Category Archives: Google

developers of Rosy, the *real* Babel fish for a digital world.

who needs to spy on citizens when you have access to their social networks?

Posted on by

Some governments (or, rather, some people who run countries (since we now live in the Age of the Individual (AI)) or, rather, some people who run some region of the world, from your block on up) would very much like to read the minds of its citizens. Not as thought police you understand. Just to be able to make sure that the wrong-thinking people can get picked out as early as possible. And not in any overt way. It’s just that if a person becomes a “person of interest” it would be good to be able to monitor what they are thinking. Right? The status update box offered by many cloud-based consumer services functions precisely as a thought box. “What’s on your mind?” it asks and we reply, telling our friends, and we hope only our friends, the most important thing we have to tell them at that particular moment.

facebook thought box

please put a thought in the thought box

So the closest thing people who run things have to reading the minds of the people who are part of the things they run is the Thought Flows of those Cloud-based services that provide an opportunity to the people who live in those organizations or regions. So why wouldn’t government authorities want access to our News Feeds? Our status update boxes? Here’s a report (by Barton Gellman/ TECHLAND (TIME)) dated Jan 14 2011 on one between twitter and the “feds” — the paragraph doesn’t identify the particular “feds” in question. The relevant paragraph:

Federal prosecutors want to indict Julian Assange for making public a great many classified documents. In December the feds obtained a secret order instructing Twitter to hand over private account contents for Assange and four Wikileaks associates, including network addresses, connection logs, credit card information and identities of everyone they talked to. The order forbade Twitter to notify those affected, among them Birgitta Jónsdóttir, a member of Iceland’s parliament.

The “secret order” is a National Security Letter (I warn you, if that’s a concern, if you click on the link you’ll be reading it — the links are from TIME in that paragraph, not me) and you can read all about the ACLU’s fight on our behalf over those here and in this article (pub Jan 9 2011): Twitter shines a spotlight on secret F.B.I. Subpoenas, by Noem Chen at The New York Times. The key point is that an NSL “allows the FBI to forbid or “gag” anyone who receives an NSL from telling anyone about the record demand.” (from the ACLU article) — my italics.

Contrast this with the situation that came to pass in Tunisia recently. In The Inside Story of How Facebook Responded to Tunisian Hacks, published Jan 24 2011, Alexis Madrigal of the Atlantic reports as follows, where Ammar is the nickname given by Tunisians to “the authorities that censor the country’s Internet.”

At Facebook, ["Facebook's Chief Security Officer Joe"] Sullivan’s team decided to take an apolitical approach to the problem. This ["Ammar was in the process of stealing an entire country's worth of passwords"] was simply a hack that required a technical response. “At its core, from our standpoint, it’s a security issue around passwords and making sure that we protect the integrity of passwords and accounts,” he said. “It was very much a black and white security issue and less of a political issue.”

Which is fine and the rest of the article goes on to discuss Facebook’s response to this challenge. But the issue is this: What would Facebook have done if Tunisia had in place a system of secret orders as the US does and had simply given a representative of Facebook such a letter and said you operate in our country and please hand over this information? What, that’ll never happen you say? And they’ll just turn around and say no? I point you to the Google Transparency Report and this quote from the FAQ I retrieved today:

The “data requests” numbers reflect the number of requests we received about the users of our services and products from government agencies like local and federal police. They don’t indicate whether we complied with a request for data in any way. When we receive a request for user information, we review it carefully and only provide information within the scope and authority of the request. We may refuse to produce information or try to narrow the request in some cases.

We would like to be able to share more information, including how many times we disclosed data in response to these requests, but it’s not an easy matter. The requests we receive for user data come from a variety of government agencies with different legal authorities and different forms of requests. They don’t follow a standard format or necessarily seek the same kinds of information. Requests may ask for data about a number of different users or just one user. A single request may ask for several types of data but be valid only for one type and not for another; in those cases, we disclose only the information we believe we are legally required to share. Given all this complexity, it’s a difficult task to categorize and quantify these requests in a way that adds meaningful transparency, but we plan to in the future.

