Project Shield(projectshield.withgoogle.com) |
Project Shield(projectshield.withgoogle.com) |
Google may have great lawyers and a lot of money, but what if they tell them "hey, you know that tax-free money you're sending to the Bermuda [2]? Yeah, FTC will be knocking on your door tomorrow to ask you about that".
So I guess what I want to know is if Google will actually stand their ground and protect their users till the end by doing the right thing, or they'll "compromise" if the potential cost to their business is too great. Maybe in the past it was easy to believe Google would actually do the right thing, but it's becoming increasingly harder to believe that.
[1] http://www.theguardian.com/media/2010/dec/01/wikileaks-websi...
http://www.google.com/transparencyreport/userdatarequests
If you think any U.S.-based company is able to do better, I'd love to hear how.
- Chromebook mobile site: http://us.chromebook.withgoogle.com
- Developer Bus: http://developerbus.withgoogle.com
- Full Value of Mobile: http://www.fvm.withgoogle.com
- Google Analytics Academy: https://analyticsacademy.withgoogle.com
- Google Expert: http://expertbrasil.withgoogle.com
- Google Wallet Instant Request Form: http://getinstantbuy.withgoogle.com
- Mapping: https://mapping.withgoogle.com
- Online Marketing 101: https://onlinemkt101.withgoogle.com/preview
- Royal Baby Congrats Card: https://royalbabycard.withgoogle.com
- Tour Builder: https://tourbuilder.withgoogle.com
- Web Accessibility: https://webaccessibility.withgoogle.com
- YouTube Creator Academy: https://creatoracademy.withgoogle.com
- Your Tour (Tour de France): http://yourtour.withgoogle.com
Non-English:
- http://vpered.withgoogle.com
- http://docchinogame.withgoogle.com/pc/
- http://minchizu.withgoogle.com
Does anyone know what it takes to mitigate DDoS, at this kind of scale?
Microsoft really should have patented the `Embrace, Extend, Extinguish' business method back in the day ;-)
But the interesting tidbit coming out of this project's going to be the internal packet/traffic scrubbing system they've developed. Will it be commercialized or will it spawn a new startup. So many positive outcomes however it ends up.
http://techcrunch.com/2012/03/29/google-now-using-recaptcha-...
How peculiar. The tech is DDoS mitigation, but the PR focus is on "free expression online", Syrian gas attacks, and evil Iran.
Wonderfully executed. The internet crowd is cheering the "free speech", the government approves of the Middle East angle.
Meanwhile, PRISM keeps working and very few care about it.
As wonderful as Project Shield sounds, there is a fundamental risk of it being undemocratic.
Content that will certainly not be protected: - Content that violates the Digital Millennium Copyright Act
- Illegal pornography, snuff videos ...
- sedition,incitement
- confidential NSA stuff (you know, because it helps terrorist )
Cynicism is warranted when it comes to Google. The fact that they gave NSA direct access to their systems; the fact that their Street View cars collected personal information through wi-fi networks, etc. means that "Don't be evil" is just a facade.
The simplest way to mitigate a DDOS is to just have way more resources than your attacker. If you're getting hit with 10Gbps, and your site can handle 100Gbps, you're not going to go down. Google obviously has plenty of capacity.
On top of that there are filtering technologies that can block obviously fake traffic or well-known signatures like the LOIC.
The most sophisticated attacks occur at the application level. A Google service would not be able to help configure your install of Wordpress to resist this. But they could probably serve a static cache of your site. Interactive features like login or search would not work though.
Cloudflare does all of these things and more.
The way I read this, Google would not charge for this service. They would select "worthwhile" sites to protect out of the goodness of their heart.
The cynical take is that it is a PR project to help repair their "defenders of the Internet" brand. They built it up with SOPA, but it's been damaged by PRISM.
>A protection racket is an operation where criminals provide protection to persons and properties, settle disputes and enforce contracts in markets where the police and judicial system cannot be relied upon.
Of course, Google isn't threatening anyone with DDoS, (even assuming that they somehow make money of you).
