Tag: Google

Categories
Links Writing

Fragmentation leaves Android phones vulnerable to hackers

Via the Washington Post:

“You have potentially millions of Androids making their way into the work space, accessing confidential documents,” said Christopher Soghoian, a former Federal Trade Commission technology expert who now works for the ACLU. “It’s like a really dry forest, and it’s just waiting for a match.”

The high degrees of fragmentation in the Android ecosystem are incredibly problematic; fragmentation combined with delays in providing updates effectively externalizes the security-related problems stemming from mobile OS vulnerabilities on individual owners of phones. Those owners are (typically) the least able parties in the owner/carrier/manufacturer/OS creator relationship to remedy the flaws. At the moment, Google tends to promptly (try) to respond to flaws. The manufacturers and vendors then have to certify and process any updates, which can take months. It’s inexcusable that these parties can not only sit on OS updates, but they can continue to knowingly sell vulnerable phones.

Imagine if, after a car line was reported to have some problem that required the line’s recall and refurbishment, dealers continued to sell the car. They didn’t even notify the person buying the car that there was a problem, just that ‘enhancements’ (i.e. the seat didn’t eject when you hit something at 60Km/hr, plus a cool new clock display on the dashboard) were coming. The dealers would be subject to some kind of legal action or, failing that, consumers could choose to work with dealers who sold safe cars. Why, exactly, aren’t phone carriers being subjected to the same scrutiny and held to the same safety standards?

Categories
Aside Humour

chartier:

Genius.

OK…this is incredibly amusing. It also speaks volumes about the relative accuracy of biometric analysis technologies that are incorporated into contemporary consumer electronics.

Categories
Links Writing

A Poignant Comment on Deleting Email

For the past two months I’ve been trying to figure out what to say about something Peter Fleischer, Google’s Global Privacy Counsel, wrote about his personal email retention and deletion policies. After talking about whether people should worry about “covering their tracks” from government snooping, he writes (emphasis added):

In the meantime, as users, we all have to decide if we want to keep thousands of old emails in our inboxes in the cloud.  It’s free and convenient to keep them.  Statistics published by some companies seem to confirm that the risks of governments seeking access to our data are extremely remote for “normal people”.  But the laws, like ECPA, that are meant to protect the privacy of our old emails are obsolete and full of holes.  The choice is yours:  keep or delete.  I’m a pragmatist, and I’m not paranoid, but personally, I’ve gotten in the habit of deleting almost all my daily emails, except for those that I’d want to keep for the future.  Like the rule at my tennis club:  sweep the clay after you play.

His comments struck me as being incredibly poignant when I first read them, and remain so today. I’ve stopped archiving email. I delete email (as best I can, given cloud data retention policies and all…) on a regular basis. Over the Christmas break I removed an aggregate of about 6 GB of mail that had just…accrued…in my various accounts over the past decade. In short, his post motivated me enough to spend the better part of 3 or 4 days sifting and sorting through my digital life. Ultimately I removed an awful lot of what was there.

At some point I hope to spend more time writing about, and thinking through, some of Peter’s points. At the moment, however, I’d just recommend you think about what it means when Google’s Global Privacy Counsel – the guy who is best able to go to the mat to protect the privacy of his own inbox – chooses to routinely delete his email from the cloud. If he takes that precaution, and he has the influence that he does, shouldn’t you at least consider following his lead?

Categories
Quotations

2013.1.10

… Chrome acts as 100 million sensors on the Internet looking for *.google.com MitM attacks. If you are a government wanting to spy on your citizens, as soon as you insert a fraudulent signing certificate into your BlueCoat monitor, one of your citizens using Google Chrome is going to notify the mother ship.

Robert Graham, “Don’t mess with the Google
Categories
Quotations

2013.1.6

What’s interesting about this case – and what leads to the title above – is not so much what went wrong, but rather, what went right. You see, this bogus certificate was detected, and likely not because some good samaritan reported the violation. Rather, it was (probably) detected by Google’s unwavering surveillance.

Mathew Green, on Google detecting fake SSL certificates in “Surveillance works! Let’s have more of it
Categories
Writing

Could Google+ Depend of Google Now’s Success?

MG Siegler recently argued that:

Google+ is a turd.

I’m not sure why everyone seems afraid to admit this. I think it’s similar to the reason why some seem reluctant to call Windows 8 a turd when it’s already abundantly clear: people are scared that such a bold statement could come back to bite them in the ass. But it won’t. Both are clearly turds.

