Google's latest Buzz privacy changes enable possible new exploit

http://www.betanews.com/article/Exclusive-Googles-latest-Buzz-privacy-changes-enable-possible-new-exploit/1266528065
[...]
Though the initial problem with new users inadvertently sharing the 
identities of frequent Gmail contacts with others appears to have been 
addressed, it was in testing the efficacy of the new option for turning 
Buzz off that we discovered another potentially serious problem, which 
can begin with social spoofing, and can lead to the ability to follow 
other users with complete stealth.
[...]
-- 
Sired, Squired, Hired, RETIRED.
0 Retired 2/19/2010 12:23:45 PM 
"no nym"  wrote in message 
news:yk6lfiofk6v6$.vyi9n2559cm7$.dlg@40tude.net...

> All of which tends to confirm my personal suspicions of all things
> Google. Is it still safe to use Google's search engine with cookies
> disabled ? Or have they found a way around that, too ?

They got around that years ago, 127.0.0.1 google/ad/doubleclick
redirects in HOSTS file is also a waste of time, so good luck.

-- 
'Seek and ye shall find'
NT Canuck
0 NT 2/19/2010 2:42:07 PM 
NT Canuck wrote:

> "no nym"  wrote in message
> news:yk6lfiofk6v6$.vyi9n2559cm7$.dlg@40tude.net...
> 
>> All of which tends to confirm my personal suspicions of all things
>> Google. Is it still safe to use Google's search engine with cookies
>> disabled ? Or have they found a way around that, too ?
> 
> They got around that years ago, 127.0.0.1 google/ad/doubleclick
> redirects in HOSTS file is also a waste of time, so good luck.
> 

I place the word google in my netgear routers block site list and not only
does this block normaly google url's it blocks any url that even has the
word goole on it.  

I'm sure google has a ton of url's and ip's that they use for tracking Does
anyone have a decent list.

tim
0 Tim 2/19/2010 7:03:32 PM 
"Tim Ashman"  wrote in message 
news:hlmna0$s6b$1@news.grc.com...

> I place the word google in my netgear routers block site list and not only
> does this block normaly google url's it blocks any url that even has the
> word goole on it.

Google also took over the doubleclick empire, and the adsense
technology allows java type cookies and commands running
inside the systems hidden temp directories. They also farm out
or run numerous affiliated ad farming resources so data would
include or be shared between them. It's quite multi-faceted.

> I'm sure google has a ton of url's and ip's that they use for tracking
> Does anyone have a decent list.

If you use IE then these are mandatory additions these days
plus set browser to ask on both session, 1st, and 3rd party
cookies.

Very concise search engine results here (proxy available);


Use also one of these (for IE) ad/nit blocks;



Plus a cache cleaner (but some residue still hidden);


-- 
'Seek and ye shall find'
NT Canuck
0 NT 2/19/2010 7:20:54 PM 
"Tim Ashman"  wrote in message 
news:hlmna0$s6b$1@news.grc.com...

> I'm sure google has a ton of url's and ip's that they use for tracking 
> Does
> anyone have a decent list.

In 2005, Google became a registered Domain Name vendor.


In 2008, an excel sheet with most of google owned domains (thousands).


Just as FYI, neither activity is unusual for a firm with such a wide
and imposing web presence, after all..it's just another workday.

-- 
'Seek and ye shall find'
NT Canuck
0 NT 2/19/2010 9:50:15 PM 
On Fri, 19 Feb 2010 08:42:07 -0600, "NT Canuck" 
wrote:


>They got around that years ago, 127.0.0.1 google/ad/doubleclick
>redirects in HOSTS file is also a waste of time, so good luck.

WHY would you say the HOSTS file wouldn't work??
0 The 2/20/2010 2:28:32 AM 
"The Other Guy"  wrote in message 
news:g5iun5hakmpt8fc7afuj85o2ntj3ranabh@4ax.com...

> On Fri, 19 Feb 2010 08:42:07 -0600, "NT Canuck" 
> wrote:
>
>>They got around that years ago, 127.0.0.1 google/ad/doubleclick
>>redirects in HOSTS file is also a waste of time, so good luck.
>
> WHY would you say the HOSTS file wouldn't work??

HOSTS was never designed for blocking websites,
one reason is that you can't lock out 60% of the
Internet and expect to see anything. ;) That is one
current guess on google and related area coverage.
You let one cookie from utube, gmail, google, or
one of the adsense...and they scrub you clean.

Then I've already a few dozen posts on cookies
and the assorted 'workarounds' in use where
any .js or similar can do cookie work and more..
and those need not be direct from a google
designated site (adgoogle.com would be designated)
so it's not just a 'stop cookie' or a site/ip block cure.

