Oh Google...


  • Discourse touched me in a no-no place

    0_1503934567218_Screenshot from 2017-08-28 16-33-43.png



  • @pjh I don't see the error there (except pulling directly from Wikipedia without curation, but that's kinda Google Search's thing, so...). I make no comment about the correctness (or incorrectness) of the claim advanced in the bolded section (as this is not the :trolleybus: garage).



  • @pjh People point and laugh at stuff like this, but I'd actually be far more concerned if Google were willing to edit their summaries on a person-by-person basis to make their own employees look good.

    That said, pulling data from Wikipedia with no human intervention is probably a bad idea. Then again, Google does everything with no human intervention, and 95% of it is a bad idea.


  • Impossible Mission - B

    @blakeyrat At scale, though, that's really the only way to do it. And yeah, it can cause problems, but... how else are you going to handle it?

    For example:



  • @masonwheeler I think Google should have at least one order of magnitude more human beings doing work with other human beings, things like answering support messages and such. Fire all of the useless idiots who made Google Hangouts, that'll free some salary dollars.

    I definitely do not think Google should be shutting down people's YouTube and Gmail accounts based on what some fucking robot thinks of them with no human intervention.



  • @masonwheeler And good to see you too, Mr. Montag!


  • Impossible Mission - B

    @blakeyrat said in Oh Google...:

    Fire all of the useless idiots who made Google Hangouts, that'll free some salary dollars.

    Hmm?

    I frequently hear people saying that, of the various IM programs available, Google Hangouts is among the best. (I don't actually use it, so I don't have an opinion one way or the other. But I hear a lot of good things about it.)



  • @masonwheeler said in Oh Google...:

    I frequently hear people saying that, of the various IM programs available, Google Hangouts is among the best. (I don't actually use it, so I don't have an opinion one way or the other. But I hear a lot of good things about it.)

    You talk to a lot of idiots.



  • @blakeyrat said in Oh Google...:

    @masonwheeler said in Oh Google...:

    I frequently hear people saying that, of the various IM programs available, Google Hangouts is among the best. (I don't actually use it, so I don't have an opinion one way or the other. But I hear a lot of good things about it.)

    You talk to a lot of idiots.

    There are quite a few major IM clients that are orders of magnitude worse than Hangouts.



  • @ben_lubar said in Oh Google...:

    @blakeyrat said in Oh Google...:

    @masonwheeler said in Oh Google...:

    I frequently hear people saying that, of the various IM programs available, Google Hangouts is among the best. (I don't actually use it, so I don't have an opinion one way or the other. But I hear a lot of good things about it.)

    You talk to a lot of idiots.

    There are quite a few major IM clients that are orders of magnitude worse than Hangouts.

    By the end of the year, Hangouts will be fully dead.



  • @blakeyrat said in Oh Google...:

    @masonwheeler said in Oh Google...:

    I frequently hear people saying that, of the various IM programs available, Google Hangouts is among the best. (I don't actually use it, so I don't have an opinion one way or the other. But I hear a lot of good things about it.)

    You talk to a lot of idiots.

    He thinks that "fans" thought the new Ghostbusters was better than expected.



  • @benjamin-hall said in Oh Google...:

    @pjh I don't see the error there (except pulling directly from Wikipedia without curation, but that's kinda Google Search's thing, so...). I make no comment about the correctness (or incorrectness) of the claim advanced in the bolded section (as this is not the :trolleybus: garage).

    Is the WTF not that it had pulled two different revisions of the article, based on the different wording?

    If it is the content of Google's useless polluting placard, well, a author I follow on Twitter pointed out that she's spent years keeping her pen name and real name separate. Not secret, per se, but separate.

    Then google introduced that stupid placard to further SHIT up what used to be clean, clear results. Now when you google for her pen name... which is what you would do, since that's what she publishes under and uses on social media... the placard is for her real name.



  • @boomzilla said in Oh Google...:

    @blakeyrat said in Oh Google...:

    @masonwheeler said in Oh Google...:

    I frequently hear people saying that, of the various IM programs available, Google Hangouts is among the best. (I don't actually use it, so I don't have an opinion one way or the other. But I hear a lot of good things about it.)

    You talk to a lot of idiots.

    He thinks that "fans" thought the new Ghostbusters was better than expected.

    It was. There's a difference between a flaming pile of shit emitting ebola and a flaming pile of shit emitting radioactive ebola.



  • @lorne-kates said in Oh Google...:

    a author

    *twitch*



  • @boomzilla said in Oh Google...:

    @lorne-kates said in Oh Google...:

    a author

    *twitch*

    No, twitch is for game streamers. A author is someone who writes with grammer.


  • Impossible Mission Players - A

    @pie_flavor said in Oh Google...:

    @ben_lubar said in Oh Google...:

    @blakeyrat said in Oh Google...:

    @masonwheeler said in Oh Google...:

    I frequently hear people saying that, of the various IM programs available, Google Hangouts is among the best. (I don't actually use it, so I don't have an opinion one way or the other. But I hear a lot of good things about it.)

    You talk to a lot of idiots.

    There are quite a few major IM clients that are orders of magnitude worse than Hangouts.

    By the end of the year, Hangouts will be fully dead.

    I hope not, that's my primary SMS method...



  • @tsaukpaetra said in Oh Google...:

    @pie_flavor said in Oh Google...:

    @ben_lubar said in Oh Google...:

    @blakeyrat said in Oh Google...:

    @masonwheeler said in Oh Google...:

    I frequently hear people saying that, of the various IM programs available, Google Hangouts is among the best. (I don't actually use it, so I don't have an opinion one way or the other. But I hear a lot of good things about it.)

    You talk to a lot of idiots.

    There are quite a few major IM clients that are orders of magnitude worse than Hangouts.

    By the end of the year, Hangouts will be fully dead.

    I hope not, that's my primary SMS method...

    Why aren't you already using Android Messenger? I thought they already phased out non-Google-Voice SMS support.


  • Impossible Mission Players - A

    @pie_flavor said in Oh Google...:

    they already phased out non-Google-Voice SMS support.

    .... What? No, I think you misunderstand, I don't use my carrier's SMS because it often takes literally days before receiving messages.



  • @tsaukpaetra said in Oh Google...:

    @pie_flavor said in Oh Google...:

    they already phased out non-Google-Voice SMS support.

    .... What? No, I think you misunderstand, I don't use my carrier's SMS because it often takes literally days before receiving messages.

    I don't use my carrier's SMS because it requires typing on a tiny keyboard with overloaded keys and costs $0.50 every time I send or receive a message.

    It's unfortunate that pretty much every website refuses to accept a Google Voice number for two-factor authentication.



  • @tsaukpaetra said in Oh Google...:

    @pie_flavor said in Oh Google...:

    they already phased out non-Google-Voice SMS support.

    .... What? No, I think you misunderstand, I don't use my carrier's SMS because it often takes literally days before receiving messages.

    My bad. Hangouts might be your best bet then, unless you can stomach Allo.

    @ben_lubar said in Oh Google...:

    @tsaukpaetra said in Oh Google...:

    @pie_flavor said in Oh Google...:

    they already phased out non-Google-Voice SMS support.

    .... What? No, I think you misunderstand, I don't use my carrier's SMS because it often takes literally days before receiving messages.

    I don't use my carrier's SMS because it requires typing on a tiny keyboard with overloaded keys and costs $0.50 every time I send or receive a message.

    It's unfortunate that pretty much every website refuses to accept a Google Voice number for two-factor authentication.

    Really? I've used mine for pretty much every two-factor auth I've used.


  • Impossible Mission Players - A

    @ben_lubar said in Oh Google...:

    It's unfortunate that pretty much every website refuses to accept a Google Voice number for two-factor authentication.

    Agreed. Though according to my hangouts history, I got Cox, Bank of America, IRS PIN, Unknown(6673054434), Credit Karma, Twilio, USPS, Gerber Collision & Glass, LinkedIn, Steam, Microsoft, Everbridge, Google, DeVry/Keller, TurboTax, IHG Rewards Club, and PayPal all accepted it as valid. At least, those are the shortcodes I could identify that I've received texts from since 2/2/15.


  • Discourse touched me in a no-no place

    @ben_lubar said in Oh Google...:

    It's unfortunate that pretty much every website refuses to accept a Google Voice number for two-factor authentication.

    SMS-2-FA isn't safe.



  • @pjh And that's why you use Google Authenticator, Microsoft Authenticator, Battle.net Authenticator, Steam Mobile Authenticator, Duo...


  • Discourse touched me in a no-no place

    @twelvebaud said in Oh Google...:

    @pjh And that's why you use Google Authenticator, Microsoft Authenticator, Battle.net Authenticator, Steam Mobile Authenticator, Duo...

    Aren't they all based on the same RFCs?


  • Impossible Mission Players - A

    @pjh said in Oh Google...:

    @twelvebaud said in Oh Google...:

    @pjh And that's why you use Google Authenticator, Microsoft Authenticator, Battle.net Authenticator, Steam Mobile Authenticator, Duo...

