Kicking the Google Habit

August 25, 2009 at 6:08 pm | In Life, Privacy/Security | 1 Comment
Tags: , , , ,

With my current move towards using totally free (as in speech) software, joining the FSF (Free Software Foundation), and all the things that are driving these decisions, I find myself questioning my use of Google.

Now, before people write me off as an anti-Google nut-bar, let me clarify my position. I do not think that Google is evil or trying to take over the world. I do think that Google has become a behemoth and despite the wonderful ethos of it’s founders it is now a publicly traded company and that means answerable to the shareholders and thus the bottom line. People shouldn’t fool themselves. Google is profit driven, not peace and goodwill driven. I have watched as their privacy policies on new services have become increasingly invasive. I have seen them use their very successful model of offering “Free” services to get a large user base that they can mine. I have watched as they add ever more services to broaden the scope and breadth of their data mining capabilities.

Due to the above I, like others, have become increasingly concerned about the concentration of data. Consider if you will, what Google can learn about a person using their services:

  • What you Read → Google Books, Google news, Google Reader, Google Scholar, Google Groups
  • Who you talk to → Google Talk, Google Groups, Gmail, Okurt, Google sites, Google Docs
  • What you say,write,create → Blogger.com, YouTube.com, Google Sites, Google Groups, Google Talk
  • Where you spend you money → Google finances, Google checkout, Google product Search.
  • What you are interested in → Google search, Google Alerts, Google Bookmarks, Google WebHistory

As you can see from the list above Google could quickly build a fairly complete dossier on anyone using their services. Add to this the fact that the above list doesn’t take into account Google tracking and analytic services (which operate on thousands of non-Google sites) which I am sure benefit from people that use a Google account and fail to logout before they go browsing the web.

If a person sat and really thought about it they might well end up feeling a little paranoid and they might be right to feel that way.

As for me, I do not think that Google has any vested interest in me other than trying to get advertising in front of me (good luck guys :) ). I have long ago blocked google adsense, google-analytics, and other google tracking and advertising systems that google runs. I use Scroogle or ixQuick for my searches to keep my privacy. On the rare occasions I watched YouTube videos I did so without going to the YouTube site when possible. I was working to protect my privacy.

But then I slipped and got a gmail account just to “check it out” at first. It became my main account over time. (it really is one of the nicest webmails out there). I rationalized that since I used POP access and regularly completely flushed the account, that I wasn’t giving away too much. None of the “Free” webmails are truly free. They all advertise and I suspect that most track and collect information on the people using them.

The problem was that Gmail was my gateway service, to get it I had to set up a Google account and that led to me using other Google services. I soon found myself using Google Reader. I have 2 laptops and it was nice to be able to read my morning headlines from either. Then I found myself using Google talk. Not a lot. Just as the service that my Microblog updates flowed in through… But you can see the trend starting.

Luckily due to this recent push in my life to be “Free” as in speech and due to my normally abnormal (for this day and age) attachment to my privacy, I woke up and realized “Egad”. Here I am just giving my information away. It is truly interesting to see how “just checking out Gmail” had started to turn into giving away all my privacy.

Now, due to who and how I am I’d never have used all of Google’s services. The thought of using Google Docs is anathema to me. I’ve been around since the early days of the Internet so I prefer to actually read the Usenet (Google Groups is mostly just a front-end for the Usenet) directly. And other services just don’t appeal to me. Where they got me, and in truth might have continued to pull me in further is with new services (Gmail was new when I signed up). I’m sure that when Wave comes out the “techie” part of me will want to go and check it out. This time however I think the “sorry, no, that’s my privacy we’re talking about..” side will win.

I have now taken steps to correct my slip. I’m quickly phasing out Gmail. I’ll phase out Google Talk also. I have moved my RSS feeds off of Google reader and into a feed reader on my laptops. I’ve moved my Microblog updates to come in on my Jabber account thus depriving Google of that stream of information. It feels good. I’m well on my way to kicking the Google habit. My goal is to be 100% Google free before the end of the year. I hope to nuke my Google account in less then 3 month. (I have to make sure I didn’t miss changing my e-mail some place so that nothing breaks on me).

