Schneier on Security
A blog covering security and security technology.
« Eating a Flash Drive |
| Guide to Microsoft Police Forensic Services »
March 8, 2010
Google in The Onion
MOUNTAIN VIEW, CA—Responding to recent public outcries over its handling of private data, search giant Google offered a wide-ranging and eerily well-informed apology to its millions of users Monday.
"We would like to extend our deepest apologies to each and every one of you," announced CEO Eric Schmidt, speaking from the company's Googleplex headquarters. "Clearly there have been some privacy concerns as of late, and judging by some of the search terms we've seen, along with the tens of thousands of personal e-mail exchanges and Google Chat conversations we've carefully examined, it looks as though it might be a while before we regain your trust."
Google expressed regret to some of its third-generation Irish-American users on Smithwood between Barlow and Lake.
Added Schmidt, "Whether you're Michael Paulson who lives at 3425 Longview Terrace and makes $86,400 a year, or Jessica Goldblatt from Lynnwood, WA, who already has well-established trust issues, we at Google would just like to say how very, truly sorry we are."
Posted on March 8, 2010 at 2:24 PM
• 18 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
-----BEGIN PGP SIGNED MESSAGE-----
- -----BEGIN PGP MESSAGE-----
Version: GnuPG v1.4.9 (GNU/Linux)
- -----END PGP MESSAGE-----
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
-----END PGP SIGNATURE-----
Bruce should be able to read that, no one else should without quite a lot of time. Even Google will have trouble with it.
Yet another out-of-the-park hit, Onion. Very funny!
@Carl: I doubt Google will have any trouble whatsoever about your encrypted comment, because they won't care one bit!
I know this is satire, but I think I'm still going to keep the post-it on the camera on my laptop.
@Micah: Quite true. But it's an example, there is a solution. It's just time consuming to use, and no one really cares. I doubt Bruce will read it, and he's the one with the private key.
It's not too easy to have an encrypted conversation. You have to:
1) have both parties make key-pairs.
2) exchange public keys (easier with a keyserver, but still can be hard. My kgpg crashed trying to get Bruce's key, though gpg (command line, not gui) worked fine.)
3) write the message
4) encrypt the message, possibly sign it. This uses an external app much of the time.
5) send the message.
As opposed to a normal message:
1) Write the message.
2) Send the message.
Evidently that guy carl who posted his signed and encrypted GPG message doesn't understand what GPG is for. Anyone who accepts and trusts your public key just to read that would break the whole web of trust that PGP was designed for!
Bruce has a key that's compatible with GPG? Last I checked, they were all from 1998 or thereabouts. What's the key fingerprint?
It's ok. Carl was using the PGP extension to Gmail. The encryption is irrelevant. They are undoubtedly responding to his comment as we speak.
@redbrain: why would you need to trust Carl's public key? The recipient can decrypt the message and everyone can check the authenticity without placing any trust in the Carl's key.
The benefit of this might be small: we can check if the next message signed by Carl is from the same Carl, no more. But certainly that does not break the whole web of trust.
If you're going to encrypt a post saying "First post!" you should at least make sure you were first ;-)
I have just discovered 'The Onion - America's Finest News Source' and find it very entertaining, and this was after googling the name.
I only discovered this through social networking, so this brings up the concerns about privacy of my search habits etc a couple of posts ago.
I only discovered the social networking by Googling the social networking names.
From a security perspective Google probably has the information that the article was poking fun at, but I would not have known all this before Googles help.
What would our lives be like without Google?
2nd Question - How many of us first found the Schneier Blog by googling it?
GPG (GnuPG) is open-PGP, and can do anything that PGP can (and then some) except use split keys and ADK's.
It doesn't bother with wiping or containers as there are other excellent free open source programs that do that
(Eraser, and TrueCrypt).
Any key in PGP will be recognized in GPG.
Craig - I, for one, first found his blog through the Cryptogram newsletter, which I first subscribed to via email in 1998.
I'm pretty sure I first found out about the newsletter in a Usenet newsgroup, but I could be wrong; it's been a couple of years. :)
My favorite part: "...the company's Googleplex headquarters."
Craig: "2nd Question - How many of us first found the Schneier Blog by googling it?"
Close enough, I found it (just recently) through feedly, a Google Reader based tool, through the recommendations feature - meaning (I guess) enough people "shared" their use of the feed.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.