Cyberpunk dystopia realized. It is not so hard to imagine a near future where corporations have much more power than states.
Imagine you do something like this in the near future. You are banned from all communications. Alpha corp. reports it to VISA corp. and all your money is confiscated. State can't help you as you do not have a way to communicate with it, don't have a way to start any legal process as you do not have a way to pay. All your daily subscriptions to housing, mobility, entertainment are cancelled and you are homeless the same day.
The only way for you to stay alive is to hike to lawless desert city of "Kowloon 2.1". You walk by the highways observing huge OLED billboards. They show presidential elections. This time it is some adult TV reality show star competing with tanned bodybuilder.
I agree with the overall view but, corporations with more power than states is the wrong frame, IMO.
What we're seeing here is symbiosis, not competition. Google empowers (overpowers) the state and the state empowers Google. It's state action that required and legitimised automated & invasive "crime detection," while requiring and legitimising underlying the underlying data collection and privacy invasion that forms a pillar of Google's ad business.
Google's lobbying and advisory efforts, and their position as a big competent partner empowers the state. When citizens lobby them to "do something" to protect children, they go to Google to borrow their power.
"Centralisation" is too zeitgeist and has the wrong connotation, but it's close. "Convergence" is probably a better term. Actual tensions between State(s), Google and say Apple are minor compared to symbiotic reinforcement.
We're seeing one small element of Google-powered policing here. The totality is likely much broader, and law enforcement is and will be very dependant on this. Apple make more (at a 100% profit margin) selling Google their defaults than they (or anyone) could possibly make competing.
I could argue that the State is becoming irrelevant as laws controlling corporations are written by the same corporations (through lobbying and general involvement as an "experts of the field"). These laws are written not only be serving the corporation but also making the corporation blameless.
So it is not a symbiosis per se but rather complete overtake of host (State).
State becoming irrelevant makes politics a reality show.
While this is a very popular cynical view, it simply doesn't explain much. Corporations would like many many things that are not happening, because certain groups of people want otherwise. (Eg. cheap immigrant labor, less restriction on building, lowering of tariffs, repeal of the Jones Act.)
Though you could say that protectionism benefits a lot of companies, but a decrease in it would benefit more (and bigger ones).
By the time it explains more it will be too late. This is a prognostication - a warning about where we're headed. It's a caution sign by a trailhead leading to a washed out bridge.
It's really obviously symbiotic if you look at any level of detail.
Old leftists see it as corporations taking over the state. Conservatives see it as the state taking over corporations. Meanwhile, it's extremely obvious that both are complicit and that they grow to rely on each other in quickly inextricable ways.
This article is about Google doing police work: surveillance, analysis, investigation. It is only one example, a detail within a larger framework. Now, privacy focused competition represents an interference with critical police work.
Meanwhile, Google is highly involved in drafting legislative detail about how copyright is implemented. How liability for platform usage is implemented. Etc.
The state is not irrelevant at all. Politics might be a reality TV show, but that's always been the case.
>Conservatives see it as the state taking over corporations.
But this is false. Corporations are and always will be exclusively answerable to their shareholders. Whereas the state can have any loyalty depending on who is controlling it
Shareholders are pretty happy under a system in which the corporation benefits from tax breaks and loopholes, fat government contracts, favorable legal environments, carve-outs for regulation exemptions, regulations that make entry into existing markets prohibitively expensive, etc.
The counter view is that we are all becoming to apolitical and the world is becoming too fuzzy/overcomplex in our view, so that our traditional political system can cope with them. The thesis, antithesis, symbiosis mechanism described by Hegel has produced a great blur of least bad options for the majority (some being at least really bad for a few) . It would be up to the intellectuals to at least develop a more inclusive antithesis. I am only seeing hyper-capitalist BS as a proposed "radical" option. A revolution needs a good cause...
This is as true as sad. This kind of centralization of power will end the world we know. Information asymmetry enforces itself automacically. What a bunch of sheep we are. Including the high paid henchmen of power reading this.
I think this problem doesn't really lie along the axis of centralization of power. Google is taking on policing power because the actual police are more or less absent on its platform (because of technical competency and complex jurisdictional issues). Is that an example centralization or decentralization? It's a little of both.
The real problem, IMO, is best described as "public power in private hands."
True. But it is more often so than not. For example women were actively kept from being equal, to quite some extent by not educating them equally. Also the ages of feudalism were quite long until something finally changed.
It’s also largely the state deputising corporations to do law enforcement without judicial oversight. We have seen this in banking for years where banks have become liable for the misdeeds of their clients and are effectively applying an over-cautious approach of aggressively investigating and banning clients, that makes the most zealous stop-and-frisk policies look mild in comparison. You live in a world where you cannot not have a bank account, or a smartphone, or an email address.
It's not too far fetched. I have been discriminated with Revolut. With corps it's as simple as who's on the other end of the line. Not very different from TSA singling out person of certain colors. I approached the state to intervene and was simply told it's out of their remit because even though Revolut can operate in the state, it doesn't have the license. By the time you reach to the other end of rabbit hole, it's not worth the hassle.
Voting with dollars works with corps so they are self correcting, in the sense of they want to keep their customer base. But what happens when someone is poor enough to not be their customer? Or they are rich enough to overlook discriminatory behavior of their employees?
In the end invisible hand of capitalism sorts out corporations. But OPs example of a ruined life is totally possible. Yes, state can be more powerful but by the time it reacts, it might be too late.
It works in the sense that if people don't buy, companies change. There has almost never been a "consumer action" that organised to influence companies in any significant way. It just doesn't work IRL.
> There has almost never been a "consumer action" that organised to influence companies in any significant way.
Nonsense. As a prominent example in tech, Microsoft has become a very different company thanks to seeing their customer base eroding under their old ways. They had to shape up to remain relevant, and I'd say did a decent job of doing so.
As a farmer, the market voted that they want non-GMO soybeans for food consumption, and now that makes the biggest crop grown on my farm. GMO soys would be a lot easier, but I am ultimately beholden to what the customer will pay for. If I don't grow them my neighbour will and with his profits he'll improve his overall efficiency until I can no longer compete with any crop.
Voting with your wallet works just fine. But that, of course, does not mean your vote will win. Like in governmental elections, just because you believe in something doesn't mean anyone else does.
If by "voting with your wallet" you mean passively buying whatever is the best option available to you, sure.
Consumer action doesn't mean that. It means some sort of organised campaign to influence companies/industries by boycotting products or otherwise "voting with dollars. These campaigns never succeed directly.
I really don't think that a large population of the world independently woke up one day and decided, "You know, I don't want to eat GMO soybeans." Those choices have come as a result of consumer action pushing a non-GMO message.
It fails when most people are apathetic to or disagree with the message, sure. That's the nature of voting. You won't always win. You might never win.
People have lots of food choices available, a decent understanding of food, reasonably legible information about ingredients, nutrition, etc.
Google (and other tech monopolies) do not have readily available substitutes. Network effects and such funnel usage. Most users don't know policies, nor understand their implications if they are.
I think it's extremely disingenuous, at this point to argue that AMZN, MSFT, GOOG or whatnot are merely a popular consumer choice. In any case, you accept the outcome of elections in a democracy, or maybe even a sports league committee. "Voting" with dollars is an analogy. The people affected often aren't even google's customers. The actual dollars come from elsewhere. In conventional, industrial terms, most users are a resource being transformed into a product with technology. For example, Apple receives money for setting users defaults to Google. Google receives money for advertising to these users. There is no "sour grapes, move on" here. No actual election to adhere to.
Whatever about theoretical voting with dollars, we all know how "voting with votes" would turn out.
You wonder sometimes, the things they say. Perhaps it is more accurate to say that they have an active interest in food? Which goes to show that when people want something to change, they'll take an interest and make change happen. If they are content with the way things are and vote for the status quo, that's their vote to make. Just because you didn't get your way with your inane pet ideas doesn't mean voting doesn't work.
> Google (and other tech monopolies) do not have readily available substitutes.
TV, radio, billboards, flyers... There are all kinds of substitutes. Some of which can command a lot of money from their customers because of them providing a proven valuable service. Google and the like may be the best in the biz, but there are a lot of other choices which are quite viable substitutes.
Google even suffered through the "adpocalypse", a period when customers did flee when they weren't happy with what Google was doing. We don't have to invent hypotheticals. It literally happened to them and it forced them to change things about their business to start to win customers back.
This "existence proof" line or argument is, IMO, totally disingenuous when applied like this.
If you think Google, amzn, msft or whatnot exist in a competitive marketplace like restaurants and refrigerators.... it's just foolish.
Adpocalypse was not something that happened to google. It was something Google did to it's vendors, content producers. Google just found a way to increase revenue. They are a monopsony in regards to content producers. So, they get to present a take-it-or-go-be-a-dentist proposition.
