Google Services Dont Guarantee Privacy

  /     /     /  
Publicated : 22/11/2024   Category : security


Google Services Dont Guarantee Privacy


Journalists arent the only ones who should take stronger security measures with online services, security researcher warns--and Google counsel agrees.



10 Companies Driving Mobile Security (click image for larger view and for slideshow)
Anyone with information they want to keep private, especially from the government: Dont use Google products or services.
Googles products do not meet the privacy needs of journalists, bloggers, small businesses (or anyone else concerned about government surveillance), said Christopher Soghoian, a fellow at the Open Society Foundations, and a doctoral candidate in security informatics at Indiana University in a
blog
posted Wednesday.
Heres Soghoians reasoning: Googles business model is predicated on tracking what users do, to serve them advertising, which pays Googles bills.
Googles services are not secure by default, and, because the companys business model depends upon the monetization of user data, the company keeps as much data as possible about the activities of its users, he said. These detailed records are not just useful to Googles engineers and advertising teams, but are also a juicy target for law enforcement agencies.
[The report that
Google Says Government Requests For Data Rising
--and it complies with 93% of the requests--seems to prove Soghoians point.]
Google could encrypt the data that it stores in the cloud so that it couldnt be retrieved, even with a court order. But it doesnt. After Soghoian made this point while on a recent
Internet Governance Forum workshop panel
, Google chief Internet evangelist Vint Cerf--another panelist--concurred. We couldnt run our system if everything in it were encrypted because then we wouldnt know which ads to show you. So this is a system that was designed around a particular business model, he said.
This isnt the first time that Soghoian has warned about the data security or privacy practices of Internet businesses. Earlier this year, notably, he filed a complaint with the Federal Trade Commission, accusing filesharing service Dropbox of misleading customers about the
security and privacy of their files
.
As that highlights, when it comes to keeping sensitive information private, its not just Googles services that people should beware, but virtually any online service provider. As one accused member of LulzSec recently
learned the hard way
, even a service named HideMyAss.com specifies its own terms of service and must comply with court orders or itself face legal penalties. Skype, Google Chat, or any other
VoIP-based communications provider
is arguably no different.
Of course when it comes to maintaining privacy, life is more difficult for some people than others. People in countries with oppressive regimes are often forced to use state-controlled telecommunications services, for example, which may
censor or restrict
the sites people can use. Peoples communications in Iran were exposed to interception this year after an attacker managed to
generate a fake digital certificate
for such services as Gmail and Tor. Furthermore, while the anonymized service Tor will help disguise whos communicating with whom, even it occasionally sees flaws discovered which can
make it susceptible to deanonymization attacks
, at least until a patch gets issued.
(click image for larger view)
Slideshow: 10 Massive Security Breaches
But news organizations should also get a clue about security, said Soghoian, and do right by their confidential sources.
The Wall Street Journal
, for example, launched a WikiLeaks knockoff,
SafeHouse
, in May. But privacy experts
blasted the site
for a string of security shortcomings, including poor SSL implementation, as well as Adobe Flash as a choice of uploader, since it would defeat anonymizing technologies such as Tor. In addition, the sites
terms of service
further break that safe house metaphor, saying that we reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice.
Besides Google and its ilk, as well as media organizations, Soghion also singled out journalists for failing to practice proper privacy, for example by not using secure communications. Many major media organizations have distanced themselves from WikiLeaks, which, they tell us, is reckless, and does not engage in real journalism, said Soghoian in an
op-ed
published last week in
The New York Times
. But if the hallmark of quality journalism is the ability to protect confidential sources, then WikiLeaks should, in fact, be seen as a beacon of best practices.
Will DeVries, policy counsel at Google, concurred with that piece. Journalists (and bloggers, and small businesses) need to take a couple hours and learn to use free, widely available security measures to store data and communicate, he said
via Google+
. In other words, dont trust in Google to keep your data secure.
What could journalists--or businesses owners concerned with
blocking industrial espionage attacks
--do better? Start by encrypting stored data and transmitting sensitive information in encrypted format.
In addition, when it comes to protecting confidential sources and securing transmitted information, look to the standard set by
WikiLeaks
, said Soghoian. Whatever one thinks of Mr. Assange, he is a skilled data security expert. He knows an awful lot more about information security than even the most tech-savvy journalist, he said. His platform appears to have worked: none of WikiLeaks confidential sources have ever been exposed by the organization. (Bradley E. Manning, the detained Army private who has been accused of the leak, was exposed by an acquaintance.)
Until journalists take their security obligations seriously, it will be safer to leak something to WikiLeaks--or groups like it--than to the mainstream press, he said.

Last News

▸ Nigerian scammers now turning into mediocre malware pushers. ◂
Discovered: 23/12/2024
Category: security

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Services Dont Guarantee Privacy