Boing Boing 

You autocomplete me


A letterpress Valentine from Paperwheel ($6.75). (via Dan Hon)

Youtube ditches Flash, but it hardly matters

A year ago, the news that the world's biggest video site was abandoning proprietary software would have been incredible, but thanks to the World Wide Web Consortium's Netflix-driven DRM work, this changes very little.

Read the rest

G+'s Real Names policy has moved to China

Google's dropped its dumbass Real Names policy for social media, but don't worry, the adorable little fella found a welcome home in China, where bloggers and other social media users are now prohibited from using aliases or parody names.

Google's end-to-end email encryption moves to Github

Google's made some major announcements about End-to-End, their implementation of the best-of-breed email encryption tool PGP, which they're refactoring as a way of encrypting webmail so that neither they nor the spy-services can read it in transit or at rest.

Read the rest

Secret history of the poop emoji


The 2007 project to bring emoji to Android -- and thence to the Web -- involved an epic battle over the inclusion of the much-loved "pile of poop" emoji, whose significance to the Japanese market was poorly understood by various reactionary elements at Google.

Read the rest

Malware authors use Gmail drafts as dead-drops to talk to bots

Once you've successfully infected your victim's computer with malware, you want to be able to send it orders -- so you spawn an invisible Internet Explorer window, login to an anonymous Gmail account, and check in the Drafts folder for secret orders.

Read the rest

Google releases set of beautiful, freely usable icons


They're licensed CC-BY-SA and designed for use in mobile apps and other interactive stuff -- there's 750 in all! It's part of Google's Material Design project.

Read the rest

EU wants Google to extend "right to be forgotten" to global users


Right now, Google blocks "forgotten" articles on EU versions of its site.

Read the rest

The apology letter Google SHOULD have used to announce the end of G+ "Real Names"

The sudden reversal of Google's years-long insistence on "real names" for G+ users came after a long fight about the biases inherent in such a policy.

Read the rest

Infamous SF "eviction" lawfirm abuses DMCA to censor video of protest

The offices of Bornstein and Bornstein are notorious for running "boot camps" advising San Francisco landlords on legal loopholes for evicting long-term tenants so they can rent to the high-flying tech sector.

Read the rest

Google Plus drops "Real Names" policy

After years of criticism, Google Plus has finally dropped its controversial, Facebook-alike "Real Names" policy.

Read the rest

Indexing pages that Google must hide from Europeans


The controversial "right to be forgotten" European court ruling has Google removing embarrassing (and worse) search results from search-results served in the EU.

Read the rest

Google's badass "Security Princess" profiled


Parisa Tabriz 's title at Google is "Security Princess" -- meaning that she runs the adversarial internal team tasked with continuously testing and probing Google's security to find flaws before the enemy does.

Read the rest

Fake Google subdomain certificates found in the wild

An Indian certificate authority in the Microsoft root of trust has been caught issuing fake Google subdomain certificates that would allow nearly undetectable eavesdropping on "secure" connections to services like Google Docs.

Read the rest

Google Maps' enduring security holes put businesses at risk


It's been more than a year since a series of high-profile articles demonstrated that Google Maps' crowdsourcing function can be used create new listings, alter existing business listings, and even create fake Secret Service offices that real-life cops end up calling.

Read the rest

Goldman Sachs demands that Google "unsend" a fatfingered email to avoid "reputational damage"

Someone at Goldman Sachs fatfingered an email and sent confidential data out to the wrong person.

Read the rest

Elegant, cheap, simple folded cardboard mount turns your phone into an Oculus Rift


Revealed at the Google IO conference, Cardboard is a scored, flat-pack box that you fold into set of cardboard goggles that hold your phone; an accompanying software package uses your phone's screen and accelerometer to create stereo-optical VR images in the manner of the Oculus Rift. It's a delightfully simple and elegant concept, and Google has published plans for making your own. You need cardboard, a set of cheap lenses, a magnet, velcro and a rubber band.

Read the rest

Google announces end-to-end encryption for Gmail (a big deal!)

Google has announced support for end-to-end encryption with Gmail, a major step for privacy and a major blow against mass surveillance. Gmail users who install free and open Chrome plugin will be able to send and receive messages that can only be read by people who have their intended recipients' passphrase, and not Google -- meaning that even if the NSA legally or covertly taps into Google's data-centers, they won't be able to read mail that's encrypted with the End-to-End plugin.

