Tags: Cloud, google, googlefree, printing, privacy, security
O.k. people know I’m no fan of Google. In fact I’ve taken great strides to eek out a Google Free life on-line and off. People also know that I think the whole “Cloud” thing is the biggest pile of marketing crap in years, designed to put a nice spin, “oh! its soft! it’s fluffy! it’s free! it’s like a cloud!” on a huge step backwards to a time when people had to pay through the nose for server time to do any computing. “Cloud” is about stripping away your power and autonomy so that the owners of the “cloud” servers can sell it back to you.
This is exactly the case with Google’s cloud printing. They are going to make your life easier.. Or so they say.. and it’ll only cost you.. oh… all your privacy.
The first thing I’d like to clear up is a lot of people are claiming that this will do away with printer drivers and having to install them. If you read the documentation from Google this is plainly not the case, unless you are talking about an (at this point mythical) cloud aware printer. For “legacy” (a.k.a every printer out there today) printers you will not only need to install the drivers you’ll need to install a “proxy” on your computer to make the printer cloud aware. Oh and then you’ll have to leave the computer with the proxy on it powered up and on-line 24/7 if you want to use the print from anywhere anytime functionality.
Still a good deal you say? All that convenient printing and all you had to do was put a Google proxy on your machine and install printer drivers that you would have had to install anyway. Not so, Say I. You have to consider that now everything you print via this “cloud” is flowing through Google’s servers, and you can be 100% sure they will be scanning them and using what they learn to sell ads aimed directly at you. (Oh, and storing the info for who knows how long.)
As witnessed above I have two major problems with this whole idea and one that hasn’t be talked about yet. This takes a local and generally secure activity, printing, and turns it into an on-line and thus potentially insecure activity. It also is completely unnecessary. There already exists a “print from anywhere” over the Internet technology, and Hey, it doesn’t go through Google’s scan everything servers. It’s called “Internet Printing Protocol” and is supported by CUPS out of the box, and readily available on Microsoft machines too. You could set this up almost as easily and have all the joy of a Internet facing printer (including the security concerns). The ONLY reason Google isn’t promoting this is that it doesn’t send the data through their servers.
The third and as yet unmentioned annoyance about all this is that Google is clearly looking to have this technology “embedded” in printers and routers so people will only see the “print from anything anywhere” and not realize the cost in bandwidth, security, and privacy.
“This current requirement is why we are excited about working with the industry to build native support for cloud print services into their printers. We are also hoping some clever folks in the community will build proxies-in-a-box (like routers with print server abilities) so users get all the benefits of the proxy without needing to leave their PC powered on.”
Poor Chrome OS users are going to be bolted into using Google Cloud Printing.
” Google Chrome OS printing
Google Chrome OS will use Google Cloud Print for all printing. There is no print stack and there are no printer drivers on Google Chrome OS!
When users print from a web app that directly integrates with Google Cloud Print, then that works as described earlier with no involvement from Chrome OS. When users are printing a web page that is not making use of Google Cloud Print (such as a boarding pass, movie tickets, a magazine article, etc.), the app that is printing is the Google Chrome browser on Chrome OS. In this case, Google Chrome on Chrome OS is a native app that uses Google Cloud Print and common print dialog. The content to be printed is uploaded to the Google Cloud Print along with the job ticket information and then sent to the printer. More details are in the design document.”
So to sum up. Google Cloud printing:
- Bad for autonomy (takes something you can do yourself and make you depend on Google for it).
- Bad for privacy (sends what would other wise have been local data out to the Internet, scans it, stores it, and sends it back again.)
- Bad for security (sends local data over the internet.Increases your “attack surface” but having the Google print proxy open to the net.).
- Ignores IPP that offers many of the same features without Google in the middle.
Just plain BAD.
Tags: security, privacy, flash, gnash, HTML 5
It finally happened today. I finally just got totally fed up with the draconian and proprietary nature of Flash on the web. The result of this is that I have decided to go completely Flash free.
Now, those that have been following my “Flash reduced diet” Line of posts, will know that I have been using Gnash instead of Flash for a while now.
A recent turn of events that has driven this decision is that many websites now REQUIRE Flash 10 or above, and even though Gnash is quite compatible with flash (up to Flash version 8 ) these websites refuse to talk to me. No Backwards compatibility. Also using Gnash I have been able to watch and learn that many, many, websites will use flash just to put up an image. The only reason to do this is that the websites wants to set a Flash super cookie and circumvent users browser privacy settings. As I mentioned before Gnash as a wonderful option to send all the LSO’s (super cookies) straight to /dev/null/ (a special black hole from whence nothing returns for those not familiar with *nix systems).
