Full Disclosure mailing list archives
Google Secure Access or "How to have people download a trojan."
From: Berend-Jan Wever <berendjanwever () gmail com>
Date: Tue, 20 Sep 2005 15:55:54 -0700
This is a quite pathetic attempt to install a trojan, let me explain: <snippets href="http://wifi.google.com/faq.html"> 1. "Google Secure Access is a downloadable client application that allows users to establish a more secure WiFi connection." 2. "...your internet traffic will be encrypted, preventing others from viewing the information you transmit." </snippets> So, by "more secure" Google means using encryption to prevent "others" from sniffing your packets. That's nice! What else does it do? Here's some information from the privacy policy: <snippets href="http://wifi.google.com/privacy-policy.html"> 1. "Google may log some information from your web page requests ..." 2. "Google also logs a small set of non-personally identifiable information ..." 3. "Google will not sell or provide personally identifiable information to any third parties except ..." 4. "... we may for a limited period of time preserve additional internet traffic or other information." </snippets> Aha! What we have here is trojan spyware! It does exactly what it is supposed to protect you from. The second snippet clearly states that this concerns NON-personally identifiable information... what about the information mentioned in the first snippet, is that personally identifiable? I guess so; the third snippet mentions Google selling or providing personally identifiable information, this must have come from somewhere! In the third snippet, Google neglects to mention non-personally identifiable information. What about selling that? I guess they do! The best thing about the whole policy is the last snippet, which undoes _everything_ stated before it. Nice one Google!! ;) I suggest that Google comes clean and replaces their privacy policy with a shorter, less confusing version: *Here's some candy, go play!* Btw. All your base are belong to us. Cheers, SkyLined -- Berend-Jan Wever <berendjanwever () gmail com> http://www.edup.tudelft.nl/~bjwever
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Google Secure Access or "How to have people download a trojan." Berend-Jan Wever (Sep 21)
- <Possible follow-ups>
- re:Google Secure Access or "How to have people download a trojan." Yvan Boily (Sep 21)
- Re: Google Secure Access or "How to have people download a trojan." Paul Nickerson (Sep 21)
- Re: Google Secure Access or "How to have people download a trojan." Valdis . Kletnieks (Sep 21)
- Re: Google Secure Access or "How to have people download a trojan." Ill will (Sep 21)
- Re: Google Secure Access or "How to have people download a trojan." Yvan Boily (Sep 21)
- Re: Google Secure Access or "How to have people download a trojan." Ill will (Sep 21)
- Re: Google Secure Access or "How to have people download a trojan." Valdis . Kletnieks (Sep 21)
- Re: Google Secure Access or "How to have people download a trojan." Paul Nickerson (Sep 22)
- Re: Google Secure Access or "How to have people download a trojan." Paul Nickerson (Sep 21)
- Re: Google Secure Access or "How to have people download a trojan." Yvan Boily (Sep 22)
- Re: Google Secure Access or "How to have people download a trojan." Jorrit Kronjee (Sep 22)