Technical Tidbits™

Posts Tagged ‘privacy’

In my past two previous posts about Google Chrome, I’ve covered the facts about how easy it was to install and some immediate signs of incompatibility.

But, we never covered the privacy and security issues. In this post, I’ll deal with the privacy issues.

Let’s look at the EULA (End Users Licensing Agreement) first. Or the Google Chrome Terms of Service. (http://www.google.com/chrome/eula.html)

The beginning part of the terms is the usual blah, blah legalese, but we find a similar thread with Google as we do with Microsoft….

4.1 Google has subsidiaries and affiliated legal entities around the world (“Subsidiaries and Affiliates”). Sometimes, these companies will be providing the Services to you on behalf of Google itself. You acknowledge and agree that Subsidiaries and Affiliates will be entitled to provide the Services to you.

4.2 Google is constantly innovating in order to provide the best possible experience for its users. You acknowledge and agree that the form and nature of the Services which Google provides may change from time to time without prior notice to you.

Same rhetoric found in Microsoft’s terms also.

But here’s an interesting twist in Google’s EULA that even Microsoft doesn’t have! (My emphasis added!)

4.5 You acknowledge and agree that while Google may not currently have set a fixed upper limit on the number of transmissions you may send or receive through the Services or on the amount of storage space used for the provision of any Service, such fixed upper limits may be set by Google at any time, at Google’s discretion.

Huh? Fixed upper limits on the number of transmissions??? So, are you going to monitor my bandwidth through your browser??? WTF does this mean?

Then I find it totally CA (Corporate America) that they put their Privacy Policy under another link as described here:

7. Privacy and your personal information

7.1 For information about Google’s data protection practices, please read Google’s privacy policy at http://www.google.com/privacy.html. This policy explains how Google treats your personal information, and protects your privacy, when you use the Services.

So, much like Microsoft, Google figures 99.8% of the users are not going to hunt down the privacy policies.

I went to take a look at the Google Privacy Policy and I find the same BS that Microsoft included about third-parties having access to your data. (Again, my emphasis added!)

Information sharing

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

* We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
* We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
* We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

If Google becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

We may share with third parties certain pieces of aggregated, non-personal information, such as the number of users who searched for a particular term, for example, or how many users clicked on a particular advertisement. Such information does not identify you individually.

Please contact us at the address below for any additional questions about the management or use of personal data.

Information security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.

We restrict access to personal information to Google employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
(Source: http://www.google.com/privacypolicy.html)

So again I ask Google as I’ve posted the same question to Microsoft – HOW WILL YOU KNOW? How will you know if your third parties violate your confidentiality?? How will I know they got my information from you?

And look at the same BIG BROTHER LEGAL DISCLAIMER! Again, you cannot give to the government even under court order what you DO NOT have!

For as much as Microsoft and Google supposedly hate each other, it almost sounds like they have the same law firm working for them: Dewy, Cheatem, and Howe.

And let’s not forget the fact that at the beginning of their Privacy Policy they state the usual disclaimers with links to other pages for more privacy policies! (I’ve left out the links but you can go their privacy policy and check them out if you are so inclined.)

At Google we recognize that privacy is important. This Privacy Policy applies to all of the products, services and websites offered by Google Inc. or its subsidiaries or affiliated companies except DoubleClick (DoubleClick Privacy Policy) and Postini (Postini Privacy Policy); collectively, Google’s “services”. In addition, where more detailed information is needed to explain our privacy practices, we post supplementary privacy notices to describe how particular services process personal information. These notices can be found in the Google Privacy Center.

And if you click the privacy policy link from within the Google Chrome page for the download and acceptance of the EULA or Terms of Service you receive this statement:

(Click to view larger image)

What is also fascinating is that as “transparent” as Google claims to be, you can look at the Chrome EULA page yourself and see if it references any other Privacy Policy. Because right now, I’m sitting on an exact duplicate of theirs (copied and pasted in a text document) and I don’t see any reference other than the part in section 7.

And guess what I found? YET ANOTHER Privacy Policy for Chrome!
http://www.google.com/chrome/intl/en/privacy.html

Now where have we seen this kind of statement before?

In addition, some Google Chrome features send limited additional information to Google:

* When you type URLs or queries in the address bar, the letters you type are sent to Google so the Suggest feature can automatically recommend terms or URLs you may be looking for. If you choose to share usage statistics with Google and you accept a suggested query or URL, Google Chrome will send that information to Google as well. You can disable this feature as explained here.
* If you navigate to a URL that does not exist, Google Chrome may send the URL to Google so we can help you find the URL you were looking for. You can disable this feature as explained here.
* Google Chrome’s SafeBrowsing feature periodically contacts Google’s servers to download the most recent list of known phishing and malware sites. In addition, when you visit a site that we think could be a phishing or malware site, your browser will send Google a hashed, partial copy of the site’s URL so that we can send more information about the risky URL. Google cannot determine the real URL you are visiting from this information. More information about how this works is here.
* Your copy of Google Chrome includes one or more unique application numbers. These numbers and information about your installation of the browser (e.g., version number, language) will be sent to Google when you first install and use it and when Google Chrome automatically checks for updates. If you choose to send usage statistics and crash reports to Google, the browser will send us this information along with a unique application number as well. Crash reports can contain information from files, applications and services that were running at the time of a malfunction. We use crash reports to diagnose and try to fix any problems with the browser.
* You may choose Google as your search engine using Google Chrome, and you may also use Google Chrome to access other Google services such as Gmail. The Privacy Policies of Gmail or other services apply when you access them, no matter which browser you use. Using Google Chrome to connect to Google services will not cause Google to receive any special or additional personally identifying information about you.

Google Suggest feature = Microsoft Suggest a site feature. And if you click the here link (that I didn’t include) about turning off the feature, it doesn’t tell you if it stops sending information back to Google or not! Not so transparent after all! (And if you want to read something really scary, read the EULA and privacy policies for Google search and Gmail along with some of the other apps!)

Okay, granted we know Google makes its money in the search and online advertising business. And unlike Microsoft, who takes your money and then covertly spies on you, Google tells you they are spying but they give you the stuff free!

On the other hand, we have Firefox 3. The most secure browser produced to date by Mozilla and Open Source with no spying and free. Hmmmmmm, which one do you suppose I’m leaning toward?

And while I’m on the subject of Firefox 3, can I request an extension? There is one thing that Google has that I’d like to see in a modified version. Their Most Visited websites page.

(Click to view larger image)

See the cool 9 boxes that previews the pages you visit most frequently? Well, I would like a Firefox extension that would allow me to make a home page with customized little previews like Google Chrome. 9 boxes just like that, but I put in the websites I want to display as my home page. Any takers?

It looks to me that this is just Google’s version of YET another Big Brother Browser!

Tomorrow, Google Chrome Security! Hint: NOT!

After my sad disappointment about IE 8, I tempered my excitement this morning when I heard that Google was releasing Chrome – their new browser offering.  I’m assuming it’s their answer to the Microsoft Big Brother Browser – IE 8.

I guess I’m jaded. We all know Google makes a ton of money on it’s search engine advertisers. So, I just kind of assumed that there would be the same kind of issues with Chrome as their was IE 8.  More spying, more lining their pockets, yada, yada.

Well, I’m a bit more hopeful, although still a bit skeptical because I have not used it fully yet. But so far, it’s looking good! Okay, no. It’s looking GREAT!

Before I downloaded it, I took a look at their comic book describing how it was made. I don’t want to ruin that experience for you so I will not comment on it in this post. I’ll probably give you a day to read the full thing first.

So, if you haven’t heard about this or read their comic book, do so before you download the program. You will miss a significant amount of information if you pass that book up! (But I will be discussing much of it in Part 2.)

It took me a while to find the actual download, but I did. There it was on the page in all it’s Google glory!

(Click to view larger image)

Doesn’t it just look like a shining beacon of hope?

So, I click to download and I’m taken to this page:

(Click to view larger image)

Oh, I get it! Here’s the gotcha! They want me to report my crashes so they can spy on me! I click the privacy link and expected to see the litany of legal jargon I received from Microsoft and here’s what I see:

What a refreshing sight after the nightmare from Microsoft! I guess I should also tell you that unlike Microsoft’s proprietary IE 8, Google’s Comic book let’s you in on the secret that this is all Open Source! I felt I should tell you that before we go further because Open Source licenses are much different then Microsoft’s licenses and legal mumbo-jumbo.

Okay, now for the install.

Do you remember the setup process I had to go through to install IE 8?

Check out the setup screens from Google Chrome below:

Now I have to pause here for a second. Isn’t this screen a refreshing difference from Microsoft’s esoteric and obscure error messages? How cute is this??

(Click to view large image)

Oh! And guess what they have too? Incognito mode! And guess what? They don’t need to send back information on your browsing habits to do it!  Imagine that!

(Click to view larger image)

If you just can’t wait, you can install Google Chrome here:
http://tools.google.com/chrome/

But remember, I haven’t investigated it thoroughly yet. So keep a healthy dose of skepticism - although I know it’s hard for me to do that right now! This is really a fun browser!

Hey Google! I need a Tor proxy plugin! (GRIN)

Welcome back to Part 3 of the Big Brother Browser series of posts!

If you’ve missed any of the other posts, please click the links for Part 1 and Part 2.

To briefly summarize the previous posts, I’ve shown you how Microsoft has made Internet Explorer 8 look as if it’s a comparable browser to Firefox with its accelerators and privacy. Yet, upon closer examination, we’ve seen that using any of these self-proclaimed wonder tools will create a privacy nightmare for users and benefit Microsoft’s advertisers or their research endeavors.

And further research shows that the privacy and security they are touting, isn’t all that private at all!

There’s more of a rub to this too. I started reviewing the modules that load with IE 8 and found a disturbing note in the description of the new Internet Explorer 8.

You can see where I put the red circle around the word: Longhorn. In case you are not familiar with the code name Longhorn, please see Paul Thurrott’s Blog regarding this.

This reference to Longhorn however, made me a bit suspicious since I’m using Windows XP on my test computer. So, I went off to do further research.

First of all, let me say that quite some time ago I uninstalled SP3 for Windows XP due to the pathetic slow down of my computer and the ten-minute shut down. Under no circumstances will I, at this point, install SP3 again. And after finishing my research, I’m so glad I did!

For more information on the problems with SP3 in Windows XP and the Vista difficulties please read this ComputerWorld article: Microsoft warns of IE8 lock-in with XP SP3. (The sub-heading of the article states: Also notes other problems, including crashing Windows Live Mail.)

What does concern me the most about the Longhorn mention on IE8 is that they are eventually going to stick us with it under the guises of more security and more privacy – all the while making money off our browsing habits, and feeding us suggested sites from their advertisers.

Now, let’s discuss this privacy issue in more detail. I have the information I need to do further research and it’s going to take about a week before I fully understand how and what they’re doing.

But, at first glance, if you turn on the InPrivate browsing and try to view your Temporary Internet Files, you won’t be able to. I think this is how they manipulate the folder so that your cache is not stored there.

But even though I have my setting set to delete my browsing history upon exit, after I closed the browser and reopened it – which takes the InPrivate browsing off – my temporary Internet files were still there. (And please note that they are still there even after I close the browser when NOT using InPrivate browsing.)

So, there is apparently some sort of glitch in this that doesn’t allow even the normal features from IE 7 to work properly.

Now, Microsoft has been touting this big, huge secure browsing garbage with Internet Explorer 8. But after Christian Prickaerts statement in the news, Microsoft responds:

Microsoft’s main goal with InPrivate Browsing is to prevent other users of the same computer to gain access to the browsing history, the company said in an email response. The feature isn’t designed to protect a user’s privacy from security experts and forensic researchers, the company said.

(Source: http://www.fox-it.com/en/news-and-events/news/recent-news/news-article/pc-advisor-ie8-s-privacy-mode-leaks-your-private-data/47)

Okay, makes me want to run right out and get it right?

After all, isn’t that what you REALLY want your browser to do? Don’t you need protection from your meddling wife or husband who thinks porn is evil?  Hackers be damned! I’m more worried that my mommy doesn’t catch me gambling online! I can see it now!

Microsoft’s new commercial with Jerry Seinfeld……

Jerry: Are you constantly annoyed by your wife finding your online gambling account? (Forget the fact that PartyPoker is sitting on your desktop!) Are you worried that at 16 your folks won’t understand your need to surf “girlie” sites? Are you having an online affair and want to cover your tracks? Have no fear! Internet Explorer 8 to the rescue! In exchange for covering your a** with the spouse, family, or boss, you just have to give us your entire surfing behavior patterns. We’ll still continue to allow you to download every vulnerability, exploit, and malcode known to mankind as a bonus!

I could go on but you get the image!

The short version of the rhetoric of BS from Microsoft is that they are trying to sell us another bill of goods that can’t deliver anything more than sending user data back into their already well-lined pockets.

If you are interested in getting the data files I’m working with, (the first one will be the processes list), please sign up to the auto-responder I’ve set up for this purpose. As soon as they are available, I will send you the link or the file itself – if it’s not too big.

But, your best bet is to move to Ubuntu. That’s one of the projects I’m working on now! And yes, we will be teaching others how to do the same thing!

MORE RESOURCES:

For further information about Microsoft’s take on the IE 8 security, see:
http://blogs.msdn.com/ie/archive/2008/08/29/trustworthy-browsing-with-ie8-summary.aspx

For upgrade information regarding the Windows XP and Vista problems mentioned in the post, see:
http://blogs.msdn.com/ie/archive/2008/08/27/upgrading-to-internet-explorer-8-beta-2.aspx
http://blogs.msdn.com/ie/archive/2008/05/05/ie-and-xpsp3.aspx

And a special PS to Erkki (who is not upgrading): Thanks for the correction in the math!