[AusNOG] Google creepier than Conroy?

Andrew Oskam percy at th3interw3bs.net
Tue Jun 1 12:42:42 EST 2010


Curtis, I opened that link on my machine and it was spot on dead 
accurate ... which I did not expect.

Most of my experience with "Share your location" apps typically only 
tend to generalize my location...this one was 100% accurate.

Freaky.


Andrew Oskam

E  percy at th3interw3bs.net


NOTICE:

These comments are my own personal opinions only and do not necessarily 
reflect the positions or opinions of my employer or their affiliates. 
All comments are based upon my current knowledge and my own personal 
experiences. You should conduct independent tests to verify the validity 
of any statements made in this email before basing any decisions upon 
those statements.




On 31/05/10 9:21 PM, Curtis Bayne wrote:
>
> If you're running Chrome, check this out: this is probably the 
> end-game goal for Google :)
>
> http://html5demos.com/geo
>
>
> -----Original Message-----
> From: ausnog-bounces at lists.ausnog.net on behalf of Narelle
> Sent: Mon 5/31/2010 8:49 PM
> To: ausnog at ausnog.net
> Subject: Re: [AusNOG] Google creepier than Conroy?
>
> On Sun, May 30, 2010 at 4:18 PM, Craig Askings <craig at askings.com.au> 
> wrote:
> > Why do I get the feeling that Dale Clapperton is lurking on this 
> list and
> > just shaking his head as we all play Telco Solictor..... Badly
>
> IANAL and neither have I read Google's actual code (so I am making
> assumptions on what they've done)
>
> BUT
>
> I have read both the Telecommunications Act and the Telecommunications
> Interception Act and it is my professional opinion that neither of
> these acts is relevant to the activity under question. Both of these
> relate to 'network units' or 'links' provided under carriage
> services...
>
> Neither is the Privacy Act relevant.
>
> The one I do think is relevant, however, is the Crimes Act, at least
> in NSW it's section 308 - the parts related to unlawful access to
> someone's computer. Federally, it's the CYBERCRIME ACT 2001 - SCHEDULE
> 1. You'd have to follow that assessment up with a review of relevant
> case law, and this I haven't checked.
>
> The question in legislation imho is long settled that just because you
> left the window open the burglar is still - in law - deemed to have
> broken in...
>
>
> On to the question of home network security and WiFi access points:
> these things are appallingly insecure in general use. Consumers are
> not generally aware that they are making their networks easily
> accessible by anyone in the vicinity of them. Their expectation is
> that they will be lucky if they can get it to work at all, so are
> happy when their own computer/s can connect to it and then the
> Internet.
>
> I've set up a few recently for people, and, as a statistically
> unrepresentative sample, I've been using the set up wizards just to
> see where they take me. None of them, so far, have left me with a
> secured access point! The most they do is set a new SSID - they don't
> prompt users to turn off broadcasting, nor add even a WEP key (let
> alone something stronger), NOR change the default password! [These
> are, of course, the next few steps I take...]
>
> Anyone who's spent any time on a helpdesk will also know how much fun
> it is talking people through these steps on a telephone. One recent
> experience I had with this went round and round  with the device
> repeatedly refusing to accept the config... Of course, it "worked"
> fine just following the bouncing ball, but, yes, it was totally
> insecure. Customer was happy to have it totally open, as long as they
> could get to the Internet... [yes, I fixed it later]
>
> imho Google may have done people a service by publicising this level
> of insecurity. That said, I didn't see them actually publish any
> useful data on - for eg - rates of insecurity in home wireless LANs,
> or helpfully advise people that x level of WLAN usage exists. Please
> don't get me wrong - I do consider what has been _alleged_ to have
> occurred unethical!
>
> Has anyone seen the code in question? I saw in question time that Sen
> Conroy had seen it, but I doubt he will have "decoded" it...
>
> What is Google's intent with this data? What have they admitted to
> doing with it? How are they securing the information they have
> collected? Have they issued a public statement on the topic?
>
> I have a strong recollection that had I done a similar thing as part
> of a research study there would have been ethics committee approvals
> required... but we wouldn't have had the funding!
>
>
>
> --
>
>
> Narelle
> narellec at gmail.com
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>
>
> _______________________________________________
> AusNOG mailing list
> AusNOG at lists.ausnog.net
> http://lists.ausnog.net/mailman/listinfo/ausnog
>    
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.ausnog.net/pipermail/ausnog/attachments/20100601/2196312f/attachment.html>


More information about the AusNOG mailing list