James Fallows

James Fallows is a national correspondent for The Atlantic and has written for the magazine since the late 1970s. He has reported extensively from outside the United States and once worked as President Carter's chief speechwriter. His latest book is China Airborne. More

James Fallows is based in Washington as a national correspondent for The Atlantic. He has worked for the magazine for nearly 30 years and in that time has also lived in Seattle, Berkeley, Austin, Tokyo, Kuala Lumpur, Shanghai, and Beijing. He was raised in Redlands, California, received his undergraduate degree in American history and literature from Harvard, and received a graduate degree in economics from Oxford as a Rhodes scholar. In addition to working for The Atlantic, he has spent two years as chief White House speechwriter for Jimmy Carter, two years as the editor of US News & World Report, and six months as a program designer at Microsoft. He is an instrument-rated private pilot. He is also now the chair in U.S. media at the U.S. Studies Centre at the University of Sydney, in Australia.

Fallows has been a finalist for the National Magazine Award five times and has won once; he has also won the American Book Award for nonfiction and a N.Y. Emmy award for the documentary series Doing Business in China. He was the founding chairman of the New America Foundation. His recent books Blind Into Baghdad (2006) and Postcards From Tomorrow Square (2009) are based on his writings for The Atlantic. His latest book is China Airborne. He is married to Deborah Fallows, author of the recent book Dreaming in Chinese. They have two married sons.

Fallows welcomes and frequently quotes from reader mail sent via the "Email" button below. Unless you specify otherwise, we consider any incoming mail available for possible quotation -- but not with the sender's real name unless you explicitly state that it may be used. If you are wondering why Fallows does not use a "Comments" field below his posts, please see previous explanations here and here.

James Fallows: Google

  • Hong Kong, Chrome: 2 Updates and Pentimenti

    Two Honk Kong protests rather than one. And, a workaround for a browser problem.

    1) Two weeks ago I shared a photo, via Beijing Cream, of contrasting front-page treatment in the South China Morning Post (which is not run by the Chinese government) and the China Daily (which is) on the 16th anniversary of Hong Kong's transfer to control by the People's Republic of China. The two papers revealed their different editorial approaches -- one featuring celebrations of the anniversary, the other showing protests -- but it turns out that they were reporting on different rallies, not the same one. Apologies for misunderstanding on my part.

    2) Last week I noted that the switch from version 27 of Google's Chrome browser, to release 28, had zeroed out Gmail's offline function on my computers, leaving me with absolutely no messages in the inbox rather than too many. For me this was a "reproducible" problem, related to the Chrome 27/28 difference. When I was using 28, Gmail Offline didn't work; if I "de-upgraded," back to 27, it worked again. Then if I re-installed version 28, the problem reappeared.

    I heard from the Gmail tech team, which suspected that the root of the problem was a corrupted local storage file. On their advice I did the mail-system counterpart of a cold reboot. I force-purged all cached mail messages from my systems; deleted all extant Chrome versions; did a new install of Chrome 28; and in other ways cleared the decks. Then I re-synched Gmail Offline for my accounts -- and now it works, even with Chrome 28.

    The Google team says: See, it was a problem with your cached files! I say, Yeah, but it was a problem that appeared only when I installed Chrome 28. We're both right, and in any case I am glad to have it solved. For safety's sake, if you use Gmail Offline, and are upgrading to Chrome 28, you can go through the purge-and-restore steps described here.

    These updates offered For The Record.

  • The Promise and Limits of Google's 'Data Liberation Front'

    A 'simple' business decision has complex and still-unfolding effects.

    I figure I might as well go all-in on this topic. Previous entries here and here. Today, two more reader dispatches concerning which parts of your data you can and can't retrieve if a cloud service you'd relied on is turned off -- as Google has recently done with Reader and many of its other services.

    1) Making backups of Gmail. I mentioned yesterday that, to Google's credit, "It has been a leader in making sure you could make your own copies, or extract, any of your info that was in its part of the cloud." A reader writes:

    There is a notable exception: Gmail. You can download all your mail via POP3 or IMAP but Google throttles the download speed:

    http://www.dataliberation.org/google/gmail

    http://support.google.com/a/bin/answer.py?hl=en&answer=1071518

    I decided to create a local backup of my mails at Gmail a few weeks ago and have managed to download around 100,000 mails so far, i.e., the throttling is probably more restrictive than Google mentions. In the best case according to the information provided by Google, it would still take me around a week to download all my mail from Gmail via IMAP. There is therefore no efficient way to migrate your Gmail account to another mail provider. And if you want to keep all your mails and all your labels, you get each mail at least twice ('all mails' or 'sent' plus label).

    I am still happy that the Google Data Liberation Front shows new signs of life after it had looked abandoned for years. At least for Gmail, however, it is not that useful. And I hope in any case that I do not have to migrate away from Gmail (or Google Apps for Business in my case)

    I have made piecemeal IMAP archives of my Gmail cloud archives over the years (via Thunderbird and also Apple Mail), rather than trying to do it at one go, so I had not noticed the restrictions the reader mentions. But they're worth bearing in mind. Of course, Gmail is so central a part of Google's offerings, and of its burgeoning for-pay business apps, that it is hard to imagine Gmail ever being turned off as a conscious business decision. Still, I feel better having my own backups, just in case.

    2. 'BOOOOOOOO!' for Downstream Effects. A reader in the tech biz writes:

    I think the move to paid services is ultimately probably wise for all of us info junkies, except that the inclusion of RSS functionality on any given site may be hampered by the lack of Google's huge availability. Why code for it, or more to the point, provide it at all if even the dismissing eyeballs that reader provided are no longer there?

    One other side effect that has been under-discussed but that tails off of the google data liberation front (what a stellar name, it should be a not-quite-ready-for-prime time Brooklyn band name):  the history of pages you've already read is stored in reader but I don't believe it exports with your feeds.

    I can, today, search in reader for a lifehacker article about a shelving system that I thought about building during a bout of DIYness. That resource will be gone to me. Or a homegrown revolution post about a wild-cherry growing system that is self-sustaining. Or a Sullivan post that I have been meaning to email him about for two plus years. Or a Fallows post on civil aviation and comparisons to ask the pilot posts from four years ago before salon ruined their RSS feed system and I stopped reading salon.

    Come to think of it, that's the biggest fear. When salon ruined their RSS feeds I went from 9 individual feeds i cleared daily to zero (RIP How the World Works, one of my favorite blogs of all time). Ditto for wonkette recently when they went to teaser RSS posts instead of full entries - I can't open posts calling John McCain "walnuts" and accusing him of senility at work! This angle is the Iran-news-access-by-proxy service google was providing through reader (not to compare my circumstances to those of the oppressed in Iran).

    As we say in App Dev, the downstream effects and the lack of even a frozen "legacy system" for historical purposes are severe and, worse, not clear.

    BOOOOOOOOOOO!

