[HN Gopher] Google Drive may restrict files identified as violat...
___________________________________________________________________
Google Drive may restrict files identified as violating ToS
Author : umvi
Score : 184 points
Date : 2021-12-22 15:19 UTC (7 hours ago)
(HTM) web link (workspaceupdates.googleblog.com)
(TXT) w3m dump (workspaceupdates.googleblog.com)
| myko wrote:
| "Available to all Google Workspace customers, as well as G Suite
| Basic and Business customers"
|
| So this isn't general Drive, only the paid for version? ie to
| prevent businesses from having employees with these files on
| their company Drive?
| znpy wrote:
| Aren't we even scared anymore by the fact that google is
| inspecting our files?
| mikece wrote:
| Google says you can request a review if you believe something
| should not have been flagged as a ToS violation but no mention is
| given to any rights you have. To me this reads as "You can
| request whatever you want but it might not mean anything in
| reality.": https://support.google.com/docs/answer/2463328
|
| Conversely, the information for how to report what you perceive
| as a ToS violation is far more complete:
| https://support.google.com/docs/answer/2463296
| RankingMember wrote:
| The "but you can request a review!" handwaving all these
| massive tech platforms use to assuage concerns about heavy-
| handed (and coldly automated) policy application is really long
| overdue for serious consumer protection regulation.
| hsod wrote:
| howdydoo wrote:
| I like to imagine the AI spits out a line like this:
|
| > Should we ban this user? YES
|
| Then you request a review, and the support person double-
| checks that the output really does say "YES" and not "NO".
| Then they tell you they reviewed their decision.
| unilynx wrote:
| GDPR art 22 might protect against this (https://gdpr-
| info.eu/art-22-gdpr/).
|
| I wonder if someone has already tried to invoke it against
| a Google/FB/.. ban hammer.
| bastardoperator wrote:
| Request a review from Google? Real human intervention? That's
| cute... but we know how this actually goes with them.
| edge17 wrote:
| Google doesn't exactly have a great reputation for customer
| support.
| tomschlick wrote:
| "The AI has determined it has done nothing wrong and as
| punishment has deleted 50% of your files. Do not make that
| mistake again."
| Kaze404 wrote:
| Considering their history with falsely-flagged videos on
| YouTube, I assume this to be "you can ask for a review but
| we're not gonna do anything about it lol".
| [deleted]
| throw_m239339 wrote:
| Still waiting for my request about my adsense ban for violating
| not a single ToS to be processed. 15 years. And I'd like my
| money back, plus interest as well.
| ncann wrote:
| I believe this may be due to the popular spamming method lately
| which is tagging people into a Google Docs and share it so
| everyone receives a notification (the spam message). It works
| better than regular email spam since apparently Gmail doesn't
| treat Google Docs notification email as spam (at least not as
| often).
| duskwuff wrote:
| Similarly: Google Forms being used for phishing, Google
| Calendar invite spam... I've even heard of Google Photos being
| used for spam (by "sharing" photos, or by posting photos with
| text as the target of a spam campaign).
|
| Spammers ruin everything.
| ehsankia wrote:
| They truly do. And it doesn't even have to be many spammers,
| it only really takes one person to ruin a free service. I've
| had plenty of personal projects I had to shut down due to
| some random person who just decided to hammer my servers for
| no reasons. I block the IP or IP block and they get more. I
| put Captcha (HN always complains about it but this is why
| it's often needed...), and users (who pay nothing) complain
| that it's annoying. Running free services on the internet is
| truly a PITA.
| qnsi wrote:
| there is also a method for sharing pirated media using google
| drive. TBH I'm surprised they havent started earlier
| slg wrote:
| >there is also a method for sharing pirated media using
| google drive
|
| Is anyone surprised by that? Every file sharing tool will
| invariable be used to share pirated and worse material until
| the people behind that tool show a willingness to stop that
| behavior. It is practically a universal law of the internet.
| artificial wrote:
| Is it really a service if it doesn't facilitate
| infringement?
| ncann wrote:
| People have used Google Drive for sharing pirated stuffs
| since forever. Google usually blocks it by restricting
| downloading instead of removing the file, but people kept
| finding out new ways to get around that, like making a copy
| of the file in your own drive, or selecting that file and
| another one to download so that Google zips up both into one
| zip file before downloading.
| throwaway0a5e wrote:
| People have been using password protected archives to get
| around pirated content restrictions since forever.
| unilynx wrote:
| Does Google even have to look at the content? I assume
| most pirated content will also have a massive number of
| anonymous downloads, and shouldn't that trigger some
| fair-usage clause somewhere ?
| gentleman11 wrote:
| Same for game mods
| throwaway0a5e wrote:
| They block upload even if you're not sharing it.
| alkonaut wrote:
| So basically: piracy, spam or anything you'd get into legal
| trouble for doing on your own hardware, Google restricts on
| their hardware. I can't really see how that's surprising or
| strange.
| Goronmon wrote:
| That and I'm not sure how different this is from cloud file
| sharers that disable file shares for reasons like piracy, which
| is something that I'm pretty sure Google Docs was doing
| already.
| dqv wrote:
| Nah Google doesn't care about that. Spammers have been doing it
| for years on Google Drive/Docs and Microsoft Sharepoint.
| bdcravens wrote:
| You're restating GP comment about why Google may need to do
| this.
| dqv wrote:
| No, I am not. The GP said that it is a popular method
| _lately_ and I explained that it has been happening for
| years. What TFA is saying is that there will be more
| communication about files being blocked, but it doesn 't
| suggest to me this is a response to this kind of spam. What
| probably happened is a file BigCorp wanted to share was
| opaquely blocked so now Google feels the need to provide
| better communication.
|
| If Google were genuinely interested in stopping the spam,
| they would create a way for recipients to establish which
| organizations could send files to them.
| tobyjsullivan wrote:
| Except that's not a real solution at all, is it?
|
| Whitelisting orgs would either be an opt-in or opt-out
| feature. If it's opt-in, it won't prevent 99.999% of spam
| because nobody will set it up. If it's opt-out, it will
| break sharing for 99.999% of users.
|
| These are never easy problems.
| dqv wrote:
| >won't prevent 99.999% of spam because nobody will set it
| up
|
| I would. And anyone who doesn't want the spam would.
