Thread: Google "Secure Access" FAQ + Download link
View Single Post
  #5 (permalink)  
Old 09-22-2005, 04:32 AM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: Google "Secure Access" FAQ + Download link
On Wed, 21 Sep 2005 18:31:00 GMT, "Steve Berry" <reachnet@hotmail.com>
wrote:

>> It's about Joe Coffee browsing at hot spots and coffee shops. Google
>> wi-fi secure access currently only works at two hot spots in the San
>> Francisco Bay area. Kapp's Pizza Bar and Grill and one at Airborne
>> Gymnastics. I note that you're in UK. Wait your turn.

>Yeah now it is, what about in 2/3 years time ?

Google's motto is "Do No Evil". From friends that are employed by
Google, I find that they take this seriously. If the same
announcement had been made by SBC or one of the cellular companies, I
would be VERY suspicious and paranoid. I have to make a few value
judgements in my lifetime, and would say that Google can generally be
trusted to do the right thing.

>BTW who do you define Joe Bloggs as being ?

My average user is called Joe SixPack for the home user and Joe Coffee
for the coffee shop seat warmer. These are generally in reference to
users with minimal computer expertise. I do have average and median
demographics and statistics on their internet use habits and features
used, but can't really leak them without breaking NDA's.

>To me he's anyone and everyone from the lone surfer to the Corp CIO.

Yep. That covers everyone except the geeks, hackers, students, and
spammers.

>Who says hot spots will be limited to Coffee Shops ?

Good point. There are also airports, bus stations, hotels,
restraunts, railway stations, parks, and public buildings. Of course
most of these alreay have for pay wi-fi so there may be some
difficulties with the owners considering Google a revenue loss.

>Google could (theoretically) set em' up wherever they God Damn please.

I know a bit about site aquisition and managment and can assure you
that this is not the case. Business's know money when they smell it
and would not miss a chance to charge for the access point. Municipal
government want contracts and permits. Businesses with existing
commerical arrangements might find free to be bad business.

>In theory what's to stop them scaling up "hot-spots" to "large-scale hot
>spots" - then they can target companies/employees using wireless networks.
>What's to stop them ? - not a lot assuming they've got the financial
>resources to do so.

Not much to stop them except lack of demand. The most vocal demand
for free wi-fi are home users in nearby apartments and offices that
want free internet rather than paying an ISP for DSL or cable.
Opinions as to the viability of such a system occupied by
non-customers varies somewhat from abuse to a great deal. If Google
offered free wireless internet, with no restrictions beyond the usual
bandwidth limiting, in trade for some ads, non-intrusive statistics,
and some light monitoring, would you go for it? I know quite a few
that would.

>> Amazing. Could you explain how they might do that with a local VPN
>> client and server at a remote hot spot? I haven't seen the server end
>> but methinks it would be difficult without a rather elaborate data
>> collector at the hot spot end.

>Gimme' a break. Do you doubt Google could currently afford that if they
>wished ?

Nice way to avoid the question. I didn't ask they could afford to do
it. I asked precisely how they would impliment such a spy system?
Hint: Have you ever tried to sniff gigabit ethernet? Think of it as
drinking from a fire hose.

>Just because they haven't implemented it yet doesn't mean to say they're not
>giving themselves
>the means to do so.

If you have any proof that they're sniffing, I would be very
interested in hearing it. Otherwise, please confine you accusations
and predictions of abuse to reality. Do you have any past evidence
that Google has done anything even close to what you're suggesting?

>This is about nothing more than creating a "catch-net".

Pardon my ignorance but what's that?

>No doubt MS will follow-suit.

Nope. Microsoft never follows. They just buy the leading company.

>Thanks but if I want my wireless data
>encrypted I'll choose to do it through the company I'm employed by.

That's fair. It's possible that the Google VPN client has some back
doors and security issues. However, I'm fairly sure that these have
been checked by security professionals. Given time, they may chose to
hvae it certified by an independent lab. If Google is really nice,
they might allow their VPN termination server to accept other clients
such as the Cisco VPN client or SafeNet client. Would that make you
happy?

>How the
>hell can you or anyone else know what Google will do (or be asked to do)
>with that data ?

Well, they are required by law to disclose their security policies.
Also, you could just ask them what they are collecting and how it's
used. Start here:
http://googleblog.blogspot.com/

>Sure offer the service if you wish, just don't expect
>everyone to jump on it.

I'm not offering any service. Like everything else, new ideas require
some risk. Personally, I don't think offering anything for free has
any manner of long term viability, but it does sound nice.

>Missing the point. Whether it's free or not now isn't the point.
>At some point in the future if this is a success, someone within Google will
>be sitting there saying
>"Hmm.. Over a X year period, we've had X amount of people using that
>service, and we've got all this lovely data". Why don't we charge em' for it
>? Even that is secondary to the fact that as an individual, you're
>reliqushing control to a Corp. Thanks but no thanks. What they're trying to
>do is no better than what MS have done over the years. All about control and
>very little else. Kinda' boring actually.

Not too bad a conspiracy theory. If you don't mind, I don't want to
argue with you about this level of speculation.

>> They already have access. The traffic between the client and the
>> wi-fi hot spot will be encrypted by the VPN. The traffic between the
>> hot spot and the ISP is not and could be sniffed by law enforcement
>> agencies.

>Or anyone else ???

Why would any *COMPANY* find it necessary to do something so invasive
and stupid? I can see the various law enforcement acronyms doing such
things. They don't know any better. However, a company is
responsible to its owners and stockholders. If any company were
caught sniffing, say goodby to their reputation. I don't know any
company that would risk that, especially the big ones that have the
most to lose.

>That's funny. Mr Porn merchant wants his daily dose of porn and the only way
>to get it is a daily trip down to Starbucks !! Can just imagine the trail of
>Net Users with holes cut in their newspapers so no-one will recognise em' !
>If I were that type do you think I'd actually be worried about what data I'm
>downloading anyway ?

Not until your caught and get kicked off the system. I sometimes get
to play enforcer on some hot-spot system and a WISP. That's the
standard line. Frankly, I don't care what they look at or download.
I only care about the quantity. One Bitorrent user can hog the entire
system. I don't care if he's downloading movies, cd images, or porno,
he's history if I catch him.

>Hmm..don't think so. Just the same old story - companies wanting control of
>infrastructure/data paths (& associated data).
>That said, some will probably find it useful, but I'll be giving it a
>permanent body-swerve.

As I mentioned. You are entitled to your own level of paranoia.


--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote