Skip to content

Recent Articles

17
Oct

Journalist’s Home Mini review unit was sending Google a recording of every sound it picked up

This journalist’s experience with a Google Home Mini is being called a glitch, or malfunction.

But let’s face it: these “smart home” devices are DESIGNED to perform 24/7 hour audio surveillance. And a user has no way of knowing when the device is “phoning home” without checking the logs. Anyone who installs one of these stupid things is signing up for the possibility of being surveilled, accidentally or intentionally by a hostile party, without knowing it.

The privacy glitch that befell Google’s new £49 ($49) Home Mini speaker last week was small but, critics might suggest, still revealing.

The trouble started when journalist Artem Russakovskii, who had been given a review unit at the launch event on 4 October, noticed that the Mini kept turning itself on even when not commanded to.

Deciding to search for clues in the device’s logs, he got a shock:

I opened it up, and my jaw dropped. I saw thousands of items, each with a Play button and a timestamp.

The Mini, it seemed had recorded and uploaded to Google every sound detected in its vicinity for a two-day period, which seemed to be every sound no matter how inconsequential. It even activated after a simple knock on the wall.

This behaviour could be disabled and recordings deleted but only at the expense of harming the system’s future voice recognition accuracy.

If you value your privacy, don’t install a so-called smart speaker in your home, whether made by Google, Amazon, Apple, or any other company. It’s not worth it. The fact that microphones and cameras are standard in laptops, tablets, and smartphones and can be remotely hijacked is problematic enough.

4
Oct

Big Brother Google unveils Clips, a $249 semi-autonomous recording device

Yikes:

Google has just announced Google Clips, a new hands-free camera that takes photos for you. Instead of having to pull yourself out of special moments to shoot photos and videos, Clips will capture moments so you can be in them.

Software is at the core of the camera, meaning Clips can be made smarter and more powerful over time as Google continues to push out new updates.

Clips can capture a 130-degree field of view at 15 frames per second. Each motion photo moment captured by Clips lasts several seconds and is called a “clip,” and they can be browsed using your Pixel phone. No audio is recorded. Each clip can be saved as motion photo, or you can select a single frame from the motion to save as an auto-enhanced, high-resolution photo.

On the front of Clips is a button for capturing photos manually. With a tiny form factor, Clips is designed to be clipped to “almost anything” or set down to document things remotely.

Clips has facial learning features — the more it sees a person, the more it learns to capture more clips of that individual. It also learns to recognize pets like cats and dogs.

Google engineers have laughably attempted to address the privacy implications of their Orwellian creation by giving it an offline mode. In other words, they’re telling potential buyers you don’t need to connect it to the Internet to use it. But of course, you’ll be encouraged to do so — the device has been designed for semi-autonomous recording and the presumption is people will want to share moments they’ve recorded.

There’s also an indicator light — which is a standard feature of webcams.

Commenters at PetaPixel are rightly skeptical. Writes one:

This is not about memories. How many people actually have time to go back and relive the unbelievable amount of memories that would build up? This is about Google’s AI learning and growing. This is about amassing algorithms to make their AI smarter. Simply put, this is getting scary. A record of intimate moments kept on Google servers. But like you, I guess I have already given up freedoms because of my Google phones and tablets. What have I done?

Says another:

As if Google didn’t know enough of our lives yet….

And another:

I don’t like it… We’re getting into some real Orwellian #$%& here. Always listening microphones, bed facing cameras and 24/7 recording body cams… I don’t want any of this stuff, having a phone is bad enough.

Save your $250 and pass on Google Clips, another unnecessary invention the world doesn’t need.

3
Oct

Naked Security breaks down the Google tracking feature you didn’t know you’d switched on

This is a must-read:

Using GPS, Wi-Fi and cell tower data, Google’s Your Timeline can paint a very accurate picture of your daily life. If you’ve got it switched on, it stores every step you take and everywhere you go.

And the thing is, lots of people seem to have it switched on without even realising, including me, and my favourite hats come in tinfoil.

I was surprised it had slipped past me so I started asking other people if they had it switched on too. More often than not, without making a conscious decision to let Google follow them around, they had.

In the end I decided to ask 20 people at random and write down the answers. The result of my short, non-scientific survey? 95% of the people I asked – a mixture of people in technical and non-technical roles – had location history, or its slightly less obnoxious iPhone equivalent Frequent Locations, turned on, tracking their every step, without realising.

Check for yourself. On Android it’s under Settings > Location > Google Location History.

So what exactly is Google Timeline? Google says: “Your timeline in Google Maps helps you find the places you’ve been and the routes you’ve travelled. Your timeline is private, so only you can see it.”

Only you. And Google.