    Aren't they all based on the same RFCs?

    Sure, but good luck setting them up with a more universal App...


  • Impossible Mission Players - A

    @pjh said in Oh Google...:

    If a hacker can interfere with these systems, she can intercept the SMS security codes or have them rerouted to her own phone.

    Glad they're acknowledging that hackers can be female. :giggity:



  • @pjh Google's and Microsoft's are, minus the push notifications. I think Bnet is in the same ballpark as the RFC but a different algorithm like the one in SecurID. Steam has the exact same timing/hashing/secrets as the RFC but a different presentation. Duo... I have no clue.



  • @ben_lubar said in Oh Google...:

    I don't use my carrier's SMS because it requires typing on a tiny keyboard with overloaded keys and costs $0.50 every time I send or receive a message.

    WTF kind of plan do you have!? It's more expensive than in Poland, 15 years ago when almost no one had a mobile phone and it still mattered whether you call inside or outside the city!



  • @gąska A typical United States plan.



  • @pjh said in Oh Google...:

    @ben_lubar said in Oh Google...:

    It's unfortunate that pretty much every website refuses to accept a Google Voice number for two-factor authentication.

    SMS-2-FA isn't safe.

    What? How? Let's see the links in your post...

    attackers with basic target information can easily trick phone companies into porting numbers after passing identity checks.

    The hackers, as he tells it, had called up Verizon, impersonated him, and convinced the company to redirect his text messages to a different SIM card, intercepting his one-time login codes.

    If a hacker can persuade the carrier’s customer support agents that she is the user and has lost her phone, the phone number can easily be linked by the carrier to a new SIM card that the hacker has.

    So... it seems the only reason SMS is unsafe for 2FA is because it's so easy to steal someone's phone number in the US. And no security expert has yet come up with a solution to the problem - ie. pass a law that requires physical presence in the provider's store and provide some sort of ID to do anything funny. This would not only make SMS more secure, but also make it harder to steal someone's phone number.



  • @twelvebaud said in Oh Google...:

    @gąska A typical United States plan.

    I've been working in mobile store quite recently, so I know for a fact that there's abundance of $30 plans with unlimited talk and text.


  • SockDev

    @gąska said in Oh Google...:

    So... it seems the only reason SMS is unsafe for 2FA is because it's so easy to steal someone's phone number in the US. And no security expert has yet come up with a solution to the problem - ie. pass a law that requires physical presence in the provider's store and provide some sort of ID to do anything funny. This would not only make SMS more secure, but also make it harder to steal someone's phone number.

    I don't know if the US has a similar thing, but in the UK, there are some networks e.g. giffgaff who don't have physical stores, meaning your solution wouldn't work for every network.



  • @gąska said in Oh Google...:

    ie. pass a law that requires physical presence in the provider's store and provide some sort of ID to do anything funny. This would not only make SMS more secure, but also make it harder to steal someone's phone number.

    Which already exists in some countries. And essentially turns phone numbers into government-verified user IDs.

    And we could skip the middle man and just let the government implement some OpenID/public certificate thingy for every citizen. But then "privacy advocates" throw a fit. Yet with phone numbers it's generally OK.



  • @anonymous234 said in Oh Google...:

    And we could skip the middle man and just let the government implement some OpenID/public certificate thingy for every citizen.

    As did almost every country in the world, with USA being notable exception.



  • @raceprouk said in Oh Google...:

    @gąska said in Oh Google...:

    So... it seems the only reason SMS is unsafe for 2FA is because it's so easy to steal someone's phone number in the US. And no security expert has yet come up with a solution to the problem - ie. pass a law that requires physical presence in the provider's store and provide some sort of ID to do anything funny. This would not only make SMS more secure, but also make it harder to steal someone's phone number.

    I don't know if the US has a similar thing, but in the UK, there are some networks e.g. giffgaff who don't have physical stores, meaning your solution wouldn't work for every network.

    There's a difference between "they don't have" and "they can't afford". The former isn't much of a problem.


  • BINNED

    @gąska so any operator without current stores and without the cash reserves to build enough to service most of the population would go out of business?



  • @jaloopa yes.


  • SockDev

    @gąska Congratulations: you've just killed over half the mobile network competition in the UK.



  • @jaloopa They could outsource the service to a 3rd party.

    Literally anyone trusted enough to look at an ID card and check that the photo is the same person in front of you and that the name coincides with the package they got from the operator.

    Actually, I've registered with quite a few companies that are legally required to "authenticate" me (bitcoin exchanges, mobile phone operators, banks), and in most cases they were happy to accept scans of my ID and documents. Which are so easy to modify that they are basically pointless. So in the end I don't think they care much in practice.


