Tag: Google

Atari: We now have games for the VCS! (Not really…)

After being stung recently and repeatedly for their lack of progress on the AtariBox project, Atari released their Big Announcement about the games that will be available on the console.

TL;DR, the announcement is very underwhelming. Atari is packaging a bunch of old classic games for streaming to your AtariBox. They’re not even doing it themselves; they’re partnering with another company.  

That’s right, they still have ZERO new exclusive launch titles for this system. You know, the thing that tends to drive people to buy new systems? They still don’t have that.

Let’s be generous, the three word elevator pitch for this is: “Netflix for videogames”.  Only, no Netflix Originals, just re-runs of games you’ve played a million times already, and already have access to through a variety of other platforms. If you aren’t lucky enough to have lived through most of the history of video games and have a library devoted to that history, you might find this enticing.

In a way, this is cool.  For only about 25 years now, gamers have had to resort to piracy and emulation to play thousands of arcade game titles for free.  Now, they can pay $10/mo + $350 for the console for the privilege of doing it guilt-free, albeit restricted to just those titles that are available through Antstream.  And that’s something, isn’t it? 

No, I know that sound sarcastic, but it really is.  For only 25 years or so, the problem of preserving historic videogames has been ignored by the industry that created them, and was left to be solved by dedicated fans who recognized the importance of such an effort. But this was always an ethical quandary, and enthusiasts were forced into a dilemma:  literally preserve history before it was too late and games were lost forever, and violate copyright for a bunch of outdated products that companies refused to continue to produce or make available in any format?  Well now for just $10/mo our consciences can finally be clear.  And our reward for this will be that only the games deemed worthy of preservation for their long-tail commercial potential will be preserved.  Shut down the MAME project, everyone, and rejoice:  we’ve won.

OK, ok, that’s unavoidably sarcastic, but it’s true.  This service creates value by ripping the hard work of emulation preservationists, and by graverobbing what rightfully should have by now been the public domain, to provide games-as-a-service to  you, so that you can pay for them forever, without ever owning them. Because in the new economy, ownership is theft.  There’s literally no reason you would ever want to own anything anyway, this is a post-scarsity economy, after all.

Antstream itself kickstarted into existence in April of 2019, and, well, isn’t it telling that a physical “not-a-console” gaming system that kickstarted TWO YEARS earlier and STILL doesn’t have any exclusive launch titles lined up, kept silent about this deficiency for all that time, until fed-up backers had a mutiny about it on Reddit, and so had to run out and find something, anything, so they could claim that they will have games, and picks something that only became a thing this year?

It makes you wonder what the hell Atari have been up to for the past two years, apart from rendering the shell they’re putting their components into, and re-releasing the same empty hype announcement every 6 months or so. According to their Kickstarter page, Antstream have been developing their service for four years now, so the Kickstarter is more an effort to do viral marketing for the launch of the service rather than a no-product preorder like Atari’s VCS Indigogo was. Yet, if Atari had planned all along to make use of this service, and had to remain quiet about it all this time, one wonders why they couldn’t have said something around the time that Antsream launched their Kickstarter campaign. Why the need to remain silent for another 6 months?

Still unanswered: Is anyone actually developing any games that will run only on this system, so that there will be a reason to buy it? Any first party game development, at all? (Well, it’s a silent NO, that’s the answer.) Atari 2019 is a brand name only, not a developer of anything substantial. In trying to establish a platform, they’re leveraging the work of others and passing it off as their own. AMD for the hardware. Antstream for the content. Maybe there’s some internal work being done to create the GUI to do configuration management and launch apps, but that’s not exactly exciting, now, is it?

It’s worth mentioning that around the time Antstream announced itself — about a month before, actually — Google announced Stadia, and there’s literally no reason any of the games that you might have access to through Antstream couldn’t also be streamed to your screen through Stadia.  Other than, I guess, some exclusive rights deal that would preclude availability on other platforms.  But then, Stadia is still in pre-order, too. Sigh.

So for the time being we’re still safe from the future hell of games-as-service, that you can never own, and which will be preserved for all time only to the extent that a company decides to preserve them.  Which is to say, any old versions will be superceded by the latest patch, even if earlier releases are historically relevant.  And games that aren’t attracting sufficient interest will be dropped unceremoniously, and probably not many people will care, except the small audiences for games who really love those games even though they’re part of a small audience not big enough to be considered commercially viable.  But who cares about them, anyway?

