Thread: Google "Secure Access" FAQ + Download link
View Single Post
  #6 (permalink)  
Old 09-22-2005, 02:11 PM
Steve Berry
Guest
  
Posts: n/a
Default Re: Google "Secure Access" FAQ + Download link

"Jeff Liebermann" <jeffl@comix.santa-cruz.ca.us> wrote in message
news:le74j11r4gf10lek37cnucugfsdq6crd1v@4ax.com...
> On Wed, 21 Sep 2005 18:31:00 GMT, "Steve Berry" <reachnet@hotmail.com>
> wrote:
>
>>> It's about Joe Coffee browsing at hot spots and coffee shops. Google
>>> wi-fi secure access currently only works at two hot spots in the San
>>> Francisco Bay area. Kapp's Pizza Bar and Grill and one at Airborne
>>> Gymnastics. I note that you're in UK. Wait your turn.
>
>>Yeah now it is, what about in 2/3 years time ?
>
> Google's motto is "Do No Evil". From friends that are employed by
> Google, I find that they take this seriously. If the same
> announcement had been made by SBC or one of the cellular companies, I
> would be VERY suspicious and paranoid. I have to make a few value
> judgements in my lifetime, and would say that Google can generally be
> trusted to do the right thing.
>

Hmm....You're asking users to take alot on face value/show leaps of faith in
Google.
As you may have guessed, I'm not so trusting, not of Google in particular
( search engine is obviously
excellent & Google Earth as a product is absolutely fantastic etc.. ), I'm
just suspicious of what Google *could* do with that data. The scenario
they've put in place potentially gives em' an awful lot of power.
Yeah, that does scare me !

>>BTW who do you define Joe Bloggs as being ?
>
> My average user is called Joe SixPack for the home user and Joe Coffee
> for the coffee shop seat warmer. These are generally in reference to
> users with minimal computer expertise. I do have average and median
> demographics and statistics on their internet use habits and features
> used, but can't really leak them without breaking NDA's.

Therein lies the point - not so much what Google are setting up, but why are
they doing it ?
I mentioned previously about mass-market data collection, what is
statistical study if it doesn't involve mass-market data collection ? I'm
still more concerned about what Google will do with that data.
I'm speculating here, but I can see scenarios where they could easily sell
statistical analyses of users
habits to third-party companies. It's potentially mind-blowing what else
they could do with that data.
Yeah, I'm still scared !

>
>>To me he's anyone and everyone from the lone surfer to the Corp CIO.
>
> Yep. That covers everyone except the geeks, hackers, students, and
> spammers.
>
>>Who says hot spots will be limited to Coffee Shops ?
>
> Good point. There are also airports, bus stations, hotels,
> restraunts, railway stations, parks, and public buildings. Of course
> most of these alreay have for pay wi-fi so there may be some
> difficulties with the owners considering Google a revenue loss.
>
>>Google could (theoretically) set em' up wherever they God Damn please.
>
> I know a bit about site aquisition and managment and can assure you
> that this is not the case. Business's know money when they smell it
> and would not miss a chance to charge for the access point. Municipal
> government want contracts and permits. Businesses with existing
> commerical arrangements might find free to be bad business.

I never said free. You're right about Business needs though. If the SF
instance shows
potential as a revenue source, which could be scaled, I doubt they'll refuse
to look at it.

>
>>In theory what's to stop them scaling up "hot-spots" to "large-scale hot
>>spots" - then they can target companies/employees using wireless networks.
>>What's to stop them ? - not a lot assuming they've got the financial
>>resources to do so.
>
> Not much to stop them except lack of demand. The most vocal demand
> for free wi-fi are home users in nearby apartments and offices that
> want free internet rather than paying an ISP for DSL or cable.
> Opinions as to the viability of such a system occupied by
> non-customers varies somewhat from abuse to a great deal. If Google
> offered free wireless internet, with no restrictions beyond the usual
> bandwidth limiting, in trade for some ads, non-intrusive statistics,
> and some light monitoring, would you go for it? I know quite a few
> that would.

Depends on what I want to use it for - casual browsing - perhaps, business
needs where
securing data paths is a concern - forget it. Typically most businesses
implement free access initially
to try and create a user-base/judge the potential viability of a service -
then at some point, they'll "change the ballpark"/ possibly charge for it -
Hotmail for example ? Do you think if GMail was the only existing Web-based
mail reader, Google wouldn't be tempted to charge for it ? The larger the
user-base, the more the argument to charge for it comes into effect.

>
>>> Amazing. Could you explain how they might do that with a local VPN
>>> client and server at a remote hot spot? I haven't seen the server end
>>> but methinks it would be difficult without a rather elaborate data
>>> collector at the hot spot end.
>
>>Gimme' a break. Do you doubt Google could currently afford that if they
>>wished ?
>
> Nice way to avoid the question.

I avoided it because frankly I don't know, as you've probably guessed !
However, I do think to ignore the possibility ( in arguably what is the most
creative industry the World has seen ) doesn't follow history. This industry
has shown time and time again that if something
doesn't exist and there is a potential need for it/resources to implement
it, it will tend to get created.
Maybe I'm "crystal-ball" gazing here, but the core fact of the matter is the
potential level of control Google are attempting to give themselves with
this is staggering.

I didn't ask they could afford to do
> it. I asked precisely how they would impliment such a spy system?
> Hint: Have you ever tried to sniff gigabit ethernet? Think of it as
> drinking from a fire hose.

You asked that because you probably know I couldn't answer it.
Do you think the same set of circumstances will exist in 5/10 years time ?

>
>>Just because they haven't implemented it yet doesn't mean to say they're
>>not
>>giving themselves
>>the means to do so.
>
> If you have any proof that they're sniffing, I would be very
> interested in hearing it. Otherwise, please confine you accusations
> and predictions of abuse to reality. Do you have any past evidence
> that Google has done anything even close to what you're suggesting?

I never accused them of anything ( other than trying to control data
paths -which is exactly what they're doing ). So what you're saying is just
because I've never had a drink in my
life, I'm never going to have one ? If I send a letter snail-mail I expect
the postal service to deliver it.
Sure they can conduct all the statistical analyses on how many mails are
sent by district, what colour
stamps are used or whatever, but that doesn't give them the right to analyse
what I've wriiten about
or who I'm writing to - that's MY business. When I browse. I browse for me
not to be a result of a stats collection by a third-party. The bottom line
is as a user, you're potentially losing control. Ultimately that's what I
don't like.

>
>>This is about nothing more than creating a "catch-net".

Sorry - See the ref to user-base above.

>
> Pardon my ignorance but what's that?
>
>>No doubt MS will follow-suit.
>
> Nope. Microsoft never follows. They just buy the leading company.

Or the second-leading (Connectix for example when VMWare told em' to get
stuffed).
You're telling me MSs attempts at a Search Engine/Virtual Earth aren't
attenpts to follow/compete with Google then ?

>
>>Thanks but if I want my wireless data
>>encrypted I'll choose to do it through the company I'm employed by.
>
> That's fair. It's possible that the Google VPN client has some back
> doors and security issues. However, I'm fairly sure that these have
> been checked by security professionals. Given time, they may chose to
> hvae it certified by an independent lab. If Google is really nice,
> they might allow their VPN termination server to accept other clients
> such as the Cisco VPN client or SafeNet client. Would that make you
> happy?

No because Google still control it. I don't have an issue with the service
at all. I do have an issue
with data collection.Offer the service and say we'll not monitor anything
other than System Performance issues and I'd be happy.The whole principle of
data collection and its potential uses is just one I strongly object to.
That's just my opinion though.

>
>>How the
>>hell can you or anyone else know what Google will do (or be asked to do)
>>with that data ?
>
> Well, they are required by law to disclose their security policies.
> Also, you could just ask them what they are collecting and how it's
> used. Start here:
> http://googleblog.blogspot.com/

I'm not interested in what they're collecting now - that's potentially a
constantly moving playing field anyway. I am interested in why they're
collecting it ?

>
>>Sure offer the service if you wish, just don't expect
>>everyone to jump on it.
>
> I'm not offering any service. Like everything else, new ideas require
> some risk. Personally, I don't think offering anything for free has
> any manner of long term viability, but it does sound nice.

Very true. If everything in life was free, we'd all be poor though I guess.

>
>>Missing the point. Whether it's free or not now isn't the point.
>>At some point in the future if this is a success, someone within Google
>>will
>>be sitting there saying
>>"Hmm.. Over a X year period, we've had X amount of people using that
>>service, and we've got all this lovely data". Why don't we charge em' for
>>it
>>? Even that is secondary to the fact that as an individual, you're
>>reliqushing control to a Corp. Thanks but no thanks. What they're trying
>>to
>>do is no better than what MS have done over the years. All about control
>>and
>>very little else. Kinda' boring actually.
>
> Not too bad a conspiracy theory. If you don't mind, I don't want to
> argue with you about this level of speculation.

OkeyDokey. That's what happens when I watch the X-Files too much.

>
>>> They already have access. The traffic between the client and the
>>> wi-fi hot spot will be encrypted by the VPN. The traffic between the
>>> hot spot and the ISP is not and could be sniffed by law enforcement
>>> agencies.
>
>>Or anyone else ???
>
> Why would any *COMPANY* find it necessary to do something so invasive
> and stupid? I can see the various law enforcement acronyms doing such
> things. They don't know any better. However, a company is
> responsible to its owners and stockholders. If any company were
> caught sniffing, say goodby to their reputation. I don't know any
> company that would risk that, especially the big ones that have the
> most to lose.

What about the "Garbage bin" sniffing by both MS and Oracle in the past ?
Huge Corps- makng lots and lots of money resorting to "dumpster-diving" I
believe you guys call it and paying third-parties to do the dirty work for
em'.
When you see Corps acting like that is it any wonder the individual
perspective is "Why should I trust them when that's what they get up to ?"
Besides, the service is either securable end-to-end or it isn't. If an
individual could potentially sniff-it he/she could easily pass the results
to a third-party ( who's probably paying them to do so ).
I'll always find that issue about "trust" is the key one. All the
technology/ideas floating around and
we still come back to that same old issue about human-trust. Tough-nut to
crack.

>
>>That's funny. Mr Porn merchant wants his daily dose of porn and the only
>>way
>>to get it is a daily trip down to Starbucks !! Can just imagine the trail
>>of
>>Net Users with holes cut in their newspapers so no-one will recognise em'
>>!
>>If I were that type do you think I'd actually be worried about what data
>>I'm
>>downloading anyway ?
>
> Not until your caught and get kicked off the system. I sometimes get
> to play enforcer on some hot-spot system and a WISP. That's the
> standard line. Frankly, I don't care what they look at or download.
> I only care about the quantity. One Bitorrent user can hog the entire
> system. I don't care if he's downloading movies, cd images, or porno,
> he's history if I catch him.

Oohhh the power !

>
>>Hmm..don't think so. Just the same old story - companies wanting control
>>of
>>infrastructure/data paths (& associated data).
>>That said, some will probably find it useful, but I'll be giving it a
>>permanent body-swerve.
>
> As I mentioned. You are entitled to your own level of paranoia.

Thanks for that - I've seen too much not to necessarily trust what I look
at.

>
>
> --
> Jeff Liebermann jeffl@comix.santa-cruz.ca.us
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

Rgds, S



Reply With Quote