Technical Tidbits

I want to thank Jeff (our Director of Marketing and Emerging Technology) for testing ForceField and writing such detailed reviews.  You can thank him by visiting his personal blog at: http://haumanadao.com/

That being said, let’s move on to the third part of this series.

When Jeff agreed to test ForceField and document his experience for our blog, he also ran a packet capture using wireshark to determine if we could see exactly what was happening with this.  That’s how I ended up with this last part of the review. I am the packet capture analyzer!

NOTE: Clicking on each image will bring up the full 100% view.

In the first packet captured, upon opening the browser, there is a SYN connection to Zonelabs IP at: 208.185.174.65 that is encrypted.

A SYN packet is the beginning of a handshake between two computers. Obviously, ForceField is logging in at ZoneLabs for some reason. Just what reason we don’t know. But the second packet confirms the handshake with an SYN/ACK or acknowledgement that Zonelabs has received the first SYN packet and sets a sequence number for the communication between the two.

For those of you who are not knowledgeable in the reading of packets or do not understand the SYN/ACK packets, as I teach in our PC Security courses, (shameless plug, I know!), the SYN/ACK packets are used to establish a connection with another device - usually two computers. The SYN packet sends a sequence number (to synchronize) of the digital packet and behaves much like a knock on the other computers door. Sort of like saying, “Hello? are you there?”

The ACK packet is returned by the other device in acknowledgement of the knock or attempt to establish communications. Like saying, “Yea! I’m here! Let’s talk!” The sequence number establishes the connection between the two by identifying the packets. Much like a ticket number. If the packets become broken up, the sequence number helps the communicating devices put them back together for a full message.

So, here is the image of the ACK packet in Wireshark:

The Flag showing SYN: Set, means that the synchronization number has been set along with the Acknowledgment. This entire process is called the “handshake.”

In case you are wondering if I’m pulling your leg about the IP address belonging to Zonelabs, let me put that theory to rest right now.

After the initial handshake and establishing the connection between the browser (or Jeff’s Computer) and Zonelabs, there is another secured handshake initiated.

After a few more back and forths with handshakes and agreeing on the cipher strength, Jeff’s PC starts sending encrypted data back to ZoneLabs in two packets. Packet 12 and Packet 13.

Just what information was sent, we don’t know. But there was definitely information being transferred. And there were a few more packets exchanged identical to the one shown above.

Now, the information shown in the next image, shows that on packet 22, there was another acknowledgement packet sent from ZoneLabs to Jeff’s PC.  I circled the flags to show you that the reset flag nor the fin (finish) flag was set which means that Zonelabs was staying connected to Jeff’s PC. If it were disconnecting, the FIN flag would have been set.

You will then notice that the packet capture acknowledges that there is now a clone of the browser as is evidenced by the yellow lines in the capture above.

During the time of the capture and Jeff’s surfing, TrendMicro updated and Zonelabs updated ForceField. Jeff also surfed Google, did a few searches, and checked his e-mail. All the packets captured showed the connection to Jeff’s PC in the background to these sites for updates, the e-mail check and the IP packets to Google. I never found a disconnect from ZoneLabs initial connect in any of the packets captured.

There is one flaw in our research however. Jeff shut off the Packet Capture before closing his browser so we could not see the disconnect from Zonelabs.

I suspect that if he would have closed his browser, forcing the cloned ForceField one to close, that we would’ve seen a disconnect packet. But being a novice to this kind of research and to packets, Jeff is off the hook.

Our take here at MICE is that if you insist on using ForceField for the safety it provides, you are sacrificing your privacy. Under the guises of security and protection, I believe ForceField is Big Brother in disguise. Another wolf in sheeps clothing.

And my take is that I’m going to donate to OpenSource (FireFox) to continue their development of a free, non-big brother browser!

written by Admin \\ tags: ack, Big brother, browser security, firefox, ForceField, open source, packets, spyware, syn, zone alarm, zone labs

After using ForceField for several days a few questions came up about the application in general. The main one was why can’t I see any real details as to what it is blocking? Over the years I can’t tell you how many Wiz Bang programs I’ve installed only to uninstall them because of how they either collided with my other programs or sucked up my resources. So I was just running ForceField through my normal rigors.

In Part 1 I showed you the Advanced tab in the ForceField settings. I was shocked to only find a bunch of checkboxes. Nothing that would allow me to know if what they are blocking was agreeable to me. For all I knew, it could end up allowing something malicious that Zone Labs hadn’t detected yet, which is VERY likely. A statistic that is on the landing page for Debbie’s eLearning Portal states, “Upon their initial outbreak, 21% of the malware did not have an associated antivirus definition”, so I want to keep an eye out for things like this. Education and vigilance are the best ways to protect yourself especially when so many of the security applications or services are reactive.

