If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#76
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
From this thread on the Apple ng, today...
https://nordvpn.com/wp-content/uploads/2019/09/cloud_security_meme.png o Who's cloud?, by Alan Browne https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/_8wjSpmImrE |
Ads |
#77
|
|||
|
|||
Do people of reasonable technical ability store their privatedata on the Internet (if so, for what gain?)
Arlen Holder wrote:
From this thread on the Apple ng, today... https://nordvpn.com/wp-content/uploads/2019/09/cloud_security_meme.png o Who's cloud?, by Alan Browne https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/_8wjSpmImrE Why not? All it takes is to FTP encrypted data to an un-published oddball-named folder. Oddball in that the name uses hex representation of otherwise un-useable characters (say, space and other non-printing characters). |
#78
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
"Robert Baer" wrote
| Arlen Holder wrote: | From this thread on the Apple ng, today... | https://nordvpn.com/wp-content/uploads/2019/09/cloud_security_meme.png | | o Who's cloud?, by Alan Browne | https://groups.google.com/forum/#!topic/misc.phone.mobile.iphone/_8wjSpmImrE | | Why not? | All it takes is to FTP encrypted data to an un-published | oddball-named folder. Oddball in that the name uses hex representation | of otherwise un-useable characters (say, space and other non-printing | characters). | That's a big topic. First, your use is not that of people with "reasonable technical ability", which would probably be most realistically described as someone who can set up a Google Drive account, not someone who knows how to encrypt files, or even thinks of it. People are not storing commercial databases. They're storing things they don't consider high security. There are also security issues, privacy issues, ownership issues... Peoples' opinions about those things are not necessarily connected with their technical expertise. Look at all the geeks with gmail accounts, who use Chrome. They don't care about privacy or even security. They see all those modern conveniences as just a giant nipple. They want to suck milk and don't care who Mom is, as long as the milk is easy to get and free. Probably the most insidious effect of "cloud" is one that most geeks don't even notice. It's a complex, calculated, longterm strategy to own your life. It really is different to let them hold your stuff. And it has legal ramifications. It's like an extreme version of AOL. AOL tricked people into thinking they were the Internet. Steve Case created a sleazy trick. I remember the first time I logged on, I was blocked by a message: "Want a new credit card?" There were two buttons: Yes. Ask Me Later. Huh? I soon learned that snake oil and pickpocketing were the standard on this new Internet thing. Cloud services today are far more widespread and intrusive. Just yesterday I had two related experiences: 1) A friend who's a teacher was trying to access papers sent to her by college students. Except they weren't sent. They're on Google Drive. Links were sent. The students have no idea what the difference is. They know how to type and they know to write papers. They're unaware that Google is actually middlemanning academia. I managed to figure out how to download the paper, but by then my friend had lost patience and wrote back, asking the student to email the actual paper. It remains to be seen whether they can manage that. 2) My brother was just released from rehab. He had a stroke. I called him. He said his email wouldn't work. Hmm. After some time I figured out the problem. He uses gmail. Google had locked him out of his own email account, allegedly due to lack of use. They had switched his settings to block non-Google software/devices from getting his email! Worse, there was no way to get in without having a cellphone where they could send a security code. That, of course, has nothing to do with security. A hacker could send them any old cellphone number. Google was just holding his email hostage until they also got to know his cellphone #! I gave them the number of a Tracphone that I rarely turn on, got the code, got him back into his email. There I was giving my phone number to a company I've come to view as the root of all evil, and there was no way around it. If I didn't, my brother wouldn't be able to see 2 months worth of email. That's the problem with cloud. |
#79
|
|||
|
|||
Do people of reasonable technical ability store their privatedata on the Internet (if so, for what gain?)
