Google Responds to Reports of Unexpected Account Sign-Outs

[zorinlynx]

>Google said the issue with its Google Accounts engine also caused some Google Wifi and OnHub devices to automatically revert to factory settings.

This is a bit disturbing to be honest. A local device should NEVER lose its configuration because of an issue on the network. ESPECIALLY a networking device, which you kinda need TO GET ON THE NETWORK IN THE FIRST PLACE!

You'd think Google of all companies would understand this and implement their devices so this cannot happen, but apparently not.
[doublepost=1488048374][/doublepost]

Personally, I wouldn't trust a statement from Google's marketing and media relations.

When trying to do a Google search earlier, I was actually presented with a page telling me there was unual activity from my IP address and asking me to click a checkbox and verify that I was a human using the CAPTCHA method to verify.

It was odd and unexpected.

This is because of two reasons:

1) You were signed out of your account, probably because of the issue reported in this post, and
2) You are behind a NAT along with a bunch of other people, and one of those people might be doing something odd.

Everyone from behind a particular NAT is coming from a single IP address or small group of addresses, so you can be "blamed" for other users' misbehavior. Google understands this and rather than ban you, they make you CAPTCHA or log in.

This is one reason why NAT *SUCKS!!* and why we need to freaking get IPv6 universally adopted already. C'mon ISPs and people, stop doddling.

 

[smacrumon]

>Google said the issue with its Google Accounts engine also caused some Google Wifi and OnHub devices to automatically revert to factory settings.

This is a bit disturbing to be honest. A local device should NEVER lose its configuration because of an issue on the network. ESPECIALLY a networking device, which you kinda need TO GET ON THE NETWORK IN THE FIRST PLACE!

You'd think Google of all companies would understand this and implement their devices so this cannot happen, but apparently not.
[doublepost=1488048374][/doublepost]

This is because of two reasons:

1) You were signed out of your account, probably because of the issue reported in this post, and
2) You are behind a NAT along with a bunch of other people, and one of those people might be doing something odd.

Everyone from behind a particular NAT is coming from a single IP address or small group of addresses, so you can be "blamed" for other users' misbehavior. Google understands this and rather than ban you, they make you CAPTCHA or log in.

This is one reason why NAT *SUCKS!!* and why we need to freaking get IPv6 universally adopted already. C'mon ISPs and people, stop doddling.

Interesting. But actually, I wasn't ever signed out of my account. Never needed to log in either.
Not sure exactly about the NAT. It's possible, this has happened twice, earlier today and possibly a week ago.

 

[BigMcGuire]

This happened to me while I was on a business trip in Texas a few days ago. Figured that since I was out of town (out of state) it logged me out for protection - randomly. Didn't realize this happened to everyone. Was kinda weird to open an email in Inbox on my iPhone then POOF it disappeared and asked me for my username/password. lol.

 

[Sill]

This is because of two reasons:

1) You were signed out of your account, probably because of the issue reported in this post, and
2) You are behind a NAT along with a bunch of other people, and one of those people might be doing something odd.

What about the folks that this happened to that aren't Google members? I've even noticed it with companies that use "Google Smart Search" for their customer-facing search functions. Plus, if you're a person who doesn't allow cookies except for membership sign-on, you get to play Captcha till the cows come home and become steak, or until you realize that you have to enable cookies.
[doublepost=1488062250][/doublepost]

Google has extensive documentation on data collected on account holders to review and manage, does Apple? ... Google account users are well aware of tradeoff to use their services and opt in or out.

Google has extensive documentation on what they want people to see up front concerning data retention. They ignore or deny questions pertaining to anything outside those publicized uses. Case in point, Google for Kids. They also never, ever discard data, even when they tell you they have done so.