For the sake of their security, I gave ForceField the benefit of the doubt in that if they gave away too much info it might allow malcoders better access to crack their way around it. So I decided to see if their documentation had anything of interest. Nope, I couldn’t find anything there that even remotely resembled something technical; it was all pretty much for general users. (See for yourself: Starter Guide/User Manual)

So I was left with no other choice than to trust that ForceField has my back covered. With so much “Big Brother” crap going on with applications these days, that’s kind of hard for me to swallow, so for the time being I let it go but kept an even more vigilant eye on how it worked.

One of the first things I noticed occurred in Internet Explorer. My virus protection, Trend Micro Internet Security Pro, has a tool called the Transaction Protector that is designed mainly for wireless use to encrypt your transactions against possible keyloggers. Because ForceField creates a cloned browser, Trend activated the Transaction Protector. I discovered this when trying to do a Google search using Internet Explorer and all that showed up was “ababababab” for anything I typed. It took a few minutes for me to realize what was going on.

Interestingly enough when I tried to get a screen shot of this the problem a week later it had disappeared. This must have happened when ForceField did an update which it did not inform me of nor make the details of it available anywhere. What it did was deactivate the Transaction Provider. I’m sorry, but why are you not allowing me to make this choice? This was my first “Big Brother” suspicion in that Zone Labs shut off a valuable Trend Micro tool without my knowledge assuming that it does a better job? This makes it appear that Zone Labs believes ForceField is the superior tool and that is just plain arrogance especially without documentation to back it up neither for the application itself or the upgrades that it does.

This caused me to do a search for ForceField to see what other issues might be going on. One result claimed that it was a memory hog. To test this I did screen shots of the Windows Task Manager right after startup and then again after I opened a Firefox browser. There was a huge difference in the memory utilization. It went from 22 MB to 137 MB, a 527% increase in memory usage. I have 1 GB RAM of which about half is used upon startup. ForceField used an additional 115 MB when my browser opened which is around 20% of my remaining RAM. I did find that if I left my browser open and then opened up other programs that things did start to slow down after awhile as this is when swap files are now being used more frequently once the RAM is mostly used up.

The other issue that I found during this search was that ForceField was not keeping any Firefox Add-ons. This made me wonder if this might happen with bookmarks and/or organizing bookmarks. I got to experience the answer to this during the course of my normal computer maintenance. When activating Spybot to do my spyware scans, if it detects excessive temporary files it asks you if you want to delete them which will speed up the scanning process. I noticed that I had 1,000+ temporary files which seemed excessive to me, but just figured I had forgot to clean them out. I told Spybot to delete them and to my surprise, when I opened up Firefox, some previous settings in my Bookmarks Toolbar were gone, but when I shut off ForceField and reopened Firefox they were there.

The same problem occurs when I made changes to Firefox with ForceField shut off. This appears to make the cloned browser king but again, the documentation did not specify anything to this level as to how changes to the browser do or do not affect ForceField. It appeared after dealing with this for a time that the answer was in the temporary files ForceField creates (which can look like this: ffffffffffff.isw) which you can remove in the Advanced tab by clearing the Virtual Data but this was never explained clearly anywhere (other than in a forum post that states this should now be the way to remove your temp files). I delete my temporary files using Windows Disk Cleanup tool. The 1-2-3 promos did not allude to this, so perhaps Zone Labs just assumes that no one does this?!? Sorry, but I run a Lean and Mean Computing Machine and ensuring my temp files don’t get excessive is one of the things that are a part of my regularly scheduled maintenance.

I also noticed that when running my defrag tool, Auslogistics Disk Defrag, that it was taking longer than usual. Like I mentioned in Part 1, I like to watch the tool work and noticed that it was showing more fragmentation than usual. Both the longer defrag time and excessive fragmentation have disappeared since I uninstalled ForceField demonstrating that it was the culprit. So although it was not slowing down my browsing experience, it was definitely cluttering my computer with excessive temporary files which in the long run can affect the overall performance (a forum posts mentions that their temp files went from 2,000 before ForceField to over 10,000 after using ForceField!).

So far, much of this has produced mostly consistent frustration. I’m sure that I could have eventually figured out how to circumvent these problems, but that’s really the big issue here because the General User isn’t normally concerned with all of these geeky things. A tool such as this needs to have good consistent use for the General User yet at the same time satisfy the needs of those who are more technically savvy.