In any case, there is no "vote." Actual voting would turn out very differently.
> If you think Google, amzn, msft or whatnot exist in a competitive marketplace like restaurants and refrigerators.... it's just foolish.
It may not be competitive, but they are also pretty easy to walk away from. I've never been a customer of Google's, and haven't purchased anything from Amazon or Microsoft in many years. What do you really need from them? Not like what would be nice to have, but what do you really need? If you are buying from them it is because you like what they have to offer and are voting for it to continue.
I have no doubt indirectly purchased things from all of those companies and I'm okay with my vote landing that way because the product offered was exactly what I wanted. If it wasn't what I wanted, why would I buy it? That would be silly. I could easily exert pressure on the vendors I do buy from to stop buying from the above if there was a problem. They don't offer anything I truly need either.
That, of course, doesn't mean I'll win if I change my vote. If the problem is only in my mind, nobody else is going to care and the vote will land in their favour, not mine. Voting isn't about an individual. That is where it seems you are confused.
> It was something Google did to it's vendors
The changes Google had to make ultimately impacted its vendors, just as any business changing their ways no doubt impacts its vendors. My transition to non-GMO soybeans in response to consumer demand meant I was no longer buying the equivalent seed from GMO seed vendors. However, the situation all started because Google's product was no longer pleasing to the customers, which prompted the customers to stop being Google's customers until they changed their ways.
> In any case, there is no "vote."
Indeed, there is a vote. You can vote yes (spend your dollar) or you can vote no (do not spend your dollar). The entire public, even children, are eligible participants in the election... Unless they've been voted out, in which case they need to change their ways to be voted back in.
That doesn't mean your choice will win, of course. Voting is not about the individual.
You can choose not to purchase, to an extent. You will likely use Amazon, microsoft and google at work in most industries. In many, avoiding paying them is highly limiting. I suppose you can also avoid paying the post office
Even if you manage to avoid paying them.... good luck avoiding using their sites, sites hosted by them, or collecting data for them. Good luck avoiding their payment systems, communication platforms, etc. This isn't like avoiding Mcdonalds. You need to be on John Galt's mountaintop to avoid these monopolies.
Sticking to a narrative where Google's monopoly/monopsony represents free choices between free people is idiotic.
I'm not going back to the voting thing again. It's beyond stupid.
> You need to be on John Galt's mountaintop to avoid these monopolies.
So be it. If we were talking about a governmental election, and "your team" lost, you would also have to disappear to the mountains if you wanted to avoid having to interface with the elected government that doesn't represent your interests. More likely you'll just suck up the loss. That's what elections entail... They are not about the individual.
> Sticking to a narrative where Google's monopoly/monopsony represents free choices between free people is idiotic.
In reality, Google wouldn't last long if a large swath had a problem with them. The fact of the matter is that they offer a compelling product that many people want to use. You might not want to, but your minority position means that you've lost the election. Suck it up or move to the mountains, I guess, because the vote isn't about you as an individual.
Monopolies of this sort can be problematic in that they can cause people to become blind to alternatives. If what Google offers is good enough, you're not compelled to look elsewhere. And when everyone has settled on the same good enough, there isn't someone else in your ear saying "You should check out X! It is even better than Google." This keeps the votes coming in for the incumbent.
But if Google were to become no longer good enough, people will quickly start to look for X and vote for something else. Google already had exactly that happen when they were coupling their product with "unsavoury" content, which scared away customers who didn't want to be associated with such content. They had to change their policy to win back the votes.
The state can also send you off to die in a war. It's not as though it is better than corporations. Just different.
And it is no more likely to cater for small minorities than a corporation; it just claims it will. If there's political will then it might happen, just as businesses are started to cater for emerging markets. But there's no guarantee.
That's an interesting dystopia. Using the same lens, I can see similarities between Google and other pioneering companies of the past such as the East India Company (EIC) which sported its own army and ruled large parts of the British Empire.
Other similarities might be market share, i.e. EIC controlled 50% of world trade at its height [1] vs Google's Search being used by 52% of the world in 2019 [2].
That all said, I'm squinting a bit to see this. Unlike Company rule in India [3] where one had little recourse as a subject if the EIC ruled against you; if Google rules against you then you can move to some other provider (of which there are many).
It's still fun to think of these analogies. I was always fascinated by the mega corporation, OCP, in Robocop that sought to privatise large US cities like Detroit [4].
>> Unlike Company rule in India [3] where one had little recourse as a subject if the EIC ruled against you; if Google rules against you then you can move to some other provider (of which there are many).
I totally disagree. Early EIC/VOC rule was lawless. Or rather, the EIC was literally sovereign. They ruled colonies in the same way that monarchies, democracies and whatnot rule. 17th century royal charters devolved power to these companies like they devolved power to colonial governorships or other bodies.
The early EIC is more comparable to the Colony of Virginia, which itself started as the Virginia Company. All technically ruled under a royal charter, but were practically sovereign within their domains.
Later EIC rule was more similar to modern corporate examples. Rule of Law was ostensibly introduced, and you could (in theory) take your grievances to civil authorities. In some ways, this starts to become similar to modern examples of corporatism. The EIC was still extremely big, rich and powerful. But in this later period, state power and state coffers interweaved
I can't quite see what you disagree about but yes all your other points are true - that's correct. Perhaps you missed the bit where I said I was squinting :-)
> Other similarities might be market share, i.e. EIC controlled 50% of world trade at its height [1] vs Google's Search being used by 52% of the world in 2019 [2].
Do you realize how ridiculous putting “number of people using for search” and all of “world trade” in the same comparison is? Google’s 200-300 billion annual revenue is barely 1% of the US GDP.
For a size comparison, you would need to throw all of the FAANGs together, some energy companies, and some banks to reach the inflation adjusted market cap of the Dutch East India trading company: https://dutchreview.com/culture/history/how-rich-was-the-dut...
Of course you can't compare apples with bananas - I'm not daft. I was simply looking for percentage similarity in controlling something (i.e. ~50% of world trade, ~50% of world internet search).
It amusing on how having a little fun with a comment on dystopian cyberpunk can ruffle so many feathers :-p
Given the now multi year heavily covered role of payment processors in policing the boundary between sex work and abuse I’m surprised payment is so far down the list in these comments. In the news this month:
Getting deplatform by payment processors is existential. Also, of note, they are just the front door to a banking system that is generally necessary for commerce and yet under similar pressure to police:
The Swedish Central Bank is investigating a eKrona, which would be a state-backed digital currency.
I'm living in Sweden, have no problems with a cashless society in theory, but that it's all in the hands of private corporations definitely makes me unhappy.
I think the point being made is about banned by your region's major payment processing corporations, not specifically Visa or Mastercard.
Any statement about a "majority of the world" would need to apply to India, China, and the African continent to be true. In China being banned from Alipay or similar would presumably have the same or even worse effect. India's attempt to go cashless some years back disproportionately affected those without plastic or digital payment cards, further emphasizing the point.
I don't know too much about payment systems in Africa but my understanding is that mobile payment services have been heavily adopted and if a major payment corporation in the region banned an individual it would have a drastic negative effect on their livelihood. If corporate-issued payment devices are easy to do without in Europe it would seem to be the exception, not the rule.
Yes, there are transactions that occur in cash, bank transfer & such. Fail to present a Visa/MC when you rent a car in Dublin or Brussels and you will be in for a surprise. In Dublin, standard practice is to compromise by making you pay a 5X rate... insurance or whatnot. Maybe there is a no-card option somewhere in the city, but it certainly isn't most places.
Yes, you can be an electrician or consultant without accepting cards. No, it is not practically possible to run a store or most customer facing businesses. Even most electricians and consultants accept or at least use cards.
There's no meaningful difference between Europe and the US. This is a powerful and hard to avoid duopoly.
I wonder if it differs across Europe. In the UK at least, you are very right. Debit cards run via the visa and mastercard networks and every store that accepts debit cards also accept credit cards.
German banks are stubbornly clinging to their Giro cards, much to the inconvenience of iPhone users. The cards are usually Maestro-compatible, but domestic transactions use the domestic system.
I'm sure the privacy aspect of it must be very tricky; Apple collects a lot of information when using Apple Pay, and I can imagine that German banks might be hesitant to share such granular details.
Here in NL Apple Pay works fine with a lot of banks -- and they're still just Maestro cards.
I suspect that it's related to the high degree of decentralization. Sparkasse and Volksbank are each federations of hundreds of independent local credit unions. You can do business with them if you accept that the standard interchange fees and conditions are set in stone, but if you want preferential treatment, you need to negotiate with every local member bank individually.
I'll go out on a limb and assume that the standard fee structure does not afford wallet manufacturers a per-transaction fee.
There is a major difference: VISA and mastercard offer credit cards. Not many people use credit cards in Europe, they are all debit cards. Most stores I know do not accept credit cards at all, you have to have a debit card. You can easily refuse someone credit and scrap their credit card. It is a lot harder to deny someone access to their savings.
Most international (and even local only) european debit cards are owned or serviced by Visa and Mastercard. A store isn't denying people either Debit or Credit. It's only denying them bananas & laundry detergent.
This is totally tangential, but I would actually argue that denying someone access to their credit is not that different. Credit is what money is. Our European attitudes towards debt and credit is intensely responsible for our two tier system. Credit for the rich. Debit for the poor. Policy debate about where and how the border between these two should be.
Denmark and probably other Scandinavian countries almost never deal with cash any more. Everything is by card (Visa) or MobilePay (an app connected to your card)
If the card would stop working you would have a hard time.
In Sweden we are super reliant on digital payments and a lot of stores don't even accept cash any more. Most people don't carry cash only digital payments. This simplifies for the stores/restaurants and maybe decreases the risk of handling larger amounts of cash.
I love the simplicity of digital payments and not having to bother with change and such. We even have an app called Swish (set up by Swedish banks) that does free money transfer between people and can also do payments to stores.
Every once in a while some pensioner organisation or so starts a debate about them not understanding how to pay their bills via an app and that they can't shop at some stores/restaurants only taking payments via an app (Swish). Some seniors might not have a smartphone or are unable to use it.
But the real and much bigger issue is what happens in case of a crisis. Like a huge power outage or the rolling blackouts that might come this winter depending on how the power situation develops in Europe. Or in case of natural disaster or war. We have historically had a very stable power grid and society so most people don't even think about what they would do if their digital payment methods just stopped working. I don't think it benefits our society that we are unable to make payments without technology.
When you pay by card in a Norwegian store, you probably use a card that supports BankAxept (since 1991). In that case the payment will be made through the banks, instead of through Visa. 3 of 4 payments go through BankAxept.
Cards issued by banks will often combine BankAxept and Visa/MC on the same card, so that users don't need a separate Visa card. The terminal will switch to BankAxept if available automatically. This is done transparently, so there are no issues with using it as a Visa card outside Norway.
There are still some fees involved of course, but they are much lower and typically a fixed price. One article I read says that BankAxept is cheaper than Visa for transactions over 30 NOK (~3 USD), but the information may be out of date.
No, VISA has recently managed to kill Maestro and is taking over. Even the Swiss post bank is now issuing visa debit cards instead of the previous Postfinace cards which only worked in a limited number of ATMs.
In Switzerland it's still possible to buy things online and pay by an enclosed invoice. Twint is a local digital payment system and it is universally accepted, both online and offline.
Twint takes 2% from vendors. This is also why you can't generate a code to have your friend pay you but instead have to enter their phone number since those transactions are free.
In 1-2 years we will have instant IBAN payments, I wonder how long until there is a fee for that as well which is currently free just takes a day.
That right is not absolute, payment providers can reject you based on laws regarding money laundering and terrorism financing. Not something the average person needs to be worried about however.
> Member States shall ensure that credit institutions refuse an application for a payment account with basic features where opening such an account would result in an infringement of the provisions on the prevention of money laundering and the countering of terrorist financing laid down in Directive 2005/60/EC.
Another note that companies do not have a right for a bank account. Overcompliance and compliance theater is getting so bad, so that even normal small enterprises are starting to have issues. Banks just do not want to onboard small businesses because the life time value of a small business bank account is negative.
Also, props to those of us wise enough to run a front company and keep separate books solely for the reason to manufacture eligibility to accept bank cards
I had two options to do that in 2011; one by funneling money through Cyprus to an Israeli bank, and the other via a phony real estate company in Costa Rica. I didn't take either of them because the potential for having payouts or deposits suspended in transit by a card company, if they found the violation for miscoding gaming transactions, would've decimated any chance I had for fully legitimate operations; and also any banking freeze probably would've destroyed my standing and credibility with customers. Since it was important to me to not run a criminal enterprise and since transparency was one of the few things I could offer to set my company apart from other casinos, I declined, and instead spent a huge amount of time and energy blocking any attempt by people in the US to gamble on my site.
So, no props are due whatsoever to the people who took that route. If you got away with it all these years, then abi gezunt. Most of the people I knew who did those things in the early Bitcoin years are now in prison.
I didn't downvote you, but I did find it interesting that Bovada, which was originally a bitcoin sportsbook and casino, achieved Visa/Mastercard integration for deposits several years ago.
If YC or other investors hadn't thought it was an outright joke when I asked for $500k to get a license in Malta in 2011, for what at the time was the only full Bitcoin casino that I'd handcoded with 25 socket based multiplayer games since 2008 before Bitcoin even existed, then I too would now be accepting Visa and Mastercard. And between me and now, dozens of players have come from both traditional to cryptocurrency and vice versa. It's really all who you know, or who you bribe. My policy these days is just to write good software that makes money for me personally, and no longer share it with any of these assholes.
I do appreciate the non-downvote, btw. I'm drunk and prickly tonight... these topics about society eating itself get my hackles up.
That's why heavily regulated banking is so important. Banks need to answer to the people. It's the price for being allowed to integrate into society in such a fundamental role.
> It is not so hard to imagine a near future where corporations have much more power than states
Quite hard to imagine for me. Corporations don't have an ideological framework underneath ("we the people..."), so they are going to get overpowered any time push comes to shove.
But corporations do have ideological underpinnings, and not just the generic ones that underpin capitalism. Look at the below mission statements:
To organise the world's information and make it universally accessible and useful - Google
To enhance the lives of our people, members, customers, and the communities in which we trade - Co-op group
Give people the power to build community and bring the world closer together - Facebook
To support national and international security policies that protect those who are defenseless and provide a free voice for all with a dedication to providing ethical, efficient, and effective turnkey solutions that positively impact the lives of those still caught in desperate times - Blackwater
I would argue all of the (along with the generic maximizing shareholders value obviously.) are concrete expressions of specific underlying ideologies. Roughly speaking these are that information should be universally accessible, corporations should benefit not just their shareholders, the world would be better if we were all one big family (very dubious!), and being a mercenary is fine as long as you're an "ethical" mercenary, whatever that means.
That we often don't see these as ideologically motivated statements is just because they are all, to a greater or lesser extent, in line with the dominant ideologies of our time, capitalism and liberal democracy.
I can't believe the response after the media approaching them was still "We're right and your account remains banned" I understand the reluctance to expose themselves to potential legal complications but in this case with the police report it's pretty clear cut that these photos were not criminal and the photo taker has not committed the crime Google is accusing him of.
It seems like a problem that requires legal change. Right now Google is fully entitled to nuke the persons email and phone number, completely locking them out of their life. And they can do this for any reason without any recourse.
Once you reach the scale and importance of these services, it shouldn’t be legal to lock people out like this.
It does require legal change but not the one you're implying. I love how the conversation moved from the initial outrage of "they're scanning my private images!" to "ok, they are scanning my images but I need to have a legal recourse to get my accounts back in case I'm banned improperly".
There is no good excuse for this kind of spying apparatus, period. If anything, having a mandated formal process for reinstating banned accounts will make the scanning more acceptable, which it shouldn't be. "You see, yes, we're regularly checking out your dick pics but it's all good, we have a process in place and if we tag an image as CP, when it's not, you'll eventually be exonerated. No harm done"
Why? Why should be fight for legal recourse first before we tackle the real problem? (At least in this context, legal recourse for unwarranted service termination can also be useful for things unrelated to scanning of private data, but that's not the point) This sounds like the "step back" in the "two steps forward, one step backwards" ideom.
I'd argue because it would likely be an easier battle and would still win rights and, perhaps, set precedent for the limitations of entities like Google here and elsewhere. The alternative of blocking scanning all together is extremely easy to railroad.
I'm more than prepared to just stop working for a few days or even a week or two.
I already actively boycott Chinese products where possible (I buy non Chinese if at all possible, even at significant higher prices), support the Georgian Legion with my own cash and have probably spent hundreds of hours on unpaid online activism this half year on top of what I do for my church (although in all fairness it still does more for me).
If enough people band together and just plain stop working, sooner or later politicians will have to listen.
I think companies that have sufficiently significant market capture should be laden with a "universal service obligation" as an antitrust-type measure. They shouldn't be able to refuse service unless they can prove the customer is doing something illegal. If they do refuse service, the customer should have grounds to sue them to restore service.
This might go against some people's idea of a free market. I think it should only apply where there isn't a free market - when a customer doesn't have many other options, such as in the case of Google or Apple, or Visa/Mastercard, a major supermarket, or the choice of cellphone provider or Internet provider in markets where there are only a few options. It wouldn't apply to small independent traders by definition.
Capture enough of the market where there isn't enough competition and you get obligations to treat them fairly.