I would say most Google users don't have a clue as to what Google is doing re: their data. Out of my entire circle of friends and business associates, I don't know a single person who reads EULA docs. I do. I'm pretty good at reading between the lines as well as on the lines, and I avoid many services because of this. The public in general? Not so much. When I've explained to many people what Google is doing with their data, its interesting to watch their faces. The clouded troubled look appears as they consider the information, then its replaced by dissonance and bias as they brighten up and say, "Well, if they want to know what brand of toilet paper I use, who cares?" (this exact reply plays across all demos, and has even been said here on MR)

Add in the government surveillance factor. Once I explain that, the second chorus of dissonance and bias sets in, and people say, "Well, I don't care - I'm not doing anything wrong so I don't care what the government sees. Why would you? Are you doing something wrong?"

And again, this is universal, and has appeared in every discussion including ones here.

 

[grey02]

I believe when one minus all the iHaters from this site this is the true status...

 

[4jasontv]

You don't know that.

What don't they know? The post appears to be parroting what your cite says.
[doublepost=1488081844][/doublepost]

I'm pretty good at reading between the lines as well as on the lines, and I avoid many services because of this. The public in general? Not so much. When I've explained to many people what Google is doing with their data, its interesting to watch their faces. The clouded troubled look appears as they consider the information, then its replaced by dissonance and bias as they brighten up and say, "Well, if they want to know what brand of toilet paper I use, who cares?" (this exact reply plays across all demos, and has even been said here on MR)

Add in the government surveillance factor. Once I explain that, the second chorus of dissonance and bias sets in, and people say, "Well, I don't care - I'm not doing anything wrong so I don't care what the government sees. Why would you? Are you doing something wrong?"

And again, this is universal, and has appeared in every discussion including ones here.

I'm not going to disagree with you, but I am going to say that there is an issue where companies T&A have such vague overstretching language that they could probably change their mind about something and it's still covered by the orignial terms.

 

[C DM]

This happened to me while I was on a business trip in Texas a few days ago. Figured that since I was out of town (out of state) it logged me out for protection - randomly. Didn't realize this happened to everyone. Was kinda weird to open an email in Inbox on my iPhone then POOF it disappeared and asked me for my username/password. lol.

Happened to me as well without really being out somewhere or doing anything in particular. Found it unusual, but just logged in again and went about my business.

 

[Paul Dawkins]

Was a good reason to get rid of that youtube and maps crap.

 

[MH01]

1) Apple's track record on security (and especially privacy) is far better than Google's or Facebook's.

2) Stop repeating that old tripe. Apple's services have never been hacked. The incident you're alluding to involved celebrities having their weak passwords compromised on other services through social engineering, after which the attackers were able to gain access to their Apple accounts because they foolishly used the same password everywhere.

While Apple subsequently strengthened security for their password reset system in one particular area, that weakness was not exploited during the celebrity hack.

That is hacking!! Hacking is not some fat kid who is a genius living in their parents house....people need to stop watching movies.

Yes, apple made changes and continues make changes to thier security cause it was just awesome and not as a result from lessons learned.

If you have a system that users can access just with a username and password , it's not secure!!! 2 factor??? Yes changes were made....continue to be made

Just to be clear my favourite scenario recently was my GF Approving two factor auth request on the same device .... oops. It should have popped up on her MacBook !
[doublepost=1488094553][/doublepost]

>Google said the issue with its Google Accounts engine also caused some Google Wifi and OnHub devices to automatically revert to factory settings.

This is a bit disturbing to be honest. A local device should NEVER lose its configuration because of an issue on the network. ESPECIALLY a networking device, which you kinda need TO GET ON THE NETWORK IN THE FIRST PLACE!

You'd think Google of all companies would understand this and implement their devices so this cannot happen, but apparently not.

You are taking too much into a PR statement.

Let me just say one thing , that I'll take a safety feature that reverts your device to factory settings in an event of a breach.

It's a PR release, closest to lies when it comes to what actually happaned. Apple or Google PR releases tell you nothing about the actual issue.

