Google’s disingenious DNS offering

December 5, 2009 at 23:00 | Posted in Privacy/Security, Tech, thoughts | Comments Off on Google’s disingenious DNS offering
Tags: , , , ,

I saw an announcement about Goggle offering DNS and wandered over to see what value-added scheme they had come up with. To my surprise at present it is a very vanilla DNS offering. A modern implementation of DNS to be sure but still very vanilla.

Don’t get me wrong. Vanilla is what you want in a DNS. Landing Pages and other “features” are seen as a broken DNS offering by many in the tech field (a good old NX domain will do nicely thank-you).

So, I found myself pondering.. If Google isn’t offering anything new why offer DNS. The answer is simple and obvious. TRACKING.

The moment you log in to a Google property they know who you are and can associate your IP address with your account. Heck if you are the type to click the “Remember me” or “keep me logged-in” buttons you don’t even have to log into a Google property any page with google-analytics can probably read the Google cookie and bang… Google knows your IP address and can tie it to your account.

Now if you go ahead and use their DNS server they can see that the DNS request came from your IP address which they can associate with your account and thus they will know EVERYWHERE you go on the web.

But wait.. there’s more. DNS is used by more than just the browser. They will know what messenger you use and how many hours you ran it for. If you are using a SIP client. What E-mail servers you use. How often you check them. If you are running Skype. What P2P software you use. What software on your system is checking for updates and how often. The list goes on and on.

I have become increasingly leery of Google and their pervasive tracking over the years. For me this is a step to far and shows Google’s real intention to try and track everyone everywhere. (Chromium O/S is just more of this tracking madness).

A while ago I wrote about kicking the Google habit. Now I think it is time for me and anyone that values their privacy to kick Google to the curb. My Gmail account will be set to auto respond to people to inform them of my new Address and after a week or two it will be shut down. I am going to close my Google account permanently and I’m going to file a formal request to have all my info deleted.

I hope that others do the same. It is time to stop the invasion of our lives in the name of profit. I refuse to sell my soul for a few value added treats. You should too.

et tu printer!?!

October 25, 2008 at 11:49 | Posted in Privacy/Security | Comments Off on et tu printer!?!
Tags: , , , , , , ,

Once again I find myself writing about corporations doing an end run around peoples privacy. I’m a big Fan of the EFF and watch their blog. I was a bit shocked yesterday however when they posted an article on how peoples printers are covertly leaving identifying information on everything they print. What kind of identifying information. Oh just things like the serial number of the printer that printed the document, when it was printed and in some cases by whom.

Do these printers come with warnings about the fact that they are violating your privacy? NO!

Are the manufacturers legally obligated to make their printers do this? NO!

Is there a way to turn it off? NO!

Are there laws to prevent law enforcement or governments from misusing this information to your detriment? NO!

Want more information? Rather then re-invent the wheel I’ll just list the relevant EFF pages here:

The EFF Blog entry about the issue

SeeingYellow.com – A site that help you register your dislike (outrage?) at this issue with affected printer manufacturer.

Things you can do to further help EFF study the problem and effect change.

More information

All About WebBugs

October 14, 2008 at 12:03 | Posted in Privacy/Security | 1 Comment
Tags: , , , , , , , , , ,

What is a WebBug anyway?

A webbug or web beacon, pixel tags, tracking bugs, etc are tiny 1×1 pixel images (gif, jpg, png, tif, etc) (and increasingly Flash objects) that companies put into websites or e-mails to track where, when, and by whom they are viewed. On most modern computer screens a single pixel is very hard to see. Even if that weren’t the case 99% of the time these images are transparent so even if you have fantastic eyes you wont see them.

Isn’t this just done by evil hackers/Spammers?

There is a growing trend for large online companies to use these bug/tags to track people. This is partly due to the fact that browsers have gotten better at letting people block older ways of tracking you (cookies, ad banners, etc). So it is the next step in an ongoing techie arms race. Good techies trying to protect your privacy/anonymity. Corporate techies trying to track you so people can make money off of you, or off of people that will pay to know what you are interested in.

A prime example of this is Yahoo’s decision to start using webbugs.

Should I be scared?

Web tracking is nothing new, this is just the next step in the dance. So, being scared is probably over reacting a wee bit. You are perfectly justified in feeling concerned, annoyed, pissed off, righteously indignant, or just plain peeved. Privacy is a right and these folks are dancing around that as best they can.

What can I do?

Unfortunately there isn’t one simple, install this program and it will all go away, type thing you can do. However, this does not mean that there isn’t anything you can do. There are some definite steps you can take to protect your privacy and I’ll cover them briefly here.

E-mail:

I’ll start with e-mail as it is probably one of the easier things to protect from webbuggery. First set your e-mail client to never touch remote/online images. This alone will stop many webbugs in their tracks. If there is such an option consider setting your mail client not to render HTML at all. (this might be a bit drastic for most people). Definitely disable Java, JavaScript, VBScript, etc in e-mails. In this day and age having a scripting language active in your e-mail client is tantamount to leaving your keys in your car with the doors open.

Other things you might want to consider:

Digitally signing all e-mails you send (makes them tamper proof).

Sending mail in text only format (yeah, I know, no smilies.. but safer).

Digitally encrypt all e-mails so they can’t be viewed “in transit”

How to make Browsing safer:

Unfortunately since browsing means loading pictures, blocking webbugs while browsing takes a bit more work. Basically you need a system to block the undesirables. There are many options out there but all take at least some work to set up. One of the easiest is the Adblock Plus extension to the Firefox browser. It makes blocking undesirable elements in a webpage quite easy. The problem is that the webbugs are impossible to see so you have to use the “tools -> page info -> media” function of the browser to locate what elements are 1×1 pixel in size and then block them. Not all 1×1 pixel things are bugs. luckily the bugs are often easy to spot as they will come from a source outside the page you are viewing, or will have a fairly obvious hint in the URL like “adserver.”, “adscript.”, “track”, etc. Adblock Plus also offers free filter subscriptions which it will use to get block lists that have been generated specifically for it. The “ABP Tracking Filter (by rick752)” under miscellanious does a good job on blocking many of these webbugs

This is a bit of a pain in the posterior but once it is done you are pretty good to go. You will still want to check from time to time to make sure that there are not any new ones.

The same approach can be used if you have a router that supports a block list. Just keep adding the nasties to the list and soon you’ll be browsing much more safely. The one drawback to this approach is that some webpages try to use Java/Javascript to load up the ads/webbugs. Having them blocked at the router can sometimes make the page stall while Java tries to get the offending material but can’t reach it.

Other options exist such as Privoxy which is a software proxy that will clean a lot of this stuff up for you. My problem with a solution like this is that although Privoxy is very good at what it does I can’t be sure it’s catching everything I want it to.

The best approach, and the one I use, is a combination of the above. Things that don’t block well at the router I block with Adblock Plus and NoScript. I use Privoxy (and Tor) if I am going some place I am unsure about and definitely wouldn’t want tracking/spamming me.

In the end the decision of what to do about this issues is up to you. It’s your privacy, It’s your choice. Sadly many people feel their privacy isn’t worth the effort it takes to set these filters up.  The things I have talked about here is not a complete list of the options to protect ones privacy. Unfortunately going into all the options would make this document far too long and probably make it classify as a good sleep aid for most people.

Included below are some links for further reading on the subject. Enjoy.

Yahoo’s “Web Beacons”

Privoxy

Tor

Firefox

Adblock Plus

Peer Guardian

GnuPG – e-mail signing/encrypting

WebBug Articles:

http://www.leave-me-alone.com/webbugs.htm

http://www.spywareinfo.com/articles/webbugs/

http://www.securityspace.com/s_survey/data/man.200609/webbug.html

Create a free website or blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: