Sunday, March 11, 2012

What's with Google?

*******
*******
Google Privacy Checklist: What to Do Before Google's Privacy Policy Changes on March 1
If you use Gmail, Google Docs, or any other popular G-service, you’re about to surrender a lot more personal information to the Googleplex...unless you take these steps to prevent it.
By Nick Mediati, PCWorld
Feb 28, 2012
We've been talking about it for weeks, but the big day is almost here: On March 1, Google will implement its new privacy policy and terms of service, unifying 70 separate privacy policies and extending them across most of Google's offerings.
This grand consolidation means that all of your Google account data will live in a single database that every Google service can access. Google Maps will have access to your Gmail data, which will have access to your YouTube history, and so on. Google insists that this change will ultimately benefit users, but privacy advocacy groups such as the Electronic Frontier Foundation fear that users will lose control over the personal data they've shared with Google.
If you'd like to exert control over your Google-based data, you still have time to act before March 1. Google's privacy settings can be tricky to navigate--the privacy Dashboard doesn't provide full access to all privacy settings, and Google's Data Liberation tool doesn't support everything yet. But these tips should help limit what Google can find out about you.
Check the Dashboard
Your first destination is Google Dashboard. It provides an overview of the information Google has stored on your account across many of its most popular services. To get started, go to google.com/dashboard and log in with your Google account (typically an email address). There, you can see much of the data that Google has on you--from your Google+ account to your Gmail account.
Take a few minutes to click through the various services and to review the information Google is storing. Then clear out any data you no longer want associated with your account.
Clear Your Google Web History
Google Web History keeps track of your Web browsing in order to help Google serve up more-relevant search results, According to the company, Google Web History "saves information about your web activity, including pages you visit and searches on Google. Over time, the service may use additional information about your activity on Google or other information you provide us in order to deliver a better search experience."
Even while you’re logged out of your Google account, Google achieve a similar effect by tracking your search history via a browser cookie.
To turn this off, visit google.com/history while signed into your Google account and click Remove all web history. In the next screen, click OK to confirm your decision, and thenceforth Google will no longer track your Web history for the sake of improving search accuracy. As the EFF notes, however, Google may still log this information for various internal purposes.
If you don't have a Google account, or if you're logged out of your account, visit google.com/history/optout and click Disable customizations based on search activity.
Tweak Your Ads Preferences
By default, Google serves up "personalized" ads, based on search queries or on the content of your Gmail messages. For example, if you run a search for "Mobile World Congress," Google may serve up an ad for a phone or a tablet. If you find that kind of activity too invasive (or just plain creepy), you can dig into Google's privacy settings to disable personalized ads.
Head on over to Google's Ad Preferences page; and in the left-hand column, under 'Ads on Search and Gmail', click Opt out. From there, click the Opt out button to the right, and Google will stop serving up personalized ads based on your search results.
You can also opt out of personalized ads that appear on other sites through Google's Web ad services. In the left-hand column of the same Ad Preferences page, under 'Ads on the Web', click Opt out, and then click the blue Opt out button to the right.
Liberate Your Data
If you want to remove some (but not all) of your personal data from multiple Google services, head over to Google Takeout, which lets you download a copy of your data from Google Buzz, Circles, Docs, Picasa Web Albums, Gmail contacts, and other tools and services. Get started by logging in to the Google Takeout page. Once there, you can download your data for all supported services, or you can pick and choose the data you want to download. Once you've chosen what you want to download, click the Create Archive button at the bottom of the page. Google Takeout will create an archive consisting of your downloadable data (it may take a few minutes for Google Takeout to create the archive for you).
After downloading the archive, you can delete the data from the individual Google services. Unfortunately, doing so is a manually operation--Google doesn't let you automatically delete the data you download from its servers. In addition, Google Takeout doesn't yet support all of Google’s services, so you won't be able to take everything with you. Still, some data removal is better than none.
The Nuclear Option: Delete Your Google Account
If you feel truly paranoid, you can remove your Google account completely. Deleting your account will mean losing all of the information associated with it, including your Gmail account, your Google+ profile, and anything you've stored within Google Docs.
If you're willing to take the leap, log in to your Google account and visit your account settings page. Scroll to the bottom and, under Services, click Close entire account and delete all services and info associated with it. On the next page, Google will ask you to confirm that you really, truly want to delete your account. Follow the instructions, enter your password, take a deep breath, and click Delete Google Account.
On the other hand, you may want to delete just your Google+ account. If so, scroll to the bottom of the account setting page, and click Delete profile and remove associated Google+ features. From there, you can delete your Google+ content or your entire Google profile, which will remove you from Google+, Google Buzz, and several other services.