    I'm not going to bother with a paraphrasing of these posts for readers not involved in the computer world, since people most affected by these changes are likely to understand the arguments as presented above. I will say that what must have seemed to Google a simple, clear-cut business choice -- let's stop messing around with the "interesting" little diversions and concentrate on our mainstream products -- is having more complex "downstream effects" than most people might have foreseen.

  • Finale for Now on Google's Self-Inflicted Trust Problem

    Let's hope this is a rough patch rather than the beginning of a trend.

    google-im-feeling-lucky.jpgEarly yesterday I mentioned that while Google's new Keep application, a nascent all-purpose notetaker, looked very interesting, I wasn't going to waste time getting used to it. That is because of the company's now-established track record of killing off products that prove to have niche rather than sufficiently mass appeal.

    This could be a sane business strategy for Google -- network TV, for instance, is also in the mass rather than niche business. But since my own software tastes often lead in the early-adopter niche direction, I've decided I should stick with companies whose business model is aimed at users like me. When it comes to TV, this means that I watch a lot more things on cable than on the main networks (except sports). When it comes to note-taking software, it means sticking with Evernote, rather than risking that what Google did to Reader, Notebook, Desktop, Health, and other services I used and liked it would eventually do to Keep.

    I raise the point again because, since the time I wrote that item (and after I spent all day today in transit), I have seen a quite surprising critical mass of comments in a similar vein. For instance:

    • Ezra Klein in the Washington Post, on the dawning awareness that niche enthusiasts like him (and me) have tastes that really don't match Google's business model, as we're now coming to understand it. Eg, "Together, the Gmail experience, the death of Google Reader, and the closure of Picnik all have me questioning whether I want to keep investing time and energy in 'free' Google products or whether I need to start looking for paid services that are explicitly making money off the thing I am paying them to do."

    • Kevin Drum, in Mother Jones, on why the inability to rely on Google services is more disruptive than the familiar pre-cloud experience of having favorite programs get orphaned. My example is Lotus Agenda: it has officially been dead for nearly 20 years, but I can still use it (if I want, in a DOS session under the VMware Fusion Windows emulator on my Macs. Talk about layered legacy systems!). When a cloud program goes away, as Google Reader has done, it's gone. There is no way you can keep using your own "legacy" copy, as you could with previous orphaned software.

    • An Economist item that offers an even harsher judgment. Eg, "Translated into economese, Google has failed to consider the Lucas Critique: adoption behaviour for newly offered services will change in response to Google's observed penchant for cancelling beloved products.... If a particular Google experiment isn't cutting it in that category, then Google may feel justified in axing it.

      "But that makes it increasingly difficult for Google to have success with new services. Why commit to using and coming to rely on something new if it might be yanked away at some future date? This is especially problematic for 'social' apps that rely on network effects."

    • A note from Brian Glucroft, a veteran of UX (user experience) work at Microsoft and elsewhere:
      "I've been pondering about broader UX implications and whether Google has hurt its reputation as 'organizer of all the worlds information.' The latter is part of what I have found so appealing about Google. But, I think the shutdown of Google Reader changes it to 'organizer of all the world's information, if it can be sufficiently profitable".

      "Of course Google is a business, but I think people expected it to 'error' in terms of being the best organizer even if it might make a tiny cut in profits. If nothing else, that rep of being the ultimate organizer has a value. And it's been hurt.

      "I feel bad for the folks on the Google Keep team. That's life and all, but geez, I'd be banging my head against the wall."

    • A statistical analysis from the Guardian, estimating (half-seriously) that based on past performance we can expect Google Keep to survive until 2017.

    I am about as pro-Google a person as you're going to find in the media. I've had friends at all levels of the company since its founding, and still do now. I've admired what Google has done in China; I live my info-life within the Gmail / Google Drive universe; and I am predisposed to take Google's side in most controversies, whether against Microsoft or the French. Including when it comes to its influence on the battered journalistic business model it has helped to overturn! But even I think it has done something brand-damaging.

    Now, two notes on the positive side -- each of which is a reminder of what we have liked about Google.

    1) Google has often orphaned services, but it has never "disappeared" data. (I am using "to disappear" in the transitive-verb sense familiar from Latin American politics.) It has been a leader in making sure you could make your own copies, or extract, any of your info that was in its part of the cloud. A reader writes:

    One bit of the risk analysis of using Keep or any other new Google product is their commitment to letting you get back your data. As you know, the Google Data Liberation Front is dedicated to helping people get their data out of Google in a standard format. Over time, it's been clear that this is an initiative Google takes seriously.

    So while it's a bummer that Reader is closing down, I can export my list of feeds in a standard format and use any of a hundred other RSS products. The same is true of all the other Google products I use.

    Like you, I'm cautiously evaluating Keep. Whether I continue using it will depend on what the Drive integration looks like, specifically how easily I can export my Keep notes. [JF note: Also, whether there would be an iOS version, so I could sync it to my iPad. A plus of Evernote is that you can use it on just about any device or system.]

    This is a key component of trusting cloud services, Google gets it at a ever deep level, and it's worth a mention.

    2) I have relentlessly beat the drum for Google's "two-step" authentication systems for Gmail and other services, which radically reduce the likelihood that your account can be hacked from afar. Apple is only now playing catch-up with this feature.

    To wrap this up: I am intrigued by Keep but unfortunately am not going to risk trying it. I admire and rely on Google and hope this recent stretch ultimately proves to have been a chastening rough patch rather than what we look back on as the beginning of a trend.

  • A Problem Google Has Created for Itself

    The idea looks promising, but how do we know that Google won't just get bored?

    Over the eons I've been a fan of, and sucker for, each latest automated system to "simplify" and "bring order to" my life. Very early on this led me to the beautiful-and-doomed Lotus Agenda for my DOS computers, and Actioneer for the early Palm. For the last few years Evernote has been my favorite, and I really like it. Still I always have the roving eye.

    Thumbnail image for KeepLogo.jpeg
    So naturally I have already downloaded the Android version of Google's new app for collecting notes, photos, and info, called Google Keep, with logo at right. This early version has nothing like Evernote's power or polish, but you can see where Google is headed.

    Here's the problem: Google now has a clear enough track record of trying out, and then canceling, "interesting" new software that I have no idea how long Keep will be around. When Google launched its Google Health service five years ago, it had an allure like Keep's: here was the one place you could store your prescription info, test results, immunization records, and so on and know that you could get at them as time went on. That's how I used it -- until Google cancelled this "experiment" last year. Same with Google Reader, and all the other products in the Google Graveyard that Slate produced last week.GoogleGraveyard.png
    After Reader's demise, many people noted the danger of ever relying on a company's free offerings. When a company is charging money for a product -- as Evernote does for all above its most basic service, and same for Dropbox and SugarSync -- you understand its incentive for sticking with that product. The company itself might fail, but as long as it's in business it's unlikely just to get bored and walk away, as Google has from so many experiments. These include one called Google Notebook, which had some similarities to Keep, and which I also liked, and which Google abandoned recently. 

    So: I trust Google for search, the core of how it stays in business. Similarly for Maps and Earth, which have tremendous public-good side effects but also are integral to Google's business. Plus Gmail and Drive, which keep you in the Google ecosystem. But do I trust Google with Keep? No. The idea looks promising, and you can see how it could end up as an integral part of the Google Drive strategy. But you could also imagine that two or three years from now this will be one more "interesting" experiment Google has gotten tired of. 

    Until I know a reason that it's in Google's long-term interest to keep Keep going, I'm not going to invest time in it or lodge info there. The info could of course be extracted or ported somewhere else -- Google has been very good about helping people rescue data from products it has killed -- but why bother getting used to a system that might go away? And I don't understand how Google can get anyone to rely on its experimental products unless it has a convincing answer for the "how do we know you won't kill this?" question.

    More discussion: Wired, TechCrunch, the Verge. Routine disclosure: many of my friends work at Google, as does one of my sons.
  • Todays 'Google, How Could You?' Round-Up

    'Everything is amazing but no one is happy' -- at least I'm not happy today.

    Routine personal disclosure: many of my friends work at Google, as does one of my sons.


    Routine general disclosure: the world has been transformed, overwhelmingly for the better, by the tools Google offers -- most of them for free.*

    With that out of the way: Google, how could you?

    Feedly1.jpg1) The end of Google Reader. You can read all about it here at Wired, and at Bloomberg BW. In one sense this is "inevitable" and "understandable." Use of Reader -- essentially a very convenient way to amass, scan, screen, search, store, etc material coming in from RSS feeds -- has been stagnant or falling. And by all reports there is a very convenient alternative: Feedly, with switchover instructions here and logo at right. I haven't made the change but plan to. More alternatives listed here.

    So in practical terms this is only minimally disruptive. The larger point is that, for better and worse, it's part of the longer-term, triage-minded "more wood behind fewer arrows" strategy under co-founder and current CEO Larry Page. Back in days of yore, Google was sponsoring almost anything that would entice users to spend more time inside the larger Google ecosystem. It maintained the Google Labs site, itself also now defunct, as an overview of experimental new offerings. Here's a list of projects and features that have gone the same way Google Reader is now headed.

    The demise of Google Reader, if logical, is a reminder of how far we've come from the cuddly old "I'm Feeling Lucky" Google days, in which there was a foreseeably-astonishing delight in the way Google's evolving design tricks anticipated what users would like. I still feel that way, in particular, about Google's mapping, navigation, and foreign-language tools, and of course its mainstay search function. But as the company pares back its previous offerings, it is inevitably in the role of saying more and more often: You loved this feature? Tough! As Jim Aley puts it in BBW, about what the end of Reader means:
    Serious RSS users aren't into it for the luscious jpegged beauty. RSS feeds, taken straight, are a wall of text. That's useful when you want to let news wash over you, to scan screenfuls of headlines without waiting for extraneous pictures to load. When I want to absorb a lot of information fast--which is to say, always--I don't have time for Flipboard. I want exactly what Google will be taking away from me this summer.

    GmailOffline.png2) The 'new look' of Offline Gmail. You've probably said to yourself: "You know, I'm sitting here at my laptop computer -- or at my desktop, with its great big screen. But what I'd really like is a way to shrink the usable space of Gmail to what's available when I'm using a mobile phone with a three-inch screen. Why have more, when I can have less?"

    If that's the way you think, the designers at Gmail have great news for you. They've found a way to dumb down "refresh" the UI for Offline Gmail (which lets you work with Gmail when not connected, for instance when on an airplane) so that what you see on a "real" computer looks more like your mobile phone. Courtesy of Google's official announcement of the refreshed look of Gmail, at right, is the mobile device- version.

    What does this mean when you apply it to a normal-scale screen? Here is a full-screen shot of my offline Gmail account just now. The point is not any of the specific messages, which are bulk mail and should be blurry in any case. The main point is the overall look and how much less useful information it gives you to work with. Again, these are all the messages I see on a 13" MacBook Air screen. I can work in a few more messages if I hit Cmd-minus often enough to shrink the font, but still a small fraction of what used to be there.

    Thumbnail image for ChromeOffline.png

    The new look is "brighter," airier, more colorful, and so on. It gives me a great big colorful initial letter for whoever is the addressee or sender of a message I'm reading -- for instance, the big green 'A' above. Goody! I feel like I'm back in elementary school, using my Crayolas on big wide-lined composition paper.

    On the positive side, I understand that the "refreshed" look offers more keyboard shortcuts. But as in the Reader case, what I want -- more usable info -- is exactly what the redesign has just taken away.


    3) An actual Offline Gmail bug. The Offline settings allow you to choose how much mail you'd like to have synched to your local computer, so you can work on it or refer to it while offline. The maximum available is mail from the past month, and here is how the settings box looks after you make that choice:

    GmailMonth.png

    Here's the bug: that time selection is for some reason not "sticky." Sooner or later, it inevitably re-sets itself to the minimum setting, which is mail from the past week only. Time and again I've had the experience of setting the choice to "past month"; getting on a plane or train a few days later; opening up Offline Gmail; and seeing the screen below, showing the the program in fact only has mail from the past week:

    GmailWeek.png

    Sometimes it takes a few days for the setting to auto-fail from "past month" to "past week." Sometimes, a week or more. But in my experience, sooner or later the change always occurs, and it never self-changes in the opposite way. In response, my "pre-trip checklist" now includes going into Offline Gmail the day before any long journey, changing the setting from "past week" to "past month," and letting the program re-sync to collect as much info as it can.

    OK, Offline Gmail people: with your great new UI "refresh" out of the way, maybe you have more time to deal with program fundamentals. Could you fix this bug please?

    Thus endeth my "everything is amazing and no one is happy" rant for the day.
    _

    * Of course I am aware of the cliche about any free service: If you're not paying, you're the product. Still, when I think of the panoply of Google products I use every day, I personally feel that I've come out far on the positive side on the bargain.
  • Interesting Software: Search Visualizer

    A new way to see what your search engine is finding.

    I won't try to explain this but will just suggest that you give it a try. It's Search Visualizer, a web-based system that processes search results from Google and other search engines and displays them in visual form. Here's an idea of how the results look, based on a sample search for data about the 787 Dreamliner's battery problems. 


    SearchVisualizer.jpg

    I've tried a variety of "search front-ends" over the years and so far have always ended up going back to plain old Google. I don't know whether Search Visualizer would meet the long-term usefulness test, but its approach is interesting. The company lays out scenarios in which it thinks such visualization would pay off.  Over to you to see whether in your search circumstances it makes sense.
  • Today's Heartbreak-of-Hacked-Email Saga

    This happens thousands of times a day. Don't let it happen to you!

    I regret to say that every day I get a message or two like the one below. "Regret" because of the churn and hassle the people who write are going through; regret because I generally intend to do something with or about the accounts - write a post, figure out better answers -- but generally something else comes up.

