Shape up on privacy, researchers tell Google
p2pnet news view Advertising | P2P:- Giant online advertising company Google has been plagued with serious security and privacy problems virtually since it started.
Now, rather than place the onus on customers to actively ask for adequate protection, Google should make security and privacy the default.
So say 38 international privacy and security vresearchers, among them Ian Kerr, Canada research chair in ethics, law & technology, University of Ottawa, and Jeff Moss, founder and director, Black Hat and DEFCON, and a member of the US Department of Homeland Security Advisory Council.
To do otherwise is putting millions of users at risk of being defrauded, they say in a six page open letter to Google CEO, Eric Schmidt.
As things stand, users are vulnerable to a host of attacks when they use an open or badly secured network, particularly a public WiFi spot, the researchers declare, demanding Google honour important privacy promises it’s made, and that it protect communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar.
“Google already uses industry-standard Hypertext Transfer Protocol Secure (HTTPS) encryption technology to protect customers’ login information,” says the group, going on »»»
However, encryption is not enabled by default to protect other information transmitted by users of Google Mail, Docs or Calendar.
As a result, Google customers who compose email, documents, spreadsheets, presentations and calendar plans from a public connection (such as open wireless networks in coffee shops, libraries, and schools) face a very real risk of data theft and snooping, even by unsophisticated attackers. Tools to steal information are widely available on the Internet.
Google supports HTTPS encryption for the entire Gmail, Docs or Calendar session. However, this is disabled by default, and the configuration option controlling this security mechanism is not easy to discover. Few users know the risks they face when logging into Google’s Web applications from an unsecured network, and Google’s existing efforts are little help.
Support for HTTPS is built into every Web browser and is widely used in the finance and health industries to protect consumers’ sensitive information.
Google even uses HTTPS encryption, enabled by default, to protect customers using Google Voice, Health, AdSense and Adwords.
Google should now extend this degree of protection to users of Gmail, Docs and Calendar.
Signees include: Ian Kerr, Canada research chair in ethics, law & technology, University of Ottawa; Jeff Moss, founder and director, Black Hat and DEFCON and a member of the US Department of Homeland Security Advisory Council; Bart Jacobs, professor of computer security, Radboud University, Nijmegen, The Netherlands; Ian Brown, senior research fellow, Oxford Internet Institute, University of Oxford; Peter G. Neumann, SRI International Computer Science Lab and moderator of the ACM Risks Forum; and, Chris Hoofnagle, director, information privacy programs, Berkeley Center for Law & Technology, University of California, Berkeley School of Law.
June, 2009
Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php
Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details.