Even if Antstream is great — no, especially if their service is great– it’ll be available on all platforms that its client can be ported to, there’s still no compelling answer to the question, why get an AtariBox?

Atari attempts to answer this by assuring us that:

When Atari VCS users log in or subscribe to the Antstream service using their Atari VCS, it will immediately unlock an exclusive and enhanced version of the Antstream app engineered specifically for the Atari VCS. The Atari VCS Edition of the app will house the largest collection of Atari games available anywhere and ready for immediate play. This enhanced collection will be exclusive to the Atari VCS at launch and will not be available on other Antstream platforms without an Atari VCS account.

Atari

Re-read that last sentence.  You can stream Antstream’s exclusive AtariVCS content to any Antstream-capable platform, provided you have an Atari VCS account.  My guess is that you’ll be able to get one of those without buying the AtariBox hardware, if not immediately then eventually. No word on whether that will cost a monthly subscription on top of whatever Antstream will cost.

But this leads me to wonder what’s up with Atari’s earlier announcement that the Atari Vault would be available to VCS owners?  I mean, I don’t really wonder, because who cares.  The AtariVault is on Steam and I can buy it and play it right now through my Steam account on my PC, and I don’t have to pre-order and then wait 3 years for some outdated low end PC in a pretty case to do it, either.

But lets say I did decide to wonder.  Well, is the Atari Vault still going to be part of the picture, or did they just shitcan it and replace it with a subscription-based streaming service?  

Oh, and there’s a picture of their motherboard.  Suck on that, haters!  I bet everyone who doubted that AMD Ryzen board could have an Atari Fuji logo custom silkscreened onto its PCB are all eating crow now!

Well, it’s something, anyway. Not enough. But at least it’s something.

Google Stadia: impressions

Google recently announced a new game platform, called Stadia, at the 2019 Game Developers Conference in San Francisco, CA.

It can run though any device that is capable of running Chrome, which means that they already have a huge install base ready to consume. This should make the service very lucrative, potentially, as there’s almost barrier to trying the service out. It streams over high speed internet, meaning that there’s no need for any hardware beyond what is necessary to run a web browser, nothing new to buy, well, except for the gamepad. Which, see below.

Streaming

I’m immediately disinterested in any game platform that I can’t own in the traditional, tangible sense of own. Streaming games do not appeal to me. I like physical media, I like the ability to go back and play old games that I own, whenever I wish. Streamed content is always in the control of the vendor, and is subject to updating, being discontinued, and so on. There’s no guarantee that streaming resources will continue to stream forever, and it’s virtually certain that at some point the stream will either “run dry” or stream something different than original.

The downside (I guess) of traditional owned-media is that over time you accumulate a vast library which becomes difficult to store and manage, and may deteriorate over time. If you don’t like it, you can always sell it, trade it in, give it away, or throw it in the trash, so I don’t really see why that would be a downside, but if you’re a collector like I am, you like the fact that you can keep old tech and go back and use it 10, 20, 30, even 40 or more years after it’s no longer being supported, as long as the devices that drive it continue to function or be repairable.

But that’s just me. There seems to be a lot of evidence to suggest that a convenient, well-managed service would be popular and profitable with consumers who don’t all care about history and preservation as much as I do. Look at Netflix. They are doing very well, and while people are occasionally bummed out when Netflix drops a movie from its offerings, that doesn’t seem to stop them from having a profitable business selling subscriptions to a service. If Google nails the execution, there’s no reason to believe they won’t likewise be as successful, if not more.

The controller

A very standard, generic looking dual analog stick gamepad. Initial impressions are that it doesn’t look especially comfortable in the hand compared to the competition. Google didn’t need to innovate here, gamepad design is pretty mature today, even if companies like Nintendo continue to dare to try new ideas (Switch, Wii U, Wii). Still, I’m not sure why Google would emphasize their controller given that it is so very unremarkable in its design. Given that the controller appears to offer nothing new, one wonders why Stadia wouldn’t simply leverage any/all existing “standard” dual-stick gamepads.

