Hope It Floats

Today I rode Stevens Creek Trail for the first time, and it’s pretty cool: a tiny jungle wedged between a freeway and suburbs, with lots of engineering to overcome highways and the occasional railroad. As I approached the south end of the bay I passed Moffet field and the NASA Ames Research center. Just past that there was a pair of fancy new buildings going up.

“Huh.” I thought to myself, “I’d have thought that NASA people would know better than to create grand new structures at sea level.”

Ames Research Center and something Big and New

The hue of the image is due to smoke; this is the “new normal”, as the kids say. So – two big buildings with Major Architecture going up (only one pictured here), on land that is almost certain to be under water within the intended lifespan of the buildings.

I wondered how NASA could be so short-sighted, but it turns out they’ve worked a pretty good scam. After I got home I did some research.

Ladies and Gentlemen, welcome to one of Google’s new flagship sites. I imagine the NASA people who leased Google the land are cackling at the prospect of getting anything at all for that doomed real estate. And maybe if Google is there, they will spend their billions to protect their investment, constructing dikes and pumping stations that not only will prolong the agony for Google but also give NASA a few more years in their own facilities next door.

The people who paid for that new fancy building must know that the ocean will soon be taking ownership of that land, right? They must know that clever geothermal piles (which sound pretty cool) will not alter the simple fact that the ocean is rising, and cares not how many dollars you have sunk into your new building.

I have many unflattering things to say about Google, but stupid was not one of them. But if the shoe fits…

Google’s New Evil

Google, Facebook, and their pals make big money because companies believe that carefully-targeted advertising is more effective than plain ol’ marketing blitzes. While there is some debate about that, it hasn’t stopped Google from harvesting and reselling enormous amounts of information about people. About you. One of their primary tools has been the third-party cookie. When you go to myfavoritesite.com, you are the first party. myfavoritesite.com is the second party. But they can also send cookies your way on behalf of Google et. al., and allow those behemoths to track your every move.

Nowadays, those third-party cookies are falling into deep disfavor. The abuses they enable are vast, including institutional discrimination, predatory marketing, and deep invasions of privacy.

The handwriting is on the wall; third-party cookies are on the way out, and Google is stepping nimbly to repackage its evil. Never forget, fundamental to their business is their ability to package and sell you.

Their latest initiative is the “privacy sandbox”, which means that some information about you is never sent to the mother ship. Instead, an algorithm in the Chrome browser will wrap up your browsing history for the week and assign you to a group. Google won’t be selling you, they will be selling a group. That makes it private.

Now mind you, that group won’t be useful to advertisers unless they know some of the qualities of the group. And don’t forget, if the site you visit knows you’re one of a few thousand people, it’s much easier for them to pin exactly who you are than if you were one of many millions.

And now you’re in a “cohort”, defined by google. You cohort might shift a bit, week to week, which is especially interesting to the sites who can tell exactly who you are.

Brief aside on “knowing exactly who you are”: two browsers have built-in systems for thwarting those efforts. Tor is one, the official browser of the Dark Web, and Safari is the other. Firefox has some great add-ons that accomplish the same thing. But none of those browsers can keep you anonymous in a pool of only a few thousand.

Less brief Twitter anecdote: Twitter offered users the choice to opt out of a particularly invasive form of tracking. But after a while they discovered that there was a bug in their software and that in fact they had been sharing that stuff with advertisers anyway. Oops! They fixed the bug and revenue plummeted. Turns out that information was what they were being paid for. Their solution: Change the Terms of Service! Users can no longer opt out of sharing that information. It was pitched as being required to keep Twitter a free service. Twitter is not free, and is not a service.

Anyway, back to Google. They say that they will watch the cohorts, to make sure that people who are in “sensitive interest categories” aren’t bunched together in a too-exploitative manner.

First, that means that there will not be a privacy sandbox on your computer, because the mother ship will need to monitor the cohorts. Second, there is a corporation deciding what the sensitive interest categories are, and how to protect them, and each iteration of their algorithm may expose another “sensitive” group. Third, I may or may not be part of any of the sensitive groups as defined by Google, but that doesn’t make my privacy less a right. Finally, It just won’t work, because if someone can figure out that other people in my cohort have visited places I consider part of my private life, they will be able to assume the same about me. That includes medical sites, mental health advisors, and lawyers.

This is all just bad. Google is offering different surveillance as an answer to what we have now. The stuff I describe above is in beta testing in the Chrome browser right now. While I don’t know the scope of this beta test, if history is a guide with Google “beta” means “it’s out there.”

Long ago, Apple and Google worked together on a thing called WebKit, the software that underpinned both browsers. I watched as schism formed between the two companies, as Apple engineers found security and privacy exploits in many of the new features Google wanted to implement. It was esoteric at the time, very abstract discussions about how some drawing tools could be used to read the screen underneath, which could include private information. Eventually the partnership split, and now Google has way more features than Safari, and Safari offers way more protection for you. Some sites don’t work so well with Safari, but that’s the cost of privacy.

