Google Wants To Help You Tiptoe Around the NSA & the Great Firewall of China

← Back to Stories (view on slashdot.org)

Google Wants To Help You Tiptoe Around the NSA & the Great Firewall of China

Posted by Soulskill on Tuesday October 22, 2013 @08:00AM from the be-vewy-vewy-quiet dept.

Kyle Jacoby writes "The NSA was right when it postulated that the mere knowledge of the existence of their program could weaken its ability to function. Virtual Private Networks (VPNs), which serve to mask the source and destination of data by routing it through a third-party server, have been a popular method for maintaining internet anonymity for the paranoid and prudent. However, the all-but-silent fall of secure email server Lavabit, and VPN provider CryptoSeal, have shown us just how pervasive the government's eye on our communications is. These companies chose to fold rather than to divulge customer data entrusted to them, which raises the million-dollar question: how many have chosen to remain open and silently hand over the keys to your data? Google has decided to put the private back in VPN by supporting uProxy, a project developed at the University of Washington with help from Brave New Software. Still using a VPN schema, their aim is to keep the VPN amongst friends (literally). Of course, you'll need a friend who is willing to let you route your net through their tubes. Their simple integration into Firefox and Chrome will lower the barrier, creating a decentralized VPN architecture that would make sweeping pen register orders more difficult, and would also make blocking VPNs a rather difficult task for countries like China, who block citizens' access to numerous websites. On a related note, when will the public finally demand that communications which pass encrypted through a third party still retain an reasonable expectation of privacy (rendering them pen register order-resistant)?"

140 comments

Min score:

Reason:

Sort:

Peer to peer vpn over SSL - nice. by mveloso · 2013-10-22 08:04 · Score: 1

That actually would be pretty neat - force or opt-in everyone who uses the browser to be part of it.
The downside is the aggravation of being collateral damage in some investigation.
1. Re:Peer to peer vpn over SSL - nice. by kheldan · 2013-10-23 02:23 · Score: 1
  
  But: Can Google be trusted anymore? Of late Google seems to be schizophrenic, like we've got Jeckyl-Google and Hyde-Google. Of course it's just as valid in this socio-political landscape to ask: Can we trust anyone anymore?
  
  --
  Are YOU using the TOOL, or is the TOOL using YOU? Think about it!
2. Re:Peer to peer vpn over SSL - nice. by Anonymous Coward · 2013-10-23 12:07 · Score: 0
  
  Neat maybe, but how safe would it really be for those in China?
  http://mashable.com/2013/10/21/google-uproxy-internet-freedom/
  
  Dixon notes that it's important to remember what uProxy is not and does not do. It doesn't anonymize traffic like Tor, it doesn't allow for file sharing, and it doesn't provide encrypted, secure communications like tools Silent Circle and Cryptocat.
  If you're in China and afraid of the Chinese government I think you need something better than uproxy.
  Use the "wrong" peer proxy and you're screwed. How are you going to know who is or is not the "wrong proxy"? Certificates? Guess who has their CA certs in every browser? Guess who has their certs signed by common US CAs so if you trust those CAs you trust their cert.
  Unless they figure a way to solve this problem, all it really allows is more people to use the web and damn the consequences.
Captain Obvious by nospam007 · 2013-10-22 08:04 · Score: 1, Redundant

"... the mere knowledge of the existence of their program could weaken its ability to function."
Yeah, security by obscurity has the tendency to bite you in the ass.
We could have told you that years ago.
1. Re:Captain Obvious by ebno-10db · 2013-10-22 08:10 · Score: 1
  
  Yeah, security by obscurity has the tendency to bite you in the ass.
  It think that's stretching the "security by obscurity is not security" mantra a bit far. How would you run a secret program without having some people aware of its existence?
2. Re:Captain Obvious by Anonymous Coward · 2013-10-22 08:11 · Score: 3, Insightful
  
  This is known. That is why the penalty for espionage tends to be capital punishment or life imprisonment.
  Your PINs are protected by "security through obscurity," by the way. Your health records, school records, and tax records are protected in the same way as the secrets that Snowden stole.
  By the way, the phrase "security through obscurity" is a reference to encryption schemes that rely upon the algorithm not being known for its protective value, not to the general idea of keeping secrets.
3. Re:Captain Obvious by ArbitraryName · 2013-10-22 08:42 · Score: 2
  
  Obscurity of the right things is a fundamental layer of security. When the phrase "security by obscurity" is used correctly, it is to deride a reliance on keeping the wrong things obscure, like fundamental algorithms.
4. Re:Captain Obvious by TheCarp · 2013-10-22 08:55 · Score: 1
  
  > By the way, the phrase "security through obscurity" is a reference to encryption schemes that rely
  > upon the algorithm not being known for its protective value, not to the general idea of
  > keeping secrets.
  Which is why he used it correctly. Remember the claim is that public knowledge that the programs really exist and basics on how they work is enogh to decrease their utility ot make them not work.
  So the very working of the system is, claimed anyway, to rely on obscurity to work.
  
  --
  "I opened my eyes, and everything went dark again"
5. Re:Captain Obvious by jalopezp · 2013-10-23 03:57 · Score: 1
  
  Your PINs are protected by "security through obscurity," by the way. Your health records, school records, and tax records...
  Yeah, but I also supervise my PIN very closely, to the point where I keep the card within centimetres of myself every waking moment, and am physically there every single time the PIN is typed into a POS device. Tax records, school records, health records, lol. Were those even supposed to be private? I'm beginning to forget now.
6. Re:Captain Obvious by JesseMcDonald · 2013-10-23 09:02 · Score: 1
  
  Your PINs are protected by "security through obscurity," by the way.
  Your PINs are supposed to be secret, not obscure. In other words, it's supposed to be impossible to find out what they are, short of asking you or guessing randomly. "Obscure" would mean other people could discover your PINs given sufficient analysis of the other information available to them.
  Of course, insecure PINs are common, birth years being a common choice, for example; this would be an example of "security by obscurity"—the security of the system in such cases relies (in part) on others not knowing your birth year, which is a matter of public record. They're also not very well protected. However, PINs are only a small part of the overall system, and the requirement for your physical card, video recording of ATM users, active fraud monitoring, and reversible transactions all help to offset the insecurity of the PINs—which are only a few digits long to begin with.
  Even with these other factors the overall system is frequently breached, leading to higher costs for everyone, meaning that it's hardly a shining example in favor of "security by obscurity". It's more like an example of how even insecure systems can be made workable if you're willing to throw enough resources at them.
  
