On Chrome Privacy - Mike West

Discussion in 'privacy technology' started by Searching_ _ _, Sep 24, 2011.

Thread Status:
Not open for further replies.
  1. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Responding to a comment about 'Facebook’s “frictionless sharing”' and how Google could do the same thing with Chrome, Mike West, A Chrome Privacy Team Member, writes:

    On Chrome Privacy - Mike West
     
  2. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Good article, not that anyone will ever hear it because it's not calling Google out.

    Most of what I hear about Chrome is "omg but in the future it MIGHT be evil."

    I'd love to see some people actually read an article that isn't pointing a finger at every company.
     
  3. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    I'd just love to see a thread where you don't have something to say. Even when you don't have anything to say you feel the need to chime in. I guess that's how you rack up 2,600 posts in 4 months. That's 140 posts a week!

    Do you work? Eat? Sleep?
     
  4. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Lol, damn Hungry, this must be all out assault night, eh? :D
     
  5. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    not even my most active forum!

    Yeah, I have school during the day. I make all of my posts before school and come home and reply.

    Yes, well, I was just on a bus for 4 hours and was pretty bored.
     
  6. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Lmao! Enjoy :D
     
  7. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Oh, I will. I'm just waiting for the ad hominems to start flying. Actually they already have in a few topics!
     
  8. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    @ LockBox, This is way out of line.
    I consider Hungry Man's posts to be very worthwhile contributions.

    @ Searching_ _ _ , Thanks for the Chrome Privacy article! :thumb:
     
  9. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    @Hungry Man: :eek: What's your WPM?

    As for Chrome privacy, I don't really care about it. Probably not much worse than using Google search which almost everyone does.
     
  10. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    My school has a typing class =p 100WPM or you don't move on to 9th grade.

    And I agree, if you want to look at privacy issues you should look at Google search and not Chrome. Not that I'm saying Google search has privacy issues... but at least there's a debate there.
     
  11. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    God I'm glad I graduated from school long ago, lol. Anyway, I think the issue with Chrome, is that it is so closely tied into search. Therefore, it is possible to make the same connections to privacy. Google is going to take privacy heat no matter what it does, simply because it chose to use advertising to keep it afloat.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Yup, pretty much.
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I think it's cool that Chrome founded a privacy team... a group of devs who "care about making Chrome’s use of data transparent" is just a fine idea.

    When West mentions that his team, among other things, "reviews features built by other teams for potential impact on user’s private information", do you think this is part of the vetting process for Chrome extensions? Is that (partially) what he is referring to?
     
  14. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    I would think so. It's not super clear.
     
  15. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I mean, the warnings on some of the extensions are (gulp) extreme...
    Chrome extension warning.jpg
    So West's words leave me wondering if he is alluding to the extension warnings.
    Maybe I'll email him and see what he says. :)
     
  16. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    Could be.

    Yeah, some of those really do come off as a bit scary. I mean "ALL OF YOUR DATA ON EVERY WEBSITE" you know? lol it's a bit much

    I am convinced that at some point we're going to see socially engineered malware in the form of browser extensions.
     
  17. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I suppose that hasn't happened yet (socially engineered malware in the form of browser extensions), or we would have heard about it, right?
    PS- Email sent to MW about vetting process. I'll post back any reply. :)
     
  18. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If it's happened I haven't heard anything about it. I'm not sure how much access extensions can have but I know they're javascript and I could imagine them being malicious if the API allowed for it.
     
  19. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    I have a new strategy I've been using and seems to be keeping me out of trouble.
    1. Don't antagonise other posters. (Mostly :D)
    2. Avoid responding to inflammatory posts. (I ain't no chicken! :D)
    3. Provide relevant and possibly unique information to the Wilder's community that will keep discussion going and hopefully doesn't create flame wars.

    There has been a lot of privacy related news lately, a boon for this section.
     
  20. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    I got a reply from Mike West.

    I asked him if, when he mentioned that his team, "reviews features built by other teams for potential impact on user’s private information", he was referring even in part to the vetting process for Chrome extensions?

    He replied that he was not.... "that's the security team, not privacy".

    So in the article, when he said that his team, "reviews features built by other teams for potential impact on user’s private information", he was referring to Chrome features, not externally written extensions.

    The extension warnings, he said, "are explicitly not a judgement from the privacy team".
     
  21. 1chaoticadult

    1chaoticadult Registered Member

    Joined:
    Oct 28, 2010
    Posts:
    2,248
    Location:
    Chaotic Land
    LOL 100WPM that is classic. :D



    Probably but as malware evolves, our security setups must evolve with it IMO.
     
  22. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    With what we know about google it makes you wonder WHAT WE DONT KNOW about Chrome! (I think its best to be questioned)
     
  23. inka

    inka Registered Member

    Joined:
    Oct 21, 2009
    Posts:
    406
    Without regard to the term used to describe the malware container ("browser extension" vs browser addon vs browser plugin vs browser toolbar vs BHO), yes, "that has happened" repeatedly through the years. A few examples:

    BitDefender labeled this one "Trojan.Agent.20577":
    http://www.spamfighter.com/News-14287-Fake-Google-Chrome-Extension-Used-to-Distribute-Malware.htm

    MS labeled this one "Win32/7FaSSt"
    (browser search hijacker, users wound up at 7search)
    http://www.microsoft.com/security/portal/Threat/Encyclopedia/Entry.aspx?Name=Program:Win32/7FaSSt

    TrendMicro labeled this spyware "TROJ_DROP.BP"
    (payload of a FF addon)
    http://blog.trendmicro.com/cyber-crimainals-target-firefox-users/

    RFSEARCHHANDLER.DLL
    (payload of RegFreeze browser extension)
    CLSID {CDB280E8-BE43-4128-8A5A-3FCD094E2D88}


    further reading:
    www.mike.tl/publications/virology08-4-3-tlv.pdf
    and
    www.cs.uic.edu/~venkat/research/.../extensible-browser-dimva07.pdf
    also ref
    "Crimeware: understanding new attacks and defenses"
    by Markus Jakobsson and Zulfikar Ramzan
     
  24. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    What we don't know about Chrome?

    Uh, it's an open source browser. You can have a look at the code yourself. If you honestly believe there aren't people scrutinizing the details of the code looking for privacy issues... I don't know what to tell you.

    I'm almost curious to see what you think you know about Google though... almost.
     
  25. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    Again, it's just the nature of their business that spooks people (including me to an extent, admittedly). They rely on advertising and personal data. Without it, they're done, cooked, extinct. I don't think anyone who has ever bothered to actually read about online advertising would disagree that it's very often a shady business. With Google relying on such a business, they, by the nature of most people, get lumped into it. Plus, it never helped that Eric Schmidt opened his mouth a little too often about his lack of concern for privacy.

    You see the same thing happening to Mark Zuckerberg and Facebook. When the companies and their leaders openly blow off concerns, it gets under skins. Google has themselves to blame for a lot of this backlash, they've shot themselves in the foot quite a few times. Do I think they have their own little section over at Ft. Meade? No. Do I think they'll skirt around things and stay in the "gray area" as long as they can for the extra cash? Yes, I do, and they've proven they will.
     
Loading...
Thread Status:
Not open for further replies.