On 28/04/2020 15.02, Mayayana wrote:
Cloud services today are far more widespread and intrusive. Just yesterday I had two related experiences: 1) A friend who's a teacher was trying to access papers sent to her by college students. Except they weren't sent. They're on Google Drive. Links were sent. The students have no idea what the difference is. They know how to type and they know to write papers. They're unaware that Google is actually middlemanning academia. I managed to figure out how to download the paper, but by then my friend had lost patience and wrote back, asking the student to email the actual paper. It remains to be seen whether they can manage that. There is another possibility they can do: send the homework as google docs ;-) :-p Oh, I have used it. It is fantastic if you don't mind much about privacy. Two people on different continents can work on the same document, seeing instantly what the other one writes/changes and making comments; and further, one using Windows 7 and the other using Linux. The alternative was working in turns on the document and emailing them, one using an old Word version, the other using LO. 2) My brother was just released from rehab. He had a stroke. I called him. He said his email wouldn't work. Hmm. After some time I figured out the problem. He uses gmail. Google had locked him out of his own email account, allegedly due to lack of use. They had switched his settings to block non-Google software/devices from getting his email! Worse, there was no way to get in without having a cellphone where they could send a security code. That, of course, has nothing to do with security. A hacker could send them any old cellphone number. Google was just holding his email hostage until they also got to know his cellphone #! I gave them the number of a Tracphone that I rarely turn on, got the code, got him back into his email. There I was giving my phone number to a company I've come to view as the root of all evil, and there was no way around it. If I didn't, my brother wouldn't be able to see 2 months worth of email. That's the problem with cloud. Rather the problem with public cloud systems. -- Cheers, Carlos. |
#80
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
"Carlos E.R." wrote
| Oh, I have used it. It is fantastic if you don't mind much about | privacy. I think that's an underappreciated aspect of successful but deeply sleazy companies like Google, Apple and Facebook. They put a lot of effort into usability. And in general, that's all people care about. If it's easy and has cute icons, people will use it. |Two people on different continents can work on the same | document, seeing instantly what the other one writes/changes and making | comments; and further, one using Windows 7 and the other using Linux. | I've never understood that logic. I've never written anything with anyone else. I can't imagine why anyone would. In this case, my friend makes notes to highlight problems in the paper and then sends it back for revision. Even that wouldn't benefit from real-time sharing. | That's the problem with cloud. | | Rather the problem with public cloud systems. | Yes, I suppose you're right. Commercial cloud services. But even that isn't quite right. There are ways to use services commercially that are OK. For instance, hosting website files on the webhosting server. Getting email through a reputable company. But cloud has been marketed as not being those things but rather specifically being commercial online services, often free, from big tech companies who have turned to datamining/ads as a new business model. In general, when we talk about cloud, that's what we're talking about. The very idea of cloud in the public imagination is those services. There's always the marketing vs the actuality. In a similar way, people used to use software. Now, suddenly, everyone's solving the world's problems with "AI". No difference. But most people would say software is a procedural tool and AI is....well... it's a super-smart miracle that can do anything and may have no need for humans soon. |
#81
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
Mayayana wrote:
[...] 2) My brother was just released from rehab. He had a stroke. I called him. He said his email wouldn't work. Hmm. After some time I figured out the problem. He uses gmail. Google had locked him out of his own email account, allegedly due to lack of use. They had switched his settings to block non-Google software/devices from getting his email! Worse, there was no way to get in without having a cellphone where they could send a security code. That, of course, has nothing to do with security. A hacker could send them any old cellphone number. Google was just holding his email hostage until they also got to know his cellphone #! I gave them the number of a Tracphone that I rarely turn on, got the code, got him back into his email. There I was giving my phone number to a company I've come to view as the root of all evil, and there was no way around it. If I didn't, my brother wouldn't be able to see 2 months worth of email. I can understand your (and your brother's) frustration, but AFAIK, that scenario can't be true, unless your brother forgot his Google Account password or/and enabled 2-Step Verification for that account. If he had his password, he could just log into his Google Account (*not* Gmail) and fix his access/security problems. Many people who use Gmail 'forget'/are not aware that they also have a *Google* account and that Gmail is just one of the many possible services *under* (read: associated with) that account. That does not mean that Google does not have stupid policies - because they have - but with one's password one can recover from these situations and a phone number is *not* needed, unless one has enabled 2-Step Verification. Been there, done that, got the T-shirt! :-) BTW, if there ever is another time where a phone number is 'needed', you/he might try to use a 'landline' number. Many services are able to give the 'security-code' in a voice message instead of by SMS. (IIRC, WhatApp is one such service, i.e. when the SMS fails, they just play a voice message.) That's the problem with cloud. Personally I do not consider e-mail to be 'cloud', but *Gmail* can probably be classified as 'cloud', because they normally keep all your e-mail, not just your recent e-mail. Do you consider your normal MSP (Mail SP) to be 'cloud'? |
#82
|
|||
|
|||
Do people of reasonable technical ability store their privatedata on the Internet (if so, for what gain?)
