BitTorrent Sync

Today Forbes has an article about how BitTorrent Sync is taking off. I’ve been using it since the beta was opened up, and I’m very impressed.

I run it on my phone. When I take a photo or record a movie, it sits in the DCIM folders (the name is part of the DCF standards for digital cameras). When the phone finds my home network, Sync automatically does a 1-way read-only sync of all the camera files to my Mac and my home server.

I run it on my tablet. When I have a PDF or other file I want to read later, I throw it in a folder on any of my computers. When I power on the tablet, it pulls all the new files across the network and I can tap to open whichever one I want to read next.

I run it on my laptops. When I find a cool new font while I’m working on web design, I toss it into the appropriate folder. When I go to my Mac after work, by the time I’ve logged in Sync will have transferred the data across.

The thing is, because it runs across my home network whenever possible, BitTorrent Sync is fast. Sure, SpiderOak is supposed to use LAN connections when possible, but it never seemed to work that way.

It also works over the public Internet. If I’m away from home and really need some file that didn’t have time to sync before I left, I can sync using free WiFi at a coffee shop, or tell BitTorrent Sync to use my wireless data plan to do the sync.

It’s also painless to set up. No accounts, no logging in, no extra passwords, no firewall changes, no servers to configure. Each sync folder has a 40-character secret which enables access to it, analogous to a URL. Copy that to the destination system(s) by whatever method you like and you’re done.

You can use these secrets to share files too. Set up a read-only sync folder, send the secret code to a friend via e-mail, they can paste it into their BitTorrent Sync and the folder will download via BitTorrent. Want to share 2GB video files with a collaborator? With BitTorrent Sync, you won’t pay to do so. Academics are using it to share terabytes of research data.

And the big point Forbes makes: It’s secure. All data which goes across the Internet is encrypted. There’s no cloud provider the NSA can force to disclose your data or keys without telling you.

Oh, and it’s free and works with NAS systems and headless servers. If you’re geeky enough you can run it on any random Linux VPS hosting plan and make your own DropBox alternative.

Got a computer you leave running at home? Then why pay DropBox $100 a year for a measly 100GB of on-the-go file access, when you can stick a 2TB hard drive in your computer for that price?

You might be worried about the battery implications of running a P2P client on your phone, right? Well, don’t be. At least on my phone, BitTorrent Sync uses less battery than “Cell standby”, i.e. remaining connected to the mobile network ready to receive a call.

In short, BitTorrent Sync is the best thing since rsync. It’s easily the best thing Bram Cohen and team have ever done. It has replaced my use of Google Drive, Box, and AeroFS. I still use SpiderOak, but increasingly just to keep an offsite encrypted backup of medical and tax records.

BitTorrent Sync is part of the bigger redecentralization movement, also known as the indie web movement, which seeks to break out of the walled gardens and move back towards the decentralized peer-to-peer system the Internet was designed to be. It’s also easier (on Windows, Mac and Android) and better than the centralized options, so give it a try if you value your freedom.

Another Google freakout

People are freaking out about a ‘new’ feature that lets people e-mail you from your Google+ profile, even if they don’t know your e-mail address.

Well, guess what? That feature has been in there for years. You can still read an article I wrote about the feature back in 2011. I’ve had it set to “Anyone can e-mail me” since before then, and I’ve received zero spam as a result. The only new feature is that Google+ contacts show up in Gmail’s autocomplete, and the preference is visible in Gmail as well as Google+.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the feature was “eerily similar to the Buzz fiasco, when Google tried to force Gmail users into Google’s social network service Buzz,” violating their privacy. [...]

“The FTC needs to determine whether this change to Google’s business practices violates the consent order that resulted from the Buzz investigation,” Rotenberg said.

Rotenberg needs to try to keep informed about the social networks he pontificates about. There has been no change to business practices, all they’ve done is make a pre-existing Google+ feature visible inside Gmail.

But this does point out, once again, that Google’s unnecessarily heavy-handed attempts to force people to use Google+ have resulted in the public perception that (a) nobody uses Google+ and (b) every change Google makes is a new privacy violation or attempt to coerce us.

Fun fact most people don’t realize: Google+ has more people actively using it as a social network than Twitter does. Yes, that’s more ‘in-stream’ users, i.e. people actively choosing to load the Google+ post stream and read it.

And I say all that as someone who has resolved not to use Google+ much in 2014.