I’d like to challenge others to try and do the same. I know that many people will not feel inclined to completely remove Google from their lives.. But take a few moments and think about just how much information you’re streaming through Google. Then think about how you can go about reducing that. Perhaps start by dropping the services that feel like they are giving away too much personal information first and go from there.

I’ll write more on this journey as it evolves, It will be interesting to try to be 100% Google free.

Flash reduced diet.

May 26, 2009 at 5:14 pm | In Life | 2 Comments
Tags: , , , , , ,

I realized today that I no longer required Flash for video conferencing (had a friend that wasn’t on Skype until recently). And thus I now had the chance to loose a huge proprietary blob from my nice open source system. So out goes Adobe Flash 10 and in goes Gnash.

Today is the first day of living with a Flash reduced diet on my main delaptop (laptop that sits on my desk all day). I have learnt from using my OLPC XO as my main mobile computer that life can go on just fine sans Flash. However after removing Flash from my main delaptop I find myself wondering how much my productivity will increase now that I will be less distracted by cute videos and the like. I’m not talking about ads they don’t exist on my systems thanks to things like “Adblock Plus“. I’m talking about all the “check out this cool vid..” and “Isn’t this cute (Flash animation)” that us netizens are bombarded with daily.

I can already feel myself being more focused.

Other benefits of installing Gnash. I have a LOT more control over privacy, and a lot more control over the Flash content that I do choose to watch.

I understand that a Flash reduced diet isn’t for everyone. It breaks a lot of the stuff on the web because Flash is way over used. That, however, is one of the reasons I rail against it. I hate being railroaded into using some proprietary thing just because it is popular with the masses, or because it make web 2.0 development fast and easy, and lets admit it one of the large reasons for Flash adoption is so companies can pollute your system with LSO’s which most people don’t know about or how to get rid of. Because in the eyes of companies deploying Flash.. Track you they must.

Privacy and the XOs BrowseActivity

February 5, 2009 at 3:23 pm | In Privacy/Security, XO | Leave a Comment
Tags: , , , , , , , ,

As mentioned in earlier posts I have been looking into ways for users to increase the Privacy/Security stance of the BrowseActivity. My biggest annoyance in this field so far has been the lack of a way to clear cookies and the browsing history. I was further miffed to find that the BrowseActivity completely ignores some of the About:config settings related to the history and p cookies.

I have found the the following do work:

using about:config and setting:

network.cookie.cookieBehavior to  1 will indeed block third party cookies.

network.cookie.lifetimePolicy to 2 will make all cookies “session only” clearing them when the browser closes.

The above two settings will only effect cookies that come in after the settings are changes third party and persistant cookies that came in before will be uneffected. But we’ll clear thous out in a sec.

you can control Java and JavaScript with:

security. enable_java and javascript.enabled . They can be set to true to allow or False to disallow either java or javascript. Keep in mind that the XO does not ship with a Java run time environmentso the effects of security. enable_java are meaningless unless you install Java. Disabling JavaScript will break many sites but is also a lot safer so you might what to write that down some place if you think you might ever take your XO to risky websites.

Now for the History and Cookies.. After some poking around I found that the XOs Browse Activity stores cookies and the history in sqlite databases. These can be tricky to track down, but not to worry. if you have a G1G1 XO. (I’m guessing that is most of you). you can:

open the Terminal Activity

Become root with either the “become root” button or by typing su – at the commandline

change back to the olpc directory with: cd /home/olpc

then type: find isolation/ -name places.* -delete

that will find and delete your browsing history (where you’ve been)

now type: find isolation/ -name cookies.* -delete

you guessed it, that will clear out all the cookies.

If I have the time I may write a quick Activity that will flush the cookies and the Browsing history, If I get really clever with it it might even be able to remove all of the “Browse Activity”s from the journal. But at least you have this for now.

If you are worried about Browsing privacy on the XO you might also want to check out my post on Privoxy on the XO

Happy and safe computing :)

Blocking Ads on the XO’s Browse Activity

January 6, 2009 at 4:28 pm | In OLPC, Privacy/Security, XO | 1 Comment
Tags: , , , , , , ,

I have been noticing several post by people wondering how to block ads on their XO’s. Being familiar with Privoxy and it’s ability to block ads I decided to go ahead and try setting it up. It was fairly easy so here is a Quick Howto.

