Google announced that starting in June 2024, ad blockers such as uBlock Origin #uBOwill be disabled in Chrome 127 and later with the rollout of Manifest V3 (#Mv3).
The new #Chrome manifest will prevent using custom filters and stops on demand updates of blocklist. Only #Google authorized updates to browser extension will be allowed in the future, which mean an automatic win for Google in their battle to stop YouTube #AdBlockers .
#ManifestV3 is deceitful and threatening to your privacy, and now is a good time to switch to #Firefox (@mozilla) and/or #TorBrowser (@torproject) if you haven't done so already!
EDIT for clarification: MV3 in Chrome will still allow some ad blocking extensions, but will severely limit their blocking ability and even restricts pre-set filters to 50 MAX.
You need to stop using Chrome NOW. It’s not hyperbole: Google just rolled out a change to Chrome that tracks the sites you visit, builds a profile, and shares that with any page you visit that asks.
Google has just updated its 2FA Authenticator app and added a much-needed feature: the ability to sync secrets across devices.
TL;DR: Don't turn it on.
The new update allows users to sign in with their Google Account and sync 2FA secrets across their iOS and Android devices.
We analyzed the network traffic when the app syncs the secrets, and it turns out the traffic is not end-to-end encrypted. As shown in the screenshots, this means that Google can see the secrets, likely even while they’re stored on their servers. There is no option to add a passphrase to protect the secrets, to make them accessible only by the user.
Why is this bad?
Every 2FA QR code contains a secret, or a seed, that’s used to generate the one-time codes. If someone else knows the secret, they can generate the same one-time codes and defeat 2FA protections. So, if there’s ever a data breach or if someone obtains access .... 🧵
Hi there, the Artemis private beta rollout has just started! @hariette will be emailing 50 signup sheet users, while @lilkev will be adding 50 users from Artemis Discord. The order will be based on the submissions to the private beta signup form, as well as general activity within the Artemis community....
#Google just announced that going forward, any account not logged into for two years gets deleted.
This means huge amounts of rare or unique #video is about to disappear from #YouTube as accounts get flagged as inactive, such as when the user dies. Families' #HomeMovies (often posted by an older relative for their family's benefit), historical footage, rare #television clips, etc. What an incalculable loss to human #history and culture!
If there are videos important to you on someone else's video channel, find a way to download them. And if you have rare #media of historical importance, consider leaving it to institutional #archives or lending it to archives for digital preservation.
#OrganicMaps is here. Use it while offline and feel good about a #privacy-respecting app that doesn't suck you dry of your personal information. Based on #OpenStreetMap this app is gonna blow #Google#Maps out of the water (hopefully ;)
We are currently witnessing the fallout from monopolization in the browser space. Back in 2007, Internet Explorer received much criticism for its phishing protection mechanism which transmitted all visited websites to Microsoft servers. Mozilla paired up with Google and designed a different system which performed most checks locally and preserved users’ privacy. That’s what healthy competition looks like.
Fast forward to 2023. Almost all web browsers in use are either Chrome or based on the Chromium browser engine. With the competition pretty much eliminated, Google is now pushing its “Enhanced Safe Browsing” down everyone’s throats – which is a nice sounding name for “every website you visit is sent to our servers.” The Internet Explorer approach from 2007 all over again, only that now it’s Google getting all this data. And they certainly won’t do anything evil with it. Yeah, sure.
Reminder: Firefox and Safari are the only remaining browsers worth noting which are not using Google’s browser engine.
On Monday morning we (Mozilla) detected a very large crash spike affecting #Firefox users on Linux, specifically on an older version of a Debian-based distribution.
It turned out to be an interesting bug involving the #Linux kernel and #Google JavaScript code so let me tell you about it.
A lot of people have responded to my Duolingo post with things like "Never work for free," and "I would never donate my time to a corporation.” Which I completely agree with.
But here's the thing about Duolingo and all of the other companies like it. You already work for them. You just don’t know it.
On Duo, I thought I was learning a language. Participating in the community by helping other learners and building resources seemed like part of the process.
Luis Von Ahn, the CEO of Duolingo, was one of the creators of CAPTCHA, which was originally supposed to stop bot spam by getting a human to do a task a machine couldn’t do. In 2009 Google bought CAPTCHA and used it to get humans to proofread the books they were digitising (without permission from the authors of those books btw). So in order to access much of the web, people had to work for Google. Most of them didn’t know they were working for Google - they thought they were visiting websites.
This is how they get you. They make it seem like they’re giving you something valuable (access to a website, tools to learn a language), while they’re actually taking something from you (your skills, your time, your knowledge, your labour). They make you think they’re helping you, but really you're helping them (and they’re serving you ads while you do it).
Maybe if people had known what CAPTCHA was really for they would’ve done it anyway. Maybe I still would’ve done all that work for Duo if I’d known it would one day disappear from the web and become training data for an LLM ...
... Or maybe I would’ve proofread books for Project Gutenberg, or donated my time to citizen science projects, or worked on an accessibility app, or a million other things which genuinely improve people’s lives and the quality of the web. I didn’t get an informed choice. I got lured into helping a tech company become profitable, while they made the internet a shittier place to be.
How many things are you doing on the web every day which are actually hidden work for tech companies? Probably dozens, or hundreds. We all are. That’s why this is so insidious. It’s everywhere. The tech industry is built on free labour. (And not just free – we often end up paying for the end results of our own work, delivered back to us in garbled, enshittified form).