On 28/04/2020 15.40, Mayayana wrote:
"Carlos E.R." wrote | Oh, I have used it. It is fantastic if you don't mind much about | privacy. I think that's an underappreciated aspect of successful but deeply sleazy companies like Google, Apple and Facebook. They put a lot of effort into usability. And in general, that's all people care about. If it's easy and has cute icons, people will use it. I don't care about icons :-P But I do care about *easy*, because the other participant considers even copying a file difficult. Change something from one menu position to another, and he is stuck. |Two people on different continents can work on the same | document, seeing instantly what the other one writes/changes and making | comments; and further, one using Windows 7 and the other using Linux. | I've never understood that logic. I've never written anything with anyone else. I can't imagine why anyone would. In this case, my friend makes notes to highlight problems in the paper and then sends it back for revision. Even that wouldn't benefit from real-time sharing. Well, I thought the same as you, till I tried. And non intentionally, as each of us were making the plan at the same time, we noticed we saw changes from the other side instantly. Like "we will route via this city on the morning" to "not in the morning, remember we have to do that". It turned to a chat. | That's the problem with cloud. | | Rather the problem with public cloud systems. | Yes, I suppose you're right. Commercial cloud services. But even that isn't quite right. There are ways to use services commercially that are OK. For instance, hosting website files on the webhosting server. Getting email through a reputable company. I should have said "free public cloud systems". Another one with a contract and in a country with firm privacy laws is quite another thing. But cloud has been marketed as not being those things but rather specifically being commercial online services, often free, from big tech companies who have turned to datamining/ads as a new business model. In general, when we talk about cloud, that's what we're talking about. The very idea of cloud in the public imagination is those services. There's always the marketing vs the actuality. In a similar way, people used to use software. Now, suddenly, everyone's solving the world's problems with "AI". No difference. But most people would say software is a procedural tool and AI is....well... it's a super-smart miracle that can do anything and may have no need for humans soon. I doubt Google does datamining on the contents of google docs. But they might. -- Cheers, Carlos. |
#83
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
"Frank Slootweg" wrote
| I can understand your (and your brother's) frustration, but AFAIK, | that scenario can't be true, unless your brother forgot his Google | Account password or/and enabled 2-Step Verification for that account. | | If he had his password, he could just log into his Google Account | (*not* Gmail) and fix his access/security problems. | No. He had his password. TBird said login failed. So I went to the website. I entered his username and password. It told me that due to a period of non-use they had disabled "insecure apps". There was no option to answer a secret question. They provided two options: Provide a phone # for a code to be messaged to or provide a second email address. In the latter case they would "consider the request and let me know"! You may have not seen it if you're logging in with something like an Android phone or Chromebook. He was using Mozilla software on Windows. And of course, none of this has anything to do with alleged security concerns. They could see that he was accessing his email from the same place he always had. It showd in his account settings. And providing a phone # doesn't confirm his ID. But they insisted it might have been hacked and so they needed a phone # before I could access the account settings to turn off the anti-non-Google setting that was blocking TBird. If you use gmail and were not aware of that you might want to get a backup email address. While I was in the settings I also disabled other things like linking youtube viewing history to gmail. (?) Those can't even be disabled. The options are Cancel and Pause. What does pause mean? I assume it means that Google is going to flip the setting back without asking. Their behavior is outrageous. Yet people put up with it. | Personally I do not consider e-mail to be 'cloud', but *Gmail* can | probably be classified as 'cloud', because they normally keep all your | e-mail, not just your recent e-mail. | | Do you consider your normal MSP (Mail SP) to be 'cloud'? As I wrote in my response to Carlos, cloud is really a marketing scheme for an online services model that takes control from you and rents you your own data, devices and software. It's a scheme to train people to believe that they don't have any reasonable expectation to control their data or even to buy software. In that respect, I regard gmail as cloud. I regard Google docs as cloud. I don't regard my own email as cloud. Some of it is from the webhost and some is from my ISP. Both are paid for. Neither tries to pull the kind of sleaze that Google does. Neither is claiming the right to read my email, keep copies, or secretly "log me in" so that I can be tracked online via browser or offline via phone. There was an interesting 60 Minutes episode Sunday. 