The next thing I did was to start poking around their forum and is where my attitude got even worse. Take a quick look for yourself (Click Here); Check out at least the first 5-7 pages and you will see consistent comments on incompatibility or problems with the application. Some of these problems may have been resolved, but this appears to me to be an application still in development that they are selling as a finished product. Does that sound familiar? Microsoft has been doing that since the very first Windows operating system. Although this was originally genius marketing, today it’s a point of contention and frustration.

I also noticed that when checking my Protection Activity that occasionally the Suspicious Sites total would increase but there was no way of knowing what ForceField was designating as a Suspicious Site. I also monitor my network traffic via the icon in my Sys Tray and noticed that when I started up ForceField there was always considerable activity. The element of Big Brother was already becoming more and more suspicious and in conjunction with what I’ve previously mentioned, this was rapidly approaching the point of being uninstalled.

Using a packet capturing tool called, WireShark, I set out to find out what was going on “behind the scenes”. I shut off ForceField so it wouldn’t activate on startup. Rebooted, then turned on WireShark, and then activated ForceField, and then opened a browser and then did some browsing. The results appeared to be initially very interesting, but I have next to no understanding of much of what was going on. This is where Debbie is going to take over because she understands this very well. In Part 3 she will be relating the results of her analysis of the packet capture I did. What you will see is that some kind of encrypted secure communication is going on to Zone Labs putting the element of Big Brother right into the Big Picture of this application.

Here’s my final take and general warning to you. Zone Alarm ForceField comes off as the tool that will save the day with all of the things it will do for you. Such Super Hero tactics when performed by a major corporation rarely end up being totally benign. I hate to be so cynical but more often than not if it sounds too good to be true, it normally is, especially for the consumer. ForceField started off being my new best friend, but eventually tried to convince me that it knew better than me and to just “Trust Me”. Isn’t that what the snake said to Eve in the Garden of Eden? Some things just never change!!

Think I’m being overly cynical? Check out their EULA. Section 2.5 states that if you have the Anti-Spyware version they have the right to delete any program they deem a problem. What you may not realize is spyware detection is a reactive evolution, meaning it’s as good as it is today but may get better AFTER a known problem has been discovered. So they could easily remove a valid program without you knowing it due to some detection algorithm that sees your well known and useful program as a problem. Doesn’t this continue to elude to the fact that they know what’s best for you? Just who designated them King of The Mountain?

Section 5 relates to Third Party software and states, “Certain third party software included with the Software is subject to additional terms and conditions imposed by ZoneAlarm’s third party licensor(s).” I did not see any other reference about WHAT that third party software is other than “Such terms and conditions are contained in the “About” pages of the Software and are deemed incorporated herein by reference.” Okay, so what does that mean to any potential abuse of my personal privacy by your third party licensor(s)?

Section 8.1 states the limited warranty for the software “will be free from defects in material and workmanship, and that the Software shall substantially conform to its user manual”, yet I stated earlier that this manual was somewhat nebulous, so just what does this mean in relation to a limited warranty, is there one when you can easily get out of it with a nebulous user manual?

Section 8.2 GENERAL: ZoneAlarm does not guarantee that use of the Software or Subscription Services will be uninterrupted or error-free. ZoneAlarm does not guarantee that the information accessed by the Software or Subscription Services will be accurate or complete. You acknowledge that performance of the Software and Subscription Services may be affected by any number of factors, including without limitation, technical failure of the Software, the acts or missions of third parties and other causes reasonably beyond the control of ZoneAlarm. Certain features of the Software may not be forward-compatible with future versions of the Software and use of such features with future versions of the Software may require purchase of the applicable future version of the Software.

It seems like this section is stating that with all the hype of how well it can protect you, there is no REAL guarantee that it will, not to mention that it is not responsible for the acts or missions of third parties. Do you smell any stench of Big Brother yet?

This just verifies to me the validity of trust that Open Source has. They are not Corporate Minded with interests in profits for the stock holders/investors, they are a community of people creating applications and operating systems for the good of the people because they are mainly run by the people. So when Thunderbird or Firefox want to do an upgrade, I implicitly trust them because their motives are for the good of their users.

written by Jeff \\ tags: Big brother, browser security, ForceField, keyloggers, spyware, zone alarm, zone labs

This post is written by a guest author.

Monday August 11 at 4:14 PM, the fateful day that an email arrived appearing to contain the resolution for a growing problem on the internet, Drive By Downloads. The email said, “In honor of Patch Tuesday, August 12, 2008, ZoneAlarm (Check Point) will be offering ForceField browser security for FREE for only 24-hours!”

