Another Google freakout

People are freaking out about a ‘new’ feature that lets people e-mail you from your Google+ profile, even if they don’t know your e-mail address.

Well, guess what? That feature has been in there for years. You can still read an article I wrote about the feature back in 2011. I’ve had it set to “Anyone can e-mail me” since before then, and I’ve received zero spam as a result. The only new feature is that Google+ contacts show up in Gmail’s autocomplete, and the preference is visible in Gmail as well as Google+.

Marc Rotenberg, executive director of the Electronic Privacy Information Center, said the feature was “eerily similar to the Buzz fiasco, when Google tried to force Gmail users into Google’s social network service Buzz,” violating their privacy. [...]

“The FTC needs to determine whether this change to Google’s business practices violates the consent order that resulted from the Buzz investigation,” Rotenberg said.

Rotenberg needs to try to keep informed about the social networks he pontificates about. There has been no change to business practices, all they’ve done is make a pre-existing Google+ feature visible inside Gmail.

But this does point out, once again, that Google’s unnecessarily heavy-handed attempts to force people to use Google+ have resulted in the public perception that (a) nobody uses Google+ and (b) every change Google makes is a new privacy violation or attempt to coerce us.

Fun fact most people don’t realize: Google+ has more people actively using it as a social network than Twitter does. Yes, that’s more ‘in-stream’ users, i.e. people actively choosing to load the Google+ post stream and read it.

And I say all that as someone who has resolved not to use Google+ much in 2014.

Your Google+ identity is now your business card

Google are apparently hellbent on making your Google+ profile be your publicly visible worldwide profile. With this goal in mind, starting in 2014 Android phones will be displaying your Google+ profile information as caller ID when they receive a call from you. Your Google+ user icon, name, and other information will show up for whoever you call.

Not worried yet? Well, consider that my work phone number is a VoIP system which forwards the call to my cell phone. It’s a very common arrangement at IBM, where so many people work remotely or are mobile. It’s probably the same at many other big companies, not to mention schools and other organizations.

So, let’s imagine a few scenarios here.

  • You’re a teacher. You call a parent, and on their screen they get that amusing profile photo of you drunk off your face at a party.

  • You call your bank to ask about a loan. After the call, the bank manager idly taps the Google+ profile that appeared on his phone, and up come all your postings about the fancy new car you just bought.

  • You call in sick at work. Your manager notices you checked in to a restaurant half an hour ago.

  • You are a realtor. You call back a client, and they see that amusing fake name you put on your Google+ profile, and decide not to answer a call from Mr I.P. Freely.

Yes, I think it’s safe to say that this new policy is a privacy disaster waiting to happen. And like with Facebook, you’re opted in by default, and have to explicitly opt out.

Sure, you could not associate a phone number with you Google account. But if you do that, you can’t use the SMS-based 2-factor authentication to keep your account safe from hackers. You also lose the genuinely useful caller ID functionality.

Yes, you can opt out. But again, you lose the caller ID. And let’s be honest, we know how this is going to work, from playing Facebook Privacy Whack-A-Mole: sooner or later Google will ‘accidentally’ reset your preference, or add some other feature that unexpectedly makes your Google+ profile show up places you weren’t aware of.

So in my view, the only reasonable option now is to treat your Google+ profile as the worldwide public business card that Google obviously wants to force it to be.

If you’re not a heavy Google+ user, the obvious option is to remove almost all your info, and use some other social network. But if you want to keep using Google+ for its discussions, sharing and other features, you’ll probably want to create some other profile with which to do so.

Now, you could just create a whole separate Google+ profile with a new Gmail address and so on. But that’s a pain in the butt, and I think there’s a better option: create a page for yourself. As business people say, you are a brand.

Pages have a number of advantages. You can have lots of them, you don’t need additional accounts in order to manage them, and you can call them anything — no requirement to use your legal name. The downside is that switching between your Page identity and your main identity—which I’m going to call your worldwide public profile—can get a bit confusing. So, make sure you set a distinct profile photo for your page and your world profile. You might even want to set up multiple identities in your browser, so you can have a window for each while you get it all set up. You could also use a completely different browser for the page.

The main downside of Pages is that right now, it seems that the list of people a Page follows is always considered public information by Google. Or at least, I can’t find the setting to make it private.

Tip: When using Google+, the fastest way to switch between your page and your worldwide public profile is the drop-down menu you get by clicking your profile photo at top right.

