Skip to content

Recent Articles

13
Apr

Tracking phones, Google is a dragnet for the police

A must-read from The New York Times:

When detectives in a Phoenix suburb arrested a warehouse worker in a murder investigation last December, they credited a new technique with breaking open the case after other leads went cold.

The police told the suspect, Jorge Molina, they had data tracking his phone to the site where a man was shot nine months earlier. They had made the discovery after obtaining a search warrant that required Google to provide information on all devices it recorded near the killing, potentially capturing the whereabouts of anyone in the area.

Because of Google’s ubiquitous, privacy-destroying data collection practices, it has become one stop shopping for law enforcement, just as foretold by Google’s critics.

The warrants, which draw on an enormous Google database employees call Sensorvault, turn the business of tracking cellphone users’ locations into a digital dragnet for law enforcement. In an era of ubiquitous data gathering by tech companies, it is just the latest example of how personal information — where you go, who your friends are, what you read, eat and watch, and when you do it — is being used for purposes many people never expected. As privacy concerns have mounted among consumers, policymakers and regulators, tech companies have come under intensifying scrutiny over their data collection practices.

Some people — some of us — foresaw that this would be a problem.

This site is now ten years old and has been calling attention to the awfulness of Google’s business practices for a decade. And it will continue to.

Props to The New York Times for publishing this story. It’s much needed.

3
Apr

MUST-READ: “I tried creating a web browser, and Google blocked me”

The Monster of Mountain View stomps on competition again.

For the last two years I’ve been working on a web browser that now cannot be completed because Google, the creators of the open source browser Chrome [actually, Chromium; Chrome isn’t open source], won’t allow DRM in an open source project.

The browser I’m building, called Metastream, is an Electron-based (Chromium derived), MIT-licensed browser hosted on GitHub. Its main feature is the ability to playback videos on the web, synchronized with other peers. Each client runs its own instance of the Metastream browser and transmits playback information to keep them in sync—no audio or video content is sent.

Without a license for Widevine, Samuel Maddock cannot finish his browser.

But of course, Google doesn’t care.

If someone is creating a browser that wants to playback media, they’ll soon discover the requirement of DRM for larger web media services such as Netflix and Hulu. There are a few DRM providers for the web including Widevine, PlayReady, and FairPlay.

As far as I’m aware, Widevine is the only available DRM for a Chromium-based browser, especially so for Electron. Chromium accounts for roughly 70% market share of all web browsers, soon to include Microsoft’s upcoming Edge browser rewrite. Waiting 4 months for a minimal response from a vendor with such a large percentage of the market is unacceptable.

When this site was created, Google Chrome didn’t exist.

Today, Google Chrome is the most dominant browser. It is the new Internet Explorer. And in fact, even the once mighty-Microsoft has acknowledged this, because it is redeveloping Edge to use Chrome’s underlying parts, including the Blink rendering engine. Other browser makers have already done this; Opera is also a Chromium-derivative. Only Mozilla has held out, although its version of Firefox for iOS uses WebKit, an an ancestor of Blink, because Apple won’t allow Mozilla to use its own rendering engine (Gecko).

When you’re practically a monopoly, you can pretty much do whatever you want (including brutally stifling the competition) and there are no consequences.

Google is too big and too powerful. It’s a giant, faceless corporation that needs to be broken up.

26
Mar

Android ecosystem of pre-installed apps is a privacy and security mess

We’re shocked, shocked, shocked to… oh wait, actually, no, we’re not shocked at all by this:

An academic study that analyzed 82,501 apps that were pre-installed on 1,742 Android smartphones sold by 214 vendors concluded that users are woefully unaware of the huge security and privacy-related threats that come from pre-installed applications.

Researchers found that many of these pre-installed apps have access to very intrusive permissions out of the box, collect and send data about users to advertisers, and have security flaws that often remain unpatched.

On top of this, many pre-installed apps (also referred to as bloatware) can’t be removed, and also use third-party libraries that secretly collect user data from within benign-looking and innocently-named applications.

The study is, by far, one of the most complex endeavors of its kind, and included both an analysis of device firmware, app behavior, and the internet traffic the apps generated.

Android has been repeatedly shown to be a security nightmare. What’s particularly ironic and absurd is that many Android device manufacturers lock the bootloader to prevent rooting, which stops savvy users from getting rid of the bloatware and keeping their devices current.

And thanks to the demise of Windows Phone and BB10 (the latter of which heavily emphasized security), the only practical alternative is iOS. While iOS is superior to Android, it’s a shame that there’s no other game in town anymore. We appear to be stuck with a duopoly for the foreseeable future.

26
Mar

“Killed by Google” gets some love from the tech press

BGR is the latest to profile a site that serves as a reference for what Google has killed off over the years.

We’re still a few months away from the halfway mark of 2019, and already Google has sent some pretty high-profile products to an early grave — products that the company had high initial hopes for, like its Inbox email service and its failed Facebook killer Google+. But this, as we all know, is really par for the course when it comes to the search giant, which has tried so many experiments over the years with products, apps and services that didn’t quite work out as planned that it’s ended up building quite a crowded graveyard of failed ambitions.

“Killed by Google is a Free and Open Source list of dead Google products, services, and devices. It serves to be a tribute and memorial of beloved products and services killed by Google,” says its creator Cody Ogden. It is without question an extremely useful reference and we’ve added it to our blogroll, or link list, or whatever you want to call it.

25
Mar

Analyst: Google Investors Are Expecting Too Much From Stadia

Slow down there, Monster of Mountain view backers. That’s the message from this SeekingAlpha contributor, who has a skeptical take on Google’s new foray into gaming:

It’s a near certainty that Stadia won’t win 100% of this game streaming business. Even if Stadia miraculously took 50% of this $28 billion opportunity, that means about $14 billion in additional sales for Alphabet.

