Archive for ‘Privacy’

March 21, 2014

Google Research fan behavior

Friendly!

I found a broken link. It was important, being the contact URL on Google Research’s official Twitter account! I told them about it. Google Research wasn’t aloof! I was thrilled.

An invitation to join Google+

Google Research finally joined Google+ in August 2012.

Google Buzz chat

Inviting Google Research to Google+

I tried to coax an earlier arrival in July 2011. Click on the image if you would like to read our conversation. I remember feeling bold, and daring!

Odds and Ends

Indirect Content Privacy Surveys: Measuring Privacy Without Asking About It, Symposium on Usable Privacy and Security (SOUPS), 2011.
Abstract (an excerpt that I extracted from the abstract, that is):

The emotional aspect of privacy makes it difficult to evaluate privacy concern. This effect may be partly responsible for the dramatic privacy concern ratings coming from recent surveys, ratings that often seem to be at odds with user behavior…

This is SO true! Dramatically vocalized privacy concerns are highly inconsistent with actual user behavior! The gist of the article was to figure out a way to get at people’s privacy concerns without asking about privacy directly. Merely broaching the subject tends to cause survey respondents to get skittish, thus impacting their answers.

The article DOI, full text, is in this Google Research post.  If that doesn’t work, try the corresponding entry via Google Research’s profile on Google Buzz.

December 19, 2011

A Special Kind Of Proxy

GoogleSharing is a special proxy service that doesn’t hide what you are searching from Google. Instead, it obscures where the requests are coming from. GoogleSharing is not a full proxy service designed to anonymize traffic. It is exclusively intended for certain aspects of your communication with Google. So there are no “alternative” websites to visit. Your use of the web need not change at all.

diagram

How does it work?

How does it work?
The GoogleSharing system is a custom proxy with a Firefox Add-on.

The proxy

The proxy generates a pool of GoogleSharing “identities,” each containing a cookie issued by Google and an arbitrary User-Agent for one of several browsers.

The add-on

The Firefox add-on watches for requests to Google services from your browser… and will transparently redirect them to a GoogleSharing proxy. There your request is stripped of identifying information and replaced with a GoogleSharing identity. Then this request is forwarded to Google, and the response is proxied back to you.

If your next search is given a different identity,

July 15, 2011

Try a VeriSign SSL Certificate gratis

Network and data security has really been on my mind lately!

I visited the Symantec and VeriSign websites the other day. I’m not sure if this is a true “limited time special offer” or an ongoing promotional deal that I never noticed until now. Two sorts of SSL (Secure Socket Layer encryption) certificates are available from VeriSign.

Secure Socket Layer protection

30-day SSL test-drive

One is the standard type that is desirable for websites that are accepting payment data or collecting other sensitive personal information from users. VeriSign refers to this as a Production Certificate. It includes use of the distinctive VeriSign Trust Seal, for use on SSL websites.

The other type is an SSL Test Certificate. Applications developers who want to confirm that SSL encryption is functional in a test (pre-production ONLY) environment should select this. It doesn’t include display of the Trust Seal, because it isn’t intended for use with applications on the public web. Both are available for free, for a 30-day trial period.

Try a VeriSign Certificate* today!

There may be superior alternatives to VeriSign SSL authentication. Regardless of vendor choice or implementation, it won’t hurt to contemplate data security, given the almost daily news reports of DDoS, DoS and other attacks. Or disclosure of yet another 0-day vulnerability or data breach.

* No, I’m not a paid endorser. I hoped someone might find it helpful and informative. Me, for example!

UPDATE: July 30, 2011

I just noticed that VeriSign has another offer; a 60-day free trial for a VeriSign Seal. See the VeriSign website for more information.

VeriSign offers both SSL and non-SSL products

What is the difference between the Trust Seal and the Secured Seal?

Like the VeriSign Secured Seal, the VeriSign Trust Seal shows that a site is authenticated by the high standards of VeriSign… The VeriSign Trust Seal is free with the purchase of any VeriSign® SSL Certificate. It can also be purchased separately for web sites that do not require SSL for securing online transactions. The VeriSign Trust Seal provides a cost-effective way to establish trust on your site without installing an SSL Certificate.

Emphasis is mine. However, VeriSign prominently displays this advisory on the Trust Seal FAQ page:

If your Web site uses SSL, you must use VeriSign SSL in order to display the VeriSign Trust Seal.

I’m uncertain, but suspect that the 30-day Trust Seal deal includes SSL certification, which is actually the VeriSign Secured Seal. The 60-day special probably does not. In other words, it offers the Trust Seal but not the SSL certificate, and is suitable only for non-SSL websites..

March 13, 2011

Mailhide

If you’ve ever looked at an open-source development project hosted by Google servers, usually on  http://code.google.com sites, Mailhide will be familiar. It is a less well-known application of the reCAPTCHA detection challenge.

reCAPTCHA now owned by Google

reCAPTCHA Turing test

Mailhide conceals part of an email address

This is how it prevents spammers from accessing email addresses using automated programs. Typically, the first few letters, or numbers, of the username part of the email is visible, followed by an ellipsis i.e. three dots, and then the domain name.

