Archive for ‘Privacy’

March 21, 2014

Google Research fan behavior

Friendly!

I found a broken link. It was important, being the contact URL on Google Research’s official Twitter account! I told them about it. Google Research wasn’t aloof! I was thrilled.

An invitation to join Google+

Google Research finally joined Google+ in August 2012.

Google Buzz chat

Inviting Google Research to Google+

I tried to coax an earlier arrival in July 2011. Click on the image if you would like to read our conversation. I remember feeling bold, and daring!

Odds and Ends

Indirect Content Privacy Surveys: Measuring Privacy Without Asking About It, Symposium on Usable Privacy and Security (SOUPS), 2011.
Abstract (an excerpt that I extracted from the abstract, that is):

The emotional aspect of privacy makes it difficult to evaluate privacy concern. This effect may be partly responsible for the dramatic privacy concern ratings coming from recent surveys, ratings that often seem to be at odds with user behavior…

This is SO true! Dramatically vocalized privacy concerns are highly inconsistent with actual user behavior! The gist of the article was to figure out a way to get at people’s privacy concerns without asking about privacy directly. Merely broaching the subject tends to cause survey respondents to get skittish, thus impacting their answers.

The article DOI, full text, is in this Google Research post.  If that doesn’t work, try the corresponding entry via Google Research’s profile on Google Buzz. The post was active from June 2011 through January 2012. Good luck finding it now. It is accessible sometimes, but not consistently. Odd, no? Maybe not so odd, as Google Buzz was discontinued a few years ago. I miss it.

Chrome browser crash

I know and love that sad little face too.

Yes, he is a sad guy. When Chrome browser crashes, I don’t feel annoyed anymore, just disappointed.

December 19, 2011

A Special Kind Of Proxy

GoogleSharing is a special proxy service that doesn’t hide what you are searching from Google. Instead, it obscures where the requests are coming from. GoogleSharing is not a full proxy service designed to anonymize traffic. It is exclusively intended for certain aspects of your communication with Google. So there are no “alternative” websites to visit. Your use of the web need not change at all.

diagram

How does it work?

How does it work?
The GoogleSharing system is a custom proxy with a Firefox Add-on.

The proxy

The proxy generates a pool of GoogleSharing “identities,” each containing a cookie issued by Google and an arbitrary User-Agent for one of several browsers.

The add-on

The Firefox add-on watches for requests to Google services from your browser… and will transparently redirect them to a GoogleSharing proxy. There your request is stripped of identifying information and replaced with a GoogleSharing identity. Then this request is forwarded to Google, and the response is proxied back to you.

If your next search is given a different identity,

Tags: ,
July 15, 2011

Try a VeriSign SSL Certificate gratis

Network and data security has really been on my mind lately!

I visited the Symantec and VeriSign websites the other day. I’m not sure if this is a true “limited time special offer” or an ongoing promotional deal that I never noticed until now. Two sorts of SSL (Secure Socket Layer encryption) certificates are available from VeriSign.

Secure Socket Layer protection

30-day SSL test-drive

One is the standard type that is desirable for websites that are accepting payment data or collecting other sensitive personal information from users. VeriSign refers to this as a Production Certificate. It includes use of the distinctive VeriSign Trust Seal, for use on SSL websites.

The other type is an SSL Test Certificate. Applications developers who want to confirm that SSL encryption is functional in a test (pre-production ONLY) environment should select this. It doesn’t include display of the Trust Seal, because it isn’t intended for use with applications on the public web. Both are available for free, for a 30-day trial period.

Try a VeriSign Certificate* today!

There may be superior alternatives to VeriSign SSL authentication. Regardless of vendor choice or implementation, it won’t hurt to contemplate data security, given the almost daily news reports of DDoS, DoS and other attacks. Or disclosure of yet another 0-day vulnerability or data breach.

* No, I’m not a paid endorser. I hoped someone might find it helpful and informative. Me, for example!

UPDATE: July 30, 2011

I just noticed that VeriSign has another offer; a 60-day free trial for a VeriSign Seal. See the VeriSign website for more information.

