[AusNOG] Google creepier than Conroy?

Nathan Brookfield Nathan.Brookfield at serversaustralia.com.au
Tue Jun 1 12:43:53 EST 2010


I used a Telstra connection to test and told me I was at Kent Street but had 2 or 3 other people try it and it was SPOT on!

From: ausnog-bounces at lists.ausnog.net [mailto:ausnog-bounces at lists.ausnog.net] On Behalf Of Andrew Oskam
Sent: Tuesday, 1 June 2010 12:43 PM
To: ausnog at lists.ausnog.net
Subject: Re: [AusNOG] Google creepier than Conroy?

Curtis, I opened that link on my machine and it was spot on dead accurate ... which I did not expect.

Most of my experience with "Share your location" apps typically only tend to generalize my location...this one was 100% accurate.

Freaky.



Andrew Oskam

E  percy at th3interw3bs.net<mailto:percy at th3interw3bs.net>



NOTICE:

These comments are my own personal opinions only and do not necessarily reflect the positions or opinions of my employer or their affiliates. All comments are based upon my current knowledge and my own personal experiences. You should conduct independent tests to verify the validity of any statements made in this email before basing any decisions upon those statements.


On 31/05/10 9:21 PM, Curtis Bayne wrote:

If you're running Chrome, check this out: this is probably the end-game goal for Google :)

http://html5demos.com/geo


-----Original Message-----
From: ausnog-bounces at lists.ausnog.net<mailto:ausnog-bounces at lists.ausnog.net> on behalf of Narelle
Sent: Mon 5/31/2010 8:49 PM
To: ausnog at ausnog.net<mailto:ausnog at ausnog.net>
Subject: Re: [AusNOG] Google creepier than Conroy?

On Sun, May 30, 2010 at 4:18 PM, Craig Askings <craig at askings.com.au><mailto:craig at askings.com.au> wrote:
> Why do I get the feeling that Dale Clapperton is lurking on this list and
> just shaking his head as we all play Telco Solictor..... Badly

IANAL and neither have I read Google's actual code (so I am making
assumptions on what they've done)

BUT

I have read both the Telecommunications Act and the Telecommunications
Interception Act and it is my professional opinion that neither of
these acts is relevant to the activity under question. Both of these
relate to 'network units' or 'links' provided under carriage
services...

Neither is the Privacy Act relevant.

The one I do think is relevant, however, is the Crimes Act, at least
in NSW it's section 308 - the parts related to unlawful access to
someone's computer. Federally, it's the CYBERCRIME ACT 2001 - SCHEDULE
1. You'd have to follow that assessment up with a review of relevant
case law, and this I haven't checked.

The question in legislation imho is long settled that just because you
left the window open the burglar is still - in law - deemed to have
broken in...


On to the question of home network security and WiFi access points:
these things are appallingly insecure in general use. Consumers are
not generally aware that they are making their networks easily
accessible by anyone in the vicinity of them. Their expectation is
that they will be lucky if they can get it to work at all, so are
happy when their own computer/s can connect to it and then the
Internet.

I've set up a few recently for people, and, as a statistically
unrepresentative sample, I've been using the set up wizards just to
see where they take me. None of them, so far, have left me with a
secured access point! The most they do is set a new SSID - they don't
prompt users to turn off broadcasting, nor add even a WEP key (let
alone something stronger), NOR change the default password! [These
are, of course, the next few steps I take...]

Anyone who's spent any time on a helpdesk will also know how much fun
it is talking people through these steps on a telephone. One recent
experience I had with this went round and round  with the device
repeatedly refusing to accept the config... Of course, it "worked"
fine just following the bouncing ball, but, yes, it was totally
insecure. Customer was happy to have it totally open, as long as they
could get to the Internet... [yes, I fixed it later]

imho Google may have done people a service by publicising this level
of insecurity. That said, I didn't see them actually publish any
useful data on - for eg - rates of insecurity in home wireless LANs,
or helpfully advise people that x level of WLAN usage exists. Please
don't get me wrong - I do consider what has been _alleged_ to have
occurred unethical!

Has anyone seen the code in question? I saw in question time that Sen
Conroy had seen it, but I doubt he will have "decoded" it...

What is Google's intent with this data? What have they admitted to
doing with it? How are they securing the information they have
collected? Have they issued a public statement on the topic?

I have a strong recollection that had I done a similar thing as part
of a research study there would have been ethics committee approvals
required... but we wouldn't have had the funding!



--


Narelle
narellec at gmail.com<mailto:narellec at gmail.com>
_______________________________________________
AusNOG mailing list
AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>
http://lists.ausnog.net/mailman/listinfo/ausnog





_______________________________________________

AusNOG mailing list

AusNOG at lists.ausnog.net<mailto:AusNOG at lists.ausnog.net>

http://lists.ausnog.net/mailman/listinfo/ausnog


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100601/9330ba90/attachment.html>


More information about the AusNOG mailing list