Google continues to try to cram Google+ down people’s throats, but it just won’t stay down. People are gonna keep puking it right back up. The only compelling feature of Google+ is Hangouts; everything else is a carbon copy of some social activity that people can (and already do) do elsewhere. Google simply made a bad call and started chasing the wrong thing (social) far too late.

I wonder how long it will take Google to admit defeat here? I’m sure we’ll see a lot more of the shoving of Google+ in our faces first — Chrome, you’re next. But I really wish Google would take all the energy being put behind this dog and use it to blow out their truly interesting and innovative products, like Google Now.

I think that the of Google+ could depend on Google’s capability of linking signals from their social networking product with their Now product. Currently, Now can ascertain things like when you’re near certain locations or about to perform certain actions (e.g. near a bus stop/station or about to take a flight) and provide relevant and helpful data to the Android Phone user. This is really cool and, if you’re comfortable with this degree of personalized data mining, potentially convenient.

What Now presently lacks is the ability to tell me that when I’ve a break in my day (based on Google Calendar analysis) and a friend also has a break (based on an analysis of their calendar) that we could mutually meet for coffee or meal. It similarly lacks an awareness of my colleagues and friends to suggest that there are special non-birthday dates coming up. Same thing for mass-mining of check-ins (to figure out what my social community eats, and where they do it often) and preferred news and website content.

The thing is, all of these functionality elements could be implemented if there was widescale adoption and use of Google+. This means that updated version of Android need to get to millions of handsets or, alternately, Chrome need to deploy Now functionality (something that code analyses suggest is imminent). Either/or could encourage people to adopt Google+ to get heightened personalized data mining. Yes, you read that right: (perceived) helpful surveillance could get people to intentionally adopt products that facilitate useful personalized insights.

The key issue – beyond pure legal and regulatory concerns – will be whether this kind of mining is seen as ‘creepy’ or not. If the Now product is seen as cool, feature rich, opt-in, and not privacy infringing – and is adopted by a significant portion of the masses – then Google could offer personalized services in excess of those offered by Twitter and Facebook today. This might be the ‘nudge’ necessary to get a significant portion of the social graph onto Google and consequently elicit a network effect sufficient to turn Google+ into a viable and useful social networking community.

If Google+ is seen as a gateway to improved Now information, and if users see Now as a feature they want more of in their life, then Google+ could see a fresh (if somewhat forced) breath of life. A key question, however, is whether the advantages of a cool product offering are sufficient to get people to ‘jump ship’ onto a largely empty social networking platform. It’ll be curious to watch because if Google is successful they’ll have found a way to create a social graph in a novel manner, one that other companies may subsequently attempt to replicate.

Categories
Quotations

2012.12.30

Google had the capacity to capture everything people did on the site on its logs, a digital trail of activities whose retention could provide a key to future innovations. Every aspect of user behaviour had a value. How many queries were there, how long were they, what were the top words used in queries, how did users punctuate, how often did they click on the first result, who had referred them to Google, where they were geographically … These logs told stories. Not only when or how people used Google but what kind of people the users were and how they thought.

Steven Levy, In the Plex: How Google Thinks, Works, and Shapes Our Lives
Categories
Quotations

2012.12.10

When it comes to a backhoe versus fiber, the backhoe always wins.

Jim Reese, from Steven Levy’s In The Plex
Categories
Links

Incredibly Detailed Outing of Android UI Problems

Ron Amadeo has a terrific and comprehensive post on all the various Android UI issues. Well worth the read if UI and UX is something you pay attention to.

Categories
Links

Feudalism 2.0

Bruce Schneier has a clever piece discussing the contemporary model of ‘feudal security’, where user have committed themselves to differing lords of the Internet. As a taste:

Some of us have pledged our allegiance to Google: We have Gmail accounts, we use Google Calendar and Google Docs, and we have Android phones. Others have pledged allegiance to Apple: We have Macintosh laptops, iPhones, and iPads; and we let iCloud automatically synchronize and back up everything. Still others of us let Microsoft do it all. Or we buy our music and e-books from Amazon, which keeps records of what we own and allows downloading to a Kindle, computer, or phone. Some of us have pretty much abandoned e-mail altogether … for Facebook.

These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them – or to a particular one we don’t like. Or we can spread our allegiance around. But either way, it’s becoming increasingly difficult to not pledge allegiance to at least one of them.

Feudalism provides security. Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. There were oaths and obligations: a series of rights and privileges. A critical aspect of this system was protection: vassals would pledge their allegiance to a lord, and in return, that lord would protect them from harm.

Of course, I’m romanticizing here; European history was never this simple, and the description is based on stories of that time, but that’s the general model.

And it’s this model that’s starting to permeate computer security today.

The rest of the piece is clever; highly recommend taking a read.