Your Google+ identity is now your business card

Google are apparently hellbent on making your Google+ profile be your publicly visible worldwide profile. With this goal in mind, starting in 2014 Android phones will be displaying your Google+ profile information as caller ID when they receive a call from you. Your Google+ user icon, name, and other information will show up for whoever you call.

Not worried yet? Well, consider that my work phone number is a VoIP system which forwards the call to my cell phone. It’s a very common arrangement at IBM, where so many people work remotely or are mobile. It’s probably the same at many other big companies, not to mention schools and other organizations.

So, let’s imagine a few scenarios here.

  • You’re a teacher. You call a parent, and on their screen they get that amusing profile photo of you drunk off your face at a party.

  • You call your bank to ask about a loan. After the call, the bank manager idly taps the Google+ profile that appeared on his phone, and up come all your postings about the fancy new car you just bought.

  • You call in sick at work. Your manager notices you checked in to a restaurant half an hour ago.

  • You are a realtor. You call back a client, and they see that amusing fake name you put on your Google+ profile, and decide not to answer a call from Mr I.P. Freely.

Yes, I think it’s safe to say that this new policy is a privacy disaster waiting to happen. And like with Facebook, you’re opted in by default, and have to explicitly opt out.

Sure, you could not associate a phone number with you Google account. But if you do that, you can’t use the SMS-based 2-factor authentication to keep your account safe from hackers. You also lose the genuinely useful caller ID functionality.

Yes, you can opt out. But again, you lose the caller ID. And let’s be honest, we know how this is going to work, from playing Facebook Privacy Whack-A-Mole: sooner or later Google will ‘accidentally’ reset your preference, or add some other feature that unexpectedly makes your Google+ profile show up places you weren’t aware of.

So in my view, the only reasonable option now is to treat your Google+ profile as the worldwide public business card that Google obviously wants to force it to be.

If you’re not a heavy Google+ user, the obvious option is to remove almost all your info, and use some other social network. But if you want to keep using Google+ for its discussions, sharing and other features, you’ll probably want to create some other profile with which to do so.

Now, you could just create a whole separate Google+ profile with a new Gmail address and so on. But that’s a pain in the butt, and I think there’s a better option: create a page for yourself. As business people say, you are a brand.

Pages have a number of advantages. You can have lots of them, you don’t need additional accounts in order to manage them, and you can call them anything — no requirement to use your legal name. The downside is that switching between your Page identity and your main identity—which I’m going to call your worldwide public profile—can get a bit confusing. So, make sure you set a distinct profile photo for your page and your world profile. You might even want to set up multiple identities in your browser, so you can have a window for each while you get it all set up. You could also use a completely different browser for the page.

The main downside of Pages is that right now, it seems that the list of people a Page follows is always considered public information by Google. Or at least, I can’t find the setting to make it private.

Tip: When using Google+, the fastest way to switch between your page and your worldwide public profile is the drop-down menu you get by clicking your profile photo at top right.

Now, you’ll probably want to transfer your friends and other circles from your worldwide public profile to your page. But there’s a catch. A lot of Google+ seems to filter out pages you own from your search results. For example, you can’t just share a circle with one of your own pages; by default, your own pages don’t show up. (Or at least, they don’t for me.)

However, there’s a workaround. Once you’ve created the page that you’re going to use for personal stuff on Google+ and switched to using Google+ as that page, i.e. “managing the page”, you can then find your worldwide public profile on G+ and add yourself to the page’s “Following” circle temporarily. Now go back to using G+ as yourself, and go to your circles and look at who has added you. You should be able to find your page in the list, and add it to your Following circle.

Now that you have a temporary two-way circle relationship between yourself and your page, you should find that you can share something, search for your page by name, and have it show up.

So, you can now open one of your circles, and share it with your page (and only your page). You can then switch to your page, look at your notifications, and see that you shared a circle. You can then click through to the post, open the shared circle, and add the members to a circle that belongs to your page.

Once you do this, you’ll quickly discover that Google have implemented a hard limit on the number of changes you can make to your circles each day. So you’ll probably have to move over one circle per day until you’re done. In fact, if you have a lot of friends, you’ll probably have to do them a few at a time, because the limit appears to be 50 changes per day. (Seriously, Google? Nobody has more than 50 friends they might want to add to a circle when setting up their account?)

Of course, this is all a colossal pain in the ass. Google could ameliorate the pain by providing some tools, but right now they don’t support moving circles from personal accounts to pages, and they removed the circle import/export tools that existed back in 2011.

So I expect that what will actually happen is that another batch of active users will be driven away from Google+, but the user numbers will go up because of the influx of placeholder accounts. So, a win for Google in misleading statistical terms, but a big loss for Google+ users.

It’s also pretty easy to say what Google should have done: They should have implemented a “caller ID” info box as part of your Google profile, and prompted you to update the defaults (or delete the info) next time you logged in. But that wouldn’t have forced everyone to use Google+, so I guess it wasn’t an allowed solution. Apparently forcing people who don’t want to use Google+ to sign up is a much more important goal than meeting the needs of people who do want to use Google+.

Google+ name policy: three seven fatuous arguments

Following the discussion of Google’s profile name policy, I see some ridiculous arguments crop up with tedious regularity.

“It’s to stop spam.”

Looking at my spam folder, it’s full of mail from spammers with autogenerated fake names that would pass Google’s smell test: “Denese Mozelle”, “Adrien Lavona”, “Mohammad Alitahir”, “Letisha Lorri”, “Kelli Thomas”, and so on. If you don’t understand how trivially easy it is to bulk generate plausible WASPy names for spamming Google+, ask any programmer. If all else fails, spammers are quite willing to hack and steal account credentials of legitimate accounts in order to spam social networks.

If you haven’t had fake profiles with plausible looking female names try to friend you on Twitter and Facebook so they can invite you to visit their sexy web sites, you can’t have been using those services much. Spammers will even set up networks of web sites to try and push their spam through. Thinking up a plausible e-mail won’t hold them back for more than a few seconds.

There’s also the problem that spammers need to get you to follow them, for their ongoing spam to be effective on Google Plus. Conclusion: The anti-spam argument is bogus. The policy does nothing to stop spam.

“It’s to stop trolls.”

Trolls too have no problem inventing plausible names. If you play online video games, you’ll quickly discover plenty of trolls and griefers, even on services where you have to have a credit card number to get access.

In addition, some of the most famous/infamous trolls have used their real names — ROGER DAVID CARASSO, Richard Sexton, Jason Fortuny, John Dvorak, and so on. (I should note that these examples aren’t all full-time trolls, and some of them have retired from trolling at this point.) Those are just a few examples where I know the names are real; there are endless examples of trolls with names that would pass the Google Plus “smell test”, but which I don’t know are real — Adrian Chen, David Thorne, Joel Johnson of Gizmodo, and so on.

And again, the trolls need to get you to follow them and respond to them. Conclusion: The anti-troll argument is bogus, there are plenty of trolls with real or real-sounding names.

What really discourages trolls and spammers is giving users the tools to block them permanently, and recommend similar blocking to friends.

“It’s to stop people from being rude.”

Facebook has the same policy regarding real names. Have you seen any lack of rudeness on Facebook? Every now and again a page will fill up with bile and death threats, and there are entire web sites dedicated to cataloging everyday Facebook rudeness.

There’s also scientific research on online disinhibition that suggests that people flame more when they know each other’s identities.

“It’s not a problem for me personally.”

“TV censorship isn’t a problem for me, I don’t watch TV.”

“E coli contamination of meat isn’t a problem for me, I’m a vegetarian.”

“Sexism isn’t a problem for me, I’m male.”

“Anti-semitism isn’t a problem for me, I’m not Jewish.”

“The unemployment rate isn’t a problem for me, I have a job.”

See how none of these statements contribute anything positive to discussion of the appropriate topics, and would tend to offend those for whom the issue is a problem?

Conclusion: It’s a good idea to pause and think before ever saying “It’s not a problem for me” when discussing any contentious issue. Maybe there’s a case where it actually contributes useful information to say it, but off the top of my head I can’t think of one.

There are plenty of legitimate real-world situations where someone has a valid reason for wishing to use a pseudonym online, or wishing to use a name that doesn’t fit Google’s restrictions of “firstname and lastname in that order”. Here are a few:

  • Women who are suffering stalking or harrassment online.
  • People who are from foreign countries where names are handled differently, such as Korea. (And even if you have a western-style name on your driver’s license, that doesn’t mean you want that used as your name in a social context.)
  • People who live somewhere where your real name is whatever you say it is, like the UK.

So that’s tens of millions of people right there. So just because you have no valid reason or excuse to use a name other than the one on your driver’s license, doesn’t even begin to mean that nobody else does.

“Well, don’t use it then.”

Like the “It’s not a problem for me” argument, this one adds nothing to the discussion.