Otherwise though, it's somewhat of an interesting analogy. This is a form of protection (of online property). And you can't really rely on the police to protect you from DDoS. I suppose it would be more reasonable to just compare it to a security firm though.
What? These websites are unlikely to be hosting their ads ("election sites" is one of the examples ffs). It's free while they're beta testing it with humanitarian/similar websites, it may be a driver for people to pay for the Page Speed service in the future when they roll it out to more people although they say they'd like to keep it free for non-profits.
All of which you'd know if you'd read the site rather than making ludicrous comparisons to the mafia.
That's why the analogy is not interesting; the use of "mafia" is silly because it implies there's some criminal element to Google's intensions. For example, here's the opening line of that Wikipedia page:
> A protection racket is a scheme whereby a criminal group provides protection to businesses through violence outside the sanction of the law.
The only word this has in common with what Google is doing is "protection". The analogy captures nothing useful that "hiring a security guard" doesn't. But it also captures a whole universe of other implications that are entirely unwarranted and laughably unfair. It's a terrible analogy.
"You're just like a mafia don in that you also drive a car."
I should disclaim that I don't think the offering is above suspicion and criticism, just that the comparison to a protection racket is absurd.
>I’m not sure I can say this more clearly: we’re not in cahoots with the NSA and there’s is no government program that Google participates in that allows the kind of access that the media originally reported. Note that I say "originally" because you'll see that many of those original sources corrected their articles after it became clear that the PRISM slides were not accurate. Now, what does happen is that we get specific requests from the government for user data. We review each of those requests and push back when the request is overly broad or doesn't follow the correct process. There is no free-for-all, no direct access, no indirect access, no back door, no drop box.
We’re not in the business of lying and we’re absolutely telling the truth about all of this. Our business depends on the trust of our users. And I’m an executive officer of a large publicly traded company, so lying to the public wouldn’t be the greatest career move.
http://www.theguardian.com/technology/blog/2013/jun/19/googl... http://googleblog.blogspot.com/2013/06/what.html
Probably because they're forced to do so by the authorities, like Lavebit was. So it becomes a question of who you are going to trust: Snowden (who has nothing to gain by lying) or Google (who is required by law to lie about it and risks losing a lot of money if their customers lose faith in them). I know who I trust in this case.
As i've pointed out in a few discussions, the law does not (and generally cannot constitutionally) require you to actively lie about something (IE compelled inaccurate speech). It can require you to not speak about something, compel you to speak truthful things (as a disclosure or otherwise), and require you to not tell someone something, but cannot require you to tell them something that is a lie.
AFAIK, Lavabit was forced to not disclose something to their customers, which fits in with what I said.
There are actually fairly important distinctions, legally, between different types of speech, and important legal distinctions between compelled speech and lack of disclosure. So you can't really paint all of these things with the same brush.
(note: The above is about the US, someone asked me privately, and I have no idea, about other countries)
I don't have the legal expertise to say whether one would be forced to lie about it, and the legislation doesn't explicitly use the word lie. However, according to someone who received one and received legal advice: "Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case -- including the mere fact that I received an NSL [...] When clients and friends ask me whether I am the one challenging the constitutionality of the NSL statute, I have no choice but to look them in the eye and lie." [3]
[1] http://www.law.cornell.edu/uscode/text/18/2709 [2] http://www.theguardian.com/world/2013/jun/06/nsa-phone-recor... [3] http://www.washingtonpost.com/wp-dyn/content/article/2007/03...
2. This person seems to have missed choice b: "Do not comment". They are not compelled to lie, by the very law you cite. They are only required not to disclose. No court has ever held this to mean "lie when asked", rather than "say nothing when asked". If the government went after someone for not saying anything, that would be ... a tough case.
3. I am happy to admit the distinction between compelled lying and non-disclosure is, for some people, no distinction at all, but the law does make such a distinction.
If the chap quoted in the Washington Post article was actively challenging the constitutionality of National Security Letters with the help of the ACLU, that makes me think he would probably have received reasonably reliable legal advice? Don't you think?
