I agree with the overall point of the responses that Google isn't in fact evil to be doing this, but I want to disagree somewhat with one point - the idea that Google doesn't have any obligation to respect users wishes just because its a free service that no one is forcing you to use.
The problem with this is that Google's very existence makes it harder for similar services to exist. There are a few reasons for this, including:
1. Google benefits from economies of scale
2. Google benefits from having massive amounts of data to crunch through (for example, its hard to build a span filter as good as Gmail's without a training dataset as big as Gmail's)
Its kind of like the argument for the minimum wage - conservatives would say its not needed because you can just choose not to work for a company that isn't offering enough money, but sometimes you don't really have an alternative.
The argument has been made that Google's free products and services are anticompetitive dumping which makes it harder for a competing service to survive.
The same argument has been made against OSS. Google's products are free like broadcast TV. They are selling access to you via their services to marketers.
1. Google fought then-giants such as AltaVista, Excite and Yahoo in the process of establishing itself as the leader in search space. The incumbents had economies of scale and (relatively) massive amounts of data to crunch through. Yet a Google happened!
2. ``Google's very existence makes it harder for similar services to exist." History has proved time and again that such a premise is false. When it does become false, it is usually because of `dissimilar' disruptions in the landscape.
1. You are somewhat comparing apples to organges here. Google had access to the exact same websites as AltaVista, Excite, and Yahoo, so it's obvious that they could build an alternative search engine using the same data. But if you tried building an alternative email provider, you would not have access to the mails stored at google for training your spam filter.
2. You are contradicting yourself. "When it does become false" implies that it is true at some point, i.e., that there are hurdles to overcome, that is to say, that it is harder for a similar service to exist. Noone says that it is impossible, just that it is harder, and the form that that usually takes is precisely that it takes what you call "dissimilar disruptions" to establish an alternative. Having to come up with a "dissimilar disruptions" obviously is harder that coming up with some small evolutionary improvement.
I think your reference to minimum wage is a little tenuous at best. The thing about technology is that it keeps progressing and eliminates barriers to entry. Yes, Google has a lot of machines, but now, without a lot of capital you can run a competing service without even having to own hardware. Yes, it's hard to write good spam filters, but Open Source Software allows you to get access to code that others have written which may be of similar quality, or at least give you a leg up on writing your own.
So yes, Google gets a temporary lock on mindset and technology, but as technology progresses there open up new opportunities to unseat the incumbents. If you'd asked anyone 10 or 20 years ago whether Microsoft could be unseated, they would have said you were crazy. The same goes for Google. With technology, nothing is permanent. Either you innovate, or you get left behind.
"Its kind of like the argument for the minimum wage - conservatives would say its not needed because you can just choose not to work for a company that isn't offering enough money, but sometimes you don't really have an alternative."
Not a good analogy, because the full "conservative" (and libertarian) argument is that if you find yourself in such a situation, minimum wage laws produce a discontinuity in the labor market: if the current value of your labor is less than the minimum wage, you won't get a job at all.
Associate with this is the idea that it's better to have a job, any job ... the fate of the long term unemployed we're seeing right now as they lose general job skills is telling.
Completely related, if you're just starting out, and the value of your labor is not yet at the minimum wage, you never get into the job market in the first place. You never learn those implicit general jobs skills and discipline, like showing up to work on time. (OK, you just might find a place in the underground economy, but forcing people into that is very, very bad.)
It's the successful pulling up the ladder behind them ... something people like us rarely see (well, until we're 35-40 and unemployable for standard salaried programming positions). And therefore utterly evil.
Any way to bring this back to the general conversation?
First, the government does not have its thumbs on the scales: you will not go to jail for just trying to compete with Google,
And is it really that impossible to compete with Google in plenty of big places? Companies like Fastmail suggest it isn't (speaking from personal experience). That Duck Duck Go can even get some mind share is suggestive. What about Apple's mapping stuff?
There's also regression to the mean, which I sure see Google doing. I use them only for search and maps (punted Docs when they started going Google+ account name etc. crazy), and their search is steadily becoming less useful/harder to get what I want. I am a ringer in that I've been doing full text search stuff since the very early 90s, but....
So I suggest not making an entirely static analysis of this. Google today: hard to impossible ... to almost trivially easy (https://news.ycombinator.com/item?id=7467165). Google tomorrow? Probably better chances. Google in the next decade ... well, the way to bet is that at some point we'll be picking over its bones. Within my expected lifespan, at least.
And the conservative/libertarian argument fails, as Adam Smith notes in Wealth of Nations, because:
• The fully-realized cost of labor is that which allows it to survive and support its family, and educate its progeny. A business which cannot afford to pay a living wage is effectively demanding a societal subsidy. While there are circumstances in which that social welfare might be reasonably extended, it seems to me that it's a decision which should be made deliberately, and that companies which show recurring high levels of profit while being unwilling to pay a living wage are prima facie proof of a market failure.
• The inherent negotiating advantage of employers means that it will virtually always prevail in wage negotiations with labor.
• There's a common misperception that people are paid what they're worth to a company. This isn't the case. Rather: in a well-functioning and competitive market, your wage will always be less than you're worth. Much as a manufacturer's printer PPM rating is best interpreted as "performance never to be exceeded", your true worth to a company always sets an absolute ceiling on what your pay will be. Exceptions exist where markets are not well-functioning: e.g., in the case of excecutive pay, where there's a strong level of capture between execs and payment committees, and in which pay serves not only a compensation but a market signalling role as to the health and robustness of the firm (it's effectively a social signaling Veblen good).
For all of these reasons, defining a minimum wage at roughly the level of a living wage is strongly congruent with Adam Smith's principles. See Chapter X, Book I, Wealth of Nations.
If you continue on reading you'll find OPs comment below it:
"@StephenTouset -- indeed. That's actually a feature; see Its OK to Ask and Answer Your Own Questions. As [it was] pointed out, the question was prompted by the computerworld article [1]."
I like that SO lets you answer your own questions, it makes good references for other people to link to. (And if you saw the background from this[1] blog post it makes sense to have made it).
If he didn't have a big reputation prior to this question, the comments would have been much harsher. There are people who ask and answer on their own for the sake of "reputation whoring".
Best snarky answer from that thread: "Is Google overreaching by forcing you to log in with a password?"
Vaccine analogy answer from stackexchange: It's not just about you, it's about herd immunity. Having everyone have secure communications helps makes others secure as well.
I realise I'm going to be in the 0.1% minority on this, but yep, I do. Three reasons.
First, I've been enough places where Internet connectivity is so poor that HTTPS effectively breaks the connection. I used to stay half the week somewhere where the only connectivity was a dire, over-saturated 3G link. I couldn't browse HTTPS sites unless I was very lucky.
Second, I'm uneasy with the implication that "HTTPS=secure", in that it absolves the user of taking any responsibility for their own security. A site can require a HTTPS connection and still store the password in cleartext, for example; so unless you have a unique password, this "secure" site can still screw you. Yeah, I know HN readers understand the difference, but IMX most people dimly understand a binary distinction between "secure site" and "not secure site" and that's it.
Third and related, the corollary of "HTTPS=secure" is that "sites that only use HTTP = insecure". This is leading to a requirement that any guy who builds a website with login functionality needs to implement HTTPS, and that saddens me. The web becomes less democratic, less meritocratic, the more technical hurdles we require.
But, like I say, I realise 99.9% of people disagree with me.
> Third and related, the corollary of "HTTPS=secure" is that "sites that only use HTTP = insecure". This is leading to a requirement that any guy who builds a website with login functionality needs to implement HTTPS, and that saddens me.
HTTPS may not be secure, but HTTP (over the public internet, at least) is definitely insecure. If you have login functionality that matters, rather than serving as a very basic deterrent to accidentally getting somewhere you shouldn't be, yes, you need to use HTTPS.
