Schneier on Security

A blog covering security and security technology.

« Eating a Flash Drive | Main | Guide to Microsoft Police Forensic Services »

March 8, 2010

Google in The Onion

MOUNTAIN VIEW, CA—Responding to recent public outcries over its handling of private data, search giant Google offered a wide-ranging and eerily well-informed apology to its millions of users Monday.
"We would like to extend our deepest apologies to each and every one of you," announced CEO Eric Schmidt, speaking from the company's Googleplex headquarters. "Clearly there have been some privacy concerns as of late, and judging by some of the search terms we've seen, along with the tens of thousands of personal e-mail exchanges and Google Chat conversations we've carefully examined, it looks as though it might be a while before we regain your trust."

Google expressed regret to some of its third-generation Irish-American users on Smithwood between Barlow and Lake.

Added Schmidt, "Whether you're Michael Paulson who lives at 3425 Longview Terrace and makes $86,400 a year, or Jessica Goldblatt from Lynnwood, WA, who already has well-established trust issues, we at Google would just like to say how very, truly sorry we are."

Posted on March 8, 2010 at 2:24 PM • 18 Comments

To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.

Comments

trapspam.honeypot • March 8, 2010 2:31 PM

I am aghast.....

Carl • March 8, 2010 3:24 PM

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- -----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (GNU/Linux)

hIwDHB8p137eTGUBA/9NQYRkctR7vrSMugpe942JOVbSGWocjel32Kmq4+rJup7A
E18kQUygwULvWPqlDlvhyepnkmUXf+wijrq/6g5mlNbwErP7f/ExVf/MN+evGpYH
eUV9Gs9w6aS6eocUm0B2/qnUurCHb+3L9N92Rvl067a8/FVGwC4eI7Dw8oJfQoUC
DgOzI5oxiUQPfRAH/iIJv5cug8mw+c74zqmYXeXOh+4cMvZADao7N1YdblOUItkp
Hx/O+/YSa24mV/fZErvxlxPoOjDUGyteXGu9+kEsNbTZoqog5KVg4zYYOAom/d80
Rg9LJoW5SwjUDkyv9opPDh4qoUphjjLJ5sx1H6nvaZRowvf/u5NUx7ghmQFcBFOs
9D/zWbbHKuQIzhbSMzFU6pHsLo2AYh1YouzkOnKa8vPK3XyZshB1CAaZUlnOGugW
wdKRIwFDn2a905cKEdy/GDWePNDc3Lz21wqQxXF0kz7yRyxCxCbOKUDwhgllgBfF
H1cavZ2VbKRKWHR4jh/0oRG5MSt4hOq1X7BwML4H/iHHaysGQcn2Lx2sP4q9y8qI
7AKuaNJDCgpsYSpp9/AwoA+cs2FaNmM666kBKL0uHlyHuHSp2fC2ll0Fi25mqozq
Wt/6gTCzOdKbNNVKUwtoRrHFmzz7JVcFRF2q+TAOaFPMRQmQDFUIzkFhwS3kQYXq
AyZtcQs/pvJT/UyxFaBSCoqQDnIKZgwsnmy49Ot6yM/cmS6enrsEdEdHfl//B8pL
9qEdNMJaLTG//iLSlCI9eCrZ/2EaL7RG86MErfZ9uTN95+aIJ9aQtyHmNN0+FZMR
8uIujbNhkqBNzZBjJ0cv5DdIap9WJnZl+Ybf84DvqeJiwNMRWQ5qj//+KhV4l2vJ
cp3pC51TJPrWRBAhuaXxPfJJXj8jC66YgJ57YWSS/uOMfe1BoIzODsilzvS+rdIM
xulzSsLgUpmS3fp3Jj8laiNuShytdYgZ7M/Q2KDLJvwrn29MxQc9qMlGzp5rEUiA
9VOQVARBipipL3DVJng1wut3Cg==
=iTjb
- -----END PGP MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkuVan4ACgkQf//iPmSrRDoisQCgs7pxuVGHzSA6Gbf14G5i7SQr
sycAn1NSx4LytFmK7GopCLUw6NFiU04U
=CFfo
-----END PGP SIGNATURE-----

Bruce should be able to read that, no one else should without quite a lot of time. Even Google will have trouble with it.

pegr • March 8, 2010 3:24 PM

Yet another out-of-the-park hit, Onion. Very funny!

Micah • March 8, 2010 3:52 PM

@Carl: I doubt Google will have any trouble whatsoever about your encrypted comment, because they won't care one bit!

Benton Jackson • March 8, 2010 4:06 PM

I know this is satire, but I think I'm still going to keep the post-it on the camera on my laptop.

Carl "SAI" Mitchell • March 8, 2010 4:50 PM

@Micah: Quite true. But it's an example, there is a solution. It's just time consuming to use, and no one really cares. I doubt Bruce will read it, and he's the one with the private key.
It's not too easy to have an encrypted conversation. You have to:
1) have both parties make key-pairs.
2) exchange public keys (easier with a keyserver, but still can be hard. My kgpg crashed trying to get Bruce's key, though gpg (command line, not gui) worked fine.)
3) write the message
4) encrypt the message, possibly sign it. This uses an external app much of the time.
5) send the message.

As opposed to a normal message:
1) Write the message.
2) Send the message.

redbrain • March 8, 2010 5:02 PM

Evidently that guy carl who posted his signed and encrypted GPG message doesn't understand what GPG is for. Anyone who accepts and trusts your public key just to read that would break the whole web of trust that PGP was designed for!

Sam Edwards • March 8, 2010 7:07 PM

@Carl
Bruce has a key that's compatible with GPG? Last I checked, they were all from 1998 or thereabouts. What's the key fingerprint?

Nick P • March 8, 2010 7:09 PM

@ redbrain

It's ok. Carl was using the PGP extension to Gmail. The encryption is irrelevant. They are undoubtedly responding to his comment as we speak.

vwm • March 9, 2010 3:26 AM

@redbrain: why would you need to trust Carl's public key? The recipient can decrypt the message and everyone can check the authenticity without placing any trust in the Carl's key.

The benefit of this might be small: we can check if the next message signed by Carl is from the same Carl, no more. But certainly that does not break the whole web of trust.

Eve • March 9, 2010 4:03 AM

@Carl

If you're going to encrypt a post saying "First post!" you should at least make sure you were first ;-)

Craig • March 9, 2010 4:53 AM

I have just discovered 'The Onion - America's Finest News Source' and find it very entertaining, and this was after googling the name.

I only discovered this through social networking, so this brings up the concerns about privacy of my search habits etc a couple of posts ago.

I only discovered the social networking by Googling the social networking names.

From a security perspective Google probably has the information that the article was poking fun at, but I would not have known all this before Googles help.

What would our lives be like without Google?

2nd Question - How many of us first found the Schneier Blog by googling it?

vedaal • March 9, 2010 8:56 AM

@sam edwards

GPG (GnuPG) is open-PGP, and can do anything that PGP can (and then some) except use split keys and ADK's.

It doesn't bother with wiping or containers as there are other excellent free open source programs that do that
(Eraser, and TrueCrypt).

Any key in PGP will be recognized in GPG.

--vedaal

Nemo • March 9, 2010 10:02 AM

Craig - I, for one, first found his blog through the Cryptogram newsletter, which I first subscribed to via email in 1998.

I'm pretty sure I first found out about the newsletter in a Usenet newsgroup, but I could be wrong; it's been a couple of years. :)

BF Skinner • March 9, 2010 5:41 PM

My new wallpaper

F • March 10, 2010 9:24 AM

My favorite part: "...the company's Googleplex headquarters."

generic • March 10, 2010 1:39 PM

Craig: "2nd Question - How many of us first found the Schneier Blog by googling it?"

Close enough, I found it (just recently) through feedly, a Google Reader based tool, through the recommendations feature - meaning (I guess) enough people "shared" their use of the feed.

Luke • March 12, 2010 2:05 PM

@F
Actually that bit is not satire, "Googleplex" is the real name for the main google campus in Mountain View:

http://www.google.com/corporate/culture.html

Post a comment

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

Subscribe via Kindle

Blog Menu

Search

Powered by DuckDuckGo

Blog Home Page
100 Latest Comments

Archives by Date

2013 J F M A M
2012 J F M A M J J A S O N D
2011 J F M A M J J A S O N D
2010 J F M A M J J A S O N D
2009 J F M A M J J A S O N D
2008 J F M A M J J A S O N D
2007 J F M A M J J A S O N D
2006 J F M A M J J A S O N D
2005 J F M A M J J A S O N D
2004 J F M A M J J A S O N D