    So let me just put up the latest email-distress account more or less the way it just came in. For those joining us late, three points of background:

    • For how and why I got an immersion in the world of hacking and passwords, see this report of the time a West African attacker took over my wife's Gmail account and zeroed out six years' worth of correspondence.
    • For the importance of Gmail's "two-step authentication" system, which the reader refers to, see this and this - but mainly turn it on now. If you feel brave, you can wait until after you read the message below.
    • For background on one question the reader asks, about whether he needs to change an entire suite of "reallllly long passwords," consider these truths of password-ology: The longer a password (and most systems now take very long ones), the harder it will be for an attacker to crack through a "brute force" attack. After all, each additional character in a password can increase the number of possible combinations nearly a hundred-fold, if you allow for upper and lower case letters, numbers, special symbols, etc. On the other hand, really long passwords can be easy for you to remember, if they're based on some mnemonic - an entire verse of a song, a list of streets in your hometown, anything.

      The reader says that he has applied these principles by making his passwords loooonnngg, based on a familiar-to-him phrases, and then adding minor variations according to a principle. To give a very simple example, an Apple password could be something like:

         TheRainInSpainFallsMainlyOnThe!Apple&Plain         then, for Amazon
         TheRainInSpainFallsMainlyOnThe!Amazon&Plain      and so on

    This wouldn't be a good combo because anyone who guessed the first four or five words would have a key to the rest. Still you get the idea.

     He is wondering if his whole approach is now at risk.

    All this is offered as a public service, in hopes that if you haven't applied proper password hygiene, you'll start doing it now. And, yes, I am aware that in the long run some solution other than passwords is needed - biometrics and all of that. But the long run is not yet at hand. Over to the reader:

    I just had the misfortune of having my briefcase stolen, containing work laptop, original iPad, personal and work papers. The experience is almost bewildering - I feel like I should be more angry, but I am mostly sad and twisting in the wind.  Oh, and working my fingers to the bone changing websites.

    I can say without hesitation that figuring out what passwords, verifications, and permissions to find, revoke, or delete is already the most troublesome part of this process thus far.  I already have 2-factor authentication on both my primary and secondary email addresses through Gmail.  I installed a 3rd party anti-theft app on my Apple and Android devices, although I will admit that their FAQ/forum is not being particularly helpful now that my iPad is, um, stolen.

    Thoughts:

    1) It's true, this is a major pain in the ass. Wouldn't wish on any except my worst enemies.

    2) If I didn't have 2-factor and Google's ability to revoke access to subsidiary apps on a device-by-device basis, not to mention the ability to log those other devices out, I'd be really, really unhappy.  [JF note: Yes. Gmail's 2-step system can seem cumbersome in some aspects, but it offers very quick, convenient, and all-in-one-place ways of revoking or de-authorizing passwords for specific devices passwords after an episode like this.] I also feel much better about it all having several services (likely candidates like AppleID) tied to a second, 2-factor email address with text authentication rather than my primary email's app authenticator.  

    3) I want a device that tracks all of the things that you've ever logged into - I am recreating it by looking at the iTunes App Store purchased section, and that's only helpful for the immediate big ones.

    4) My AppleID Password is reaaaallly long (25+ characters).  I still have to change it right?  Second but related question for your experts out there:  IF you use a mnemonic to create a unique password for multiple services, and the mnemonic is, say, reaaaaallly long, but the unique elements are short and the rest repetitive, in other words, easier to crack, is that a safe approach?  We are assuming here that I am A) Not a famous person of interest worthy of the processor cycles, and B) not typing AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAb1, b2, b3 etc.

    5) If someone from Prey [anti-theft app] is on your email list, will you ask them how I can enable push notifications after the fact, or whether I am doomed to waiting until this Black Monday thief takes my Apple stuff somewhere so I can get an IP, GPS triangulation, and so on to send to the police?

    6) Do you have any advice beyond the stuff I've mentioned?  Should I set a Credit Report Alert on general principle?

    7) On the exceedingly unlikely (but unfortunate!) chance that the thief is a reader here, would you please heavily redact this prior to publication [JF: done, also some details changed], although I would be happy to continue the conversation so future victims can benefit.

    p.s. Any requests for Bus money because I am stranded in England should henceforth be disregarded, although please do call and let me know.
  • 3 Quick Pre-Debate Points

    How to protect your email, choose your airline, and avoid your unnecessary war.

    With nothing to do with the debates. That's for tomorrow.

    1) Hacking. Many people who have done business in China have seen warnings like the one below, which I first encountered a few months ago and which started showing up in my Gmail inbox again today:

    GoogleWarn2.png


    Google explains that the warning is based on parsing the links in phishing-style messages sent to your account, and matching them with what it knows about state-sponsored attacks, which in practice mostly come from China or the Middle East. The accompanying advice says (obviously) not to click on links from unknown sources, and to be sure to turn on Gmail's two-step sign-in system. Yes, two-step is slightly a pain. But if you don't do use it, and then get hacked, you get no sympathy from me. My point for the moment is that I give Google credit for taking this step, which it didn't have to do.*

    2) Airlines. What I have learned from response to last night's brief item is that 100 times as many people will write in to complain about United Airlines as will write to defend it. Actually, that's not quite accurate. I've received well over 100 messages with "you don't know the half of it" complaints about United, and so far zero saying "Hey, they're not so bad." But many people wrote to protest my statement that "People mainly hate the airline they spend most time traveling on." Nearly all in this group mentioned Southwest as the counter-example. Most of the rest mentioned Virgin. More on this and other pending topics soon.

    3) Pandering. Bad move by Obama, good move by Romney dept. I hope eventually to say more about why I think it was stupid and self-defeating for the Obama administration to block the acquisition, by a Chinese company, of a wind-farm operation in Oregon, on fairly bogus national-security grounds. For now, see Edward Alden's analysis for the CFR. Meanwhile, good for Mitt Romney for making the point that a military strike on Iran is "probably" unnecessary. I have decided to take this as a sign of his determination that if he is going down, it might as well be with dignity. OK, I may be over-reading things, but that is what I hope is the reasoning.

    If you want a reminder of why the preemptive-strike option for Iran, apart from "probably" being unnecessary, would "almost certainly" be ruinous and self-defeating, please be sure to read this report from the Wilson Center on "Weighing Benefits and Costs of Military Action on Against Iran." Here's is an extra gloss by veteran diplomat and one-time Atlantic author William Polk. I add further discussion of Iran policy to my "more, soon" aspirational list.