If this is your situation, you have other technical problems that, yes 99.99% of the people do not have. Something like a UDP proxy with FEC and proxy side stripping of cruft and external requests. Downgrading from https -> http is only solving a portion of your problem.
"Since when is removing consumer choice a good thing? Does Google really know better than you do what your security posture should be for your Gmail accounts?"
Yeah, what do those Google security engineers know, anyways?
"an encryption methodology that I suspect the NSA can probably defeat anyway."
If the premise is "I don't need security, because the most powerful intelligence agency in the world can break it anyways", then why not go ahead and give us the PIN for your debit card anyway.
Plausible deniability is frequently more useful then encryption. The probability of someone messing with my packets in-flight is low. But TLS creates the problem that you are possibly then able to prove that the packets I sent came from me.
This problem doesn't exist on the client side, no? It's not like we provide client certificates when using HTTPS/TLS. You're authenticating (typically) with passwords which unfortunately were stolen when your (random service goes here) account got hacked.
Can anyone explain this line from commenter Darren Cook: "Once this enforcement is in place, browsers will simply refuse to connect to Google over an insecure or compromised connection. By shipping this setting in the browser itself, circumvention will become effectively impossible."
Some browsers are open source, and it seems to me that developers can never definitely rely on their behavior. Surely the enforcement depends ultimately not on the browsers but rather on the server refusing non-TLS connection attempts?
You can patch the browser to disable HSTS, but if you allow patching the browser to break the security intentionally, then all bets are off I'd say?
Surely the enforcement depends ultimately not on the browsers but rather on the server refusing non-TLS connection attempts?
No, HSTS capable browsers (Firefox and Chrome) will flatly refuse to connect if HSTS is in action. That's the whole idea and the defense against SSLstrip.
The point of TLS is to protect against MitM. The server refusing the non-TLS connection is not safe against MitM, a MitM can still claim to be the target server and accept the connection and thus (potentially) compromise the website/account/whatever. That is why the client has to refuse even trying to connect without TLS.
My main objection to it is that since the OP is almost certainly going to accept their own answer before other people can post, there may be other, better answers that arrive late and don't get as much attention.
The moderation system largely mitigates that problem.
Also, the SO/SE people have long maintained that Google is their homepage, and from this view it's easy to see why they would encourage people to answer their own questions: so that SO gets the googlejuice instead of some blog.
On the other hand, to the degree that we believe that individual blogs are good, we absolutely should worry about auto-answering.
That's an interesting concept that I'd never even considered. I then realized that I couldn't even remember what the stackoverflow homepage looked like, yet I utilize that website daily.
It doesn't seem to be harming the stackoverflow and associated sites, so I guess it's not a bad thing.
Google and others[Telecoms] are in positions to collect rents on your PI from third parties and G.O.'s. When they[Google] recently learned that the NSA had tapped their unencrypted fiber lines between data centers, they were pissed.
Not because they give a fraction of a shit about you, but because the NSA was stealing their product.
Now they encrypt everything with [very strong] SSL to force everyone to ask/pay for their info.
I don't think we know what the relationship between Google and the NSA actually is. I will say that I operate under the assumption that Google gives the NSA whatever they ask for up to and including access to raw streams of information.
I agree with the decision to require TLS, but I don't know that it does a lot with regard to the NSA, and moreover, I don't trust them anymore not to turn over information in bulk.
You should call up Google and tell them you'd like to buy my personal data, and you'd like to get a price quote.
If you don't think that would work, then perhaps your comment needs to be revised. If it's not an open market, then which third parties do you think Google is selling user data to?
The problem with this is that Google's very existence makes it harder for similar services to exist. There are a few reasons for this, including:
1. Google benefits from economies of scale
2. Google benefits from having massive amounts of data to crunch through (for example, its hard to build a span filter as good as Gmail's without a training dataset as big as Gmail's)
Its kind of like the argument for the minimum wage - conservatives would say its not needed because you can just choose not to work for a company that isn't offering enough money, but sometimes you don't really have an alternative.