Now, you’ll probably want to transfer your friends and other circles from your worldwide public profile to your page. But there’s a catch. A lot of Google+ seems to filter out pages you own from your search results. For example, you can’t just share a circle with one of your own pages; by default, your own pages don’t show up. (Or at least, they don’t for me.)

However, there’s a workaround. Once you’ve created the page that you’re going to use for personal stuff on Google+ and switched to using Google+ as that page, i.e. “managing the page”, you can then find your worldwide public profile on G+ and add yourself to the page’s “Following” circle temporarily. Now go back to using G+ as yourself, and go to your circles and look at who has added you. You should be able to find your page in the list, and add it to your Following circle.

Now that you have a temporary two-way circle relationship between yourself and your page, you should find that you can share something, search for your page by name, and have it show up.

So, you can now open one of your circles, and share it with your page (and only your page). You can then switch to your page, look at your notifications, and see that you shared a circle. You can then click through to the post, open the shared circle, and add the members to a circle that belongs to your page.

Once you do this, you’ll quickly discover that Google have implemented a hard limit on the number of changes you can make to your circles each day. So you’ll probably have to move over one circle per day until you’re done. In fact, if you have a lot of friends, you’ll probably have to do them a few at a time, because the limit appears to be 50 changes per day. (Seriously, Google? Nobody has more than 50 friends they might want to add to a circle when setting up their account?)

Of course, this is all a colossal pain in the ass. Google could ameliorate the pain by providing some tools, but right now they don’t support moving circles from personal accounts to pages, and they removed the circle import/export tools that existed back in 2011.

So I expect that what will actually happen is that another batch of active users will be driven away from Google+, but the user numbers will go up because of the influx of placeholder accounts. So, a win for Google in misleading statistical terms, but a big loss for Google+ users.

It’s also pretty easy to say what Google should have done: They should have implemented a “caller ID” info box as part of your Google profile, and prompted you to update the defaults (or delete the info) next time you logged in. But that wouldn’t have forced everyone to use Google+, so I guess it wasn’t an allowed solution. Apparently forcing people who don’t want to use Google+ to sign up is a much more important goal than meeting the needs of people who do want to use Google+.

Google+ name policy: three seven fatuous arguments

Following the discussion of Google’s profile name policy, I see some ridiculous arguments crop up with tedious regularity.

“It’s to stop spam.”

Looking at my spam folder, it’s full of mail from spammers with autogenerated fake names that would pass Google’s smell test: “Denese Mozelle”, “Adrien Lavona”, “Mohammad Alitahir”, “Letisha Lorri”, “Kelli Thomas”, and so on. If you don’t understand how trivially easy it is to bulk generate plausible WASPy names for spamming Google+, ask any programmer. If all else fails, spammers are quite willing to hack and steal account credentials of legitimate accounts in order to spam social networks.

If you haven’t had fake profiles with plausible looking female names try to friend you on Twitter and Facebook so they can invite you to visit their sexy web sites, you can’t have been using those services much. Spammers will even set up networks of web sites to try and push their spam through. Thinking up a plausible e-mail won’t hold them back for more than a few seconds.

There’s also the problem that spammers need to get you to follow them, for their ongoing spam to be effective on Google Plus. Conclusion: The anti-spam argument is bogus. The policy does nothing to stop spam.

“It’s to stop trolls.”

Trolls too have no problem inventing plausible names. If you play online video games, you’ll quickly discover plenty of trolls and griefers, even on services where you have to have a credit card number to get access.

In addition, some of the most famous/infamous trolls have used their real names — ROGER DAVID CARASSO, Richard Sexton, Jason Fortuny, John Dvorak, and so on. (I should note that these examples aren’t all full-time trolls, and some of them have retired from trolling at this point.) Those are just a few examples where I know the names are real; there are endless examples of trolls with names that would pass the Google Plus “smell test”, but which I don’t know are real — Adrian Chen, David Thorne, Joel Johnson of Gizmodo, and so on.

And again, the trolls need to get you to follow them and respond to them. Conclusion: The anti-troll argument is bogus, there are plenty of trolls with real or real-sounding names.

What really discourages trolls and spammers is giving users the tools to block them permanently, and recommend similar blocking to friends.

“It’s to stop people from being rude.”

Facebook has the same policy regarding real names. Have you seen any lack of rudeness on Facebook? Every now and again a page will fill up with bile and death threats, and there are entire web sites dedicated to cataloging everyday Facebook rudeness.