To answer that question, there are two additional buttons: a youtube integration button, and a help button. The help button enables gamers to request help with overcoming some part of the game, somehow, without having to leave the game. Which, I guess is appealing, but man, I’m gonna miss the brutal, unforgiving difficulty, and the completely arcane hidden secrets that you can only figure out if someone tells you what to do, so you had to go buy a book or magazine that made you want to kill yourself from the NES and Atari era. I guess the help button takes the place of the magazine, but it’s just not going to be the same. The youtube button makes it so easy to set up a gamer streaming channel that everyone in the world can do it, which means billions of youtube channels that no one will be able to wade through to find the good ones. Probably. This will likely also kill the professional youtuber/patreon beggar gig that so many of the popular streamers have been doing for the past few years. I guess that’s maybe a bit harsh, naive, and premature, but the bottom line it will become very competitive and difficult to differentiate yourself from other random streamers, so the ones that will stand out will have to be unbelievably good and work very hard to attract and keep an audience.

Do we need another gaming platform?

I’m intrigued by anything Google does, and they have the resources and innovative thinking to do things that few other companies can. That said, I’m not really seeing a need for yet another new game platform. Whether Google can differentiate itself from Microsoft, Sony, Nintendo, Steam, etc. remains to be seen. While it’s hard to bet against a company with the resources that Google has, they’ve had notable failed ventures in the past: Wave, Plus, etc. and have been known to discontinue even popular projects (Reader) leaving fans with little recourse. Will it work? Probably. Even if it doesn’t, it’ll probably be a few years before Google pulls the plug on it or pivots to something else. But it seems like they’re serious about competing in this already-crowded sphere.

It will be interesting to watch.

The Writing on the Wall

What really strikes me about this is, if Google can stream applications as powerful and resource hungry and demanding as videogames, instantly, anywhere, they can do that for any software. What does this say about IT departments in every other company on the planet? We’re pretty much obsolete at that point, aren’t we? It might be a good time to think about early retirement, and finding a second career. Maybe a livestreaming channel.

Driven to distraction

Top techy things I’m doing that aren’t game-dev (aside from my day job):

  1. Trying to root my Android device. Mission accomplished.
  2. In order to recover a draft from the local storage on my my WordPress for Android app that got eaten for some reason. Mission accomplished.
  3. Trying to get Chrome to allow me to download root-enabling exploits for my Android device so that I can get root. Mission accomplished.
  4. Temporarily disabling security features on Windows to allow the root-enabling exploits to unpack from their .zip archive and run. Mission accomplished.
  5. Seriously, Google, everyone knows you can root your device, and there are a multitude of legit reasons to do so, it’s open source, open source is supposed to mean freedom, so stop with the forcing people to hack their way into root already. It’s MY device, I paid for it, I’m it’s owner. I shouldn’t need to pwn it to own it. There should be a supported configuration “enable root” that should be all I need to do. It’s totally unacceptable from a freedom standpoint not to have this as a supported feature. By not providing it, you are making yourself an adversary to your customers.
  6. Figure out why when I try to log in to administer this site in Chrome browser on Windows, I get redirected back to the login form, but Firefox and IE don’t have a problem authenticating me. I mean, I have a pretty good idea why, but I just don’t understand why the setting I changed affects Chrome this way, but not IE or FF. Managed to get this one working, at least.

Seriously, I really need a staff of assistants who can do things for me so I can focus on game dev. Doing everything for myself is so inefficient. I wish it were feasible to have underlings. If not a servant class, then at least AI capable of understanding and doing what I want done without me having to spell out every last detail of how.

Site update: Now using Google Translate

I’ve added a new feature to the site today, Google Translate’s website translator. This will enable you to tranlate the site automatically into over 60 languages.

Hopefully this will help readers who are more comfortable reading in another language to make use of the information I provide here. I have no idea how well the translator works, but I hope it does a good enough job to convey the understanding.

Keep in mind if you write a comment, I only speak English. If you post a comment in another language, I will try to translate it using the service, and will reply in English, which you will need to translate in order to read.

The Great Google Privacy Policy Consolidation

A friend of mine asked recently:

Hey Chris –

I have a question and figured you might be a good person to ask – this is regarding the Google privacy policy.