Companies like Google rely heavily on AI and automation and keep humans out of the loop to the extent possible. Once the models detect these sort of photos, they won't be stopping. If they don't add a permanent exception then the AI would flag it on the next pass and repeat the process. Google certainly won't be retraining the models to learn to exclude "but not photos for doctors". Having humans going through and flagging accounts (or photos) for exceptions will ruin the economies of scale.
This can't keep going on like this. To somebody like Google, an account might just be a profit source, but to the affected people it can be their lives or livelihood.
The issue of right of redress really needs to be forced, legislatively.
I wonder whether the man could sue Google for defamation because they've asserted that he's done something and taken an action as a result of that. As a result they're defaming him. I'm not a lawyer and definitely not sure of US law. It'd be interesting to hear a real lawyer consider this.
Playing devil’s advocate, possession of CP is criminal with absolute liability [1]. Deleting someone’s account, far from it. (Civil. Maybe.)
Weighing someone who might have CP, even to an absurdly low probability, against them being suing and like two people deleting their Gmail accounts, I can see how someone chose the former. If they got the call wrong, Google would not only be liable for damages, the individuals involved could be criminally charged.
I’m assuming everyone in this chain would appreciate laws clarifying an email bill of rights. On the other hand, Google made their bed with its surveillance-first culture.
You are playing devil's advocate against the current legal situation. I don't agree, but fine. But you're responding to the suggestion to make a legal change, this legal change presumably would put a liability on these kinds of false positives too. One of the two could still have stiffer sanctions, and cause Google to prefer the other, but the idea is at least that this choice wouldn't be that obvious anymore.
> they got the call wrong, Google would not only be liable for damages, the individuals involved could be criminally charged.
So how come this has never happened?
Google and Facebook have existed for decades, and so has CP, they didn't have automatic detection untill decently and yet none of their employees have ever been charged.
I've got a question for the lawyers here. These photos were for communication with a medical professional. Can't the argument be made that this was a HIPAA violation? Isn't this grounds for an entire whale of a class action lawsuit ?
IANAL, but my understanding is HIPAA applies to covered entities, i.e. medical professionals.
Google can use the defense that somewhere in the TOS it probably says you agree to share everything with them when it goes to cloud storage.
HIPAA doesn't prohibit people from sharing info about themselves (even accidentally). Though it does probibits your doctor from putting photos like this near Google anything.
HIPAA specifies how medical professionals should handle patient information. None of the parties in this dispute are medical professionals, so HIPAA does not apply.
I guarantee that the doctor has a HIPAA agreement that you sign when you agree to communicate over email that says that you grant him the right to share the files with Business Associates, and that their email providers are considered Business Associates for the purpose of transmitting ePHI.
How could they conceivably even look at the data to unban the account though? That shit's radioactive, as soon as the AI flags it I don't know how a (non-LEO) human could possibly view it without running afoul of the law. There's no reasonable way to reverse this action.
The biggest worry about these kind of situations is not that mistakes are made, but that it's almost impossible to make contact with a real human being to put things right [even, as in this case, when press and police are involved]. It's only a matter of time before someone loses their livelihood or even their life over this kind of cock-up.
It's also easy to lose your livelihood or even life if you fail to eject something from your company's possession after you have reason to believe it contains certain materials of abuse. Federal and state prosecutor opinions differ, so clearance from local or state LEO (as done here) basically means dick. If you're wrong, then you get thrown in prison where you hear stories of "chomos" getting raped and shanked. If google is right, maybe they get a little bit of advertisement money. Imagine if this father did something later and the prosecutor uses this happening as evidence that this content was 'knowingly' harbored by the company. Seems like a bad calculus to me, just cut the guy loose whether he is innocent or not. You don't have the same rights to private service as you do rights in public.
'local government/LEO gave the all clear' is not a tight defense against federal prosecution and conviction. For instance, Jeremy Kettler was convicted despite full local and state blessing for possession of a silencer in violation of federal law (he, the state, and local government all thought he was following all laws including federal ones, but it turned out federal prosecutor had a different opinion on what 'interstate commerce' is). I personally would never risk getting registered as an offender on the hopes some federal prosecutor has a different view than local LEO, it's just not worth unbanning the guy unless both the state and federal prosecutor have signed statements granting immunity from prosecution.
I don't think it's legal for those people to view it though if they have reason to believe it contains certain images of child abuse. Once the AI flags it that shit goes radioactive and is basically unviewable until LEO looks at it. Even if local LEO looks at it and clears it, that doesn't clear you from being federally prosecuted if you review the content later.
Here is how it worked when I ran a file sharing service:
- We would allow people to upload files
- these files would go into a 'holding tank'
- the files would then get greenlit if some rudimentary algorithm determined
they were landscapes or other innocent content
- the remainder would be flagged for review
- bulk images would be displayed in a grid of 8x8 thumbnails
- the vast majority of those would not be reason for further action and
would be greenlit, the remainder would go into yet another holding tank
- now the pictures would be viewed full size, any kind of image that
would be against the TOS would be rejected and a hash would be kept
to avoid seeing it again
- any kind of image that was deemed illegal or borderline would be
passed on to LEO for another decision, possibly resulting in
criminal charges against the uploader.
The complications:
- uploaders would try to mask their identity
- uploaders would be all over the world
- even after reviewing LEO would sometimes indicate that an image was
inconclusive (in those cases we erred on the side of caution)
--
In short: companies can and do work together with law enforcement to stop service abuse and illegal activities. Whether it is an AI that flags it or a human is from a legal perspective utterly immaterial, and if LEO clears it
that definitely means that you are allowed to either view it or pass it on.
If AI flag and human is "immaterial" difference as you noted, wouldn't AI flagging it as abuse material make it impossible to view it by a (non-LEO) human afterwards, as now that would show actual intent to view that material (it is illegal to view it with intent to view it).
Surely your reviewers never deliberately looked at the material a second time after marking it as abuse material for law enforcement, as that would be legally risky I would think.
The issue here is even if local LEO clear it, the federal prosecutor's opinion can differ and he can use the fact you knew AI flagged it and that you released it anyway to damn you. There are cases out there where local/state government cleared someone of wrong-doing but they still got hemmed up federally.
The "blue check fix" minimizes negative publicity while doing nothing for 99% of people. If a bad policy is consistently applied, at least it can be understood and criticised.
He could probably still get his data as a data dump if he was European, just not his accounts reinstated. As Mark is apparently an American citizen though, the GDPR does not apply.
Google has a policy that they delete permanently the contents of any account that has been suspended for 30 days or more. They do this to comply with European GDPR regulations (which require they not hold any data they no longer have the users permission to store, nor have ongoing legitimate interest in), and they have written it into their own privacy policies.
Therefore, this account and all the data contained is already gone. The most they could do is allow him to create a new account with the same name, but to my knowledge that isn't supported technically in their systems (too many bugs to be found by re-using unique identifiers).
That's why they stand by their decision - they don't have the capability to implement any other option.
> They do this to comply with European GDPR regulations
In this case, they actually satisfy the two requirements:
1. "ongoing legitimate interest". They are still in a dispute with the customer. Deactivating an account does not require deleting data, so long as the case it not closed. There is no "30 day" limit in this case, and it seems like an arbitrary time period imposed by someone who hasn't thought of the consequences.
2. "users permission". In this case they do have the user permission to keep the content, because the user wants to keep access to the account.
> they don't have the capability to implement any other option.
As mentioned above, you can deactivate an account without also deleting it. It may of course be easier for Google to just delete it instead of introducing a new state, but I would argue that a company such as Google does have the capability to implement this option. I would go so far as to say this is a failure of Google to not have such a process in place.
Unfortunately, when they deactivate the account, they lose any ability to communicate with the customer. Anyone who emails claiming to be the customer may or may not be the same person.
That works both ways - as well as not being able to get the customers permission to keep the data, they also would not be able to get the customers request to delete the data if they were to keep it 'just in case'.
Until they have built some functionality to communicate with the customer behind a suspended account, they have to delete the data within 30 days.
Even building functionality to communicate with the person behind a suspended account is hard...
For example, if the login requires a password and SMS 2fa, but the SMS is to a Google Fi phone number, then you're going to have to also enable the Google Fi account for that user to be able to login. Or what if they need to use email password resets to another suspended account? (remember you will probably suspend all accounts of a user at once if you suspect something illegal).
Making a special 'chat' tool inside the login flow that only requires a single factor (the account password) which allows presenting evidence to a google rep seems like the obvious solution (or requesting the account suspension be delayed, or that the data be deleted).
Building and staffing that sounds like quite a lot of work though, which would be hard to justify for the tiny number of impacted accounts and zero revenue potential.
I was reminded of David Graeber's description of banking bureaucracies, as I read this.