| Right now we send "550 Too much spam" responses to docs
| and sharepoint emails. I'd be happy to, as an
| alternative, use an interface at Google or Microsoft that
| let me whitelist the organizations who can send files.
| PragmaticPulp wrote:
| The files are not removed or blocked, they just can't be shared
| publicly:
|
| > When it's restricted, you may see a flag next to the
| filename, you won't be able to share it, and your file will no
| longer be publicly accessible
|
| So it's probably a combination of things, including piracy.
| They're not forbidding people from storing or retrieving the
| files, just not allowing anyone to publicly host whatever they
| want on Google's servers. Seems reasonable.
| [deleted]
| quitit wrote:
| I think the opposition is by those which long for the
| simpler, lawless period of the internet - a time where Google
| seemed to always be on the side of the user, even overlooking
| the naughty things the users would get up to. This change for
| those folk could feel as some kind of betrayal, like Google
| is complying to "the man", instead of shielding them from the
| realities.
|
| Of course this point of view is silly - Google have done very
| well to make users the product. A win:win scenario for those
| which couldn't afford the pay-for equivalents, but their
| ceaseless ability to kill useful services proved that they
| were never benevolent, nor a charity.
|
| The internet has grown up, and so has the ability to scan
| masses of data for liabilities - Google's change here is not
| controversial or unexpected, and realistically if people have
| a problem with the many problems with US copyright laws they
| need to pick up their pens, change who they vote for and vote
| with their wallet.
|
| As for the implementation I think it's pretty fair - they
| aren't stopping the user from their 'backups', they're just
| preventing their hardware and bandwidth being used as a
| piracy BBS.
| umvi wrote:
| Note that files can be restricted not just for violating ToS, but
| also "program policies"[0].
|
| This includes files that are identified as: CSAM, Circumvention,
| Dangerous and Illegal Activities, Harassment, Bullying, Hate
| Speech, Misleading Content, Spam, Violent Organizations and
| Movements, and more.
|
| Google further notes they "may make exceptions based on artistic,
| educational, documentary, or scientific considerations, or where
| there are other substantial benefits to the public from not
| taking action on the content."
|
| [0] https://support.google.com/docs/answer/148505
| brutal_chaos_ wrote:
| Perhaps one should encrypt files before uploading to cloud
| services. Sure it destroys the possibility of webview for your
| data, but then you don't have to worry about situations like
| this.
| willk wrote:
| Unless they decide that encrypted files violate their TOS.
| hellojesus wrote:
| Which should be a red flag not to use the service because
| they're collecting your data for any and all reasons.
| ipaddr wrote:
| This is your redflag
| b215826 wrote:
| I've been using rclone+restic to back up files to my
| university-provided Google Drive, which has unlimited storage.
| Apart from occasional "rate limit exceeded API warnings", I
| haven't faced any issues so far. Wonder if that'll change with
| the new policy.
| notfed wrote:
| Cryptomator is a great tool for this.
| jeffbee wrote:
| This came up on HN a few days ago with a similarly hyperbolic
| editorialized headline. Google has _always_ restricted
| objectionable content from being shared on Drive, Docs, or
| wherever the platform has sharing features. Google is, obviously,
| not going to act as a free static hosting service for your
| malware and porn.
|
| What's new is that customers with paid accounts are going to be
| notified when their content has been restricted from sharing.
| Before this change it was silent from the user's perspective.
| buro9 wrote:
| I never thought I'd consider going back to MS Office or Libre
| Office... but the thought that my Google Account and all of my
| files are at risk by a company that has well known poor customer
| support is very scary.
| cft wrote:
| Next is email, including ML attachment policing
| Manheim wrote:
| This is deeply disturbing news. It is already a problem that
| people get their Google accounts closed without any explanation
| from Google and with no response from Google when they try to
| contact them. A story about Elin Killie Martinsen, a Norwegian
| journalist and writer who lost access to her book manuscripts
| this way, was recently run in the national newspaper Aftenposten
| (https://www.aftenposten.no/kultur/i/8Qj1lG/uten-
| forklaring-b...). The article is in Norwegian but to summarize
| she got this answer from Google; "There appears to be malicious
| content in your Google Account. This is a serious violation of
| Google's policy and may be illegal" with a link to this page
| https://support.google.com/accounts/answer/40695?p=disabled_... .
|
| To the writer this was incomprehensible because she couldn't
| understand that any of her files could even be close to violating
| anything.
|
| I am already seriously considering discontinuing my subscriptions
| of their storage services, and this post about restricting files
| doesn't give me comfort.
| Vespasian wrote:
| I wonder whether we will see something similar to public
| utilities in the web.
|
| Companies like Google would be required to provide a basic
| service to basically everyone and are required to go through a
| court before suspending accounts (or maybe just some core
| features).
|
| On one hand it would enshrine their position in the market, on
| the other hand it would remove some of their ability to make
| arbitrary decisions with no recourse and no information why it
| hapended.
| Karunamon wrote:
| No need to tie it to any specific company, tie it to user
| count instead. With increased reach comes increased
| responsibilities to society.
| phone8675309 wrote:
| The telecommunications name for this is a "common carrier".
| The flip side is that they are only liable for damage they do
| and are held not liable for the things sent through their
| system.
| Manheim wrote:
| That's an interesting idea and it correlates with the idea of
| "the right to access the internet". Maybe we will see this
| happen through similar standards we have for bank accounts
| and money transfers, or even electricity as we have in many
| countries. I think it at least some of the infrastructural
| services like storage and email should be regulated in one
| way or the other
| jsnell wrote:
| The only thing that changed was that there's now a notification
| sent to the user if the sharing of a file is restricted. Why is
| that deeply disturbing news? Seems like a strict improvement in
| usability.
| Manheim wrote:
| What is disturbing is the reason they give for why they will
| do it. One thing is if the drive is specifically used for
| cyber attacks and other malicious operations over the
| internet, but they refer to these rules;
| https://support.google.com/docs/answer/148505 and they are
| extensive to say the least. On top of that this is yet
| another move from Google to declare their rights to control
| your content and access to it if you use their service.
| Manheim wrote:
| sorry, maybe I misread your question. Did you mean to say
| that they already did this without any notice to users, and
| the only change now is that they will start to send
| notifications when they do?