60 minutes is an American news magazine TV show. It was all about a company called Bluedot that's been making deals with spyware companies to create vast, informative data troves. They provided tracking of people in California to see whether people are obeying lockdown orders. The state of CA is paying for the data. They claim it's "anonymized", of course. What I found interesting was that Bluedot, in their claiming to respect privacy, claim they're only getting location data from advertiser spyware on phones. They almost certainly get it from Google and Apple, too, as well as the phone service companies like Verizon, AT&T, Sprint, but none of the parties wants people to think that. I was struck by how odd that was. They're trying to reassure the public about privacy by claiming that your phone company is not selling your location data, and your phone OS maker is not selling your data. Don't worry, only the numerous spyware apps on your phone, tracking your location and personal data, which you probably don't even know are installed, are selling your personal data! But maybe they say that because the spyware apps can at least claim that you agreed to that by "installing" their app. And much of it is the same thing, anyway. If you have a Samsung phone with Verizon service, Google and Verizon can track you. If you use Waze then Google can track you. If Waze shows ads those may be Google/Doubleclick. These things can't be realistically separated. And it wouldn't make sense to think that any of those companies is going to pass up the chance to make a side income from selling personal data. |
#84
|
|||
|
|||
Do people of reasonable technical ability store their privatedata on the Internet (if so, for what gain?)
On 4/28/2020 7:04 AM, Frank Slootweg wrote:
Mayayana wrote: [...] 2) My brother was just released from rehab. He had a stroke. I called him. He said his email wouldn't work. Hmm. After some time I figured out the problem. He uses gmail. Google had locked him out of his own email account, allegedly due to lack of use. They had switched his settings to block non-Google software/devices from getting his email! Worse, there was no way to get in without having a cellphone where they could send a security code. That, of course, has nothing to do with security. A hacker could send them any old cellphone number. Google was just holding his email hostage until they also got to know his cellphone #! I gave them the number of a Tracphone that I rarely turn on, got the code, got him back into his email. There I was giving my phone number to a company I've come to view as the root of all evil, and there was no way around it. If I didn't, my brother wouldn't be able to see 2 months worth of email. I can understand your (and your brother's) frustration, but AFAIK, that scenario can't be true, unless your brother forgot his Google Account password or/and enabled 2-Step Verification for that account. Google also offers 10 backup codes for those of us who do use 2FA. In my case I've needed and used them when my phone or texting was down. Also when I open my account on a strange device and didn't want my regular password remembered since the backup codes can only be used once. I always carry a few in my wallet for emergencies. (They are easily disguised in case I lose my wallet)... |
#85
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
Mayayana wrote:
"Frank Slootweg" wrote | I can understand your (and your brother's) frustration, but AFAIK, | that scenario can't be true, unless your brother forgot his Google | Account password or/and enabled 2-Step Verification for that account. | | If he had his password, he could just log into his Google Account | (*not* Gmail) and fix his access/security problems. | No. He had his password. TBird said login failed. So I went to the website. I entered his username and password. *Which* 'website'? The Gmail website or the Google Account website? Two *related*, but totally different animals! That was/is the point I'm making in the part you snipped. (I hope you read and understood it.) It told me that due to a period of non-use they had disabled "insecure apps". Disabling and enabling "insecure apps" (actually 'Less secure app access' (https://myaccount.google.com/lesssecureapps)) is a *user* setting in the *Google* (*not* Gmail, *not* Thunderbird) account. No offense, but I think you just did the 'wrong' thing in the 'wrong' place. Quite an understandable 'error' and the kind which happens to a lot of people in these