Here in fact, it says they verified he's the person through publicly available court documents, which must mean it's likely docketed in a normal federal court somewhere (the article pre-dates the FISC publishing their docket)
Second, there are two issues I do not expect he necessarily received reasonably reliable legal advice. The people who participate in these cases are often not specialists, and often not highly knowledgable about the area (especially at this stage of the game, when things get to SCOTUS or something they generally are willing to engage more competent people). They are just passionate.
Past that, he was not quoted, he wrote the piece. You assume the piece is, for example, not using hyperbole. It does not say the government, or anyone else, has actually made these threats. It does not say what legal viewpoint they take that makes them believe this (and again, given the only gag orders to be challenged have all been struck down, it seems a bit out there ...). There are no details or anything else to support or verify the legal reasoning or implications for what he says.
This is an opinion piece, meant to support his case. Reading it as an accurate view of the state of the law is, well, probably not a great idea (I certainly agree that reading it for the chilling effects part, fine. But to take everything he says as if his lawyer said that was the way it had to be, is a bit far)
It's the equivelant of the the Streetview car capturing 'public property', if you want 'privacy', put up a big fence and don't broadcast your SSID.
As for the NSA issue, I'm not going to defend google too much there, but you've seen what happens to providers who didn't comply... I would put that down to more a 'The US govt is pretty hostile to privacy' more than "Google is evil".
On the scale of 'evil shit' happening in the world. Google collecting my Wifi network name ranks about similarly to 'J-Walking'...
As opposed to the multiple vehement denials of that "fact" from Google's executive officers (see David Drummond's interview in The Guardian, for example)
The other problem is your worldview is not falsifiable. Everything Snowden says is true to you and everything Google says is false because Snowden said they would lie about it.
The people who left their wi-fi open didn't do it on purpose, and didn't want Google to access their information.
I'm not contending that using that information wouldn't be a crime, but accidentally collecting it certainly should be held to a different standard.
Can you think of one thing Google could do for you to think that they are not evil?
But they won't. Continued and uninterrupted profits are too important.
You have to understand how US law works. If you are not an injured party, you can't sue the government for it. In other words, Google cannot sue the government for the injury government is causing to you. What they can do, however, is claim an 'injury' on First Amendment grounds, reasoning that their free speech is limited when they cannot disclose that John Doe is being surveilled (and thus John Doe is being injured). They do that with the hope that with transparency John Doe will have the information necessary to sue the government.
[1] http://business.financialpost.com/2012/04/13/new-google-stoc...
Snowden/Guardian: NSA is doing X Govt/NSA: We are not doing X Snowden/Guardian: Here are some slide/proof Govt/NSA: Ok we are doing X, but it's for your own good.
Rinse and repeat each fortnight.
So each denial means less and less, and tips believability towards Snowden even where the proof is inconclusive in some cases.
The Guardian and every other major news outlet seemed to think his evidence was compelling.
Not sure what makes you think that journalists are a legitimate authority to make appeals to.
When referring to "content," (TV, movies, music) it is common for people on HN and Reddit to refer to digital information as something that should be freely exchanged, that ownership is a meaningless concept in a world where creating a copy of something is essentially free. It is common for those who seek to lock down or restrict access to digital information in the form of entertainment media to be referred to as "dinosaurs" who are desperately clinging to an outdated business model and refusing to move into the modern age of free and ubiquitous data sharing.
Then, of course, there is the idea that online privacy is a fundamental right, and that guarding our personal information from both nation-states and corporate interests is of the utmost importance. In this context, those who seek free access to digital information are cast as villains and reviled for using modern technology in a way that doesn't fit with our classical understanding of privacy rights.
I understand that there are multiple people on HN and Reddit and they don't think as one, but I think it's fair to say that both of these opinions fall on the same side of the political spectrum.
I wonder if there's a contradiction here? There's clearly a difference between downloading Game of Thrones episodes and reading everyone's e-mail. But is it a qualitative difference or a quantitative one?