Tag Archives: privacy
Chrome the Only Major Browser Not Hacked at Pwn2Own
Posted on 28. Mar, 2010 by Daniel Cawrey. 
10 Comments
While news has been sparse since Day 1 of Pwn2OWn, word is that Chrome was the only major browser to make it through the entire competition unscathed. That means it even got through the vaunted Windows XP Day 3, where many expected that Chrome would be exploited by using some of XP’s inherent holes. Not to mention withstanding the service packs that XP is nine years old.
Major browsers such as IE8, Safari and Firefox were hacked within minutes of the start.
Pwn2Own, by the way, is a contest that awards “researchers” cash prizes for successfully hacking computer platforms – prizes in the range of $10,000 to $15,000 plus the computer that they are hacked on.
OK, so Chrome made it through. But let’s think about this. Chrome has only been out since 2008, and there still aren’t that many users who have adopted it yet. W3schools, a web developer site, cites an 11.6% rate of users who visit their site as running Chrome for February 2010. And that is a site for early adopters of web technology! The real number for the entire web population is probably closer to five percent. That may be one of the reasons that researchers have yet to find vulnerabilities in it: they hack what they know, which are the other browsers out there.
Of course, there is also the idea that the other browsers on the market are simply weaker than Chrome which is also a possibility. There was some stir in the days leading up to the contest that Google quickly patched up a slew of security flaws in what was seen as a pre-emptive move. But when you are actually awarding outside experts with cash when they see a flaw in Chrome, it’s probably easier to patch up things that may be hard to see when they are right in front of you.
Concerned About Privacy? Scroogle Scrapes Your Searches
Posted on 24. Mar, 2010 by Daniel Cawrey. 0 Comments
It’s no joke that Google is everywhere – we hear this piece of information so often it’s beginning to become something that we no longer think about. There are some serious privacy issues that are presented when thinking of how much information Google collects in order to make a tidy profit, and most of us just assume that we can expect Google to make the best judgment about what to do with that information.
Enter Scroogle. If anything else, I guarantee you will find some entertainment by visiting this unique site. But its main purpose is to offer folks the ability to conduct searches without having any data sent back to Google. The way it works is pretty straightforward: the cookie that is assigned a unique identifier by Google is used once and then trashed by the Scroogle servers within an hour, and their logs are deleted within 48 hours. Therefore, Google gets a cookie that has some information, but has no real way to use it since it is used only once and then thrown away.
The site even offers instructions on how to make Scroogle the default search in whatever browser you use with their own SSL sever, claiming under the instructions for Chrome that it “phones home a lot”.
According to the site statistics, Scroogle is used quite a bit. It does over 300,000 scraped searches every day and is on a steady rise. It’s ranked as one of the top ten thousand sites on the web by Alexa, an impressive feat considering a search (non-Scroogled, by the way) for the site offered very little information on the site. There’s a Firefox add-in for Scroogle, but I suspect that we won’t be seeing an official Chrome Extension anytime soon. Give it a shot if you are concerned that Google or perhaps another organization such as your ISP is looking over your shoulder a bit too much.
Video: The Hungry Beast Does Google
Posted on 18. Mar, 2010 by Daniel Cawrey. 0 Comments
This is a video that was made by an Australian ABC television show called “The Hungry Beast”. It’s a great rundown on all of the applications and services that Google is providing for people and offers some good statistics, like the fact that they have almost half a million servers to run their business. The graphics are excellent, and the ending is a bit surprising. It tells you what the Hungry Beast really thinks of Google:
I guess you really have to think objectively about what Google is doing. Sure, they collect a lot of information about us in order for them to best serve advertising. But what they offer us in return are services that are free to us. No one is really forced to use Google and until they unveil the Google Death Star service I’m going to keep using them.
If you’re interesting in learning more about privacy and Google, including the tit for tat between Eric Schmidt and security expert Bruce Schneier a few months ago check out this post.
Video: Managing Cookies in Chrome Browser
Posted on 07. Mar, 2010 by Daniel Cawrey. 1 Comments
I came across this Google video today and found it useful. Cookies are an important element in the overall web browsing experience as they allow you to have settings saved on your favorite websites by storing some of your preferences. Plus, this video actually shows you how to create exceptions for cookies on particular sites if you were inclined to do so. To get a broad sense about cookies and how to manage them in Chrome browser, check out this clip:
It’s done pretty quickly in the example provided here, but you can get to your cookies settings by going to the Options menu and then from the Under the Hood Tab you can select the Content Settings button at the top.
There used to be a lot of concern over cookies and what kind of information is actually stored, but the reality is that since sites are no longer static pages having cookies is helpful. Cookies are almost necessary now so that you can avoid performing repetitive tasks on the web. There still are some privacy concerns, but most websites that are reputable have strong privacy policies and are in business to provide the end user with a good web experience.
Google has some pretty strongly worded privacy statements as well, however I think some of that is a direct response to the media’s reaction in regards to how much they actually know about internet users. Paying attention to their actions as opposed to their words is a key factor in this realm. Here’ s to hoping that they remain committed to doing the right thing as they continue to become ever more omnipresent.
Google Announces Chrome 4.1 With Translation, Enhanced Privacy
Posted on 02. Mar, 2010 by Daniel Cawrey. 0 Comments
In an effort get as many people as possible starting to use their new integrated translation feature that is already a part of Chrome 5, Google has announced Chrome 4.1 Beta. Chrome 4 is a more stable release than Chrome 5, which is a version better suited for developers who are working on extensions and other miscellansoues features of the browser.