groups. BTW, if your brother is using IMAP, he can use OAuth2 instead of "insecure apps". If he's using POP3, he can use (Google) App Passwords. Yes, other cans-of-worms, but those are Google's ways! :-( There was no option to answer a secret question. They provided two options: Provide a phone # for a code to be messaged to or provide a second email address. In the latter case they would "consider the request and let me know"! You may have not seen it if you're logging in with something like an Android phone or Chromebook. He was using Mozilla software on Windows. That's my setup as well. Thunderbird on Windows (8.1) and access the Google Account or/and Gmail web-mailer via Internet Explorer or Google Chrome. And of course, none of this has anything to do with alleged security concerns. They could see that he was accessing his email from the same place he always had. It showd in his account settings. And providing a phone # doesn't confirm his ID. But they insisted it might have been hacked and so they needed a phone # before I could access the account settings to turn off the anti-non-Google setting that was blocking TBird. Yes, as I said/confirmed Google does have stupid policies. [...] |
#86
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
"Frank Slootweg" wrote
| It told me that due to a period of | non-use they had disabled "insecure apps". | | Disabling and enabling "insecure apps" (actually 'Less secure app | access' (https://myaccount.google.com/lesssecureapps)) is a *user* | setting in the *Google* (*not* Gmail, *not* Thunderbird) account. | And that's what they turned off. And that's what I re-enabled. And then it worked. And now his email is working again. To reiterate: They disabled non-Google access (which they call less secure apps), giving the excuse that the account hadn't been accessed for awhile. I then *had to* give them a cellphone number and accept a text message in order to get into the settings. It wasn't an option. I looked through the alternatives repeatedly before deciding I'd have to give them a phone number. Maybe it would have worked to buy a Chromebook. Maybe it would have worked for him to install Chrome. I don't know. Those options are absurd. By your own description they must have been the right settings because that's where I turned off the blocking. You know better than I do if you use gmail, but I know what they did in this case. Maybe it's a new trick. I don't know. I feel like I need a shower now just talking about actually visiting the bowels of Google's lair. |
#87
|
|||
|
|||
Do people of reasonable technical ability store their privatedata on the Internet (if so, for what gain?)
Mayayana wrote:
They disabled non-Google access (which they call less secure apps), giving the excuse that the account hadn't been accessed for awhile. I then *had to* give them a cellphone number and accept a text message in order to get into the settings. It wasn't an option. I looked through the alternatives repeatedly before deciding I'd have to give them a phone number. I must admit that I'm glad to hear that Google makes it difficult to enter someone's account without the proper credentials... |
#88
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
"Carlos E.R." wrote
| I doubt Google does datamining on the contents of google docs. But they | might. | I assume. That's their business model. And they lie. So it would be crazy for them not to datamine everywhere possible. And it's certain they'll lie about it. Remember the streetview incident? They were caught collecting any possible data from private wifi as they drove around. Then they lied about that and said it was an accident. Then they lied and said it was a "rogue engineer". They just lie. https://www.theregister.co.uk/2012/0...ogle_slurp_ok/ It's an amoral corporation, run and staffed by people who think they're amazing geniuses, who prefer to have their cellphone tell them what they should do today, who think they're helping the world, and most of them are game-addicted geeks with the emotional age of about 11. Eric Schmidt was supposed to be the staff adult, but he was worse. We had a very morally questionable person managing a lot of naive, savant children. Schmidt tried to run Hillary's campaign in 2016. His plan was to virtually steal the election by doing something like was done with Brexit -- use datamining to engineer every individual vote. In the process he even planned how they could exploit young people to do the work, pay them a pittance, and fire them all at the soonest possible moment. Yet another example of a faulty personality who thinks he's so smart that democracy and other peoples' rights are an obstacle to him helping the world. (Sound familiar? Billy Gates... Lord Jobs...) http://www.itwire.com/government-tec...n-in-2014.html Some might say the means would have justified the end to keep Trump out. But as bad as Trump is, I can't see justifying such dishonest, mean-spirited sleaze in order to keep him out. And I'm not even sure Hillary would have been so much better. Like Biden, she worked for the banks. But she was also arrogant, seemingly believing it was her turn to be hotshot. Politics? Who cares? Democratic values? Who cares? She just wanted a turn at being boss and no doubt would have continued her husband's tradition of plutocracy masquerading as progressivism. Which is why she lost. The youth, especially, saw through the scam. |