 

[H2SO4]

What don't they know? The post appears to be parroting what your cite says.
[doublepost=1488081844][/doublepost]

I'm not going to disagree with you, but I am going to say that there is an issue where companies T&A have such vague overstretching language that they could probably change their mind about something and it's still covered by the orignial terms.

I don’t really have too much respect for companies that are vague and whilst I can’t prove anything, the fact that they said nothing definitive about how it happened gives me pause.

 

[emm386]

Apple's track record on security (and especially privacy) is far better than Google's or Facebook's.

Apple's track record on security is secrecy and cover-ups. Transparency is the very least prerequisite if you have a serious interest in security.

Personally, I wouldn't trust a statement from Google's marketing and media relations.

I wouldn't trust ANY statement from any marketing or PR department. Especially Apple's, who has no interest whatsoever in being transparent about security issues.

 

[H2SO4]

Apple's track record on security is secrecy and cover-ups. Transparency is the very least prerequisite if you have a serious interest in security.


I wouldn't trust ANY statement from any marketing or PR department. Especially Apple's, who has no interest whatsoever in being transparent about security issues.

Ok. Couldn't have said it better myself.

 

[jacksmith21006]

And this is why I won't be buying Google Wifi. Really poor design that it reverts to factory defaults on something like this.

Not to mention the trust issues with Google.

"

Sounds like you do not understand the Google WiFi (GW) and why it is a major step forward. This is a bump on the journey. Google has built in the Google WiFi a hardware token that is tied to the boot image. The boot image is then tied to your Google account.

Early this week a major security issue was discovered with Cloudflare. Ironically the security issue was discovered by Google. This is a huge issue as many, many companies used Cloudflare for Internet security. Very private data was leaking. In response the Cloudflare certs were revoked causing people to re login into their accounts including Google but also notice wife was knocked out of her FB account.

The Google WiFi security is built to stop use if the chain of integrity is broken. I do think Google needs to think what should happen when integrity is broken. In some ways I get the wipe when integrity breaks down. You do NOT know if a port forwarding command was executed on the GW illegally. But probably needs some middle ground.

The GW is a device that comes with a service in many ways. I think of it more like Google and what they did to spam with Gmail. Google basically ended spam by building perdictive models for spam and blocked. It is similar here.

The major DDOS attacks of late have been coming from regular people inside their homes with their iOT they just do NOT realize it. I assume the GW goal is to end.

I replaced an Airport with the GW. I believe the old model of network routers just does not scale with our new world. It is just too complicated and now we have huge risk as we have our smoke detectors, thermostat, cams, etc all on the Internet and needs to be secured.

In security it is easy to open the door. Someone is having trouble getting to a site or something well just open the door and no complaints. I believe Google is creating a far better closed door but with it there are hiccups and this was one.

Would love to say the Cloudflare issue is unusual and started to type exactly that. But to be honest it is not. Ironically Google also released a proof of concept on breaking SHA1 THIS week. SHA1 is a foundational hashing algorithm. Sites like GIT for example are heavy users of SHA1.

Google posted two PDFs with the exact same signature but the two documents are different! This is why we must move to a better network security model then the past.

BTW, another example is CA transparency. On this one Google became their own CA root. Non of the other platform companies have gone this route. But this makes 100% sense. It limits the attack surface for Google. It allows them to control security and not be dependent on anyone else.

My home security is important to me and I do not believe anyone is in a better position to protect then Google.

If curious here is some additional info on a couple of the subjects I shared.

"Google Just Discovered A Massive Web Leak... And You Might Want To Change All Your Passwords"

https://www.forbes.com/sites/thomas...nt-to-change-all-your-passwords/#702de3a23ca3

"Google just cracked one of the building blocks of web encryption (but don’t worry)"

http://www.theverge.com/2017/2/23/14712118/google-sha1-collision-broken-web-encryption-shattered

"Google launches root certificate authority"

https://www.theregister.co.uk/2017/01/27/google_root_ca/

The root cert authority (CA) is really,really important. Otherwise security is reliant on other CA roots which can be an issue. The cert is what assures you that a site is what they say they are. So if you go to www.amazon.com and enter your credit card you really want to be sure it is really Amazon. To make that work we allows different roots and if root is ok then anything else under the root is assumed to be real. But EVERY company on this planet was dependent on the integrity of the roots until now.

