to protect this lucrative profit machine, so it has disputed the figures.

But whatever the figures are, the essential point here is that Google is a digital gatekeeper which is using its position to profit at the expense of publishers. Google makes and distributes Google Chrome, it develops Android, the world’s most popular mobile operating system, which it bundles its apps with, it operates the news and web search engines that people use to access information, including news. And of course it makes a lot of money selling advertising.

“If you look at the reason they have such high engagement on their platforms, increasingly news is the No. 1 driver,” media executive Terrance C.Z. Egger told the New York Times. “Given that, they wouldn’t want to see news go away. And yet the unintended consequence is we need to share the revenue or get paid for the content that we produce.”

Yep. Journalism, like other things worth having, isn’t free. Someone has to produce it. If society ceases valuing journalism, there will be less journalism.

Posted in Undependable Support

Google outage takes down YouTube, Gmail, other Google offerings

It hasn’t been a very good weekend for Google.

YouTube, Snapchat, Gmail, Nest, Discord, and a number of other web services are suffering from outages in the US today. The root cause appears to be problems with Google’s Cloud service which powers apps other than just Google’s own web services. Google has issued a status update on its Cloud dashboard, noting that issues began at around 3:25PM ET / 12:25PM PT.

The issues appear to be mostly affecting those on the East Coast of the US, but some YouTube and Gmail users across Europe are also reporting that they’re unable to access the services. Google’s own G Suite Status dashboard shows problems with practically every single Google web service, and Down Detector lists YouTube outage reports in a number of countries worldwide.

The New York Times has more. Companies that use Google’s cloud, including Vimeo, Discord, and Snapchat, are also affected.

The cause of the trouble is “network congestion”, and Google is working on a fix.

Twitter has created a Moment pertaining to the outage.

Posted in Menacing Monopoly

Now we’ve got you! With much of the world on Chrome, Google plans to monetize its browser and stop people from using content blockers

Changes are coming to Chrome that will render many popular extensions (including those that block ads) unusable. And that’s by design. Google is a search and advertising apparatus first, and that cash cow must be protected.

Back in January, Google announced a proposed change to Chrome’s extensions system, called Manifest V3, that would stop current ad blockers from working efficiently. In a response to the overwhelming negative feedback, Google is standing firm on Chrome’s ad blocking changes, sharing that current ad blocking capabilities will be restricted to enterprise users.

Manifest V3 comprises a major change to Chrome’s extensions system, including a revamp to the permissions system and a fundamental change to the way ad blockers operate. In particular, modern ad blockers, like uBlock Origin and Ghostery, use Chrome’s webRequest API to block ads before they’re even downloaded.

uBlock Origin developer Raymond Hill notes:

Google’s primary business is incompatible with unimpeded content blocking. Now that Google Chrome product has achieve high market share, the content blocking concerns as stated in its 10K filing are being tackled.

Even Google admits this.

New and existing technologies could affect our ability to customize ads and/or could block ads online, which would harm our business.

Technologies have been developed to make customizable ads more difficult or to block the display of ads altogether and some providers of online services have integrated technologies that could potentially impair the core functionality of third-party digital advertising. Most of our Google revenues are derived from fees paid to us in connection with the display of ads online. As a result, such technologies and tools could adversely affect our operating results.

“We are starting to see Google’s conflict of interest arising,” independent security consultant Sean Wright said in comments to cybersecurity consultant “Google relies on the revenue of advertising, so one can see why they would make such a move.”

Wright recommends switching from Chrome to Brave and deploying a Pi-hole at home.

(We at Google Watchdog prefer Firefox.)

Posted in Menacing Monopoly

Might the Department of Justice finally be ready to go after Google?

A promising development:

The Justice Department has taken early steps toward opening a federal antitrust investigation into Google, according to three people familiar with the matter, marking a new chapter in the tech giant’s troubles with regulators around the world who contend the company is too large and threatens rivals and consumers.

The move thrusts Google back under the regulatory microscope in the United States roughly six years after another federal agency probed the search and advertising behemoth on grounds that its business practices threatened competitors – though the government spared the company from major punishment at the time.

To date, only the EU authorities have taken serious action to respond to Google’s privacy blunders and anticompetitive business practices. In the United States, the response has been a shrug or a slap on the wrist or both.

But it sounds like Google’s C-Suite might have to start sweating a bit more in the near future. If this investigation is for real, it would represent a long overdue step towards accountability.