I do not have a gmail or google + or youtube account. Do I need to do anything for privacy protection, then? I do use google as a search engine for documents and images. I also use youtube.com, but just as an anonymous user without an account. Should I try to erase my browsing history? I do that anyway with my isp, but since I don’t have an official google account, do I need to worry about any of this stuff?

Thanks, Chris!

Ironically, this was on Facebook, but it’s still good to at least be concerned about privacy, right? I figured the reply I gave them was blog-worthy, so I treated it as my first draft, re-worked it a bit, added some more thoughts, and embellished.

Here’s what I said:

Ultra-short answer:

We’re screwed no matter what we do, so don’t worry about it too much.

OK, maaaaybe “screwed no matter what” is overstating it a bit, but I don’t think so. We really have very little recourse or power over how information about us is used. I suppose I could rephrase it, “We’re at their mercy no matter what.” and be slightly more accurate, but I suspect it’s just semantics at that point.

Why do I say this?

What meaning is there in a privacy policy? A privacy policy is basically a token offering of transparency, intended to show that the web site is acting in good faith to try to make it known what they will do or not do with information that you give to them.

How do you know if they act according to policy? Generally, you don’t. It’s possible you might catch them slipping up if they do something really dumb. What then? They issue a [lame] apology, the news media forgets the whole thing in a day or two.

What recourse do you have if the violate their own policy? I dunno, maybe sue them?

They can change the policy at any time to whatever they want it to be, but they already have whatever information you’ve given them, and it’s fairly reasonable to assume that they always will have it. It’s not good enough to have an acceptable policy now, if they can change it to an unacceptable policy later.

Mind you, that information you provide to them is not just the explicit, deliberate information you give purposefully, such as your user profile information. It’s also information you unconsciously provide, that they can gather from your actions on the site, such as you have a tendency to click on links that look like they might take you to pictures of boobs, or whatever. We betray ourselves constantly by doing and being ourselves and being observable.

A privacy policy is only as good as the integrity of the issuer. Policies change over time, usually without as much notice or forewarning as Google has given. When they do change, I’m always reminded of the scene in Empire Strikes Back when Darth Vader tells Lando Calrissian that he’s changing the deal.

Darth Vader: Calrissian. Take the princess and the Wookiee to my ship.
Lando: You said they’d be left at the city under my supervision!
Darth Vader: I am altering the deal. Pray I don’t alter it any further.

A privacy policy isn’t a contract. It therefore isn’t binding.

Even if a policy were binding, that policy can become null and void if the company gets acquired by another company, particularly if they go bankrupt, or if the company is forced by legal proceedings to divulge information. When a company gets split up and its assets become the property of its creditors, those assets include information about you, the user. The creditor isn’t bound by the policy, and is beholden to its investors to maximize the value of the assets it recovered from the bankruptcy. Chances are, that means your information is going to get used in ways you probably wouldn’t like if you knew about it or could do something to prevent it. Your only real hope is that the creditor cares about public opinion about it. Which, it might realize it does, but only after the fact, when it is too late to prevent the harm that violating your trust has caused.

Privacy policies also do nothing to protect you against external abuse of the service, ie “hacking”. If the service experiences a data breach, your data is being used in ways you don’t want, but the policy does nothing to prevent this or protect you. You might be able to sue, if you have the time and a good lawyer, and, if they were hacked due to willful negligence, you might even prevail in finding them liable for damages, although most likely, their Terms of Service that you agreed almost certainly indemnified them. But even if you win, and are awarded damages, that still doesn’t redact the information that’s now out there.

All of this background is pretty far afield from the specific question about Google’s privacy policy consolidation. But I think it’s the most germane thing to say about the matter, because, ultimately, privacy policies are pretty useless, meaningless things.

I’m not suggesting that Google doesn’t follow their privacy policy, or that their policy is bad, I’m just saying that policies are like promises that corporations make at their convenience, and change as suits them. So, not really promises.

Now, keeping that in mind… let’s talk about Google.

