Wednesday, October 20, 2004
Simon Moores Is Worried About Google Desktop Privacy
Simon Moores on Computer Weekly worries that Google Desktop's privacy policy allows it to send Google personally identifiable information, and he's not the only one. Currently, a Google News search for Google turns up a lot of articles concerned with the privacy implications of Google's Desktop search tool. Why are people so worried? Honestly, I have no idea. The Privacy Policy is very specific about the fact that it only sends back non-personally identifiable information, like how long a search takes, so Google can improve the speed. Also, when checking for new updates, it sends your id number and version number. And you can turn off most of those anyway. It ain't exactly Gator, folks. So, when Simon worries that Google Desktop will somehow get him arrested for having downloaded MP3s, trust me when I say this: If someone has access to your computer, they will find your stolen music. If they don't, they won't. The only difference is that if you have Google Desktop, they will be able to find it faster. But if someone already has access to your computer, Google Desktop is the least of your problems.
Comments:
<< Home
It's not that I don't trust Google. Well, OK, it is. How do I know that the privacy policy is being abided by?
There are good reasons to both trust and mistrust Google. You can trust them because, thus far, they have never sold out their users. Or you cannot trust them because they are one of the most secretive large companies in the world. It's a toughie. I trust Google, but I encourage everyone to come to their own conclusions.
Trust is good. Verification is better. I'd rather not *have* to trust Google to use Google software.
For example, I could install Google Desktop... and tell my personal firewall to never allow it to phone home.
Or I could ask Google nicely :) to let me review the source code for Google Desktop, so I could verify that it isn't doing anything nasty.
For example, I could install Google Desktop... and tell my personal firewall to never allow it to phone home.
Or I could ask Google nicely :) to let me review the source code for Google Desktop, so I could verify that it isn't doing anything nasty.
Why be worried? If they arrest you for something found by google through google desktop, sue them for the amount of money you will be fined. If your really so worried, install a firewall and block its internet conections. Or is everyone afraid of zonealarm too now? I trust google, I use gmail for email, deskbar for searching, toolbar for searching a site, gmail notifier for checking my email, I use heaps of google products, so if they break their privacy policy and start searching my computer for mp3s, I'll sue them for unauthorized data access. Simple.
That's your choice and I respect that. But I for one hold Google to Caesar's-wife-style morality. Even the appearance of immorality is fatal.
Why? Because the consequences of immorality are huge. Much bigger than any other organization, with the possible exceptions of Microsoft and your local government.
Why? Because the consequences of immorality are huge. Much bigger than any other organization, with the possible exceptions of Microsoft and your local government.
The only possible way to truly trust software is to write it yourself. Any software made by any company, group, or individual, could be dialing home with your personal info. You have to take the company on faith. As long as they have given you reason to trust them, I believe you can. And if you don't believe you can, it's not like you have a choice.
Very few people can read the source code themselves. Source code is rarely made available, and a company like Google can't make source code of their major products available. And, based on the theory that "you can't trust anyone, even based on their record or their word", how can you trust any watchdog?
And finally, Google Desktop has to phone home for one simple reason: It's beta! Beta products have to send data back to the company, so the company can keep track of the performance. Anyone who doesn't like that should simply wait for the final release. Anyone who runs Desktop and turns off the bug and usage reports is basically taking the software and not helping.
And finally, Google Desktop has to phone home for one simple reason: It's beta! Beta products have to send data back to the company, so the company can keep track of the performance. Anyone who doesn't like that should simply wait for the final release. Anyone who runs Desktop and turns off the bug and usage reports is basically taking the software and not helping.
Blogger has been weird all day. Apparently, while I was responding to a post, it deleted that post, and now I look like I'm having a conversation with the wall. So, this next comment, insert it before the previous comment. Got it?
Okay, now Blogger's even weirder. When I said that stuff about next comment, previous comment, that was me, only Blogger wrote anonymous. I just don't get it!
"The only possible way to truly trust software is to write it yourself"
See, it's this kind of thing that makes me leery of Google. That's flat-out false.
You could have someone else write the code. Then you could download the code, give it a once-over, and compile it. Open-Source software works exactly this way.
You could have a watchdog that you trust review the code. This could be someone that reviews open-source code for a living, or it could be someone who has signed an NDA.
You could run the app in a sandbox and see what it really tried to do. Anti-virus companies use this technique to analyze viruses, for example. When you're satisfied it doesn't do anything nasty, you could move it to your real machine.
You could get a bond from the author which he would forfeit to you if you caught the software doing something nasty. The anti-spam "Bonded Sender" program works this way, and surely something similar could be developed for desktop software.
Et cetera.
Of course, many of these methods are inconvenient - some for the person running the software, most for the person writing the software. But they exist.
It's pretty scary that Google is hiding behind the "you have to trust us because that's just how software works" blanket statement.