With the advent of HTML 5, which my browser supports there is no longer any NEED for Flash. (unless a website needs to try and circumvent users privacy). I therefore have decided to vote with my virtual feet. If a website requires Flash to a point that it will not function. Then they can forget about my viewership. I refuse to be forced to use a piece of proprietary software that goes against my beliefs (I firmly believe in the four fundamental freedoms as enumerated by the FSF), and most likely is there to remove my privacy, and in many cases my security (Flash has had several major security holes over the years).
Even though Gnash is trying valiantly to make a free (as in speech) version of Flash (thanks Guys) I feel the time has come for people to start abandoning Flash in droves. Insist on your right to privacy, security and freedom! Insist that websites start using HTML 5 and the free/open Vorbis/Thoera codecs (that means you YouTube). Insist that websites stop trying to set super cookies that ignore the browsers settings. Insist that you shouldn’t need the latest version of some proprietary software that wont work on many older machines just to view a simple web page that should work on all machines.
How do you do this? Uninstall Flash and anything that supports Flash (sorry Gnash guys), and when you hit a page that refuses to work with your browser either write the page owner and complain or lie and say your and iPhone.
That is enough for now. I’ll let you all know how my now Flash Free life goes.
Tags: aes, crack, privacy, raduis, router, safe, safety, secure, security, TKIP, WPA, wpa2
There is going to be a lot of hubbub about the announced WPA crack.
Is it important?!
Is it the end of the world or Wifi!?
Not by a long shot.
First, It is important to note that all the detail aren’t out yet and wont be for a week. What we do know is that it’s TKIP that was cracked not all of WPA and only half of the conversation is cracked (router to client) the other half (client to router) is still secure (so far).
It is also important to remember that WPA/TKIP was a stopgap measure till until the industry could get WPA2/AES support out, hardware wise, and into the various operating system. Basically, if you set your router to WPA2/AES (not WPA2/AES-TKIP) you are still bullet proof. The only people that this will be a big problem for is people on older hardware that can not support WPA2/AES.
Also, any businesses with sensitive data on a wireless network SHOULD already be using WPA2 Enterprise and a Raduis server.
There is going to be huge amounts of hype about this. It’ll make good fodder for the content hungry non-tech savvy 24 hour news cycle. But the reality is that only part, of a stop-gap, and outdated version of WPA has been cracked. There is a widely available, well supported more secure option, readily available and probably in most peoples homes already.
So, I’m short, the crack is news. It will definitely be cool to see how it was achieved. Clearly serious study and thought went into it. It however, is not “the end of wifi”, or “a major problem” or even “something that wasn’t anticipated”.
So, breath, check that your wifi routers are set to WPA/AES and relax.
Tags: Firefox, privacy, security, settings
With the continuing spread of Phorm, Nebuad, and their ilk and the growing trend for governments and ISPs to record where you go and what you do I felt it would be worthwhile writing a series of articles on how to harden you privacy.
The fist thing I’d suggest is that people use Firefox 3. I find it to be more secure by default, easier to configure to be secure and private , and it has a number of security and privacy related add-ons.
First let me talk about the settings in Firefox 3.
on the “Privacy” page:
“Keep my history for at least x days“
I always uncheck this. Having your history hanging around is a privacy nightmare.
“Remember what I enter in forms and search bars“
Another privacy nightmare. I strongly suggest you uncheck it. There are applications out that that will do their best to pull this information out of your browser.
“Remember what I’ve downloaded
I leave this checked but have the browser set to clear all the data from it at the end of the session (when i close the browser). In my more secure profiles (like the one I use for Tor) this option is unchecked
Accept Cookies from sites
I leave this one checked in my standard browser but un-check it in my Tor (secure browser) profile. Again I have the browser set to flush all cookies when it closes.
Accept third party cookies
I always uncheck this one 95% of “third party cookies” are used by advertising and web metric firms to track you. something you definitely don’t need.
The most secure setting for this and the one i suggest is “I close firefox“. by setting it this way all cookies are flushed as soon as you close your browser. Which is good. It makes you much harder to track with cookies because the companies are always having to start with a new cookie, It avoids “oopses” caused by forgetting to sign-out of a site. (if the cookie was still there people using the computer after you could/would have access to the account you forgot to log out of).
Always Clear my private data when I close Firefox
I always have this checked and all the options under the associated settings button checked also. doing so returns the browser to a blank slate when you close it. This way even if your machine was broken into the browser cache and settings would be clear (A lot of Trojans, viruses, hackers, go looking in the browsers folder as it can offer a wealth of information if not set to be cleared)
Ask me before clearing private data
This I always uncheck, for me it is just annoying to have the “are you sure” question every time I try to close the browser, and I know I want it cleared.
