Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Is Bringing Chrome Remote Desktop App To Android

Posted by timothy on from the we-call-this-the-mom-view dept.

An anonymous reader writes "Google is building a Chrome remote desktop app, which lets you access other computers or another user access your computer over the Internet, for Android. The new addition, called Chromoting, will likely be pushed as a mobile version of the existing Chrome Remote Desktop offering. For those who don't know, the original Chrome Remote Desktop is an extension for Google's browser. It was first released as a beta in October 2011 and could be used to control another one of your own computers as well as a friend's or family member's (usually to help with IT issues)."

104 comments

  1. No Chrome for me thanks by NobleSavage · · Score: 4, Insightful

    I feel dirty using Chrome. It's made by Google and I just assume they are snooping on me. For this reason I stick to Firefox even though Chrome is probably faster.

    1. Re:No Chrome for me thanks by noh8rz8 · · Score: 0

      don't forget Oprah!

      --
      You want to upvote/downvote? Go back to Reddit! Here we mod up/mod down.
    2. Re:No Chrome for me thanks by Jane+Q.+Public · · Score: 2, Informative

      "I feel dirty using Chrome. It's made by Google and I just assume they are snooping on me."

      Join the club.

      "For this reason I stick to Firefox even though Chrome is probably faster."

      Not necessarily. In a recent benchmark, Firefox beat Chrome. But that isn't necessarily also true for the Android versions. Hard to know.

      In any case, there is already TeamViewer for Android, which works nicely with Macs (and presumably Windows as well). I would really prefer one that doesn't use a 3rd party at all; if anybody knows of one I would appreciate hearing about it.

      As for remote file transfer, I highly recommend Total Commander because it works in the classic 2-pane file manager style. Put the remote machine in one pane and your Android in the other, and just copy files back and forth. It's great. Other file managers work remotely too, but that's the only 2-pane solution of which I am aware.

    3. Re:No Chrome for me thanks by hairyfeet · · Score: 1

      While I don't really care for the phone home crap either last I checked the remote chrome thing worked just as good in Comodo Dragon which does NOT have the phone home to Google crap, so its not like you HAVE to take phone home to use this feature.

      that said I tried it and...meh, It doesn't really work as well as remote assistance on Win 7, its kinda laggy, mouse is jerky, and it just wasn't as pleasant to use as remote assistance. Say what you will about MSFT but that feature is a fricking lifesaver, don't know how many times I've had to remote into a customer or family member to fix something in the middle of the night.

      --
      ACs don't waste your time replying, your posts are never seen by me.
    4. Re:No Chrome for me thanks by Anonymous Coward · · Score: 1

      Wow, I wonder if Google has ALREADY given their Buddies over at the NSA a BACKDOOR so we get spied on even more?

    5. Re:No Chrome for me thanks by FPhlyer · · Score: 5, Interesting

      Google owns my digital existence. They read my mail, know every website I visit, record all my voice mails, track who I call and can use GPS to track me to within just a few meters of my location on the planet at any given moment.
      Yet somehow Google's services make me feel like they've actually added value to my life. If Google were a government, I'd feel like Winston Smith. ...I try not to think about it.

      --
      Brought to you by Frobozz Magic Penguin Fodder.
    6. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      > if anybody knows of one I would appreciate hearing about it.

      try x2go: http://www.x2go.org/

    7. Re:No Chrome for me thanks by Anonymous Coward · · Score: 1

      As for me, I'm a rabid, frothing Binger. When doctors were trying to find out why my daughter was severely ill, I used Bing to find the answer. I have Bing to thank for my daughter's life, and I now worship it as a God. I have zero doubt that you'd absolutely adore Bing if you just tried it out.

      Don't believe me? Bing it on, you worthless loser! Only human garbage doesn't use Bing in this day and age!

    8. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      Don't confuse the benefits of easy access to information with the desire of companies to own your life. The two are unrelated.

    9. Re:No Chrome for me thanks by Lennie · · Score: 2

      TeamViewer traffic gets routed through their servers too (unless you are using it on the same network, but you don't control that).

      Keep an eye on WebRTC protocol, they will add screen sharing (not just for your browser, there are libraries for mobile and desktop apps too). Then you are in control.

      --
      New things are always on the horizon
    10. Re:No Chrome for me thanks by Seumas · · Score: 5, Interesting

      Yeah, the idea of letting them access my desktop (or even just potentially capture video of my desktop interactions) is fucking gross. It's sad that we're now in a world where this fear is entirely substantiated and not simple paranoia.

    11. Re:No Chrome for me thanks by thegarbz · · Score: 2, Interesting

      This! You're not going to get modded up here because of the typical group think on Slashdot. But the everything Google must be bad view has gone insane. Given all the services they provide I'll happily part with information so they can feed me ads that I don't click on, or datamine my information to produce better products (traffic in google maps).

      If I'm the product that Google is selling, why the hell do I feel so much like a really grateful customer?

    12. Re:No Chrome for me thanks by Seumas · · Score: 1

      I don't care what it adds to my life. It is still wrong.

      Unfortunately, there's not really a lot of other solutions. Running your own server doesn't solve anything. You think that big-name colos aren't either tapped or obligated to hand over access to your content on servers in their buildings or on their systems? You think your ISP doesn't have access to everything passing over the internet from your end? Even if you use a VPN, there is very little certainty that you are entirely protected at the provider's side to the extent of whatever data they can dish out (not to mention, it is hard to find a VPN service that can handle your full bandwidth -- I use a pretty reputable professional service and it's constantly up and down and fading in and out and can never handle more than maybe 5-8mbps of my 30mbps connection).

      That isn't even considering if they want to specifically target you, as an individual . . . in which case all they have to do is plant something on your system (physical or software) while you're out of your house and capture everything on your end before it hits encryption and transmission.

