Chrome OS Security Fears Confirmed?
As many of you may have already seen in recent news; Google has come under government scrutiny in the UK for knowingly downloading private data from unsuspecting individuals. This was done during Google’s escapades up and down Britain in the guise of their street view mapping cars.
According to the UK privacy watchdog (Information Commissioner’s Office) there is evidence that Google tapped into thousands of unsecured WiFi hot-spots as they drove past British households. Information downloaded ranged from passwords to whole email transcripts. A spokesperson to the ICO explains:
Earlier this year the ICO visited Google’s premises to make a preliminary assessment of the ‘pay-load’ data it inadvertently collected whilst developing Google Streetview.
Whilst the information we saw at the time did not include meaningful personal details that could be linked to an identifiable person, we have continued to liaise with, and await the findings of, the investigations carried out by our international counterparts.?
Now that these findings are starting to emerge, we understand that Google has accepted that in some instances entire URLs and emails have been captured.
We will be making enquiries to see whether this information relates to the data inadvertently captured in the UK, before deciding on the necessary course of action, including a consideration of the need to use our enforcement powers.?
This is not the first time that Google has done this. They have already been investigated by several countries including Canada, France and Germany.
What this means for Chrome OS
This is no less than a disaster for Google and even more-so for Chrome OS. Google was clear that Chrome OS’s main selling point would be security and privay. Below is a quote from Google’s Chromium Blog:
Chromium OS security strives to protect against an opportunistic adversary through a combination of system hardening, process isolation, continued web security improvements in Chromium, secure autoupdate, verified boot, encryption, and intuitive account management.
Maybe Google is wasting time creating an “unhackable” operating system; maybe the enemy is already within the gates?
The reason why it is difficult for any rational person to accept that Chrome OS will be as secure as Google claims is Google’s very conduct. No one will trust a corporation that regularly uses passing vehicles to steal data from unsuspecting members of the public. After-all, what will they do with my data when I start using their cloud operating system and all my personal data is stored on Google servers?
Google cannot afford to make these “Facebook-like blunders”
One would be forgiven to believe that the countless security breaches and data leaks on Facebook should have buried the social network years ago. Well it seems as if Facebook has shrugged off every major security issue and users have been thronged the website regardless. It’s obvious that this is because such security breaches are happening during the website’s maturity. If a major security breach had happened during or before the website’s launch, there probably would be no Facebook today.
Google needs to understand that because Chrome OS is still in development and is yet to be launched; stunts like the data theft debacle are simply unacceptable. Those blunders can only be afforded after the product is 5 or 6 years into maturity. Otherwise, Chrome OS is possibly heading for a disastrous launch.
GD Star Rating
loading...
loading...
31 Responses to Chrome OS Security Fears Confirmed?
Your comments
Latest on forum
![samsung-srs5_chrome-white-open-sm[1]](http://chromeossite.com/wp-content/uploads/2011/05/samsung-srs5_chrome-white-open-sm1-150x150.jpg "samsung-srs5_chrome-white-open-sm[1]")
![Chrome_image_1[1]](http://chromeossite.com/wp-content/uploads/2011/05/Chrome_image_11-92x92.jpg "Chrome_image_1[1]")
![samsung-srs5_chrome-white-cover-sm[1]](http://chromeossite.com/wp-content/uploads/2011/05/samsung-srs5_chrome-white-cover-sm1-150x150.jpg "samsung-srs5_chrome-white-cover-sm[1]")
Chrome OS Site is the largest online community dedicated to the upcoming Google Chrome Operating system (including open source distributions of Chromium OS). We aim to bring you the latest Chrome OS news, reviews and press releases.
Why do you publish as something sensational 5-month old news which was long ago understood as mostly BS?
Maybe you misunderstood the story. This is recent news (in the UK) as the ICO has just revealed that they will be further investigating Google as the data they collected was indeed personal data. There is no "BS".
Check out the article (published today) by the Guardian: http://www.guardian.co.uk/technology/2010/oct/24/…
OMG another pathetic rant about Google Chrome OS!
Lets ask our selves a logical question, what would Google do with any data they collect from us? The answer is simple, do what they have always done and use that information to target us with specific advertisements which the the data they collect shows we have an interest in. I for one think that's a good thing because I don't want to see advertisements for things I am not interested in. I mean common why would a 19 year old guy like my self be interested in lady's make up??? However I do want to see advertisements for products or services that I might like to buy.
We all understand the logic of Google Adsense. The question is simply; 'why did Google tap into unsecured networks and download emails and passwords using streetview cars?' It seems slightly odd to a lot of people.
Maybe this is why the ICO in the UK is perusing this matter? Or maybe it's all for Adsense as you claim?
From what I understand it wasn't Google intention to obtain this information, however they did. But even if the company did take this information knowingly what harm could be caused my them having it? I don't know about your self but I am a UK resident and know the The Information Commissioner’s Office quite well. And I am ashamed to say that it is another government body which has been set up to heavily fine company's both big and small all in the name of profit. They seem to have no regard to fairness, and it really isn't what I want to see for the British business sector. = (
I can't believe people still don't understand this. It's not googles fault if people are stupid enough to PUBLICLY broadcast all of their information over the public airways! It's not liked they hacked in, or were even trying to gather this information.
How was the information then gathered and stored?
You don't need a hack to store the information that is freely available.
If the wifi network is WPA secured (as I would expect any self-respecting wifi owner to do), it is not hackable even by Google (at least for now).
And it is so pathetic that you linked chrome OS to the collection of data by street view cars! You are out of your mind!
Arun…no one even elluded to there being a "hack" (that is far from the point). We (the blogosphere) are pointing out very clearly that Google should have not downloaded private data (even if the networks were not secured). Do you ever go onto an unsecured network and download people's emails and passwords just because the network is not secured? That is quite frankly a stupid and childish excuse.
Secondly, There is a link with Chrome OS (it would be stupendous to miss it). If Google is planning on releasing a cloud OS which will store ALL our PRIVATE data on THEIR servers; this event is a huge PR failure by Google. Who will provide private data to a company that fishes for data using "streetview" cars, snooping into unsecured networks?
I am quite frankly amazed that none of you are alarmed.
Lastly, the ICO is not dumb to be launching an investigation into this. There are obvious breaches to private information that for some reason you seem to overlook.
Thanks for sharing your opinion though
Then, Nigel, please explain us something quite strange : if you become suddenly sooo … against Google …. as it seems, then why don’t you just close ( aka shutdown ) your website ( chromeossite.com ) ?? I frankly cannot understand you anymore ! You were supposed to talk to us in it about that wonderful next OS, right ? Not to blame it, actually !
And let me remind you, in case you forgot it already : ALL GMAIL USERS ALREADY TRUSTED GOOGLE WITH THEIR EMAIL DETAILS ( username + password + email messages ). Do you think anyone was “hacked” by Google ?
I don’t think we should become so paranoid, after all. Let’s not forget that, if anything, Google made that great billions of dollars by Paying People That Have AdSense accounts another big share of billions.
Do you really think that Google is a company that just steals money from the people ? I don’t think so …
I believe they were trying to gather the SSID's of the wifi networks. If people weren't sending all of their personal information out to everyone in the first place, there would be no problem.
A good analogy is if people don't want to show everyone what they are hanging out on their clothes line, they should put it up somewhere private like their backyard where they have a fence. Basically these people are hanging their clothes out at the front of their house and then blaming everyone that walked past (in this case Google) for having eyes.
…maybe not the best analogy…but it works.
Also the incident in question actually has NOTHING to do with ChromeOS security.
Blake, I still think you are missing the point. Yes the networks were not secured, yes they should have been secured.
BUT – the nature of information that Google downloaded and stored is not acceptable. This is why the ICO is launching an investigation.
Maybe you should become a consultant for the ICO for matters relating to privacy breaches??
Do you know that application Google used to collect WiFi data wasn't even developed by them? Google bought an application and wasn't careful enough to check it in more details before using it. They never specifically extracted accidentally collected "payload" data and sure never used it. Don't you, who position yourself to be related to Chrome OS, understand that all that hysteria is initiated by Google's competitors but still hurts to WWW overall – and you are adding to that harm?
"hysteria"? So the ICO is reacting to "hysteria"?
Also…I am beginning to see what the opposition to my article is all about. Google fanboys don't want me to report objectively because they perceive objectivity as an attack on Google. When people pointed out the obvious fault with the ipad they were met with similar opposition.
I will retain my objectivity vkelman. I will not praise Google consistently just because my blog is about Chrome OS.
http://www.buzzmachine.com/2010/05/17/
Again, they used off-the-shelf app which they failed to sanitize. They admitted it. They even discovered it, if I'm not mistaken (an audit they ordered). Application which they did not design collected fractures of seconds of openly broadcast data along with WiFi information they were actually collecting for making location-based services to work more precise. It was an unfortunate mistake. Because of the following opposition raised by people who are making their living out of finding errors and inflating hysteria – hurting evolution of the Web – because of that opposition Google was forced not to use that WiFi data and make location services to work less precise. There was an investigation, and most of the countries already agreed that it was an unfortunate mistake. Still few alarmists like yourself trying to revive a half-dead sensation for mysterious purposes.
vkelman…the British ICO has raised the issue as a serious matter. Google could be charged a maximum of £500,000 for this "error" due to new laws introduced by the past Labour govt. (I don't understand why you keep trivializing the matter)
I have reported on it and I have analyzed the potential impact it could have on Chrome OS. What you consider to be a minor error is a huge blunder for Google. It will affect Chrome OS's reception (whether we like it or not). I think this was the message in the article. My conclusion was that such "errors" can not be afforded at this point in time (for Chrome OS).
If you fail to see the validity of this argument that is fair enough. But remember, when Apple created a phone which could hardly make phone calls when held in a certain way…guess who shouted the loudest in their favour? The fanboys of-course. Now logic tells me that the basic function of a phone is to make calls, hence to me, as a blogger and reporter, this was an utter failure by that company. But I kid you not, we all suffered from the hate comments from the Apple fanboys for pointing this out.
Now, if you don't see the problem with a company that aims to keep ALL your private data on their servers making such an "error"….then there is nothing more to discuss here.
OK, your last comment is better than initial article itself.
We'll see how big is actual problem for a Google, but in my personal opinion, it's not reality which is causing this, but under-the-hood interests of politics and/or competitors. In other countries politic atmosphere is different and "payload" matter is long closed.
P.S. I am Google fan and never used Apple products, but those antenna issues were much smaller than media presented it. In technical tests they didn't find increased drop calls, etc. (don't have links now)
I think you summed it up nicely: just because they can take information from an unprotected WiFi setup doesn't mean they should.
At the very least it is ill-mannered, at worst it is dishonest if creating Street View was merely a guise.
Finally, a voice of reason.
Thanks Johnno
It wasn't ill- or good mannered, it was a technical mistake which had nothing to do with ethics.
Besides taking Street View, they were collecting WiFi data to improve location services. "Payload" was an unfortunate by-product. Read something, please!
wow.
I guess the British ICO and the other countries (Germany, France and Canada) that investigated Google should just shut up. More-so, bloggers like myself and journalists from papers like The Guardian and all news networks (like Sky News) that reported on this issue should just shut up.
Thanks for stopping by
lol
PCWorld: Google Target of Misdirected Privacy Backlash http://goo.gl/bZUB
BTW, I came in through a link displayed by Google News app on my Nexus One
ah! nice!
IT's good that the site is that easily accessible! Thanks for letting me know
This whole Google Street View thing is really old news, we knew they accidentally collected fragments of emails, passwords, etc. about 6 months ago.
And really, it has nothing to do with Chrome OS. You won't really be storing anymore information with Google while using Chrome OS than you already do if you use Google services. I mean really, if people are so worried about what websites are going to do with their data then stop giving it to them.
"that can continue to be criminally exploited by crooks — but will no longer be useful to society at large via legitimate Google-based services" http://lauren.vortex.com/archive/000772.html
"But the hue and cry over Google's harmless mistake, with no abuse of the data involved in any way — while genuine bad guys are still free to collect all of the unsecured Wi-Fi data that they wish for actual exploits — strikes me as being exploitative behavior by many of the accusers involved." http://www.nnsquad.org/archives/nnsquad/msg04410….
U.S. regulators end Google 'Street View' inquiry http://www.financialpost.com/news/regulators+Goog…
While Britain begins…
Like other cloud-based operating systems, Chrome contends with accusations of “careless computing.” Exposure to data vulnerabilities and compromised user control are some of the costs of cloud computing.
We at the ccskguide.org take a look at the security issues surrounding cloud computing and help prepare candidates for the CCSK Cloud Security Certification. Check our blog on Google’s Chrome OS, along with other cloud security concerns: http://ccskguide.org/2010/12/computing-with-the-c…