Most Google employees* use Mailhide. Mailhide is offered as an option to developers using Google Code sites.

Mailhide type functionality is also offered by Slashdot for user accounts. Slashdot is not necessarily using Google reCAPTCHA for encryption, however. There are other Turing tests besides reCAPTCHA.

reCAPTCHA is a Google product. It was not developed by Google, though. Google purchased the reCAPTCHA algorithm from Carnegie-Mellon University a few years ago, in 2008.

reCAPTCHA Mailhide API

Are you running a web application that lists users’ email addresses? Do your users a favor by shielding them from spam with reCAPTCHA Mailhide.

Google will give you an API (cryptographic) key. Use it to encrypt user email addresses. Google supplies full documentation for the Mailhide protocol. Everything is free of charge.

I am uncertain whether API restrictions on usage apply. That is a familiar restriction for applications developers relying on the Twitter API. It should not be a binding constraint in this case, as Mailhide is far less transactional that Twitter. Unless one is very, very popular!

reCAPTCHA comes in many flavors!

Libraries are available for PHP, Perl, Ruby and Python programs.

*Google employee accounts in the U.S.A., and many but not all other countries, have the format  userid@google.com.  Non-employee Google mail accounts are  userid@gmail.com.

 

December 17, 2010

Enterprise Maps and Earth

Google Earth in Sky Viewing Mode

This is another location-based service (LBS), similar but larger scale than those developed by foursquare, Gowalla and Facebook.

Google Earth and Maps for organizations

Google is different because it realizes that only a small consumer segment will remain active LBS users, in light of news about negative impact on
privacy rights.

As clear from the name, Google Earth and Maps for Enterprise is targeted toward businesses:

Make it easy for your employees to view, understand, and make decisions about location-based information. Incorporate your company’s data into Google Maps and Google Earth to be shared quickly and easily with colleagues and clients. The intuitive Google mapping applications require little or no training; your staff and customers will immediately realize the benefits of interactive geo-spatial information.

Google Earth Maps

Google’s enterprise version combines familiar Google mapping with added features designed especially for business users:

  • Google Maps API Premier
  • Google Earth Pro
  • Google Earth Enterprise

Bing supports a highly regarded 3-D mapping feature, requiring download and installation of the free Microsoft Silverlight application. There has been recent discussion of less support or other curtailment by Microsoft, but I am not certain, as I’ve read differing accounts depending on the source.

Note that Google also requires installation of an extra application on the user’s hard-drive to use Google Earth, as it is a 3-D mapping program.

November 18, 2010

Yahoo Announces Clues Product and Updates Privacy Policy

Yahoo announced a new search product yesterday, Yahoo! Clues.

Yahoo search engine enhancement

Yahoo! Clues Beta

It offers new features such as trend tracking options. Clues is available as a beta release, and has similar functionality to features offered by Google’s search engine since 2008.

While on the main page for Clues, I noted that the link for the Yahoo! Privacy Policy was highlighted in red and prefixed with an Updated label. I looked further, and was very favorably impressed with Yahoo’s cleaner page design, in comparison to many of Google’s policy and help pages. Somehow I always end up clicking link after link to find what I need on Google help pages. Unfortunately, I usually get distracted along the way!

In contrast, most Yahoo information pages, including the Privacy Policy, are very readable, with most content accessible from a single screen. While Yahoo’s data collection practices might not be substantively different from Google’s (although I am not certain, as I have not perused Yahoo’s policy in enough detail), Yahoo’s page layouts are much easier to negotiate. This makes the underlying content seem more honest, less like there is something hidden, although there is no reason to assume that is Google’s intent.

The other reason for a revised privacy policy is Yahoo’s integration with Microsoft Bing, for both “regular” and sponsored search.  The privacy policy page has details about what information is shared with Microsoft when using the combined Yahoo-Bing search engine.

The policy page provides instructions for opting out of content served advertising. There are also instructions and a link if you want to remove your webpage or sites from appearing as a search result.

Tags: ,
October 19, 2010

The Erosion of Online Anonymity

The Erosion of Online Anonymity

October 5, 2010

On-line Advertising and Privacy Rights

Google’s AdSense for publishers and AdWords for businesses are probably the most familiar digital advertising services for most of us. However, there are additional services, I realized, after noting a link on the Yahoo! home page today.

Yahoo! offers a wide variety of advertising and web analytics with its Yahoo! Display Advertising Solutions. Businesses may also be interested in the Right Media Exchange, the first, and the largest exchange marketplace for digital advertising.

Web site publishers and bloggers can generate an income stream from their sites by joining the Yahoo! Publisher Network and displaying content-relevant advertising, similar to Google’s AdSense.  However, the primary intent of this post is to suggest that Yahoo’s privacy and advertising practices page is a great reference source for consumers, advertisers and publishers. The information extends beyond Yahoo! to include:

  • online behavioral advertising methods described by the Network Advertising Initiative (NAI)
  • what consumers should do to manage which interest-based ad categories to receive
  • how consumers can opt-out of some or all advertising
  • how to set browser controls and plug-in’s to select and maintain privacy choices.
Tags: ,
Follow

Get every new post delivered to your Inbox.

Join 527 other followers