  --
  "The state is that great fiction by which everyone tries to live at the expense of everyone else." - Bastiat
Effort by Anonymous Coward · 2013-10-22 08:06 · Score: 1

How is this easier to set up than Tor or more secure?
1. Re:Effort by Anonymous Coward · 2013-10-22 14:34 · Score: 0
  
  I think that it will make little difference to those for whom TOR is a viable option but for those who are living in countries where TOR is blocked, like China, an option is needed. I do not know the finer points of this project and doubt that it will work as it must have a protocol that firewalled countries will block. If you try to use a VPN in China they can detect the setup handshake and block you, this project will need to setup the connection which will be detected and blocked.
Google seys by fermion · 2013-10-22 08:07 · Score: 1, Troll

If anyone is going to collect data it is going to be us! After all we are the only ones who can properly monetize it.

--
"She's a scientist and a lesbian. She's not going to let it slide." Orphan Black
1. Re:Google seys by swillden · 2013-10-22 11:17 · Score: 1
  
  If anyone is going to collect data it is going to be us! After all we are the only ones who can properly monetize it.
  uProxy doesn't send data to Google. There's also a huge difference between data users send to Google as part of the deal by which they use its services and connection-level eavesdropping.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
2. Re:Google seys by Anonymous Coward · 2013-10-22 13:01 · Score: 0
  
  Yes, and we all know they would never collect data for no apparent reason.
3. Re:Google seys by interkin3tic · 2013-10-22 13:32 · Score: 1
  
  Just so we're clear, you're not suggesting that google spying on you when you use their products is as bad as the NSA or chinese censorship, are you? You ARE making a joke, correct?
4. Re:Google seys by Anonymous Coward · 2013-10-22 16:04 · Score: 0
  
  No, just that Google supplies the NSA with 30K pieces of contact information every year.
A little late to the party... by Mitreya · 2013-10-22 08:08 · Score: 3, Insightful

Google has decided to put the private back in VPN by supporting uProxy,
Even if they don't plan to install a backdoor, it is hard to believe in Google's interest in our privacy.
Who supported privacy measures before Snowden's revelations?
1. Re:A little late to the party... by TheGratefulNet · 2013-10-22 08:11 · Score: 3, Informative
  
  trust(google) == trust(nsa) == 0
  that's all.
  
  --
  
  --
  "It is now safe to switch off your computer."
2. Re:A little late to the party... by ebno-10db · 2013-10-22 08:15 · Score: 1
  
  it is hard to believe in Google's interest in our privacy
  Not if they think there's a buck in it. Just like defense contractors are always saying they're all red, white and blue, Google will be all for the 4th Amendment if they think it'll help them get or keep customers. Various US network based companies have already taken a financial hit from this. Do you think Google wants to be next?
3. Re:A little late to the party... by currently_awake · 2013-10-22 08:49 · Score: 5, Insightful
  
  Googles intentions are irrelevant. The moment the NSA shows up with a general warrant (NSL) they will fold and give away everything. And that includes back-dooring the VPN software.
4. Re:A little late to the Party... by tchdab1 · 2013-10-22 09:22 · Score: 1
  
  with a capital "P", whatever its name is.
  As others have said in other ways, this isn't compromised from the beginning, how?
5. Re:A little late to the party... by IamTheRealMike · 2013-10-22 09:56 · Score: 4, Informative
  
  Google was the first to roll out SSL for everything, the first to do SSL forward secrecy ... it's not like there was nothing done before Snowden.
6. Re: A little late to the party... by Anonymous Coward · 2013-10-22 10:12 · Score: 0
  
  In order for this expression to return true, one of the equality checks must return zero. This is necessary, but not sufficient...
7. Re:A little late to the party... by Anonymous Coward · 2013-10-22 10:18 · Score: 1
  
  I think you've got a bug there man...
  if( trust(google) == trust(nsa) || ((options == (__WCLONE|__WALL)) && (current->uid = 0))
  That look about right?
8. Re:A little late to the party... by Anonymous Coward · 2013-10-22 10:38 · Score: 0
  
  trust(google) == trust(nsa) == 0
  that's all.
  Fixed your typo:
  trust(google) = trust(nsa) =0
9. Re:A little late to the party... by Anonymous Coward · 2013-10-22 10:39 · Score: 0
  
  No backdoor, it will just split the traffic at your machine so your PC can fasttrack the packets to the NSA directly... it's a conservation of resources.
  Why would they use their bandwidth when they can use yours?
10. Re:A little late to the party... by swillden · 2013-10-22 11:15 · Score: 1
  
  Who supported privacy measures before Snowden's revelations?
  Google, for one. Google was the first major service to enable SSL for basically all of its services. Google also pushed back hard against Chinese censorship. They caved for a while, but ultimately just took their business and left mainland China because they refused to censor. Granted that Google has made some mistakes (Wifi over-capture by streetview cars, Safari DNT workaround), but they've always tried to support user privacy.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
11. Re:A little late to the party... by Anonymous Coward · 2013-10-22 11:15 · Score: 2, Informative
  
  Yep, definitely a bug.
  trust(google) == trust(nsa) == 0
  Add parens.
  (trust(google) == trust(nsa)) == 0
  A little more clarity
  (trust(google) == trust(nsa)) == false
  (x == false) can be written as "not x"
  trust(google) != trust(nsa)
  Therefore, the statement appears to be saying that neither google nor the nsa can be trusted, but is actually saying that you can trust one or the other but not both (xor)
12. Re:A little late to the party... by dontfearthereaper · 2013-10-22 12:30 · Score: 1
  
  Google pulling out of China was purely a business decision. They didn't want the expense of having to maintain multiple versions of their flagship service. Their move, while a good business decision, was as transparent as oxygen.
13. Re:A little late to the party... by Anonymous Coward · 2013-10-22 12:41 · Score: 0
  
  Wait, what?
  Google pulled out of the LARGEST EMERGING MARKET IN THE WORLD, because of the expense of multiple versions?
  Where did you pull that opinion from?
  From a business perspective, that sounds very stupid.
14. Re:A little late to the party... by interkin3tic · 2013-10-22 13:34 · Score: 1
  
  If that's true, that could be better than what we have now: the NSA DOESN'T get a warrant and just asks for my data, and AT&T or whoever says "SURE!!! That'll be two dollars please."
15. Re:A little late to the party... by Solozerk · 2013-10-22 14:11 · Score: 1
  
  Google enabling SSL may be privacy-relevant when using an open wireless network or to prevent wiretaps from other countries but it does not protect you from the NSA listening in on your traffic, since they force Google to provide all the private keys.
16. Re:A little late to the party... by Anonymous Coward · 2013-10-22 14:44 · Score: 0
  
  Not to mention "He who pays the piper calls the tune".
  Google for all its warts provides a lot of utility, but if you follow the money they work for the same people as the NSA, and that ain't you and me, the gullible US taxpayers.
17. Re:A little late to the party... by Anonymous Coward · 2013-10-22 14:52 · Score: 0
  
  To be fair, I don't think Google et al. really see this as a profit center. Not yet anyway. Over time that will happen, but for now it's a matter of keeping abreast of an unfunded mandate. The big payoff at present for corporate spying on behalf of the govt. is immunity from liablility and the contracts (like the one Verizion is being tapped for to fix the broken healthcare.gov website, speaking of spying.) that flow to "cooperative" organizations.
18. Re:A little late to the party... by TheGratefulNet · 2013-10-22 14:55 · Score: 2
  
  Not if they think there's a buck in it.
  too damned fickle!
  they could quickly turn-around and decide they are no longer friends of freedom.
  google has shown its true colors. anyone who trusts them, now, is a fool.
  freedom cannot be financially motivated. that mixes the wrong things together.
  in fact, corporations that have a profit motive CANNOT be trusted. period!
  
  --
  
  --
  "It is now safe to switch off your computer."
19. Re:A little late to the party... by TheGratefulNet · 2013-10-22 14:56 · Score: 1
  
  roll out ssl and also give keys away. sure! that's some great security you got there, lou!
  thanks but no thanks. google knows how to give the impression of being good while being downright evil to the core. (or, is that corp?)
  
  --
  
  --
  "It is now safe to switch off your computer."
20. Re:A little late to the party... by Anonymous Coward · 2013-10-23 03:51 · Score: 0
  
  It's much more likely that the purpose of the software is to pull Chinese and other currently unmonitored traffic into the NSA's network than it is to keep anything out of it.
21. Re:A little late to the party... by Anonymous Coward · 2013-10-23 04:15 · Score: 0
  
  Come to China and try to Google. You'll be redirected to google.cn, which is hosted in China and non-SSL. Specifically designed to the Chinese government can see who's Googling what. After recording your search you're encouraged to move on to google.com.hk, hosted outside of China and sporting SSL.
  This 2-step redirect will seem innocent to most, but it's unnecessary and dangerous.
Then Facebook will come out with a service by Anonymous Coward · 2013-10-22 08:08 · Score: 4, Funny

to allow ppl to avoid Google's eavesdropping....
So In Other Words by Anonymous Coward · 2013-10-22 08:11 · Score: 4, Insightful

uProxy has been compromised and should not be trusted.
1. Re:So In Other Words by WillAffleckUW · 2013-10-22 08:49 · Score: 1
  
  uProxy has been compromised and should not be trusted.
  I wouldn't say that.
  But we already have your info from everything else you do.
  
  --
  -- Tigger warning: This post may contain tiggers! --
My friends are my identity by Anonymous Coward · 2013-10-22 08:16 · Score: 5, Insightful

I don't get what's so nice about it, the NSA already knows who I am friends with. So no matter how we route traffic in our min-TOR, all exits identify us. The whole point of VPNs, TOR etc. is to hide within massive noise.
1. Re:My friends are my identity by Burz · 2013-10-22 14:07 · Score: 1
  
  You're right... the 'friends' element doesn't work at all for the applications they are supporting. The spies know the who + when of the packet delivery, which is most of the metadata they would collect anyway.
  I2P makes everyone a router by default: A P2P principle which not only curbs the impulse to abuse other nodes, but attracts the widest background of re-routed packets in which to mix your own packets. Its got the best-available resistance against traffic analysis attacks, IMHO. And if VPN-like performance is desired for some applications, you can trade some anonymity for speed according to your comfort level.
2. Re:My friends are my identity by Anonymous Coward · 2013-10-22 14:30 · Score: 0
  
  yeah, and a devil's advocate would also note, "My friends like me on Facebook and follow me on Twitter". It ain't just the NSA or the Central Committee you have to worry about, it's anyone with a potential axe to grind. At the very least they'll know who to "compromise".
  Not very considerate of you or your friends.
3. Re:My friends are my identity by Anonymous Coward · 2013-10-22 15:58 · Score: 0
  
  Trolling comment, and one I am sure was already said, in a lengthy post but. Do you really trust Google with there PR attempts to show they are anti-NSA, after being caught fully cooperating with the NSA behind everyone's back, beside this "transparency" when it comes to the "NSA/FBI Letters".
  This rebel with a cause BS Google is peddling out will be eaten up by people, they never seem to learn or really care.
4. Re:My friends are my identity by hairyfeet · 2013-10-22 19:02 · Score: 1
  
  The problem with I2P and Freenet is they haven't been tested in court and how many of you are really gonna risk 50+ years in PMITA prison just to find out what the court rules?
  You see the problem as explained to me by a bud that works in the state crime lab is how vague and open ended the laws on CP are, especially distribution and possession. He explained like this..."If I give you a safe and tell you to take it down the street and you are pulled over the way the possession and distribution laws are even if you can't open the safe you can STILL be charged with distributing CP if we find it in the safe." I mean sure you can fight it,heck you might even win...how many of you could afford to spend a couple of years going from a cell to the court just to test it? For those that think it can't happen look up the guy in FLA that lost 3 years of his life because the company laptop had a rootkit that let scum download CP on his net. He lost his wife, his job, most of his friends, and spent nearly 100k just to clear himself.
  . So while the ideas of hiding among the crowd and plausible deniability sound nice until the courts rule on what you will and won't be responsible for when using software like I2P? You are literally risking your life when you use it.
  
  --
  ACs don't waste your time replying, your posts are never seen by me.
False. by girlintraining · 2013-10-22 08:19 · Score: 5, Insightful

No, if Google actually wanted that, they'd make their search engine work with Tor instead of saying "I'm sorry, but we're recieving a high volume of suspicious requests from your computer..." with a picture of a robot giving you the middle finger next to it. What Google wants is for you to use their service, and if that means pandering to the "NSA is evil" crowd, they'll make trivial gestures about privacy to attract them.
But Google is in bed with the NSA, CIA, DHS, etc., as is all other large corporations because if you don't play ball with them, you don't get to play. At all. No PR is going to convince me otherwise, and you would be wise to do the same.

--
#fuckbeta #iamslashdot #dicemustdie
1. Re:False. by Anonymous Coward · 2013-10-22 08:34 · Score: 0
  
  Came to post this, but I'll mod you up instead... If they really cared they would unblock tor. Since they are a publicly traded company they most likely couldn't even shut down given a choice between shutting down and handing over whatever the NSA asked for.
2. Re:False. by Anonymous Coward · 2013-10-22 08:42 · Score: 0
  
  No, if Google actually wanted that, they'd make their search engine work with Tor instead of saying "I'm sorry, but we're recieving a high volume of suspicious requests from your computer..." with a picture of a robot giving you the middle finger next to it.
  
  You can blame the SEO pieces of shit and the ad-clicking bots for that.
3. Re:False. by ArbitraryName · 2013-10-22 08:48 · Score: 2
  
  The Tor Browser bundle with HTTPS Everywhere works perfectly fine with Google.
4. Re:False. by girlintraining · 2013-10-22 08:54 · Score: 4, Informative
  
  The Tor Browser bundle with HTTPS Everywhere works perfectly fine with Google.
  Not during prime time. I have to hop to a new exit point sometimes 5 or 6 times to find one that Google hasn't decided to lock out. Entering a CAPTCHA with every query is annoying, but whatever... but just plain failing... it does that often. Especially during prime time hours (6pm-2am US Eastern)
  
  --
  #fuckbeta #iamslashdot #dicemustdie
5. Re:False. by swillden · 2013-10-22 09:17 · Score: 3, Interesting
  
  No, if Google actually wanted that, they'd make their search engine work with Tor instead of saying "I'm sorry, but we're recieving a high volume of suspicious requests from your computer..."
  Did you miss the articles about the NSA's penetration of Tor? Why would you want to use their service? Google's solution is much better: route your traffic through the machines of people you know personally, or at least friends of friends, etc.
  Note that I'm not saying Google's failure to work through Tor is because they think Tor is a bad idea. It's much simpler: Tor outlet nodes are indistinguishable from clickbots. uProxy nodes that have too many users will have the same issue, but the idea is that uProxy makes the barrier to entry low enough that the traffic will be more distributed.
  (Disclaimer: I work for Google, but not on search, uProxy, or anything else discussed here. I do think uProxy is a cool and clever hack, though, and I applaud Google for supporting it.)
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
6. Re:False. by Kasar · 2013-10-22 09:48 · Score: 2
  
  The TOR issues are mostly Javascript, the package is decent enough, but running NoScript continually can be inconvenient, so of course people turn it off and open themselves up to malware. You think uProxy would be immune to this?
  
  --
  vi? Who's that?
7. Re:False. by phorm · 2013-10-22 09:57 · Score: 1
  
  I'd imagine there are some pretty good reasons for that, mainly people trying to "anonymously" post searches or other things to skew metrics in their favor.
8. Re:False. by girlintraining · 2013-10-22 10:34 · Score: 1
  
  I'd imagine there are some pretty good reasons for that, mainly people trying to "anonymously" post searches or other things to skew metrics in their favor.
  I'd imagine there's some pretty good reasons for people wanting to do anonymous internet searches too that are more important. Like getting a bullet to the head in countries like Iran, China, and North Korea.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
9. Re:False. by swillden · 2013-10-22 11:11 · Score: 1
  
  The TOR issues are mostly Javascript
  No, the TOR issue is that the NSA runs (or has compromised) a large percentage of the exit nodes.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
10. Re:False. by mstefanro · 2013-10-22 12:45 · Score: 1
  
  large percentage[citation needed].
  Also, controlling some exit nodes is not really sufficient to identify you (unless they think
  it's you but they are not sure).
11. Re:False. by complete+loony · 2013-10-22 13:12 · Score: 1
  
  Without onion routing, this VPN solution will expose your social graph to NSA or servers run by other governments operating on the network, one of the key things they are interested in collecting.
  Blocking access to something encourages an arms race to bypass the filter. I'd be more concerned about governments that allow you access, but monitor what you are doing and who you are talking to.
  
  --
  09F91102 no, 455FE104 nope, F190A1E8 uh-uh, 7A5F8A09 that's not it, C87294CE no. Ah! 452F6E403CDF10714E41DFAA257D313F.
12. Re:False. by swillden · 2013-10-22 14:34 · Score: 1
  
  See the previous /. articles.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
13. Re:False. by Anonymous Coward · 2013-10-22 15:18 · Score: 0
  
  I think that was the NSA's *attempted* penetration of Tor. Do you have a cite for any success?
  My understanding of the CIA or some other TLA's interest in sponsoring high-bandwidth exit nodes was that they wanted sufficient bandwidth available for live video feeds, voice calls, and such.
  The NSA certainly has enough funds available to establish enough hostile nodes to correlate traffic, and you have to assume they or some other intelligence services are doing that. There's just to my knowledge no evidence that they are, or that they've broken the crypto.
  My problem with uProxy is that it weakens plausible deniablity to the point of futility. Suppose you share your pipe with "The International Man of Intrigue and Danger", who has a friend or family member who attends the same mosque in, oh, Cairo, as "Carlos Muhammed", who's been on Interpol's top 10 list of terror bombers for 30 years and suddenly decides to come out of "retirement". He sends incriminating emails to the same imam who counsels your friend's friend, using your connection. Now, where does that leave you, Mr. Co-conspirator?
14. Re:False. by girlintraining · 2013-10-22 18:25 · Score: 1
  
  Did you miss the articles about the NSA's penetration of Tor? Why would you want to use their service?
  
  Perhaps I am less concerned with subverting a large government agency with billions to blow on such things as I am subverting a large business that makes billions on such things.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
15. Re:False. by Myen · 2013-10-22 19:19 · Score: 2
  
  Is there a particular reason to block reading (search) instead of writing, given a highly suspect origin? That is, they can enable search and disable mail/plus/whatever, right?
  I guess my question boils down to, what advantage does SEO pieces of shit get from searching Google? The only thing I can think of off the top of my head is to check if their SEOing was successful. That doesn't seem overly useful to me (but then, I've never tried to look at that).
16. Re:False. by Anonymous Coward · 2013-10-22 20:36 · Score: 0
  
  They can shutdown, all it's needed is the majority of the shares votes so.
17. Re:False. by coofercat · 2013-10-23 02:09 · Score: 1
  
  Use one of the country specific googles - eg. google.co.uk - it seems the torbots don't hassle the countries as much as they do .com, so their IPs don't get blacklisted quite so easily.
  One thing I find really funky is logging onto the like of Yahoo and co via Tor - they (incorrectly) assume you're in Germany and so show you the page in German. They're not at al unique at this either - it seems the world of webdev has a long way to go before it understands Tor.
18. Re:False. by phorm · 2013-10-23 02:44 · Score: 1
  
  Yes, and in those cases I doubt that such people will be overly concerned if they need to go through the extra "captcha" step to prove they are human and not an automated system
19. Re:False. by Anonymous Coward · 2013-10-23 06:11 · Score: 0
  
  I have found startpage to be an acceptable alternative. It tends to play nice with Tor, and while startpage returns a smaller set of results than using google directly, the returned results are usually sufficient for my needs.
20. Re:False. by m0n5t3r · 2013-10-23 08:55 · Score: 1
  
  this also happens with Slashdot, BTW, there are days when I have to restart orbot a bunch of times to get through...
21. Re:False. by kermidge · 2013-10-23 16:06 · Score: 1
  
  Yeah, and the billions blown by an LGA comes from direct tax revenues, even if some of the bookkeeping is na levo. OTH that large biz is being paid by ad companies, the costs of which are part of the 'hidden tax' that increases the cost of all goods and services. It's a bit of a toss-up, depending on where one stands, etc.
  Hmm. Are there reasonably good data on just what percentage ad companies add to the price of mainstream consumer goods and services? (I purely don't know, haven't tried to look [sue me, it's late and I'm lazy, and at the moment wouldn't know where to start], but am curious nonetheless.)
Can VPN traffic be identified as such? by mwvdlee · 2013-10-22 08:28 · Score: 1

Is it possible for routers to see the difference between VPN traffic and normal traffic? If so, it's rather trivial for the chinese firewall to prevent VPN traffic.

--
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
1. Re:Can VPN traffic be identified as such? by kyle3489 · 2013-10-22 08:32 · Score: 5, Insightful
  
  OpenVPN (and therefore probably this solution) can be configured to appear as though it's normal SSL traffic (like you're visiting an https web URL). It's one of the things that makes OpenVPN so great, and hard to block.
2. Re:Can VPN traffic be identified as such? by koan · 2013-10-22 08:34 · Score: 1
  
  I believe it can be, in addition there are so many legit uses it might be open for that reason, that to block it would create more chaos.
  Just as SSH was always allowed (in and out) on almost every corporation network.
  
  --
  "If any question why we died, Tell them because our fathers lied."
3. Re:Can VPN traffic be identified as such? by mlts · 2013-10-22 09:06 · Score: 1
  
  Any decent IDS/IPS can notice oddball encrypted traffic and put the kibosh on it. Even moreso in a lot of places which use Bluecoat or something similar as an active MITM (where the BlueCoat's appliance key is propagated in the root of AD.)
  I wouldn't be surprised if the PLA didn't have something in place that would throttle/log/stop VPNs without having to keep an IP blacklist. They have had decades to work on the technology, and have leapfrogged the US in a lot of respects.
4. Re:Can VPN traffic be identified as such? by Anonymous Coward · 2013-10-22 10:11 · Score: 0
  
  Using PuTTY to connect to an SSH server over SSL using port 443 punches right through BlueCoat and they can't MITM my key.
5. Re:Can VPN traffic be identified as such? by Anonymous Coward · 2013-10-23 04:24 · Score: 1
  
  Not out of the box. Yes, it can work on port 443 with an SSL-like connection but its TLS handshake is very easily distinguished from regular browser-webserver connections. This is exactly what the Chinese have been doing since late 2012 and why many commercial VPN provider made modifications to OpenVPN to either obfuscate the entire connection or at least use a non-typical TLS handshake.
Time for Sealand to have a new product - by Anonymous Coward · 2013-10-22 08:29 · Score: 0

Secure VPNs.
Being independent might make things a bit harder for the NSA.
1. Re:Time for Sealand to have a new product - by Anonymous Coward · 2013-10-22 08:40 · Score: 0
  
  Switzerland is a more realistic choice. They have very strong data protection laws and don't have the shenanigans you see happening in the EU.
2. Re:Time for Sealand to have a new product - by ebno-10db · 2013-10-22 09:34 · Score: 2
  
  Switzerland is a more realistic choice. They have very strong data protection laws and don't have the shenanigans you see happening in the EU.
  And would never get involved in money laundering either.
Trust by CanHasDIY · 2013-10-22 08:30 · Score: 4, Insightful

"Trust me," said the fox to the hen, "You can keep your eggs in my basket and I'll make sure the other foxes don't eat them."

--
An enigma, wrapped in a riddle, shrouded in bacon and cheese
1. Re:Trust by swillden · 2013-10-22 09:18 · Score: 4, Informative
  
  "Trust me," said the fox to the hen, "You can keep your eggs in my basket and I'll make sure the other foxes don't eat them."
  Google is saying exactly the opposite. Google is saying you should find someone you do find trustworthy, and route your traffic through their machine, not suggesting that you trust Google.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
2. Re:Trust by CanHasDIY · 2013-10-22 09:55 · Score: 1
  
  "Trust me," said the fox to the hen, "You can keep your eggs in my basket and I'll make sure the other foxes don't eat them."
  Google is saying exactly the opposite. Google is saying you should find someone you do find trustworthy, and route your traffic through their machine, not suggesting that you trust Google.
  They (Google) wrote the software, right? And they're trying to get people to use the software they made to create super-secret-squirrel, "private" connections between individual machines, through which data shall be passed?
  Yea, actually, they aren't "saying exactly the opposite."
  Google is the fox, your data is the eggs (are the eggs?), and uProxy is the basket.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
3. Re:Trust by Anonymous Coward · 2013-10-22 10:07 · Score: 1
  
  They (Google) wrote the software, right?
  Wrong. Per the link: "uProxy is being developed by the University of Washington, with help from Brave New Software."
4. Re:Trust by Anonymous Coward · 2013-10-22 10:34 · Score: 0
  
  Wrong, not only did you not read the article you did not even read the summary where it clearly says that the software was developed at the University of Washington.
5. Re:Trust by swillden · 2013-10-22 11:09 · Score: 1
  
  They (Google) wrote the software, right?
  Nope. RTFS.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
6. Re:Trust by Anonymous Coward · 2013-10-22 15:51 · Score: 1
  
  They (Google) wrote the software, right?
  Wrong. Per the link: "uProxy is being developed by the University of Washington, with help from Brave New Software."
  And the University of Washington has how many contracts with the D.O.D. etc?
7. Re:Trust by Anonymous Coward · 2013-10-22 16:19 · Score: 0
  
  Well, make your own search engine / browser / internet then. ;) Tin-foil hat troll. If you want control, you have to do it yourself. If you're not capable of rolling up your sleeves and recreating the universe from scratch, accept your place.
8. Re:Trust by CanHasDIY · 2013-10-23 04:19 · Score: 1
  
  This is Slashdot; we don't do that.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
9. Re:Trust by Maritz · 2013-10-23 11:32 · Score: 1
  
  The beauty of conspiracy thinking: evidence against the conspiracy is evidence for the conspiracy.
  
  --
  I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
but not on Google Fiber by Anonymous Coward · 2013-10-22 08:33 · Score: 0

There was just a story last week saying that Google Fiber does not allow incoming VPN on it. So you can use this swell google program only on non-google networks.
1. Re:but not on Google Fiber by ArbitraryName · 2013-10-22 08:51 · Score: 4, Informative
  
  And immediately afterwards Google updated their policies to clarify that personal servers were allowed. Non-commercial VPN is explicitly allowed.
Psiphon by Anonymous Coward · 2013-10-22 08:33 · Score: 1

This resembles the project for circumventing parental controls, Psiphon
openvpn and tinc already exist by klingens · 2013-10-22 08:34 · Score: 1

What brings this new thing to the table what the old and proven VPNs like openvpn or tinc don't? Is it only the hip google sponsorship? If so then it's a good slashvertisement and clickbait in one.
1. Re:openvpn and tinc already exist by kyle3489 · 2013-10-22 08:38 · Score: 1
  
  Easy setup/integration into a browser. OpenVPN is great, but not the easiest to setup for 90+% of internet users. I think they're just making OpenVPN noob-friendly.
BS by Anonymous Coward · 2013-10-22 08:36 · Score: 2

This is more BS from Google. They open their infrastructure up to the NSA and get caught (who are you going to believe? Google or Snowden?), and now they keep on dribbling pathetic treats to us.
Stop using Chrome. Stop using gmail. Move your data outside the u.s.
Will never be able to trust a U.S. company again by TWiTfan · 2013-10-22 08:36 · Score: 1

They will never be able to prove to me that they're NOT giving info the the NSA. And, as such, they will never be able to earn my trust.

--
The cow says "Moo." The dog says "Woof." The Timothy says "Thanks, valued customer. We appreciate your input."
Datacaps anyone? by Forever+Wondering · 2013-10-22 08:36 · Score: 1

Seems to me the limiting factor will be ISP datacaps.
The ISPs that tend to have them are the ones that also want to send content (e.g. U-Verse, Comcast, to name a few). Datacaps limit peer-to-peer networks.
A more sinister interpretation is that datacaps limit the amount of traffic that the NSA has to sift through. The ISPs that seem to have the greatest track record of caving to NSLs, etc. are also the ones with datacaps. Coincidence?
Thus, datacaps also apply when one's "friend" routes traffic through one's connection to support a distributed VPN scheme.

--
Like a good neighbor, fsck is there ...
1. Re:Datacaps anyone? by RobertinXinyang · 2013-10-22 12:08 · Score: 1
  
  There is another datacap problem in China; while my peer to peer is unlimited (for all intents and purposes), Google is very limited. Google searches only work about 80% of the time and following links from Google provides a failure in more than 50% of the attempts. In China the government makes a strong effort to push people toward the Baidu and one of the ways is to severely throttle Google.
  As much as it would in hindrance to me, Google is better off ignoring the demands of the Chinese government. The, so called, large market is not here because the Chinese government pushes users to the domestic rival. There is no benefit in trying to arrive in an optimal free market solution in a market that is not free.
2. Re:Datacaps anyone? by Forever+Wondering · 2013-10-22 13:35 · Score: 1
  
  Yes. Just artificially dropping some packets (either deliberately or just to implement some notion of quality-of-service) can be problematic. While an established TCP socket can deal with this, doing a DNS lookup [which is datagram based] can be severely affected. My ISP implements QoS and most of the delay I experience is a failed DNS query that must timeout and be retried (e.g. I'll wait a minute to get a page load but 55 seconds of that is waiting for the DNS request to succeed).
  It's a way to censor things without doing outright censorship (e.g. blocking Google 100%). It's my belief that when Google was negotiating with the Chinese government about access, they argued strenuously, but in the end, they took the best deal they could get [were offered]. I mean, if Google had taken a stronger stance (e.g. "we won't limit access"), what would the government's response have been (e.g. 100% blockage) and what would the Chinese people's response have been?
  Rest assured that your government's artificial push for Baidu was known here in the US, not that we've been able to do much to help. Our government people do talk with Chinese officials about such things [and many more], but your government is usually quite stoic in its responses ;-).
  Economic freedom and political freedom are two sides of the same coin. You can't really have one without the other. Note that I'm not talking about capitalism per se. Many European countries have a modified form of socialism, but still have a government that fosters political freedom.
  Hopefully, Google's initiative will provide some improvement/relief. Time will tell.
  
  --
  Like a good neighbor, fsck is there ...
The 12th of Never by davmoo · 2013-10-22 08:36 · Score: 3, Funny

"when will the public finally demand that communications which pass encrypted through a third party still retain an reasonable expectation of privacy (rendering them pen register order-resistant)?"
As soon as NSA spying prevents them from watching "Dancing With the Stars" and "Honey Boo Boo".

--
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
playing both sides by themushroom · 2013-10-22 08:38 · Score: 2

Funny how Google is trying to come up with ways around the Great Firewall of China when, contrary to their 'do no evil', awhile ago was tailoring their search engine for China to accomidate their government rather than defeat the Firewall. I'm sure you can find at least one /. article about this in the archives...

--
Laughter is the Spackle of the Soul.
You'd have to be a fool to trust Google by Anonymous Coward · 2013-10-22 08:39 · Score: 1

Subject says it all.
Google? by Anonymous Coward · 2013-10-22 08:41 · Score: 0

Oh come on. They can never be trusted again. They rolled over for the NSA and was a part of PRISM.
Just use a VPN company not located in the U.S
Re:Will never be able to trust a U.S. company agai by kyle3489 · 2013-10-22 08:42 · Score: 2

Making it open source would be a good start building trust... we'll see. Seeing as the VPN is only between friends, data doesn't ever have to see a google server, so there's not a whole lot of trusting that NEEDS to happen.
Some Regimes...? by Sir_Eptishous · 2013-10-22 08:45 · Score: 1

"At a presentation in New York, the company unveiled uProxy, which it says will allow citizens under some regimes to bypass government censorship or surveillance software to surf the Web and use its properties like YouTube and Blogger. "
So is the U.S. considered a "regime" by Google?

--
We play the game with the bravery of being out of range
1. Re:Some Regimes...? by Anonymous Coward · 2013-10-22 10:08 · Score: 0
  
  Isn't "regime" just a superset of "government"?
Re:Will never be able to trust a U.S. company agai by WillAffleckUW · 2013-10-22 08:51 · Score: 2

Legally, any company is required, by the unconstitutional law the NSA uses, to NOT disclose they are giving your information away.
Like Microsoft, Adobe, Apple, Google, and all your communications providers.
All of them.
Every. Single. One.
Did I mention the backdoors in the chips in your computer and your comm gear?

--
-- Tigger warning: This post may contain tiggers! --
If they really want to help... by Trimaxion · 2013-10-22 08:54 · Score: 4, Interesting

I'd like to see Google make an effort to build GPG into their product and make it easy for people to use.
If anyone can do it, it's Google, but they won't. It's hard to deliver targeted advertising when you can't read your users' email.
1. Re: If they really want to help... by Anonymous Coward · 2013-10-22 16:38 · Score: 0
  
  Mailvelope
Who Owns Key? What Signs Upstream? by Jeremiah+Cornelius · 2013-10-22 08:58 · Score: 4, Interesting

I don't get what's so nice about it, the NSA already knows who I am friends with. So no matter how we route traffic in our min-TOR, all exits identify us. The whole point of VPNs, TOR etc. is to hide within massive noise.
I want no part of "Google freedom". Their self driving cars? If these are the norm, they'll know where you are - all the time - and be queriable for your violations of speed limits and other "indiscretions".
If you trust them for VPN? How are keys generated? Who is the root of trust? This is your real question.

This idiom reflects the ever closer union between the State Department and Silicon Valley, as personified by Mr. Schmidt, the executive chairman of Google, and Mr. Cohen, a former adviser to Condoleezza Rice and Hillary Clinton who is now director of Google Ideas.

-- Julian Assange, The Banality of 'Don't Be Evil"
I'm with Admiral Ackbar, on this one:
"IT'S A TRAP!"

--
"Flyin' in just a sweet place,
Never been known to fail..."
1. Re: Who Owns Key? What Signs Upstream? by Anonymous Coward · 2013-10-22 13:53 · Score: 0
  
  This.
  Google, the great collector of all things about everything, is essentially the right hand of the NSA. Google wants your information so bad they'll do anything to get it.
  And considering the recent relevations of just how cozy they are with the NSA, do they really think I'm going to trust them with anything at all ?
  I've ceased using all Google services of any kind. I go out of the way to block everything Google from my internet habits.
  I figure if enough do the same and the company implodes because of it, maybe the next company the Government asks for "help" from will learn from it and politely decline the offer.
  At this point, I have very little reason to trust anything the Government or Big Business has to say anymore as it's been shown time and time again they will lie through their teeth to keep everyone dumb and happy.
VPN by pete-classic · 2013-10-22 09:02 · Score: 1

"Virtual Private Networks (VPNs), which serve to mask the source and destination of data by routing it through a third-party server"
This is a false and very dangerous line of thinking. A VPN and a proxy are two different things. And they don't necessarily do what you're saying they do.
Getting around an employer firewall, anyone? by kyle3489 · 2013-10-22 09:06 · Score: 1

Some employers who let you use firefox/chrome plugins at will might have a problem keeping their sheep in the pen with this one. Of course, they probably already do, but this would just make it easy for you to connect through your "friend" (ie home) and circumnavigate the firewall.
there is a request for a retroshare plugin ... by Anonymous Coward · 2013-10-22 09:10 · Score: 0

to implement VPN between friends
someone do it
http://retroshare.sf.net
Is this Spam? by Anonymous Coward · 2013-10-22 09:14 · Score: 0

youproxy.org looks like shit. is this story real?
bullshit by Anonymous Coward · 2013-10-22 09:15 · Score: 0

Blame ==
The two founders.
The current CEO and board members
Everyone who is still working for them after being exposed as a privately-run surveillance company.
Not so much google, but related to not being anonymous on the net - Vint Cerf. (who removed crypto from ipv6 at the behest of the US government.)
Don't tell me these people didn't know the consequences of what they were doing, and it's all the fault of advertisers.
Land of the Free (again) by RabidReindeer · 2013-10-22 09:15 · Score: 0

"The NSA was right when it postulated that the mere knowledge of the existence of their program could weaken its ability to function."
They make it sound like a bad thing.
Efficiency is good. Up to a point. That applies to a lot of things, not just intelligence gathering. Then you get into a situation where the costs of efficiency outweigh the benefits.
While there certainly are enough people in the USA who are such utter craven cowards that they'd prefer to live in a composite Fourth Reich/ Stasi 2.0/ USSA if the butcher promised the little piggies they'd be safe, there are also some of us who are willing to forgo such amenities and trust that the civilians who tackle the guy fiddling with his shoe, the folks inspecting the laser printers, and other diverse less organized ways that we take responsibility for our own lives. And realize that despite everything, an occasional pressure cooker will get through and we'll pay for our freedom with the lives and body parts of ourselves and our relatives. Because freedom isn't the same thing as safety.
"The public" by Mister+Liberty · 2013-10-22 09:16 · Score: 0, Troll

Let's face it. The public in general is rertarded.
Panem et circenses -- bread and play in today's colloquial.
As long as they have that -- who gives a fuck about rights
and abstracta like 'society'.
Forget them. Look to your peers. You see like minded?
Organize! And Inform as much as you can. The retarted-
ness often is not inate. Name names of trespaassers like
Mister Keith up there in the US. Be persistent. Pay
tribute to Snowden, and remember to treasure your
whistlblower. They are an asset to your society, contrary
to what Obama (himself the murdering terorist incarnate)
says.
Good luck!
Re:Who Owns Key? What Signs Upstream? by Merk42 · 2013-10-22 09:32 · Score: 1

I want no part of "Google freedom". Their self driving cars? If these are the norm, they'll know where you are - all the time - and be queriable for your violations of speed limits...
but if they're self driving cars, wouldn't it be the software that is guilty of going over the speed limit?
Re:Who Owns Key? What Signs Upstream? by Anonymous Coward · 2013-10-22 09:35 · Score: 1

Their self driving cars? If these are the norm, they'll know where you are - all the time - and be queriable for your violations of speed limits
Why would a self-driving car be speeding? If it were, why would you be liable?
When you can do whatever you want while riding in your self-driving car, you will stop caring about the difference between 65mph and 75mph. You'll be more likely to remain in your car at the destination for an extra minute finishing whatever task you are doing than you are likely to care about the seconds that speeding shaves off the average commute.
Re:Will never be able to trust a U.S. company agai by Anonymous Coward · 2013-10-22 09:44 · Score: 1

Making it open source would be a good start building trust... we'll see
Making it open source doesn't matter. Law always trumps technology.
The only solution is an open justice system. There's a good reason any member of the general public can stroll into any Judicial Branch court...from your local county court to the Supreme Court...and sit down and watch what is going on. That is the most important check on government authority.
The problem is the Executive Branch courts, which work in secret. Sealed court orders are tyranny.
As Mr. Schmidt said while CEO... by Kasar · 2013-10-22 09:45 · Score: 1

"If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place."

--
vi? Who's that?
Uhhhhm, yeah . . . by Kimomaru · 2013-10-22 10:28 · Score: 1

I don't suppose anyone remembers this? http://www.politico.com/news/stories/1112/83818.html .
Re:Who Owns Key? What Signs Upstream? by GumphMaster · 2013-10-22 10:50 · Score: 1

Why would a self-driving car be speeding?
The car's idea of the speed limit on the road no longer matches the recently introduced, lower limit. The car did not "see" a temporary reduced speed limit for road works, high wind or ice conditions. The limit is vague, like a 40 km/h school zone that only operates a between 7-9AM and 2-4 PM on school days (whatever they are) or the unsigned 50 km/h limit in "residential" streets. (Australian examples but I am sure you can find USian ones)

If it were, why would you be liable?
If the car has a mechanism for you to manually lower the speed and you did not then I am sure liability will be asserted. Minimises the attractiveness of a "self-driving" car if you constantly have to monitor it.

--
Patent litigation: A doctrine of Mutually Assured Destruction... in which everyone seems willing to push the button
Foreign services by Reliable+Windmill · 2013-10-22 11:21 · Score: 1

I would only trust foreign services with no physical ties to the U.S, whether Google say they support them or not.

--
Signature intentionally left blank.
1. Re:Foreign services by Anonymous Coward · 2013-10-22 15:31 · Score: 0
  
  Baidu? ;-)
Hell no by Anonymous Coward · 2013-10-22 11:38 · Score: 0

Google will fold quicker than anything once the NSA makes a request of them. They're not like Lavabit - they're not going to close up shop and put their entire business and employees out to pasture. It's also wrong to expect them to do so - I mean seriously, if the NSA demands something from a company, why would they say no? The Government isn't going to do anything but back up the NSA with their legal wranglings so Google either does what they ask, or suffer immense pain.
ANY company would have the same issue if the NSA came knocking, and it's not fair to single out Google (or Microsoft for that matter) for complying with the NSA. Lavabit was an anomaly.
Why stop there? by Roger+Wilcox · 2013-10-22 12:07 · Score: 1

On a related note, when will the public finally demand that communications which pass encrypted through a third party still retain an reasonable expectation of privacy (rendering them pen register order-resistant)?
Fuck that! We should demand that all of our communications remain private! Why limit our demands only to those communications that are encrypted and routed through a proxy? Why should we put up with any of this nonsense for an instant?
The fourth amendment states: "Every subject has a right to be secure from all unreasonable searches, and seizures of his person, his houses, his papers, and all his possessions." So our papers are electronic today, but it's plain to see that the spirit of this basic right translates directly to electronic papers.
The NSA's actions are egregious and ri-goddamn-diculous! The bastards should be made to stand at the pillory until they rot! What the fuck is wrong with everybody?
If Google wanted to actually fix this... by Guppy06 · 2013-10-22 12:46 · Score: 1

... they'd spend the money on lobbying instead.
1. Re:If Google wanted to actually fix this... by Anonymous Coward · 2013-10-23 04:28 · Score: 0
  
  All that needs to happen is for Google, Microsoft and Apple to shake hands and enable opportunistic IPSec for all their operating systems by default. Anything else is just PR.
Re:Will never be able to trust a U.S. company agai by ArbitraryName · 2013-10-22 13:00 · Score: 1

When it is released to the public it will be released under the Apache2 license.
Nope. by Anonymous Coward · 2013-10-22 13:46 · Score: 0

base usage, it means the same thing.
It just has some emotional baggage with it as it was always referred to the political/country opponent as a "bad thing".
How about secure email? by Anonymous Coward · 2013-10-22 16:54 · Score: 0

Seems to me they could use a std protocol like PGP, secure xmit to their servers, and resend it from there with a source address of GoogleSecureEmail and a completely encrypted body.
Google would handle the encryption from my browser to their server, then decrypt and send.
One reason, of course, is that they want to see the contents of my email in order to target advertising. OK, I will pay them for such a service : if I move, I have the hassle of changing my email address, a significant consideration.
Hmm by sharknado · 2013-10-22 18:13 · Score: 1

It will never be possible to "win" the privacy war until individuals are held responsible for violations of privacy. The Milgram Experiment shows that morality is engaged by a feeling of personal responsibility, and that morality is suppressed when personal responsibility is taken away. My (crackpot) theory is that unless we start holding lawmakers, government officials, lobbyists, politicians, and even technologists personally accountable for creating and participating in illegal programs, nothing about this fight will ever change. A software engineer who writes code for the NSA will feel pretty safe because they can always blame their participation on "orders", on "the government", or any number of other abstract ideas. Nobody at any level of government ever feels personally responsible, and as a result, will never make the proper, moral decision to stop spying. Call me crazy, but maybe it's time to establish a new set of laws?
1. Re:Hmm by Anonymous Coward · 2013-10-22 20:04 · Score: 0
  
  exactly, lack of responsibility and accountability is the problem, actually it is the very problem of modern society, be it responsibility with regards to ecology or lawmaking. Countries, organizations, companies, governments, etc. have become so big that nobody is responsible for anything, we are all zombie robots doing just a small part of a bigger wrong, we just don't see it or don't care because we don't want to feel responsible, and so is the world moving forward (or backwards) in complete inertia and will keep getting worst.
  I would say this is about the same as the "banality of evil" (https://en.wikipedia.org/wiki/Banality_of_evil#The_banality_of_evil)
Re:Who Owns Key? What Signs Upstream? by Anonymous Coward · 2013-10-22 20:57 · Score: 0

Careful with that straw - it's tinder-dry.
Expectation by sabbede · 2013-10-23 01:24 · Score: 1

Doesn't encryption by itself indicate that the user has an expectation of privacy? What with that being the purpose of encryption in the first place.
Re: Who Owns Key? What Signs Upstream? by jalopezp · 2013-10-23 03:52 · Score: 1

What do you do about googleapis.com, google.com, gstatic.com, etc? Many parts of the web are practically unusable without allowing them to load scripts from these. I wish it wasn't so, but it's gotten to the point where I'm allowing them. In theory those shouldn't be mining the shit out of you like google-analytics, but obviously you can't see what they do, and even if you did, it's not running in your machine so they could be showing you the source code for notepad for all that's worth.
Re:Who Owns Key? What Signs Upstream? by Anonymous Coward · 2013-10-23 04:10 · Score: 0

Considering that in the United States at least Google can tell me when there is heavy interstate traffic on my route and route me around it I expect they can keep up with changes to speed limits, probably better than a human. For example if its 4:01 when I go through the school zone since Google will be using network time rather than the dashboard clock the self -driving car will absolutely know its okay to go 45 (mph) rather than25 (mph), and that at 3:59:16 its not.
In the U.S. I can easily see a court penalizing a jurisdiction that tries to generate excess revenue by playing fast and loose with speed limits. Legislatures are even likely to require local jurisdictions to notify manufacturers/application companies when speed limits are changed.