Google

RTH10260 · #26

Looks like this has kicked in, AdBlockOne has been disabled

Chrome pushes forward with plans to limit ad blockers in the future

Posted: November 23, 2023
by Pieter Arntz

Google has announced it will shut down Manifest V2 in June 2024 and move on to Manifest V3, the latest version of its Chrome extension specification that has faced criticism for putting limits on ad blockers. Roughly said, Manifest V2 and V3 are the rules that browser extension developers have to follow if they want their extensions to get accepted into the Google Play Store.

Manifest V2 is the old model. The Chrome Web Store no longer accepts Manifest V2 extensions, but browsers can still use them. For now. Manifest V3 is supported generally in Chrome 88 or later and will be the standard after the transition planned to take place in June 2024.

A popular type of browser extensions are ad blockers. Almost all these ad blockers work with block lists, which are long lists of domains, subdomains, and IP addresses that they filter out of your web traffic. These lists are commonly referred to as rulesets. One part of the transition will “improve” content filtering. And to be fair, Google has made some compromises when it comes to the version as it’s now in the planning, compared to what it originally planned to do.

https://www.malwarebytes.com/blog/news/ ... the-future

#27

Don't think I'd spend much time on a computer without one.

#28

Not a big fan of Chrome, but I do use it on mobile.

I have been getting friendlier with Edge lately, but I am getting sick to bloody death of every time I do a search, decide I used lousy search terms, and go back to the top to refine them, it scrolls past the search entry point and puts up a 'Copilot' thing-a-mee. I hate it and I don't want it. Its worse than M$oft's old 'Clippie' thing-a-ma-jig.

When I ask Copilot 'how do I turn off Copilot' it responds "No, I won't do that. FOAD".

I might have to go back to Firefox full time, but I understand that Mozilla is using Chrome rendering engine too. At least so far I haven't had a problem with the Firefox equivalent to CoPilot whatever its called. If Firefox has to block Adblock too, then I might have to resort to something exotic like Brave or Opera - but I don't know anything about their rendering engine.

Edit: ETA: I figured out how to turn off CoPilot. Instructions here: https://www.tomsguide.com/computing/sof ... windows-11

(Theoretically. I haven't actually proved it yet)

RTH10260 · #29

Google Is Ordered To Identify Who Watched Certain YouTube Videos
A massively overreaching and broad order.

Didi Rankovic
March 26, 2024

US federal law enforcement and courts have gone a step further in the extreme efforts they are making to surveil people’s activities online, including on Google’s vast platforms.

The latest is that the tech giant gets orders to identify all people who happen to be watching certain videos or livestreams on YouTube.

After directly censoring creators and channels, giving geolocation data of its users to the authorities in response to the controversial geofencing warrants, this is a new example of how Google can be used and abused in dragnet-style “investigations.”

Unmasking everyone who watched a particular video is similar to geofencing in that it makes everyone a suspect – and this, a number of experts and rights groups believe, is unconstitutional, i.e., in violation of the 4th Amendment, that protects from unreasonable searches.

Forbes writes that it has had access to several orders that name certain YouTube videos, citing one unsealed case originating in Kentucky and having to do with people viewing content posted by a user who law enforcement suspects of money laundering for selling bitcoin for cash.

Undercover agents had contacted the user, sending links to drone mapping and AR tutorials, to next turn to Google, asking to be told who watched the videos.

The videos had more than 30,000 views, and a court ordered that any user who did, between January 1 and 8, 2003, must be thoroughly unmasked.

The order wanted names, addresses, phone numbers, and account activity of each Google user, and IP addresses of everyone who watched the videos without an account.

“It’s fair to expect that law enforcement won’t have access to that (sensitive personal) information without probable cause,” commented Electronic Privacy Information Center’s John Davisson. “This order turns that assumption on its head.”

When the police asked for the order to be issued, they stated, “There is reason to believe that these records would be relevant and material to an ongoing criminal investigation.”

Although Google complied with the demand to keep silent about all this until the records were unsealed last week, according to Forbes, they “do not show whether or not Google provided data in the case.”

A separate case in New Hampshire concerned a bomb threat in a public place, and people watching a livestream of the police searching the area. The livestream was possible thanks to a camera on nearby business premises.

Next, the police wanted to know exactly who watched it, including on a YouTube channel belonging to Boston and Maine Live, which has 130,000 subscribers.

Again, no word if Google delivered.

https://reclaimthenet.org/google-is-ord ... ube-videos

RTH10260 · #30

RTH10260 wrote: ↑Fri Mar 29, 2024 6:21 pm
Google Is Ordered To Identify Who Watched Certain YouTube Videos
A massively overreaching and broad order.

Didi Rankovic
March 26, 2024

https://reclaimthenet.org/google-is-ord ... ube-videos

this video has more details:

LAWYER: Cops Are Using YouTube Videos as Bait!

