Google may see its Chrome operating system as more secure than traditional alternatives, but one security researcher believes the cloud-based OS is vulnerable, according to a Reuters story published yesterday.
WhiteHat Security researcher Matt Johansen said he found a flaw in a Chrome OS application that he was able to exploit to gain control of a Google e-mail account. Though Google fixed the flaw after it was reported, Johansen claims to have discovered other applications with the same flaw, Reuters said.
In citing the security holes in Chrome OS, Johansen specifically pointed to the ability of hackers who can steal data as it moves between the cloud and the Chrome OS browser instead of hacking directly into a user’s PC.
“I can get at your online banking or your Facebook profile or your e-mail as it is being loaded in the browser,” he told Reuters. “If I can exploit some kind of Web application to access that data, then I couldn’t care less what is on the hard drive.”
Google’s “Chromebooks” are basically nothing more than glorified computer security terminals providing access to Google’s opaque datacenters with sod-all security. People concerned about their privacy and security would do well to stay far, far away from Google’s offerings.
Google, of course, reacted very defensively when asked for comment about this. They’d like people to believe their products are secure. But reality has proved otherwise. Security seems to be an afterthought as far as Google is concerned. That’s because Google’s business isn’t security, it’s data-mining.
Well, we knew this was coming.
Today, the Monster of Mountain View finally unveiled its latest effort to create a data-mining Facebook clone: Google+, which appears be an amalgamation of older Google products (Wave, Buzz, Voice) combined with some Facebook-like features and wrapped in a slick interface.
Basically, what Google is trying to do with Google+ is get people to give it all the information they currently provide willingly to Facebook… like activities, interests, relationships, and so forth. Google already has a good guess as to what people who naively use its search engine like or do, but having a user confirm his or her preferences in a Google profile is better.
Google+ will be incorporated into all Google properties through a toolbar, which will encourage people to populate their Google profiles with lots of personal information and identify their friends to Google. A “feature” called Circles supposedly makes it easy to categorize contacts that already exist in Gmail into groups – the examples Google provided were “Family” and “Bike Geeks” and “Friends”. Google wants people to fill out these relationship webs so it can dramatically improve its data-mining abilities. (It doesn’t have access to Facebook’s internal data, which is why it is so desperate to build its own Facebook clone).
There’s also an app which integrates with Android and automatically uploads photos a user shoots with the phone to Google’s servers, and pushes those photos into Google+.
As you might expect, Google+ will not respect the wishes of people who want to have nothing to do with it.
Another twist is that people in your circles don’t have to be members of Google’s social net. If Aunt Mary refuses to opt in, you can include her anyway, and she can still get the pictures you post to the circle via e-mail.
Amusingly, none of the promotional materials we’ve seen for Google+ even attempt to talk about protecting user privacy. That’s because the whole point of Google+ is to help Google do a better job of waging war on people’s privacy. What Google is asking is that people trust it with all the information they currently give to Facebook in addition to what Google can automatically collect from people using its products.
That’s just too much data for one company to have, period.
People concerned about Google opting them in to Google+, as it did with Buzz, should take this opportunity to Leave Google Behind.
Since April when Bloomberg News reported that the Federal Trade Commission was contemplating a full-blown antitrust investigation of Google, people who follow the Internet giant have been waiting for the other shoe to drop.
It did on Thursday with the report in the Wall Street Journal that the five-member Commission is about to serve Google with civil subpoenas — known as Civil Investigative Demands — about its business practices.
The European Union and the State of Texas are already investigating, but word of the FTC probe raises the issue to a new level of intensity. It also makes it clear that millions of dollars spent on lobbying and the hobnobbing by Google executives at White House State Dinners will not prevent a long needed investigation.
This investigation should have been launched years ago. The FTC has been missing in action for some time, but better late than never. There are, of course, tech pundits out there mocking this announcement, suggesting that Google won’t be nearly as powerful as it is now by the time this investigation has been completed. Many have cited Microsoft as an example.
But part of the reason Microsoft’s influence diminished is precisely because of the antitrust probe and subsequent antitrust lawsuit. The very existence of this probe should serve as a check on Google’s power, and that is a very good thing.
Consumer Watchdog is asking the White House to keep its distance and not meddle with the investigation and other existing (but smaller) probes of Google’s business practices that are already going on.
Now, with a few years of experience, we’ve observed that Google Health is not having the broad impact that we hoped it would. There has been adoption among certain groups of users like tech-savvy patients and their caregivers, and more recently fitness and wellness enthusiasts. But we haven’t found a way to translate that limited usage into widespread adoption in the daily health routines of millions of people. That’s why we’ve made the difficult decision to discontinue the Google Health service. We’ll continue to operate the Google Health site as usual through January 1, 2012, and we’ll provide an ongoing way for people to download their health data for an additional year beyond that, through January 1, 2013. Any data that remains in Google Health after that point will be permanently deleted.
Translation: We couldn’t convince the masses to trust us with their sensitive medical records, so we’re done with this approach. When we figure out a better way to mine medical information, we’ll be back with a new offering.