There’s also scientific research on online disinhibition that suggests that people flame more when they know each other’s identities.

“It’s not a problem for me personally.”

“TV censorship isn’t a problem for me, I don’t watch TV.”

“E coli contamination of meat isn’t a problem for me, I’m a vegetarian.”

“Sexism isn’t a problem for me, I’m male.”

“Anti-semitism isn’t a problem for me, I’m not Jewish.”

“The unemployment rate isn’t a problem for me, I have a job.”

See how none of these statements contribute anything positive to discussion of the appropriate topics, and would tend to offend those for whom the issue is a problem?

Conclusion: It’s a good idea to pause and think before ever saying “It’s not a problem for me” when discussing any contentious issue. Maybe there’s a case where it actually contributes useful information to say it, but off the top of my head I can’t think of one.

There are plenty of legitimate real-world situations where someone has a valid reason for wishing to use a pseudonym online, or wishing to use a name that doesn’t fit Google’s restrictions of “firstname and lastname in that order”. Here are a few:

  • Women who are suffering stalking or harrassment online.
  • People who are from foreign countries where names are handled differently, such as Korea. (And even if you have a western-style name on your driver’s license, that doesn’t mean you want that used as your name in a social context.)
  • People who live somewhere where your real name is whatever you say it is, like the UK.

So that’s tens of millions of people right there. So just because you have no valid reason or excuse to use a name other than the one on your driver’s license, doesn’t even begin to mean that nobody else does.

“Well, don’t use it then.”

Like the “It’s not a problem for me” argument, this one adds nothing to the discussion.

“Fox news is biased? Don’t watch it then.”

“Driving while texting is dangerous? Don’t do it then.”

“Cigarette smoke causes cancer? So don’t go places that allow smoking.”

The policies set by Google and Facebook determine many details of our social interactions on the Internet. If Google were to decide to block your personal web site, you would effectively be invisible on the Internet, and saying “Well, people should use a different search engine then” wouldn’t be any help to you.

In addition, the mere existence of personal choice does not mean we should refrain from criticism of corporations and their products.

“It’s so people can find you.”

If most of your friends call you by your nickname in real life, and almost all your Internet contacts know you by your nickname, then that’s going to be the name people will use to search for you in Google+. People aren’t going to search for Stefani Germanotta.

Yet there are plenty of examples where Google have suspended people’s profiles and tried to force them to use a name hardly anyone knows them by, because the name someone is most commonly known by is not necessarily at all similar to their legal name.

“Just use your real name and there’s no problem.”

First of all, there are hundreds of millions of people around the world whose names do not obey the rules “must be written as firstname lastname in plain ASCII”.

Secondly, there are many people who are harmed by being forced to use a “real name”.

Thirdly, the rules presented by Google are ambiguous if the name you are most commonly known by is not your legal name. It’s quite possible in many countries to have credit cards and other everyday identification with names other than the name by which you are known to the government.

Google +, circles, and privacy

With people moving to Google Plus, I’ve seen some confusion about friends, circles and access.

On Facebook, if someone lists you as a friend, you get a request asking you to confirm it. On Google Plus, someone can add you to one of their circles without your permission. This is not, however, a privacy issue. The reason is that the things you post on Google Plus only go to people in your circles by default, not to people who list you in their circles.

Some creepy guy you don’t like added you to his circles? Ignore it. Unless you add him to one of your circles, he won’t see anything extra about you by adding you to his circles, unless one of the following things happens:

  1. You explicitly choose the “Public” option when posting.
  2. You explicitly choose the “Extended circles” option when posting, and one of your friends has put Mr Creepy Guy in one of their circles.

Both options show up in a different color from the circles of friends you define:

Don’t pick either of those two green options, and Mr Creepy will never see anything you post unless you put him in one of your circles. The fact that he’s told g+ that he wants to see your updates does not mean that he will.

(As an aside, this is an interesting example of how using red and green colors in UI design is often problematic. Green means “go” and “no restrictions”, but it also means “safe”. In this case, the two meanings are at odds.)

OK, you say, but couldn’t Google give me a way to block him from adding me to his circles? Well, if he wasn’t allowed to add you to his circles, he could still stalk you just as effectively by going to your profile page and hitting refresh every hour or so. So preventing people from being able to add you to their circles would not actually give you any more real privacy or security; just the illusion of safety.

If you’re offended by his ability to even say that he wants to see your updates, well, I suggest that you get over it. He could communicate a lot worse on his web site.

