RSSUp Front: Google may take a tiny step toward better security
By Angela Gunn and the Betanews Staff | Published June 17, 2009, 9:00 AM
Certain Web standards have been in place since the mid-1990s, since there was a Web. And certain companies rose to prominence by promoting their use. But when it comes time to evaluate which is more convenient, a few microseconds of delay or private communication in the clear, suddenly it's Google that's hiding behind a wall of public relations. Google's listening to its users now, and yesterday it demonstrated that fact, but why all the fuss about this privacy kick everyone's on?
Google considers defaulting to encrypted connections
Afternoon of Tuesday, June 16 • An open letter sent recently to Google CEO Eric Schmidt signed by 38 high-profile security figures including noted researcher and BT Group CSO Bruce Schneier, urged Google to consider the simple act of using Secure Sockets Layer to encrypt communications between its applications and its servers (Wired has the PDF).
Yesterday, in a post to the Google Online Security Blog indicates the company may experiment with the concept to see if this encryption thing actually works, and if it does, to provide default privacy protection for Gmail, Docs, and Calendar.
"Support for HTTPS is built into every Web browser and is widely used in the finance and health industries to protect consumers' sensitive information. Google even uses HTTPS encryption, enabled by default, to protect customers using Google Voice, Health, AdSense and Adwords," the letter read. "Rather than forcing users of Gmail, Docs and Calendar to "opt-in" to adequate security, Google should make security and privacy the default."
This HTTPS thing could really go somewhere, says Google Engineer Alma Whitten in her blog post yesterday. "We're planning a trial in which we'll move small samples of different types of Gmail users to HTTPS to see what their experience is, and whether it affects the performance of their e-mail. Does it load fast enough? Is it responsive enough? Are there particular regions, or networks, or computer setups that do particularly poorly on HTTPS?"
Google doesn't want to adversely impact anyone's online experience -- perhaps a 0.1% slower connection is not worth the privacy breach. Whitten adds that secure connectivity has always been an option for Gmail users, who are certainly free to opt in. Underscoring that she's proud of her company's security record, she noted in an update that the PhD.s in the letter took a swipe at Google's competitors: "Google is not the only Web 2.0 firm which leaves its customers vulnerable to data theft and account hijacking. Users of Microsoft Hotmail, Yahoo Mail, Facebook, and MySpace are also vulnerable to these attacks. Worst of all, these firms do not offer their customers any form of protection. Google at least offers its tech savvy customers a strong degree of protection from snooping attacks. However, due to the fact that HTTPS protection is disabled by default and only enabled via an obscure configuration option, most regular users are likely to remain vulnerable."
Genachowski FCC hearings a convivial gathering
Morning of Tuesday, June 16 • A sparse but friendly group of Commerce, Science and Transportation Committee members had nothing but love for Julius Genachowski on Tuesday as the Senate prepares for hearings to confirm his appointment as head of the FCC. Most observers expect that process to be concluded by the Independence Day break -- perhaps even today, according to the Washington Post's Cecilia Kang.
PC Week's Roy Mark points out that nine Republican members of the committee were "boycotting" the hearing, leaving just two, Kay Bailey Hutchinson (TX) and Mike Johanns (NE). Mr. Johanns also took the day off after giving a brief statement saying, "If you aren't qualified, then I don't know who is." The Post's Amy Schatz noted that Genachowski, who has served at the FCC in two other administrations, supports using stimulus money to extend broadband service to underserved areas, and does not support resurrecting the "Fairness Doctrine" that some fear would stifle political speech.
Click fraud against Microsoft was a family affair
Monday, June 15 • Erika Morphy at E-Commerce Times reports that when Microsoft filed a civil claim on Monday against a trio of Canadians who allegedly used botnets to mess up advertising revenues for certain sites using Microsoft's ad platform, they didn't have to cast a wide net: The perpetrators are all family. Melanie Suen is the mother of Eric and Gordon Lam, and the three of them are accused of the click fraud, which Microsoft says cost over a million in reimbursements. The company seeks at least $750,000 in damages -- and a legal precedent. Cadie Metz at The Register has a good basic explanation of how this particular fraud worked and how the practice is affecting the industry.