    And, OK, bonus point #4: I agree entirely with Peter Osnos that the PBS News Hour deserves more respect and street-cred than it usually gets. For example:
    The show provides news for serious viewers, and if you happen to be one, no other daily program will give you a more extensive offering, refusing -- at some risk -- to heighten the glitz quotient that has been so corrosive elsewhere in today's media. The greatest danger for this time-honored newscast is its being taken for granted while the spotlight shines elsewhere on less worthy but more popular programs.
    Tomorrow, catching up on other topics, plus the debates.
    ___

    * Routine disclosure: many of my friends, plus one immediate family member, work at Google. Extra disclosure: Boy, has the Chinese government tightened up yet again on visa rules. Am planning another visit this month. But ...
  • News That Makes Gmail 'Two-Step' Easier to Use

    Google takes a step to make its security feature somewhat less cumbersome.

    I really wasn't going to say anything more about this topic, really, but reader A.O. just pointed a new (to me) wrinkle in Google's "two-step verification" system that seems too significant not to pass on.

    BEFORE: When you logged into Gmail from one of your "normal" computers -- laptops, desktop -- you could click a box saying "don't ask me for my authorization code from this computer for the next 30 days."

    AFTER: It now appears that Gmail lets you designate certain computers as "trusted," on a permanent basis. Once you do so, it won't ask you for confirmation codes on that computer ever again, until something changes.

    This is consistent with some other security systems. For instance, Vanguard lets me log into my account with a simple username/password combo -- unless it detects that I'm using an unfamiliar computer, or from an unrecognized ISP, in which case it asks for other confirmations. It is also consistent with Gmail's current handling of the dreaded "application specific passwords" -- the codes that allow you to authorize your iPad or smartphone indefinitely, with no 30-day limit. I've sent a query to Google asking for more info about the change and will report back. At face value, it makes the two-step system easier to use. And as A.O. says:

    The every 30 days requirement was kind of silly, anyway, since if my computer was stolen one of the first things I'd do would be to log in to Google and shut down access to Gmail, but as long as I have my computer it's unlikely to physically used in an attack.

    Just in case you missed it, this is the news: On your normal computers, using two-step now means that you have to enter the smartphone code ONE TIME ONLY -- but from that point on you will also be protected against remote hacking attacks.

    In the "fair and balanced" spirit, here is a dissenting message I just received:

    just a quick note to let you know that after a few hours of my personal efforts and two trips to the Apple genius bar the two step verification attempt has rendered my apple mail program on my laptop completely inoperable, though it worked well for the iphone and iPad.

    I think this explains why so few people adopt optional security measures - they quite rightly know that it will definitely turn into a many hour disaster, as opposed the abstract possibility of being a hacking victim....

    I don't even know what to do now. Just an unbelievable mess. Seriously, learning how to dance would be easier.

    I don't know what the problem is, obviously I'm sorry for it, and I do know that I have done two-step installations in exactly these circumstances (hardware and software) many times with no problems whatsoever. But for the record, that's another view

  • Gmail's 2-Step Verification: Some FAQs

    Is this hard? Yes. Too hard? Up to you...

    Since beating the drum two days ago on the importance of protecting your Gmail account with Google's free "2-step verification" system, I've received a torrent of messages with "how do I do this?" or "what about that?" or "can this be worth the hassle?" themes.

    As for whether it's worth the hassle -- well, decide for yourself. But decide after you've looked again at Mat Honan's account of the hassle when his entire online life was zeroed-out in a matter of minutes, or at my story of what our household went through when the same thing happened to my wife last year.

    As for the "how" questions, I started answering a few piecemeal before deciding that was crazy. I'll answer some of the main FAQs here and then point you to the most useful online guides. Let's get started:

    Q. Does the process really need to be this complicated?
    A. No. Google has simplified a lot -- think of its search page, its surprisingly effective voice search, Google Earth, etc. It needs to apply a little UI brainwork to making 2-step verification less forbidding than it seems now. See this unforgiving analysis in PandoDaily.

    Q. Do I need to be a tech whiz to put it in place?
    A. Not really. But if the instructions below seem off-putting, get help from a friend. It should only take ten or fifteen minutes to get your entire set-up configured -- all laptops, all desktops, your smartphones and iPads and mail programs -- if you get the hang of it.

    Q. What's the point of the whole "2-step approach"?
    A. The main point is, 2-step makes it very, very hard for anyone to take over your email account  remotely -- from China, let's say, or West Africa or Russia or even across the street.

    Without the 2-step system, hackers could get into your account if they figured out your password (as happened to my wife). With 2-step, they would need the password -- and also physical control of your smart phone, your purse or wallet, or your actual computer. With the smart phone, they could get the authorization code needed for your account. With your purse or wallet, they could get one of the backup authorization numbers that you can print out and carry around. With your computer, they could get into your account if you'd arranged the settings to require an extra code only once per 30 days.

    Here's why this matters. In most cases you would have no way of knowing whether someone in China / West Africa / Russia / Las Vegas had cracked your password and was ransacking your account. My wife had the eerie sensation of finding her Gmail account very sluggish but not knowing why: in fact, the hacker was going through her account at just that moment. But if someone had taken your phone, your wallet, or your computer, you'd probably know. And you might be able to do something to change the password or protect yourself before much damage happened.

    Q. Do I have to own a smartphone at all, or even a cell phone, to use this system?
    A. No. You can get authorization codes -- which for your own computer you'd need only once per 30 days -- via any normal phone line. If, Unabomber-like, you have no phone at all, you can print out a list of codes to carry around and use.

    Q. What if I forget to carry my phone with me. Am I screwed?
    A. No. You can, again, print out a list of good-for-one-use codes and carry them in your wallet or purse. If you're ever in a situation where (a) you need to use someone else's computer, or a "public" computer, to get into your Gmail, and (b) you have forgotten to bring your phone with you, you can (c) just use one of these codes. You can generate new ones if you run out.

    Q. What if my phone has no coverage. Am I screwed?
    A. No. Smart phones generate their codes on a clock-based system, whether or not they're connected to any network. If somehow you had WiFi coverage on an airplane, but were not connected to a cell network, the code-generator would still work. Plus, remember those codes in your wallet.

    Q. What if I am out of the country or change my mobile network. Am I screwed?
    A. No. Again, your phone has a clock-based system for generating codes, wherever it is.

    Q. What is this whole confusing "application-specific password" nonsense?
    A. This actually is confusing, and I'll try to explain it as clearly as I can.

    There are some situations in which the hardware's or software's setup means that you can't enter both your normal Gmail password and the special 2-step code. For instance: email on most smartphones, or on an iPad. Or for programs like Thunderbird or Sparrow.

    For these situations, you generate a special kind of password, on a page Google provides for this purpose. It's 16 characters long; it looks like nonsense; and it is something like kxgi jikg avfi dwqi.

    You copy down this password, and then you enter it -- once -- in place of your normal Gmail password for your smartphone, iPad, etc. From that point on, Gmail recognizes this as a special kind of password, signifying that you're in the 2-step system. If you lost your phone or iPad, someone could get into your email. But, again, you would know that you'd lost that device. And you could go to the Gmail setting page and de-authorize the password you had approved before. Result: as long as you had your iPad or smart phone, you could get into your mail with no hassle. But if they were stolen, you keep keep others from prowling around.