I then went to the ForceField section of the Zone Alarm site and read about the features and watched the promos for it. According to the very amusing video promos it’s as simple as 1-2-3 to not only install but also operate. The security of Internet browsing has taken a giant leap forward!

The month prior to this I had been doing a lot of research for the landing page for the launch of Debbie’s eLearning Portal, namely her PC Security and ID Theft courses in conjunction with her celebration of being in business for 10 years. The main purpose of this landing page was to educate the visitor of what’s really going on out there and how extremely important it is for EVERY user to be educated because many of the tools and services are not 100% reliable; it was starting to appear that the only REAL protection is arming yourself with the proper knowledge and her courses are excellent for that, as her many testimonials have shown.

Some of that effort led me to research results on the state of browser patches and security and the growing incidents of Drive By Downloads. As a result of that, it became apparent that surfing online these days isn’t as benign as so many may think it is. It is getting to the point that if you’re not properly educated in what’s going on, you can become a victim and not even know it and this can be regardless of your level of education. Both Debbie and I have come across this but due to our awareness were able to stop it in time or prevent it from happening. (See Mal Ads Report and Drive By Download video) The Zone Alarm ForceField application, upon my initial review, seemed to be a great response to these problems. Here’s what the site tells you:

1. Block unauthorized downloads and malicious software installations.
2. Protect your identity by blocking phishers and stopping keyloggers.
3. Browse the internet in complete privacy–erases all cache, cookies, history and passwords.
4. Run it with your existing security software–it’s fast, lightweight, and easy to use

Sounds pretty cool!  But wait, there’s more!  Here’s a list of known threats and their impact that ForceField will protect you from.

1. Drive-by download - Visit the wrong website, and it can download spyware, viruses, or even take control of your PC without your knowledge.
2. Keyloggers - Capture and record your keystrokes to obtain passwords, financial information and more.
3. Phishers - Trick you into entering confidential information such as passwords and credit cards on bogus web sites.
4. Spyware - Installed without your knowledge, spyware can collect your personal information and send it to criminals on the Internet.
5. Dangerous downloads - Appear to be safe, like a screen saver application, so the user chooses to download it, but in fact it also installs malicious software.

If you think that’s cool wait until you see their Benefits and Features:

• Virtual Browsing
• Browser Threat Immunity
• Private Browser
• Keylogger & Screengrabber Jamming
• Dangerous Download Detection
• Anti-Phishing
• Spy Site Blocking
• Website Safety Check
• Spyware Flushing
• On-The-Fly Encryption
• Seamless Integration
• Security Software Compatibility
• Fast and Easy to Use

If this isn’t the best thing since sliced bread, I don’t know what is! Although I am being sarcastic, this was close to my initial reaction because based on this and the amusing videos this really did seem like it was going to go a long way in helping to at least stave off these issues that are becoming more and more prevalent. One of the best features being how easy it is to install and use and that it integrates with known security applications. (Click Here to see for yourself)

After reviewing all of this I couldn’t wait for Tuesday to arrive so I could get my copy with a license key for a free year of use!   This was going to be great; Secure Browsing has finally arrived!! (I could hardly sleep that night!)

Once I downloaded the application and received my special license key, everything went just as the promos had stated.  It installed very easily and put itself as an additional toolbar on both my Firefox and Internet Explorer toolbars which contained a ForceField drop down menu, Protection Activity, Site Status, and Private Browser.

Selecting Settings on the drop down menu produces a small window with a General and Advanced tab.  It was very simple and upon initial review all of these settings seemed to be necessary in order to ensure proper protection such as by default ForceField loads on startup of your PC and immediately starts to protect you as soon as you open your browser.  This drop down also has a choice in FireFox that puts the toolbar on the Status bar with a menu when clicked on thus relieving you of the space the ForceField takes away from your viewing pleasure.  I don’t seem to remember the same option in IE, but am not a big user of it either so didn’t care.

The Site Status shows you if the site you are on has been detected as a known phishing or spyware distributor, when it was first registered, and where it’s located.  These are essential elements in assisting in determining a site’s validity as many mal sites come and go very quickly in order to evade detection.

The Protection Activity gives you a summary of the total MB of possibly harmful data prevented from reaching your PC, the total number of threats that were stopped, and a tally of what those were under the headings of Suspicious sites detected, Phishing sites blocked, Spyware sites blocked, and Virus infected downloads detected, plus the total number of downloads it has scanned.