| ehsankia wrote:
| Yes, this is not new. People have abused Drive to host
| illegal content and spam for years. They have been
| silently banned and removed. The fact that you rarely
| hear about it shows that they actually have a fairly low
| false-positive rate.
|
| The only change now is that the file gets unshared, you
| get a notification, and can try to dispute the claim.
| This is a strict improvement.
| jsnell wrote:
| Yes, that is exactly what the blog post is saying. It has
| never been the case that you could use Drive to just
| share files in an unlimited manner. They used to notify
| about this in the Drive user interface. Now they will
| also send an email notification in addition to that.
| [deleted]
| beached_whale wrote:
| It's slightly more, but this is why I have stuck with Dropbox.
| Their only business is storage and it means they are less
| likely to do things like this. They have't been in the news,
| that I have seen, about actions like this.
|
| Google is a consumer hostile company at this point. Unless you
| have a friend with pull there, or make it a big enough news
| issue, the little things are treated with automated hostility.
|
| Google isn't alone here, it's the result of very large
| companies being under regulated on the consumer side.
| jeffbee wrote:
| Dropbox has the exact same policies and procedures, they just
| don't have the same technical abilities that Google has.
| Quoting from their AUP:
|
| "...you must not even try to do any of the following ...: ...
|
| - publish, share, or store materials that constitute child
| sexually exploitative material (including material which may
| not be illegal child sexual abuse material but which
| nonetheless sexually exploits or promotes the sexual
| exploitation of minors), unlawful pornography, or are
| otherwise indecent;
|
| - publish, share, or store content that contains or promotes
| extreme acts of violence or terrorist activity, including
| terror propaganda;
|
| - advocate bigotry or hatred against any person or group of
| people based on their race, religion, ethnicity, sex, gender
| identity, sexual orientation, disability, or impairment;
|
| ...
|
| We reserve the right to take appropriate action in response
| to violations of this policy, which could include removing or
| disabling access to content, suspending a user's access to
| the Services, or terminating an account."
|
| Quoting from their privacy FAQ:
|
| "Examples of Dropbox processing your data in furtherance of
| its legitimate interests in operating our Services and
| business include:
|
| ...
|
| - Investigating and preventing security issues and abuse of
| the Dropbox Services or Dropbox users."
| beached_whale wrote:
| It's not the rules, those are common, it's the lack of
| human after. When the automation goes wrong, how much
| effort is it to get a human and to fix the issue. Or how
| many other services are taken down too. Google as an
| identity provider means that other third parties/devices
| are down in the mean time.
| beached_whale wrote:
| The point is really, that these companies are so large that
| they should be much more regulated and treated like any
| utility. That means it is a legal proceeding when they want
| to drop customers. This many mean that people, gulp, pay
| for services, but they have chosen to intertwine themselves
| into too many places in the consumer landscape.
| prepend wrote:
| I wonder how much it used to suck when the power company
| wasn't as regulated and would do stuff like "we detected
| illegal activity so we shut off your power."
|
| I'd like some balance because I don't want Google and
| Dropbox to suck as much as my power and phone company.
| But do want some regulation around lack of due process
| and "bundling" where a YouTube comment can result in my
| GCP account shut down.
| sophacles wrote:
| I disagree. Google has always been a consumer hostile
| company. The only "at this point" thing is: they have become
| worse at hiding it.
| r00fus wrote:
| It's really bothering when the account just also happens to be
| your core email service so suddenly you have no way of
| recovering other accounts.
|
| Moving off Gmail is likely impossible for most non-technical
| folks.
| fs111 wrote:
| There are plenty email providers out there. Free and paid. It
| should not be a problem for anyone to switch. Moving off of
| Gmail doesn't mean to self host. It is a bit of work to tell
| anyone about your new address, but that's it.
| bencollier49 wrote:
| Changing upwards of 200 logins to use a new email address
| may be troublesome. Do you keep a list?
| fs111 wrote:
| Yes, my password manager
| anamexis wrote:
| When I switched away from Gmail, I used my password
| manager to track the logins I needed to change. Then,
| just monitored the Gmail inbox for anything I missed.
| beached_whale wrote:
| There's another catch, many services use the email
| address as an immutable identifier that cannot be
| changed. For some that doesn't matter, but at the very
| least it is a lot of time/effort.
| kroltan wrote:
| A lot of those can be solved by contacting the support of
| that service. Services that don't allow you to change
| emails are usually on the smaller side and so you might
| actually get a response.
| kroltan wrote:
| Unlike sibling commenters, I used to not use a password
| manager. (But do now!)
|
| I just keep the old GMail for now, and whenever I receive
| a valid email there, I visit the sender website to update
| it.
|
| This depends on you remembering your "low-volume
| important accounts" like government websites you visit
| once a year, but otherwise, I would not cry if my imgur
| account got lost or something eventually.
| mkbkn wrote:
| First, I saved every login on Bitwarden and then used
| that to visit every website and changed login email info
| there and re-saved on Bitwarden.
|
| The effort is only one time or one day at max. And the
| rewards are worth the time.
| r00fus wrote:
| What about the hundreds of other accounts that use your
| gmail as either the 2FA target or password reset?
|
| For a non-technical user (like my mom), this is a herculean
| task.
| yyyk wrote:
| There's no need to delete the old gmail account, just use
| the new account for anything new, and change the mail
| address to the new one for the few frequent and useful
| accounts.
|
| Over time, the old gmail account will lose its
| importance, and there'll be no real risk if Google
| decides to ban it.
| ipaddr wrote:
| If you need a password reset do it and use the reminder
| to change the email. If your mom signed up for hundreds
| of accounts she should be saavy enough to handle the
| account update.
| Manheim wrote:
| True, they do have a "grip on people". I use gmail for my
| private email and I use Google Photos and Google disk for
| storage through a paid family account. I am considering a
| move to an European email and storage provider to avoid the
| almost moralistic TOS many US providers have to avoid
| liability issues, I just haven't decided which I should go
| for. It will come with a loss of convenience and that
| irritates me. The way Google have gotten me hooked to their
| walled garden.
| ajmurmann wrote:
| Another benefit you get from using gmail is that it's do much
| simpler to give someone your email address. You just need to
| get the part before the @ correct, they won't misspell the
| Gmail.com. I moved much of my email to Fastmail with my own
| domain. However, when I rented a car earlier this week I gave
| them my Gmail address because it's just so much less painful
| especially since the clerk and I could barely understand each
| other with nearby noise and masks and plexi glass between us.
| Happens all the time.
| helloworld11 wrote:
| There is nothing in the slightest bit technical about opening
| an email account with protonmail, or fastmail or any number
| of other much less invasive email services. A protonmail et
| al account could even be called easier to open since Google
| lately asks for quite a bit in exchange for the "privilege"
| of having one of their email addresses. Gmail also constantly
| screws around with security blocks for blah blah reason that
| require backup email or phone verification gymnastics if you
| do any number of tiny things "wrong", like say, trying to log
| in from a new country.
| jsnell wrote:
| Discussed 5 days ago:
| https://news.ycombinator.com/item?id=29593096
| exabrial wrote:
| Yikes. It's been said several times, don't use Google for
| anything important. The minute something goes wrong, you're so
| SOL and they literally could care less.
| mikece wrote:
| I hope it's not a violation of the ToS to use a front-end like
| Cryptomator -- https://cryptomator.org/ -- that encrypts files
| before uploading to Google Drive.
| StreamBright wrote:
| Meaning Google has access to all of the files stored on Google
| Drive, including and not limited to:
|
| - your business secrets
|
| - GDPR data that you legitimately have
|
| This is exactly why I do not use Google Drive for anything
| business critical.
| remus wrote:
| Is that a surprise to anyone? It's literally a service where
| you upload your data directly to their servers. Businesses have
| contracts with other businesses to protect them against
| particular kinds of abuse of this data (e.g. google stealing
| business secrets, or leaking personal data as defined by GDPR)
| and google sticks to these because businesses would lost trust
| very quickly if they didn't respect the contracts they have.
| rhmw2b wrote:
| Note that client side encryption changes this
| https://support.google.com/a/answer/10741897?hl=en.
| ricardobayes wrote:
| This is great, afaik Google Drive stuff is a nightmare for SoCs
| as they don't want to block the whole domain.
| ocdtrekkie wrote:
| One easy to block is storage.googleapis.com ...Regularly used
| to host malware, but legitimate users generally throw their own
| domain in front of any usage of that service.
| ricardobayes wrote:
| No don't do that, this is exactly why IT/opsec is hated in
| organizations. False positives.
| ocdtrekkie wrote:
| I have so far seen a single instance where a legitimate
| organization sent someone a storage.googleapis.com URL. I
| have seen literally _hundreds_ of phishing emails do it.
|
| Which is to say, the problem is organizations using
| storage.googleapis.com URLs, not organizations blocking
| them. And probably Google should be doing a better job
| policing content on their content domains if they don't
| want them to be blocked by default.
|
| (Similarly, all Chrome Web Store extensions should be
| blocked by default, with an allowlist for requested and
| vetted ones... there's simply too much malware to default
| to anything else.)
|
| I'd _love_ to block Google Drive by default too, but there
| is enough legitimate use that at present that _would_ cause
| too many false positives, and it 's a balancing act.
| makecheck wrote:
| We need "dumb" infrastructure again, that you can simply pay for
| with few strings attached, where the provider cannot fiddle with
| things at all, leaving enforcement to other authorities.
|
| We build roads; yes, those roads might be used to transport
| stolen goods but the road builder doesn't get to sit there and
| inspect every vehicle (and accuse the wrong people sometimes and
| ban them from driving).
|
| It's just so damned complicated now and I don't know how it got
| that way.
| [deleted]
| RIMR wrote:
| That "dumb" infrastructure still exists. You can host your own
| file server, either on your own hardware, or in the cloud.
|
| Use of these consumer-grade cloud services comes with pitfalls.
| I see no utility in pretending that alternatives don't exist
| though, because they're pretty abundant.
| umvi wrote:
| > That "dumb" infrastructure still exists. You can host your
| own file server, either on your own hardware, or in the
| cloud.
|
| Can you though? I would consider AWS "in the cloud" yet they
| will give you the boot if they disagree with you morally[0].
| Same with Cloudflare[1].
|
| So it seems even infrastructure-level cloud offerings are
| prone to moral arbitration. Hosting on your own hardware is
| the only option, but even then... I don't see any reason
| twitter mobs couldn't pressure Comcast or whoever is
| connecting your hardware to the internet to cut you off.
|
| [0] https://telecoms.com/508138/aws-banning-of-parler-
| exposes-th...
|
| [1] https://blog.cloudflare.com/why-we-terminated-daily-
| stormer/
| aluminum96 wrote:
| > they will give you the boot if they disagree with you
| morally
|
| I don't think this is accurate. They pretty much only ban
| you if you're exposing them to legal liability.
| bigtech-1984 wrote:
| Your best bet is probably to pursue hosting in another
| country with better freedoms.
| Macha wrote:
| The best you're going to get is different freedoms.
| Russia might have free speech for nazis, but not for
| Putin critics, for example.
| omoikane wrote:
| You could also declare yourself to be an independent
| nation and start a hosting company:
| https://en.wikipedia.org/wiki/HavenCo
|
| But this is probably not your best bet.
| sieabahlpark wrote:
| judge2020 wrote:
| Comcast already regularly cuts users off for DMCA
| violations, many of which are supplied automatically by
| bots watching torrent trackers.
|
| https://arstechnica.com/tech-policy/2013/02/heres-what-an-
| ac...
| kypro wrote:
| You say this as if it is easy or inexpensive to do well... If
| it was why would the service even exist in the first place?
| Surely everyone would just do it themselves.
|
| I also don't think you would be arguing that people bothered
| about WhatsApp or iOS tracking them should just create their
| own messaging app or mobile OS. The vast majority of software
| is not just difficult do yourself, but almost completely
| infeasible. In fact it's hard to even think of any software I
| use regularly which I as a experienced software engineer
| could easily build myself, let alone an average user
| concerned about this stuff...
| je42 wrote:
| Even it if was open source, just deploying something as
| convenient as google drive is a challenge. i.e. something
| that works on iOS , Android and Web + has proper access
| management and has enough storage (including automatic
| backup).
| sovietmudkipz wrote:
| Is there a source that breaks down this sort of stuff on your
| own hardware in a beginner friendly or at least explicit way?
| One hesitation I have to exposing something public that may
| not be secure, compromising my home network. It's
| intimidating and holds me back, a bit.
| BoysenberryPi wrote:
| I'll second this. I'm pretty techno-savvy if I do say so
| myself but I haven't the slightest when it comes to self-
| hosting and security concerns also prevent me from doing
| it.
| acjohnson55 wrote:
| You can store your data encrypted. I use Cryptomator on top of
| Dropbox for keeping my personal files in the cloud and synced
| between systems. It works on any online storage that presents
| itself as a drive to your OS. You lose all of value-added
| functionality of the cloud storage application, though, like
| the web interface and the ability to share.
| traceroute66 wrote:
| > You lose all of value-added functionality of the cloud
| storage application, though, like the web interface and the
| ability to share.
|
| Only because you chose the wrong solution. ;-)
|
| Look at Tresorit[1] instead.
|
| [1]https://tresorit.com/
| jjav wrote:
| > You can store your data encrypted.
|
| You can, I can (actually, I run my own file servers, even
| better).
|
| Average person can't (won't even be aware they should). We
| could say let's educate people (yes, let's). But really,
| infrastructure should be neutrally available to everyone like
| roads or the old POTS network.
|
| It can only be achieved through regulation, since these
| companies will always be self-serving at every step
| otherwise.
| nivenkos wrote:
| If the road builder was held legally liable for everything on
| their roads you can be sure they would do.
| [deleted]
| ssss11 wrote:
| Yes, this!
|
| It's because cloud should have been just custodianship of the
| data in order to funnel it into their application but it was
| all too easy for these companies to want to profit further by
| prying on the data, monetising the data, curating the data and
| ultimately taking control away from the owner of the data.
| vkou wrote:
| Not going to happen in a world where linking to illegal content
| makes you legally liable for it. Instead of grousing about
| Google or AWS or Cloudflare, you'd be grousing about Comcast.
| And Cloudlfare, because they'd still be in the picture, with
| all the same incentives.
| BiteCode_dev wrote:
| Which means:
|
| - google reads all your files
|
| - google judges your files
|
| - google has a set of opaque, arbitrary, ever changing list of
| things that can turn your files into a reason for locking you out
|
| So, basically: s/your files/their files
| ApolloFortyNine wrote:
| Honestly surprised they weren't forced to do this earlier, Google
| likely already hashes files for deduplication or integrity
| checks, making it rather trivial to keep a database of known
| pirated movie hashes.
|
| Obviously it can be easily defeated with encryption / changing
| the metadata, but it's so easy to implement I'm shocked they
| didn't do it earlier.
|
| Google drive is commonly used for a backup of media or even a
| host of media when using rclone.
| rsync wrote:
| This is, suddenly, a FAQ for us.[1]
|
| Many, many pre-sales conversations are now focused on whether
| or not we hash files or keep databases of file hashes, etc. Do
| we collude with other cloud providers to report file incidence.
| Or, for people who _really have no idea who they are talking
| to_ "which cloud do (you) run on top of".
|
| This was not the case before. I think the advent of 'rclone'[2]
| has created a lot of use-cases that very efficiently use (cheap
| online drives) and all the kids are storing their warez with
| it.
|
| Yes, trivially easy to defeat with encryption and rclone has a
| very nice and simple workflow for this.
|
| [1] You know who we are.
|
| [2] https://rclone.org/
| imchillyb wrote:
| If you're not using your own backup solution on your own
| hardware, located on your own property, you're failing IT 101.
|
| Any cloud service can change their Terms of Service without
| notice, and those changes are almost always detrimental to
| customers.
|
| Seriously, move your saved data in-house. Cloud drives are for
| ignorant consumers.
| notfed wrote:
| If you're using your own hardware on your own property you're
| probably failing resiliency 101.
| baybal2 wrote:
| If you use anything on a commercial basis with Google, go to
| small claims court without hesitation, and pull the answer from
| them rather than keep paying them to lawyertroll you on your own
| money.
|
| Depending on your jurisdiction, small claim courts can actually
| shut down the binding arbitration clause.
|
| In Canada, Google had a long history of losing by defaults in
| small claims
| notyourday wrote:
| > If you use anything on a commercial basis with Google, go to
| small claims court without hesitation, and pull the answer from
| them rather than keep paying them to lawyertroll you on your
| own money.
|
| And be blacklisted from using Google products and services.
| coffeefirst wrote:
| Yeah... We should probably have an anti-retaliation law for
| cloud services like we do for landlords and employers.
| jasonjayr wrote:
| If you do this though; be prepared to lose access to everything
| you have in Google.
| hobs wrote:
| Yep - here's how to download your Google data
| https://support.google.com/accounts/answer/3024190?hl=en
| bryanrasmussen wrote:
| so people doing more creative writing will not really be able be
| able to rely on it for collaborative editing etc. as those are
| the users more likely to write something that will look like a
| violation.
|
| What would be a good collaborative platform for creative writing?
| marcodiego wrote:
| We need a distributed volunteer backed free replacement. Is IPFS
| or gnunet ready for that yet?
| api wrote:
| There are many replacements for tech savvy people, but few for
| people who lack the skills or time to futz around with
| configurations and installs and software updates.
|
| Regular users need something that just works instantly and
| never needs maintenance. If it doesn't just work it's broken.
| rsync wrote:
| "We need a distributed volunteer backed free replacement. Is
| IPFS or gnunet ready for that yet?"
|
| Or you could just choose a provider who respected your privacy
| and had a very long history of standing for freedom of speech
| and the rights of users.
|
| If only such a provider existed.
|
| _If only ..._
| jeffbee wrote:
| Right, we need to trade a vanishingly small probability that
| anti-abuse systems at Google will flag your school photos as Al
| Qaeda propaganda for the much higher probability that your
| files hosted on an elaborate scheme operated mostly by 4chan
| users will be unavailable due to widespread malfunction,
| malice, and capriciousness.