Using analysts’ revenue estimates for 2020 as a starting point, and assuming a similar growth rate in 2021, suggest Alphabet revenue of about $225 billion by 2021. If Stadia generates $14 billion in sales at this point, that represents another 6% of additional year-over-year growth. There is little doubt there is a big opportunity in streaming gaming, but investors need to ignore the hyperbole in the headlines and temper their expectations.

Those are a lot of assumptions.

If people refuse to hand over money to Google for Stadia, Google will have to pull the plug on it before long because that is how the Monster of Mountain View rolls. That would be a fitting outcome.

22
Mar

Google yanks KDE Connect from Google Play for no good reason

Ridiculous:

The official KDE Connect Android app was briefly removed from the Google Play Store for “violating” app permission policies.

Google yanked the phone-side companion app, which works with desktop tools like GSconnect, from its Android app store on March 19. It said the app did not adhere to its new rules on apps that can access to SMS messages.

But that was nonsense. KDE developer Albert Vaca Cintora explains:

KDE Connect has been removed from Google Play for violating their new policy on apps that access SMS. The policy has an explicit exception for companion apps (like KDE Connect), but it was removed anyway and *there’s no way to talk to Google*.

Google only provides one-way forms to contact them. I’ve filled the forms regarding this policy change (including one they sent to existing apps before the policy was effective) but never got an explanation to why KDE Connect doesn’t qualify as a companion app.

Google is the best living personification of the faceless corporation that we know of.

Albert stripped the SMS integration out of KDE Connect to get it back on Google Play. After an outcry from free software enthusiasts, Google quietly reversed course and allowed KDE Connect back on Google Play, replete with SMS integration.

20
Mar

The EU hits Google with another big, well-deserved fine

It serves them right.

European authorities on Wednesday fined Google 1.5 billion euros for antitrust violations in the online advertising market, continuing its efforts to rein in the world’s biggest technology companies.

The fine, worth about $1.7 billion, is the third against Google by the European Union since 2017, reinforcing the region’s position as the world’s most aggressive watchdog of an industry with an increasingly powerful role in society and the global economy. The regulators said Google had violated antitrust rules by imposing unfair terms on companies that used its search bar on their websites in Europe.

The EU’s Margrethe Vestager said it well when she declared:

“Google has cemented its dominance in online search adverts and shielded itself from competitive pressure by imposing anticompetitive contractual restrictions on third-party websites.”

It’s nice to hear somebody in a position of public responsibility saying this and then back it up with action.

What’s sad, though, is that the United States keeps letting Google skate when it can see the same thing that European Union regulators can see. The difference is that the EU cares about combating monopolistic behavior while the U.S. authorities don’t.

19
Mar

Google enters another market with Stadia, a big foray into gaming

We can only hope Stadia is as big of a failure as Google Plus was.

At the Game Developers Conference, Google announced its biggest play yet in the gaming space: a streaming game service named Google Stadia, designed to run on everything from PCs and Android phones to Google’s own Chromecast devices.

As of press time, the service’s release window is simply “2019.” No pricing information was announced at the event.

Google Stadia will run a selection of existing PC games on Google’s centralized servers, taking in controller inputs and sending back video and audio using Google’s network of low-latency data centers. The company revealed a new Google-produced controller, along with a game-streaming interface that revolves around a “play now” button. Press this on any Web browser and gameplay will begin “in as quick as five seconds… with no download, no patch, no update, and no install.”

Ars Technica commenters are skeptical about Stadia.

“Can’t wait for this to be killed off in a press release in 6 years! I really need more reliability from Google in supporting their platforms,” wrote one.

“Annnd will quickly forget about it in 1-2 years. Buyer beware,” said another.

“My past experience with Google products suddenly disappearing really discourages me from trying this, let alone sink money into it,” agreed a third.

13
Mar

New Android adware found in 200 apps on Google Play

These issues just keep recurring… and recurring… and recurring…

Security researchers have found a new kind of mobile adware hidden in hundreds of Android apps, and downloaded more than 150 million times from Google Play.

The malware masquerading as an ad-serving platform, dubbed SimBad by researchers at security firm Check Point, infected more than 200 apps which, likely unbeknownst to the app developer, would open a backdoor to install additional malware as a way to outsmart Google’s app store scanning. Once installed, the downloaded malware also removes the app icon and persists in the background, loading each time the device boots up.

A list of the bad apps is available here.

Google has been pulling down these bad apps, but unfortunately, they will remain on the devices of anyone who installed them unless the user takes action to get rid of them. That’s what is so distressing about all of this. Google has failed to create a system for effectively vetting and screening apps before they appear on Google Play. And it seems no matter how many times security researchers find problems, Google isn’t embarrassed enough to change its ways.

12
Mar

Gmail, Google Drive hit with global outage

Ruh roh:

Gmail has been hit by an outage affecting users around the world, with outage reports spiking and Gmail users flooding social media to complain about problems sending emails.

Some users are also reporting issues with Google Drive, including spotty performance and certain file types not opening.

According to a message posted on Google’s GSuite Status Dashboard at 1:53 p.m. ET, both Gmail and Google Drive are experiencing what it describes as a “service disruption.”

People who have trusted Google with their data are naturally not happy that it’s inaccessible. There’s quite a bit of griping on Twitter, which is typical of a service outage.

The moral of the story? Don’t trust Google with your data. Keep a local copy that’s always accessible and choose providers that care about your privacy (unlike Google).