lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu Sep 22 09:35:20 2005
From: berendjanwever at gmail.com (Berend-Jan Wever)
Subject: Google Secure Access or "How to have
	peopledownload a trojan."

Hi,
Maybe the frivolous way in which I addressed this problem lead people to
believe I am not to be taken seriously. I would suggest you do not judge the
book by its cover. Allow me to explain my point of view in more detail:
 1. You are not securing your information, you are putting all your eggs in
one basket.
 2. I am not disputing the _reasons_ they may have to gather information or
_what_ information the gather, I am merely pointing out that the problem is
the _fact_ that they do so.
 Google Secure Access misleads their users by implying that _no-one_ will
get to see anything of what you send to and receive from the Internet if you
use their service. But if you read their privacy policy, you will find out
that they are tracking this information themselves.
 A good deal of the services offered by Google are provided so Google can
track how you use them. This is an exchange of services, you supply Google
with your usage data and Google supplies you with whatever service you
request. You may not pay for these services with money, but you do pay for
them with information. Google uses this information to make money. I assumed
this was common knowledge.
Google may do whatever they see fit with this information within the
boundaries of the law. The law binds Google to uphold the privacy policy.
The privacy policy allows Google to do whatever they want if they so see fit
by thinking up a good reason to do so. I am not saying they will, I am
saying they can.
 Mr Boily:
I did selectively quote parts of the privacy policy; I only quoted those
parts that were relevant to my argument. Again, my argument is about the
_fact_ that they collect data, not _what_ they collect nor the _reasons_
they may have for doing so. I also supplied the link to the policy so anyone
can read the full version.
 We seem to use a different definition of spyware. This has happened before
on this list. If you Google the definition, you will find everybody has
their own. In my previous email and this I am using these definitions:
"spyware" - Any software program that monitors a persons actions without his
or her knowledge
"trojan" - Any software program that presents itself to its users as
something useful but, unknown to its user, also performs another action for
its creators.
If you agree to these definitions, you must see that Google Secure Access is
both a trojan and spyware.
 Cheers,
SkyLined

--
Berend-Jan Wever <berendjanwever@...il.com>
http://www.edup.tudelft.nl/~bjwever
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050921/2f8980bd/attachment.html

Powered by blists - more mailing lists