On your XO make sure you are connected to the net and then…

Open a terminal activity

Click the “become root” button (or enter the command: su - )

Enter the command:

yum install privoxy

Once it is done installing you will need to make one quick change to the config file. So type

nano /etc/privoxy/config

Scroll down till you see the line:

logdir /var/log/privoxy

change it to:

logdir /tmp

I had to do this because the /var/log/privoxy directory doesn’t survive the machine restarting.

Press CTRL+X to save and exit

You’ll now be back at the Terminal Activity prompt.

We need to tell Privoxy to start-up at boot time so type:

chkconfig privoxy on

We should also start privoxy now so type:

service privoxy start

Alright, now it is time to set up the Browse Activity. Exit the Terminal Activity. Start the Browse Activity and in the address bar type:

about:config

A rather daunting page will come up tht looks like this:

config settngs page

The about:config settngs page

In the filter line type: proxy

The Screen will chance to look like this:

config Proxy settings

about:config Proxy settings

Now we need to change a couple of the settings.

double click on network.proxy.http

a dialogue will pop up letting you enter the new setting.

Enter localhost and click ok.

Now using the same technique change

network.proxy.http_port to    8118

network.proxy.ssl to   localhost

netwok.proxy.ssl_port to   8118

network.proxy.type to  1

After doing so your screen should look like the image above (may not be exactly the same but the 5 settings I mentioned should now all be bold, have a status of “user set”, and the appropriate values).

Now we can test the settings.. in the address bar type p.p and you should get a screen that looks like this:

Privoxy Sucessfully set up

Privoxy Sucessfully set up

If instead you get a screen that looks like this:

Failed To Connect to Privoxy

Failed To Connect to Privoxy

Then either privoxy is not running or you entered one of the proxy settings incorrectly. Double check the setting in about:config. If they are fine go back to the Terminal Activity, become root, and type:

service privoxy restart

and watch the output carefully for errors.

Once you have it up and running I suggest giving it a couple of days on the default settings as privoxy is configured by befault to block may ads. If you find there are some annoying ads still getting through you can  add extra rules to privoxy. Please read the documentation on the privoxy website before you embark on making changes. The built-in interface at http://p.p lets you add/modify rules if you change the approrpiate line in the config file (see the docs on the Privoxy website).

Enjoy!!

My next blog entry will be on using about:config to make browsing on the XO more private/secure.

Get you head out of the coulds

November 12, 2008 at 1:25 pm | In Privacy/Security, Tech | 4 Comments
Tags: , , , ,

This will be a posting on why I, like and others, think this movement to “cloud computing” is a bad idea.

Privacy

Why, for gods sake, why would people willingly had over their sensitive personal documents to some corporation that can then do with it as it pleases? Scan it for key word, so they can advertise to you better, or to see if you are a threat to their business model, etc. Then there is the fact that all this glorious, wonderful, information will be sitting in one pot begging over zealous governments to go snooping. “Hey Google, this is the NSA. We suspect that terrorists might be using Google Docs. We are invoking the Patriot Act. Please hand over all the files stored in the Google Docs servers.” It can happen. The US government already went fishing for search histories a few years back.

Even if you totally trusted your government and large corporations to be completely hands off with all this data. There remains the fact that this huge pool of data will be a big target for malicious hackers. these individuals must be salivating at the thought of millions of files accessible in one place. Not just for the wealth of information, although that would be enough to get them interested. But imagine the possibilities. hack an account, change the password, and then ransom the data back to the owner. Hack an account, deposit illegal materials, call the cops on the owner of the account. hack business accounts and silently watch what goes on selling the important bits to competitors. Write themselves into someones will, or just be a nuisance and corrupt data is a manner that they find humorous. It is just a bad idea to make all your data network accessible.

Fees

Right now, many of these offerings are free. But I suspect that once enough people are on-board and their precious data is tied up in another companies servers we’ll start to see access fees. The companies that are offering to host the cloud aren’t doing it as a civil service. They are doing it because they perceive some way to monetize either your access or your data. Sure, you might say, well if that start then then I’ll pull my data and run.. But then what was the whole point of this cloud exercise.. other then giving some corporation a peek at your data.

a step back to client/server model

This is a conceptual step backwards. This is going back to the old Server/Client way of doing things, just with a shiny new name. This dis-empowers the individual and empowers the corporation. Which brings us to my next point.

Tenuous benefits

I can see few benefits to this “cloud” concept. I don’t see a Utopia of accessibility in this what I see is a world where my data is locked behind proprietary web applications and interfaces and I’m forced to pay a fee every time I want to edit a document, or a monthly fee so my data doesn’t go in the bit bucket when my account runs out. I see a world where a failure of the electrical grid (black out of 2003), failure of some part of the net, or even a DDOS attack on the hosting companies servers means I can’t get at my data.

Most of all I see no reason for it all. Hard drive storage is insanely cheap right now. I can get a 1TB external USB drive for $200. Laptops are cheap portable and powerful, free Peer-to-Peer technologies exist that make data collaboration easy. If I keep my data on my laptop, or my external drive my privacy concerns are hugely reduced. if I host things on a SVN server accessible through a VPN, my colleagues can collaborate on the documents with ease. And still the data is totally in my control and far less susceptible to power failures, etc.

In short, the “cloud” makes data less accessible, less private, less secure, less reliable, and less cost effective. Why, Why, Why would anyone go this route.. unless they have their head stuck in the clouds.

Thoughts on the “WPA crack”

November 6, 2008 at 11:17 pm | In Privacy/Security | Leave a Comment
Tags: , , , , , , , , , , ,

There is going to be a lot of hubbub about the announced WPA crack.

Is it important?!

Yes

Is it the end of the world or Wifi!?

Not by a long shot.

First, It is important to note that all the detail aren’t out yet and wont be for a week. What we do know is that it’s TKIP that was cracked not all of WPA and only half of the conversation is cracked (router to client) the other half (client to router) is still secure (so far).

It is also important to remember that WPA/TKIP was a stopgap measure till until the industry could get WPA2/AES support out, hardware wise, and into the various operating system. Basically, if you set your router to WPA2/AES (not WPA2/AES-TKIP) you are still bullet proof. The only people that this will be a big problem for is people on older hardware that can not support WPA2/AES.

Also, any businesses with sensitive data on a wireless network SHOULD already be using WPA2 Enterprise and a Raduis server.

There is going to be huge amounts of hype about this. It’ll make good fodder for the content hungry non-tech savvy 24 hour news cycle. But the reality is that only part, of a stop-gap, and outdated version of WPA has been cracked. There is a widely available, well supported more secure option, readily available and probably in most peoples homes already.

So, I’m short, the crack is news. It will definitely be cool to see how it was achieved. Clearly serious study and thought went into it. It however, is not “the end of wifi”, or “a major problem” or even “something that wasn’t anticipated”.

So, breath, check that your wifi routers are set to WPA/AES and relax.

et tu printer!?!

October 25, 2008 at 11:49 am | In Privacy/Security | Leave a Comment
Tags: , , , , , , ,

Once again I find myself writing about corporations doing an end run around peoples privacy. I’m a big Fan of the EFF and watch their blog. I was a bit shocked yesterday however when they posted an article on how peoples printers are covertly leaving identifying information on everything they print. What kind of identifying information. Oh just things like the serial number of the printer that printed the document, when it was printed and in some cases by whom.

Do these printers come with warnings about the fact that they are violating your privacy? NO!

Are the manufacturers legally obligated to make their printers do this? NO!

Is there a way to turn it off? NO!

Are there laws to prevent law enforcement or governments from misusing this information to your detriment? NO!

Want more information? Rather then re-invent the wheel I’ll just list the relevant EFF pages here:

The EFF Blog entry about the issue

SeeingYellow.com – A site that help you register your dislike (outrage?) at this issue with affected printer manufacturer.

Things you can do to further help EFF study the problem and effect change.

More information

All About WebBugs

October 14, 2008 at 12:03 pm | In Privacy/Security | 1 Comment
Tags: , , , , , , , , , ,

What is a WebBug anyway?

A webbug or web beacon, pixel tags, tracking bugs, etc are tiny 1×1 pixel images (gif, jpg, png, tif, etc) (and increasingly Flash objects) that companies put into websites or e-mails to track where, when, and by whom they are viewed. On most modern computer screens a single pixel is very hard to see. Even if that weren’t the case 99% of the time these images are transparent so even if you have fantastic eyes you wont see them.