“Fox news is biased? Don’t watch it then.”

“Driving while texting is dangerous? Don’t do it then.”

“Cigarette smoke causes cancer? So don’t go places that allow smoking.”

The policies set by Google and Facebook determine many details of our social interactions on the Internet. If Google were to decide to block your personal web site, you would effectively be invisible on the Internet, and saying “Well, people should use a different search engine then” wouldn’t be any help to you.

In addition, the mere existence of personal choice does not mean we should refrain from criticism of corporations and their products.

“It’s so people can find you.”

If most of your friends call you by your nickname in real life, and almost all your Internet contacts know you by your nickname, then that’s going to be the name people will use to search for you in Google+. People aren’t going to search for Stefani Germanotta.

Yet there are plenty of examples where Google have suspended people’s profiles and tried to force them to use a name hardly anyone knows them by, because the name someone is most commonly known by is not necessarily at all similar to their legal name.

“Just use your real name and there’s no problem.”

First of all, there are hundreds of millions of people around the world whose names do not obey the rules “must be written as firstname lastname in plain ASCII”.

Secondly, there are many people who are harmed by being forced to use a “real name”.

Thirdly, the rules presented by Google are ambiguous if the name you are most commonly known by is not your legal name. It’s quite possible in many countries to have credit cards and other everyday identification with names other than the name by which you are known to the government.

Google +, circles, and privacy

With people moving to Google Plus, I’ve seen some confusion about friends, circles and access.

On Facebook, if someone lists you as a friend, you get a request asking you to confirm it. On Google Plus, someone can add you to one of their circles without your permission. This is not, however, a privacy issue. The reason is that the things you post on Google Plus only go to people in your circles by default, not to people who list you in their circles.

Some creepy guy you don’t like added you to his circles? Ignore it. Unless you add him to one of your circles, he won’t see anything extra about you by adding you to his circles, unless one of the following things happens:

  1. You explicitly choose the “Public” option when posting.
  2. You explicitly choose the “Extended circles” option when posting, and one of your friends has put Mr Creepy Guy in one of their circles.

Both options show up in a different color from the circles of friends you define:

Don’t pick either of those two green options, and Mr Creepy will never see anything you post unless you put him in one of your circles. The fact that he’s told g+ that he wants to see your updates does not mean that he will.

(As an aside, this is an interesting example of how using red and green colors in UI design is often problematic. Green means “go” and “no restrictions”, but it also means “safe”. In this case, the two meanings are at odds.)

OK, you say, but couldn’t Google give me a way to block him from adding me to his circles? Well, if he wasn’t allowed to add you to his circles, he could still stalk you just as effectively by going to your profile page and hitting refresh every hour or so. So preventing people from being able to add you to their circles would not actually give you any more real privacy or security; just the illusion of safety.

If you’re offended by his ability to even say that he wants to see your updates, well, I suggest that you get over it. He could communicate a lot worse on his web site.

Circles are an access control mechanism when you post to them, and an interest list when you read from them. That is, when you post to a circle the circle defines who sees the post; but when you put someone in a circle and read the circle, that’s a completely different operation, and doesn’t change any access to posts. I think that’s why people get confused. It might have been better if they were separate things, but the “people who I’m interested in” and “people I don’t mind seeing what I write” lists are probably very similar for most people.

Also, a couple of quick tips about circles:

  • If you click on a circle name in the left navigator, you get a page of updates just from people in that circle. If you then go to post an update, it defaults to going to just that circle.
  • If you start posting an update from the main “Stream” page (which shows updates from people in all your circles), by default you get whatever set of circles you selected last time you posted from the Stream page. You do not get “Public” by default.

Also, the fact that the set of circles a post will go to is always visible, is a big win over Facebook’s “lists of friends” functionality. It means it’s much harder to make something public by accident.

If you want to post to everyone you’ve trusted enough to put in a circle, you don’t need to have a circle for that. Instead, you can click the link for adding people or circles:

The drop-down menu has an entry “Your circles”, which automatically contains everyone in all your circles, but not Mr Creepy:

Once you select “Your circles”, it shows up as a special blue pseudo-circle:

You can also type people’s names into the “Add circles or people” box, rather than using the menu. Google Plus will autocomplete them from your list of people in your circles. If you explicitly add someone by name in this way, they get notified of the post by default, even if they’re also in one of the circles — just like if you used ‘@’ or ‘+’ and their name in the post itself.