Apple tells Pre users no one in particular it may cut off iTunes integration
From now on, most likely > Apple didn't mention any specific "unsupported third-party digital media players" by name, but commenters around the Web were pretty quick to infer that the company was dropping a hint to Pre Media Sync users with a support bulletin warning that "because software changes over time, newer versions of Apple's iTunes software may no longer provide syncing functionality with non-Apple digital media players."
"Apple designs the hardware and software to provide seamless integration of the iPhone and iPod with iTunes, the iTunes Store, and tens of thousands of apps on the App Store," the warning reads. "Apple is aware that some third-parties claim that their digital media players are able to sync with Apple software. However, Apple does not provide support for, or test for compatibility with, non-Apple digital media players and, because software changes over time, newer versions of Apple's iTunes software may no longer provide syncing functionality with non-Apple digital media players."
PreCentral points out that it's "mighty silly, given that all of the music in the iTunes Store is now DRM-free and Apple has no reason to be kicking people out of their happy little ecosystem." Macworld's Philip Michaels took a different view, saying that Apple has a history of making good on such warnings, and cautioning, "take note, Palm Pre owners -- that next iTunes update could be a doozy."
And CrunchGear notes an odd poll, which apparently indicates that two-thirds of respondents think Apple should have the right to block people from putting music on whatever devices they will. Devin Coldewey has some fun with it: "The willingness of the Apple crowd (and I'm typing this on a Mac so don't start a flame war, kids) to knife themselves in the back is astounding. Apple's products may be the future, but that's only if the fanboys let the future get here in the first place."
Jammie Thomas, day 3
All day today > More trial. More error. See our separate article for a recap of Tuesday's two most wince-inducing moments -- one for each side.
AFTER THE JUMP: Your tax dollars at work...
Google has been pissing me off lately.
First they push the tabs to the side (I know, it's beena while, I'll get over it one of these days), then two of the gadgets I made stop working with some ridiculously cryptic error, but lo and behold, they work *just fine* on the UK version of the homepage...and the tabs are on top. Go figure. This works well for a while...then the gadgets stop working with the same absurdly nonsense error again. Frustrated, I go into the Google Gadget Editor and recreate them with nearly the *exact* same code. Amazingly, they now work...even in the US page. That was a week ago. Yesterday, they stopped working again...but this time, no error; The submit button just no longer works.
Grrrr...
The code works just fine loaded into any browser as an htm file (minus the XML wrapper)... What the hel are they doing over there??
Score: 0
|Guess that's why they keep the Beta tag.. Allows them to make constant changes and great programers like yourself and users like myself just have to live with it. Still better than pretty much everything else out there and you can't beat the ROI:)
Score: 0
|That's what kills me. They keep pulling the rug out from under me but none of the other sites out there come even close to what I need....
Score: 0
|Apple/Mac need to learn that their far inferior software will become the target of lawsuits just like Microsoft has had to deal with. At least we know the EU doesn't care about expensive brushed metal paperweights since they aren't wasting their time forcing them to remove their web browser. Microsoft may be guilty of bad business by making money for their share holders, but they are smart enough to support all sorts of hardware, even those paper weights that look great.
Score: 0
|Heh, never really spotted it wasn't before. Turned on now. A BetaNews article vaguely improving my life in some way: never thought I'd see the day.
Score: 0
|"However, due to the fact that HTTPS protection is disabled by default and only enabled via an obscure configuration option,"
Eh? Settings page, last option. Couldn't really be any easier to get to...
Not saying it *shouldn't* be enabled by default, but why ruin an otherwise decent write up by claiming the option is hard to find when it could hardly be easier?
Score: 1
|Wow, I actually agree with PC_Tool about something
Score: 1
|Don't worry, fatty. It won't change my opinion of you in the least. ;)
Score: 0
|These two are getting along? Oh, drat, I've gone and wandered into the bizarroverse again.
Hey, Whitten's words not Scott's (Scott wrote that segment, not I). I wouldn't say it's terribly hard to get to, but in a world where people still use "password" as their password, requiring them to so much as click a tab to improve their security is like asking your breakfast bacon to reconstitute itself into a pig and fly.
Score: -2
|People being stupid doesn't make an obvious option obscure.
Getting along? Fie!
Score: 0
|"is like asking your breakfast bacon to reconstitute itself into a pig and fly."
Happened this morning. I had to quickly grab my rifle and shoot it down. "Pull!"
Score: 0
|*laughing*
That was great. Good start to the morning. :p Thanks.
Score: 0
|