Thread: Google "Secure Access" FAQ + Download link
View Single Post
  #7 (permalink)  
Old 09-22-2005, 06:10 PM
Jeff Liebermann
Guest
  
Posts: n/a
Default Re: Google "Secure Access" FAQ + Download link
On Thu, 22 Sep 2005 14:11:03 GMT, "Steve Berry" <reachnet@hotmail.com>
wrote:

I don't have much time to debate this stuff, so I'll limit my comments
to direct questions.

>Hmm....You're asking users to take alot on face value/show leaps of faith in
>Google.

Yes. I already do that with various ISP's, hosting services, cellular
providers, and telco service providers I deal with. When you're in
business there's an assumption of trust that has to be there or
nothing ever happens. The Japanese have developed this to a fine art
in that they will not do business with anyone they even suspect is
potentially untrustworthy. I've been running my own businesses long
enough to know that it's much easier and better to treat ones
customers and vendors as trustworthy, than to initiate some type of
adversary action. I tend to trust everyone and treat them
accordingly. Yeah, I get burned on occasion, but the greatest
majority of the people I deal with a honest and trustworthy. I think
Google qualifies.

>Therein lies the point - not so much what Google are setting up, but why are
>they doing it ?

Well, I can only guess as to why their stockholders want Google to
make money. Perhaps it's because they expect a return on their
investment?

>I mentioned previously about mass-market data collection, what is
>statistical study if it doesn't involve mass-market data collection ?

Most ISP's generate statistics on their overall customers traffic
usage and patterns. This is commonly deemed acceptable. It only
becomes an issue the traffic and use patterns are traceable to
individually identifiable customers.

Incidentally, Google currently sells keyword lookup use patterns,
click thru counts, and statistics to their advertisers. How else
could one know which search terms to "buy" and how effective the
advertising. However, none of these are traceable to individual
users.

>Do you think if GMail was the only existing Web-based
>mail reader, Google wouldn't be tempted to charge for it ? The larger the
>user-base, the more the argument to charge for it comes into effect.

The could use the Yahoo and Hotmail examples and only charge for
premium service. I think a better example will be Microsloth
Anti-Spyware Beta 1. Currently it's free until the end of the year.
Nobody knows if they're going to charge for it. Tradition has it that
once something is free, chargeing for the same thing results in
massive user alienation and eventual collapse of the marketing plan.
Let's see if MS is going to charge for their Anti-Spyware service.

>> I didn't ask they could afford to do
>> it. I asked precisely how they would impliment such a spy system?
>> Hint: Have you ever tried to sniff gigabit ethernet? Think of it as
>> drinking from a fire hose.
>
>You asked that because you probably know I couldn't answer it.

No, I asked a rhetorical question because I knew that if you thought
about it, you would see the problem with Google sniffing traffic.
There's just too much of it. It's also somewhat tricky with gigabit.
I'll spare you the details because I'm a bit busy today. If you want
some real entertainment, try sniffing a single session extracted from
a multiplexed fiber link. Unfortunately, there are commercial
products designed to do exactly that, so we can assume that someone is
sniffing telco mux traffic. Probably our trustworthy government
fighting terrorism or something.

>Do you think the same set of circumstances will exist in 5/10 years time ?

Of course not. I expect the volume of traffic and ubiquitous
encryption to make it even more difficult for Google to sniff your
traffic.

>Or the second-leading (Connectix for example when VMWare told em' to get
>stuffed).
>You're telling me MSs attempts at a Search Engine/Virtual Earth aren't
>attenpts to follow/compete with Google then ?

I'll keep it short. MS has tired to get out of the product biz and go
into the service business many times. MSN is the closest
approximation to a successful attempt. They've tried to turn their
software business into a rental business. Almost everything they seem
to be planning is drifting in the ASP (applications service provider)
direction despite massive resistance from the customer base. When you
think of such services as large database cartography, think of it in
terms of what direction MS is trying to move the customers.

>> http://googleblog.blogspot.com/
>
>I'm not interested in what they're collecting now - that's potentially a
>constantly moving playing field anyway. I am interested in why they're
>collecting it ?

Then post a question on their weblog asking exactly what they plan to
do with all the information they may or may not be gathering via their
VPN client or server. Go directly to the source and see if they can
answer your concerns.

>Very true. If everything in life was free, we'd all be poor though I guess.

One of my sidelines was reviewing business plans. Most sounded like
science fiction. The really entertaining ones were those that plan to
make money by giving something away. It's kinda difficult to eat
"market share". Since the dot com meltdown, most of the free
everything plans are gone.

>What about the "Garbage bin" sniffing by both MS and Oracle in the past ?

Sorry. I have no idea what you're talking about. Almost every
company that could gather statistics in the past have attempted to do
so. That was when the acceptable limits of such behavior had not been
established. The music players were logging what songs you played or
downloaded. Web portals were collecting URL's viewed. MS was
collecting installed software lists. Ad nausium. Most of these
companies still do that with one difference. The data is no longer
traceable to individual users. Is that acceptable to you?

>Huge Corps- makng lots and lots of money resorting to "dumpster-diving" I
>believe you guys call it and paying third-parties to do the dirty work for
>em'.

Oh that. That's called espionage and is far more common than you
would expect. Much of my early education in telco practices came from
fishing BSP's (Bell System Practices) out of the dumpter at telco
training offices. Some of my best souse code finds came from dumpster
diving. I fail to see the connection between such practices and your
suggestion of Google's potential breaches of privacy.

>When you see Corps acting like that is it any wonder the individual
>perspective is "Why should I trust them when that's what they get up to ?"

Sorry. I guess you can't trust me because I do dumpster diving.
Might as well add that the first thing I did on a new design was
reverse engineer the competitions. Of course prying information
during interviews from employees of competitors was unethical.
Hanging around a Silicon Valley bar (and I'm a non-drinker) just to
pry rumors from the competition is also unethical. Of course, trading
customers should be banned or made illegal. Surely, I'm more evil
than a mere dumpster diver.

Hint: I you ever decide to go into business for yourself, you'll
probably find yourself doing many things that are marginal. It's a
constant problem and bugs me as I don't have any built in sense of
ethics. I learned mine by working for companies of various sizes and
paying attention to how and why they do such things. If you expect
everyone in business to be squeaky clean and ethical, you're in for a
rude suprise. Some are more ethical than others and I consider Google
to be among the best.

>Besides, the service is either securable end-to-end or it isn't.

Great. None of the local ISP's offer VPN termination services to
non-commerical customers. But, you want end to end so that would
required that all server farms switch to accepting only SSL secured
web browsing. Not this week.

The immediate problem is the wireless link. It's just too easy to
sniff or spoof. The minimal solution is to encrypt just the wireless
part of the puzzle. That's good enough for the casual user. You can
solve the security problems of the internet another time.

>> I only care about the quantity. One Bitorrent user can hog the entire
>> system. I don't care if he's downloading movies, cd images, or porno,
>> he's history if I catch him.
>
>Oohhh the power !

Oh, the responsibility. I have to justify my actions when the irate
customer calls up and complains, or when the hot spot refers them to
me. I blocked a laptop user at a local hot spot last week because he
had an active spam bot running on his laptop. The bozo called me at
home and demanded to know why I had the "right" to block him. He knew
about the spam bot and was going to do something about it when he got
to work, but needed to do something on the internet first. I asked
for the name of his employer and he hung up on me. Fortunately, that
only happens about every other month so it doesn't bug me much. Try
some power or responsibility some day. You probably won't like it.

>Thanks for that - I've seen too much not to necessarily trust what I look
>at.

Fine. What have you seen Google doing that offends you? There have
been some pissing matches with the Scientology mob and battles with
hit counter enhancing utility vendors. Same with tricky web pages
intended only to be first on the searches. However, I don't recall
anything that would constitute a breach of trust by Google. What did
they do to make you not trust them?



--
Jeff Liebermann jeffl@comix.santa-cruz.ca.us
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Reply With Quote