And it’s a problem that’s only getting worse with AI. Is that thoughtful answer you gave someone on reddit or Mastodon something that will stay on the web for years, helping people in future with the same problem? Or is it just grist for the LLMs?
My real worry with Google's voyage into enshittification (thanks to Cory Doctorow @pluralistic the term) is YouTube.
Through YT, for the past 15 years, the world has basically entrusted Google to be the custodian of pretty much our entire global video archive.
There's countless hours of archived footage — news reports, political speeches, historical events, documentaries, indie films, academic lectures, conference presentations, rare recordings, concert footage, obscure music — where the best or only copy is now held by Google through YouTube.
So what happens if maintaining that archival footage becomes unprofitable?
When +972Mag revealed that Israel was using an #AI called Lavender and trained on faulty data to decide who is or isn't a militant, and another one called Where's Daddy to track them until they were home to kill the whole family, many folks here rightfully wanted to know who was providing the servers and computer infrastructure for that.
The Israeli Ministry of Defense, according to the document, has its own “landing zone” into Google Cloud—a secure entry point to Google-provided computing infrastructure, which would allow the ministry to store and process data, and access AI services.
Google’s vision for the future of search shows how generative AI is all about increasing corporate power.
Instead of sending you to different websites, Google has scraped the open web to generate plagiarized answers to keep you looking at ads on Google. We need to stop being distracted by AI hype and fantasies about intelligent machines, so we can push back on the real threats before it’s too late.
Many people seem still unaware of just how bad Chrome Sync is for your privacy. By default, Chrome will sync all your data – including e.g. your passwords, bookmarks, browsing history and open tabs. And by default, Chrome will not encrypt any of this data. All of it will be accessible by Google, by anyone who subpoenas Google to turn up your data and whoever else managed to get access to these servers.
If you want this data encrypted before it is first uploaded, you need to click “Settings” instead of confirming sync, then expand “Encryption options” and set up a sync passphrase. The default option “Encrypt synced passwords with your Google Account” is essentially a disguised “We can access all your data but we promise not to look. Don’t you trust us?”
The only positive aspect here: Chrome Sync used to be a lot worse. It used to enable automatically when you signed into Chrome. It used to encrypt only passwords and none of the other data even if you set up a passphrase. It used to warn you when setting a passphrase because Google’s web services would no longer be able to access your passwords. It used to upload data without encryption first, only allowing to enable encryption after the fact. And its encryption used to be horribly broken. I wrote about that five years ago: https://palant.info/2018/03/13/can-chrome-sync-or-firefox-sync-be-trusted-with-sensitive-data/#chrome-sync
But even now, Chrome Sync requires you to take action in order to get privacy. Because Google knows that you won’t. Compare that to Firefox Sync which has always been encrypting all data by default. I criticized the implementation here as well, but that was really a minor issue compared to the mess which is Chrome Sync.
Edit: Removed link to a post claiming that Google is censoring synced bookmarks. This claim appears to be incorrect, the message there referring to a different Google service.
Watch the others in the room. The assholes who jeer and manhandle the protestors. These are your peers in the tech industry. These are the “acceptable folks” in tech. Fuck these people.
Look at their faces. They know exactly what they’re complict in. Look at their smug smiles. Dickheads each one.
Let's be clear about this. Not removing most hate speech and disinformation/misinformation are key aspects of Musk's #Twitter/X and his publicly stated philosophies, which also include his direct friendly public interactions with racists and fascists on the platform. Twitter is the main large platform that has refused to agree to the EU code of conduct and has now been told by the EU that it will be in violation of EU laws regarding these content types, unless changes are made.
Understandably, many firms are reluctant to advertise on Twitter for fear of brand contamination through general or specific association with disreputable Twitter content.
By making it possible for #Google Ad users to buy ads on Twitter by linking the Google and Twitter ad systems, Google is now explicitly aligning itself with Musk's philosophies and sensibilities, by providing new sources of income via Google systems to increase ad buys on Twitter, and so help continue to fund Musk's hate speech and disinformation operations.
The damage to Google's reputation -- whatever is left of it at this point -- could be enormous, especially when Google Ad users find their ads associated with the more horrific of Twitter posts.
I signed this, along with more than 160 Jewish leaders calling on #apple#disney#google & #amazon to stop doing business on Twitter. I encourage others to leave that platform & stop giving Musk any legitimacy by your presence. #antisemitismhttps://www.xouthate.org/
“Would you like to use the browser by Company X, or the browser by the company that survives on half-a-billion dollars a year from Company X, or the browser by the company that gets paid an estimated $20 billion a year by Company X even though it can survive without it?”
We desperately need a web browser by an independent organisation funded by EU taxpayer money and maintained for the common good.
The AI boom requires massive data centers that consume enormous amounts of water and energy.
Tech CEOs have plans for hundreds more hyperscale facilities in the coming years, but activists around the world are fighting back to protect their communities and force us to ask who really benefits from the future Silicon Valley is building.
Artemis private beta rollouts have begun!
Hi there, the Artemis private beta rollout has just started! @hariette will be emailing 50 signup sheet users, while @lilkev will be adding 50 users from Artemis Discord. The order will be based on the submissions to the private beta signup form, as well as general activity within the Artemis community....
Google execs admit users are 'not quite happy' with search experience after Reddit blackouts (www.cnbc.com)
Google executives acknowledged this month they need to do a better job surfacing user-generated content after the recent Reddit blackouts.