As far as using the Private Browser, I am the only user of my computer so I only checked it out by clicking on the button; it opened a new browser.  Because in the Benefits and Features section it stated that it basically erases everything you do, it did not seem useful for me because whatever I do would be erased including bookmarks, passwords, etc.  This only seems useful if there is more than one user of a browser and you want to hide what you’ve done which when you think about it seems kind of dishonest, unless of course you have something to hide.  This is why this type of browsing has been termed “Porn Mode”.  Maybe it’s because I’m an honest person and don’t have anything to hide is why I don’t understand when this is useful because the only “usefulness” that it serves is when you have something to hide from others.

Actually setting up additional users in Windows would alleviate all of that anyway unless of course you are the admin which would give you access to that information.  For example, having Private Browsing on a computer used by a family would never allow the parents to monitor the browsing habits of their children who are notorious for going places they shouldn’t especially when it comes to free downloads but having each child sign in separately would allow proper parental monitoring.  This is assuming that one parent isn’t hiding something from the other, but then again that’s deceptive and a guaranteed relationship killer.  This whole thing about private browsing which the new version of IE is supposed to have dumbfounds me.  Is our society getting so secretive that we have to continually create ways to hide? (Don’t get me started on PC Pandora!!!)  This is a review and not an expose on the morals of society so I’ll leave it at this.

All in all my initial browsing experience with ForceField was very good.  I did not notice any slow down indicating that ForceField was getting in the way.  When I went to my blog which was only a couple of months old, I got a warning about it and was able to tell ForceField that it is okay.  Another incident of a link I got in an email for some new internet marketing product brought up a phishing warning.  I wasn’t sure if it was a false alarm or not but wasn’t all that interested in the product so I didn’t proceed from there.  Each day I monitored the Protection Activity monitoring how ForceField was working.  It was nice to browse knowing that a clone would take any malware hits.  The sense of security that resulted was refreshing.

But then things began to change; maybe it’s because after working for corporations for the past 10 yrs, one of which was in bankruptcy for 3 years and demolished their long standing defined pension program along with so many other cold hearted choices that I have an inherent distrust that corporations don’t always have my best interest in mind.  Maybe it’s because I’m an armchair marketer and love watching how products are promoted, some of which are not done with sincere integrity.  Maybe it’s because I’m a geek and love information (I like to watch a computer defrag to see how bad the fragmentation is!).  Maybe it’s because I have a knack for processing information resulting in seeing patterns that many others don’t.  Maybe it’s because I believe in taking personal responsibility for my actions and am therefore prone to not let others do it for me if at all possible.

Whatever the case, little by little some things started to show up as I continued to use Zone Alarm’s ForceField.  At first they were annoyances, but eventually turned into big questions of what is really going on behind the scenes.  In Part 2, I will delve into this and let you be the judge as to why something seems to be your best friend yet doesn’t disclose things for the more technically minded who just like to monitor their computer’s processes to ensure the best functionality.  This leads to the suspicion that Big Brother may be lurking behind the scenes.

written by Jeff \\ tags: Big brother, browser security, drive by, drive by downloads, driveby, driveby downloads, ForceField, keyloggers, phishers, porn mode, private browsing, spyware, zone alarm, zone labs

In my past two previous posts about Google Chrome, I’ve covered the facts about how easy it was to install and some immediate signs of incompatibility.

But, we never covered the privacy and security issues. In this post, I’ll deal with the privacy issues.

Let’s look at the EULA (End Users Licensing Agreement) first. Or the Google Chrome Terms of Service. (http://www.google.com/chrome/eula.html)

The beginning part of the terms is the usual blah, blah legalese, but we find a similar thread with Google as we do with Microsoft….

4.1 Google has subsidiaries and affiliated legal entities around the world (”Subsidiaries and Affiliates”). Sometimes, these companies will be providing the Services to you on behalf of Google itself. You acknowledge and agree that Subsidiaries and Affiliates will be entitled to provide the Services to you.

4.2 Google is constantly innovating in order to provide the best possible experience for its users. You acknowledge and agree that the form and nature of the Services which Google provides may change from time to time without prior notice to you.

Same rhetoric found in Microsoft’s terms also.

But here’s an interesting twist in Google’s EULA that even Microsoft doesn’t have! (My emphasis added!)

4.5 You acknowledge and agree that while Google may not currently have set a fixed upper limit on the number of transmissions you may send or receive through the Services or on the amount of storage space used for the provision of any Service, such fixed upper limits may be set by Google at any time, at Google’s discretion.