    Q. Are you done?
    A. Pretty much. The point is that this is more complicated than, say, using AOL -- and more complicated than it really should be. But once you've tried it you see that fundamentally it's not that difficult a process.

    Q. Whom else should I believe?
    A. Unfortunately, not Google. Rather, you can believe them, but you can't really turn to them for crystal-clarity in explanation. The resources I'd suggest begin with Jeff Atwood's Coding Horror site, which has an illustrated step-by-step explanation and which includes this nice riff, with emphasis in original:

    "OMG, entering these email codes on every device I access email would be a lot of work! That sounds like a hassle!" Shut up. I know things. You will listen to me. Do it anyway.

    Also please see this description by Matt Cutts. And, when you're on the verge of grumbling that Google's process is too complex, consider this pertinent question from a reader  (who notes that the horrific hacking episode recounted in Wired revealed gross security vulnerabilities at Amazon and Apple):

    A question that came up for me:  where is Apple's two-step verification?  So much of their iTunes, iCloud interconnection is through Apple devices, so isn't there an Apple branded verification tool for the iPhone and iPad?

    Good question. Complex as the 2-step Gmail system is, Google deserves credit for devising a way to let users protect themselves. Apple, what about you?

  • Turn On Gmail's '2-Step Verification.' Now.

    Don't want to have your on-line life zeroed out? Here is the biggest bang-for-the-buck security step you can take.

    Yesterday's Wired account, by Mat Honan, of an "epic hacking" attack is fascinating, frightening, and instructive. You should read it. Here are some other things you should do, in ascending order of urgency:

    • You should read the story of what happened to my wife when six years' worth of email -- and associated photos, research notes, book drafts, calendar info, contacts, attached-file data, memorabilia, etc -- were all zeroed out by a hacker, who was using the "Mugged in Madrid" scam and was probably operating from West Africa.

    • You should look into the wide variety of ways to make local, non-cloud copies of your important online information. I won't get into all the details now, but for instance: you can use Thunderbird, Eudora, Outlook, Sparrow, or some other system for periodic backups of your email and associated online files. (And then of course have some other way to back up what's on your local hard drive.)

    • You should make sure that each of your important online accounts -- bank, credit card, email, anything that could cause you grief if someone else got control of it -- has (a) its own password, which (b) you have never used anywhere else. I rely on some mnemonic tricks, plus LastPass, to make this feasible  -- more on that another time.

    • And if you use Gmail, please, before you get up from this session at the computer, turn on the "2-step verification" that Google has offered, free, since early last year. OK, you are allowed to get up if you don't have your cell phone/smartphone at hand, because you'll need that for the 2-step setup. You can read official instructions here and will find lots of associated advice around the Internet. Here is one installment I offered after my wife's hacking episode last year.

    In case there's any doubt about the priority order I am suggesting, my advice is:

        - FIRST, if you use Gmail, set up the 2-step system; then
        - Fix any "recycled" password you're using for accounts you care about protecting; then
        - Think about the offline backups etc.

    And if you need any extra motivation, read just the first two paragraphs of the Wired piece:

    In the space of one hour, my entire digital life was destroyed. First my Google account was taken over, then deleted. Next my Twitter account was compromised, and used as a platform to broadcast racist and homophobic messages. And worst of all, my AppleID account was broken into, and my hackers used it to remotely erase all of the data on my iPhone, iPad, and MacBook.

    In many ways, this was all my fault. My accounts were daisy-chained together. Getting into Amazon let my hackers get into my Apple ID account, which helped them get into Gmail, which gave them access to Twitter. Had I used two-factor authentication for my Google account, it's possible that none of this would have happened... 

    Using the 2-step system is slightly less convenient than doing without it. For instance, every 30 days you will need to enter a special code into your desktop or laptop computers. And you'll have the one-time chore of generating "application specific passwords" for your iPad, your smart phone, and some mail-handling programs. Similarly, it is less convenient to carry keys around and have to lock and unlock your front door, compared with just leaving it open. But believe me, the "inconvenience" resulting from leaving the door open can be worse, in the digital as in the physical realm.
    ___
    UPDATE: Here is some nice extra info on 2-step from Matt Cutts.

  • Your Weekend 'Interesting Software' Update

    Bargains on programs that could, just possibly, help you think and write.

    1) If you are a Mac user, be sure to check out the remaining days of the "Writers' Festival 2012" special on the idea-organizer Tinderbox and several other programs. Tinderbox is very complex software with a learning curve even more formidable than that of my still-beloved Windows idea-organizer Zoot. But, as with Zoot, I have come to appreciate and rely on it more as I have spent more and more time with it -- several years with Tinderbox, now nearly two decades with Zoot. The creator of Tinderbox, Mark Bernstein, appeared in this space last year as a guest blogger. (I plugged the "Festival" once before, here.)

    1A) An interesting thing about the "interesting-software" realm for the Mac, where I've done most of my work for 4+ years after fleeing the nightmare known as Windows Vista, is that the comparatively smaller number of high-end programs (relative to the Windows universe) means that people spend more time thinking about how the programs might work together. The usual-suspect lineup here includes the unbelievably wonderful writing program Scrivener; the powerful data-storing and -searching program DevonThink Pro; Tinderbox; the Omni, CircusPonies, and Aqua Minds families; cross-platform programs like The Brain and Mind Manager; and some others.

    I note this as an intro to mentioning a useful step one-two-three demo on how to make Tinderbox and Scrivener essentially work as one unified program. It is by a British Tinderbox tech whiz named Mark Anderson. He has also explained, in a link I'll provide another time, how to get info out of MindManager and into Tinderbox.

    2) Scrivener is out in a new version, release 2.3. The program is only $45, and it offers a 30-day free trial. Since switching to it four years ago I've consistently viewed it as the very best program for writing, ever.

    Scrivener is not concerned with "tactical" issues -- formatting, fonts, spell check, and all of that. Indeed, once you've finished the "real" writing in Scrivener you export the results to Word, Google Docs, or some other program for the last-minute tidying up. Instead Scrivener excels in helping you organize and plan what you're writing. You won't hurt my feelings if you try it and don't like it. But for me it has been wonderful -- and you'll see that I'm not the only one. (My two latest books, and several dozen most recent articles, were all produced via Scrivener.) A Windows version is now available, but I haven't tried it myself. Keith Blount, creator of Scrivener, also did a stint here as a guest blogger. For the record: I tried to get Tom Davis, the creator of Zoot, signed up for guest-blogger duty in the same stretch as Bernstein and Blount, but he was too busy cranking out a new release of his program.

    3)  I have heard from a number of people about the virtues of an email anti-spam program called SpamSieve. (For instance, Michael Ham has written about it here.) I haven't used it, since it doesn't work with (a) the web version of Gmail, which has its own very powerful anti-spam routines, (b) the latest release of Thunderbird, which I use to create offline email archives and whenever I get too annoyed by new-look Gmail. But if it fits your needs, for instance with Apple's email programs, SpamSieve could be worth checking out.

    4) Speaking of Thunderbird, the chair of the Mozilla Foundation, Mitchell Baker, has announced that Mozilla will no longer develop new features for Thunderbird. Or, as she put it, "continued innovation in Thunderbird is not a priority for Mozilla's product efforts." Sigh. Sic transit gloria Thunderbirdi. But the latest release, version 13+ on the Mac, seems a lot sprightlier than earlier versions. And after the jump, a nerdish tip* some readers have sent for keeping it from hogging all CPU cycles on a laptop.

    Enjoy. And now back to Federer-Murray. [Update: announcer just now in Australia, where I am, says of Murray, "If he wins, he'll be a Briton. If he loses, he's a Scot." Like everyone, I love Federer's elegance. But this brings out the Scottish patriot/chauvinist in me. I'd like 'em both to win.]

    More »

  • Okay, I Said I Wouldn't Complain About 'New Look' Gmail Any More

    Learn to live with the New Look? Not me!

    But that was then. Also, it's a free country, and I can hardly be expected to keep others from expressing their views.

    So I have changed my mind and feel like complaining one more time. I'll start off by explaining why.

    NewGmail.png

    Until yesterday afternoon at 4:30 EDT, the enforced change to "new look" Gmail was for me not a final, final thing. On both of my laptops, all of the tabs in all of the browsers had gone over to the new side. But on my desktop, one lonely Gmail tab in Chrome had been opened on April 21, in the innocent era just one day before the enforced changeover. I decided I would keep that tab and its Gmail session going as long as I could.

    NewLookGoogleMail.jpgI did all my email work in that one "legacy" tab, marveling at how much I preferred it to the new-look Gmail that was the only option in any newly opened tab. I carefully "slept" the machine at night rather than shutting it down. I cancelled any software update that required a system reboot. I worried about what would happen if I unthinkingly closed the tab. It was my living connection to happier days.

    It had to end some time. Power outage? Overall system freeze? Act of God? It ended yesterday afternoon. I was in the middle of composing a message -- as it happened, to a friend who works at Google -- and that tab froze. That's a deliberately low-rez shot of it, on the right, taken during what turned out to be a perpetual "still working" error message. I gave it overnight to stew, and then this morning I gave up altogether. I closed the tab, opened up a new one, and re-loaded Gmail. The new look is here, and the old one is finally gone.

    Stipulating again that this doesn't "really" matter, I'll say that the new look of Google makes me sad. At least for me it's worse -- less efficient -- to use. For seven-plus years I'd built much of my online life around Gmail. I'll vary it now with something else --Thunderbird? Sparrow? Who knows. They won't show me Google ads with my email any more, but that's not my problem.
     
    Enough about me! I pass the microphone to others.

    1) The big picture. Ever wish you knew the thinking behind New Coke Look Gmail? Your dream has come true. Here's a presentation last year from a leader of the design team. He gets into new-look Gmail starting about ten minutes into the presentation. He admits that when it was tried out internally at Google, the initial response was strongly negative. "My eyes! They burn!" etc. But he says that eventually people came to accept it. Good to know.

    UX Week 2011 | Jon Wiley | Whoa, Google Has Designers! from Adaptive Path on Vimeo.

    See if this presentation makes you feel better about the careful deliberation and attention to usability that went into this UI change. Spoiler alert: it had the opposite effect on me.

    2) How to cope. Thanks to many people who have sent me a link to this Jason Crawford article on offsetting the most anti-ergonomic parts of the new look. I find this part of the item's comment stream expressive of my own reaction.

    I've been using the new design for the last several hours. I happen to have a window open with the old design, so I know it's not merely my imagination that the new one is worse. Not enormously so, but definitely worse.‬

    [Already-] Read mails are more legible in the old version, because there is more contrast between black letters and the old light blue background than between black and the new gray.‬

    It's also harder to parse the list of emails visually in the new design. In the old one, the 3D checkbox acted like a bullet point, and the name of the sender was closer to it. Now the heavy checkbox has been replaced by a faint square, and the sender's name is about 2x further away from it. So scanning my email is no longer like scanning a bulleted list. It's just rows of text.‬ [JF: In Google terms, I'll say +1000 to this and the preceding paragraph.]

    That's a big deal functionally. There's a reason bulleted lists exist as a format, and removing the bullet points from the average bulleted list would make it significantly less legible.‬

    3) The accessibility angle. A reader writes:

    Being visually impaired, I have a particularly difficult time with the new G-Mail, because, when "Zoomed" the unusability of G-Mail is even MORE pronounced, what with scrolling back and forth, and in many cases, being completely unable to view the rightmost part of an E-Mail message. I suppose, I will have to install a "Client" of some sort, which I have had problems with, in the past, due to targeted vulnerabilities, which hackers are prone to take advantage of.
     
    If you change your mind about writing on this topic, you might want to mention the "New Look's" disfuctionality, for the visually impaired.

    4) Why not an option? From another reader:

    Some companies and websites have no difficulty in allowing users to choose which version to use. Eg:

    - The ruined "new" version of Weather Underground, with awful colours:

    - The functional and visible version of Weather Underground with distinct colours:

    Why can't a company like Google figure it out, despite all its wealth and resources?

    Most times, "improvements" on website are designed by people who wanted their own personal preferences that appeal to 1% of users instead of being useful to most.  Changes aren't properly tested - google only tests on chrome and "hopes" it works on other browsers. (In reality, they hopes it DOESN'T work on other browsers so people are forced to change to google's.)  This isn't the first time google has screwed up without consulting users (re: the menu "fade in" of 2009).

    And most of it is "feature creep", added bloat that makes the site run slower.  I don't want "more and newer features!", I want streamlined, fast and reliable.  If I were able to have a permanent domain name (which I don't need) and a POP email address, I would STILL be using Eudora 3.06, which was made 15 years ago.

    5) Effect on the Google brand? From another reader:

    I'm sure you're aware that the main reason for the "artsy" look (which I prefer admittedly) is to synchronize all their products with Google+. You mention that it goes against everything Google has stood for, and that's most certainly true. Google sees that the future is inherently social, and so they're completely realigning their entire business to suit that. We'll see how this adjustment treats them in the long term because for now the shuffling is hurting their image(aka Google+/personalized search results)

    6) A radical solution. There is a way to get back to a really old Old Gmail look, if you're willing to do without keyboard shortcuts and other useful features. A reader explains:

    The proper nomenclature [for this approach] is "HTML view," and what users gain in visible utility they lose in available features, such as keyboard shortcuts, spell checker, and chat.

    Here's a link that compares the two views:

    I get by without those features most of the time, but when I need them I just click on "Gmail view: standard" at the bottom of the HTML view page.

    7) And upcoming: a message from an academic historian-of-technology, who has some very interesting observations on what the New Look says about Google, about its users, about people-and-computers, and related topics. But it's long and complex enough that I'll save it for presentation on its own.