This is marvellous news. There is already support for Gnu Privacy Guard (GPG) and Pretty Good Privacy (PGP) in Gmail, through Firefox plugin or Chrome plugin, but long experience has shown that many people are confused by PGP/GPG in its current state.

What's more, Google has explicitly tied this to the Reset the Net campaign (in which Boing Boing is a partner), a global day commemorating the Snowden leaks and calling for an Internet that is made strong and secure from mass spying.

Read the rest

You are a Gmail user


For years, Benjamin Mako Hill has paid to host his own mail, as a measure to enhance his privacy and independence from big companies. But a bit of clever analysis of his stored mail reveals that despite this expense and effort, he is a Gmail user, because so many of his correspondents are Gmail users and store copies of his messages with Google. And thanks to an archaic US law, any message left on Gmail for more than six months can be requested by police without a warrant, as it is considered "abandoned."

Mako has posted the script he used to calculate how much of his correspondence ends up in Google's hands.

I host my own mail, too. I'm really looking forward to Mailpile, which should make this process a lot easier, and also make keeping all my mail encrypted simpler. Knowing that Google has a copy of my correspondence is a lot less worrisome if they can't read it (though it's still not an ideal situation).

Read the rest

Google's Project Ara: a click-in/click-out modular concept phone


Modular mobile phone design feels important; I've been excited about the idea since Xeni posted about Phonebloks last September. Now, Google and New Deal Design have floated a concept for a modular Android phone ecosystem called Project Ara that's got me even more worked up. Project Ara lets you swap modules (batteries, radios, cameras, screens, etc) around between "exoskeletons." They call it an "ecosystem" because third parties are meant to be able to supply their own modules for an open spec.

A good overview in Wired discusses the possibilities this opens up (night vision, 3D imaging, biometrics) but I'm more interested in the possibilities for surveillance-resistant open source hardware, and hot-swapping modules that lock phones into carriers. Plus, as a serial phone-shatterer, I love the idea of being able to click out a busted screen and click in a fresh one.

Read the rest

Sony issues fraudulent takedown for Blender's open source movie


Alex writes, "This is a very good example of copyright abuse. The official Blender Foundation copy of Sintel on Youtube is currently blocked because Sony apparently claimed copyright over it. This is particularly distressing because Sintel is one of the precious few open-source movies in existence. Made with open-source tools, licensed under Creative Commons Attribution 3.0, with the source files from the movie free to download, Sintel represents the diametric opposite of this type of ownership. "

Read the rest

Big Data has big problems


Writing in the Financial Times, Tim Harford (The Undercover Economist Strikes Back, Adapt, etc) offers a nuanced, but ultimately damning critique of Big Data and its promises. Harford's point is that Big Data's premise is that sampling bias can be overcome by simply sampling everything, but the actual data-sets that make up Big Data are anything but comprehensive, and are even more prone to the statistical errors that haunt regular analytic science.

What's more, much of Big Data is "theory free" -- the correlation is observable and repeatable, so it is assumed to be real, even if you don't know why it exists -- but theory-free conclusions are brittle: "If you have no idea what is behind a correlation, you have no idea what might cause that correlation to break down." Harford builds on recent critiques of Google Flu (the poster child for Big Data) and goes further. This is your must-read for today.

Read the rest

Animation: How Google views user privacy

Mark from Screen Novelties sends us "This little animation we did for Google regarding user privacy. We happened to direct this at the same time the whole Snowden/NSA stuff went down last year. Google finally decided to release this to the public a few days ago. Just wanted to share. It's done in stop motion to give the feeling of the old school board games."

Way of a Warrant

Eric Schmidt on the NSA* (*translated from original bullshitese)

Bruce Schneier: "At SXSW earlier this month, CEO Eric Schmidt tried to reassure the audience by saying that he was 'pretty sure that information within Google is now safe from any government's prying eyes.' A more accurate statement might be, 'Your data is safe from governments, except for the ways we don't know about and the ways we cannot tell you about. And, of course, we still have complete access to it all, and can sell it at will to whomever we want.'"