| helloworld11 wrote:
| Why in god's name do so many people with even modest IT knowledge
| keep using this invasive dumpster fire of a cloud service with
| conditions like this one and others being piled on? There are so
| many affordable, secure and easy to use options on the web that
| trusting Google with your data seems absurd, especially
| considering how easily the company can simply permaban you for no
| discernible reason and not a human in range to dispute the matter
| with. At this stage, using any Google service is sort of like
| trying to expect decent customer service from the DMV and IRS
| rolled into one.
| judge2020 wrote:
| Because
|
| (A) it's a usable interface accessible by pretty much anyone
| [with a phone number, as of recent]
|
| (B) it's cheap as you don't pay for bandwidth and storage is
| either $0 for 15GB or paid storage at a low-priced rate[0]
|
| (C) all of that storage is geo-redundant and thus extremely
| unlikely to ever be lost, outside of Google terminating
| accounts (which isn't part of a lot of people's risk models).
|
| 0: https://one.google.com/about/plans
| jorgeudajer wrote:
| awinter-py wrote:
| oh they're removing files that violate _their_ rules. my brain
| initially read this as removing files which download the
| _uploader 's_ tos, which is dystopian but in a much cooler way
|
| same prediction as always, moderation is an ecosystem that
| requires transparent enforcement and dispute processes.
|
| new moderation norms will bend the economics of social media
| towards the reddit model: small communities, moderation primarily
| provided by 'community owner'.
|
| Platforms provide a layer cake of less frequent 'nuclear option'
| bans on top of that -- platforms deplatforming communities so
| _their_ host doesn 't deplatform them.
| MisterTea wrote:
| When google said they were no longer giving way free storage I
| bought the cheapest 100GB google one plan for $20/yr. Last night
| I saw the renewal email and cancelled it. After nearly 10 years
| of Google usage including drive, email, and pictures (I rarely
| take videos) I have only ~30GB. Almost 15GB of that is in drive
| which is a simple "my docks" kind of backup and dumping ground.
| I'm moving my drive stuff to a cheap VPS running OpenBSD. Then
| I'm going to remove all photos and video from 2-3+ years ago.
| Then I'll just use the free plan for photos and email for the
| time being. My VPS will do the rest.
| judge2020 wrote:
| You might still want to backup to a different location, given
| VPS's aren't immune to data loss. rclone with encryption works
| and ensures you are the only one with access to your data.
|
| https://www.bleepingcomputer.com/news/technology/amazon-aws-...
|
| https://www.techzine.eu/news/infrastructure/57005/ovh-share-...
| MisterTea wrote:
| At home I have an actual server that's a secondary (Xeon
| w/32GB ECC running FreeBSD w/20TB ZFS). Likely just use rsync
| between them.
| richardfey wrote:
| How is this going to be effective if files are encrypted and with
| no discernible name?
| KMnO4 wrote:
| I'd place bets that >99.9999% of files on Google Drive are not.
| richardfey wrote:
| Yes, but aren't the abusers now going to do exactly that?
| mcherm wrote:
| Perhaps it may surprise you to learn that many "bad actors"
| are rather stupid. This is one of the few large advantages
| that defense has over offense in security matters.
| richardfey wrote:
| You could try to express yourself in less condescending
| ways, it should have a positive outcome, on average, in
| interactions with people
| RegnisGnaw wrote:
| Note that you can still access your files, they are not blocking
| that or restricting that. Its the sharing that's blocked.
| Goronmon wrote:
| Yeah, to me this makes this kind of a non-issue. Because I
| always assumed that any cloud provider like this would be
| capable and willing to block sharing of files based on their
| policies.
| anshumankmr wrote:
| But seriously how long is it before Google implements a hashing
| algorithm (not too dissimilar from Apple's) to check if a user
| has not uploaded content with a copyright on it and taking some
| form of action on the user.
|
| This feels like a slippery slope to be on.
| chippiewill wrote:
| Google already scans for CSAM on stuff uploaded to drive. The
| idea that they'd start using it for copyrighted material is a
| spurious claim considering they've made no indication of
| doing so in the past.
| ehsankia wrote:
| Yeah, all cloud provides do, this isn't new. The only
| reason Apple's version was controversial is that they did
| it on your own device instead of their own server, but
| scanning files on cloud services is common practice.
| artificial wrote:
| Google drive already scans hashes.
| https://torrentfreak.com/google-drive-uses-hash-matching-
| det...
| throwaway0a5e wrote:
| They have been doing this since forever. Years ago if you
| tried to upload obviously pirated movie mp4s (like the most
| popular torrent for a given major release) it would error
| out.
| ugjka wrote:
| What if you actually own the copyrighted content or have
| permission to have it?
| blueboo wrote:
| Still might not have the license to agree to the necessary
| terms to upload it to a third party cloud storage
| anshumankmr wrote:
| Of course, that is an edge case which Google would need to
| figure out and perhaps, one of the many reasons they
| haven't done it.
| jhgb wrote:
| > that is an edge case which Google would need to figure
| out
|
| How do you figure out legality of having a document from
| the document? Unless it's child porn, where it's
| implicit, this simply isn't computable.
| anshumankmr wrote:
| Maintaining a hash of say music files that are owned by
| large record label companies or a conglomerate like VeVo,
| match every audio file uploaded with the hash and if it
| matches, flag it, get it reviewed and if it matches,
| delete it?
| foxfluff wrote:
| That does not answer legality.
| anshumankmr wrote:
| However, VeVo can say that no one can keep MP3 records if
| it isn't hosted on iTunes, YouTube Music or Spotify etc
| jhgb wrote:
| In my country that would be almost certainly illegal. Not
| even copyright holders can tell you what you can do with
| your personal copies of copyrighted works, short of
| distributing them to someone else. By law they're
| explicitly prevented from doing that.
| spc476 wrote:
| The cloud is "someone else".
| jhgb wrote:
| Not necessarily for the purpose of our copyright act.
| Neither is your personal bank deposit box if you put a
| book in it. You're not transferring ownership of your
| belongings to the bank if you put something in it.
| judge2020 wrote:
| Assuming for video content they use their existing
| YouTube Content ID library, they can exclude/allow their
| Google accounts to have that content, or host it under
| the same user as their YT channel.
| rurp wrote:
| Sadly I expect that Google will "handle" those edge cases
| the same way they handle similar issues on Youtube: have
| a lot of false positives and tell users to pound sand,
| except for cases where the outrage goes viral.
| jevoten wrote:
| _Is_ it an edge case? Thanks to copyright 's assault on
| the public domain, almost everything is copyrighted. Is
| making a backup of your movies, music, and e-books
| unusual?
| andi999 wrote:
| What assault on public domain?
| matheusmoreira wrote:
| Copyright is supposed to be temporary. Instead terms have
| been extended to essentially infinite durations. The
| copyright industry has robbed us of our public domain
| rights.
| maxk42 wrote:
| Well they still haven't figured it out with YouTube.
| kingcharles wrote:
| This is an issue that none of the cloud providers have
| solved. I had 250,000 CD rips from various record labels at
| one point. I had full authorization from them, but it looks
| like I'm a massive pirate.
| zuminator wrote:
| It should look like you're a massive pirate -- if you
| have hundreds of people downloading those CD rips from
| your Gdrive. If you're the only one accessing your own
| files, it shouldn't matter how many rips you have. Don't
| know how it works in practice.
| kingcharles wrote:
| To clarify, this was not a shared folder.
| ocdtrekkie wrote:
| You are assuming they do not already do this.
| anshumankmr wrote:
| Considering I have many pictures I took from the latest
| Spider-Man movie (for my own collection), if they had to do
| something about it from a legal perspective, they would
| have done it already.
| chillingeffect wrote:
| it's way too easy to get around that. also, having
| copyrighted content is not illegal. it is legal to make
| backup copies of something. google has no way of knowing what
| kind of external agreements a user may have made regarding
| sharing. they might ban it anyway, but that makes other
| services who don't ban legal activity attractive.
|
| Those interested in google's slippery-slopes should look into
| "keyword warrants" [1] and "geofence" warrants [2]
|
| [1] https://www.cnet.com/tech/services-and-software/google-
| is-gi...
|
| [2] https://nlsblog.org/2021/01/08/google-data-and-geofence-
| warr...
| dharmaturtle wrote:
| Apple's CSAM would scan your _offline_ photos.
|
| Google scanning photos you upload to their cloud seems fine
| to me. Not a slippery slope.
| fleddr wrote:
| Very much a slippery slope.
|
| Their cloud doesn't mean its their content. If said content
| is public, I mostly agree, but not if its private.
|
| When I hire a storage box and put stuff in it, I don't own
| the storage box. Yet still it cannot be searched by anyone,
| not the company nor the authorities, unless there is a
| credible criminal suspicion.
| dharmaturtle wrote:
| The storage owner can have a terms of service - i.e. you
| can't store flammable material/liquids. They also
| probably reserve the right to enter your unit to perform
| repairs.
| fleddr wrote:
| Right, and to keep this analogy consistent, do storage
| owners routinely open all storage units, then open up all
| your boxes and search through them to check for
| flammables?
| dharmaturtle wrote:
| No, but that's primarily due to a lack of
| interest/manpower. They (probably) _reserve the right_ to
| ensure that you aren 't doing things that are against
| their TOS. There's (probably) no right to privacy.
| jrockway wrote:
| I guess the question is, if someone emails you an archive
| of jpg files to share on your public website, will you?
| Without looking at them?
|
| I think that would be crazy. When they end up being CSAM
| or whatever, you're the one that will go to prison for
| possessing them, not the person that sent them to you.
| bvxhl wrote:
| So, after Google/YouTube have been aided in growth by the
| safe harbor clause, they now think that site owner
| responsibility is not such a bad thing after all?
|
| Sounds more to me that they are pulling up the ladder to
| impede competitors.
| _notathrowaway wrote:
| I belive this is a really good take on the matter, and
| somehow you are the first person I see bringing it up.
| not2b wrote:
| The EFF has raised this issue repeatedly (that stringent
| requirements on content filtering will be an advantage to
| the large players who can afford to do it).
| judge2020 wrote:
| It's very likely you only start getting 'requests' from
| 3-letter agencies asking you to scan content once you
| reach some large mass of hosted content, especially since
| the technology for even doing so is locked up, with NCMEC
| and Microsoft being the arbitrators for who gets to use
| it: https://www.microsoft.com/en-us/PhotoDNA/CloudService
| fleddr wrote:
| That's why I made the distinction between public hosting
| and a private album.
|
| For public files, I fully agree with you. For private
| ones, not at all.
| jodrellblank wrote:
| > " _Apple 's CSAM would scan your offline photos._"
|
| No it wouldn't. It would only scan photos you upload to
| their cloud.
|
| "This feature only impacts users who have chosen to use
| iCloud Photos to store their photos. It does not impact
| users who have not chosen to use iCloud Photos. There is no
| impact to any other on-device data."
|
| and
|
| "Does this mean Apple is going to scan all the photos
| stored on my iPhone? No. By design, this feature only
| applies to photos that the user chooses to upload to iCloud
| Photos, and even then Apple only learns about accounts that
| are storing collections of known CSAM images, and only the
| images that match to known CSAM. The system does not work
| for users who have iCloud Photos disabled. This feature
| does not work on your private iPhone photo library on the
| device."
|
| - https://www.apple.com/child-
| safety/pdf/CSAM_Detection_Techni...
| Kerbonut wrote:
| You are spreading misinformation. I don't know if on
| purpose or ignorance.
|
| https://www.cbsnews.com/news/child-sexual-abuse-scans-
| apple-...
|
| They were very much planning to scan all photos on the
| device independent of iCloud. It was going to be another
| phase of the rollout. It was going to be in iOS 15.x and
| they backpedaled.
| md_ wrote:
| I think that's just imprecision on the part of noted tech
| news outlet CBS.
|
| Apple clearly documented that this was only for iCloud
| uploaded photos, and indeed the technical description
| makes clear that this is only designed to work with
| uploaded photos: https://www.apple.com/child-
| safety/pdf/CSAM_Detection_Techni....
| ipaddr wrote:
| Apple clearly said they scan the photos on your phone not
| in your cloud account. They say it is designed to work
| with iCloud photos and they are processed / scanned on
| your photo before they are uploaded to the cloud.
|
| Not sure why they would need to do that. It does open up
| your phone for scanning and uses beyond what they
| initially layout.
| md_ wrote:
| Yeah, I think this is what freaked everyone out, but it's
| pretty clear the intention of on-device scanning was that
| it would work even if they had client-side encryption of
| photos before upload .
