Saturday, November 5, 2011

Google Services Don't Guarantee Privacy

Google Services Don't Guarantee Privacy

Journalists aren't the only ones who should take stronger security measures with online services, security researcher warns--and Google counsel agrees.
10 Companies Driving Mobile Security
10 Companies Driving Mobile Security
Anyone with information they want to keep private, especially from the government: Don't use Google products or services.

"Google's products do not meet the privacy needs of journalists, bloggers, small businesses (or anyone else concerned about government surveillance)," said Christopher Soghoian, a fellow at the Open Society Foundations, and a doctoral candidate in security informatics at Indiana University in a blog posted Wednesday.

Here's Soghoian's reasoning: Google's business model is predicated on tracking what users do, to serve them advertising, which pays Google's bills.

"Google's services are not secure by default, and, because the company's business model depends upon the monetization of user data, the company keeps as much data as possible about the activities of its users," he said. "These detailed records are not just useful to Google's engineers and advertising teams, but are also a juicy target for law enforcement agencies."

[The report that Google Says Government Requests For Data Rising--and it complies with 93% of the requests--seems to prove Soghoian's point.]

Google could encrypt the data that it stores in the cloud so that it couldn't be retrieved, even with a court order. But it doesn't. After Soghoian made this point while on a recent Internet Governance Forum workshop panel, Google chief Internet evangelist Vint Cerf--another panelist--concurred. "We couldn't run our system if everything in it were encrypted because then we wouldn't know which ads to show you. So this is a system that was designed around a particular business model," he said.

This isn't the first time that Soghoian has warned about the data security or privacy practices of Internet businesses. Earlier this year, notably, he filed a complaint with the Federal Trade Commission, accusing filesharing service Dropbox of misleading customers about the security and privacy of their files.

As that highlights, when it comes to keeping sensitive information private, it's not just Google's services that people should beware, but virtually any online service provider. As one accused member of LulzSec recently learned the hard way, even a service named HideMyAss.com specifies its own terms of service and must comply with court orders or itself face legal penalties. Skype, Google Chat, or any other VoIP-based communications provider is arguably no different.

Of course when it comes to maintaining privacy, life is more difficult for some people than others. People in countries with oppressive regimes are often forced to use state-controlled telecommunications services, for example, which may censor or restrict the sites people can use. People's communications in Iran were exposed to interception this year after an attacker managed to generate a fake digital certificate for such services as Gmail and Tor. Furthermore, while the anonymized service Tor will help disguise who's communicating with whom, even it occasionally sees flaws discovered which can make it susceptible to deanonymization attacks, at least until a patch gets issued.

T-Shirt Giveaway: Each week we're selecting one great comment from our readers. The author of the comment will receive an InformationWeek Community t-shirt. So get posting! Did you know you can style comments using tags and upload your avatar photo? To upload your avatar photo, first . Once your profile is complete, you may .
Secure iPhone Access to Corporate Web Applications
This technical brief describes how the BIG-IP Edge Portal app for iOS devices provides simple, streamlined access to web applications that reside behind BIG-IP APM, without requiring full VPN access, to simplify login for users and provide a new layer of control for administrators.
Learn More

Source: http://www.informationweek.com/news/security/privacy/231902256?cid=RSSfeed_IWK_Internet

hot potato cafe bank of america webs... lisa barber

No comments:

Post a Comment