At ground level, bank employees blame irrational form filling, small and nonsensical process requirements on "regulation." In reality, they are implementing a bank "compliance" policy that is relates to regulation. That way, neither the regulator nor the bank is culpable... either for solving the problem or for consequences of the solution. Meanwhile, the banks themselves probably lobbied for the regulation specifics, and almost certainly wrote large parts of it themselves. It's cozy.
At Google-scale, there is no dividing line between between private & government bureaucracies. They're merged in a way that evolves to deflect criticism & responsibility from both.
The scariest line, to me, was this:
"These companies have access to a tremendously invasive amount of data about people’s lives. And still they don’t have the context of what people’s lives actually are."
Well... "luckily" Google & such are getting better all the time at "context." The response to such issues is usually to deepen the bureaucracies, not to pull back.
> “We follow US law in defining what constitutes CSAM and use a combination of hash matching technology and artificial intelligence to identify it and remove it from our platforms,” said Christa Muldoon, a Google spokesperson.
> Muldoon added that Google staffers who review CSAM were trained by medical experts to look for rashes or other issues. They themselves, however, were not medical experts and medical experts were not consulted when reviewing each case, she said.
Which is a nice way of saying: "AI flagged the pictures, we can't really judge if they are medical pictures or not. Enjoy your permaban!"
Besides, permabanning someone because of a single flagged picture seems like a dumb policy anyway. Even if there was no rash or inflammation in the picture, the child could have had a pain in the groin, so wanting to visually examine it could make sense for a doctor.
To how many parents has this already happened? I get the feeling "Mark" who lives in SF probably knows folks in media or tech. How many nameless, powerless people in Middle America or the Global South had their digital lives nuked and suffered in silence?
My dad ran for mayor in a small town. The opposition kept flagging our (I was a sort of campaign manager) posts as being nazi propaganda (hint: it wasn’t). They did this until my dad’s account got banned.
There was no way I could recover his account after this. Ultimately he just created a new account, with reversed first and last name and the same profile picture which seems to have fooled the almighty AI.
I've had an ex get banned (still banned) from Facebook's suite of products for supposed extremist or terrorism materials. She suspect that a former Meta employee she dated and ended up bad terms may have something to do with it, but all the normal appeal channels end nowhere and I don't know any Facebook employees.
It was however, trivial for her to make a new account.
There was a link here a few months ago about a stranger getting access to someones wifi, doing some illegal stuff and then the police come and seize all of the wifi owners devices for several months resulting in them losing their job as a teacher, access to everything and having to go through a very difficult process to sort everything out.
Even if you eventually resolve things, its a life ruining event to even have to go through this process.
About 10 days ago, my 3 year old son developed Bell's palsy in a period of 24 hours. This means the right side of his face became paralyzed, for no good/known reason. Most cases of Bell's palsy, esp. with toddlers, go away within about a month.
I'm taking videos of his face every day to track progress, to see whether it's recovering. Also, I'm sharing some of the videos on a Messenger chat with other concerned family members. Obviously, since this is his face, I'm not in danger of violating any TOS on this. I have Google Photos auto-upload turned on.
But, knowing how stressed I was when this started, I was definitely not thinking about Google's (or Facebook's) TOS when I was making the videos, so if it had been some other condition where the affected area was the groin, like in the article, I'm pretty sure I would not have realized I'm risking my entire online presence.
Some good news to close: my son's face is showing good movement after ~10 days, so I think he'll recover within a month.
Uhm, I’m not a doctor, but kids don’t generally just get Bell’s Palsy for absolutely no reason. Since it’s summertime, I’m going to go out on a limb and guess you’re in the eastern US.
Get your kid tested for Borrelia burgdorferi. If you catch it early, there will be a lower likelihood of ill effects.
I spotted Lyme in myself around age 12 thanks to Wikipedia’s article on Bell’s and confirmed the infection the same week via blood test. Next to nobody clears it on their own.
Apple says they don't currently scan, due to the previous backlash. But the capability is there in iOS, waiting for the mothership to remotely enable the feature flag.
If you're so stressed about it, why don't you turn off auto-upload? Why don't you use something other than Google Photos?
If you have a genuine requirement for photo sharing -- to share your shild's photos with their doctor, say -- there are plenty of other ways to do that. It's not like you're some captive hostage to Google here.
eta: I do wish your child wellness and a speedy recovery!
eta2: To the downvoters: Go for it - I can afford the decrementing of a number in someone else's computer. But. This was not an attack on the parent. Answer the damn questions!
I wasn't stressed about the auto-upload. I was stressed because half my baby's face went paralyzed. The fact that the pics/videos get auto-uploaded and Google scans them didn't occur to me until I read the OP.
"Mark was cleared of any criminal wrongdoing, but Google has said it will stand by its decision."
Can someone explain what Google's logic is? At this point [after the news articles], clearly humans are involved at Google, clearly they know this is not child porn, so why not reinstate the account and move on?
It's quite likely that their lawyers have concluded that if they do reinstate the account, and some nutjob somewhere claims that they're covering up for actual child abuse, the reputation loss is going to be higher still.
Basically, CSAM is too radioactive for common sense.
Also, in the U.S. there seem to be an extremely large number of people who accuse their political opponents of being child abusers, so that might make sense for Google from a purely strategic perspective.
What's even sadder for us across the pond is that this US oversensitivity to any kind of nudity and desire to censor it for political and religious reasons, is spreading here though tech companies enacting their crazy US policies across the world.
"But a kid seeing a nipple isn't illegal here"
"Doesn't matter, it's illegal in 'Merica, so to simplify things, it's now illegal wherever Google operates "
I guess it's payback for the EU cookies banners. /s
This kind of stuff is one reason why it should be illegal for platforms to censor at will, it should be possible to sue them for censoring stuff they shouldn't be censoring just as it is for not censoring stuff they should be censoring. No matter how much they like to say they are fReEEeE pRiVAte eNTErpRiSes, they provide de-facto public spaces(public as in accessible to the broad public, not as in government-run) and should be treated as such. They shouldn't have the power to be legislative and judiciary of public communication.
Google has a policy that they delete permanently the contents of any account that has been suspended for 30 days or more. They do this to comply with European GDPR regulations (which require they not hold any data they no longer have the users permission to store, nor have ongoing legitimate interest in), and they have written it into their own privacy policies.
Therefore, this account and all the data contained is already gone. The most they could do is allow him to create a new account with the same name, but to my knowledge that isn't supported technically in their systems (too many bugs to be found by re-using unique identifiers).
Changing this would probably be a huuuuge undertaking, since every Google product would have to be modified to expect email addresses might be reused for a new account. And some products are in maintenance/bugfix only mode, so those products would probably have to be sunsetted if the changes were too invasive.
That's why they stand by their decision - they don't currently have the capability to implement any other option.
Plenty of facets on this one, and I fear they all require changing and enforcing legislation and to fix them.
* Google provides a good product free of charge to everybody, but claims it can withdraw the offer to anyone with no notice and without giving any reason. The law should require more rights, guarantees and due process even for free service providers. At minimum, the right to recover my data, the right to have some time to fix the problem, the right to have everyone following the same rules, knowing the rules and knowing the exact violation, and some basic warrantees. As a parallel: Malls are open for everyone just like Google, and it still doesn't allow them to ban people at random. The USA learned with black people how quickly this becomes ugly. But a mall still can remove customers too troubling, the cops can be called, and both mall and customer can sue if it is really worth it.
* People should pay (and be able to pay) for a product that is worth it. The services provided by Google are easily worth money.
* It's hard to ban anyone on the internet without a stable identity, government provided or not. People just take a new identity and come back. This is especially sensitive in the USA, but it causes all kinds of trouble. Maybe coupling the ID to a payment is an alternative, so you can get a new ID if you pay for it. €10 /id / year would probably be enough to shut out almost every troublemaker, and the law can deal with what's left.
* The child porn laws are insane and should be changed. It is not normal that you can send a picture to someone, and the law requires the receiver should go to jail even without him knowing anything happened. Under such laws, the google 'scorched earth' policy is the only option they have.
* EULAs need to cease existing. If I buy an Andriod phone, I give money to the manufacturer, the manufacturer gives money to Google. That means I should have a right to access google play etc without all kinds of EULAs making the device I bought non-functional on any whim from Google. Just paying should be enough. It used to be that license agreements existed only between companies, and were deemed too complicated for ordinary consumers. The 'End User' aspect has to die off. Normal copyright will still protect the software just as it does with books and DVDs, so there really is no need.
Child pornography together with drugs is probably the easiest way to frame someone for a crime. Especially in the computer world where people could be framed randomly and automatically by viruses without any motive.
In this person’s case, they were paying Google for their Android phone and Google FI phone service, so it wasn’t even a free product they got banned from.
Also, see Apple’s scanning stance. Google isn’t obligated to scan and report to law enforcement.