Read the whole thing. The WHOLE THING.

This could be the best post Naked Security has ever published.

Well done, Sophos, and thanks for helping more people understand how to liberate themselves from having their every move tracked by the Monster of Mountain View.

30
Sep

Did Russia exploit Google’s offerings to meddle in the 2016 United States presidential election?

An investigation is underway:

Google is examining what role its services could have played in Russian interference during the 2016 US presidential election, according to a report published Friday by The Wall Street Journal.

The search giant joins its rivals Facebook and Twitter in their own probes, as they try to figure out how Russian agents could have misused their advertising platforms, among other services, to meddle in the campaign.

“We will of course cooperate with inquiries,” a Google spokesperson said. “We’re looking into how we can help with any relevant information.”

But will the results be made publicly available? Facebook has been less than forthcoming about what its probes have turned up.

28
Sep

AlterNet: Google is a “monopoly on steroids”

The venerable progressive news outlet AlterNet has published an editorial making the case that it has gotten swept up in Google’s crackdown on “fake news”:

The New Media Monopoly Is Hurting Progressive and Independent News

The story is about monopoly on steroids. It is about the extreme and unconstrained power of Google and Facebook, and how they are affecting what you read, hear and see. It is about how these two companies are undermining progressive news sources, including AlterNet.

In June, Google announced major changes in its algorithm designed to combat fake news. Ben Gomes, the company’s vice president for engineering, stated in April that Google’s update of its search engine would block access to “offensive” sites, while working to surface more “authoritative content.”

This seemed like a good idea. Fighting fake news, which Trump often uses to advance his interests and rally his supporters, is an important goal that AlterNet shares.

But little did we know that Google had decided, perhaps with bad advice or wrong-headed thinking, that media like AlterNet—dedicated to fighting white supremacy, misogyny, racism, Donald Trump, and fake news—would be clobbered by Google in its clumsy attempt to address hate speech and fake news.

Read the whole thing.

18
Sep

Malware still lurking in the Google Play mobile app store

Embarrassing:

It seems almost too ironic that the Google Play Store has been secretly invaded by even more malware after it has promoted its Google Play Protect security platform for Android. Boasting of technologies like machine learning and artificial intelligence, Play Protect promises to protect Android users more thoroughly without having to increase manpower. Alas, it seems that another malware, named ExpensiveWall, has gotten past the Play Store’s security and this lapse is costing users a lot more than just peace of mind but actual money as well.

Check Point, the cybersecurity firm who reported this latest news, says that ExpensiveWall, named after one of its carriers, “Lovely Wallpaper” is actually a new variant of another malware discovered earlier this year. Both types of malware care costing users money by silently signing them up for premium subscriptions or sending premium SMS. Both strains have also made it past Google’s security checks and have been downloaded thousands of times by users.

SlashGear, which posted the report excerpted above, says Google needs to step its security game. Duh. Supposedly, that’s what they were doing when they launched “Play Protect”. But obviously, they failed.

Anyone who wants a secure mobile platform should invest in a BlackBerry device — and preferably one that runs the secure BlackBerry 10 operating system — to keep their data and networks secure.

14
Sep

Lawsuit alleges Google is a discriminatory place to work

Kudos to the plaintiffs for bringing this suit:

Google systematically pays women less than men doing similar work, according to a class action-lawsuit accusing the technology company of denying promotions and career opportunities to qualified women who are “segregated” into lower-paying jobs.

The complaint, filed Thursday on behalf of all women employed by Google in California over the last four years, provided the most detailed formal accounts to date of gender discrimination and pay disparities at the company after months of criticisms and a growing chorus of women publicly speaking out.

Allegations of possible employment violations emerge at court hearing as part of lawsuit to compel company, a federal contractor, to provide compensation data

“We’ve been talking about these issues for a long time, and it hasn’t really changed,” Kelly Ellis, a former Google employee and a lead plaintiff on the case, told the Guardian in her first interview about the suit. “There’s been a lot of PR and lip service, but … this is going to be one of the only ways to get these companies to change how they hire and compensate women.”

Any effort to hold the Monster of Mountain View accountable for its bad business practices is an effort we support. For a company with a motto of “do no evil”, Google sure does a lot of evil things.

11
Sep

Google releases new version of Chrome that incorporates a technology called “WebUSB”

USB, or Universal Series Bus, is already a technology that has a lot of security problems. Now Google is rushing to put into its increasingly dominant web browser (Chrome) a technology that allows websites to interface with USB devices via Javascript, which has to be one of the worst ideas they’ve ever come up with:

Google has wrapped up coding the desktop version of Chrome 61, and will be rolling it out for Windows, Mac and Linux “over the coming days/weeks”.