Isn’t this just done by evil hackers/Spammers?

There is a growing trend for large online companies to use these bug/tags to track people. This is partly due to the fact that browsers have gotten better at letting people block older ways of tracking you (cookies, ad banners, etc). So it is the next step in an ongoing techie arms race. Good techies trying to protect your privacy/anonymity. Corporate techies trying to track you so people can make money off of you, or off of people that will pay to know what you are interested in.

A prime example of this is Yahoo’s decision to start using webbugs.

Should I be scared?

Web tracking is nothing new, this is just the next step in the dance. So, being scared is probably over reacting a wee bit. You are perfectly justified in feeling concerned, annoyed, pissed off, righteously indignant, or just plain peeved. Privacy is a right and these folks are dancing around that as best they can.

What can I do?

Unfortunately there isn’t one simple, install this program and it will all go away, type thing you can do. However, this does not mean that there isn’t anything you can do. There are some definite steps you can take to protect your privacy and I’ll cover them briefly here.

E-mail:

I’ll start with e-mail as it is probably one of the easier things to protect from webbuggery. First set your e-mail client to never touch remote/online images. This alone will stop many webbugs in their tracks. If there is such an option consider setting your mail client not to render HTML at all. (this might be a bit drastic for most people). Definitely disable Java, JavaScript, VBScript, etc in e-mails. In this day and age having a scripting language active in your e-mail client is tantamount to leaving your keys in your car with the doors open.

Other things you might want to consider:

Digitally signing all e-mails you send (makes them tamper proof).

Sending mail in text only format (yeah, I know, no smilies.. but safer).

Digitally encrypt all e-mails so they can’t be viewed “in transit”

How to make Browsing safer:

Unfortunately since browsing means loading pictures, blocking webbugs while browsing takes a bit more work. Basically you need a system to block the undesirables. There are many options out there but all take at least some work to set up. One of the easiest is the Adblock Plus extension to the Firefox browser. It makes blocking undesirable elements in a webpage quite easy. The problem is that the webbugs are impossible to see so you have to use the “tools -> page info -> media” function of the browser to locate what elements are 1×1 pixel in size and then block them. Not all 1×1 pixel things are bugs. luckily the bugs are often easy to spot as they will come from a source outside the page you are viewing, or will have a fairly obvious hint in the URL like “adserver.”, “adscript.”, “track”, etc. Adblock Plus also offers free filter subscriptions which it will use to get block lists that have been generated specifically for it. The “ABP Tracking Filter (by rick752)” under miscellanious does a good job on blocking many of these webbugs

This is a bit of a pain in the posterior but once it is done you are pretty good to go. You will still want to check from time to time to make sure that there are not any new ones.

The same approach can be used if you have a router that supports a block list. Just keep adding the nasties to the list and soon you’ll be browsing much more safely. The one drawback to this approach is that some webpages try to use Java/Javascript to load up the ads/webbugs. Having them blocked at the router can sometimes make the page stall while Java tries to get the offending material but can’t reach it.

Other options exist such as Privoxy which is a software proxy that will clean a lot of this stuff up for you. My problem with a solution like this is that although Privoxy is very good at what it does I can’t be sure it’s catching everything I want it to.

The best approach, and the one I use, is a combination of the above. Things that don’t block well at the router I block with Adblock Plus and NoScript. I use Privoxy (and Tor) if I am going some place I am unsure about and definitely wouldn’t want tracking/spamming me.

In the end the decision of what to do about this issues is up to you. It’s your privacy, It’s your choice. Sadly many people feel their privacy isn’t worth the effort it takes to set these filters up.  The things I have talked about here is not a complete list of the options to protect ones privacy. Unfortunately going into all the options would make this document far too long and probably make it classify as a good sleep aid for most people.

Included below are some links for further reading on the subject. Enjoy.