Now on to the Security Page in the setting:
Warn me when sites try to install add-ons
Best to have this checked and be sure that there are no sites listed under the exceptions that you do not want able to install add-ons (so probably just addons.mozilla.org and update.mozilla.org)
Happily, the next two:
Tell me if the site I’m Visiting is a suspected attack site
Tell me if the site I’m visiting is a suspected forgery
were implemented is a privacy friendly manner and so I’m quite comfortable leaving them checked. I say privacy friendly because Firefox 3 downloads a list of the sites to watch for rather then sending out each URL you enter to a third party for verification.
Remember passwords for sites
Another privacy (and security nightmare). I strongly suggest turning this feature off (unchecking it) and using a secure external password manager such as Revelation or keepass if you are using windows.
Use a master password
I leave this unchecked but ONLY because i never store passwords. If you ever plan to have your browser remember a password for you, I strongly suggest checking this and setting a master password. This will encrypt all the stored passwords. Thus making them a lot harder for someone to retrieve.
this is a wonderful add-on that not only will help you get rid of the annoying banner ads everywhere but it can also block tracking sites. I strongly suggest people install this add-on and then subscribe to the following block lists for it. EasyElement+EasyList, ABP Tracking Filter, Fanboy’s List
I find that this blocks 99.9% of advertisements and a huge number of the tracking sites.
Sadly, it can cause problems with some sites that are poorly written (bounce through 3rd party sites for verification, etc). So some users find it more bothersome then they feel it is worth. I would like to encourage people to take the time and get used to NoScript rather then getting rid of it. I can respect that often people do not have the time or skill to track down why a particular page isn’t working. You can temporarily disable NoScript for such occasions, but I’ve found that people that start going that route tend to start leaving it disables in which case the might as well remove it.
Try it.. Try to stick with it, It really can and will save your computer.
This add-on allows you to set how Firefox reports itself to websites. you can have it tell the website that is is “Internet Explorer 7″, or “Opera”, you can also choose/set what operating system it says you have. This is a good thing for privacy as you can set it to something like “Internet Explorer 7″ on “Windows XP” and blend into the crowd of millions of other using that combination.
As this is getting long I’m going to break this discussion up into several more parts.
In the upcoming posts
Tags: frontporch, Leo LaPorte, nebuad, phorm, podcast, privacy, security, Security Now!, Steve Gibson
This is just a reminder that the second half of Steve Gibson’s coverage of Phorm/Nebuad/Frontporch/etc (Episode #151) is now available here.
I haven’t had a chance to listen to it yet.. but I’m sure it will be a good listen, not just for Techie’s like me but for anyone that is concerned about their privacy and the fact that ISP’s are selling yours out.
Part 1 is Episode #149 for those that missed it.
Leo and Steve Slide a bit heavily into reminiscing about the good old days and other geekspeak. If you want just the Phorm, etc, stuff skip to 1:00:00. The reminiscing is fun for a techie like me but may be a bit drawn out for people just wanting the skinny on what their ISP is doing to their privacy.
Tags: EFF, ISP, neduad, privacy, security
it seems that there has been a small victory on the Privacy front. the U.S. ISP “Charter Communications” has announced that they will end their plan to use NebuAD. For more info see this EFF Blog entry.
It is good to see that the attention of the blogosphere and media, and pressure from consumers was able to start this thing turning around.
Tags: gibson, nebuad, phorm, podcast, privacy, security
episode #149 and the upcoming episode #151 of Security Now! cover Phorm and others. Probably most people that read my blog will already know of this controversy as I have covered it before. I am VERY happy to see Steve Gibson using his reach to get the word out about this growing trend, and to alert people to the threat to their privacy. Way to go Mr. Gibson.
I’ve only heard the first part #149, but given Steve Gibson’s skill at bringing technical issues to the masses I’m sure both Episodes will be worth listening to and directing others to.
Tags: firewall, freeware, passwords, podcast, security, site of the week, Steve Gibson, utilities
This weeks site of the week is an Old favourite of mine for many reasons. It is
even though it may appear at first glance to be a site geared to the Techie crowd, it is actually very useful to the average home users. In particular the “Shields Up” section is in my opinion the de facto standard way to run a quick test of your firewall and router (Yes, I know that more testing is in order for SOHO or other mission critical machines). For the average home user it gives a quick way to see where holes then need to patch are, explains why they should be patched and offers suggestion on how to do so.
There is also a plethora of useful utilities on the site, and the “Security Now” podcast is one of my favourites.
The site is well worth the short few minutes it takes to explore and should IMHO be in everyone’s bookmarks.
Tags: antivirus, free, online, scan, scanner, security, site of the week, virus, virustotal.com
Sorry about this being a little late.. It was a busy weekend.
This weeks site of the week is:
Virustotal is a truly excellent site and free service that lets you submit a file to be scanned by all the major anti-virus scanners. It is fantastic if you get a questionable e-mail attachment or download that you want to check before opening. They allow submission by HTTP, HTTPS, or e-mail.
Having virustotal in your bookmarks is well worth it.