Google Services Don't Guarantee PrivacyJournalists aren't the only ones who should take stronger security measures with online services, security researcher warns--and Google counsel agrees.
"Google's products do not meet the privacy needs of journalists, bloggers, small businesses (or anyone else concerned about government surveillance)," said Christopher Soghoian, a fellow at the Open Society Foundations, and a doctoral candidate in security informatics at Indiana University in a blog posted Wednesday.
Here's Soghoian's reasoning: Google's business model is predicated on tracking what users do, to serve them advertising, which pays Google's bills.
"Google's services are not secure by default, and, because the company's business model depends upon the monetization of user data, the company keeps as much data as possible about the activities of its users," he said. "These detailed records are not just useful to Google's engineers and advertising teams, but are also a juicy target for law enforcement agencies."
[The report that Google Says Government Requests For Data Rising--and it complies with 93% of the requests--seems to prove Soghoian's point.]
Google could encrypt the data that it stores in the cloud so that it couldn't be retrieved, even with a court order. But it doesn't. After Soghoian made this point while on a recent Internet Governance Forum workshop panel, Google chief Internet evangelist Vint Cerf--another panelist--concurred. "We couldn't run our system if everything in it were encrypted because then we wouldn't know which ads to show you. So this is a system that was designed around a particular business model," he said.
This isn't the first time that Soghoian has warned about the data security or privacy practices of Internet businesses. Earlier this year, notably, he filed a complaint with the Federal Trade Commission, accusing filesharing service Dropbox of misleading customers about the security and privacy of their files.
As that highlights, when it comes to keeping sensitive information private, it's not just Google's services that people should beware, but virtually any online service provider. As one accused member of LulzSec recently learned the hard way, even a service named HideMyAss.com specifies its own terms of service and must comply with court orders or itself face legal penalties. Skype, Google Chat, or any other VoIP-based communications provider is arguably no different.
Of course when it comes to maintaining privacy, life is more difficult for some people than others. People in countries with oppressive regimes are often forced to use state-controlled telecommunications services, for example, which may censor or restrict the sites people can use. People's communications in Iran were exposed to interception this year after an attacker managed to generate a fake digital certificate for such services as Gmail and Tor. Furthermore, while the anonymized service Tor will help disguise who's communicating with whom, even it occasionally sees flaws discovered which can make it susceptible to deanonymization attacks, at least until a patch gets issued.
- Healthcare Cloud: The Future of Medical IT
- Cloud Connect ? Cloud technologies, platforms and opportunities
- No Jitter ? Daily blogging and analysis of enterprise IP-telephony
- Stay in step with Parallel computing trends and news. Go Parallel!
- Healthcare IT Intelligence Delivered Directly To Your Inbox FREE!
- Accountable Care and the Cloud: The Future of Medical IT
- The most comprehensive programming resource @ store.ddj.com/product/13
- Threading? GPU load in Windows? Sound important? Visit Go Parallel!
- The BrainYard - The news and community site for collaboration professionals.
This technical brief describes how the BIG-IP Edge Portal app for iOS devices provides simple, streamlined access to web applications that reside behind BIG-IP APM, without requiring full VPN access, to simplify login for users and provide a new layer of control for administrators.