Huh? Fixed upper limits on the number of transmissions??? So, are you going to monitor my bandwidth through your browser??? WTF does this mean?

Then I find it totally CA (Corporate America) that they put their Privacy Policy under another link as described here:

7. Privacy and your personal information

7.1 For information about Google’s data protection practices, please read Google’s privacy policy at http://www.google.com/privacy.html. This policy explains how Google treats your personal information, and protects your privacy, when you use the Services.

So, much like Microsoft, Google figures 99.8% of the users are not going to hunt down the privacy policies.

I went to take a look at the Google Privacy Policy and I find the same BS that Microsoft included about third-parties having access to your data. (Again, my emphasis added!)

Information sharing

Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances:

* We have your consent. We require opt-in consent for the sharing of any sensitive personal information.
* We provide such information to our subsidiaries, affiliated companies or other trusted businesses or persons for the purpose of processing personal information on our behalf. We require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy and any other appropriate confidentiality and security measures.
* We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

If Google becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, we will provide notice before personal information is transferred and becomes subject to a different privacy policy.

We may share with third parties certain pieces of aggregated, non-personal information, such as the number of users who searched for a particular term, for example, or how many users clicked on a particular advertisement. Such information does not identify you individually.

Please contact us at the address below for any additional questions about the management or use of personal data.

Information security

We take appropriate security measures to protect against unauthorized access to or unauthorized alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, as well as physical security measures to guard against unauthorized access to systems where we store personal data.

We restrict access to personal information to Google employees, contractors and agents who need to know that information in order to operate, develop or improve our services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
(Source: http://www.google.com/privacypolicy.html)

So again I ask Google as I’ve posted the same question to Microsoft - HOW WILL YOU KNOW? How will you know if your third parties violate your confidentiality?? How will I know they got my information from you?

And look at the same BIG BROTHER LEGAL DISCLAIMER! Again, you cannot give to the government even under court order what you DO NOT have!

For as much as Microsoft and Google supposedly hate each other, it almost sounds like they have the same law firm working for them: Dewy, Cheatem, and Howe.

And let’s not forget the fact that at the beginning of their Privacy Policy they state the usual disclaimers with links to other pages for more privacy policies! (I’ve left out the links but you can go their privacy policy and check them out if you are so inclined.)

At Google we recognize that privacy is important. This Privacy Policy applies to all of the products, services and websites offered by Google Inc. or its subsidiaries or affiliated companies except DoubleClick (DoubleClick Privacy Policy) and Postini (Postini Privacy Policy); collectively, Google’s “services”. In addition, where more detailed information is needed to explain our privacy practices, we post supplementary privacy notices to describe how particular services process personal information. These notices can be found in the Google Privacy Center.

And if you click the privacy policy link from within the Google Chrome page for the download and acceptance of the EULA or Terms of Service you receive this statement:

(Click to view larger image)

What is also fascinating is that as “transparent” as Google claims to be, you can look at the Chrome EULA page yourself and see if it references any other Privacy Policy. Because right now, I’m sitting on an exact duplicate of theirs (copied and pasted in a text document) and I don’t see any reference other than the part in section 7.

And guess what I found? YET ANOTHER Privacy Policy for Chrome!
http://www.google.com/chrome/intl/en/privacy.html

Now where have we seen this kind of statement before?

In addition, some Google Chrome features send limited additional information to Google:

* When you type URLs or queries in the address bar, the letters you type are sent to Google so the Suggest feature can automatically recommend terms or URLs you may be looking for. If you choose to share usage statistics with Google and you accept a suggested query or URL, Google Chrome will send that information to Google as well. You can disable this feature as explained here.
* If you navigate to a URL that does not exist, Google Chrome may send the URL to Google so we can help you find the URL you were looking for. You can disable this feature as explained here.
* Google Chrome’s SafeBrowsing feature periodically contacts Google’s servers to download the most recent list of known phishing and malware sites. In addition, when you visit a site that we think could be a phishing or malware site, your browser will send Google a hashed, partial copy of the site’s URL so that we can send more information about the risky URL. Google cannot determine the real URL you are visiting from this information. More information about how this works is here.
* Your copy of Google Chrome includes one or more unique application numbers. These numbers and information about your installation of the browser (e.g., version number, language) will be sent to Google when you first install and use it and when Google Chrome automatically checks for updates. If you choose to send usage statistics and crash reports to Google, the browser will send us this information along with a unique application number as well. Crash reports can contain information from files, applications and services that were running at the time of a malfunction. We use crash reports to diagnose and try to fix any problems with the browser.
* You may choose Google as your search engine using Google Chrome, and you may also use Google Chrome to access other Google services such as Gmail. The Privacy Policies of Gmail or other services apply when you access them, no matter which browser you use. Using Google Chrome to connect to Google services will not cause Google to receive any special or additional personally identifying information about you.