Use whatever browser you like, but remember one thing: Chrome is the core tool (along with Android) created by a company that makes money by watching everything you do.

For a more detailed discussion of the new Google shenanigans, please visit the Electronic Frontier Foundation.

1

What You Pay to Google

I do it too. I use Google’s “free” services. But they’re not free. Google makes a shit-ton of money off me. Consider this list of things The Goog knows about me:

name, age, blah blah blah – tragically that is already forfeit
thousands of web sites I’ve visited
thousands of searches I’ve done (yeah, those searches)
the full content of thousands of emails I’ve sent or received. I don’t use my gmail account, but any time I send a letter to a gmail address my words are duly noted. Every word that goes through gmail is archived.
Almost every purchase I’ve made online
Every purchase I’ve made in stores using Google wallet (which are none, because that is my pathetic line in the sand.)

Google, along with all tech companies, has to reveal what they collect about you if they want to do business in Europe. But here’s the thing: While I can get a full accounting of activity on my Google account, I can find no way to see, and delete, the data collected about me while I’m not actively logged into g-whatever. Which is most of my life.

I use Duck-Duck-Go for searching now, which is better anyway if you want to refine your search with + or -. I have not put a full embargo on gmail addresses, but it’s tempting. Somehow they have the right to read the communications of someone who has never entered into any sort of agreement with them. (I am not such a person, but they must exist.)

Google must hate Facebook for getting caught harvesting shit that is none of their business so often. If it weren’t for Facebook’s ineptitude, Google might still live in an unregulated world. As it is, they are doing their damndest to obey the letter of the law while still collecting “anonymous” data they are not responsible for revealing. It is not anonymous. If it were, it would have no value.

Screw those guys.

Apple, Machine Learning, and Privacy

There’s a lot of noise about machine learning theses days, and the obviously-better deep-learning machines. You know, because it’s deep. Apple is generally considered to be disadvantaged in this tech derby. Why? Because deep learning requires masses of data from the users of the system, and Apple’s privacy policies prevent the company from harvesting that data.

I work for Apple, just so you know. But the narrative on the street comes down to this: Apple can’t compete with its rivals in the field of machine learning because it respects its users too much. For people who say Apple will shed its stand on privacy when it threatens profit for the company, here’s where I say, “Nuh-uh.” Apple proved its priority on privacy.

A second nuh-uh: ApplePay actively makes it impossible for Apple to know your purchase history. There’s good money in that information; Apple doesn’t want it. You think Google Wallet would ever do that? Don’t make me laugh. That’s why Google made it — so they could collect information about your purchasing habits and sell it. But in the world of artificial intelligence, respect for your customers is considered by pundits to be a negative.

But hold on there, Sparky! Getting back to the actual subject of this episode, my employer recently announced a massive implementation of wacky math shit that I think started at Stanford, that allows both aggregation of user data and protection of user privacy.

Apple recently lifted their kimono just a little bit to let the world know that they are players in this realm. Have been a long time. They want to you to know that while respecting user privacy is inconvenient, it’s an obstacle you can work around with enough intelligence and effort.

This is a message that is very tricky for Apple to sell. In their advertising, they sell, more than anything else, good feelings. They’re never going to say, “buy Apple because everyone else is out to exploit you,” — that makes technology scary and not the betterment of the human condition that Apple sells.

But to the tech press, and to organizations fighting for your privacy, Apple is becoming steadily more vocal. It feels a wee bit disingenuous; Apple wants those other mouths to spread the fear. But it’s a valid fear, and one that more people should be talking about.

From where I sit in my cubicle, completely removed from any strategic discussion, if you were to address Apple’s stand on privacy from a marketing standpoint, it would seem our favorite fruit-flavored gadget company is banking on one of two things: Than people will begin to put a dollar value on their privacy, or that the government will mandate stronger privacy protection and Apple will be ahead of the pack.

Ah, hahaha! The second of those is clearly ridiculous. The government long ago established itself as the enemy of privacy. But what about the first of those ideas? Will people pay an extra hundred bucks on a phone to not have their data harvested? Or will they shrug and say “If my phone doesn’t harvest that information, something else will.”

Honestly, I don’t think it’s likely that Apple will ever make a lot of money by standing up for privacy. It may even be a losing proposition, as HomeKit and ApplePay are slowed in their adaptation because they are encumbered by onerous privacy protection requirements. Maybe I’m wrong; maybe Apple is already making piles of cash as the Guardians of Privacy. But I suspect not.

So why does Apple do it? I don’t know. I’m not part of those conversations. But I do know this: If you were to ask CEO Tim Cook that question, he’d look at you like you’d grown a second head and say, “Because it’s the right thing to do.” Maybe I’m being a homer here, but I really believe Tim when he says stuff like that. Tim has told the shareholders to back off more than once, in defense of doing the right thing.

And as long as Tim is in charge of this company, “Because it’s the right thing to do” will float for me. So as long as Tim’s in charge, I know Apple will continue to respect the privacy of its customers. Maybe to you that’s not such a big deal, but it is to me. I won’t work for anyone I don’t respect.