#89
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
"123456789" wrote
| They disabled non-Google access (which they call less secure apps), | giving the excuse that the account hadn't been accessed for awhile. | I then *had to* give them a cellphone number and accept a text | message in order to get into the settings. It wasn't an option. I | looked through the alternatives repeatedly before deciding I'd have | to give them a phone number. | | I must admit that I'm glad to hear that Google makes it difficult | to enter someone's account without the proper credentials... I don't see where you get that. He had a password and was accessing the account from the same IP address he's always accessed it from. I'd call that crdentials. They acknowledged in the settings that the location of his computer was one historically used. That is his location was known from past usage. So he had his username, password, and he was logging in from the same IP he'd always logged in from. And they chose to define that as a likely hack. My phone number/location was new, unknown to Google and not near where my brother lives. Yet they accepted that as a security test. That's not credentials. It's just mickey mouse excuses for spyware and data collection. You could have done the same thing if you'd known his password. A phone number means nothing. Probably someone in China could get into his account by providing a phone #. You call that security? If you don't mind the hassle of having to get a text and enter a code every time you check your email, and they know your phone number is you, then that may be idiocy but at least it's increased security. Demanding any old phone number is nothing more than sleazy datamining. What would have been *really* protecting his account would have been if they'd set up secret questions, like everyone else does. Even the IRS will let me in if I can answer the secret questions. Like what was your first pet's name. That's a safe way to allow people access and to let them get in if they've forgotten their password. But Google doesn't seem to have any such function. Why? Because they're looking for excuses to tie their tracking of your phone location and usage to your email ID. |
#90
|
|||
|
|||
Do people of reasonable technical ability store their private data on the Internet (if so, for what gain?)
Mayayana wrote:
"Frank Slootweg" wrote | It told me that due to a period of | non-use they had disabled "insecure apps". | | Disabling and enabling "insecure apps" (actually 'Less secure app | access' (https://myaccount.google.com/lesssecureapps)) is a *user* | setting in the *Google* (*not* Gmail, *not* Thunderbird) account. And that's what they turned off. And that's what I re-enabled. And then it worked. And now his email is working again. To reiterate: They disabled non-Google access (which they call less secure apps), giving the excuse that the account hadn't been accessed for awhile. I then *had to* give them a cellphone number and accept a text message in order to get into the settings. It wasn't an option. I looked through the alternatives repeatedly before deciding I'd have to give them a phone number. It's still vague! I don't care what 'they' did or did not do. I only care about what *you* did or did not do. Another try: When you had not given the phone number yet, could you log into the *Google* account (*not* Gmail, *not* Thunderbird) or not? If you could log into the Google account, you could have re-enabled 'Less secure app access' yourself. If you could not log into the Google account, why not? So nevermind Thunderbird and Gmail, concentrate on accessing and using the *Google* account. Maybe it would have worked to buy a Chromebook. Maybe it would have worked for him to install Chrome. I don't know. Those options are absurd. As I said, those 'options' are not needed. Internet Explorer and probably any other somewhat decent browser would have worked fine. By your own description they must have been the right settings because that's where I turned off the blocking. You know better than I do if you use gmail, but I know what they did in this case. Maybe it's a new trick. I don't know. I feel like I need a shower now just talking about actually visiting the bowels of Google's lair. Again, it's not about them, but about you. We *know* the 'Less secure app access' setting was wrong. What we don't know is *why* *you* could not *fix* it, because - as I said - it's a normal user settable setting. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|