Google Suggest feature = Microsoft Suggest a site feature. And if you click the here link (that I didn’t include) about turning off the feature, it doesn’t tell you if it stops sending information back to Google or not! Not so transparent after all! (And if you want to read something really scary, read the EULA and privacy policies for Google search and Gmail along with some of the other apps!)

Okay, granted we know Google makes its money in the search and online advertising business. And unlike Microsoft, who takes your money and then covertly spies on you, Google tells you they are spying but they give you the stuff free!

On the other hand, we have Firefox 3. The most secure browser produced to date by Mozilla and Open Source with no spying and free. Hmmmmmm, which one do you suppose I’m leaning toward?

And while I’m on the subject of Firefox 3, can I request an extension? There is one thing that Google has that I’d like to see in a modified version. Their Most Visited websites page.

(Click to view larger image)

See the cool 9 boxes that previews the pages you visit most frequently? Well, I would like a Firefox extension that would allow me to make a home page with customized little previews like Google Chrome. 9 boxes just like that, but I put in the websites I want to display as my home page. Any takers?

It looks to me that this is just Google’s version of YET another Big Brother Browser!

Tomorrow, Google Chrome Security! Hint: NOT!

written by Admin \\ tags: Big brother, big brother browser, end users licensing agreement, eula, firefox, google, google chrome, Microsoft, personal information, privacy, privacy policy, spying, spyware, Terms of Service

Yesterdays Microsoft Partner e-mail grabbed my attention as soon as it appeared in my inbox. There it was. A gleam of hope sparkled in my eyes and soul.

Had Microsoft finally, “GOT IT?”

The description looked tantalizing. Anonymous browsing – not even Firefox could do that without the aid of a plug-in or extension! Accelerators teasingly resembled those Firefox additions that enhance the users browsing experience. Dare I hope? Was this finally a serious Microsoft contender to Firefox? I had to have it!

Rest easy Open Source junkies. The new Microsoft Internet Explorer 8 Beta 2 is a wolf dressed in sheep’s clothing! And over the next several posts I’ll show you why!

The 15.9 MB file downloaded quickly but my hopes were soon dashed as the installation started. It was still the same old Microsoft! Still up to its old tricks trying to slip in it’s usual control by wanting me to combine all my updates along with their USELESS Malicious Software Removal Tool, thus rendering me under their total control. (Click the picture below to see a full view.)

Had I not stopped and read each screen carefully, I would have been surrendering my control of choosing which downloads to install.

They know we do that, you know. That’s why they keep trying to sneak in their software to allow their total control over your updates and downloads. They don’t want us to know what they are REALLY installing.

It didn’t take long for my hopes to continue their downward spiral into the Microsoft abyss of empty words, empty promises, and propaganda.

One of the next screens asked me if I’d like to turn on Suggested Sites. The screen states,

Do you want to discover websites you might like based on websites that you’ve visited?

(Click the picture above to see a full view.)

Hmmmm. How do you suppose they would know what websites I visited?

Oh yes! You guessed it! They will be so kind in helping suggest sites that they will keep a history of my web visits for me! Isn’t that nice of them?

First, I want you to notice that during this setup process all you see is their BS marketing descriptions of what these items are. You have no clue how this is going to affect your privacy and security. You would have to click their Privacy Statement link to view that.

So, let’s see what they say about that! The emphasis and footnote references have been added by me to help you follow along with the rest of my comments after reading this.

Suggested Sites is an online experience designed to show you which websites you visit most¹, and to provide you with suggestions of other websites you might be interested in visiting. When you turn on Suggested Sites, your web browsing history is sent to Microsoft, where it is saved ² and compared to a frequently updated list of websites that are similar to ones you visit often. You can choose to pause or stop this feature from sending your web browsing history to Microsoft at any time. You can also delete individual entries from your history at any time. Deleted entries will not be used to provide you suggestions for other websites, although they will be retained by Microsoft³ for a period of time to help improve our products and services, including this feature. Any websites you visit while InPrivate Browsing is active will not be sent to Microsoft.