As previously mentioned here, future versions of Chrome will not require you to have to download a separate Google Translate extension, rather, when you are at a site that is not in your normal language for browsing you will be prompted for a translation. Check out the official video of the feature:
Additionally, there are some enhanced privacy features in 4.1. When pressing the Content Settings button under the Privacy header you get a good deal of options on how you would like Chrome to handle cookies for various sites. You can check out 4.1 here, by downloading the Beta Channel release. If you are already in the Beta Channel, you don’t have to do anything, as Chrome will update itself.
Maybe Google Knows Too Much, GoogleSharing Can Help
Posted on 20. Jan, 2010 by Daniel Cawrey. 4 Comments
I’ve previously written about the security implications that come with using Google’s services. However, this is especially problematic when you consider that if the trend of cloud computing and thin application technology is to continue, eventually a good portion of information about you will be stored on Google’s own servers. There are a wide array of issues associated with that – from Google using your tendencies to make more money, or possible ramifications that could occur if Google’s data were to be comprised in a more serious manner than the recent Chinese attacks that targeted activists from that country.
That’s why when I came across GoogleSharing, I was intrigued. To be honest, at first I thought that this was something that came from Google. The look of the site would certainly indicate that, complete with privacy quotes on the left hand side from CEO Eric Schmidt. But the reality is that it’s an independently developed experimental (for now) plugin for Firefox that allows users to search with Google independently. I say search because this plugin currently does not anonymize for use of Google’s Mail, Checkout, Health, Sites, Docs, and Reader applications.
Installation of GoogleSharing was done in a snap. Within Firefox you will see some text in the lower right hand side that indicates whether or not GoogleSharing is enabled. Right clicking on this area will also allow you to open an options menu to change the anonymous proxy settings if you wanted to. The add-in basically uses a proxy that is located at proxy.googlesharing.net that does a number of things to essentially confuse the engine that captures Google queries for search, as well as analytics.
One of the ways, among others that are detailed on the GoogleSharing site is that this works to submit to Google cookies that are “fresh”. This means that they are blank slates that don’t contain any of the usual information that would normally be saved during a browsing session that Google is then able to parse through its intricate data collection architecture. However, there is no way to avoid using some of these service such as Gmail and Google Checkout in a manner that is anonymous, and therefore everything that you do on these services is saved and could potentially be used as a profile that could sell you things such as ads in the future.
Not to say that is what Google using our search information, but who really knows other than those who are insiders? And do you think there would be a plugin like this available for Chrome browser?
McAfee Reports Chrome OS as 2010 Security Threat
Posted on 30. Dec, 2009 by Daniel Cawrey. 3 Comments
In a ten page report that was released Tuesday, McAfee outlined its predictions for computer security trends in 2010. Along with Twitter as well as Adobe’s Flash and Reader programs, McAfee is reporting that Chrome OS is going to be one of the top computer security issues that will have vulnerabilities in 2010.
In their 2010 Threat Predictions Report McAfee states, “HTML 5 will blur the line between desktop and online applications. This, along with the release of Google Chrome OS, will create another opportunity for malware writers to prey on users. ”
Google Wave is also singled out in the report, warning that the eXtensible Messaging and Presence Protocol (XMPP) is vulnerable to attacks.
We’ve previously written about HTML-5, and it’s going to be a pretty impressive advancement in terms of web technology and how the browser will be able to interpret code. However, it’s hard to say whether Chrome OS alone will be the single weak point in the emergence of HTML 5. Since there has been a lot of news about Chromium as of late, identifying it as a threat now keeps developers, network administrators and security professionals on their toes about potential attacks that could occur.
This is new territory for Google, as in the near future their hardware/software products are now going to be integrated into the computer infrastructure that we users interact every day with, and that is an appealing target for hackers.
The report does offer a positive outlook on the ability of law enforcement to stop cybercrime.
Will Privacy Concerns Play a Role in Chrome OS’s Popularity?
Posted on 14. Dec, 2009 by Daniel Cawrey. 2 Comments
Over the weekend I had a chance to watch the CNBC program “Inside the Mind of Google” that was very in-depth and insightful, explaining not only the basic business tenets of the company but also delving into where the company is going in the future. They spent some time looking at the vetting process for Google Goggles, which allows you to send photos taken with your smartphone straight to a query which brings back Google search results.
The most intriguing portion of the hour-long show was its look into the privacy issues that face Google. They spent some time exploring some issues that although I was aware of, I never really spent a lot of time considering. The reality is that people put things into the query box that they would not tell those closest to them, even their doctor. CEO Eric Schmidt had this to say:
“I think judgment matters. If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. If you really need that kind of privacy, the reality is that search engines — including Google — do retain this information for some time and it’s important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.”
I like Google. I really do. I think they are doing some interesting things, and I want to see Chrome OS be successful. I think it has potential to be something really special and different from the way that we experience the internet as well as computer interfaces right now. When I first heard these words, I didn’t really think much about them. But the reality is that we all need to have our privacy, and I’m not quite sure I’m comfortable with this view of privacy. Security expert Bruce Schnier has offered his opinion, offering a rebuttal on his website to Schmidt’s quote above. You can check it out yourself, but Schnier essentially says that there are indeed elements of our life that are private and that we have to that privacy if we so choose.
This puts Google and its intentions in the spotlight. If Chrome OS is to be put on netbooks, smartbooks or some other networked device – your data will be on their servers since the central element of the operating system is to be a catalyst to put everything into the cloud to make a system that is faster and lighter than existing options that are out there today.
I don’t disagree with this idea, I actually think it is a good one. But there needs to be standards that ensure my data is properly protected. Who knows where that information may reside in twenty years? There are going to be people that are going to have problems with this idea, and I don’t blame them, and I hope we get some clear guidelines regarding privacy as we get closer to a release date for Chrome OS.
What do you think? Are you concerned about your data being in the cloud?