Google is the only one of the platform companies that can assure the integrity of their certs because they are the root provider and would assume will allow no others.

There has been a push for transparency so when a rogue root issues a cert say to disney.com it has to be shared. That is good but we had one of these root CAs issued a illegal cert and nobody noticed for 24 hours! It just takes less than a second to be hacked.

"What is Certificate Transparency? How It helps Detect Fake SSL Certificates"
http://thehackernews.com/2016/04/ssl-certificate-transparency.html

I heavily prefer for it to ONLY be in Google's hands. So here is for example in Firefox what each of the major sites and who is the root. The root for these has to be trusted. Google now the two are the same as Google is their own root.

https://mozillacaprogram.secure.force.com/CA/CACertificatesInFirefoxReport

BTW, as you can see Amazon is also a root.
[doublepost=1488113109][/doublepost]

>Google said the issue with its Google Accounts engine also caused some Google Wifi and OnHub devices to automatically revert to factory settings.

This is a bit disturbing to be honest. A local device should NEVER lose its configuration because of an issue on the network. ESPECIALLY a networking device

This is NOT true! If there is a security issue the network device should absoultely shutdown! Please do not write things so wrong as you are giving very poor advice.

You are ONLY looking at your Internet working. The other side is your Internet working securely. What happened is Cloudflare had a HUGE security issue discovered this week. Certs were revoked and why you had to relogin in Google account and FB account and others.

The Google WiFi is implementing the next generation of security which we need. It has a hardware token inside locked ot the boot image to the running image to your Google account. If this chain of integrity breaks down the device should stop!

This problem is soon to be in the past as Google has taken the unusual step of becoming their own CA root. This means they are no longer subject to third parties security problems.

"Google launches root certificate authority

Cutting out the middle man"

https://www.theregister.co.uk/2017/01/27/google_root_ca/

"Google Just Discovered A Massive Web Leak... And You Might Want To Change All Your Passwords"

https://www.forbes.com/sites/thomas...nt-to-change-all-your-passwords/#26b5d8223ca3

 

[Apple 26.2]

No issues with Google, but Medium has been doing this a lot lately, whether on desktop or mobile.

 

[Sill]

I'm not going to disagree with you, but I am going to say that there is an issue where companies T&A have such vague overstretching language that they could probably change their mind about something and it's still covered by the orignial terms.

I'll agree with you on that.
[doublepost=1488121844][/doublepost]

Sounds like you do not understand the Google WiFi (GW) and why it is a major step forward. This is a bump on the journey. Google has built in the Google WiFi a hardware token that is tied to the boot image. The boot image is then tied to your Google account.

So... you have to have a Google account to use the GW base? Why does that not surprise me? Google wants to make sure there is no question about who is using their servers, so every bit of information they think they have on you can be positively attributed to you.

Google basically ended spam by building perdictive models for spam and blocked.

They must have blocked it for everyone else by sending it to me then. I still get spam from Gmail accounts. Great security there.

"
replaced an Airport with the GW. I believe the old model of network routers just does not scale with our new world. It is just too complicated and now we have huge risk as we have our smoke detectors, thermostat, cams, etc all on the Internet and needs to be secured.

Don't sacrifice your privacy and security for convenience. Here's a tip to eliminate the risk: disconnect all that stuff. Don't buy in to it. You'll achieve your goal of security without turning your life over to some company.

"
My home security is important to me and I do not believe anyone is in a better position to protect then Google.

You're a better person to protect your home security than Google; see my above comments about getting away from those services.

and read this as well

 

[jacksmith21006]

I'll agree with you on that.
[doublepost=1488121844][/doublepost]

Thanks for the post. It really come

I'll agree with you on that.
[doublepost=1488121844][/doublepost]

So... you have to have a Google account to use the GW base? Why does that not surprise me? Google wants to make sure there is no question about who is using their servers, so every bit of information they think they have on you can be positively attributed to you.



They must have blocked it for everyone else by sending it to me then. I still get spam from Gmail accounts. Great security there.



Don't sacrifice your privacy and security for convenience. Here's a tip to eliminate the risk: disconnect all that stuff. Don't buy in to it. You'll achieve your goal of security without turning your life over to some company.



You're a better person to protect your home security than Google; see my above comments about getting away from those services.

and read this as well

Thanks for your post! It is a two sided thing and you have to make your own decisions. On one hand absoultely the accounts make getting data far easier and in some cases possible. But on the other comes convenience.

Each person has to do decide between the two. To me I trust Google to be a company that will keep my data safe. Their business is dependent on it. This is why we do not see hacks like what hit CloudFlare or Yahoo, etc hitting Google.

Nobody will be able to keep their home network as secure as Google. I am sorry you just do not have the data that they have to accomplish. But the bigger issue is embeded systems are NOT developed with the security in mine that we need today. They do not get updates for example. Google WiFi is the first to fix this that I am aware of. I personally replaced Airport hardware with the GW for this reason. Airport had updates but it was not using Internet data to make more secure like Google is doing here. Google is taking home network security to an entirely different level as evident from what happened this week. Integrity broken and network stops working.

BTW, I do NOT believe the Airport line even had hardware tokens or what Apple calls the security enclave. It did NOT have boot image integrity check against hardware token. It did not have running image integrity checks and I know did NOT have shuting down when integrity broken.

So for example Google monitors attempts to break into Oauth accounts and signals users when there are attempts. Nobody else, I am aware of, does this.

"How to Avoid Getting Gmail's New Suspicious Account Activity Alert"
https://www.fastcompany.com/1596653/how-avoid-getting-gmails-new-suspicious-account-activity-alert

"They must have blocked it for everyone else by sending it to me then. I still get spam from Gmail accounts. Great security there."

This is where your post loss credibility, I am sorry. I use Gmail and also Apple cloud services. I get spam with Apple and NEVER with Google. Years ago Google built the canonical spam filter model and ever since spam has been beaten.
[doublepost=1488125166][/doublepost]

Thanks for your post! It is a two sided thing and you have to make your own decisions. On one hand absoultely the accounts make getting data far easier and in some cases possible. But on the other comes convenience.

Each person has to do decide between the two. To me I trust Google to be a company that will keep my data safe. Their business is dependent on it. This is why we do not see hacks like what hit CloudFlare or Yahoo, etc hitting Google.

Nobody will be able to keep their home network as secure as Google. I am sorry you just do not have the data that they have to accomplish. But the bigger issue is embeded systems are NOT developed with the security in mine that we need today. They do not get updates for example. Google WiFi is the first to fix this that I am aware of. I personally replaced Airport hardware with the GW for this reason. Airport had updates but it was not using Internet data to make more secure like Google is doing here. Google is taking home network security to an entirely different level as evident from what happened this week. Integrity broken and network stops working.

BTW, I do NOT believe the Airport line even had hardware tokens or what Apple calls the security enclave. It did NOT have boot image integrity check against hardware token. It did not have running image integrity checks and I know did NOT have shuting down when integrity broken.

So for example Google monitors attempts to break into Oauth accounts and signals users when there are attempts. Nobody else, I am aware of, does this.

"How to Avoid Getting Gmail's New Suspicious Account Activity Alert"
https://www.fastcompany.com/1596653/how-avoid-getting-gmails-new-suspicious-account-activity-alert

"They must have blocked it for everyone else by sending it to me then. I still get spam from Gmail accounts. Great security there."

This is where your post loss credibility, I am sorry. I use Gmail and also Apple cloud services. I get spam with Apple and NEVER with Google. Years ago Google built the canonical spam filter model and ever since spam has been beaten.

 

[Tsuius]

Because Apple doesnt make poor design choices also. Talking about trust? *cough* Icloud celebrity hack.

The celebrity hack had nothing to do with iCloud or Apple. The so called "celebrities" themselves gave up their passwords through a phishing scam. It's like saying that it is the banks fault for loosing my money because I gave my bank card pin number to a thief.

 

[jacksmith21006]

Forgot to share the Apple router security link.

http://routersecurity.org/applerouters.php

BTW, it is about also things being in the open so we know how bad or good it is. Google provides source code and Apple does NOT.

"Apple keeps details of patched AirPort router vulnerability under wraps"

http://www.zdnet.com/article/apple-...hed-airport-router-vulnerability-under-wraps/

So issues before dropping support and only going to get worse.

 

[Sill]

Thanks for your post! It is a two sided thing and you have to make your own decisions. On one hand absoultely the accounts make getting data far easier and in some cases possible. But on the other comes convenience. Each person has to do decide between the two. To me I trust Google to be a company that will keep my data safe. Their business is dependent on it.

To an extent. They're more dependent on making sure no one else "controls the narrative", if I can use that metaphor. Read Scott Cleland's posts on their control of your information, both to and from, and see if you still trust them.

This is why we do not see hacks like what hit CloudFlare or Yahoo, etc hitting Google.

That you're aware of.

Nobody will be able to keep their home network as secure as Google. I am sorry you just do not have the data that they have to accomplish.

I don't see how having control of all of a user's data makes them the people to control that user's home network, if thats what you're saying. Sorry but that just doesn't make sense. A better way to control your security starts with privacy, not with trust. And I'm not going to risk my privacy by buying a router that basically cements a company's complete control over my online identity. Don't forget the Google Home room bug, while you're at it. Then they can get an ever-increasingly more detailed voiceprint of me and everyone in my home, tied to information provided by the cell phones everyone carries, and augmented by voice stress indicators.

"They must have blocked it for everyone else by sending it to me then. I still get spam from Gmail accounts. Great security there."

This is where your post loss credibility, I am sorry. I use Gmail and also Apple cloud services. I get spam with Apple and NEVER with Google. Years ago Google built the canonical spam filter model and ever since spam has been beaten.

So, what does it mean to say my post "loss credibility"? Are you denying there aren't spam providers using Gmail addresses?

 

[jacksmith21006]

To an extent. They're more dependent on making sure no one else "controls the narrative", if I can use that metaphor. Read Scott Cleland's posts on their control of your information, both to and from, and see if you still trust them.

Sorry, I am not following the "controls the narrative"? Is it that Google is pushing security issues to keep you distracted to take your data? If this is the case you need to understand I have ZERO issue with Google taking all of my data. I get that is hard for you to understand and I am not joking. But if Google takes ALL of my WiFi data and creates a safer and more convenient solution I am fine with that. I have used Google for a very long time and have NEVER had any problem with them and my data. Not a single one! I really can not remember hearing about anyone having some problem with Google and their data. I say this fully aware Google is sucking up every piece of data possible from changing DNS from being anonymous so it is not to war driving the world, etc. I just see it differently as in how does it hurt me? Not some story of what could happen, etc. But give me a real example. Really give me a bunch as Google is used by over 2 billion people on this planet.


That you're aware of.

Fair statement. But Google by a mile has more users than any other service of any kind in the history of man! So if there were issues do you not think we would be aware? It is a little complicated but I have some very valuable assets that are MUST be protected by email and have been stolen in the past and retrieved. Since switching to using Gmaill to protect they have NOT been stolen again! Look at how many in government use Gmail accounts. Think there is a reason.


I don't see how having control of all of a user's data makes them the people to control that user's home network, if thats what you're saying. Sorry but that just doesn't make sense. A better way to control your security starts with privacy, not with trust. And I'm not going to risk my privacy by buying a router that basically cements a company's complete control over my online identity. Don't forget the Google Home room bug, while you're at it. Then they can get an ever-increasingly more detailed voiceprint of me and everyone in my home, tied to information provided by the cell phones everyone carries, and augmented by voice stress indicators.

Not "control" of the data but can see the data. We have HUGE and I mean HUGE issues in terms of security and embedded devices. The DDOS attacks of late are being driven by hacked iOT devices in "regular" people's homes. They are part of the attack while you sit in your family room right next to the devices and you do NOT have a clue. Google can attack the problem from the home network.

Google is really a pattern with algorithm company at its heart. Be it search, voice, spam and security. So as Google gets the data they can see the patterns and circumvent. That is what is happening here. The Google WiFi is NOT only a product but it is also a service, IMO.


So, what does it mean to say my post "loss credibility"? Are you denying there aren't spam providers using Gmail addresses?

This is the only one of your points that irks me . I am super old. I have been involved in building the Internet starting in 1986. So very early. We had a horrendous problem with spam that made email basically not functional. You could NEVER share an email address. If say you owned domain names it was impossible to filter out real emails from spam. Spam was hitting in the 100s of emails daily!! Google ended. That is simply a fact. I like giving credit where to so really it was Jeff Dean with Google that solved the problem and made email possible again even with domains.

BTW, it is terrible but there was another key engineer at Google under Jeff Dean and his name escapes me. So I say give credit where due but forget the name . Anyone know the name please share.
[doublepost=1488127132][/doublepost]'Don't forget the Google Home room bug "

I have ZERO idea what you are referring to here. We are very heavy users of Google Home. We have, I think, six now. We purchased the Echo on launch but got a Google Home at Christmas and since we have expanded to having in a couple of the kids bedrooms as I have one next to my bed.

I can NOT remember any piece of technology that I would be lost without as quickly as the Google Home. Love our iPhones but I am sorry Siri is just an embarrassment in comparison.

 

[Sill]

Forgot to share the Apple router security link.

http://routersecurity.org/applerouters.php

BTW, it is about also things being in the open so we know how bad or good it is. Google provides source code and Apple does NOT.

Google provides some source code. Not everything.

"Apple keeps details of patched AirPort router vulnerability under wraps"

http://www.zdnet.com/article/apple-...hed-airport-router-vulnerability-under-wraps/

So issues before dropping support and only going to get worse.[/QUOTE]

So true. Apple has discontinued an excellent router, with a devoted fanbase who enjoy what has to be the easiest setup and administration I've ever seen. And like all other discontinued products, support will end and eventually those routers will be compromised to uselessness. Thats how it goes. It doesn't negate the fact that Google has done far more to compromise privacy than anything I can think of from any other company. I don't think this means anything to you because every example you give frames your point of view as "privacy takes a back seat to security and both have to accommodate all the gee whiz gadgets we're convincing ourselves we need". My POV is "Privacy is the greatest concern, and proper security begins with privacy. BTW, think before you purchase something because generally you don't need what you're being convinced you need."

Google places no value on privacy, just security. Unless you're a private shareholder at Google, in which case re-read that article from Cleland I posted above. You'll see that they run their company like a black box, with zero transparency. They flaunt SEC rules, are non-responsive to questions or they obfuscate, and when they're caught they downplay what they've done, ignore it, or sidestep.

If you didn't read anything about "Google for Kids", aka "Google Apps For Education" - and many Google apologists either refuse to admit it happened or pretend its meaningless, even here - you should. Read more here.