Short answer:

  • If you do not have any google accounts, you are relatively safe, and the policy changes don’t really change anything for you.
  • If you do have accounts with google, and are not logged in, you are relatively safe, as long as you always remember to log out whenever you don’t want your usage of google to be tied to an identity that you use.
  • What you do when you’re not logged in, won’t be explicitly connected to your google identity.
  • However, that’s not to say that your activity can’t be traced to your identity with a little effort. Your activity will assuredly be logged, and, combined with other information, that your computer or browser reveal about you, such as your IP address, geo-location, cookie information, your browser “fingerprint”, usage patterns, analyzing your online friends and contacts, the way you misspell words, your writing style, could all potentially be used to identify you even if you’re not giving away your identity explicitly by being logged in.
  • Google (as with any web site) can still track what visitors do when they are not logged in, but these behaviors are not explicitly tied to an identity. It’s not difficult to infer an identity of an anonymous web visitor using various techniques, given enough collected information to establish behavior patterns.
  • In fact, most web sites (including this one) use a Google product called Analytics to help them accumulate stats about the use of the site. This sort of information is pretty harmless, it just gives visitor counts, search terms used that lead someone to your site, what time of day people visit, how long they stay, where in the world they are visiting from, and that sort of thing. I wouldn’t call myself an expert, but I don’t see much potential harm in this sort of information being collected. Still, there are concerns, since other web sites using Analytics effectively multiplies Google’s reach.
  • If you use the Google Chrome web browser, or an Android phone, they absolutely do track usage, anonymously or not, and even if they don’t care who you are, specifically, they’re getting a pretty good picture of it anyway. Google most likely will not do anything with it beyond help advertisers find you so they can sell you things that you’re more likely to want to buy. That’s not to say that they couldn’t decide to use the information in other ways, if they wanted to, though. Some people in the know have said that the entire point of Chrome and Android are to gather information about their users for google’s gain.

One of the main things that people are concerned about is that their google search queries, youtube viewing history and favorites, which they had long thought were private, would be linked to your identity, and that this link would be made public through Google’s new social features.

Google has always made search trend data (aggregated statistics about supposedly-private search terms) public. That’s how we knew during the 90’s that everyone was searching for Britney Spears, remember?

What’s new is their integration of search with their new “Google+” identity service. Social search is supposed to help you find stuff that’s more relevant to you by telling you what your friends +1’d. This is great until you discover that one of your friends has some disturbing interests, and that gets you to wondering what interests you have that others might find disturbing. Anything you publicly +1 is visible to the internet at large as something you “liked”. There is a natural inclination to interpret a +1 or Like as endorsement, regardless of whether you actually agreed with it, or laughed at it, or hated it, or just thought it was interesting. It’s disturbing to most people to think that others viewing might jump to conclusions about who you are, based on the things you +1.

If you don’t like this, there are other search engines you can use, such as duckduckgo, which promise not to track you at all. Again, this is nothing more than a promise, and you really don’t know whether they do or not.

Google isn’t the only one who does this, of course. Facebook has infected virtually the entire internet, allowing you to “log in with facebook”, or “Like” anything and everything. This information is shared with your friends, with Facebook and Facebook’s partners, with the site who’s content you Liked or logged in to view. People “liking” stuff and sharing links with each other is how word spreads around and content “goes viral”. This is great if it makes you famous or puts public pressure on someone doing something we don’t like. But when it’s you doing something perfectly within your rights, and the public doesn’t like it, you can feel oppressed or threatened. Worse things than that can happen, too. You can lose your job, get arrested, lose friends. Your whole life can be ruined.

And for all that, it may be that this new social aspect of web searching is more useful than it is harmful, that on the balance it is a net good, albeit with risks and drawbacks. One benefit of public social search is that it makes it easier for you to find content that is relevant to you, and to share that content with your friends. Content your friends like is very likely to be of interest to you, so weighting a search result that has been “+1’d by someone you know” makes a great deal of sense. And, as long as the friend +1’d it knowing that their +1 would be used as a recommendation this way, it’s all well and good.

Webmasters are always clamoring for better rankings in Google’s search engine so they can get more traffic as a result. As unscrupulous sites learn to game the system, through exploiting principles of SEO to attract traffic “undeservedly” by not providing what that traffic is really looking for, thereby wasting eveybody’s time in order to reap ad revenue, Google continually has worked to refine PageRank to keep its results relevant and keep spam down. Social bookmarking is merely the next iteration in that arms race. The countermeasure, of course, is also already here: advertising campaigns which bribe you into liking or +1-ing pages in order to get points, a discount, a chance at a prize. And so it goes.

Another potential problem is that your favorite service may end up being acquired by one of the behemoths. Yahoo! loves to do this and usually screws their users in various ways. Google does to, but is usually better about preserving the quality and value of user experience. All the big players play this acquisition game to some extent. So, if you think you’re safer using a smaller web site that promises they’ll never sell you out to third parties, remember the promise is only as good as their word, and only good as long as they exist as themselves, and tomorrow they could change their mind, get acquired, or get served a subpoena. It could happen to DuckDuckGo just as well as it could happen to anyone.

Why the consolidation? What’s the problem?

I think that consolidating privacy policies and making them more consistent across the services that google offers is generally a good idea and makes sense. Over the years Google has amassed a considerable number of online services, and tying them together rather than having dozens of separate policies and keeping information about how you use each service separate doesn’t make a great deal of sense.

I think it’s to Google’s credit that they’ve been forthcoming about the changes and actively promoted what they are doing, to keep things as transparent as possible. Google does listen to user feedback and tries to do the right thing, although of course not everyone agrees that they always do.

Nevertheless, it is understandably disturbing is the concentration of the information those services collect about you, and what can happen when information from an account you created to shield your identity via pseudonym catches up with you and is linked with your “true” identity.

If you have a persona on one service that is very different from your “normal” self, it can be embarrassing or damaging for people who know you in one world to suddenly find out that you also live in another world as well. There are legitimate needs people have to compartmentalize their lives in this way, and it shouldn’t be google’s place to judge or to decide for them.

I really don’t think that they do judge, but they do seem to be deciding a bit, by linking services this way. If you thought me@gmail.com and me@youtube.com were separate, that’s probably a misconception that you bear responsibility for; you could have created separate accounts, myemailforveryseriousbusiness@gmail.com, and ilikewatchingfunnyvids@youtube.com. It’d become a pain to log out of one and into another each time you wanted to visit a site, but at least you’d have your e-life compartmentalized.

The concern with this consolidation is that, now there’s potential for inadvertant slips of information, now that your email usage data is tied to your youtube usage data and potentially becomes visible to everyone with a Plus account whom you’ve ever added to a circle, or even the public at large. Now the company you’ve emailed about a job you wanted knows you enjoy watching videos of cats doing cute things, or that you’re an ardent environmentalist, or a gun nut, or think recreational drugs should be legalized, or that you oppose war. Oops. People are really more worried about being judged by others, not just by Google.

What do do?

Anonymity

Be anonymous as much as you can. That means don’t log in. When you do need to log in, use https and other encrypted protocols as much as possible (sftp, ssh, etc.) Https is a good idea even for general browsing when you’re not logged in. Use Tor. Encrypt your email.

Unfortunately, so much of the web now depends on you being logged in, or identifying yourself somehow. To access content, to share it with your friends, to comment, to purchase. Sooner or later, you’re going to need to log in.

Pseudonyms:

A simple solution to this is to use pseudonyms. Use myrealname@gmail.com for official business, and iloveporn@gmail.com for your nasty business. Don’t mix the two up, and don’t let your porn-loving pals know what your real name is. Have as many pseudonyms as you think you need, to keep distinct your various identities separate and segregated to whatever communities you choose to use that identity for.

Is it possible to somehow establish that there is a link between the user of your pseudonym account to your other account, or to your real identity? Sure. But that’s more something a private detective or law enforcement official might try to do, not something Google’s terribly interested in doing. Although, if Google wanted to, it’d be terribly trivial for them to do that.

Is it possible to screw up and accidentally send that email to Boss@work.com from the iloveporn account? You better believe it. Be careful.

A pseudonym is something you’d use for relative anonymity, but where you still need an identity that persists over long term, so that other users of a community can have some sense of “knowing” who you are.

Throw-away accounts

If you’re more worried about your activities being traced or tied to you in any way at all, it makes sense to create and dump accounts for specific, short-term purposes. Throw-away accounts can help a little by compartmentalizing information about you and keeping the amount of information gathered on any single account to a minimum. Each time you start over fresh with a new account, it’s as though you’ve thrown away your past information, so long as it cannot be tied to your real identity(-ies), or your other throw-away accounts.

If you ever use an account to do something you don’t want traced back to you, use a throw-away account, use it for one thing and one thing only, discontinue using the account as soon as possible, and delete the account if possible once you’re done with it — not that this will delete the data they’ve collected, but it will prevent you from re-using the account again and adding to the data trail, thereby limiting what they can acquire about you with that one account.