    13. Re:No Chrome for me thanks by Seumas · · Score: 5, Insightful

      I think you are missing the point. This is 2013 and the concern for Google serving you with targeted ads in return for a service has been superseded by the reality that they are essentially a massive data collection service (directly and systematically or indirectly and by coercion -- but let's not act like there aren't nefarious ties to the government, here) for state.

      It is 2013 and people *long* for the more carefree days of the past when the biggest security/privacy concern was targeted ads.

    14. Re:No Chrome for me thanks by Anonymous Coward · · Score: 4, Insightful

      If anything, for some time, Slashdot has had a everything-Google-must-be-good bias.

      I'm glad that their good-boy image is finally being revised.
      Recent events have shown that while Google may not be worse than other companies in the industry, they're certainly not better.

    15. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      Also , chrome lets the NSA log into your computer.

    16. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      1: Firefox is paid for by Google, too. I prefer to use Seamonkey; the UI doesn't change every version and it's the same code base but even that makes me feel dirty. Otherwise I'd probably be using Oprah or running my browser out of RemoteApp from a VM with Norton Deep Freeze on it.

      2: It's popular these days to do away with the boring and add in a feature everyone loves. Why serve just a hamburger when you can serve an ice-cream sandwich hamburger with pickles and tomato? It used to be everyone wasn't trying to mate monkies with elephants but nowadays it's normal to do so, then you get the marketing team to add in plaid, badly presented marketing that looks great to the unwashed proletariat. I do not need to tell you adding in remote support tools to a browser is a humungous security and usability risk.

      3: Google has lost it's do no evil reputation and now since nobody wants to view web ad's on their devices, they're losing ad revenue too. It's only a matter of time before they pull a Facebook and sell all that user data to another party.

    17. Re:No Chrome for me thanks by rvw · · Score: 1

      TeamViewer traffic gets routed through their servers too (unless you are using it on the same network, but you don't control that).

      I doubt that all traffic goes through their servers. You need to connect to their servers to get the ID working, and the ID is used to connect the computer to the proper IP-address. If you're on a local network, you can use a direct IP-address, and probably you can do the same using port forwarding. But on a local network no connection to the TV servers is needed. So if you setup a VPN, you can avoid this.

    18. Re:No Chrome for me thanks by rvw · · Score: 1

      Teamviewer does the same, fast enough, and supports Ubuntu and OSX. But if you're on Windows only, remoted assistance or desktop is probably better.

    19. Re:No Chrome for me thanks by Anonymous Coward · · Score: 1

      Uhh, VNC? Been using it for years.

    20. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      Windows is the only platform that matters for remote assistance. Linux users have other means for remotely controlling their computers and wouldn't need help. Mac users are too stupid to even know what remote assistance is and would rather take their computer to the "Genius" bar at their local Apple store.

    21. Re:No Chrome for me thanks by thegarbz · · Score: 2, Insightful

      Except that isn't Google's primary business but rather a side effect. Again I struggle to get upset at the data Google collects when every ISP is hording my emails and passing my phone conversations to the government too. At least I get something out of the massive amount of data Google collects. With most other companies I pay for the services, don't get any where near a polished product(s) in return, and yet the government still gets all my details.

      Sure privacy is a problem but lets not be cute and pretend that not using Chrome will actually change anything (although Tor browser may be your best bet).

    22. Re:No Chrome for me thanks by cjjjer · · Score: 1

      The only difference is Google uses the data to profile you so they can show you targeted ads and slowly tell you how to make decisions based on their suggestions. The government uses the data to find people who they perceive as enemy's of the state.

      Lets face it more and more people are becoming sheep by letting companies say dictate what they like by constantly bombarding them with "suggestions".

      The way I see is if I have nothing to hide and my data the government collects is vanilla enough they are going to leave me alone, Google on the other hand will never leave me alone and will always be trying to tempt me to give up all my data and buy into every service so they can profile me even more and suggest more things I don't need in my life regardless if I want/need them. "If you liked this you will probably like that even more" sound familiar?

      My $0.02

    23. Re:No Chrome for me thanks by thegarbz · · Score: 4, Interesting

      Which recent events?

      Recording unencrypted data on public Wifi? Discontinuing some free services? Complying with DCMA takedown requests? I'm still struggling to see how this puts them on par with anyone else in the industry. I mean there are companies out there who are actively at war against open access, others who will pull the plug on customers at the drop of a dime and NOT offer any opportunity to get at your own data. Some companies buy up and destroy competitors for no reason other than less competition, and I can think of a handful of companies who are far worse than Google in regards to privacy and the products they offer consumers while at the same time charging for the privilege of screwing us over.

      So please tell me, just what has Google done that puts them on par with the rest of the industry, because despite everyone being happy that Google supposedly is getting a bad image I have yet to see anything that makes me think that they aren't still the best on the block.

    24. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      If I'm the product that Google is selling, why the hell do I feel so much like a really grateful customer?

      Stockholm Syndrome.
      http://en.wikipedia.org/wiki/Stockholm_syndrome

    25. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      Those aren't recent events. Most likely parent was referring to Google handing over data to government agencies. No better than Apple / Microsoft, though not worse either. (Although Yahoo! did fight those requests a little harder than most.)

    26. Re:No Chrome for me thanks by drinkypoo · · Score: 2

      Not necessarily. In a recent benchmark, Firefox beat Chrome. But that isn't necessarily also true for the Android versions. Hard to know.

      It doesn't actually matter because Chrome for Android is not very good. If it were, then chromebooks wouldn't exist; they'd be Android devices which run Chrome for Android. The poor quality of Chrome for Android is literally the only reason why ChromeOS exists. Unless you think Google wants to maintain two Linux-based operating systems with substantial overlap?

      As for remote file transfer, I highly recommend Total Commander because it works in the classic 2-pane file manager style. Put the remote machine in one pane and your Android in the other, and just copy files back and forth. It's great. Other file managers work remotely too, but that's the only 2-pane solution of which I am aware.

      Why would I care? Run samba server (it's an app) on your device, and copy files to/from it using your PC, or run any file manager on your device, and copy files to/from your PC using it. My phone's kernel has cifs support and I can use cifsmanager to mount shares on my phone directly, then copy data to them, or whatever. Although, I commonly actually use rsync to move data to and from my phone, because it's fucking rsync.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    27. Re:No Chrome for me thanks by BrokenHalo · · Score: 1

      Wow, I wonder if Google has ALREADY given their Buddies over at the NSA a BACKDOOR so we get spied on even more?

      Even more than what?

      I had assumed that by now everybody was aware that all of the major search engines or other online services had backdoors for the NSA or other so-called "security" agencies. Similarly, everybody should now be aware that there is fuck-all you can do about it (other than complain, of course).

      The only things you can protect yourself against (to a large extent) are commercial interests that (for now, at least) don't have access to the pipes available to governments.

      From this point of view, it doesn't really matter much what browser you choose, whether it be chrome/chromium/iron or firefox or whatever. With judicious use of adblock and hosts blocking, you can disable the worst of the commercial intrusions, but you can never escape (without really good end-to-end encryption) surveillance from the people who monitor the wires or fibres.

      The best we can do is escape their notice, either by being boring (pet cats/dogs etc) or by having EVERYBODY flood every single message with keywords like Jihad, Bomb, US Satan, Kill Infidel...

      Excuse me for a moment, I seem to have some gentlemen with curly wires hanging from their ears banging on my front do

      NO CARRIER

    28. Re:No Chrome for me thanks by thetoadwarrior · · Score: 1

      Not really, Firefox performance is much better. Chrome stagnated because there is only so much you can do to improve JS.

    29. Re:No Chrome for me thanks by BrokenHalo · · Score: 1

      Recent events have shown that while Google may not be worse than other companies in the industry, they're certainly not better.

      Agreed. But if anyone really cares about the data that Google collects on them, there are quite a few steps that can be taken to limit or eliminate them.

      Or, of course, there is the option to simply not use any of Google's services.

    30. Re:No Chrome for me thanks by Impy+the+Impiuos+Imp · · Score: 1

      This.

      Just another massive pipeline of everything you do the NSA can spy on without a warrant. Oh, in many cases, but not all, "they're supposed to", but if the tech doesn't force them to with incorruptible logging of activities and multiple alarms going off, well...you know...

      Any politician would be a fool to use something like this.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    31. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      This. And as soon as anyone brings this up, frothing Google fanboys explain how we're being paranoid idiots.

    32. Re: No Chrome for me thanks by Anonymous Coward · · Score: 0

      Oh come on! You don't want to give google all of the admin passwords to your machines?

    33. Re:No Chrome for me thanks by farble1670 · · Score: 2

      If it were, then chromebooks wouldn't exist; they'd be Android devices which run Chrome for Android.

      you don't understand chromebooks. they exist to provide a zero-maintenance cloud-only (mostly) device. android isn't that since it has local installs and "native" applications.

    34. Re:No Chrome for me thanks by farble1670 · · Score: 1

      Lets face it more and more people are becoming sheep by letting companies say dictate what they like by constantly bombarding them with "suggestions".

      welcome to the Real World, where people don't just give you billion dollar a year services for free. exercise your free will to either participate in the data collection + free service realm, or private + pay realm.

      google ads are generally unobtrusive enough to not block me from doing what i want. sure, i still see them and they most likely have a subconscious effect. the same effect that radio, TV, billboard, and print ads have on me. the same affect advertising has had on people from the day someone thought of it.

    35. Re:No Chrome for me thanks by Anne+Thwacks · · Score: 1
      if anyone really cares about the data that Google collects on them, there are quite a few steps that can be taken to limit or eliminate them.

      Starting with a move to a remote desert island with no electricity, food or water! Further steps may need to be taken thereafter, but if I told you, I would have to kill you!

      --
      Sent from my ASR33 using ASCII
    36. Re:No Chrome for me thanks by Anne+Thwacks · · Score: 1
      The government uses the data to find people who they perceive as enemy's of the state.

      And then accidentally loses it.

      The way I see is if I have nothing to hide and my data the government collects is vanilla enough they are going to leave me alone

      You must be new to this planet.

      --
      Sent from my ASR33 using ASCII
    37. Re:No Chrome for me thanks by arisvega · · Score: 1

      It's made by Google and I just assume they are snooping on me.

      Fair assumption, I believe. They do snoop on all their other stuff, why not on this one as well.

      --
      The three laws of thermodynamics:(1) You can't win. (2) You can't break even. (3) You can't even quit.
    38. Re:No Chrome for me thanks by Jane+Q.+Public · · Score: 1

      "TeamViewer traffic gets routed through their servers too (unless you are using it on the same network, but you don't control that)."

      That may be true; but the point is that it doesn't go through GOOGLE servers.

    39. Re:No Chrome for me thanks by Jane+Q.+Public · · Score: 1

      "Why would I care? Run samba server (it's an app) on your device, and copy files to/from it using your PC, or run any file manager on your device, and copy files to/from your PC using it."

      I was referring to file transfer controlled by the mobile device. And I don't particularly want to run Samba Server on my dev machine.

    40. Re:No Chrome for me thanks by hairyfeet · · Score: 1

      Riiight, because Linux doesn't have problems which is why it did so well on netbooks, but that is to be expected with Linux having such a well thought out roadmap. Of course to have remote assistance you'd have to have functional hardware acceleration but who needs that, right? Why Linux is so secure and so much more stable than Windows why even needing that feature is unthinkable!

      --
      ACs don't waste your time replying, your posts are never seen by me.
    41. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      Except your ISP can do less and less as more data is encrypted. It used to be that e-mail was sent in the clear. Now SSL wrappers are quite common (I say that mostly because they are on by default for GMail). Your phone conversations are in the clear, but your ISP only sees your VOIP conversations, which, at least for Skype, are encrypted (Skype can listen in, but your ISP can't). Of course, your ISP can still see what websites you visit... but they only get the domain name for HTTPS websites, not the full address. I'd hope that Google has the security sense to not have Chrome send them full addresses for HTTPS websites, so I guess Google and your ISP get the same info there (assuming you don't use TOR).

    42. Re: No Chrome for me thanks by Anonymous Coward · · Score: 0

      What bullshit! The mods in this place are a joke.
      Let this be the FIRST post in this entire thread with any form of FACT.

      https://www.eff.org/who-has-your-back-2013

      You think Google is as bad as the rest? Google is now evil? Also, check the year before.

      Dear mods, please mod this as -1 because it appears that anything in this thread with a score of 3+ is unsubstantiated, uninformed, propagandist horse-shit. I don't want this post tainted. Either that or lift your fucking game!!!

    43. Re:No Chrome for me thanks by Zenin · · Score: 1

      Not necessarily. In a recent benchmark, Firefox beat Chrome.

      Then I've no idea what they were benchmarking.

      Chrome is at least an order of magnitude faster the Firefox in nearly everything. At least in real time (which is all that actually matters). It doesn't take "benchmarks" to see clearly how snappy Chrome is and how much of a total dog Firefox has become.

      Granted, it's probably the JavaScript engine more then anything else. But on today's web, JavaScript is where 90% of sites spend 90% of their time. And Chrome's JS engine is miles ahead of Firefox in performance.

      And god forbid you fire up Firebug these days as a developer...it'll take even the most tricked out machines to their knees in a second. Conversely you can run with Chrome's (far superior) debugger running and not even feel it.

      --
      My /. uid is better then your /. uid
    44. Re:No Chrome for me thanks by couchslug · · Score: 1

      I feel dirty using the Internet.

      I know everyone who CAN snoop on me does.

      --
      "This post is an artistic work of fiction and falsehood. Only a fool would take anything posted here as fact."
    45. Re:No Chrome for me thanks by drinkypoo · · Score: 1

      you don't understand chromebooks. they exist to provide a zero-maintenance cloud-only (mostly) device. android isn't that since it has local installs and "native" applications.

      You don't understand Chromebooks, or Android. Like Android, Chromebooks run a stripped-down Linux distribution designed for simplicity. If Chrome for Android were worth a crap, and if you had Android boot right into it and didn't give any options to get out of it, then it would be like a Chromebook in every way that mattered; all the rest would be details.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    46. Re:No Chrome for me thanks by manu0601 · · Score: 1

      Not necessarily. In a recent benchmark, Firefox beat Chrome.

      Then I've no idea what they were benchmarking.

      Latest versions?

    47. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      You should know that reading unencrypted wifi data is illegal. You also cannot use a scanner to listen to phone calls on older cordless phones. Under federal law, ALL electronic communications are considered private, so please don't defend them for breaking the law, even though they didn't get punished.

      Some people care about privacy and think what they are doing is really fucking creepy. Unfortunately, they track us even if we don't use their services because most sites ping back to google-analytics.com.

    48. Re:No Chrome for me thanks by Seumas · · Score: 1

      On the whole, I think Slashdot has been pretty fair in treatment of Slashdot. Coming up, they were beacons of genius and outliers and open source and pushing the envelope and they were the go-to choice for geeks. Slashdot's community even supported Google pretty far into their shift to "doing evil". The sentiment didn't really seem to change around here until they had crossed the line and made it clear they weren't ever going back.

    49. Re:No Chrome for me thanks by farble1670 · · Score: 1

      If Chrome for Android were worth a crap, and if you had Android boot right into it and didn't give any options to get out of it, then it would be like a Chromebook in every way that mattered; all the rest would be details.

      so this is your plan? take linux, patch the heck out of it to support the android platform, then throw hundreds of megabytes of code and services on top of it provide the android platform to allow execution of android apps ... then don't use any of it because you are booting straight into chrome. if only you had worked for google and could have shown them the error of their ways.

    50. Re:No Chrome for me thanks by drinkypoo · · Score: 1

      so this is your plan? take linux, patch the heck out of it to support the android platform, then throw hundreds of megabytes of code and services on top of it provide the android platform to allow execution of android apps ... then don't use any of it because you are booting straight into chrome.

      "Then don't use any of it" is a colossally stupid way to describe what would be happening there. You'd still be using all of it. "Patch [blah blah blah]" is also a traumatically stupid thing to say, because they have already done this. That's the whole point of my comment. They don't need to create and maintain Linux all over again, because they are already doing that, and it is called Android. Android does everything ChromeOS does, except run a decent version of Chrome, but ChromeOS doesn't do everything Android does. That's why it would make sense to drop ChromeOS, if Chrome for Android were half as good as normal Chrome. But it isn't.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    51. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      SSH? X11? Do you even know what the fuck you are talking about?

      Of course not. You're a Microsoft shill and the limit of your computing experience is Windows.

    52. Re:No Chrome for me thanks by farble1670 · · Score: 1

      my friend, i would recommend you go read a book. you don't understand how android is put together.
      http://shop.oreilly.com/product/0636920021094.do

      "Patch [blah blah blah]" is also a traumatically stupid thing to say, because they have already done this.

      let me try to explain this to you. android is linux + linux patches + the android plafform. the linux patches are largely, but not entirely there to support running the android platform. so saying you want to run chrome (desktop) on android doesn't make sense. it means you are,

      1) running it on top of a linux that has irrelevant and probably detrimental patches.

      2) running the entire android platform for no reason since you aren't running android apps.

      at the very least, running chrome (desktop) on android means wasting memory and resources. at worst it means opening up the system to attack vectors for no benefit. if you all you are going to do is boot into chrome then you want the minimal linux that will allow that and to strip away everything else. that's why you have chromeos.

    53. Re:No Chrome for me thanks by Anonymous Coward · · Score: 0

      It's only the TTP for the key exchange, and if you're extra special you can get those hosted yourself.

  2. I feel this makes Chrome a security issue by mysidia · · Score: 1

    Google may provide a group policy option to disable the chromoting function.... But who is to say an attacker or misbehaving user doesn't later find a bug to turn it back on or circumvent the disablement?

    1. Re:I feel this makes Chrome a security issue by farble1670 · · Score: 1

      But who is to say an attacker or misbehaving user doesn't later find a bug to turn it back on or circumvent the disablement?

      you have to install a native binary to use chrome remote desktop. if an attacker can install arbitrary binaries on your device and twiddle arbitrary application settings, then you have bigger problems.

    2. Re:I feel this makes Chrome a security issue by Blue+Stone · · Score: 1

      Just define "attacker" as the NSA, and you can remove all doubts that this function will be exploited.

      --
      Corporation, n. An ingenious device for obtaining individual profit without individual responsibility. - Ambrose Bierce
  3. Bad name by Anonymous Coward · · Score: 2, Funny

    I would have gone with Chroaming personally.

  4. Google's hatred of security and privacy by Morgaine · · Score: 4, Interesting

    Client-side Javascript is already a security disaster because the unvetted JS code bypasses your perimeter defenses (firewall and proxies) and executes deep inside your privacy domain. And it's not only unvetted code but also unvettable, because it changes with every page.

    15 years ago, everyone knew that only the clueless download untrusted 3rd party executable code and run it. Now with JS, all that sensible security advice has been forgotten, and everyone is required to behave clueless with their security. (Software sandboxes are no solution, because all non-trivial software like JS and the browser is riddled with bugs, this is inescapable with large software systems.) Add-ons like NoScript and Ghostery help control it a little, but technically unaware people can't be expected to use them, and more and more websites don't work at all without JS.

    And now, Google wants to make it especially easy for remote 3rd parties to access other people's desktops, as if JS didn't make it easy enough already (just ask any security pen-tester). It adds to the already hopeless security in Android, where users are disallowed from blocking the wide access typically demanded by an app on installation. Google doesn't want you to be in control.

    The whole Google scene is a security disaster by design. It beats me how a company with so many PhDs can be so cavalier with people's security and hostile to their privacy.

    --
    "The question of whether machines can think is no more interesting than [] whether submarines can swim" - Dijkstra
    1. Re:Google's hatred of security and privacy by Anonymous Coward · · Score: 1

      How's your lawn?

    2. Re:Google's hatred of security and privacy by Anonymous Coward · · Score: 0

      My lawn doesn't run client-side Javascript, so it's secure for now.

    3. Re:Google's hatred of security and privacy by fpoling · · Score: 4, Interesting

      It is not the external code that is harmful, it is what external untrusted data could do to your system when you access them is important. Bug in HTML or CSS parser or a layout engine can just as well lead to arbitrary code execution as a bug in JS implementation. As the complexity of HTML/CSS/layout is comparable if not bigger than that of JS engines switching off JS brings you just a false sense of security.

    4. Re:Google's hatred of security and privacy by Lennie · · Score: 2

      When was the last time you've seen an exploit only written in Javascript only (not abuse plugins and so on) that would own a computer in the wild on an up to date browser ?

      --
      New things are always on the horizon
    5. Re:Google's hatred of security and privacy by thegarbz · · Score: 5, Interesting

      Erm I am running unvetted code all the time. Right now there's gigs of unvetted code in my memory. Heck even your typical linux users will have unvetted code in the form of binary blobs for various drivers, maybe even software packages, not to mention the computer BIOS.

      Some how I find it hard to get up in arms about a bit of javascript knowing that it's scope is limited, it is sandboxed, and that it pales in comparison to the security nightmare which is 3rd party applications I am using constantly, most of which have some internet facing element or are riddled with exploitable bugs of their own.

      As much as bashing on Google is the in thing to do, the product being discussed is 2 years old, they are just releasing an Android client for it. The world didn't implode when it was released, and I haven't heard of the plugin being exploited in any way either. And users being disallowed from blocking access to Android apps? Well with the 1000s of apps that do the same thing on the market, why not just download the ones with sensible security requirements? When a fart app needs access to my contact list it doesn't get installed, no security risk. And for shit like Angry birds which plays full screen video ads, that's easily defeated by a single keypress which disables data traffic on my phone. I'm unlikely to be browsing the net while playing angry birds anyway.

      They are being cavalier with security partially because people don't care, and partially because security problems are usually blown way out of proportion.

    6. Re:Google's hatred of security and privacy by Anonymous Coward · · Score: 1

      Javascript is Turing-complete, so validation would require infinite time. Layout (and media) formats are not Turing-complete, and hence can in principle be validated --- usually this is trivial. More importantly though, you could ignore layout and still see the data, whereas ignoring the Javascript often means that the site is no longer operational, and sometimes not even visible.

      The difference between code and layout is huge.

    7. Re:Google's hatred of security and privacy by Anonymous Coward · · Score: 1

      You must not be running Google Grass then, every single blade of grass has a sensor and a 3G connection so that, you known instantly who's on your lawn! It even comes with a Google Plus plugin that posts exactly which blades of grass are being stood on.

    8. Re:Google's hatred of security and privacy by Anonymous Coward · · Score: 1

      Erm I am running unvetted code all the time. Right now there's gigs of unvetted code in my memory. Heck even your typical linux users will have unvetted code in the form of binary blobs for various drivers, maybe even software packages, not to mention the computer BIOS.

      All of those items of code are vetted, if not by you then by others. This is because they do not change all the time, but have versions numbers and can be tied down to a specific file, and that file can be analyzed. When people find a problem with a specific file they post security notices against it, and so people know which are good and which are bad. This is vetting, even if you are not doing it yourself.

      And this vetting cannot be done against per-page client-side Javascript, which can change even from one access to the next and be different for different people.

      With regard to Linux, every single file is available for inspection and the vast majority are open source so a million eyeballs are examining them. This is very strong vetting.

      Some how I find it hard to get up in arms about a bit of javascript knowing that it's scope is limited, it is sandboxed,

      Well I can't help you with your complacency, but I do suggest that you might want to re-examine the issue. The scope of a Javascript program is not limited (it's a Turing-complete language after all), and software sandboxes + browsers are riddled with holes, so your sense of security is severely misplaced.

      As much as bashing on Google is the in thing to do

      This article happened to be about Google, but the comments apply equally to any organization that heavily promotes client-side JS and doesn't respect user security and privacy. Microsoft and Apple are just as bad. And JS is used universally, so the problem is not limited to megacorps.

      the product being discussed is 2 years old, they are just releasing an Android client for it. The world didn't implode when it was released, and I haven't heard of the plugin being exploited in any way either.

      The world doesn't implode when security problems are introduced. Organized crime just rubs its hands in glee and continues compromising systems, grabbing people's credentials, sipping at people's bank accounts, and occasionally sucking them dry. This is happening daily, continually, and on a massive scale. It's very big business.

      And users being disallowed from blocking access to Android apps? Well with the 1000s of apps that do the same thing on the market, why not just download the ones with sensible security requirements?

      This isn't about which apps have sensible security requirements and which don't. It's about the user being in control of ALL APPS that she installs, and that means being able to disallow their access even when they requested it. (The corresponding function would then fail to do what it wanted to do, for example phone home, which is exactly as required.)

      The latter is especially important. Users should not only be able to block network access, but also monitor where it goes, and use whitelists or firewall rules to restrict it if they wish. That's the meaning of "keep user in control". Currently Android puts the app developers in control, not the users.

      They are being cavalier with security partially because people don't care,

      You're right there. Some of the complacency is through lack of knowledge, and some people just genuinely don't care.

      and partially because security problems are usually blown way out of proportion.

      Maybe. But the dangers of client-side JS bypassing a site's perimeter defenses are very real, and this can be considered "no problem" only by those who have nothing they wish to protect. There is no point in security for those who have nothing to secure.

    9. Re:Google's hatred of security and privacy by shikaisi · · Score: 3, Funny

      You must not be running Google Grass then, every single blade of grass has a sensor and a 3G connection so that, you known instantly who's on your lawn! It even comes with a Google Plus plugin that posts exactly which blades of grass are being stood on.

      Thanks for putting me straight. I thought Google Grass was the Japanese language release of their wearable computing product.

      --
      No left turn unstoned.
    10. Re:Google's hatred of security and privacy by Anonymous Coward · · Score: 0

      Yesterday.

    11. Re:Google's hatred of security and privacy by Anonymous Coward · · Score: 0

      Here's a big one: www.google.com

    12. Re:Google's hatred of security and privacy by drinkypoo · · Score: 1

      Erm I am running unvetted code all the time.

      Right, but two reloads of the same webpage might actually deliver you different code, and if you don't run with noscript then that code can be coming from all over the internet, and not just from the site you thought you were visiting, due to the miracle of ad networks — which have been used to deliver malware time and again. Whereas if I run the same program twice on my desktop, it's the same program both times.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    13. Re:Google's hatred of security and privacy by farble1670 · · Score: 1

      The whole Google scene is a security disaster by design. It beats me how a company with so many PhDs can be so cavalier with people's security and hostile to their privacy.

      yeah, great point. let's go back to having all pages rendered on the server and sent as static documents back to the client. while we are at it, let's get rid of any system that runs code locally on your device ... sandbox or not.

      while we are at it, let's blame google for all operating systems and environments that do anything other than the above.

      yep, sounds like you have a good grip on the solution alright.

    14. Re:Google's hatred of security and privacy by farble1670 · · Score: 1

      Whereas if I run the same program twice on my desktop, it's the same program both times.

      that's a bad assumption. what's stopping the desktop app from connecting to the internet and downloading code and executing it? answer: nothing.

      there's nothing special about your browser. it's just a native application. anyone can write a native application that doesn't the same thing.

    15. Re:Google's hatred of security and privacy by Anonymous Coward · · Score: 0

      Javascript is Turing-complete, so validation would require infinite time.

      This is false.

      Properties of Turing-complete languages can be verified in finite time. The catch is that to do so, you must reject some valid programs. For example, think about a typed programming language like Java: if you take a correct program and change a type annotation to "Object", the program is still "correct" in some sense, but will fail to compile. In that sense, the type-annotations constitute a kind of proof to the compiler that the code is type-correct and therefore satisfies certain safety properties (e.g. all method calls are on objects that support that method or on a null reference, which, in compiled code, may be equivalent to not treating some user data value as a function pointer which could allow arbitrary code execution).

      There is absolutely no reason why a Javascript implementation cannot be made safe (in the sense of not executing arbitrary code; you can't prevent it from crashing because, as you said, it's Turing-complete so it might have infinite loops). For example, the Quark research project builds upon WebKit but uses more sandboxing than modern browsers to give much stronger guarantees about what websites can and can't do. Of course, that relies on the OS kernel's sandbox being correct, but those are much, much simpler than Javascript sandboxes, so that is a pretty safe (and even possibly formally verifiable) assumption.