We're all for personal privacy, of course, but we also appreciate convenience. If you feel the same way, and you can deal with the reality that Google probably already knows a lot about you (and will soon know even more), you can leave your Google account as it is.
If you're on the fence, or just want to be fully informed about how Google collects and uses personal data, we recommend that you take one more step: Read Google's overview of its new privacy policy, or take the plunge and read the revised policies for yourself.
*******
Google Hacked Internet Explorer To Spy On Users, Just Like Safari
by Alexander Higgins
February 21, 2012
Microsoft reveals Google hacked Internet Explorer, just like Safari, so they could track people’s online activity everywhere on the internet.
Apple recently reported that Google hacked their Safari web browser so they could track users online activity on MAC computers and notebooks as well as on all of Apple’s popular handheld electronics with online capabilities such as the iPhone, iPad, and iPod.
That announcement made Microsoft engineers suspicious that Google may have employed similar measures to bypass Internet Explorer’s security settings to track all of IE users online activity as well. Sure enough, Microsoft has come forward to say Google has employed a different hack which achieved the same results on the world’s most popular web browser.
I was to place I bet, I would bet that Mozilla engineers will soon make the same announcement about the Firefox web browser.
Tech News reports:
Microsoft Calls Google a Cookie Monster
Safari users aren’t the only ones who may be unintentionally picking up tracking cookies from Google as they surf the Web. The search provider also stuffs Internet Explorer with cookies, according to Microsoft. The methodology is different, but the result is the same. In response, Google said the result is due to IE using outdated and impractical standards.
Google is tracking users of the Internet Explorer Web browser without their knowledge, Microsoft has asserted.
After news emerged last week that Google had bypassed the privacy settings of Apple’s Safari browser, Microsoft researchers began looking into whether the search giant was also playing fast and loose with IE’s settings.
However, IE 9 has an additional privacy feature called “Tracking Protection” that blocks the method Google is using, Microsoft said. Users without IE 9 or who have the feature turned off may be susceptible.
Google “basically hacked IE differently than they hacked Safari, but the result is pretty much the same — they overrode the browsers’ capability to block cookies and prevent reporting,” Rob Enderle, principal analyst at the Enderle Group, told TechNewsWorld. Google “appears to be intentionally violating the privacy rights of users of third party products.”
Google’s actions are “concerning at any level, being misleading to consumers who expect these [privacy] controls to be honored and working,” Chris Babel, CEO of TrustE, told TechNewsWorld.
What Google Did
Internet Explorer uses the Platform for Privacy Preferences Project (P3P) feature to block third-party cookies unless the site they’re from sends along a Compact Policy (CP) statement indicating how it will use the cookie and stating that it won’t track the user. That policy must be in machine-readable form.
In other words, P3P appears to work on the honor system. Tell it you’ll comply and it OKs you. But if you’re sneaky enough to lie, it will let you get by anyway.
Microsoft said Google gets around P3P by leveraging a nuance that requires browsers to ignore any undefined policies they encounter. It sends along a P3P CP that is not in machine-readable form and is, therefore, undefined.
With Safari, Google used an iFrame that loaded a page containing a meta refresh to a Google ad link. If the user wasn’t logged into Google, the response directed the browser back to Google’s DoubleClick advertising platform. If the user was logged into Google, the user was directed first to Google’s authentication service and then to DoubleClick.
In the case of Safari, Google claimed the whole thing was the accidental byproduct of its creating a temporary communication link between the browser and Google servers.
Source: Tech News World
Google got around Microsoft’s privacy policies too
If you read the recent reports that explain how Google exploited a flaw in Apple’s mobile browser to potential spy on its users, you might have wondered if you were among the victims. As it turns out, engineers at Microsoft pondered the same thing.
Now following revelations that Google sent scripts to the mobile version of Apple’s Safari application to keep tracks on its users, the programmers behind Microsoft’s Internet Explorer are learning that they were also impacted by the flaw.
A researcher at Stanford University recently identified an attempt by Google in which the company bypassed the privacy settings of users of the popular Apple Safari browser by means of forcing the app to accept a small cookie file that they could then watch to monitor online activity. Not only did the maneuver allow Google to exploit millions of users of competing products, but it also meant that millions potentially had their Internet history unknowingly monitored by the search engine giants.
In the days since the news broke, Google has downplayed the development and has repeatedly insisted that the exploit was meant to make mobile browsing more seamless. “[W]e designed this so that the information passing between the user’s Safari browser and Google’s servers was anonymous — effectively creating a barrier between their personal information and the web content they browse,” a spokesperson explained.
Google claim to be developing a work-around and insist that no harm was ever intended, but now Microsoft is learning that they were exploited as well.
“When the IE team heard that Google had bypassed user privacy settings on Safari, we asked ourselves a simple question: Is Google circumventing the privacy preferences of Internet Explorer users too?” Internet Explorer executive Dean Hachamovitch writes this week on his blog. “We’ve discovered the answer is yes: Google is employing similar methods to get around the default privacy protections in IE and track IE users with cookies.”
This revelation comes after Microsoft stepped up and shunned Google over its escapade with the Safari browser. “Apparently, Google has been able to track users of Apple’s Safari browser while they surf the web on their Apple iPhones, iPads and Macs,” Internet Explorer Business and Marketing General Manager Ryan Gavin blogged last week. “This type of tracking by Google is not new. The novelty here is that Google apparently circumvented the privacy protections built into Apple’s Safari browser in a deliberate, and ultimately, successful fashion.”
Little did the IE team know that similar success was made by Google after they managed to also bypass Microsoft’s policies.
In support of Microsoft, at least it’s reassuring to know that someone still uses Internet Explorer — even if it’s for malicious means. Netscape Navigator has yet to comment as to if they were effected as well.
*******
Google Spying on You for NSA? Judge: 'None of Your Business'
'Court is not to conduct detailed inquiry to decide whether it agrees with agency'
by Bob Unruh
15 July 2011
A federal judge has ordered that whether Google is spying for National Security Agency or not, you have no right to know.
“The NSA need not disclose ‘the organization or any function of the National Security Agency, [or] any information with respect to the activities thereof,’” U.S. District Judged Richard Leon has ordered.
“Once the agency, through affidavits, has created ‘as complete a public record as is possible’ and explained ‘in as much detail as is possible the basis for its claim,’ … ‘the court is not to conduct a detailed inquiry to decide whether it agrees with the agency’s opinions,’” he said.
The demand for information had been raised by the Electronic Privacy Information Center, which said the ruling would be appealed.
“EPIC had sought documents under the FOIA because such an agreement [between Google and NSA] could reveal that the NSA is developing technical standards that would enable greater surveillance of Internet users,” the organization explained.
“The [response] to neither confirm nor deny is a controversial legal doctrine that allows agencies to conceal the existence of records that might otherwise be subject to public disclosure,” the group said. “EPIC plans to appeal this decision.”
The court opinion came as a result of a situation in which a Chinese hacking incident in January 2010 raised questions.
The group had wanted information about “arrangements with Google on cybersecurity, as well as records regarding the agency’s role in setting security standards for Gmail and other web-based applications.”
The organization explained that it was on Jan. 12, 2010, when Google said hackers from China had attacked Google’s corporate infrastructure. The company had said evidence suggested “that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists.”
The press then reported Google and the NSA “had entered into a ‘partnership’ to help analyze the attack by permitting them to ‘share critical information,’” EPIC reported. Those reports came from the Washington Post, Wall Street Journal and others.
EPIC was seeking records on any agreement between NSA and Google, communications between the groups and others. NSA denied the request even though Pamela Phillips of the NSA admitted the organization was working “with a broad range of commercial partners and research associates.”
But the agency refused to release further information, “explaining that any response would improperly reveal information about NSA’s functions and activities,” the judge said.
The agency said, “To confirm or deny the existence of any such records would be to reveal whether the NSA … determined that vulnerabilities or cybersecurity issues pertaining to Google or certain of its commercial technologies could make U.S. government information systems susceptible to exploitation or attack.’
According to the judge, the agency said “even an acknowledgment of a relationship between the NSA and a commercial entity could potentially alert ‘adversaries to NSA priorities, threat assessment, or countermeasures.”
According to Courthouse News, the Washington federal judge’s decision was to grant the NSA’s request for a summary judgment dismissing the case.
*******
Google spied on British emails and computer passwords
Computer passwords and entire emails from households across Britain have been copied by Google, the internet search giant, in a major privacy breach.
By David Barrett, Home Affairs Correspondent
23 Oct 2010
The company has admitted it downloaded personal data from wireless networks when its fleet of vehicles drove down residential roads taking photographs for its controversial Street View project.
Millions of internet users have potentially been affected.
One privacy campaigner described the intrusion as "absolutely scandalous" and called on Google to launch a full inquiry into the affair.
The Information Commissioner's Office (ICO), the privacy watchdog, said it would be looking into Google's admission.
Images for Street View were gathered by vehicle-mounted panoramic cameras starting in 2008.
In May this year, Google confessed the vehicles had also been gathering information about the location of wireless networks, the devices which connect computers to the telecommunications network via radio waves.
Now the California-based company has revealed that far more information was harvested than was previously thought, after privacy regulators in seven countries analysed the data.