If you’re ultra-paranoid, use the account from a public wifi access point, using a clean-installed OS and browser with no special customizations. What are you doing, anyway, issuing death threats?

Yeah, I went there. The assumption generally will be that you’re up to no good if you’re going to that extreme. Not, for example, that you live in Syria or North Korea, and this is what you have to do if you want to live.

Privacy enemies love to brand people who take unusual measures to protect their privacy as deviants who have something to hide, likely pedophiles or terrorists. They don’t think about the French Resistance during World War II, or 1984. Unfortunately, this means that if you are one of the few people who does use a lot of privacy protecting countermeasures, you’re making yourself visible in a way that could arouse suspicion.

The only hope here is to get everyone to adopt privacy technology, which is a decidedly uphill battle. The average person knows little and cares less about how vulnerable their information is, and has a hard time understanding the threat picture or how to protect themselves. Unless privacy security is built in at the protocol and application level, and is thus on for everyone by default, the vast majority of users aren’t going to use it.

Should I delete my history?

Erasing your browsing history won’t really help all that much. If you erase it, you erase YOUR copy of it, and thereby deny access to it for people who have access to your PC, either direct physical access, or through malicious web sites that may be able to exploit a vulnerability to read cookies set by other web sites, view your history or access your saved passwords, or who knows what else.

I find local history useful to bring back something I saw recently and want to go back to for some reason, and it helps me feel like the computer is mine when it “knows” me.

Still, if you’re worried about someone snooping on your PC, erasing your history can be a sensible thing to do.

However, on the server side of the web, there will be a log of your access and what actions you performed through the browser while you are connected to that site, and that isn’t something you can delete. Even if the web site offers you the ability to delete your information, it’s entirely likely that all that does is hide the information from you, while keeping it for the use of the service, for data mining, reselling to third parties, and what have you. When it comes to “removing” data, there’s “remove permissions”, there’s “removing a softlink to an inode”, and there’s “rm -f”. Even if a web service did offer “rm -f”-level deletion of your data at your request, deleting is still legitimately hard — if you expect your data to be purged from all backup tapes and whatnot, forget about it. Ain’t happening.

What do they want from me?

It’s easy, and understandable, to feel paranoid about all of this. As the saying goes “Just because you’re paranoid, don’t mean they’re not after you.” But the inverse is also relevant: Just because they’re not after you, specifically, doesn’t mean you can relax about your paranoia. “They” are after everyone.

Most of it does not have anything to do with you as an individual. I mean, sure it’s possible that a person who has enemies could have this information gathered and used against them, but the world generally is not really that interested in any one person. If you’re a fugitive, or should be if people knew more about what you do with yourself, that’s another matter.

The biggest use of this information is to help target you with advertising that you’re more likely to respond to. Targeted advertising can actually help you — for example by informing you of a product you would like but don’t know about, or by steering discounts your way for things they know you like. I really, *really* hate advertising, but I do actually like it when I want to buy something, start searching for it, and a few days later start getting targeted ads for that thing, offering me discount incentives for it.

I suppose there’s the potential for mind control, brainwashing, and pavlovian conditioning. We are, after all, animals. We don’t like to be controlled or manipulated, and we know we are vulnerable to it. And advertisers want us to spend our money on their stuff. But, the deal is, if they know who you are better, then maybe they can sell you things you actually want and need, and maybe they really don’t care about your private business. As long as the ads aren’t annoying and in your face, I don’t mind them so much, but if they diminish my experience of using a service, I feel it’s my right to block them. They appear on my computer, which after all, I own and control.

But there’s legitimate worry, that this information can be used in ways that harm us, as when insurance companies learn more about who you are and decide you’re more costly to insure or are uninsurable, or if the government starts to suspect that you’re an enemy of the state, or a corporation determines you to be a threat of some kind, and won’t hire you.

Where, then?

Even if you are really worried about Google’s privacy change, and all this general internet privacy paranoia talk has got you thinking about ditching the internet, unplugging entirely from the net is only going to help you so much.

There’s so much information gathered about you and shared by those who gather it that they can pull up a pretty good picture of who you are.

