| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Wed Sep 21 09:53:04 2005 From: berendjanwever at gmail.com (Berend-Jan Wever) Subject: Google Secure Access or "How to have people download a trojan." This is a quite pathetic attempt to install a trojan, let me explain: <snippets href="http://wifi.google.com/faq.html"> 1. "Google Secure Access is a downloadable client application that allows users to establish a more secure WiFi connection." 2. "...your internet traffic will be encrypted, preventing others from viewing the information you transmit." </snippets> So, by "more secure" Google means using encryption to prevent "others" from sniffing your packets. That's nice! What else does it do? Here's some information from the privacy policy: <snippets href="http://wifi.google.com/privacy-policy.html"> 1. "Google may log some information from your web page requests ..." 2. "Google also logs a small set of non-personally identifiable information ..." 3. "Google will not sell or provide personally identifiable information to any third parties except ..." 4. "... we may for a limited period of time preserve additional internet traffic or other information." </snippets> Aha! What we have here is trojan spyware! It does exactly what it is supposed to protect you from. The second snippet clearly states that this concerns NON-personally identifiable information... what about the information mentioned in the first snippet, is that personally identifiable? I guess so; the third snippet mentions Google selling or providing personally identifiable information, this must have come from somewhere! In the third snippet, Google neglects to mention non-personally identifiable information. What about selling that? I guess they do! The best thing about the whole policy is the last snippet, which undoes _everything_ stated before it. Nice one Google!! ;) I suggest that Google comes clean and replaces their privacy policy with a shorter, less confusing version: *Here's some candy, go play!* Btw. All your base are belong to us. Cheers, SkyLined -- Berend-Jan Wever <berendjanwever@...il.com> http://www.edup.tudelft.nl/~bjwever -------------- next part -------------- An HTML attachment was scrubbed... URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050920/c90f158c/attachment-0001.html
Powered by blists - more mailing lists