|
| The whole point of the protocol (as described in the
| Apple whitepaper) is to allow clients to attest to
| perceptual hash matches without the server having access
| to the plaintext.
|
| So, the irony of all of this is that the Apple design is
| effectively more private than the status quo, but
| everyone freaks out about it.
| dharmaturtle wrote:
| You're right - I misremembered. Kinda wish HN would let
| me edit.
| Tagbert wrote:
| If they implement it, Apple's CSAM would scan your photos
| as they are being uploaded. Not really "offline".
| GeekyBear wrote:
| >Apple's CSAM would scan your offline photos.
|
| Apple's plan was to to scan photos that you uploaded to
| iCloud, only. Even that plan was canceled.
|
| Google, however, still does scan everything in your account
| and has been doing so for the past decade.
|
| For instance, this article from 2014:
|
| >a man [was] arrested on child pornography charges, after
| Google tipped off authorities about illegal images found in
| the Houston suspect's Gmail account
|
| https://techcrunch.com/2014/08/06/why-the-gmail-scan-that-
| le...
| md_ wrote:
| As does Dropbox, Aol, Yahoo, Microsoft, Facebook, etc,
| etc.
|
| Whether this is good or bad is a topic for fair debate, I
| think, but it continues to astound me both how little
| people are aware of this and that, in comparison, Apple's
| relatively privacy-preserving approach generated so much
| flak.
| ipaddr wrote:
| Apple iCloud is in that list.
|
| And you still need to scan local photos on the phone?
| bri3d wrote:
| It's _better_ for a customer to scan images locally, on
| the phone, prior to upload. By doing this, the device can
| then encrypt images and store them in the cloud service.
| In this way the cloud service can be "CSAM sharing free"
| but never needs the symmetric keys to decrypt private
| images, period, for any reason.
|
| The only thing this adds to the threat model is mistrust
| for false positives in scanning engine - but in even the
| worst case scenario here (forged false positives), you're
| still _ahead_ of the Google model, where the same forged
| false positives would be extremely likely to result in a
| full account review rather than review of specific
| images. Everything about "the device looking at your
| photos" is tinfoil hat, because the device is already
| looking at your photos, they're decrypted in RAM! All of
| the threat scenarios about "Apple adds a secret
| government backdoor that downloads your photos and sends
| them to the FBI" are already equally possible today!
| jgalt212 wrote:
| But the default is to upload. On my phone, I had upload
| off, and then it got turned on again (not by me). The same
| thing happened with Google Assistant. I had it off, but
| then it mysteriously tried to start assisting me again.
| kayodelycaon wrote:
| They already do the kind of scanning Apple was going to do.
| Only with far less privacy.
| bobthechef wrote:
| oefrha wrote:
| And they've been blocking files exceeding a download quota
| (common for publicly shared pirated video content) for ages.
| Basically the quota is zero for certain files now.
| everdrive wrote:
| Remember, this means Google has already been scanning and
| collecting the contents of your Google drive. All they're talking
| about is applying a filter to certain files they find
| objectionable. Even without this announcement, this could happen
| at any time. If one day something you own is found to be illegal
| or objectionable, Google may delete it without notice. At worst,
| they may report you to the authorities.
| semenko wrote:
| I don't quite grasp the panic about this: my impression is Google
| currently restricts ToS violations from sharing (your own access
| is retained).
|
| The only change here is end-users will be explicitly notified
| (and can theoretically contest the decision).
| archhn wrote:
| The panic is people's fear of the Iron Heel[1]. For most of us,
| the systems we depend on are controlled by other people. In
| this chaotic political climate, when these systems start
| closing in on us, or restricting us in new ways, there's no way
| of knowing where the tightening will end. Some are incredibly
| insulated and have no worries about the kind of world we're
| living in, but others are constantly on edge and feel that
| we're sleepwalking into a dystopian nightmare. That's what this
| "panic" is about.
|
| [1]: https://www.gutenberg.org/files/1164/1164-h/1164-h.htm
| thisiscorrect wrote:
| What indication is there that any new restrictions are being
| placed on a user's content? The blog post from Google only
| mentions the change of sending email notifications to users.
| archhn wrote:
| It has something to do with their "abuse program:"
| https://support.google.com/docs/answer/148505?hl=en. I
| can't find a date on this, but I assume that this article
| is about the implementation of this program.
| ehsankia wrote:
| There's snapshots going back to 2014:
|
| https://web.archive.org/web/20141222190112/https://suppor
| t.g...
|
| Again, none of this is new. People have been abusing
| Drive to host illegal file for years, and have been
| getting banned for it. The only change is that now you
| get a notification and can dispute it. It's a strict
| improvement.
| jeffbee wrote:
| The only basis we have for panic here is that reading skills
| and critical thinking are in dangerously short supply among
| commenters here, who collectively believe themselves to be
| smart and independent thinkers despite all available
| evidence.
| archhn wrote:
| Big tech has been rolling out censorship all over the place
| lately. People suspect that ulterior political motives are
| causing Google to do this. I don't think mistrusting the
| motives of Google means that the people here lack "reading
| skills and critical thinking."
|
| One of the terms included in its abuse policies is "hate
| speech." This is an extraordinarily ambiguous word which
| can virtually apply to any speech that is critical of
| anything. It is a term that has come to be known, by some
| of us, as a tool the political left uses to censor dissent.
| For example, saying that a man is a man and a woman is a
| woman can be considered hate speech against the trans
| community.
|
| This move is part of a larger trend. Some people see it.
| Others don't.
| jeffbee wrote:
| 9/10 with one demerit for omitting the compulsory "wake
| up, sheeple".
| archhn wrote:
| "The British are coming!" -- Paul Revere
|
| "Put a sock in it, ya wanker." -- You in 1775, probably.
| skinkestek wrote:
| To me this isn't as much about reading skills as it is
| about being aware of and remembering newer history and
| being able to apply a mental ruler to the observations and
| see what way it is heading.
|
| That second part I consider close to critical thinking and
| it seems to be what people does.
| dc-programmer wrote:
| Otherwise known as the slippery slope logical fallacy
| tsol wrote:
___________________________________________________________________
(page generated 2021-12-22 23:00 UTC)