[Full-disclosure] Google Secure Access or "How to have people download a trojan."
From: Berend-Jan Wever (berendjanwever_at_gmail.com)
Date: Tue, 20 Sep 2005 15:55:54 -0700 To: firstname.lastname@example.org, email@example.com
This is a quite pathetic attempt to install a trojan, let me explain:
1. "Google Secure Access is a downloadable client application that
allows users to establish a more secure WiFi connection."
2. "...your internet traffic will be encrypted, preventing others from
viewing the information you transmit."
So, by "more secure" Google means using encryption to prevent "others" from
sniffing your packets. That's nice! What else does it do? Here's some
1. "Google may log some information from your web page requests ..."
2. "Google also logs a small set of non-personally identifiable
3. "Google will not sell or provide personally identifiable
information to any third parties except ..."
4. "... we may for a limited period of time preserve additional
internet traffic or other information."
Aha! What we have here is trojan spyware! It does exactly what it is
supposed to protect you from.
The second snippet clearly states that this concerns NON-personally
identifiable information... what about the information mentioned in the
first snippet, is that personally identifiable? I guess so; the third
snippet mentions Google selling or providing personally identifiable
information, this must have come from somewhere!
In the third snippet, Google neglects to mention non-personally
identifiable information. What about selling that? I guess they do!
The best thing about the whole policy is the last snippet, which undoes
_everything_ stated before it. Nice one Google!! ;)
shorter, less confusing version:
*Here's some candy, go play!*
Btw. All your base are belong to us.
Berend-Jan Wever <firstname.lastname@example.org>
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/