I will never forget that the Christchurch shooting video was automatically deleted from users' PRIVATE Google Drive and Dropbox - no warnings were given and no explanation was presented.
I wonder if in the future we'll need a "unique-inize" app that will make trivial changes to pictures and videos that change their hash and their size by a few bytes to defeat this kind of nonsense. Changing even one pixel's hue on one frame by a small amount should make the whole thing encode (depending on codec) to a different size and hash.
It would have been interesting if any of those users who got their video file deleted would have been directly attached to the shooter (like an accomplice, let's say), afaik that would have meant that Google Driver and Dropbox had tampered evidence.
That eliminate both options for journalists and lawyers. There are professions which could have legitimate reasons for having the material and as terrible as it is, is it actually illegal?
I was actually trying to watch that video the other day. Google would not find it, Bing listed the actual video as the top result. Never thought I'd start to respect bing over google.
It is like arguing against capital punishment using Ted Bundy's case as example. Generally that works the other way with most people and that's the kind of person they enthusiastically support the state murdering.
Similarly the reaction of most people to Google removing that video is going to be "good" and you're going to have a very uphill battle convincing them otherwise, and you're probably going to lose.
If you talk about university researchers that study pornography and Google nuking their research or their ability to share their research with other institutions, you'd probably make more headway.
It is only on a site like HN where the most upvoted commment is "OMG they deleted practically the worst video imaginable from a mass shooting incident can you believe those fascists?" and everyone votes it up to the top.
Aside from legitimate DMCAs what I'm worried about is losing backupped files of any sort because some rogue individual files a complaint on stuff they don't own or because of an ML error and an inexistent customer service by Google. Also I don't really like the service to sneak onto any files I upload. What alternatives do we have for cloud file backup? I already do full backups, need something to sync files between devices.
I use an S3-comptaible hoster with the rclone client which supports encryption/decryption on the fly. That is, I don't even need to trust my S3 provider.
For syncing between devices, I guess `rclone sync` should do the trick.
An owncloud droplet or owncloud on a VPS. Or an owncloud paid instance. All depends on your budget and your needs and your time.
I totally switched off Dropbox when they limited the number of devices. Self host owncloud on a VPS, am very happy. From time to time I have to occ:upgrade something et voilà. Used for syncing, not backing up.
It helps that I can install and maintain it though, wouldn't recommend it to anyone without a bit of wed/IT experience or the time to lean some basics.
You wouldn't lose the content just the ability to share it, if I read it correctly, which is something I wouldn't normally want anyway. My backups are done with restic so Google can't tell what's present since it's encrypted.
It is not announcing new content restriction policies. Those have already been in place. What's new are the user notifications:
Not new: "When a Google Drive file is identified as violating Google's Terms of Service or program policies, it may be restricted."
New: "Now, the owner of the item in Google Drive will receive an email notifying them of the action taken, and alerting them of how to request a review of the restriction if they think it is a mistake. For items in shared drives, the shared drive manager will receive the notification"
I've been a Google Fi customer for 6 or 7 years now and what constantly scares the hell out of me is the subreddit where about every 3-6 months you see someone saying:
"Google Fi did me wrong, so I reversed the charges on CC - now my entire Google account is locked / all photos / all files in drive"
This seems... like it's going to get regulated soon. Just going to take blocking the wrong account some day and boom, here we go, legislation.
Ironically, craping the web can result in termination of your account:
“we reasonably believe that your conduct causes harm or liability to a user, third party, or Google — for example, by hacking, phishing, harassing, spamming, misleading others, or scraping content that doesn’t belong to you”
And the cycle repeats. It starts with the obvious malware or hollywood movie takedown, but the actual policy is anything which goes against an opaque and subjective acceptable use policy, which means the entire world's files now need to conform to discourse within the narrowly defined Overton window controlled by a tiny group of likeminded people.
Fast forward a few years, and we can all predict which content will be "hate speech" and which almost identical content will be allowed. Detection of copyright protected content will be automated, but appeals for fair use will be manual, slow and difficult. Double standards will abound where the liberal ideals of the company run up against corporate interests, favored politicians or powerful governments.
And of course- someone will make a competing service which doesn't police content, and that service will in turn become a cesspool as all the worst offenders will be massively over represented there compared to merely the good netizens concerned about protecting a free internet.
Maybe a massive move to decentralization is the only thing that can save us. 100 different services with 100 different policies on which content is allowed seems far better than the direction we're headed. I'd rather at least have the easy choice and understanding of which ideology and set of interests I'm being filtered through.
I have, uh, mp3 backups of all the music I have owned from my, um, ludicrously massive CD collection. Is it worth the risk that google might one day decide I am a pirate and block my account?
Is there a legal requirement to do a DMCA take down of something the copyright holder doesn't know about?
If you put something on Twitter mentioning certain cryptocurrency keywords (e.g. MetaMask), you'll get reply tweets from bots in a few seconds with fake support documents hosted on Google drive.
My sense is that this is what they are trying to stop.
Totally misleading headline and all these comments are commenting on the headline without reading the article. Google has _always_ had anti-abuse systems that will restrict sharing for content that violates ToS. The new feature is that the content owner will now be notified when their content has been restricted, if that owner has a Workspace account.
'our' files comrade. At this point it makes 0 sense to keep files in drive, since if the magical algorithm has any issues you have 0 ways of combating it.
You can encrypt your files with Cryptomator[1] if you don't want Google looking at your files. I'm not sure about their policy on that though? I mean if it's encrypted, then they can't scan for piracy / Christchurch videos and other contraband, right?
What __is__ your recommendation for setting up remote backup for private use? I am thinking of something that can be used to sync and / or backup different devices for people of differing tech affinity.
I think this question deserves re-examination now, since recommendations likely change due to the facts in the op.
As far as I know, it used to be that one should either "roll one's own cloud" (whatever that means for a non-technical user), or simply use the best-integrated tool like Google Drive, DropBox, Apple for the devices at hand and live with the fact that the company will train whatever AI model du jour on your private data.
The reason for this binary recommendation was as follows: while services like SpikerOak exist, who say they encrypt your data, the believability of that was never exactly high. Most likely, your data might still get mined. Most likely, the NSA still scans all your docs. However, now you pay extra for "security theater".
Instead of paying for such questionable offerings, the decision was rather binary: decide to either go full-hog (if able) and do your own, or just upload it to Google Drive and stop caring about who reads your private documents.
But now, if Google starts actively reading, policing and deleting your data without even pretending to give you privacy, I think encrypted services start to have a use case again.
I'm sorry, Google will scan my personal files for hate speech now? When exactly the the first amendment become toilet paper? Certainly feels like it happened in the last 2 years.
obligatory mention that the first amendment doesn't apply to private companies, only governments. Then reply and say, "I mean the spirit of the first amendment" and then I'll agree with you. better to just say "free speech principles" rather than "first amendment"
On a technical level: I assume they'd be finding files they want to block by looking for a hash, right? Are these guaranteed to be unique or are collisions possible? And any organized and genuine bad actors can work around some kind of hash filter by altering files slightly, right? I'd hate to think that Google's abject arrogance is going to result in false positives that are going to nuke normal peoples' livelihood with no recourse while again barely having an impact on real bad guys.
On an ethical and moral level: my opinion is subjective, but this puts an undesirable amount of control over people in the hands of a company that has demonstrated that it cannot be trusted. If Google cannot provide actual human customer support to avoid wrecking lives with bad algorithms that make wrong decisions, then their policy should be to merely allow everything that's not blocked by law/court-order.
You seem to be under the impression that either of those imply end-to-end encryption, which they don't. (And in Drive's case, AFAIK, E2EE is not an offered nor advertised feature.) The data was encrypted during transmission to Google's servers, sure, but it was encrypted to them; similarly, yeah, they store it encrypted … and they have the key.
(This isn't atypical either, sadly. E2EE is the exception…)
Encrypted at rest and transfer just means that if an unauthorized someone gets ahold of their backend systems, they can't read the file. It doesn't mean that Google can't maintain the key and use it to process and inspect the files. If they didn't have and use the key, they would never be able to create previews for files they keep, nor would they be able to offer a search function.
Backups and sharing are rather different use cases. There's no mention of deleting the file (though it is something Google has done before) in this announcement.
I switched to a self-hosted Nextcloud instance some time back. Backups GPG encrypted and shunted to S3 for opaque offsite backup. It works quite well, and I don't have any concerns that a mistrained algorithm is going to lock me out of my files.
Someone has been running a massive fake DMCA notice bot targeting website contact forms with links to Google Cloud Storage files for the last year. I wonder if this is in response to this ongoing campaign?
[+] [-] deadalus|4 years ago|reply
[+] [-] snarf21|4 years ago|reply
[+] [-] api|4 years ago|reply
Not encrypted (at rest and in transit) => not private.
There are no exceptions.
[+] [-] micromacrofoot|4 years ago|reply
[+] [-] paganel|4 years ago|reply
[+] [-] mrweasel|4 years ago|reply
[+] [-] dokem|4 years ago|reply
[+] [-] lern_too_spel|4 years ago|reply
[+] [-] srj|4 years ago|reply
[+] [-] paulpauper|4 years ago|reply
[+] [-] 2OEH8eoCRo0|4 years ago|reply
[+] [-] pedro2|4 years ago|reply
[+] [-] beachy|4 years ago|reply
Though while giving a warning is clearly inappropriate, they should certainly have explained what they did.
[+] [-] lamontcg|4 years ago|reply
It is like arguing against capital punishment using Ted Bundy's case as example. Generally that works the other way with most people and that's the kind of person they enthusiastically support the state murdering.
Similarly the reaction of most people to Google removing that video is going to be "good" and you're going to have a very uphill battle convincing them otherwise, and you're probably going to lose.
If you talk about university researchers that study pornography and Google nuking their research or their ability to share their research with other institutions, you'd probably make more headway.
It is only on a site like HN where the most upvoted commment is "OMG they deleted practically the worst video imaginable from a mass shooting incident can you believe those fascists?" and everyone votes it up to the top.
The HN echo chamber bubble is real.
[+] [-] aledalgrande|4 years ago|reply
[+] [-] enz|4 years ago|reply
For syncing between devices, I guess `rclone sync` should do the trick.
[+] [-] johnchristopher|4 years ago|reply
I totally switched off Dropbox when they limited the number of devices. Self host owncloud on a VPS, am very happy. From time to time I have to occ:upgrade something et voilà. Used for syncing, not backing up.
It helps that I can install and maintain it though, wouldn't recommend it to anyone without a bit of wed/IT experience or the time to lean some basics.
[+] [-] U8dcN7vx|4 years ago|reply
[+] [-] toomuchtodo|4 years ago|reply
[+] [-] wly_cdgr|4 years ago|reply
[+] [-] tomc1985|4 years ago|reply
[+] [-] allturtles|4 years ago|reply
It is not announcing new content restriction policies. Those have already been in place. What's new are the user notifications:
Not new: "When a Google Drive file is identified as violating Google's Terms of Service or program policies, it may be restricted."
New: "Now, the owner of the item in Google Drive will receive an email notifying them of the action taken, and alerting them of how to request a review of the restriction if they think it is a mistake. For items in shared drives, the shared drive manager will receive the notification"
[+] [-] xen2xen1|4 years ago|reply
[+] [-] rkalla|4 years ago|reply
"Google Fi did me wrong, so I reversed the charges on CC - now my entire Google account is locked / all photos / all files in drive"
This seems... like it's going to get regulated soon. Just going to take blocking the wrong account some day and boom, here we go, legislation.
[+] [-] COGlory|4 years ago|reply
[+] [-] skinnymuch|4 years ago|reply
[+] [-] hoppla|4 years ago|reply
“we reasonably believe that your conduct causes harm or liability to a user, third party, or Google — for example, by hacking, phishing, harassing, spamming, misleading others, or scraping content that doesn’t belong to you”
[+] [-] floor2|4 years ago|reply
Fast forward a few years, and we can all predict which content will be "hate speech" and which almost identical content will be allowed. Detection of copyright protected content will be automated, but appeals for fair use will be manual, slow and difficult. Double standards will abound where the liberal ideals of the company run up against corporate interests, favored politicians or powerful governments.
And of course- someone will make a competing service which doesn't police content, and that service will in turn become a cesspool as all the worst offenders will be massively over represented there compared to merely the good netizens concerned about protecting a free internet.
Maybe a massive move to decentralization is the only thing that can save us. 100 different services with 100 different policies on which content is allowed seems far better than the direction we're headed. I'd rather at least have the easy choice and understanding of which ideology and set of interests I'm being filtered through.
[+] [-] Workaccount2|4 years ago|reply
[+] [-] thisiscorrect|4 years ago|reply
[+] [-] szszrk|4 years ago|reply
I've got a feeling this will be mostly an automatic DMCA takedown tool.
[+] [-] ipsin|4 years ago|reply
If you put something on Twitter mentioning certain cryptocurrency keywords (e.g. MetaMask), you'll get reply tweets from bots in a few seconds with fake support documents hosted on Google drive.
My sense is that this is what they are trying to stop.
[+] [-] micromacrofoot|4 years ago|reply
[+] [-] jeffbee|4 years ago|reply
[+] [-] coolgoose|4 years ago|reply
[+] [-] attack-surface|4 years ago|reply
[1] https://cryptomator.org/
[+] [-] zwaps|4 years ago|reply
What __is__ your recommendation for setting up remote backup for private use? I am thinking of something that can be used to sync and / or backup different devices for people of differing tech affinity.
I think this question deserves re-examination now, since recommendations likely change due to the facts in the op.
As far as I know, it used to be that one should either "roll one's own cloud" (whatever that means for a non-technical user), or simply use the best-integrated tool like Google Drive, DropBox, Apple for the devices at hand and live with the fact that the company will train whatever AI model du jour on your private data.
The reason for this binary recommendation was as follows: while services like SpikerOak exist, who say they encrypt your data, the believability of that was never exactly high. Most likely, your data might still get mined. Most likely, the NSA still scans all your docs. However, now you pay extra for "security theater".
Instead of paying for such questionable offerings, the decision was rather binary: decide to either go full-hog (if able) and do your own, or just upload it to Google Drive and stop caring about who reads your private documents.
But now, if Google starts actively reading, policing and deleting your data without even pretending to give you privacy, I think encrypted services start to have a use case again.
[+] [-] the_doctah|4 years ago|reply
[+] [-] KindOne|4 years ago|reply
[+] [-] freedomben|4 years ago|reply
obligatory mention that the first amendment doesn't apply to private companies, only governments. Then reply and say, "I mean the spirit of the first amendment" and then I'll agree with you. better to just say "free speech principles" rather than "first amendment"
[+] [-] pedro2|4 years ago|reply
Also, on some FB group someone said Google had deleted the copyright infringing files. Can anyone confirm it happens?
[+] [-] logicalmonster|4 years ago|reply
On an ethical and moral level: my opinion is subjective, but this puts an undesirable amount of control over people in the hands of a company that has demonstrated that it cannot be trusted. If Google cannot provide actual human customer support to avoid wrecking lives with bad algorithms that make wrong decisions, then their policy should be to merely allow everything that's not blocked by law/court-order.
[+] [-] ThinkBeat|4 years ago|reply
Google claims files are encrypted at rest and encrypted during transfer.
Metadata inspection? Checksum during upload?
[+] [-] deathanatos|4 years ago|reply
You seem to be under the impression that either of those imply end-to-end encryption, which they don't. (And in Drive's case, AFAIK, E2EE is not an offered nor advertised feature.) The data was encrypted during transmission to Google's servers, sure, but it was encrypted to them; similarly, yeah, they store it encrypted … and they have the key.
(This isn't atypical either, sadly. E2EE is the exception…)
[+] [-] x86_64Ubuntu|4 years ago|reply
[+] [-] djoldman|4 years ago|reply
> Encryption: your data can only be accessed with your personal keys. We can't access your data even if we wanted to!
[+] [-] falcolas|4 years ago|reply
[+] [-] cheald|4 years ago|reply
[+] [-] cabalos|4 years ago|reply