In the article on Facebook there’s also this quote from Mr. Sullivan:

Though Sullivan is the unflappable type, the Tunisian situation seemed to force him into a bit of reflection. “When you step back and think about how Internet traffic is routed around the world, an astonishing amount is susceptible to government access,” he noted.

Hmm. I first mentioned the Guardians of Access in a post nearly two years ago, assuming that governments as controllers of Internet access were always on peoples’ minds and going on to talk about the other GOA. Was I wrong? Is no-one thinking about this? Why has the “turning off “of the Internet in Egypt been such a surprise? (See also this post about “the voice of cldwrld” from Dec. of 2009.)

Perhaps it would be worthwhile for Google and Facebook to get together on this one? And perhaps every other social network in the world? That operates in-country or world-wide? Like those on this list.

“working with the Cloud” v1.1

Posted on by

There are a number of terms out there that seem to be used interchangeably at different times and in different places, but the challenge lies in the difference between Cloud-based and Web-based applications.

There’s “online application” vs. “Web-based application” vs.”Web application” vs.”Cloud Computing application” vs.”Cloud-based application” (and probably more). “Online application” redirects on Wikipedia to “Web application,” so that’s fine and that takes care of “Web-based application.”

I’m going to explain what I think about that in an upcoming post but first I have to tweak the definition I have of Cloud-based computing.  There might be technical differences between them when examined closely but it is the interchangeability that I, just a guy grappling with technology, find confusing.

So I was looking at the part in the “details” section where I talk about how I understand the Cloud and I think that by tweaking it I can roll all those definitions into one – the one I have used throughout this blog: “Cloud-based application.”

Just remember this is not a technical definition of Cloud computing (if you want one of those, you could, for example, check out the NIST version.) It’s just an attempt at it from the perspective of a guy grappling with technology.

So here we go:

Old Version – v1.0

So how do you understand the Cloud?

The simplest definition of Cloud-based applications and Cloud-stored data I can put together (that relates to an individual’s use of it) is that they are applications and data I use that are not on my Internet-connected computer but somewhere on other computers connected to the Internet (in “the Cloud”) which I connect to over the Internet. So that’s what I’m going to use.

So examples for me would be Gmail, Blogger and Second Life.

In terms of hardware and software I think of it like this; “all the computers (excluding my own) with associated hardware and software potentially accessible to me via the Internet on which I can run and/or access applications, including multi-user applications.”

Here’s the new version of that section. Essentially what I’ve done is replace “Internet” with the wider term “network” and added Facebook as an example.

New Version – v1.1

So how do you understand the Cloud?

The simplest definition of Cloud-based applications and Cloud-stored data I can put together (that relates to an individual’s use of it) is that they are applications and data I use that are not on my network-connected device but somewhere (I may or may not know exactly where) on other computing and storage devices connected to the network (in “the Cloud”) which I connect to over the network. So that’s what I’m going to use.

So examples for me of a Cloud-based application would be Gmail, Blogger, Facebook and Second Life.

In terms of hardware and software I think of it like this; “all devices (excluding my own) with associated hardware and software potentially accessible to me via the network on which I can run and/or access applications, including multi-user applications.”

Then I stripped a bit out which doesn’t make sense any more (actually, looking back, I don’t think it ever did) and then I have this:

Since many people may attach to a particular application at the same time, I can use a user id/password combination to uniquely identify myself to it..

So what I’ve got is a network over *there* with computing and storage devices attached to it with data and applications on them and over *here* I have me with my network-attached device with an application on it that lets me connect to the network and hence to those applications and data.

In the next post I’ll try working with it. The way it’s written now I think it can handle massive multi-user applications (like Facebook) attached to a massive network (the Internet) to small multi-user applications running on small private networks (an example of which is, I think, Tonido). So we’ll see. The goal, remember, is to wrap all those definitions into this one.

It might be that someone looking at that definition says, “Well, I’ve done that for a long time and never called it Cloud-based computing.” To which my answer is,” Absolutely. If you don’t want to call what you do Cloud-based computing go ahead. This is only my definition after all. Although, I have to say, for me it’s a nice definition because it cleans up for me the confusion.” (see next post).

updated 3/18/10 revised to make the post clearer – added first paragraph.