Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Bug Politics

Google Criticized For Vulnerability That Can Trick Its AI Into Deactivating Accounts (minds.com) 49

In July Google was sued by Tulsi Gabbard, one of 23 Democrats running for president, after Google mistakenly suspended her advertising account.

"I believe I can provide assistance on where to focus your discovery efforts," posted former YouTube/Google senior software engineer Zach Vorhies (now a harsh critic of Google's alleged bias against conservatives). He says he witnessed the deactivation of another high-profile Google account triggered by a malicious third party. I had the opportunity to inspect the bug report as a full-time employee. What I found was that Google had a technical vulnerability that, when exploited, would take any gmail account down. Certain unknown 3rd party actors are aware of this secret vulnerability and exploit it.

This is how it worked: Take a target email address, change exactly one letter in that email address, and then create a new account with that changed email address. Malicious actors repeated this process over and over again until a network of spoof accounts for Jordan B. Peterson existed. Then these spoof accounts started generating spam emails. These email-spam blasts caught the attention of an AI system which fixed the problem by deactivating the spam accounts... and then ALSO the original account belonging to Jordan B. Peterson!

To my knowledge, this bug has never been fixed.

"Gabbard, however, claims the suspension was based on her criticism of Google and other major tech companies," reports the Verge. But they also quote the campaign as saying that Gmail "sends communications from Tulsi into people's Spam folders at a disproportionately high rate."

"Google may blame this on automated systems, but the reality is that there is no transparency whatsoever, which makes it difficult to determine the truth."
This discussion has been archived. No new comments can be posted.

Google Criticized For Vulnerability That Can Trick Its AI Into Deactivating Accounts

Comments Filter:
  • "Mistakenly"? (Score:3, Insightful)

    by melted ( 227442 ) on Saturday August 17, 2019 @02:37PM (#59097438) Homepage

    "Mistakenly"? I thought we're past the presumption of innocence in Google's case. A more likely explanation is the bigwigs at Google have decided who the democratic candidate is going to be, and Tulsi isn't that candidate. Does anyone actually believe that the decisions about the multi-million dollar ad campaigns (let alone campaigns of even theoretically viable presidential candidates) are managed entirely by "AI", without human in the loop?

    • So you stop believing the conspiracy theorist when they say something really is incompetence, rather than malevolence?
    • Re:"Mistakenly"? (Score:5, Insightful)

      by mea2214 ( 935585 ) on Saturday August 17, 2019 @03:19PM (#59097484)
      She's polling at 1% and has zero chance at the D nomination. Google Occam's Razor.
      • by melted ( 227442 )

        Occam's razor dictates that multi-million dollar ad campaigns of presidential candidates (even those polling at 1%) aren't run on autopilot.

        • What's entertaining, is that there is a service called autopilot [autopilothq.com] that companies actually do use for running their multi-million dollar ad campaigns.

          So yes, multi-million dollar ad campaigns ARE actually run on Autopilot.

    • Surveillance Valley Razor:

      "Never attribute to incompetence that which can be adequately explained by malice."

  • Or... (Score:5, Insightful)

    by MachineShedFred ( 621896 ) on Saturday August 17, 2019 @02:45PM (#59097452) Journal

    Or maybe Google sends it into people's spam folders at a high rate because it's fucking spam. You very likely didn't pre-warm your domain, you probably send emails that score quite high against spam filtering rules, and probably people flag it as spam because they don't want your fucking tripe in their inbox.

    All of these add up to not getting inboxed, and it happens with marketing companies all the time. So often that best practices are to send marketing emails from a separate domain so you don't trash the reputation of your main domain.

    You have amateurs running your email operations. This is not Google's fault, it is YOUR fault - Google is just an easy target, and it makes for a "ohh poor me, bucking the establishment and big bad Google is retaliating!" narrative instead of a process story about how you fucked up your email and didn't spend the time to do it right.

    • You don't know anything about her email operations. You make bold and unsubstantiated claims and then bash her for your entirely made-up stuff. If you have any evidence about how her email was going out, please share.
      • We all know something about them, and I quote from the summary:"Gmail "sends communications from Tulsi into people's Spam folders at a disproportionately high rate." That is called information; it is literally something we know about her email operations, to wit they somehow result in getting her emails a Spam classification. Now a simple application of Occam's Razor is all that is necessary. What is more likely? That there is a conspiracy at Google to silence a candidate who has zero chance of winning to b
        • Congratulations. You can read English. Unfortunately, you misinterpret what you read. You still know nothing about her email operations. As far as google is concerned, we are talking about a company that is looooong past any benefit of the doubt about any form of evil. Occam's razor says someone inside google who prefers another candidate or dislikes her in particular, flagged her email for the spam folder. It isn't like we haven't seen them delist or push results down or negative results up before fo
          • I have to say I was wrong. No, not in the least in what I posted but in my thoughts after I posted it. I said to myself "Surely even a poster boy for Dunning Kruger with such an incredibly ironic name is not so fucking stupid that they would try to weasel out of an admission that what they posted was clearly not only provably wrong (we do have information and nobody could argue otherwise as it has been presented twice now) but phenomenally stupid." ... but I was wrong.

            "Hell, we even have google's own engine

            • Lmao @ your triggered ad hominem and intentional misreading of my words to make an invalid point. You're cute but not hitting home. Maybe those sorts of cheap rhetorical techniques work in the echo chambers you're used to but I'm not interested in debating with the intellectually dishonest. I got exactly what I expected when I told you to take the last word: you made up a bunch of stuff, grossly misinterpreted my words, went full ad hominem and walked away feeling smugly superior, without ever addressing
        • I am a former constituent of Congresswoman Nancy "the Nazi" Pelosi (D-Google). For YEARS I flagged every single unsolicited message she sent me as spam. But Google - again, for years - refused to learn, and sent all her spam messages to my high priority inbox.

          Favoritism & abuse of trust? Suuuuuuuure looked like it.

          • That would be the result of you not knowing that the term spam is a synonym for unsolicited *commercial* email, not "shit nobody should want to see because you don't want to see. Of course it's possible that they know you are the kind of fucktwat that refers to a democrat as a Nazi and just can't resist fucking with you. Yeah, that's probably it. It isn't that you are the rare exception that was marking it spam when tens of thousands were not. That wouldn't make any sense. Go with your conspiracy theory. Th
    • Re:Or... (Score:5, Informative)

      by 93 Escort Wagon ( 326346 ) on Saturday August 17, 2019 @04:08PM (#59097536)

      Or maybe Google sends it into people's spam folders at a high rate because it's fucking spam.

      Any political email that actually makes it into my inbox is flagged as spam - manually, by me. I doubt I’m the only one doing this, so I would expect any decent spam filter would learn and adapt.

      In my mind the immediately relevant question isn’t actually whether an “inordinately high percentage” of Gabbard’s campaign emails get flagged as spam, per se - it’s whether that percentage is significantly higher than that of emails from other campaigns (e.g. Warren, Biden, Trump). First that question needs to be answered before anyone wastes much time investigating Gabbard’s claim.

      • by Mal-2 ( 675116 )

        I wonder what happens if Google can hand over data and say "your mail is being flagged as spam because the people you send it to are saying it is spam." Show the trends. If it turns out the audience is spam-tagging her disproportionately, then this is a social problem, not a technical one.

        • by Cederic ( 9623 )

          Or.. she's sending spam.

          Does anybody have an example of the emails being marked as spam, as that would greatly inform this conversation.

  • Not an excuse (Score:5, Insightful)

    by mamba-mamba ( 445365 ) on Saturday August 17, 2019 @02:53PM (#59097458)

    Automated systems are designed, or if they are AI's, then they are trained. If the design or training process introduces bias, the company (Google in this case) is still responsible for that bias.

    Not claiming that there is bias here, but Google shouldn't be allowed to hide behind the "automated systems" claim because that effectively absolves them from all allegation of bias, since everything they do is automated.

    • Everything they do is not automated, so if nothing else, let's stop spreading misinformation. There is more than enough of that going on in the world already. Having said that, a company saying that their system behaved in an unexpected way that was not intended is not something new, nor is it necessarily bullshit. Like you I am not claiming there is, or is not, bias against a nobody candidate who can't possibly win here ... Occam has that handled already.
      • Spreading misinformation. LOL. Many of their products involve extensive automation simply because of scale. They use automation to select ads to play based on many factors. There search is automated. Their indexing of web pages is automated. It may be a slight exaggeration to say "everything they do is automated" but it is not "spreading misinformation." Main point being that IF there is bias, Google should not be allowed to hide behind the fact that the bias came from an automated system.

        Tulsi doesn't have

        • "It may be a slight exaggeration to say "everything they do is automated" but it is not "spreading misinformation.""

          When something is not true and we claim that it is true this is not a "slight exaggeration." Try cheating on your boyfriend and then when you get caught tell him that you weren't lying when you said you never cheated, but merely exaggerating.

          "Main point being that IF there is bias, Google should not be allowed to hide behind the fact that the bias came from an automated system."

          Any compiler wo

    • I'm thinking they surely have white-lists for cases like this.

      The problem then becomes, is it OK for them to white-list candidate (A) but not candidate (B), so that candidate (A)'s message gets to gmail users inbox folders but candidate (B)'s ends up in spam folders?
  • What happens when the AI figures this out and what response will the AI iniate in rebut to questioning its maker?
    • by AHuxley ( 892839 )
      Re "AI figures this out"
      Just how "AI" the AI is will be kept a secret.
      So only select activity could take place that was "deniable".
      Create a list of spam emails that read like the real email in use.
      Fool the system and remove all the emails that look the same. To protect the internet, the paying ads and the brand.
      The "AI figures" out part would be detecting a flood of actavist / party machine /contractor created "spam" around an approved "protected" political email account.
      Block and report the rise i
  • I have a first Google E-mail address FirstLast (name) as time went on I changed it for no reason to First.Last
    I noticed one of the addresses had stopped but had no fix. Last week I got an email from Google saying the First.Last email was rerouted to me as it should of been in the first place. The next Google Email sent the same time I was able to chose myself or a FirstLast124 to get that address.

    Ticks me off as I was refusing any emails with my name###

If all else fails, lower your standards.

Working...