VeriSign offers both SSL and non-SSL products

What is the difference between the Trust Seal and the Secured Seal?

Like the VeriSign Secured Seal, the VeriSign Trust Seal shows that a site is authenticated by the high standards of VeriSign… The VeriSign Trust Seal is free with the purchase of any VeriSign® SSL Certificate. It can also be purchased separately for web sites that do not require SSL for securing online transactions. The VeriSign Trust Seal provides a cost-effective way to establish trust on your site without installing an SSL Certificate.

Emphasis is mine. However, VeriSign prominently displays this advisory on the Trust Seal FAQ page:

If your Web site uses SSL, you must use VeriSign SSL in order to display the VeriSign Trust Seal.

I’m uncertain, but suspect that the 30-day Trust Seal deal includes SSL certification, which is actually the VeriSign Secured Seal. The 60-day special probably does not. In other words, it offers the Trust Seal but not the SSL certificate, and is suitable only for non-SSL websites..

March 13, 2011

Mailhide

If you’ve ever looked at an open-source development project hosted by Google servers, usually on  http://code.google.com sites, Mailhide will be familiar. It is a less well-known application of the reCAPTCHA detection challenge.

reCAPTCHA now owned by Google

reCAPTCHA Turing test

Mailhide conceals part of an email address

This is how it prevents spammers from accessing email addresses using automated programs. Typically, the first few letters, or numbers, of the username part of the email is visible, followed by an ellipsis i.e. three dots, and then the domain name.

Most Google employees* use Mailhide. Mailhide is offered as an option to developers using Google Code sites.

Mailhide type functionality is also offered by Slashdot for user accounts. Slashdot is not necessarily using Google reCAPTCHA for encryption, however. There are other Turing tests besides reCAPTCHA.

reCAPTCHA is a Google product. It was not developed by Google, though. Google purchased the reCAPTCHA algorithm from Carnegie-Mellon University a few years ago, in 2008.

reCAPTCHA Mailhide API

Are you running a web application that lists users’ email addresses? Do your users a favor by shielding them from spam with reCAPTCHA Mailhide.

Google will give you an API (cryptographic) key. Use it to encrypt user email addresses. Google supplies full documentation for the Mailhide protocol. Everything is free of charge.

I am uncertain whether API restrictions on usage apply. That is a familiar restriction for applications developers relying on the Twitter API. It should not be a binding constraint in this case, as Mailhide is far less transactional that Twitter. Unless one is very, very popular!

reCAPTCHA comes in many flavors!

Libraries are available for PHP, Perl, Ruby and Python programs.

*Google employee accounts in the U.S.A., and many but not all other countries, have the format  userid@google.com.  Non-employee Google mail accounts are  userid@gmail.com.

 

December 17, 2010

Enterprise Maps and Earth

Google Earth in Sky Viewing Mode

This is another location-based service (LBS), similar but larger scale than those developed by foursquare, Gowalla and Facebook.

Google Earth and Maps for organizations

Google is different because it realizes that only a small consumer segment will remain active LBS users, in light of news about negative impact on
privacy rights.

As clear from the name, Google Earth and Maps for Enterprise is targeted toward businesses:

Make it easy for your employees to view, understand, and make decisions about location-based information. Incorporate your company’s data into Google Maps and Google Earth to be shared quickly and easily with colleagues and clients. The intuitive Google mapping applications require little or no training; your staff and customers will immediately realize the benefits of interactive geo-spatial information.

Google Earth Maps

Google’s enterprise version combines familiar Google mapping with added features designed especially for business users:

  • Google Maps API Premier
  • Google Earth Pro
  • Google Earth Enterprise

Bing supports a highly regarded 3-D mapping feature, requiring download and installation of the free Microsoft Silverlight application. There has been recent discussion of less support or other curtailment by Microsoft, but I am not certain, as I’ve read differing accounts depending on the source.

Note that Google also requires installation of an extra application on the user’s hard-drive to use Google Earth, as it is a 3-D mapping program.