Vincent Arnold

Since day 1, I have been concerned with the amount of information user’s of Google are unwittingly allowing them to gather on users’ surfing habits and online activities with the online giant. If you use any of their tools, like Google Desktop or Gmail, whether it’s believed or not, they are gathering information on your activities to support their advertising activities. As they have recently noted, if you use Google to search, they keep your search history for 18 months (now). This period of retention was unspecified until privacy advocates raised significant concerns over the possible misuse of this information by the government.

Now it seems they, which is not surprising, has more holes when accessing their services.

“Google, like any other legitimate service provider, encrypts login traffic, but not your content. So the moment you’re signed in they switch to plain-text communications and send everything to you in the open.

This means your mail, the news sources you read, your calendar events — are all able to be read by someone with access to your network traffic. This could be your employer at work, people monitoring the wireless network you’re using, etc. This isn’t good.”

If you use any service like Google, such as Yahoo, MSN etc. from work for instance, take care with what you say when connecting to these services. Your employer can read every word if they wanted to. I encrypt everything I possibly can, mail, web browsing etc. I won’t connect to the Internet from anywhere unless I can connect to my VPN server which encrypts all traffic. If I could encrypt myself, I would.

Full article and source: Dmiessler.com

This entry was posted on Friday, August 10th, 2007 at 9:28 pm and is filed under Attack Vector.