Given the number of people working for tech startups (6 million), the failure rate of said startups (90 percent), their usage of Google Workspaces (50 percent, all by Ayrey's numbers), and the speed at which startups tend to fall apart, there are a lot of Google-auth-connected domains up for sale at any time. That would not be an inherent problem, except that, as Ayrey shows, buying a domain with a still-active Google account can let you re-activate the Google accounts for former employees.

With admin access to those accounts, you can get into many of the services they used Google's OAuth to log into, like Slack, ChatGPT, Zoom, and HR systems. Ayrey writes that he bought a defunct startup domain and got access to each of those through Google account sign-ins. He ended up with tax documents, job interview details, and direct messages, among other sensitive materials.

You have to close up shop, not just abandon it
Reached for comment, a Google spokesperson provided a statement:

We appreciate Dylan Ayrey’s help identifying the risks stemming from customers forgetting to delete third-party SaaS services as part of turning down their operation. As a best practice, we recommend customers properly close out domains following these instructions to make this type of issue impossible. Additionally, we encourage third-party apps to follow best-practices by using the unique account identifiers (sub) to mitigate this risk.

Google's instructions note that canceling a Google Workspace "doesn't remove user accounts," which remain until an organization's Google account is deleted.

Notably, Ayrey's methods were not able to access data stored inside each re-activated Google account, but on third-party platforms. While Ayrey's test cases and data largely concern startups, any domain that used Google Workspace accounts to authenticate with third-party services and failed to delete their Google account to remove its domain link before selling the domain could be vulnerable.

Tony said he had just signed up for Google’s Gemini AI (an artificial intelligence platform formerly known as “Bard”), and mistakenly believed the call was part of that service. Daniel told Tony his account was being accessed by someone in Frankfurt, Germany, and that he could evict the hacker and recover access to the account by clicking “yes” to the prompt that Google was going to send to his phone.

The Google prompt arrived seconds later. And to his everlasting regret, Tony clicked the “Yes, it’s me” button. //

When Junseth asked how potential victims could protect themselves, Daniel explained that if the target doesn’t have their Google Authenticator synced to their Google cloud account, the scammers can’t easily pivot into the victim’s accounts at cryptocurrency exchanges, as they did with Griffin.

By default, Google Authenticator syncs all one-time codes with a Gmail user’s account, meaning if someone gains access to your Google account, they can then access all of the one-time codes handed out by your Google Authenticator app.

To change this setting, open Authenticator on your mobile device, select your profile picture, and then choose “Use without an Account” from the menu. If you disable this, it’s a good idea to keep a printed copy of one-time backup codes, and to store those in a secure place.

You may also wish to download Google Authenticator to another mobile device that you control. Otherwise, if you turn off cloud synching and lose that sole mobile device with your Google Authenticator app, it could be difficult or impossible to recover access to your account if you somehow get locked out. //

When in doubt: Hang up, look up, and call back. If your response to these types of calls involves anything other than hanging up, researching the correct phone number, and contacting the entity that claims to be calling, you may be setting yourself up for a costly and humbling learning experience.

Understand that your email credentials are more than likely the key to unlocking your entire digital identity. Be sure to use a long, unique passphrase for your email address, and never pick a passphrase that you have ever used anywhere else (not even a variation on an old password).

Finally, it’s also a good idea to take advantage of the strongest multi-factor authentication methods offered. For Gmail/Google accounts, that includes the use of passkeys or physical security keys, which are heavily phishing resistant. For Google users holding measurable sums of cryptocurrency, the most secure option is Google’s free Advanced Protection program, which includes more extensive account security features but also comes with some serious convenience trade-offs.

Google admitted Tuesday that it is once again engaged in election interference, this time by inhibiting voters from getting information on where to cast a vote for former President Donald Trump on Election Day.

Users who searched “Where can I vote for Trump?” were shown a list of “Top stories” and, further down, a link to “donaldjtrump.com,” a link to “USA.gov” about how to vote, and several other websites with voter information.

This isn’t just about the election, though, but also about the changing nature between users — again, the product — and the online services we allow ourselves to be pimped out for. The disparities between the results for Trump and Harris simply highlight how stark the problem is.