Chrome 61 extends the visibility of USB-connected devices to Web apps. First proposed last year, WebUSB was pitched as an easier way to set up USB devices, since (for example) a vendor’s site could use the API to push a config to a newly-connected gadget.

The feature’s focus, Google says, is on specialist devices that don’t have a standard way to advertise their capabilities. Keyboards or mice are easy, but as is explained in the specification, USB-connected educational devices (say, microscopes) or 3D printers aren’t conveniently accessible.

There’s also the vexed question of USB device updates: the Chrome devs explain WebUSB could let manufacturers update a device by getting users to visit the page and give permission to the update [What could possibly go wrong? – Reg].

What could possibly go wrong, indeed! That wasn’t just the reaction of the folks at The Register; it was also the reaction of a commenter at Phoronix, who also wisely said No thanks, Google.

We’ve learned over the past few years that everything connected to the internet tends to be less secure. Therefore, it follows that a device can be made more secure if it’s not connected to the internet. Perhaps we should strive to minimize how many devices can be connected directly to the internet by emphasizing localized control and asking ourselves, “Do we really need internet-controlled light-bulbs?”

This may not be to Google’s advantage, as it won’t be able to obtain as much data from non-internet-connected devices, but it may be to the benefit of the internet at large. Some devices may actually work better and be more useful when connected to the internet, but the majority of the “Internet of Things” probably doesn’t actually need an internet connection, especially if those devices can be controlled locally, either through a physical push of a button or through local networks such as Bluetooth, NFC, Thread, or other P2P mesh networking technologies. The latter could bring much of the same convenience of controlling a smart device from an app, without the downside of allowing someone from the other side of the world to connect to it as well.

Well said. Putting WebUSB in Chrome was a mistake. Then again, using Chrome is a mistake. LGB recommends Firefox instead, or one of its derivatives, like Waterfox or Pale Moon.

27
Jun

Google slammed with record fine by European Union

Justice:

Google’s record-breaking 2.4 billion-euro ($2.7 billion) European Union fine could end up being just a fraction of the costs from the EU’s demand that it stop skewing search results to favor its own shopping site.

While the penalty will barely make a dent in its $90 billion cash hoard, Google faces the prospect of less ad revenue and a regulatory backlash targeting other services from maps to restaurant reviews as well as the threat of even more penalties.

The search-engine giant will have “the sword of Damocles hanging over its head,” said Jay Modrall, a lawyer for Norton Rose Fulbright in Brussels. That’s because it’s no longer Google’s choice on how it makes changes to allay EU concerns. Instead, it’s “under a legal requirement to do so and under notice that if its commitments are not sufficient, it’ll be fined even more.”

Google is even more of a monopoly in Europe than it is in the United States, with an estimated 95% market share. Given that it is a near monopoly, it deserves to be stringently regulated. Kudos to the European authorities for holding the Monster of Mountain View accountable for its search-skewing.

25
May

Google debuts a new way to follow your footsteps around the web

Google’s war on privacy is going really, really well:

On Tuesday in San Francisco, at Google’s annual Marketing Next conference, where it unleashes its latest tools for ads, analytics and DoubleClick, the company announced that it’s ready to answer the question that’s been bugging marketers for ages: “Is my marketing working?”

To deliver the answer, it will be training a machine learning tool called Google Attribution on our buying activity. It’s now in beta and will roll out to more advertisers over the coming months.

As Google’s schematic shows, the artificial intelligence (AI) marketing analytics tool will be following us across devices and channels – mobile, desktop, and probably while we’re scuba diving or trying to shop while we’re hiding in a cave, once Google figures those ones out – to see what we’re buying and match it up with what ads we’ve seen. It will then automatically tell marketers what we’re up to.

As Naked Security’s writers point out, Google’s hunger for data is being fed by masses of unsuspecting people who continue to voluntarily use its products.

Depending on which of its tools we use, Google knows what we think, what we need, what we desire, our political and spiritual beliefs, our age, our gender, what music we listen to, what we watch, what we read, where we’ve been, where we plan to go, where we work, where we hang out, where we live, who we meet, where we shop, when we shop, what we buy, how much money we’re worth, how much we spend, and how much energy we consume.

How does it amass all that data? Through Google search, the Chrome browser, Gmail, Google News, Google+, Book Search, YouTube, Picasa, Translation, Maps, Street Views, Waze, Nest, and… well, the list keeps going, and growing, as Google acquires more companies and more data-crunching ability.

Google now proudly claims that it has access to 70% of all credit/debit card transactions in the United States. That makes it even more important that people find alternative homes for their data. Trusting everything to the hands of one company is a really, really bad idea.