Remember you are talking about a multi-billion
dollar conglomerate (Google and subsidiaries)
that works 24/7 around the planet...you aren't
going to outsmart_them with a 40 year old HOSTS. ;)

Then there is their level2 internet (internal google LAN)
which already comes close to emulating 20% of the
Internet (goes through google or it's servers) which
is a parallel type of universe (virtual one) totally
under their control so again....think about it.

-- 
'Seek and ye shall find'
NT Canuck
0 NT 2/20/2010 2:53:23 AM 
On Fri, 19 Feb 2010 20:53:23 -0600, "NT Canuck" 
wrote:


>Remember you are talking about a multi-billion
>dollar conglomerate (Google and subsidiaries)
>that works 24/7 around the planet...you aren't
>going to outsmart_them with a 40 year old HOSTS. ;)
>
>Then there is their level2 internet (internal google LAN)
>which already comes close to emulating 20% of the
>Internet (goes through google or it's servers) which
>is a parallel type of universe (virtual one) totally
>under their control so again....think about it.

So you really DON'T know it won't work, 
you're just letting your paranoia run rampant.
0 The 2/20/2010 2:59:52 AM 
"The Other Guy"  wrote in message 
news:s0kun5prtbv5qqamt0nbumj9vfivanm96e@4ax.com...

> So you really DON'T know it won't work,
> you're just letting your paranoia run rampant.

It's in the first 2 paragraphs which you didn't
quote, it's mostly needing a simple scan and
check of the hidden IE temp directories and
the odd packet inspection/trace route. Easy.

Then you can go ahead... try and fail to block
google and relevant cookies with HOSTS, it's
your choice what you do with your time.
I've already posted several times on methods and
results of blocking cookies/Hosts and still finding
data mining active and in effect, so go ahead and
critique or add relevance to those reports/posts.

As for paranoia...I'm not the one all worked up. ;)
I couldn't care less if google scans you or your
life...but someone asked a question and got an
answer, the data and files exist...just go look.

-- 
'Seek and ye shall find'
NT Canuck
0 NT 2/20/2010 3:18:14 AM 
"no nym"  wrote in message 
news:yk6lfiofk6v6$.vyi9n2559cm7$.dlg@40tude.net...

> All of which tends to confirm my personal suspicions of all things
> Google. Is it still safe to use Google's search engine with cookies
> disabled ? Or have they found a way around that, too ?

I should reiterate...the Google search engine with or without
the cookies enabled is not_dangerous, it's just nosy and
makes money off "your captured visitation/ad reading data"
that once was paid more directly to clients (like in surveys).
For some folks that's ok, for business/private units it isn't.

Also there are both some privacy concerns not the least is
allowing this technology to operate gives malefactors a way
(vector/entry point) into your machine (evil cookies/scripts)
by using the same/similar patterns used to place cookies.

Disabling cookies for google and related PLUS some
proxy in use or ad/script blocking tool keeps it clean.
You will have to inspect this yourself somehow to
verify your particular setup/decisions are working
since trusting a gui or tickbox isn't proof of efficacy. ;)

-- 
'Seek and ye shall find'
NT Canuck
0 NT 2/20/2010 3:47:00 AM 
This is why privacy and security minded people avoid anything that has to do 
with Google.
Personally, I see them as a major threat to my personal privacy AND 
security. Call me a fool, I don't mind.
I do not want to have anything to do with google, it's services and/or 
programs.
What people often forget is that we are only at the beginning of this 
development. It will get a lot worst in the (near) future. This is not going 
to stop here, it will continue and new dangers will appear at the horizon.
Anyway, not for me and to me that is all that counts.
BTW, google's search engines have to be avoided as if they were the plaque, 
instead I use Scroogle or Privyo, https ofcourse.

"Retired"  wrote in message 
news:hllvsg$4ab$1@news.grc.com...
> http://www.betanews.com/article/Exclusive-Googles-latest-Buzz-privacy-changes-enable-possible-new-exploit/1266528065
(snipped)
0 G 2/28/2010 12:26:23 PM 
"Retired"  wrote in message 
news:hllvsg$4ab$1@news.grc.com...
> http://www.betanews.com/article/Exclusive-Googles-latest-Buzz-privacy-changes-enable-possible-new-exploit/1266528065
> [...]
> Though the initial problem with new users inadvertently sharing the 
> identities of frequent Gmail contacts with others appears to have been 
> addressed, it was in testing the efficacy of the new option for turning 
> Buzz off that we discovered another potentially serious problem, which can 
> begin with social spoofing, and can lead to the ability to follow other 
> users with complete stealth.
> [...]


Umm...a video says it better. ;)
http://www.youtube.com/watch?v=mvuNEojfDJc&feature=related

-- 
'Seek and ye shall find'
NT Canuck
0 NT 3/1/2010 5:21:20 AM
Reply:

(Thread closed)
Related Posts:
📁 grc.privacy
📃 4590 articles.
⭐ 0 followers.

💬 11 Replies
👁️‍🗨️ 29 Views