Google offered free apps and storage to schools across the country because they're oh-so-benevolent. The catch was the kids information was all gathered as part of a registration process. Name, age, address, and everything else the schools had on them. Then the usage of the apps, search and browsing history, and the rest of the many-layers-deep behavioral tracking Google does was applied to the kids and stored indefinitely. Some people realized this might be going on. Initial queries from people ranging from private citizens to LEOs to government officials were met with "we don't do that'. Further prompts including evidence that they do it were met with "we don't store that information". Finally, a real probe proved they did store the info. Google responded with "Our bad!" while they made a huge amount of noise about turning off scanning/analysis on Gmail for those kids. That amounts to a fraction of the analysis Google actually does on all users, so they effectively used a confirmation bias to help people convince themselves Google was being straightforward.


Here's a very dated article explaining what Google tracked... back in 2008. What Dover didn't realize at the time was that there are many layers of analysis that Google uses, on top of all that data they collect, and they have only become more sophisticated over time. Just as important as "who/what" are "when/why/where". Google reaches so far into its users' lives they can make extreme use of what time of day you perform your activities, they can compare it to other data on other facets in your life so they can make assumptions on what factors influence your decisions, and they can compare that to data from where you do these things. They're building profiles on people that are so detailed they are eventually going to know what you want before you want it. Failing that, they will influence you to want what you want when they want it. Their artificial intelligence project is going to be the basis for this. They will be able to model you in software and approach your model with information and see how it responds. This is absolutely terrifying for so many reasons and I don't have the rest of the day to explain it. Google wants to become "how".

 

[H2SO4]

Don't sacrifice your privacy and security for convenience. Here's a tip to eliminate the risk: disconnect all that stuff. Don't buy in to it. You'll achieve your goal of security without turning your life over to some company.

I hate this kind of cliched response. We all do it, (depending on what we think suits our needs), and you are no different. Guess what, security would mean me welding my front door shut every morning, convenience means me just using a key.

 

[Sill]

This is the only one of your points that irks me . I am super old. I have been involved in building the Internet starting in 1986. So very early.

What do you think I was doing then? I was on ARPAnet two years prior.

We had a horrendous problem with spam that made email basically not functional. You could NEVER share an email address. If say you owned domain names it was impossible to filter out real emails from spam. Spam was hitting in the 100s of emails daily!! Google ended. That is simply a fact. I like giving credit where to so really it was Jeff Dean with Google that solved the problem and made email possible again even with domains.

Good for him. Can we get back to the discussion on privacy?

"'Don't forget the Google Home room bug "

I have ZERO idea what you are referring to here. We are very heavy users of Google Home. We have, I think, six now. We purchased the Echo on launch but got a Google Home at Christmas and since we have expanded to having in a couple of the kids bedrooms as I have one next to my bed.

I think I was pretty clear in the later post. You're giving Google complete access to your life. Your router certifies they're dealing with you, and yours. The Home constantly monitors your voice, establishing a continuously updated voice print approaching perfection, along with stress modifiers. It is a room bug.

Oh wait, I forgot - it doesn't listen until you tell it to. Because its listening and waiting for you to tell it to listen. Or something like that. I wonder if you asked it to explain cognitive dissonance and confirmation bias - would it explode from the irony?

At least you're getting your kids acclimated to it now, before they can be educated on the dangers. Later on, when people try to explain it to them, they can act surprised, then defend it, then ignore it because its part of their life.

I can NOT remember any piece of technology that I would be lost without as quickly as the Google Home. Love our iPhones but I am sorry Siri is just an embarrassment in comparison.

If you are that dependent on it, and you can't see the dangers inherent in it, then frankly this discussion is moot.

 

[H2SO4]

The celebrity hack had nothing to do with iCloud or Apple. The so called "celebrities" themselves gave up their passwords through a phishing scam. It's like saying that it is the banks fault for loosing my money because I gave my bank card pin number to a thief.

Can you provide something to support that assertion please?

 

[Sill]

This is the only one of your points that irks me . I am super old. I have been involved in building the Internet starting in 1986. So very early.

Could you please fix your formatting errors in post #45, super old one? I'm not going to click through that entire thing fixing the quote structure just so I can reply to you.