When Suggested Sites is turned on, the addresses of websites you visit are sent to Microsoft, together with some standard information from your computer such as IP address, browser type, regional and language settings. To help protect your privacy, the information is encrypted⁴ when sent to Microsoft. Information associated with the web address, such as search terms or data you entered in forms might be included. For example, if you visited the Microsoft.com search website at http://search.microsoft.com and entered “Seattle” as the search term, the full address http://search.microsoft.com/results.aspx?q=Seattle&qsc0=0&FORM=QBMH1&mkt=en-US will be sent. Address strings might unintentionally contain personal information⁵, but this information is not used to identify, contact or target advertising to you.

Statistics about your usage of Suggested Sites will also be sent to Microsoft such as the time that websites were visited, which website referred you, and how you got there (e.g., by clicking a link or one of your Favorites)⁶. This information, along with the website addresses and past history, will be used to personalize your experience, as well as improve the quality of our products and services. Microsoft will not use any information collected to identify, contact or target advertising to you.

Footnote 1: Thanks Microsoft! I’m really a moron and I can’t seem to remember that myself! What kind of lame a** excuse is that for justifying your reasons for gathering information?

Footnote 2: Well the fact that Microsoft saves my information is a great disclosure. Thanks Microsoft for covering you assets there! But you know what? I’ve read the online privacy page and here’s my issue with you saving my information….

Information that is collected by or sent to Microsoft may be stored and processed in the United States or any other country in which Microsoft or its affiliates, subsidiaries, or agents maintain facilities. Microsoft may disclose this information if required to do so by law or in the good faith belief that such action is necessary to: (a) conform to the edicts of the law or comply with legal process served on Microsoft or the site; (b) protect and defend the rights or property of Microsoft and its family of Web sites, or (c) act in urgent circumstances to protect the personal safety of Microsoft employees, users of Microsoft software or services, or members of the public. Microsoft occasionally hires other companies to provide limited services on its behalf, such as providing customer support, processing transactions, or performing statistical analysis of reports. Microsoft will provide those companies only the information they need to deliver the service. They are required to maintain the confidentiality of this information and are prohibited from using it for any other purpose.

For those of you who have been numb and dumb as companies continue to take away your personal rights and privacy, the United States Privacy Laws DO NOT APPLY outside this country! Once Microsoft transfers your data outside the US or to one of their “third party” companies, you’re no longer secure and your PERSONAL DATA is no longer protected!

And what is Microsoft going to do if the company does use the data? How are they even going to know? How are you going to know that the company got your name from Microsoft?

Footnote 3: Isn’t that wonderful that Microsoft tells us that we can pause, stop, or delete our browsing history participation but they are still going to store it for us. Maybe we might want it back some day? Ya think?

Oh, I’m bad! They say they are going to use it to enhance my browsing experience! Funny but Firefox enhances my browsing experience every day and I NEVER have to give away any information to them nor their third party add-ons! Imagine that!

Give me a break Microsoft! I see where you’re going with this and I’m going to share it with the world and anyone who will listen!

Footnote 4: How generous of you to send my information encrypted! Is that because YOU don’t want me seeing what you’re sending yourself? Like I trust you? Like you’ve given me reason to trust you? NOT!

Oh yes, you’re going to protect my privacy from anyone else (aside from you) who might want to CAPITALIZE on the spying data you’re gathering in. I get it!

But let’s assume for a brief, fleeting second, that Microsoft really does care. They really are concerned about your privacy. Well, that might be believable for that fleeting second until you read Footnote 5!

Footnote 5: How can you tell me in this age of precision programming that some identifying information MIGHT be sent?

I know programming Balmer! Either you are or you aren’t. Personally identifying information doesn’t accidentally get trapped inside a string of specific data. If it is, then your programmers need how to write better code!

This is a blatant cover you’re a** statement because you know da** well you’re gathering it!

Footnote 6: Is there anyone else out there besides me that remembers the huge fight against adware and scumware? The fight against the advertising and tracking cookies?

The fight was about how unscrupulous companies were using specially formed cookies or small programming code to track where you went. What page referred you to where you got next and what you did so that they targeted advertising based on where you visited. Do you remember that?

The only difference between then and now is that Microsoft is openly telling you they are scumware and banking on YOU NOT READING the privacy statement!

If I had a dime, a lousy dime for every single person I know who clicks through these installation screens without reading and investigating what Microsoft is peddling, I’d be a very RICH person!

And wait my friends, there’s more to this whole story and tomorrow, I’m going to show you even a bigger picture everyone is missing! This does get worse!

Tune in for part 2 tomorrow…….

written by Admin \\ tags: accelerators, addons, adware, extensions, firefox, ie, Internet Explorer, internet explorer 8, malicious software removal tool, Microsoft, plugins, privacy, scumware, Security, spyware