Andrew Flusche Attorney at Law
16 Apr 2024

Should you get arrested because of what the YouTube algorithm puts in front of you? Of course not! The cops have used YouTube videos as bait, and this is obviously a violation of our 4th amendment rights.

#31

Google Workers Protest Cloud Contract With Israel's Government
Google employees are staging sit-ins and protests at company offices in New York and California over “Project Nimbus,” a cloud contract with Israel's government, as the country's war with Hamas continues.

Dozens of Google employees began occupying company offices in New York City and Sunnyvale, California, on Tuesday in protest of the company’s $1.2 billion contract providing cloud computing services to the Israeli government.

The sit-in, organized by the activist group No Tech for Apartheid, is happening at Google Cloud CEO Thomas Kurian’s office in Sunnyvale and the 10th floor commons of Google’s New York office. The sit-in will be accompanied by outdoor protests at Google offices in New York, Sunnyvale, San Francisco, and Seattle beginning at 2 pm ET and 11 am PT.

Tuesday’s actions mark an escalation in a series of recent protests organized by tech workers who oppose their employer’s relationship with the Israeli government, especially in light of Israel’s ongoing assault on Gaza. Since Hamas killed about 1,100 Israelis on October 7, the IDF has killed more than 34,000 Palestinians.

Just over a dozen people gathered outside Google’s offices in New York and Sunnyvale on Tuesday. Among those in New York was Google cloud software engineer Eddie Hatfield, who was fired days after disrupting Google Israel’s managing director at March’s Mind The Tech, a company-sponsored conference focused on the Israeli tech industry, in early March. Several hours into the sit-ins on Tuesday, Google security began to accuse the workers of “trespassing” and disrupting work, prompting several people to leave while others vowed to remain until they were forced out.

The 2021 contract, known as Project Nimbus, involves Google and Amazon jointly providing cloud computing infrastructure and services across branches of the Israeli government. Last week, Time reported that Google’s work on Project Nimbus involves providing direct services to the Israel Defense Forces. No Tech for Apartheid is a coalition of tech workers and organizers with MPower Change and Jewish Voice for Peace, which are respectively Muslim- and Jewish-led peace-focused activist organizations. The coalition came together shortly after Project Nimbus was signed and its details became public in 2021.

No Tech for Apartheid also published an open letter cosigned by 18 other organizations that demands Google and Amazon immediately cancel their work on Project Nimbus. At the time of writing, it has gathered more than 93,000 signatures from the general public. In addition to Project Nimbus, the letter cited recent reports that the IDF has used Google Photos to identify and detain Palestinians en masse in the West Bank.

https://www.wired.com/story/google-no-t ... a-protest/

RTH10260 · #32

UniSuper = Australian pension fund

Google Cloud accidentally deletes UniSuper’s online account due to ‘unprecedented misconfiguration’
Super fund boss and Google Cloud global CEO issue joint statement apologising for ‘extremely frustrating and disappointing’ outage

Josh Taylor
Thu 9 May 2024 04.58 CEST

More than half a million UniSuper fund members went a week with no access to their superannuation accounts after a “one-of-a-kind” Google Cloud “misconfiguration” led to the financial services provider’s private cloud account being deleted, Google and UniSuper have revealed.

Services began being restored for UniSuper customers on Thursday, more than a week after the system went offline. Investment account balances would reflect last week’s figures and UniSuper said those would be updated as quickly as possible.

The UniSuper CEO, Peter Chun, wrote to the fund’s 620,000 members on Wednesday night, explaining the outage was not the result of a cyber-attack, and no personal data had been exposed as a result of the outage. Chun pinpointed Google’s cloud service as the issue.

In an extraordinary joint statement from Chun and the global CEO for Google Cloud, Thomas Kurian, the pair apologised to members for the outage, and said it had been “extremely frustrating and disappointing”.

They said the outage was caused by a misconfiguration that resulted in UniSuper’s cloud account being deleted, something that had never happened to Google Cloud before.

“Google Cloud CEO, Thomas Kurian has confirmed that the disruption arose from an unprecedented sequence of events whereby an inadvertent misconfiguration during provisioning of UniSuper’s Private Cloud services ultimately resulted in the deletion of UniSuper’s Private Cloud subscription,” the pair said.

“This is an isolated, ‘one-of-a-kind occurrence’ that has never before occurred with any of Google Cloud’s clients globally. This should not have happened. Google Cloud has identified the events that led to this disruption and taken measures to ensure this does not happen again.”

While UniSuper normally has duplication in place in two geographies, to ensure that if one service goes down or is lost then it can be easily restored, because the fund’s cloud subscription was deleted, it caused the deletion across both geographies.

https://www.theguardian.com/australia-n ... unt-access

#33

GCP outage affected us at work, we are on AWS but a vendor is on GCP and it played havoc with them this week. And us, to a lesser degree.