If you have “membership” or “discount” cards with businesses, if you use credit cards, if you utilize financial products from lending institutions, if you tend to respond to surveys, if you file taxes, if you’ve lived in the same place for a while, if you haven’t changed your name recently, they have a lot of info on you already. No matter what you do, it’s possible for people to collect information about you if they can “see” you. Once a bit of information exists about you, sharing that information is trivial. It sticks around forever. And it can be combined with other little bits of information about you from all over the place. And an institution with time on its hands and a lot of resources can amass a staggering amount of information about you.

Scary stuff, but good luck fighting against it.

That’s why I say we’re all screwed no matter what, and not to worry about it too much.

Why do I say don’t worry about it too much? Well, if you want to keep your private stuff private — and there is still stuff that we legitimately ought to want to be able to keep private — at the moment it’s a bit of a losing battle. But, the upside of this is that as more and more stuff that we used to keep private becomes exposed, we’re going to find that we had less to fear.

When I said “good luck fighting against it,” a moment ago, I meant “good luck fighting alone to keep your private stuff private.” That doesn’t mean that we’re all completely powerless.

Once you’re outed, you’ll find that there are lots of people like you. And you have strength in numbers. Thinking about people and their secrets, I find it comforting to think about what the gay community has been able to do in the last 50 years to assert their legitimate right to exist and enjoy the same freedoms everyone else gets. They still struggle for acceptance, but just look at all the progress that has been made.

Live the life you want to live, not the life you’re afraid not to live because of what you think others will think of you, not even people in positions of power, who might abuse that power. The best defense against this sort of abuse, in my opinion, is openness. If lots of people stand up at once and assert their rights, they can win them, keep them, and have them. Bad things can, and, I’m sure, will happen to people, and I don’t mean to justify it or minimize it. But at this point, I think we’re better off standing up for ourselves, fighting back, and asserting our rights than we are trying to hide and exercise those rights unnoticed.

Bad Google Chrome 17: What happened to Don’t Be Evil?

I just read this Ars Technica article on the Google Chrome 17 release and was not happy to read the following:

The new Chrome introduces a “preemptive rendering” feature that will automatically begin loading and rendering a page in the background while the user is typing the address in the omnibox (the combined address and search text entry field in Chrome’s navigation toolbar). The preloading will occur in cases when the top match generated by the omnibox’s autocompletion functionality is a site that the user visits frequently.

I bet this is going to piss off a lot of web server admins. Unless the pre-render is coming from Google’s Cache, it’s going to put extra load on web servers. Web server stats will be inflated, giving a distorted picture for ad revenue. I’m sure google’s smart enough to have thought of these things and has it all figured out, but I’d like to know what their answers were.

Google has also added some new security functionality to Chrome. Every time that the user downloads a file, the browser will compare it against a whiltelist of known-good files and publishers. If the file isn’t in the whitelist, its URL will be transmitted to Google’s servers, which will perform an automatic analysis and attempt to guess if the file is malicious based on various factors like the trustworthiness of its source. If the file is deemed a potential risk, the user will receive a warning.

Google says that data collected by the browser for the malware detection feature is only used to flag malicious files and isn’t used for any other purpose. The company will retain the IP address of the user and other metadata for a period of two weeks, at which point all of the data except the URL of the file will be purged from Google’s databases.

I sure hope this can be disabled. For one, whitelisting download files is the first step to a censored net. Secondly, it gives google access to anything you’ve ever downloaded. Your privacy is no a matter between you and the server. Now you have Google acting as a nanny, reading over your shoulder, making sure that what you’re pulling down over your network connection isn’t going to hurt you (but also very likely in time that it isn’t “bad” in any other sense, either).

While they’re “protecting” you now, eventually they’ll get the idea that they should “protect” you from copyright violation, from information the government doesn’t want you to see for whatever reason, and so on. It puts Google in control over how most people access everything on the internet, and is vastly more power than any single entity should be entrusted with, no matter how competent, how corruption-resistant, or how well-intended they are.

I’m sure malware is still a very real problem, but personally I have not had a run-in with Malware on any computer I’ve used in many years. Justifying Google’s right to do this and using malware as a scapegoat is a bit like saying that due to the possibility of terrorism, you have no right to personal privacy or a presumption of innocense.

We need to speak up about this.