Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Building Privacy Red Team

Posted by samzenpus on from the first-responders dept.

Trailrunner7 writes "Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy 'red team,' a group of people charged with finding and resolving privacy risks in the company's products. The concept of a red team is one that's been used in security for decades, with small teams of experts trying to break a given software application, get into a network or circumvent a security system as part of a penetration test or a similar engagement. The idea is sometimes applied in the real world as well, in the form of people attempting to gain entry to a secure facility or other restricted area."

5 of 92 comments (clear)

  1. Re:Oh god... make them stop, please. by Anonymous Coward · · Score: 5, Insightful

    There is, you just have to take steps to preserve yours, which most people don't do.

    And the rampant privacy violations that happen by default exist because people don't care about their privacy. If they did, engaging in such practices would put companies out of business. But people actively support this world, where everything they do is tracked. Such drastic measures to preserve privacy would not be necessary if more people cared about not living in a Panopticon.

  2. They are lead by... by Lord_of_the_nerf · · Score: 5, Funny

    ...a grizzled old Google veteran, brought out of retirement. He has a rag-tag team consisting of an arrogant young prodigy, a burnt out developer with a death wish, a hard-as-nails female programmer and a sassy ex-con who learned all his coding on the street.

    They are PRIVACY RED TEAM!

  3. Re:Intentional vs. Unintentional by Anonymous Coward · · Score: 5, Informative

    No, it wasn't intentional. A workaround was intentionally used to make a particular non-tracking cookie work on Safari (it was a simple preference cookie used for user functionality). However, the browser reacted to the workaround by allowing *all* third-party cookies involved, including the DoubleClick cookie. That was unexpected and unintentional. Nobody realized it was going to happen, and the team responsible for the workaround had nothing to do with the advertising cookie.

    Posting anonymously because I work for Google.

  4. Re:Oh god... make them stop, please. by trikes57+ · · Score: 5, Insightful

    I agree, and think Google is on the right track here.

    I suspect they are starting to see the backlash against easily broken security, and are starting to do something about it.

    This is really amazing when you stop and think that they have most to gain by learning all your habits (or at least the "Hate Google First" rabble would have you believe.

    The iCloud meltdown preceded by the never ending follies of facebook probably told Google it was time to test their own stuff rather than wait for the storm to hit home. They are well ahead of the game with two factor authentication. Now if they could just add Zero Knowledge encryption techniques to their Google Drive they could be giving even more assurance they weren't out to market anything more about you than what is already public record.

    I would love to have stuff backed up in the cloud, but as it is, the only cloud I trust is SpiderOak.

  5. Re:Intentional vs. Unintentional by Anonymous Coward · · Score: 5, Informative

    And if you need a reference, read the original analysis that spawned this entire debacle. It makes it very clear that one cookie, "_drt_" (which is fairly innocuous), is the only one that is deliberately set using the workaround. The unintended side-effect is that on future page loads, the "id" cookie (and others) can be directly set (no workaround needed) because Safari considers a domain whitelisted if it has *any* cookies set, and allows all further cookies.