Not long ago, every other comment about a case like this would say "well, Google is a private corporation, they can do as they please".
Now, those comments have disappeared and most comments call for more regulation.
The same thing happened with advertising. In the 2010s many people here advocated in favor of advertising, and often said ad-blockers were bad, useless, or criminal. And then the dominant view became that the Internet is absolutely unusable without a proper adblocker.
Not sure if any positive change will come out of this (advertising certainly didn't go away) but it's fascinating to see.
I've grown up to believe that we deserve this, at a societal level. As long as we've let technology invade each and every inch of our private space this was bound to happen, sooner or later.
Props though to the SF police which has stopped the investigation when, I guess automatically, they had been made aware of the whole thing by Google. I suspect in a few years' time that won't be the case anymore, even the Police investigation in this sort of cases will have become "automated".
With Google representing all branches of a shadow trias politica is like a secret police in totalitarian countries. If thanks to this news on Google's move only one person decides _not_ to send pictures on their doctors request, then this action has sent out the same message as the secret police making your neighbours disappear after saying something unfriendly about the dictator.
I've been a happy Google photos user for a few years but the fact that they have changed their business model from "free forever" to "now you pay", and the fact that photos take half of my Google free tier, and this scary stuff about CSAM I think the time has come for self-hosting everything.
I will wait a bit for email (too complicated), but as for pictures, any software you would recommend? Ideally, the server should run on a Raspberry Pi and has face recognition and automatic tagging.
Unpopular opinion (I've been downvoted for this in the past): you don't have to put all your photos and videos on a computer server (either self hosted or from Google/Apple/Meta/Microsoft).
I leave new pictures on my iPhone without any iCloud backups, make a backup to my PC hard disk once a month, and make a backup to BD-R once a year (and then remove everything older than a year from my phone). I don't feel I'm missing out an anything by not putting everything on some server. Even in the past when I did use automatic cloud backups, I don't recall ever really needing to have access to some years old picture immediately.
I'm not a digi-luditte, I do occasionally send irrelevant pics to family and friends in Whatsapp (which I do assume can be eavesdropped at any moment, so I don't send truly private stuff). But I don't think having every personal photo and video I ever took accessible within a second improves my life in a significant way.
I totally agree with you but it's not the backup I'm looking for (for that I use syncthing and then manually review my photos), but the catalogue. I want some automation, like auto tagging and sorting by year and sharing. That's what I like about photos really
I have Google One account for in person Google support in case shit hits fan.
Shit hits fan, for some reason my youtube account with premium gets banned for scams, despite account only ever used for viewing. So I make another one with premium that got banned a couple months later, again account only used for viewing. The kicker, once they ban your account, you are denied from subscription page and cannot CANCEL premium sub. And you can only appeal decision every two weeks which so far has been automatically rejected after a couple hours. Meanwhile I contact Google One who helpfully forwarded issue to YT team, and their response "we're not equipped to deal with this issue".
Current in the process of taking out my entire account data so I can cancel credit card attached to Google services, hoping it would kill the premium charges without getting the rest of my data wiped. Or all my playstore purchases. Utterly absurd situation. Pretty sure it's fraud, but there's one useful to resolve situation, even in person.
At this point it seems that anything but client-side encrypted backups is a liability. Although I guess there is a sizeable group of knuckleheads who would like to ban the notion of client-side encrypted backups just as much as they want to ban end-to-end encrypted messaging — as soon as they learn such a thing exists.
Another reason why cloud services must come with end-to-end encryption ON by default. What business does GOOG or any other big tech have with reading their customers' emails or analyzing their photos/videos etc., except for creating profiles with which they can push ads/sell stuff?
Consumers must demand this (i.e., e2e encryption and no peeking) and shun products that don't offer it.
I hope the father sues GOOG and wins hundreds of millions in damages for mental anguish, defamation, breach of privacy, denial of service, discrimination (do you think GOOG has never reinstated an account previously?) and every other legal grounds they have violated.
It's not quite the same though. These images where uploaded to Google, they are required by law to not host child porn, so of course they are going to classify the images.
The Apple thing was them proposing to run the classification on your phone. On personal, not uploaded anyware, images. People felt that was crossing a line.
Apple was only going to scan images that were going to be uploaded to iCloud. It would be the same amount of coverage as what google does, and if you believe apples claims “more private” because it happens locally and would later let them roll out encrypted images on iCloud while still scanning for CSAM to satisfy the government.
Of course you would have to trust that the policy of only iCloud images would stay in place after they implemented a tool to scan everything on your phone, which seems like a terrible bet.
What am I remembering wrong? I never said anything about whether they scan images in iCloud. The proposal was to scan photos client side before upload and send a hash, and it was killed after backlash.
To stay on topic, I'm a parent and have autoupload to google photos.
How can I prevent the photo from bring uploaded? I could disable autoupload, but as soon as I resume it, the photo will be uploaded, unless I remove it from the phone.
Google Photos has a feature for exactly this on Android. It's called "Locked Folder". It is not synced, and accessing it requires your screen lock code or biometric authentication. You can choose to save photos directly into the locked folder as you take them, in which case they are never uploaded.
If you're concerned about your privacy I'd advise against just trying to disable uploading but still giving your photos to apps you don't trust, primarily because of possible future implementation of client-side scanning(they are making steps to mandate that for messengers in the EU atm, for example).
AFAIK android phones upload all sorts of data to google by default, my recommendation is to install a custom ROM (like lineageOS), that will rid you of a lot of these privacy violators without dealing with them individually. If you don't want to do that, avoid google services/apps entirely for anything that you don't trust them with. I'm not familiar with google photos(never used it for (now) obvious reasons), and I don't know what features you need, so I can't really give recommendations on that specifically.
Turn off Google's auto upload. The entire photos thing has long been a way to get images to train ML, and since they actively use these images you're not in a position of power here. i.e. you're doing Google a favour by using the auto-upload.
Either find a service that you're paying for, or if you want to trust a big corp maybe go with Apple. Not perfect, but best of the lot from what I can see. All of the logic is on-device, so they're less inclined to peek at your photos. There was a big hubbub a while ago when they tried to do unsafe photo detection on-device, but they backtracked.
Apple does same exact scanning of iCloud photos and ban iCloud accounts with the same glee as well, so I'm not sure why do you think recommending another megacorp will help the OP (outside of buying into Apples marketing schtick).
I disabled iCloud Photos sync some time ago, and even though there are some pain points, it's surprisingly easy to work without it. Just do a manual direct sync every so often. Run borg or bupstash to encrypt and backup the copied photos to any location.
don't use google photos at all. And probably don't have pictures that are even remotely questionable on your phone, even if it's for legitimate reasons.
That's fine, and it sucks that often there is not really a choice in which camera software to use either. It doesn't help that by choosing Android or IOS you almost inevitably get hooked into the clouds of Google and Apple.
I deliberately bought a Pixel 6 in order to install GrapheneOS (a degoogled Android) and leave out all links to Google except for the Play store for a handful of apps pushed by governments and banks. The built-in camera app works fine, and OpenCamera is a great alternative too now that it supports all cameras of the Pixel 6.
The day Google banned(from Gmail and all Google products without ability to port thier data) some pixel phone buyers for reselling their phones[1], I did these 3 things:
1. Setup a new personal domain and email on fastmail. I can take my email somewhere else if fastmail decides to ban me.
2. Setup account on Backblaze for my backups, Google drive can't be trusted.
3. Moved to alternatives for all Google services. Removed Google signin from all the other websites.
This is the way. People are responding to this like Google is water or something. It's just a company whose services we use mostly for free out of convenience. If you come to depend on them, it's on you.
Well a backup in your house is worse, in case of flood/fire/robbery it's lost. Some people have a remote location or family home with good internet where they can place a NAS or something, but many do not. I've done it before, you have to call family member and ask them to unplug/restart.
They are backups, you can make a new backup, unless your computer catchers fire at the same time as you get banned.
It’s quick and easy to move from Gmail to Fastmail. Did it earlier this year. Now YouTube is the only Google product I use, and it works pretty well without an account.
Honest question: can one (reasonably) use an Android phone without a Google account? If not, should one just accept losing access to half the phone market? What if Apple decides to pull a similar move?
In many places, you need a phone from one of those two providers in order to do mundane things like riding the subway without having to jump through extra hoops.
You can use several google-free AOSP builds. GrapheneOS is great. You lose the ability to use a few apps like uber/lyft, but you should also know how to navigate cities without those apps.
I'm impressed by GrapheneOS. Only when you need apps from the Play Store will you need a Google account. As long as anything you get there is free and easy to reinstate if you lose your Google account, that's not much of a risk.
For navigation without transportation, OsmAnd and OrganicMaps (both OpenStreetMap) often do quite well.
yes it is, and I agree their home page is shit. I downloaded it trough F-Droid and didn't really background check it, maybe you wanna take a look at their repo: https://gitlab.com/AuroraOSS/AuroraStore
One thing I noticed after closing my decades old Google accounts and opening a new one just for the Play store was that there suddenly was no way to view age restricted videos on YouTube without uploading an ID. Does Newpipe allow that? Also, the absurd amount of puerile crap being pushed on the front page of YouTube when you lack the filter of a longer used account is startling.
Stop giving Google control of one of if not the most important communications identity in your life. I know gmail is cheap and easy, but theres a reason for that: you're giving up so much.
This is like staying you should stop trusting the supermarket to not poison your food and to instead trust the smaller supermarket to not do it or to just grow your own food.
It’s not practical to not trust anyone and maintain a functional life. The real insight should be at regulating tech companies so they can’t do this anymore.
Email is a utility and should be regulated like one. The power company can’t just shut your house off because you tweeted something bad but for some reason tech companies can do effectively this.
>it’s not practical to not trust anyone and maintain a functional life.
I'd say it's very practical to not exchange medical information over an insecure channel. I don't email naked pictures of myself or even worse share pictures of a child's genitals in some google drive folder anyone can copy or share. my life is perfectly functional. Anyone who deals with email should treat any email they write like they're public, because there's always one dude who copies some entire chain into a reply or forwards something to a hundred random people that weren't supposed to get it.
When you mail something like this you don't even know if the doctor or the secretary opens them. If they're immediately backed up to some remote server now some tech worker has access to naked pictures of your kid. You can't request to delete that information, there's no ownership. That's a completely insane way to treat your most sensitive data.
For tele-medicine there's strict regulations on the safety of apps and how patient data are treated. Consult doctors through one of those. I'm not even sure if it's technically legal for a doctor to interact with patient data as described in the article.
The majority of people these days have their photos backed up to cloud services which happens without any user action other than taking the photo itself.
I don’t think there is any user error here. The user used the services and devices how they are meant to be used and google majorly messed up.
the complaint was sent to multiple agencies, including the SEC. This is clearly stated in the CNN article (which Schneier also links to) already. Even if the detail that it was also sent to SEC were new, it'd still be a dupe. Even if it was entirely new complaint, a 4 sentence blogpost saying that other media has reported something isn't the thing to submit to HN over the original source.
> This is like staying you should stop trusting the supermarket to not poison your food and to instead trust the smaller supermarket to not do it or to just grow your own food.
More like, have alternatives ready and know what to do to avoid downtime if your main supermarket randomly permabans you for accidentally losing a receipt between purchase and exit, or having unaccounted for bottle of coke in your backpack that you bought at another store, or just looking sus. Or yes maybe it's found to be poisoning food. Fairly reasonable to be prepared.
> Email is a utility and should be regulated like one.
I want less barriers to operating my own email if I want it, having to get a license and such is the opposite of the goal. Maybe that's not what you mean though.
Generally regulating anything is a tradeoff. It helps established monopolies and prevents competition.
> Generally regulating anything is a tradeoff. It helps established monopolies and prevents competition.
How is this relevant when discussing Gmail of all things? When was the last time they had an actual competitor with some market share (outside corporate email), Yahoo! Mail?
are you aware how legislation works? you regulate a category as a whole, not randomly pick a specific company and write laws just for it.
if you regulate alphabet in particular, that would send everyone a message that this is now the "officially approved" provider. no others are regulated, after all! it would only increase the barrier to competition.
competition is a good thing. currently, thanks to email+DNS being open protocols, there are no barriers to operating e-mail for your own domain or providing it as a service. as a result, plenty of profitable providers (fastmail, aws) between which users can seamlessly switch.
If, witnessing the kind of power Google wields unchecked, you haven't - at the very least - taken steps to regularly pull all of your data out of Google, because, oh, this kind of stuff just won't happen to me ... please reconsider.
Email account deletion and recovery should be regulated by law. Nowadays it's an essential service - just imagine that electricity provider, ISP or anyone else is doing the same without any period of notice, nor ability to dispute the problem with a company's representative.
> Email account deletion and recovery should be regulated by law.
I think the problem goes even deeper than that. No non-state actor, who holds no democratic mandate of any kind, should hold the kind of power over citizens that Google holds.
Regulation is a ship that has kind of sailed, in my mind. The kind of regulation that we now recognize we need would have had to be in place 20 years ago. ...mostly antitrust stuff, but also specialized things like privacy / data protection and "due process" for things like account suspensions etc.
If such regulation had been in place, it would have prevented the formation of an entity such as Google in the first place, and we would instead have a healthy system of smaller players competing on who does the best job at providing the kinds of functions to society that Google provides.
Now that we are in the unfortunate situation we are in, I think it might be necessary to consider nationalizing the whole thing and putting in place governance with a democratic mandate.
Disagree. Google, Facebook, and Apple only seem like entrenched behemoths because this community grew up with them, and it's hard to imagine a world without them. But make no mistake, they're just as fragile as every other Standard Oil that's ever existed.
Pay for an email service, and sue if you incur damages due to them terminating your service. Or run your own email server if you care to.
> But make no mistake, they're just as fragile as every other Standard Oil that's ever existed.
It's ironic that you chose Standard Oil as an example. It was an unbeatable monopoly that was broken up by govt regulation, not by competition. You're arguing against your own position.
> Pay for an email service, and sue if you incur damages due to them terminating your service.
You always sign away this right when using a commercial email service. Their terms of use allow them to terminate your account with impunity.
> Or run your own email server if you care to.
This is a very 1990s understanding of the email ecosystem. It's almost impossible to start a new email service today because the big players (primarily Google and Microsoft) won't trust you and will silently refuse to deliver your emails. Sometimes you will be blanket banned, sometimes you'll just have a few missing here or there.
Because the email market is dominated by so few players, they have complete control over the ecosystem. Even if you choose your email service, your recipients will have chosen one of the big players 99.999% of the time, meaning you're also playing by their rules.
> But make no mistake, they're just as fragile as every other Standard Oil that's ever existed.
You realize that Standard Oil was broken up by the courts through the Sherman Act, which is precisely the type of regulatory action you're arguing against, right?
Aight, I paid for an e-mail service and now I had to sign the same agreement as google except I had to pay on top of that. What exactly can I sue them for that I couldn't sue google for? If I run my own server what fraction of clients and customers will actually get my mail rather than it being auto-filtered out as spam?
You're not paying Google anything. You know what they owe you? Nothing.
You pay Company X to host your email, and you enter into a service agreement. They kick your account off. If they're in violation of the service agreement, now you actually have a case against them. They know this. Their legal council knows this.
Company X sent me the same service agreement as google, that basically said pay us and we promise absolutely nothing and we don't promise you'll actually get e-mail either. The only difference is I pay on top of that.
They operate as a corporation in the United States and are subject to its laws. They owe what the law says they do. And the laws can be changed.
Feel free to vote for people who think companies can do as they please just because you aren't directly paying for them (even though they make money off you), I'll vote for other people.
Was Standard Oil really that fragile? From Wikipedia:
> Its history as one of the world's first and largest multinational corporations ended in 1911, when the U.S. Supreme Court ruled that it was an illegal monopoly.
Seems like it was broken up by the government and not due to competition.
Poppycock, it’s just communism with extra steps. Google’s email server is not your email server just because you’ve come to depend on it. If you want your own server, build your own server.
How far does that argument go? "$ELECTRICITY_COMPANY's power is not your power just because you've come to depend on it. If you want your own electricity, build your own infrastructure".
Granted, most people here on HN would be able to deploy their own, but you can't ask that of the average citizen who just needs email.
I would hazard a guess that nobody on this forum has an alternate electric company they can go to. But there's dozens of search engines, and thousands of email providers that users can choose from, all competing for your business.
Again, you know that, I know that, will your average non-techie person know that? This also isn't only about email. Their entire data was on the account.
Don't put all your eggs in one basket, "everybody" knows that. It doesn't just apply to computers - non-techies are familiar with the concept too. It's common sense.
Err what? Non-technical people can have a hard time telling the difference between email and Gmail. They don't understand the difference of photos stored on their smartphone vs in the cloud.
Some states Americans can change the generation company, but last mile company can't be changed. (the power lines either underground or on a pole). This is managed by whatever company (or sometimes rarely the municipality) operates in that region.
I largely agree. There are many public utilities on the internet on which we each individually rely.
Careful what you wish for, though. Ever tried to sign up for a public utility without your real name, personal identification, a physical address, or billing information?
I'd totally do any government/police assisted dance, even if that cost a couple hundred bucks and needed an unpaid day off, to get a banhammer-immune Google account. And that's despite currently working there.
In Canton Zürich (Switzerland) the parlament argued, everybody has a smartphone today anyway, so for public transport, from now on it legal, the only way to buy a ticket is an App.
Do it without an Google account.
But a postcard is a good example. Even the badest murder / raper in a prison will get a postcard.
Maybe I wrote it a bit quick. It is still possible to buy tickets on machines. But they changed the law on the beginning 2022. Now in regional busses, they don't have to sell a ticket. They still do. But the law is now, they don't really have to do it.
Änderung bei ÖV-Tickets
Billettverkauf in Zürcher Regionalbussen wird abgeschafft
It also seems to be wrong, since the ZVV website explicitly mentions the app, the online ticket store and vending machines. [1] What seems to have happened though is that during the pandemic, the bus and tram personell that used to sell tickets as well stopped doing so to minimize contact. [2] This obviously is still a problem since not all stops have vending machines, so there’s the extra rule that you can buy your ticket at the next stop that has a vending machine. Inconvenient? Certainly. End of the anonymous travel? Certainly not.
"You can no longer buy a ticket on the bus" is different to "you have to use the app" You can't buy a ticket on a Subway, S-Bahn or regional train in Berlin - it's been like that for decades. You have to use a vending machine.
Thank you for clearing that up, I had a hard time envisioning the Swiss from disenfranchising the elderly in such a callous way. Usually their policies make good sense.
You can also set up a mailbox at any address and receive actual letters there, no registration required. Needs permission of the owner of the place, but that’s similar with email.
There are many states around the world where you can buy a prepaid SIM card without registration and participate in the public phone network. No permission at all required, cash payment works.
There is no direct connection between “public” utility and “requires registration.” But many public utilities consist in a delivery to a specific place (water, electricity) or want to charge you. So they need your address to perform their service.
This is crazy; I have pictures of my son taking his first bath or his first swim in a tub and I shudder to think that I have to delete those because some algorithm will brand me as a paedophile.
If my google account is blocked, I can’t even begin to imagine the extent of what would happen to my day to day.
Google, wether via algorithms or human reviewers looked at this kids groin from photos that the guy expected to be private. This is the weird questionable behavior that should be ilegal.
This is why I backup my phone manually, my Google account is not used for any email I really care about, and I don't use it to authenticate anywhere else, etc. Same with other big providers (and smaller ones though for softly different reasons: they may vanish or be eaten by the larger fish).
Having too much linked to one group, especially one famed for terrible user care when something goes wrong, is just asking for this sort of accident to happen, and for it to affect you as widely as possible.
So theoretically some bad actor can just send someone pictures of cp to a gmail (and maybe google workspace) address and get them banned and investigated? This cant be right ...
People simultaneously want very strict policing of online spaces AND are not willing to pay for them at all. What do they expect? It surprises me that anyone here is blaming google, how many thousands of dollars should they spend deciding whether to delete an account worth a few pennies a year? When NOT deleting it leads to big fines and their company being branded a pedophile enabler?
I have a suspicion that this is because their systems will still scan this guys' pictures and will still trip on this or another picture, and they can't or don't want to disable checks on his account... so that their conclusion is "fuck it, it's easier to keep him banned".
I would be shocked if it's not universal. They could be sued in the USA for storing CSAM in any other country, even if that country happens not to recognize this as CSAM.
I wonder if he can ban anyone from Google by emailing them those pictures. Would AI detect those pictures as well? He should look for Google employees and ban them all
I have previously worried about this slightly when sharing videos of my daughter singing in the bath with my mum and my sisters. Pretty sad state of affairs.
I'll take the contrarian side. Why should Google allow underage nudes on their servers? There's so much wrong with this. Life's could be destroyed if their password gets cracked, the nudes leaked/sold. As a company I wouldn't touch this dumpsterfire with a stick.
Well, taking a photo of just the groin, for non-medical reasons would be kind of weird. Taking a photo of the whole baby, e.g. in bath is perfectly normal, even if it also shows the groin.
My son (3 at the time) had phimosis, I took a few pictures of it when a friend doctor asked to see what it was.
I sent the pics to him for advice and then we consulted officially to get a prescription for a cream when je told me it was fixable (to dr: it wasn’t entirely but it helped).
I hope I didn’t overstep some kind of bullshit law where I can’t take pictures for medical advice.. this is ridiculous, and I’m happy that I’m not pushing my pics automatically to google, I might have been banned? I still have the pics somewhere on my phone, probably, amongst others where he’s naked when he was messing with foam in the bath or playing in the garden with water in summer. Isn’t this like 90% of parents?!
I feel that this whole CSAM is a new obsession of phone actors because they feel there’s norhing else they can innovate on.
I'm not saying taking photos of your child's groin is normal. But, whatever the reason may be, a father is allowed to do so (unless the law of the land explicitly prohibits such as thing).
When I watch American culture on TV channel, it is always fat African-American lady talking about their private parts and shaking ass. Where can I watch American Puritanism?
Steering away from your actual question, another would be: how is Google's photo algorithm supposed to know it's their son or not? I get that Google knows a lot about us and might be able to piece that together, but CSAM laws might not care.
Hmm, "The Circle" comes to mind. I wonder how many years we are away from this book becoming the reality.
Quit Google Now. Remember that you were always a bit stupid to choose Gmail and bite the bullet and get rid of it. If you are an Android user, I feel your pain.
The only thing I am a bit reluctant to throw away is my YT account. But if the content quality degradation keeps on going, it will eventually be quite easy to throw out.
TIL: upload child porn on a secret website, take someone's device, send said image and delete the chat, get his account banned with no possibility of reversal.
Thank God for AI, planting evidence and automatically ruining someone's livelyhood has never been so algorithmically efficient!
Unlike your banking website or other critical software, if you find an unlocked phone there are no barriers put in place to make sure it's really you who wants to send a text message. I don't think those barriers should be there, but if anyone can potentially send a text message on my behalf then you can't automatically ban people with no investigation or ability to appeal somewhere.
It’s stated clearly in the ToS Google will not stand for explicit images of a child. Google reserves the right to punish those who break the rules. It may not seem fair but it’s not worth the risk, it’s easier to just delete the user’s account and move on to the next user.
As a user, there is a dispute process but as a user I must obey the ToS if I don’t want my account to be deleted. If someone came into your place of business and began taking explicit photos of their child, for medical or any other reason, would you stand for it? Would you give them a second chance to explain themselves?
Google’s place of business is whatever you do on your phone and any content generated by it. You don’t own Android OS just by buying a phone the same way you don’t own a pizza shop just by buying a slice of pizza there.
Maybe they should shout a bit louder about the “this is not fit for any particular purpose “. Not buried as some legalese boilerplate in the EULA but on the signup page in big letters.
Yeah. And there should be many comparable alternative businesses that do sell communication devices that don't opaquely Zucc legal albeit questionable content. The people who play apologetics for this and think this sort of service is in any way comparable to pizza have every right to keep hanging out in their auto-modded environment eating their thin crust diavolo, swiping their oily fingers all over their device's controls, as long as there's a reasonable habitat for the rest of us.
Have you already forgotten about Covid 19? Most of my doctor appointments have been remote for the past 3 years, had to take pics of an injury. So, honestly, have you forgotten?
I work for a non-profit medical group, and we have pediatricians in our group.
Starting in March 2020, due to, well, you know, all of our doctors started doing consultations via video chat and picture-enabled text messaging. This service continues to this day, particularly for our most vulnerable patients (which included, until very recently, children under five who could not be vaccinated against the novel coronavirus).
Children come down with a lot of things that look strange to parents, especially new parents who have never had a child before. Especially parents who are staying home with their children to avoid a new (that's where the "novel" part of "novel coronavirus" comes from) disease that they don't want to give to themselves or their kids.
What you've advocated for is a world where parents can't communicate with doctors except by showing up in person. This is something we demonstrably do not want for a whole host of reasons. For a period of almost a year, unless you were basically bleeding from an artery or your arm was hanging by a thread, you could not see a doctor in person, at least not through our group.
It should be common sense that we are intelligent, thinking beings with the ability to discern right from wrong and that those are not binary choices. There are myriad reasons why someone might take a photo of a naked child that are free of malicious intent and, legally, are perfectly valid. Medical assistance is just one of them.
I never said that I advocate for making the production / transmission of certain types of photos illegal.
Personally, I advocate for freedom of speech, but I recognize that there exists laws currently that restrict it in America. I say that it is common sense because that is the one thing you aren't allowed to post on the internet. Everything else you can get away with.
I do agree. In this case I think it should be common enough knowledge that the doctor should have known that it wasn't reasonable to ask someone to use this email provider (or frankly any provider) for this purpose.
But Google needs to make a bigger deal of the fact that their services shouldn't be relied on for any particular purpose. (I feel the same way about banking apps too)
Another version of this same story, also marked as a dupe: https://news.ycombinator.com/item?id=32557294