ICANN/GNSO GNSO Email List Archives

[ga]


<<< Chronological Index >>>    <<< Thread Index >>>

[ga] Re: [ PRIVACY Forum ] Quickie Privacy Analysis of Google's New "Chrome"Web Browser

  • To: Lauren Weinstein <lauren@xxxxxxxxxx>
  • Subject: [ga] Re: [ PRIVACY Forum ] Quickie Privacy Analysis of Google's New "Chrome"Web Browser
  • From: "Jeffrey A. Williams" <jwkckid1@xxxxxxxxxxxxx>
  • Date: Mon, 01 Sep 2008 23:59:46 -0700

Lauren and all,

  No sorry Lauren, you haven't even used Googles new browser,
and know vertually nothing about it.  Features that are turned off
are hardly a strength of such a product.  why would Google need
to collect that data that a user may access?  what benifit to the
user is such a "Feature"?

  Further I didn't indicate anything you said was anti-google.  I
also am not anti-google, I AM pro privacy, which Google has
far to often shown it is not IF there is a nickle in it for them.

  And no again, some URL data or assiciated data IS of a
personal sort.  The data that Chrome captures or can
capture is passed to Google for whatever use they may have
for it.  That isn't ligitimate, and you know it full well.

Further still Network World also have a more balanced take,
see:
http://www.networkworld.com/news/2008/090208-google-chrome.html?hpg1=bn
But as with your piece, this is a VERY early review.  We'll see as
our in depth testing and evaluation begins to pull back the covers
and goes beyond marketing jargon BS.

Lauren Weinstein wrote:

> Jeffrey,
>
> You are twisting my words.  All I said in that regard is that the
> URL suggestion feature sends URLs by default -- as it really must to
> operate -- and that users have the ability to turn that feature off.
>
> All of the anti-Google rhetoric is your words not mine, and in any
> case URL data is not personal financial data of the sort specified
> in the proposed Calif. law.
>
> Please be more careful in the future.
>
> --Lauren--
> Lauren Weinstein
> lauren@xxxxxxxxxx or lauren@xxxxxxxx
> Tel: +1 (818) 225-2800
> http://www.pfir.org/lauren
> Co-Founder, PFIR
>    - People For Internet Responsibility - http://www.pfir.org
> Co-Founder, NNSquad
>    - Network Neutrality Squad - http://www.nnsquad.org
> Founder, PRIVACY Forum - http://www.vortex.com
> Member, ACM Committee on Computers and Public Policy
> Lauren's Blog: http://lauren.vortex.com
>
>  - - -
>
> > Lauren et., al.,
> >
> >   Interesting analysis.  We are currently actually testing
> > Chrome, not speculating on it.  What even more interesting
> > in respect to privacy considerations regarding Chrome, is
> > as we all know, Google has never been even remotely
> > concerned for users privacy, and that as you rightly point
> > up, any lookup used with Chrome is transmitted to Google,
> > who has a history of tracking/stalking users and retaining that
> > data than later selling it to spammers and phisers.  So as I
> > was saying what's more interesting is Calif. new strict data
> > security law that will likely impact Chrome.
> > See:
> > (August 31, 2008)
> > State legislators in California have almost unanimously approved a bill
> > that would require retailers to employ stringent data protection methods
> > if they retain customers' personal information.  The bill refers
> > specifically to credit and debit card numbers, verification codes and
> > personal identification numbers (PINs).  Firms choosing to retain the
> > financial data would be required to follow security guidelines set by
> > the credit card industry.  These include limiting access to the data to
> > only those who need it to do their jobs. Firewalls would need to be
> > bolstered and all data would need to be encrypted when it is sent over
> > public networks.  A similar bill was vetoed by the governor last year.
> > The new version has removed a provision that would have held the
> > companies liable for the cost of replacement credit and debit cards in
> > the event of a breach.  The new version requires that the companies bear
> > the cost of notifying customers affected by breaches.
> > http://www.mercurynews.com/breakingnews/ci_10351650
> >
> >
> > privacy@xxxxxxxxxx wrote:
> >
> > >         Quickie Privacy Analysis of Google's New "Chrome" Web Browser
> > >
> > >                 http://lauren.vortex.com/archive/000420.html
> > >
> > > Greetings.  Google's new "Chrome" Web browser beta
> > > ( http://www.google.com/chrome ) hasn't been generally available for
> > > more than a few hours, and already I'm getting queries regarding its
> > > associated privacy policy
> > > ( http://www.google.com/chrome/intl/en/privacy.html ).
> > >
> > > So here's an "instant" quickie analysis, based solely on the info
> > > Google has provided as linked just above.  Please note that I have
> > > not yet looked into any possible privacy or security issues that
> > > people have asked me about associated with "borderless" applications
> > > (e.g. pages displayed without URL bars, etc.) -- nor do I at this
> > > time presuppose that issues of concern exist in that area.
> > >
> > > Cutting to the chase, it appears that -- with one exception that
> > > I'll discuss below -- Google's Chrome (no affiliation with
> > > "chrome.vortex.com" of course) by and large is defined to behave in
> > > a conventional manner when it comes to handling of privacy-sensitive
> > > data, including the provision of a "private browsing" mode similar
> > > to that in the latest version of Internet Explorer.
> >
> > > In particular -- to answer the most frequently asked question --
> > > there is no evidence that your routine Web site browsing URLs are
> > > transmitted to Google as you traverse the Net (I'm making the quite
> > > reasonable assumption that such data isn't somehow included in the
> > > default sending of "usage statistics" -- for which I did not find a
> > > precise definition).
> > >
> > > Chrome's anti-phishing system appears to be the same well designed
> > > Google-based mechanism -- using primarily hashed URLs -- employed by
> > > default in Firefox 3 as well.  No problems there as far as I'm
> > > concerned.
> > >
> > > The only really new privacy-related aspect that may concern some
> > > users in Google Chrome appears to be its "Google Suggest" feature
> > > tied into the URL address bar. By default this will send information
> > > to Google regarding the URLs that you enter directly, to enable URL
> > > suggestion data to be returned to the browser from Google.  This
> > > feature is somewhat similar to Firefox 3's new URL suggestion
> > > mechanism, however Firefox's lookup system operates using only local
> > > data in a much more limited fashion, without transmitting URL data
> > > off of your system during the lookup phase.
> > >
> > > So, again by default, if you entered:
> > > "http://www.yetanothersecretsite.com"; in the Chrome URL bar, that
> > > URL would apparently be transmitted to Google.
> > >
> > > Whether or not this represents a problem for any given user is up to
> > > them.  Obviously it is impossible for Google to provide a broad URL
> > > suggestion capability without knowing what you're typing on the URL
> > > line.  Note though that -- as described on the relevant Google
> > > pages -- virtually all of these related features can be disabled by users
> > > if they choose to do so.
> > >
> > > For now, based on the information that I currently have to go on,
> > > I'd give Google Chrome a thumbs-up from an overall privacy
> > > standpoint, with the proviso that individual users may not wish to
> > > accept all of the provided default privacy settings and should avail
> > > themselves of the ability to disable (or enable) any specific
> > > features as they feel appropriate.
> > >
> > > My "day one" summary for Google Chrome (as Arte Johnson used to say
> > > on "Rowan & Martin's Laugh-In"): "Very Interesting ... "
> > >
> > > --Lauren--
> > > Lauren Weinstein
> > > lauren@xxxxxxxxxx or lauren@xxxxxxxx
> > > Tel: +1 (818) 225-2800
> > > http://www.pfir.org/lauren
> > > Co-Founder, PFIR
> > >    - People For Internet Responsibility - http://www.pfir.org
> > > Co-Founder, NNSquad
> > >    - Network Neutrality Squad - http://www.nnsquad.org
> > > Founder, PRIVACY Forum - http://www.vortex.com
> > > Member, ACM Committee on Computers and Public Policy
> > > Lauren's Blog: http://lauren.vortex.com
> > >
> > > _______________________________________________
> > > privacy mailing list
> > > http://lists.vortex.com/mailman/listinfo/privacy
> >
> Semper Fi, do or die,
>
> Spokesman for INEGroup LLA. - (Over 281k members/stakeholders strong!)
> "Obedience of the law is the greatest freedom" -
>    Abraham Lincoln
>
> "Credit should go with the performance of duty and not with what is
> very often the accident of glory" - Theodore Roosevelt
>
> "If the probability be called P; the injury, L; and the burden, B;
> liability depends upon whether B is less than L multiplied by
> P: i.e., whether B is less than PL."
> United States v. Carroll Towing  (159 F.2d 169 [2d Cir. 1947]
> ===============================================================
> Updated 1/26/04
> CSO/DIR. Internet Network Eng. SR. Eng. Network data security IDNS.
> div. of Information Network Eng.  INEG. INC.
> ABA member in good standing member ID 01257402 E-Mail
> jwkckid1@xxxxxxxxxxxxx
> My Phone: 214-244-4827




<<< Chronological Index >>>    <<< Thread Index >>>