I'm not convinced that a free desktop search utility needs to phone home at all. It's suspicious that it phones home by default and you have to turn it off.
Maybe I'm just being paranoid.
See, it's this kind of thing that makes me leery of Google. That's flat-out false.
You could have someone else write the code. Then you could download the code, give it a once-over, and compile it. Open-Source software works exactly this way.
You could have a watchdog that you trust review the code. This could be someone that reviews open-source code for a living, or it could be someone who has signed an NDA.
You could run the app in a sandbox and see what it really tried to do. Anti-virus companies use this technique to analyze viruses, for example. When you're satisfied it doesn't do anything nasty, you could move it to your real machine.
You could get a bond from the author which he would forfeit to you if you caught the software doing something nasty. The anti-spam "Bonded Sender" program works this way, and surely something similar could be developed for desktop software.
Et cetera.
Of course, many of these methods are inconvenient - some for the person running the software, most for the person writing the software. But they exist.
It's pretty scary that Google is hiding behind the "you have to trust us because that's just how software works" blanket statement.
I'm not convinced that a free desktop search utility needs to phone home at all. It's suspicious that it phones home by default and you have to turn it off.
Maybe I'm just being paranoid.
It's easy for clever hackers (as in programmers) to see exactly what information Google sends home. (Read for example Steve Gibson's campaigns against spyware on grc.com) If anything contravening their privacy policy is found, you can bet the news will be all over the web in a matter of days, and there's no way Google'll risk that.
Here's an example of how proprietary source code can be disclosed in an appropriate fashion
(following quote is from the Florida state website
http://election.dos.state.fl.us/dreinfo/issuePaper.pdf
)
Source code is required by law to be escrowed with the
State as well as escrowed with the independent testing authority. Additionally, NASED
requires the manufacturer’s software to be escrowed with its written source code.
Therefore, this code can always be accessed, by authorized authorities, to insure that it
hasn’t been improperly changed and is performing in the proper and authorized manner.
I particularly like the "authorized authorities" redundancy.
As for running packet traces on outgoing calls, there are all sorts of ways to hide data.
One of the simplest is to use false precision. Suppose Google reports a search timing as 2.23 seconds. It would be the easiest thing in the world to report this as 2.23*493* seconds (where the 493 is "tacked on").
What does this get Google? They could have a pre-agreed-upon sequence of codes as follows:
493: user has child porn on their computer. Report to the FBI.
847: user has documents on their computer regarding possible products that would be competitive to Google. Upload these documents, a bit at a time, in various meaningless-looking HTTP headers during their next 50 Google searches.
...
This would be very hard to crack.
(following quote is from the Florida state website
http://election.dos.state.fl.us/dreinfo/issuePaper.pdf
)
Source code is required by law to be escrowed with the
State as well as escrowed with the independent testing authority. Additionally, NASED
requires the manufacturer’s software to be escrowed with its written source code.
Therefore, this code can always be accessed, by authorized authorities, to insure that it
hasn’t been improperly changed and is performing in the proper and authorized manner.
I particularly like the "authorized authorities" redundancy.
As for running packet traces on outgoing calls, there are all sorts of ways to hide data.
One of the simplest is to use false precision. Suppose Google reports a search timing as 2.23 seconds. It would be the easiest thing in the world to report this as 2.23*493* seconds (where the 493 is "tacked on").
What does this get Google? They could have a pre-agreed-upon sequence of codes as follows:
493: user has child porn on their computer. Report to the FBI.
847: user has documents on their computer regarding possible products that would be competitive to Google. Upload these documents, a bit at a time, in various meaningless-looking HTTP headers during their next 50 Google searches.
...
This would be very hard to crack.
These are all plausable.
That is, untill you see the license agreement, which if I remember correctly, states that they can't see into your commputer. Like I said earlier, if they charge you, or if someone tells the FBI your a sick pervert (which you would deserve) sue them and make bail.
That is, untill you see the license agreement, which if I remember correctly, states that they can't see into your commputer. Like I said earlier, if they charge you, or if someone tells the FBI your a sick pervert (which you would deserve) sue them and make bail.
http://desktop.google.com/eula.html
...
Changes to Terms and Conditions
Google reserves the right to modify these Terms and Conditions from time to time in its sole discretion, without notice or liability to you. You agree to be bound by these Terms and Conditions, as modified. Please review the most current version of the Terms and Conditions from time to time, located at desktop.google.com/eula.html (or such successor URL as Google may provide), so that you will be apprised of any changes.
Post a Comment
...
Changes to Terms and Conditions
Google reserves the right to modify these Terms and Conditions from time to time in its sole discretion, without notice or liability to you. You agree to be bound by these Terms and Conditions, as modified. Please review the most current version of the Terms and Conditions from time to time, located at desktop.google.com/eula.html (or such successor URL as Google may provide), so that you will be apprised of any changes.
<< Home