    Now, to see whether the latest version of Thunderbird is less of a CPU-hog than it used to be.

  • It Had to Happen Sometime: Involuntary Switch to 'New Look' Gmail

    A science/tech problem that doesn't really matter -- and one that really does.

    Last year, Gmail warned us that the change was coming.

    Early this year, the warnings became more frequent and pointed. The "new look" of Gmail, unasked-for by the public and shorter on usability than what came before, would soon arrive.

    NewGmail.png

    I kept pushing "Dismiss," and over the past few weeks the warnings went away. I thought that perhaps I had dodged this bullet and that Google had decided not to force the change on people who really didn't want it. Dream on! Just now I rev up Gmail to find that my accounts now feature the "airy" new look, with no "Dismiss" or "Return to old look" or "What the hell?" button in sight. In celebration of Earth Day, perhaps, the new age has dawned.

    For the record:
      - I realize that it doesn't matter. If you can complain about this, you've got no real problems;
      - If you use keyboard shortcuts, plus the "compact" view option, the new Gmail, while worse, isn't that much less convenient or efficient than the old;
      - The Offline Gmail app, which I use all the time, has had the "new look" for a long time, and I am used to that;
      - If you rely on a cloud service, and one that's free, you live with the choices the people running the cloud offer; moreover
      - If you use a mail-handling program, from Eudora to Sparrow to Outlook to Thunderbird to Apple Mail (etc), you can be spared any further awareness of future choices Google, Yahoo, Hotmail, etc make about the look of their web-based mail. I am hoping to dig out a clot of impacted emails today, and I'll do so via Sparrow or Thunderbird.
      - And finally: I'll never mention this again.

    Still: someday I hope someone will chronicle the decision process within Google that led to the forced "improvement" of something that wasn't broken, and its replacement with an approach that has been highly controversial within Google itself and that contradicts what Google has been known for. The contradiction is the elevation of an artsy "design" preference over sheer engineer-style and ergonomic usability. More of what I see on the screen now is padding, and less is info, than was the case yesterday and through the years before. 
    __

    That's it from me, forever, on that topic. If you want to dwell instead on a science/tech issue that actually does matter, please read Steven Weinberg's essay on "The Crisis of Big Science" in the latest NY Review of Books. Two years ago, I had a chance to visit Fermilab, outside Chicago, where I heard about the ramping-down of various American big-science ambitions. That's still on my list of articles to do "sometime soon," but Weinberg gives a super-authoritative and disturbing account of the ways in which high-end U.S. science is being deliberately lobotomized.

    Sample, describing the ultimately failed effort in the 1990s to build the Superconducting SuperCollider, or SSC, for high-energy particle-physics research:

    What really motivates elementary particle physicists is a sense of how the world is ordered--it is, they believe, a world governed by simple universal principles that we are capable of discovering. But not everyone feels the importance of this. During the debate over the SSC, I was on the Larry King radio show with a congressman who opposed it. He said that he wasn't against spending on science, but that we had to set priorities. I explained that the SSC was going to help us learn the laws of nature, and I asked if that didn't deserve a high priority. I remember every word of his answer. It was "No."

    What does motivate legislators is the immediate economic interests of their constituents....  Before the Texas site was chosen, a senator told me that at that time there were a hundred senators in favor of the SSC, but that once the site was chosen the number would drop to two.

    I'll admit it: the crisis of big science is more important than the crisis of the new Gmail. It is worth reading the related post, and comments, on the mathematician Peter Woit's Not Even Wrong site. Happy Earth Day!

  • Google's New Rules Don't Frighten Me

    Google's new privacy rules can do more good than harm, if they point you toward Google's all-important "dashboard" feature

    If you've been using any Google product these past few weeks  -- Gmail, YouTube, Picasa, Docs, Maps, even plain search -- you've seen the warnings: big privacy changes ahead! Here is how the warning looks on YouTube just now:

    GOOGLEPRIVACY2.png

    And this is what I saw on, I think, my Google calendar yesterday:

    GooglePrivacy.png

    The new rules, which have been the subject of considerable discussion and much denunciation, take effect tomorrow. You can read Google's official explanation of them here, which is also what you would see if you push the "Learn More" button on any of those warning boxes.

    Based on what I've been able to learn about them, I am in the non-alarmist camp* about the implications of these changes**. Here is my reasoning:

    - There is no indication that Google will have any more info about you tomorrow, when the new rules take place, than it has today. The info has been piling up, at Google and other "big data" online companies, all along.

    - There is every indication that Google is being far more open and forthcoming about what it's collecting than most others in the industry. The obvious counterexample is Facebook, which has repeatedly changed its privacy rules, usually in the direction of violating your privacy and usually without mentioning the change until someone else has noticed and complained.

    - Main point: This change gives every Google-products user a prod, an incentive, and a convenient way to do the single most valuable thing you can do today to guard your online privacy. That is to go to your own personal "Google Dashboard" -- www.google.com/dashboard, where you will have to sign in with your own credentials -- and then take a careful look at exactly what information Google in all its incarnations is storing about you. What searches you have done; what recordings exist of your voice via Google's speech-recognition features; what Groups you are part of; what "online identity" you present; and scores of other settings.

    Really, you will be amazed both at what is there, and at how much of it you can tweak, anonymize, remove, opt-out of, and, above all, simply be aware of. If Facebook, Yahoo, Microsoft, etc did something similar -- by which I mean offering a one-stop-shopping site for everything about your captured online info -- we'd had taken a step toward a less intrusive web.

    When you're done with that, you can go to your personal ad-preferences page on Google -- which you'll find via google.com/settings/ads -- and see what your online track record is telling advertisers about your location, demographics, interests, and so on. And you can get some of this data removed. (You may have to prowl around in your Google account settings to find this, and you may have to re-enter your password or other authentication data so they know it's you. But you will find it.)

    Privacy problems are with us in the long run. But if this shift in Google policy prompts users to look at their Dashboards and Ad Settings and respond to what they see, it will have done much more good than harm.
    __
    * Standard disclosure: Many of my friends and one of my family members work at Google.

    ** Two days ago the Washington Post had a story about the Google privacy controversy that managed to convey the concerns with this fresh metaphor:
    "It's sort of the story of how you boil a frog in lukewarm water. Google may be capturing its consumers in the same way so that consumers don't understand what is happening until they are cooked," said Bert Foer, president of the American Antitrust Institute.

Video

What Do You Wish You Learned in College?

Ivy League academics reveal their undergrad regrets

Video

Famous Movies, Reimagined

From Apocalypse Now to The Lord of the Rings, this clever video puts a new spin on Hollywood's greatest hits.

Video

What Is a City?

Cities are like nothing else on Earth.

Video

CrossFit Versus Yoga: Choose a Side

How a workout becomes a social identity

Video

In Online Dating, Everyone's a Little Bit Racist

The co-founder of OKCupid shares findings from his analysis of millions of users' data.

Writers

Up
Down

From This Author