"It's clear from those inspections that while most of the data is fragmentary, in some instances entire emails and URLs [web addresses] were captured, as well as passwords," said Alan Eustace, Google's vice-president of engineering and research.
"We want to delete this data as soon as possible, and I would like to apologise again for the fact that we collected it in the first place."
Street View pictures were taken in the UK, US, Germany and other countries. Sources told The Sunday Telegraph that Britain was among countries affected by the privacy breach.
The company archived all the material it had gathered, which included emails being sent by private individuals, the web pages they were viewing and passwords they may have entered as the Street View vehicle passed their homes.
It is believed that only wireless networks that were not password-protected were affected.
Simon Davies, director of Privacy International, said: "It's absolutely scandalous that this situation has developed and so many people have had their communications intercepted.
"The company must launch a full inquiry and produce a public report on exactly what happened, as well as release the audit it has already undertaken.
"There are a lot of questions that need to be answered about how and why the company did this."
Privacy International lodged a complaint with Scotland Yard earlier this year about Google's Street View activities and officers are still considering whether a crime has been committed.
Google is facing prosecution in France and a class action in the US, with similar lawsuits pending in other countries.
Street View, which allows internet users to examine photos of street scenes and view close-up images of almost every property, attracted controversy from the moment it was launched in Britain in March last year.
Critics said the photographs themselves invaded privacy and provided burglars with an invaluable research tool.
Individuals who could been seen in the photos included a man emerging from a sex shop in London's Soho; children throwing stones at a house in Musselburgh, Scotland; a man vomiting outside a pool hall in east London; and three police officers arresting a man in Camden, north London.
A Google spokesman said the wireless data was gathered so the company could amass details of "Wi-Fi" hot spots that could help provide location-based web services.
Collection of the additional data was a mistake resulting from a piece of computer code from an experimental project being accidentally included in the Street View cars' software, it added.
The ICO spokesman said: "We understand that Google has accepted that in some instances entire URLs and emails have been captured.
"We will be making inquiries to see whether this information relates to the data inadvertently captured in the UK before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers."
Daniel Hamilton, campaign director at privacy group Big Brother Watch, said: "The harvesting of sensitive personal information like this is completely unacceptable. Google is fast developing a reputation as a company that cares little for privacy or data security."
In March this year Google announced that 95 per cent of Britain's roads had been covered by Street View, amounting to nearly a quarter of a million miles from Penzance to the Shetland Isles.
The camera vehicles are still at work on Britain's roads, collecting new images and filling in gaps which remain in the panoramic sequences. 
*******

*******
Google's Wi-Fi Spying: What Were They Thinking?
By Jeff Bertolucci, PCWorld
May 15, 2010
"Don't be evil" has gone all 1984 on us. Or so it seems after Google revealed Friday that its Street View cars, in addition to snapping photos of the world's roadways, have also been collecting sensitive personal information from unencrypted wireless networks.
It was no secret that Google's cars had already been collecting publicly broadcast SSID information (Wi-Fi network names) and MAC addresses (unique numbers for devices like Wi-Fi routers). But this techie data, which is used for location-based services such as Google Maps, didn't include any "payload data," or personal information sent over the network.
Or so "Big Brother" Google claimed on April 27. But yesterday the search behemoth 'fessed up to a security gaffe of Orwellian proportions. Due to a piece of code written in 2006 by an engineer for an experimental Wi-Fi project, Google had in fact been collecting those private bits after all:
"But it's now clear that we have been mistakenly collecting samples of payload data from open (i.e. non-password-protected) WiFi networks, even though we never used that data in any Google products," wrote Alan Eustace, Google senior VP, engineering & research.
Wow. That's freaky and strange. And not in a good way, either.
Google was smart to open up about the spying incident. An attempted cover-up would have proven disastrous, particularly when numerous consumer and government agencies worldwide have criticized the search company's seemingly insatiable appetite for personal information, a quest that critics say infringes on individual privacy rights.
There's little doubt the Wi-Fi spying incident won't fade away quietly. In fact, the Electronic Frontiers Association (EFA) and Australia Privacy Foundation (APF) have joined forces to question potential security mishaps by Google's Street View, according to a report by Computerworld Australia.
The latest Street View controversy is sweet fodder for conspiracy theorists. As someone said to me responding to the news: "Imagine, Google driving around in vans, taking pictures of EVERYTHING, and gobbling up Wi-Fi signals like some new-age techno CIA." Sweet conspiracy fodder, indeed.
If nothing else, Google's security gaffe should serve as a wake-up call to clueless folk who've yet to encrypt their home Wi-Fi networks. Do you get it now? Anybody may be snooping on you.
*******