Google Maps' spam problem presents genuine security issues


Bryan Seely, a Microsoft Engineer demonstrated an attack against Google Maps through which he was able to set up fake Secret Service offices in the company's geo-database, complete with fake phone numbers that rang a switch under his control and then were forwarded to real Secret Service offices, allowing him to intercept and record phone-calls made to the Secret Service (including one call from a police officer reporting counterfeit money). Seely was able to attack Google Maps by adding two ATMs to the database through its Google Places crowdsourcing tool, verifying them through a phone verification service (since discontinued by Google), then changing them into Secret Service offices. According to Seely, the disabling of the phone-verification service would not prevent him from conducting this attack again.

As Dune Lawrence points out, this is a higher-stakes version of a common spam-attack on Google Maps practiced by locksmith, carpet cleaning, and home repair services. Spammers flood Google Maps with listing for fake "local" companies offering these services, and rake in high commissions when you call to get service, dispatching actual local tradespeople who often charge more than you were quoted (I fell victim to this once, when I had a key break off in the lock of my old office-door in London and called what appeared to be a "local" locksmith, only to reach a call-center who dispatched a locksmith who took two hours to arrive and charged a huge premium over what I later learned by local locksmiths would have charged).

A detailed post by Dan Austin describes this problem, points out that Google is more than four years late in delivering promised fixes to the problem, and offers solutions of his own. He suggests that the high Google Adwords revenue from spammy locksmiths and other services is responsible for the slow response to the problem.

Read the rest

Censorship flood: takedown notices to Google increased by 711,887% in four years


The State of the Discordant Union: An Empirical Analysis of DMCA Takedown Notices , a paper publishing in Virginia Journal of Law and Technology by Stanford/NUS's Daniel Seng, documents the vast, terrifying increase in the use of DMCA takedown notices, which are self-signed legal notices that allow anyone to demand that material be censored from the Internet, with virtually no penalty for abuse or out-and-out fraud. The increase is driven by a small number of rightsholders who have automated the process of sending out censorship demands, industrializing the practice. The three biggest players are RIAA, Froytal and Microsoft, who sent more than 5 million notices each in 2012, and at least doubled their takedowns again in 2013. In the four years between 2008 and 2012, the use of takedown notices against Google grew by an eye-popping 711,887 percent.

Read the rest

Mapping ecotpian jungles onto Google Streetview


Urban Jungle Street View is a Google Street View mashup that pulls out the 3D information latent in the Streetview database and uses it to map lush, ecotopian foliage over the surfaces of the buildings and street furniture. You can put your own address in and see your home covered in climbing jungles and explore from there, or use great architectural landmarks as your starting point. Shown here: the Flatiron building in midtown Manhattan, where my publishers are located.

Its creator, Einar Öberg, has created a ton of other amazing mashups based on similar principles.

Read the rest

Youtube bids happy 25th to the Web by granting British spies mass-censorship power

The service will allow British security officials to censor videos "at scale" -- but not illegal videos, just material that "certainly is unsavoury and may not be the sort of material that people would want to see or receive." The new "super flaggers" will target jihadi radicalisation videos and, basically, anything they don't like. But what could go wrong? Thanks, Google!

Update: Turns out the British spies who made these claims were lying.

Comment-spammers threaten to sabotage their victims through Google Disavow if the evidence of their vandalism isn't removed

Tim got an email from someone trying to get rid of comment spams -- ever since Google started punishing sites that left comment spam on blogs, this has been going on a lot. When Tim told the guy to buzz off, he threatened Tim with sabotage by means of Google's "Disavow" tool, growing progressively more abusive as Tim stood his ground.

Read the rest

Full NHS hospital records uploaded to Google servers, "infinitely worse" story to come

PA Consulting, a management consulting firm, obtained the entire English and Welsh hospital episode statistics database and uploaded it to Google's Bigquery service. The stats filled 27 DVDs and took "a couple of weeks" to transfer to Google's service, which is hosted in non-EU data centres. This is spectacularly illegal. The NHS dataset includes each patient's NHS number, post code, address, date of birth and gender, as well as all their inpatient, outpatient and emergency hospital records. Google's Bigquery service allows for full data-set sharing with one click.

The news of the breach comes after the collapse of a scheme under which the NHS would sell patient records to pharma companies, insurers and others (there was no easy way to opt out of the scheme, until members of the public created the independent Fax Your GP service).

According to researcher and epidemiologist Ben Goldacre, this story is just the beginning: there's an "infinitely worse" story that is coming shortly.

Read the rest