Google Chrome – The evil empire owns your life

By 2 Comments
google-borg

Never sign anything that you don’t read. Never agree to an end user license when you don’t know what it says. Watching the google monsters gobble up the internet makes you long for the days when the tech world grew to Bill Gates dreams.

Bill got rich, often with buggy bloated code. But he was a real innovator and the technology he and his guys brought to the world changed the world.

The octopus at Google is based on a whole different philosophy. They are the kings of “Reintermediation”. Their only accomplishment is to get in between searchers and content, between writers and readers. Nothing new is created. Nothing new is contributed. Their only skill is capturing a part of the transaction and information costs for themselves. But this week they outdid themselves. They released a new slick browser. They suggest that it is faster and more efficient than Firefox or Explorer. (we have our doubts, which we’ll discuss on another post) but here’s the catch.

THEY OWN EVERY THING YOU EVER WRITE OR POST OR CREATE USING THEIR BROWSER AND THEY CAN SELL IT TO ANYONE THEY WANT TO AND THEY NEVER OWE YOU A DIME.

amazing. unbelievable.

oh please bring back the old king bill.

Here’s more from Gizmodo:

So, are you enjoying the snappy, clean performance of Google Chrome since downloading yesterday? If so, you might want to take a closer peek at the end user license agreement you didn’t pay any attention to when downloading and installing it. Because according to what you agreed to, Google owns everything you publish and create while using Chrome. Ah-whaaa? Update: It was a copy & paste mistake, apparently, and the offending language is being removed as we speak. Thanks, Googe!

Here are the juicy bits in question:

11. Content license from you

11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.

11.2 You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services.

11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this license shall permit Google to take these actions.

11.4 You confirm and warrant to Google that you have all the rights, power and authority necessary to grant the above license.

Well, I guess I shouldn’t have used Chrome to put some posts up yesterday, because I certainly do not have the rights, power or authority to hand over my work from Gawker to the Googe. Oops! You’ll have to pry the rights to my posts from Nick Denton’s cold, dead hands, Google.

In any case, it’s a pretty unnecessary and unreasonable thing to put in the EULA for a browser, of all pieces of software, which makes it pretty questionable. Why in the hell would Google want ownership of every single blog post or email written in its browser? It’s so unreasonable that it borders on the insane. I can’t really imagine Google actually invoking this and suddenly publishing heavily edited entries from your LiveJournal for profit, but I think a lot of people would feel much better about hopping on board with Chrome if this little piece of sketchy legalese was axed.

What say you, Google overlords?

Filed Under: breaking news, Internet, Privacy, Security, Tech Tips Tagged With: , ,

Hackers Obtain Critical Internet Flaw

By Leave a Comment

Internet security researchers on Thursday warned that hackers discovered a “critical” flaw that allows “cache poisoning” attacks that tinker with data stored in computer memory caches that relay Internet traffic to destinations.

Seeking to keep details of the vulnerability hidden at least a month to give people time to protect computers from attacks, computer industry engineers that labored in secret to solve the problem, releasing a software “patch” two weeks ago.

“We are in a lot of trouble,” said IOActive security specialist Dan Kaminsky, who stumbled upon the Domain Name System (DNS) vulnerability about six months ago and reached out to industry giants to collaborate on a solution.

“This attack is very good. This attack is being weaponized out in the field. Everyone needs to patch, please. This is a big deal.”

DNS is used by every computer that links to the Internet and works similar to a telephone system routing calls to proper numbers, in this case the online numerical addresses of websites.

Filed Under: Internet, Security Tagged With: , , , , , , ,

Why My Friends and Relatives Get My Tirades About Putting Me In Long To: and cc: Lists

By Leave a Comment
cluebat

cluebatA few years ago I began telling relatives that I would not give them technical advice if they didn’t bother to have basic antivirus software or sent me chain mail, jokes or any “look at this” email that didn’t explain in a sentence where I’d be sent, with a link. Any story, no matter how tear-jerking, if it didn’t have a link to its source, would be ignored.

I would even change political parties if my most loathed candidate from the other party would grant me the license to deny Internet access to anyone who sent out 3 debunkable hoaxes that could be found in a 4-word Google search where “Snopes” is one of the words, as in “Snopes microsoft cash

But what’s getting my goat is just how gullible most well-meaning folks are and how clueless they are about their habits. Bruce Schneier discusses social phishing, and how it is more who sends you an email than its contents that determine whether you’ll go to where it directs you, no matter how dangerous.

Phishing Studies

Two studies. The first one looks at social phishing:

Test subjects received an e-mail with headers spoofed so that it appeared to originate from a member of the subject’s social network. The message body was comprised of the phrase “hey, check this out!” along with a link to a site ostensibly at Indiana University. The link, however, would direct browsers to www.whuffo.com, where they were asked to enter their Indiana username and password. Control subjects were sent the same message originating from a fictitious individual at the university.

The results were striking: apparently, if the friends of a typical college student are jumping off a cliff, the student would too. Even though the spoofed link directed browsers to an unfamiliar .com address, having it sent by a familiar name sent the success rate up from 16 percent in controls to over 70 percent in the experimental group. The response was quick, with the majority of successful phishes coming within the first 12 hours. Victims were also persistent; all responses received a busy server message, but many individuals continued to visit and supply credentials for hours (one individual made 80 attempts).

Females were about 10 percent more likely to be victims in the study, but male students were suckers for their female friends, being 15 percent more likely to respond to phishes from women than men. Education majors had the smallest disparity between experimental and control members, but that’s in part because those majors fell for the control phish half the time. Science majors had the largest disparity–there were no control victims, but the phish had an 80 percent success rate in the experimental group.

Okay, so no surprise there. But this is interesting research into how who we trust can be exploited. If the phisher knows a little bit about you, he can more effectively target your friends.

And we all know that some men are suckers for what women tell them.

Another study looked at the practice of using the last four digits of a credit-card number as an authenticator. Seems that people also trust those who know the first four digits of their credit-card number:

Jakobsson also found a problem related to the practice of credit card companies identifying users by the last four digits of their account numbers, which are random. From his research, it turns out people are willing to respond to fraudulent e-mails if the attacker correctly identifies the first four digits of their account numbers, even though the first four are not random and are based on who issued the card.

“People think [the phrase] ‘starting with’ is just as good as ‘ending with,’ which of course is remarkable insight,” he said.

Another attack comes to mind. You can write a phishing e-mail that simply guesses the last four digits of someone’s credit-card number. You’ll only be right one in ten thousand times, but if you send enough e-mails that might be enough.

A virus that compromises my friends’ email address book compromises me. I want to take all email I get from my family and friends seriously, but if they’re sloppy and lax and add me to their To: and cc: lines in their email headers to spread around jokes and stories I last thought were funny in 1998, not only do they put me at risk, but everyone they know now has my legit email address.

Don’t be sloppy with the email addresses of your friends, relatives and business contacts.

Discover and learn to love your email’s BCC.

I really don’t want to have to say these words under oath… “And that’s when I started pummeling them with my cluebat, your honor…”

Filed Under: Internet, Security, spam
«Older Posts