Circles are an access control mechanism when you post to them, and an interest list when you read from them. That is, when you post to a circle the circle defines who sees the post; but when you put someone in a circle and read the circle, that’s a completely different operation, and doesn’t change any access to posts. I think that’s why people get confused. It might have been better if they were separate things, but the “people who I’m interested in” and “people I don’t mind seeing what I write” lists are probably very similar for most people.

Also, a couple of quick tips about circles:

  • If you click on a circle name in the left navigator, you get a page of updates just from people in that circle. If you then go to post an update, it defaults to going to just that circle.
  • If you start posting an update from the main “Stream” page (which shows updates from people in all your circles), by default you get whatever set of circles you selected last time you posted from the Stream page. You do not get “Public” by default.

Also, the fact that the set of circles a post will go to is always visible, is a big win over Facebook’s “lists of friends” functionality. It means it’s much harder to make something public by accident.

If you want to post to everyone you’ve trusted enough to put in a circle, you don’t need to have a circle for that. Instead, you can click the link for adding people or circles:

The drop-down menu has an entry “Your circles”, which automatically contains everyone in all your circles, but not Mr Creepy:

Once you select “Your circles”, it shows up as a special blue pseudo-circle:

You can also type people’s names into the “Add circles or people” box, rather than using the menu. Google Plus will autocomplete them from your list of people in your circles. If you explicitly add someone by name in this way, they get notified of the post by default, even if they’re also in one of the circles — just like if you used ‘@’ or ‘+’ and their name in the post itself.

Facebook privacy drama

On TechCrunch, Paul Carr pretty much nails the Facebook situation.

Yes, Facebook’s privacy “promise” has been steadily eroding. However, the problem isn’t that Facebook has given up on offering privacy. Rather, the problem is that Facebook initially sold people on the myth that they could fill the Internet with personal information and magically expect that it would stay personal. I don’t know whether that was a deliberate bait and switch, or simply naïvety on the part of its founder.

I use Facebook as a dumping ground for interesting links, and for random chatter with friends. I also re-post content there that’s posted publically on other sites: postings like this from my own web sites, photos from Flickr, videos from YouTube, and status updates from Twitter. I have my phone number and address on Facebook, because those are public information; I don’t go out of my way to show them to people I don’t know, but it wouldn’t be a disaster if Facebook did so.

That’s the way I’ve used the site from the start. It’s a handy aggregator of content and place to chat with friends. I’ve never seen it as a secure, trusted place to put sensitive information. Free web sites are never places to trust with confidential personal information. If you don’t own the web site, you don’t own the data and you don’t decide the policy. That’s a simple fact, and a principle so old that it has an ancient saying associated with it: He who pays the piper, calls the tune. Or in today’s terms, he who pays the bandwidth bills sets the terms of service.

I’ve seen people say that it’s time to abandon Facebook for some kind of alternative. What, exactly, would that look like? One person mentioned an old-fashioned unarchived mailing list, but everyone has so much storage these days, who bothers to delete mailing list traffic to prevent it being archived? Chances are, one or more people on the list will use Gmail, and all the content will be available to Google, indexed and ready for leakage.

I know I plug this book way too often, but everyone who lives a lot of their life online should read The Transparent Society by David Brin. Facebook may be the most visible agent of transparency this week, but what we’re really seeing is a fundamental shift driven by technological change in general, not by any specific organization. Participating fully in society is pushing people to be more and more transparent, whether they like it or not. Putting on a tinfoil hat and refusing to put any information on the Internet is no solution either–all it means is that the only picture of you that searchers will get is the picture everyone else projects–like your enemies, for example.

If you don’t like Facebook’s market dominance, that’s a fine reason to move your content elsewhere. I don’t particularly like that Facebook has such a horrible API and offers no useful Atom feeds; it’s basically a giant box you can put stuff in to but can’t get it out of. I’d move to an open alternative, and I wish Google had done a better job with theirs. In their ham-fisted way, Google were more honest with Buzz: they gave you no privacy to start with. The problem was, users weren’t ready for that, and Google shoved Buzz into a place where people expected privacy and had some reason to do so–their e-mail accounts.

So I don’t think privacy concerns are a good reason to ditch Facebook; rather, they’re an indication that you’re probably viewing free social web services inappropriately to start with. But if someone puts together an open alternative with a sensible UI, I’m ready to move. How about it, Google?