Yahoo’s “Web Beacons”

Privoxy

Tor

Firefox

Adblock Plus

Peer Guardian

GnuPG – e-mail signing/encrypting

WebBug Articles:

http://www.leave-me-alone.com/webbugs.htm

http://www.spywareinfo.com/articles/webbugs/

http://www.securityspace.com/s_survey/data/man.200609/webbug.html

Jaiku’s new Lack of “Privacy Policy”

August 28, 2008 at 11:08 am | In Privacy/Security | 1 Comment
Tags: , , , , , , ,

With Jaiku moving on to Google servers there has been a new Terms of service and a new Jaiku Privacy Policy issued. You must agree to these to continue using the service. The Terms of Service seem pretty straight forward.. but the new Jaiku privacy policy has some startling and bad terms in it, in particular:

If you use a mobile device client, we collect, in addition to your phone number, your presence information (including location information, such as cell id), your Bluetooth mac address, Bluetooth mac addresses of nearby users, your mobile device status (including whether you are using the device, whether the phone is idle, and the phone’s ring profile), mobile device usage statistics, the duration and description of current/previous/next calendar event, and an indication of whether a call is currently in progress (3G only).

WTF!! If I/you/anyone Posts to Jaiku from a cell phone Google will:

a) Collect location information.

b) Pillage your calendar for current/previous/next events!!!!

c) Invade the privacy of people around you by collecting their Bluetooth mac addresses (remember they know where you are.. so now they know where these other people are also)

d) Collect ringing and call status (which most likely includes the # of the person at the other end of the line (thus invading their privacy))

Remember this isn’t “information that is incidentally sent to us, but we discard”, this is clearly listed as “Information we collect”. That means keep and do with what they want.

I can see no possible justification for raping someones phone like this and the invasion of the privacy of innocent bystanders (who most likely have not agreed to have their information collected). (yes Google that is what you are doing no matter how you try to sugar coat it. If you are finding out where someone is,and when. (third party bluetooth mac) You are collecting information about people not party to your little agreement. The same goes for someone that the Jaiku user may be talking to on the phone.)

I think people should scream at Google about this. In my opinion it’s unjustifiable, it’s wrong, and it’s evil (yes, you heard me Google, IMHO you’re doing serious evil here)

I’m going to use this last paragraph to apologies for perhaps being a little unbalanced. I just find it completely unacceptable that Google would use the technology in a users phone to invade the privacy of bystanders. It is bad enough that they pillage the users phone for as much information as they can get about the users life.

Cuil?

July 28, 2008 at 4:22 pm | In Tech | Leave a Comment
Tags: , , , , ,

People are asking will Cuil kill Google. My answer is.. Not any time soon. why? check out these search comparisons:

Google search for Cuil

Google searches Cuil

Google searches Cuil

Cuil search for Cuil

Cuil searches Cuil

Cuil searches Cuil

or

Google searches tr2n

Google searches Tr2n

Google searches Tr2n

Cuil searches tr2n

Cuil searches Tr2n

Cuil searches Tr2n

Even though News articles quote Cuil as claiming that they won’t store searches.. they currently have no Privacy policy on their site. So, until I see a detailed privacy policy on their site I am assuming that they are leaving the door open. Apparently a lot of people have invested a lot of money into Cuil.com and they are going to want to see a return.. So Cuil needs to figure out how it’s going to make money and make it’s investors happy.. and that often means idealistic ideas going out the window.

My overall take, unless Cuil starts offering up more recent, currently relevant, search results they will fall by the wayside.. things change very quickly in the web 2.0 world. Today’s hot search term is dead and forgotten 3 days from now. The wonder of Google is that it keeps up.. if I hear there is new buzz about Tr2n or Cuil.. I can find it on Google. Cuil doesn’t seen to have this going for it (yet) and I suspect that this will frustrate many potential users.

As for the “Not storing searches”, I’ll believe it when I see it in a privacy policy on their site (and when it has been independently verified). I think the lack of a privacy policy on their page when they launch is a clear indication that things are in flux.

—– Update Cuil adds privacy policy.. I’m reading it now (Mon Jul 28 19:55:06 UTC 2008) —-

O.K. congrats to Cuil.. their Privacy policy VERY clearly states that they do not store or track searches or searchers. KUDOS guys.. I still think the relevance of searches needs work tho.

Next Page »

Blog at WordPress.com. | Theme: Pool by Borja Fernandez.
Entries and comments feeds.