    16. Re:Google's hatred of security and privacy by Anonymous Coward · · Score: 0

      yeah, great point. let's go back to having all pages rendered on the server and sent as static documents back to the client.

      Indeed. Not only would that be much more secure because there is no unvetted 3rd party code running inside your security perimeter, but the web also runs much faster when done that way.

      while we are at it, let's get rid of any system that runs code locally on your device ... sandbox or not.

      That's not what the parent suggested. It's your own stupid suggestion, and used as a straw man when you knock it down.

      while we are at it, let's blame google for all operating systems and environments that do anything other than the above.

      That's not what the parent suggested. It's your own stupid suggestion, and used as a straw man when you knock it down.

      yep, sounds like you have a good grip on the solution alright.

      None of your strawmen in any way countered what was written.

    17. Re:Google's hatred of security and privacy by farble1670 · · Score: 1

      strawmen, strawman ... strawman? strawman!

      Indeed. Not only would that be much more secure because there is no unvetted 3rd party code running inside your security perimeter, but the web also runs much faster when done that way.

      there's a balance between usability and security. going too far one way or the other doesn't work. the world seems to be benefiting from the way the web works, don't you think?

      and no, transmitting the entire user interface and data model of an application on each interaction with the application is (obviously) not faster.

  5. Hm by Shemmie · · Score: 5, Insightful

    Am I the only one who's gone from 'oooo, that's cool!' to 'I'm not sure I feel comfortable with that' with a lot of new technology from 'the big guys' recently?

    Google own my life. And by extension, my Government, other Governments, security agencies, and many corporate interests own my life.

    I've known this forever (and tried not to think about it too much), but with recent disclosures, it's really brought it all home.

    All tech I look at now I'm finally asking "So... what data does that give you access to?". It's taking time to figure out a migration path for all my current solutions, but I'm slowly trying to find a route where I'm in control of my data. I know that this probably makes me an idiot, and those that were always privacy concious can laugh - but meh, it's better late than never to come to this realization that I can't trust any third party. Isn't it?

    1. Re:Hm by Demanufacturer · · Score: 1

      Yep, I'm in the exact same boat.

    2. Re:Hm by Seumas · · Score: 1

      If you ever find a solution that still involves the internet, but doesn't have obvious weak points (website, colo, service provider, vpn provider, etc) you should let us know. Unfortunately, I see absolutely no practical solution for privacy. Like free speech, privacy is something that you only have the benefit of as long as the state lets you have the benefit of it.

    3. Re:Hm by skegg · · Score: 2

      All tech I look at now I'm finally asking "So... what data does that give you access to?"

      Bud, you're definitely not alone.

      Large corporations will conduct due diligence before committing to a course of action.
      I'm glad some of this mindset is starting to pervade ordinary consumers. (Though still a very small percentage of consumers.)

    4. Re:Hm by Anonymous Coward · · Score: 1

      If you're not running code you wrote yourself on hardware you built yourself running firmware you wrote yourself, which in turn is not communicating in any way except with other machines like this, you're just whipping yourself into a frothy paranoid mess pointlessly.

    5. Re:Hm by Anonymous Coward · · Score: 2, Insightful

      If you're not running code you wrote yourself on hardware you built yourself running firmware you wrote yourself, which in turn is not communicating in any way except with other machines like this, you're just whipping yourself into a frothy paranoid mess pointlessly.

      A condom is not 100% safe, that doesn't make it meaningless to use a condom. Extreme black or white thinking like you outline is just giving up, instead of making informed choices along the range of risk/reward options that you have. Of course you can greatly influence your exposure to risk (security or privacy wise) without going to the extremes you describe.

    6. Re:Hm by thegarbz · · Score: 2

      I've known this forever (and tried not to think about it too much), but with recent disclosures, it's really brought it all home.

      Slightly off topic but recent disclosures have driven a different point home to me, that I'm just a number in a horrendously massive database. I was less comfortable when privacy attacks were specific such as warrantless GPS tracking. But now we are in a situation where the governments know everything there is to know about everyone, and by extension they have shown time and time again to be unable to do anything even remotely useful with their information.

      The troubling thing is that most terrorists in recent times have been known to their governments and to the US government. In some cases people actively warned the US government about them and they still weren't stopped. In the recent Boston bombing the terrorists were caught on several CCTV cameras yet could not be identified.

      I'm happy to know my private information is in the hands of people who have shown to be too incompetent to do anything nefarious with it.

    7. Re:Hm by Richy_T · · Score: 2

      The problem isn't so much that they have a big bunch of data but that then rather than have a crime and find the perpetrator, they can now pick a person who they don't like and find a crime or other embarrassing data to fit them.

      You can argue that people shouldn't be doing things if they don't want to have them show up later. However, firstly, there are so many laws that most of us are committing a few every day, often without knowing. Secondly, what kind of world is it going to be if only the completely pure can go up against the status quo?

  6. Avoid using anything from Google by Anonymous Coward · · Score: 0

    Please avoid using anything from Google. I have considerably reduced my usage of gmail, google drive, and my android tablet. Also, I have decided not to purchase any android-based phone or for that matter any phone from MS, Apple etc.

    These companies cannot be trusted. Please DO NOT give them additional access to your computer, phone etc. They already know too much.

    1. Re: Avoid using anything from Google by Anonymous Coward · · Score: 0

      Oh, so you're a blackberry fanboy?

    2. Re:Avoid using anything from Google by Trax3001BBS · · Score: 1

      Please avoid using anything from Google. I have considerably reduced my usage of gmail, google drive, and my android tablet .... Please DO NOT give them additional access to your computer, phone etc. They already know too much.

      For Windows, Chrome has a service to keep Chrome updated, I've always disabled the ability for it to phone home and install anything at anytime and don't run Chrome anymore because of it.

      FireFox has started the same thing, the service is called "Mozilla Maintenance Service" which I've disabled. I use FireFox for BattleField 3 only, Opera is my browser of choice.

      As a rule I disable the updating of any program, flash tells me when an update is available, Java updates I catch as they are mentioned, and Windows updates I wait to see how many computers are taken down first.

      Google is still my search engine, http://www.dogpile.com/ used to have a neat page called SearchSpy where you could watch what people were searching for in real time, you learn a lot watching that and more aware.

  7. Came here to ask what this actually was... by Anonymous Coward · · Score: 0

    ...got a bunch of neckbeards bitching about privacy. You don't have any, even if Google wanted to give it to you, the US government made sure of that. Stop blaming fucking Google.

  8. In Your Dreams by some+old+guy · · Score: 2, Insightful

    Google really thinks I'm going to give a security sieve like Android mobile (or any phone for that matter) RPC/RDP permissions of any kind? Knowing that an Android can be "rooted" by Google, the carrier, a mildy capable script kiddy,or the government at any time?

    Fat fucking chance. The air wall between my phone and my desk stays up.

    --
    Scruting the inscrutable for over 50 years.
    1. Re:In Your Dreams by Richy_T · · Score: 1

      This is why I've avoided using it on my Chromebook. I've accepted that the Chromebook itself may be compromised but damned if I'll install Google's spy software on my main PC. Just waiting for VNC to become available for the Sammy...

    2. Re:In Your Dreams by Anonymous Coward · · Score: 0

      A chromebook with the secure shell chrome app is quite nice for remote access.

    3. Re:In Your Dreams by Richy_T · · Score: 1

      It comes with SSH built in but and I use that a lot. The app is nice for having the shell in a window and not in a browser tab though (ctrl-w is surprisingly useful sometimes)

  9. VNC by Anonymous Coward · · Score: 0

    How about "no and fuck you"?

    I'll stick with using VNC from my tablets, laptops, PCs and everything else.

    My modded, ripped to pieces (in software terms) tablet at that.

  10. X?? by ja · · Score: 1

    Actually, the lack of a decent Xserver is what makes Androids so totally unusable to me - but I suppose, since it could be useful, that that's not what they are up to.

    --

    send + more == money? ...
  11. Not a fair comparison by nurb432 · · Score: 2

    Google watching your stuff as 'payment' for their services is not the same as the government watching you, as payment for being a citizen.

    One is a choice.

    --
    ---- Booth was a patriot ----
    1. Re:Not a fair comparison by tlhIngan · · Score: 1

      Google watching your stuff as 'payment' for their services is not the same as the government watching you, as payment for being a citizen.

      One is a choice.

      Both are choices - if you don't like what your government does, immigrate. Of course, just like there's not necessarily a browser that fits your needs, there may not be a country that fits your needs either.

      Of course, Google spying through the browser and many interconnected websites and ad networks (Google has what, 99% of the online ad market? Even all those popups and popunders and such). Just like countries may spy on the behalf of others.

    2. Re:Not a fair comparison by nurb432 · · Score: 1

      Since *every* government spies on its citizens, i don't think your suggestion 'if you don't like it go somewhere else' is an actual option.

      Choosing another browser is an actual choice.

      Now, if you want to toss in 'meets my needs', well you are still talking choice. You don't *need* a browser, but you do need a place to live.

      --
      ---- Booth was a patriot ----
  12. Its about time by nurb432 · · Score: 1

    You would think that Google's stuff would be first available on their own platform...

    --
    ---- Booth was a patriot ----
  13. There are already VNC clients for Android by Picass0 · · Score: 1

    I run x11vnc on my Linux desktop and connect remote using androidVNC. Neither are likely to phone home to Google.

  14. Who actually said Google was supplying the NSA? by Pricetx · · Score: 1

    Sorry in advance if I missed some crucial piece of information relating to this in the last few weeks.

    At what point exactly did we determine that Google was giving ANY information to the NSA of their own accord? (ignoring DMCAs and the like, as I don't think that's the NSAs job).

    The whole point of PRISM is that it splits the light signal from fibre optic cables on the internet backbone, which is NOT under Google's control.

    As far as we know, when Google announced it had never heard of PRISM before, when it first went public, they could have been telling the truth, as Google would theoretically have no way if telling if something like this was happening outside of their jurisdiction.

  15. Re-inventing the wheel by Anonymous Coward · · Score: 0

    This already exists (and works perfectly, I've used it). Why does google feel the need to re-create it? Or are they simply just buying out the company who already created it? https://chrome.google.com/webstore/detail/chrome-remote-desktop/gbchcmhmhahfdphkhkmpfmihenigjmpp?hl=en

  16. Speed means nothing .... by Anonymous Coward · · Score: 0

    ... when the websites fail to display correctly on Chrome.

    Chrome may be fast (in microseconds) .... but it sucks at displaying MOST websites right.

  17. Security considerations by manu0601 · · Score: 1

    Here is what we can learn from Google's FAQ

    The machine you remote connect on shall accept inbound UDP traffic, and TCP 443 (HTTP/SSL) and 5222 (XMPP, aka Jabber). Google claim to secure the thing using SSL, which suggests your machine will get a x509 certificate signed by Google. But what Common Name will it have? If it is the IP or DNS name, how Google is going to avoid clashes for machines on dynamic IP?

    Here is the answer for PRISM interception:

    While your connection setup is mediated by Google's servers, your actual remote desktop session data are sent directly from the client to the host, except in limited circumstances where they may pass through Google relays.