As Google has enacted a series of high-handed, opaque changes to how Youtube monetizes, upranks and censors videos, Youtubers have found themselves battered by the changes: they built Youtube into a global multi-billion-dollar success story, but they don't get a say in how it's managed. Now, a group of Youtubers have teamed up with Germany's powerful IG Metall trade union to fight back, using Europe's broad privacy laws and Germany's broad labor laws to force the company to come to the negotiating table and give them a say in how the service is run. You can read more about it on the Fairtube campaign site. Read the rest

Friends, you're going to wish you were still making the scene with a magazine after reading this sentence: Google's web trackers are all up in your fap time and there's pretty much nothing (except maybe using a more secure browser like Firefox, read up on cyber security tips from the EFF, refusing to sign into a Google account and never going online without the protection of a VPN) that anyone can do about it. Read the rest

If you only look at porn with your browser in incognito mode, your browser will not record your porn-viewing history; but the porn sites themselves overwhelmingly embed tracking scripts from Google and Facebook in every page: 93% of 22,484 porn sites analyzed in a New Media & Society paper had some kind of third-party tracker, with Google in the lead, but also including trackers from some of the worst privacy offenders in Silicon Valley, like Oracle. Read the rest

The Googler Uprising was a string of employee actions within Google over a series of issues related to ethics and business practices, starting with the company's AI project for US military drones, then its secretive work on a censored/surveilling search tool for use in China; then the $80m payout to Android founder Andy Rubin after he was accused of multiple sexual assaults. Read the rest

After Bloomberg revealed that Amazon secretly sent recordings from Alexa to subcontractors all over the world in order to improve its speech-recognition systems, a whistleblower leaked recordings from Google Home to investigative reporters from VRT, revealing that Google, too, was sending audio clips from its voice assistant technology to pieceworkers through the Crowdsource app. Read the rest

Once upon a time, companies were able to insist -- with a straight face -- that the real problem with the security defects in their products was the researchers who went public with them, warning customers and users that the products they were trusting were not trustworthy. Read the rest

In 2016, Google announced that it was renaming its small Google Ideas unit to "Jigsaw," giving the new unit a much broader, "wildly ambitious" mandate: to tackle "surveillance, extremist indoctrination, and censorship." Read the rest

We bought a house in 2018 and have been renovating it pretty much constantly ever since: I've had to call out movers, emergency plumbers and electricians, find HVAC repairpeople, hire locksmiths, contract with a roofer, etc etc. Despite the longstanding and serious problems with fraud on Google Maps, I often start my search there, because I am an idiot, because 100% of the time, Google Maps sends me to a scammer. One hundred percent. Read the rest

Private Join and Compute is a new free/open Google tool that implements the longstanding cryptographic concept of "commutative encryption," which allows untrusted parties to merge their datasets without revealing their contents to one another, do mathematical work on the data, and learn the outcome of that work without either of them seeing the underlying data. Read the rest

Physical security keys, like those sold by Yubico, Thetis and Kensington, are a great way to lock down your digital lives. They also tend to be wicked fast compared to the wait you have to put on while you're waiting for a 2FA password to arrive via SMS or typing in a verification code from an app like Google Authenticator.

Unless of course said security key is deeply, deeply borked.

From Engadget:

Yubico is recalling a line of security keys used by the U.S. government due to a firmware flaw. The company issued a security advisory today that warned of an issue in YubiKey FIPS Series devices with firmware versions 4.4.2 and 4.4.4 that reduced the randomness of the cryptographic keys it generates. The security keys are used by thousands of federal employees on a daily basis, letting them securely log-on to their devices by issuing one-time passwords.

The problem in question occurs after the security key powers up. According to Yubico, a bug keeps "some predictable content" inside the device's data buffer that could impact the randomness of the keys generated. Security keys with ECDSA signatures are in particular danger. A total of 80 of the 256 bits generated by the key remain static, meaning an attacker who gains access to several signatures could recreate the private key.

If someone reading this can school me on why anyone working at Yubico would think that keeping 'predictable content' on a device meant to secure highly-sensitive governmental systems and information, I'd appreciate it. Read the rest

I am not enthusiastic about Google Stadia's chances.

Ars:

Google says you'll need 35Mbps to play at maximum settings—that's 4K resolution, high dynamic range (HDR), and 60 frames per second (fps) with 5.1 surround sound. As PC Gamer noted last week, that adds up to 15.75GB per hour, which would use up an entire 1TB monthly data allotment in 65 hours of game time.

Stadia will work at lower resolutions, with Google recommending 20Mbps for 1080p/60fps with 5.1 surround sound, and 10Mbps for 720p/60fps with stereo sound. That's 9GB and 4.5GB per hour, respectively, potentially using up a 1TB data cap in 114 or 228 hours.

The reason Google Assistant (that's the product you invoke when you say "OK Google" to your device) works reasonably well is that the Pygmalion team -- a small army of linguists -- work long hours handcrafting variations on common phrases ("set a timer for five minutes," "remind me in five minutes," "in five minutes, remind me...") and grammars that allow the system to correctly respond to your queries. Read the rest

According to a widely reported rumor -- first published by the WSJ -- the DoJ is preparing to launch an antitrust probe of Google, though it's not clear on what basis such a probe would proceed. Read the rest

A mom in Brazil became concerned as she watched the viewing numbers on innocent backyard clip her daughter posted to YouTube suddenly climb hundreds of thousands of views. The child posted a video of herself and a friend playing in the family pool. YouTube's recommendation engine had been suggesting the video as recommended content to viewers who'd just watched other videos that contained sexually oriented video content. YouTube's AI sexualized her kid and pushed her image to pedophiles. This happens a lot, apparently. Read the rest

Since January, Google has been pushing for a change to its extensions handling in Chrome; one casualty of that change is ability to block unwanted content before its loads, something that would effectively kill privacy tools and ad-blockers. Read the rest