RTH10260 · #34

The Google Algorithm Leak: The TL;DR on what you need to know…

June 5, 2024
Mark E. Jeftovic

On May 31st, just after we went to press with the weekly AxisOfEasy, the news broke of a massive leak of internal Google API documentation that exposed the inner workings of how the search giant’s search ranking algorithms worked.

The leak took place through an errant commit of the files to a public repository, which was then cloned on Github. Google later confirmed the authenticity of the materials.

What this means is that after years of speculation, and an entire industry forming around pondering “the mind of Google” as it pertains to ranking in the search results – the world finally caught a glimpse into exactly how that coveted front page and top placement gets determined (or at least how it was done so in the past. The leaked materials may be out of date).

The Main Takeaways:
Over the weekend I listened to quite a few podcasts, read a lot of post-mortems, and talked to a few SEO experts, and the loose consensus is that things Google has been saying for years do not count as ranking factors, according to code snippets and comments in this dump, actually do count.

Here’s a few examples:

https://axisofeasy.com/aoe/the-google-a ... for-years/

RTH10260 · #35

Newly leaked database but content is essentially stale

Google’s Privacy Blunder: Sensitive Data and Kids’ Voices Scooped Up

Didi Rankovic
June 4, 2024

A recently leaked internal Google database offers yet more insight into the giant’s questionable security practices and policies around collecting and storing users’ personal data.

The database consists of thousands of reports filed by Google’s own employees covering a variety of incidents, writes 404 Media, which said it has had access to the documents.

Despite the claims that each of these individual events would have likely impacted a relatively small number of people, the sheer range of the incidents paints a grim big picture, affecting the trustworthiness of one of the most impactful, regarding online privacy and security, companies in the world.

The database that is now public covers the period between 2013 and 2018 and the instances described in reports are qualified as unintentional or a result of either human or technology error, both by Google, its employees and tech, and contractors, third parties, etc.

These include exposing more than a million email addresses (and likely at the same time, users’ IP addresses and geolocation) – with this particular incident being anything but short-lived – this went on for over a year. The emails were available via the source code of the site of Google acquisition Socratic.org.

In a case from 2016, an employee filed a report revealing that Google’s algorithm transcribing text from Street View images captures license plates as text, the result of which is that its database “now inadvertently contains a database of geolocated license plate numbers and license plate number fragments,” the employee wrote, insisting this was a glitch in the technology.

Although Google has a filter to prevent its speech service from recording children, this failed in at least one documented instance, when about 1,000 data files containing children’s voices were recorded over a period of an hour. The relevant report from the leaked database claimed that all the logged data had been deleted.

https://reclaimthenet.org/googles-priva ... scooped-up

RTH10260 · #36

Google Warns of Pixel Firmware Zero-Day Under Limited, Targeted Exploitation
The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware.

ByRyan Naraine
June 12, 2024

Google has rolled out a massive Pixel security update alongside a warning that one of the patched vulnerabilities has already been exploited in the wild.

The zero-day is tagged as CVE-2024-32896 and described as an elevation of privilege issue in Pixel Firmware. The bug carries a high-severity rating.

Google did not share details of the zero-day beyond a single line in the Pixel security bulletin: “There are indications that CVE-2024-32896 may be under limited, targeted exploitation.”

The Pixel security bulletin documents at least 44 Pixel-specific vulnerabilities ranging in severity from critical to high to moderate risk. Google marked seven of the 44 bugs in the critical category.

“We encourage all customers to accept these updates to their devices,” Google said in an advisory that also flags serious vulnerabilities across various mobile device and OS subcomponents.

Among the critical vulnerabilities, multiple elevation of privilege issues were found in components such as LDFW, Goodix, Mali, avcp, and confirmationui; and high-severity remote code execution (RCE) vulnerabilities in CPIF, WLAN, and other components.

The update also includes fixes for a handful of Qualcomm and Qualcomm closed-source components.

Separately, security researchers are calling attention to a severe defect in the Arm Mali GPU Kernel Driver that’s also being marked as actively exploited.

The Arm Mali zero-day is tracked as CVE-2024-4610 and allows improper GPU memory processing operations, according to an Arm advisory that acknowledges in-the-wild zero-day exploitation.

“This issue is fixed in Bifrost and Valhall GPU Kernel Driver r41p0. Arm is aware of reports of this vulnerability being exploited in the wild. Users are recommended to upgrade if they are impacted by this issue,” Arm said.

https://www.securityweek.com/google-war ... loitation/

#37

Heh.

SWMBO just got a new phone. A Pixel.

She also got a new laptop. We considered waiting for the immanent new Mickysoft Surface with Qualcomm Snapdragon cpu ( ARM design). There are doubts about how well Windoze runs on ARM (X86 is emulated), so I'm glad we dodged that bullet. I think she got a good deal on a very capable machine.