The lovely people at Google have just quietly released a new feature. Google's mail client now automatically shows images from all senders.
Apparently, this is safe now - because all images you see in gmail will be proxied through google's own servers. Now we don't have to worry about viruses and malware in images. Well, we didn't often worry about those in the past - images containing viruses are most often a hoax, the odd PoC, and of course there are some targeted attacks at poorly written image libraries which would form the basis for a driveby. These concerns, and their validity or otherwise, aren't the real reason we turned off images are they?
No, we turned off images because we wanted to make the trade off between marketing people tracking us, and seeing the image. If the image was going to be useful, or worth seeing, we'd load images. If not, it was probably a "web bug" use to track opens and forwards by canny marketing types.
So, now you know that every image in your gmail is being definitely tracked by canny marketing types - except it is those at Google, rather than the guys who sent the email who are getting the full picture. Bear in mind also, that this is implicitly an HTTPS man-in-the-middle attack. This means that if an image was previously sent securely end-to-end between the email sender and you, it has now resided in the clear somewhere on Google's servers. Of course it's still encrypted in transit - but at some point that image stopped being secure, its origin stopped being verifiable in the same way, and Google served it to you fresh.
I know that Google already know what you are doing with your gmail, but this is one more fragment of your web browsing that's now hitting their servers before it hits the origin.
Yes, I fully appreciate the irony that this blog post resides on Google's infrastructure. They already know what I had for breakfast anyway.
We all work in the internet security industry, and as such we're involved with a wide range of technologies, markets and people.
Our collective blog is a space for our insights, observations and interests...
(N.B. The opinions expressed here are those of the individual authors, and not those of Smoothwall ltd or Smoothwall inc.)
Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts
Wednesday, December 18, 2013
Friday, July 5, 2013
Meet the sarcasm monitor - coming to a social network near you...
Okay, so we already know our personal details are ‘out there’ in the hands of companies who want our data to sell it to third parties. Big Data is big business!
Tracking technologies like marketing analytics, digital footprinting, and cookies all help to build a detailed picture of you: what you had for breakfast, where you ate last night and even your home address.
Spotter, a French company, has reportedly taken things a step further with the development of a tool that detects if a comment posted online has a “sarcastic” tone. Presumably their clients will use the findings as some form of business intelligence.
Obviously it depends on where your company does business. For an international company like Smoothwall this could be relevant if we wanted to track our British customers, because this is a trait of our humour. However, this will probably be next to useless for monitoring comments of customers in parts of the world where sarcasm isn’t part of daily conversation. It would also be interesting to see if it can identify the full spectrum of irony.
The UK sales director at Spotter, Richard May assures us that “the company monitored material that was "publicly available". Thanks for the reassurance! (Did you get that one Spotter?). Seriously though, how can we be sure?
Search giant Google was slammed for circumventing the default settings on Apple’s Safari browser which installed cookies even when the users opted for non-third party cookies. Facebook is also not so friendly, reportedly scanning your personal messages to increase its “like” counter.
Spotter’s chosen time to come to market doesn’t seem so good. People are already more aware than ever that Big Brother is watching. In a global survey by Big Brother Watch 79% said they were concerned about their online privacy. Wherever we are, we must watch what we say online. Many cases have been in the media, with people getting disciplined or fired for being vocal online about things that happen at work.
The Ed Snowden revelations have made us more worried. Just how much do they know? The answer: a lot! As I write GCHQ could be trawling through your Facebook posts, internet histories and phone calls. It is for our own good you know. To protect our freedom, says William Hague. How free do you feel? Not so much?
Subscribe to:
Posts (Atom)