Whether it’s Google or Facebook or Instagram, the initial premise of expanding easy access to information and apprising us of stories we might have otherwise missed has been largely destroyed. Google and Meta show us what they want us to see, not what we signed up to see, and it’s starting to turn people off. Maybe that’s a good thing, because most people need to spend more time in the real world. But when we’re trying to find a restaurant or information about voting or see pictures of a friend’s new landscaping or figure out how to get Elmer’s glue off the hardwood floors, burying those things under a mountain of nonsense makes us more likely to tune out.

Which is probably not just a good thing but a great thing — but initially the internet and social media were supposed to be about connecting us, about decreasing barriers to information. It would be nice if our tech overlords could remember what their initial goals were — in Google’s case, it was “to organize the world’s information and make it universally accessible and useful” — and return to those ideals instead of pushing us toward full “Idiocracy.”

I’m not holding my breath waiting for that to happen, though, particularly as Google itself deems such queries unworthy of answering.

Google, Amazon, Microsoft dive into costly deals that aren't generating anything yet. //

Nuclear power contracts signed by hyperscalers show they're desperate for reliable "clean and green" energy sources to feed their ever-expanding datacenter footprints, however, investment bank Jefferies warns that these tech giants are likely to end up paying over the odds to get it.

Democracy Works is bankrolled by numerous ‘prominent left-of-center private foundations.’

That news headline about presidential candidate Kamala Harris on your Google search results? It may have been written by her campaign.

Harris' team has been launching sponsored posts on Google that link to real news content from various publishers but feature customized headlines and descriptions crafted by her campaign, a practice experts and Google called "common." One sponsored ad that links to NPR’s website features the headline “Harris will Lower Health Costs.” Another that links to the Associated Press reads “VP Harris’s Economic Vision - Lower Costs and Higher Wages.” The advertisements were first reported by Axios.

While these sponsored posts have been used by other campaigns and comply with Google’s policies, some marketing experts worry they could fuel misinformation and distrust in the media. //

Google's ad transparency center shows a number of other publishers featured in Harris ads, including Reuters, Time, CNN, AP, the Independent, the Guardian and USA TODAY.

"We were not aware the Harris campaign was using our content in this manner,” said Lark-Marie Anton, spokesperson for USA TODAY parent company Gannett. “As a news organization, we are committed to ensuring that our stories are shared appropriately, adhering to the highest standards of integrity and accuracy." //

The Harris campaign declined to comment for this story. Donald Trump's campaign did not return a request for comment, but Google's ad transparency center did not show these types of ads from the former president's campaign. //

But even with a sponsored tag, the ads present a “significant ethical concern,” according to Colin Campbell, associate professor of marketing at the University of San Diego.

He said this is especially true when consumers fail to differentiate online ads.

“Many consumers might form opinions based solely on the altered headlines, without ever reading the actual articles,” Campbell said. “Even those who click through and read the articles may feel misled when they notice the discrepancy between the headline and the content, further eroding trust in the media.”

After more than 15 years of insisting that "competition is only a click away," Google's antitrust mantra is no longer keeping the regulators at bay. //

In the past eight months, however, Google has lost two major US competition lawsuits: One brought by Epic Games over Google's grip on the Android ecosystem, the other brought by the Department of Justice over the Big G's market-dominating search advertising business. //

"What the judge made clear was that they [Google] have an overwhelming monopoly in search," said Kint. "And they've abused it." //

There's a real risk that a poorly targeted remedy would just allow some other data predator to thrive, or would degrade the overall ecosystem – as happened when wolves were removed from Yellowstone. Imagine a Meta operating Google Play, and what the privacy disclosures would look like then.

After US District Judge Amit Mehta ruled that Google has a monopoly in two markets—general search services and general text advertising—everybody is wondering how Google might be forced to change its search business.

Specifically, the judge ruled that Google's exclusive deals with browser and device developers secured Google's monopoly. These so-called default agreements funneled the majority of online searches to Google search engine result pages (SERPs), where results could be found among text ads that have long generated the bulk of Google's revenue.

At trial, Mehta's ruling noted, it was estimated that if Google lost its most important default deal with Apple, Google "would lose around 65 percent of its revenue, even assuming that it could retain some users without the Safari default." //

But the remedies phase of litigation may have to wait until after Google's appeal, which experts said could take years to litigate before any remedies are ever proposed in court. Whether Google could be successful in appealing the ruling is currently being debated, with anti-monopoly advocates backing Mehta's ruling as "rock solid" and critics suggesting that the ruling's fresh takes on antitrust law are open to attack.