  • BINNED

    @anonymous234 said in Oh Google...:

    They could outsource the service to a 3rd party.

    Actually, thinking about it, the phone shops that sell stuff for all networks could be a standard place for that sort of thing. There's at least one of them in most towns, if not all



  • @jaloopa Also, most postal systems let you specify an option to "only deliver to stated recipient" for this kind of thing, which is probably enough to legally cover their asses.



  • @twelvebaud said in Oh Google...:

    @gąska A typical United States plan.

    A typical US plan is $0.50 per text? I've had unlimited texting for a decade at the least. As soon as services like WhatsApp sprung up, carriers realized they couldn't continue to siphon off every message or no one would use them for messaging.

    @gąska said in Oh Google...:

    So... it seems the only reason SMS is unsafe for 2FA is because it's so easy to steal someone's phone number in the US. And no security expert has yet come up with a solution to the problem - ie. pass a law that requires physical presence in the provider's store and provide some sort of ID to do anything funny. This would not only make SMS more secure, but also make it harder to steal someone's phone number.

    Keep in mind US providers service rural and overseas customers, both of which would be made extremely unhappy by such a change. Also, same thing as @RaceProUK is saying, there are a number of pay-as-you-go providers that don't have physical locations in order to keep costs low.



  • @tsaukpaetra said in Oh Google...:

    I don't use my carrier's SMS because it often takes literally days before receiving messages.

    Oh, you're on AT&T too?



  • @raceprouk said in Oh Google...:

    @gąska Congratulations: you've just killed over half the mobile network competition in the UK.

    If they can't verify the customer's identity properly, I say good riddance.


  • SockDev

    @gąska said in Oh Google...:

    @raceprouk said in Oh Google...:

    @gąska Congratulations: you've just killed over half the mobile network competition in the UK.

    If they can't verify the customer's identity properly, I say good riddance.

    Because obviously the only way to verify a person's identity is in a physical store. If only there was some sort of mechanism where you could, I dunno, 'log in' to a 'website' with something, let's say 'credentials', like a 'username' and a 'password', possibly with something that, for the sake of argument, is called 'two-factor authentication'. Shame such a thing doesn't exist. Oh well, guess it'll have to remain a dream...



  • @heterodox said in Oh Google...:

    Keep in mind US providers service rural and overseas customers, both of which would be made extremely unhappy by such a change.

    How often do you change carriers anyway? Is it that bad to have to go to the big city once every few years? You already have to do this anyway much more often, in order to see a doct... oh wait. Rural USA.


  • BINNED

    @heterodox said in Oh Google...:

    A typical US plan is $0.50 per text?

    The standard in the UK, if you don't have texts included in your plan (which these days probably means no plan at all, just adding credit to a basic PAYG SIM), seems to have stabilised at 10p per message, which it's been at for years. Of course we also don't charge people for receiving messages. Isn't that a massive window for DOS by sending messages from an unlimited plan to someone with limited credit?



  • @jaloopa said in Oh Google...:

    The standard in the UK, if you don't have texts included in your plan (which these days probably means no plan at all, just adding credit to a basic PAYG SIM), seems to have stabilised at 10p per message, which it's been at for years.

    That's was the case in the US through the early 2010's. Most plans that haven't gone unlimited-talk-and-text have bumped it to 50c but don't distinguish between type of text anymore; an MMS of a maximum-length 3GP video costs the same as a simple "hi".

    @jaloopa said in Oh Google...:

    Isn't that a massive window for DOS by sending messages from an unlimited plan to someone with limited credit?

    Why yes, yes it is. Now ask how many phone companies care.

    @raceprouk said in Oh Google...:

    Shame such a thing doesn't exist. Oh well, guess it'll have to remain a dream...

    While the law says the winning carrier is supposed to check with the losing carrier to make sure the number being ported actually belongs to their new subscriber, there's no technical barrier requiring they do so. All they have to do is call up Neustar and say "so port the god damn number already!" and the losing carrier's acceptance of this is purely optional. The security is only as strong as the weakest carrier.

    Oh, and there's no standard way for a winning carrier to obtain proof-of-permission from any given losing carrier. This isn't OpenID, there are no manifests, everything is done with a phone call or less.


  • Impossible Mission Players - A

    @anonymous234 said in Oh Google...:

    Literally anyone trusted enough to look at an ID card and check that the photo is the same person in front of you and that the name coincides with the package they got from the operator.

    Fun fact: I literally look nothing like my ID.



  • @tsaukpaetra you need a new ID then.


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.