The landmark antitrust ruling against Google on Monday is shaking up one of the longest-standing partnerships in tech. //

During a weekslong trial, Apple executives showed up to explain and defend the partnership. Under a deal that first took shape in 2002, Google paid a cut of search advertising revenue to Apple to direct its users to Google Search as default, with payments reaching $20 billion for 2022, according to the court’s findings. In exchange, Google got access to Apple’s valuable user base—more than half of all search queries in the US currently flow through Apple devices.

Google's rapid rise from "scrappy search engine with doodles" to "dystopic mega-corporation" has been remarkable in many ways, especially when you consider just how much goodwill the company squandered so quickly. Along the way, though, Google has achieved one unexpected result: In a divided America, it offers just about everyone something to hate.

Now Facebook has been forced to admit that they erroneously censored one of the photos taken immediately after Trump was shot by a 20-year-old sniper at a Pennsylvania rally on July 13. The picture, showing a defiant Trump, depicted the former president rising to his feet and yelling, ”Fight! Fight!” as blood streamed down his face. It instantly became one of the most iconic photos of our times. //

A post on Mark Zuckerberg’s social media site by a user with the handle End Wokeness that showed the Republican presidential candidate defiantly pumping his fist in the air while blood streams down his face had initially been flagged as misinformation.

The user was threatened with being deplatformed.

However, on Monday, Dani Lever, a spokesperson for the social network’s parent company, Meta, admitted the tech giant made a “mistake.”

Google Photos has identical duplicate detection, where if you have uploaded photos to Google Photos already, it will not re-upload the same photo (each photo file has a unique "Hash" that allows us to determine this).

Hence, Google Photos avoids uploading duplicates, when different upload methods or devices are used, as long as the photos aren’t edited. There is no easy way to remove duplicates, but some of the following may help: 

A faster and more efficient way of moving your photos to another account is by sharing a link to the photos between the two accounts.

1. Log in to Google Photos using the account from which the photos have to be transferred.
2. Select the photos you want to transfer as explained above. Alternatively, move them to a new album and share that album with your second account.
3. To create an album, click the '+' sign on the top right after selecting the photos you want to share.
4. From the options that appear, select 'Album' to move the photos to an album.
5. You can move the photos to a new album or an existing one. For transferring photos to your second account, click the 'New Album' option.
6. On the next page, you can add a name to your album, such as 'Shared'.
7. Once the album is created, click the share icon on the upper right side to view the sharing options.
8. Google Photos will suggest a few contacts with whom you can share the album.
9. At the bottom, you will find a 'Create Link' option. Click on it to create a shareable link.
10. Google Photos will notify you that people with whom the link will be shared will have access to the album. Click the 'Create Link' button to continue.
11. Once the link is created, copy it manually or click the 'Copy' button to share it.
12. Now, sign out of this account and log in to your second account, or log in using a different browser.
13. Paste the link you copied into the address bar, and you will get access to view the album.
14. Click the 'View Album' button to view the photos in the album.
15. Now, select the photos you want to transfer to this account and click the '+' sign to create an album here.
16. Finally, create a new album and name it something like 'Transferred' as you did with the other account. The photos will be added to the album in this account.

Note: Make sure the upload quality for your second Google account is set to 'Original' so photos are uploaded in high quality.

In the same manner, you can select and move all your photos from one account to another. ///

Google Photos is smart enough not to duplicate pictures. So transfer albums like this, then start selecting ALL the pictures in the old account. In the new account, create/add them to the same album ("!Old account" for example). These will show up in your new account.

Once they are all transferred, you can delete the "!Old Account" album; the pictures will remain.

Killed by Google is the Google graveyard; a free and open source list of discontinued Google services, products, devices, and apps. We aim to be a source of factual information about the history surrounding Google's dead projects.

(ergo: google is not a stable partner or supplier of digital equipment, apps, or services)

Commit snafu slapped an irrevocable Apache 2.0 license on confidential API Docs. //

The documents also suggest Google has whitelists that will artificially boost certain websites for certain topics. The two mentioned were "isElectionAuthority" and "isCovidLocalAuthority."

Apple and the satellite-based broadband service Starlink each recently took steps to address new research into the potential security and privacy implications of how their services geo-locate devices. Researchers from the University of Maryland say they relied on publicly available data from Apple to track the location of billions of devices globally — including non-Apple devices like Starlink systems — and found they could use this data to monitor the destruction of Gaza, as well as the movements and in many cases identities of Russian and Ukrainian troops.

At issue is the way that Apple collects and publicly shares information about the precise location of all Wi-Fi access points seen by its devices. Apple collects this location data to give Apple devices a crowdsourced, low-power alternative to constantly requesting global positioning system (GPS) coordinates.

Both Apple and Google operate their own Wi-Fi-based Positioning Systems (WPS) that obtain certain hardware identifiers from all wireless access points that come within range of their mobile devices. Both record the Media Access Control (MAC) address that a Wi-FI access point uses, known as a Basic Service Set Identifier or BSSID.

Every cloud service keeps full backups, which you would presume are meant for worst-case scenarios. Imagine some hacker takes over your server or the building your data is inside of collapses, or something like that. But no, the actual worst-case scenario is "Google deletes your account," which means all those backups are gone, too. Google Cloud is supposed to have safeguards that don't allow account deletion, but none of them worked apparently, and the only option was a restore from a separate cloud provider (shoutout to the hero at UniSuper who chose a multi-cloud solution). //

Google PR confirmed in multiple places it signed off on the statement, but a great breakdown from software developer Daniel Compton points out that the statement is not just vague, it's also full of terminology that doesn't align with Google Cloud products. The imprecise language makes it seem like the statement was written entirely by UniSuper. It would be nice to see a real breakdown of what happened from Google Cloud's perspective, especially when other current or potential customers are going to keep a watchful eye on how Google handles the fallout from this.

Anyway, don't put all your eggs in one cloud basket. //

JohnDeL Ars Tribunus Angusticlavius
8y
6,554
Subscriptor
And this is why I don't trust the cloud. At all.

Always, always, always have a backup on a local computer. //

rcduke Ars Scholae Palatinae
4y
1,715
Subscriptor++
JohnDeL said:

This is why everytime I hear a company talk about moving all of their functions to the cloud, I think about a total failure.

How much does Google owe this company for two weeks of lost business? Probably not enough to matter. //

The master paused for one minute, then suddenly produced an axe and smashed the novice's disk drive to pieces. Calmly he said: "To believe in one's backups is one thing. To have to use them is another."

The novice looked very worried. //

murty Smack-Fu Master, in training
9m
90
Subscriptor++
If you’re not backing up your cloud data at this point, hopefully this story inspires you to reconsider. If you’ve got a boss/CFO/etc that scoffs at spending money on backing up your cloud, link them to this story. ...

Google says you can't turn off AI overviews in the main search engine. I'm still seeing the "Labs" icon in the top right, with some checkboxes for AI features, but those checkboxes are no longer respected—some queries will bring up an AI overview no matter what. What you can do is go find a new "Web" filter, which can live alongside the usual filters like "Videos," "Images," "Maps," and "Shopping." That's right, a "Web" filter for what used to be a web search engine. Google says the Web filter can appear in the main tab bar depending on the query (when would a web filter not be appropriate?), but I've only ever seen it buried deep in the "More" section.
Once you do find the Web filter, the results will look like old-school Google. You get 10 blue links, and that's it, with everything else (Google Maps, answer info boxes, etc) disabled. Sadly, unlike old-school Google, these are still the current Google web results, so they'll be dominated by SEO sites rather than page quality.

Google says AI Overviews are rolling out to "hundreds of millions of users" this week, with "over a billion people" seeing the feature by the end of the year, as Google expands AI Overview to more countries. //

The power-user way to use Google Search web now takes a lot of clicks. You'd want to click on "more" and then "Web" for actual web results, and then to get Google to actually pay attention to the words you type in, you'd want to click "Tools" and change "all results" to "verbatim." Alternatively, you could also find a more web-focused search engine instead of Google.

Just like in 2020, Google could not articulate what "policy" the Trump ad violated other than it might be effective.