Tweet
Assuming this is true: http://www.techworm.net/2015/03/hidd...s-nexus-6.html
URL1=http://www.techworm.net/2015/03/hidd...s-nexus-6.html
URL1 Title: "Hidden Google VPN Connectivity App seen in latest Android 5.1 Lollipop version on Motorola’s Nexus 6"
This is brilliant. It gives customers a *possible* advantage of better protection from attacks on hostile WiFi or data networks, decreasing risk of MitM attacks against them with various tools available for use on WiFi and wired networks. Meanwhile, it also gives google direct access to *full* browsing habits used through their VPN!
There is a chance for both parties to gain something in this, at a cost of privacy on the part of the user.
So, here is the question:
Is such a trade-off a good idea? If the masses adopt and use such a service, Google helps raise the bar to attacking users of Android with MitM attacks on WiFi networks, but at a cost of risking more consumer browsing habits being leaked. This would appear to help them re-establish themselves as getting access to cookie-like information, but better, even while following the literal letter of request in cookie "DNT" requests, as the scope of that is limited to cookies.
An advantage of capitalism is competition and choice (for markets where competition exists.) People can choose to use a service or not. Consumers choose winners and losers. Once governments become involved, consumers are not the only decision-makers. Laws, rules, policies, regulations can all lead to denying consumers choice, causing governments to pick winners and losers instead. (Not arguing an advantage of one over the others -- statement of facts. I'm sure there are spaces people will agree that government intervention is required, while disagreement over others. This paragraph is a comment on an advantage of entrepreneur gambling with new ideas to test them in our marketplace, risking loss if they fail, but gaining profits when they succeed.)
This is no replacement for "tor" networks, as this is a single entity for a government to go harass to demand information about user's use of services. The implied focus of this is to protect from hostile WiFi networks not provide anonymization.
What do you think? Is this a good idea? Does this generally improve consumer-security? If a customer was asking for your advice, and their requirement was "free" would you advocate using this, or tor networks, dedicated commercial VPN (and pay), or something else?
Me? No. I will use my own VPN. Egress filtering and analysis is possible when you run your own VPN. You can also filter incoming content and perform your own network analysis on traffic to your devices, and your users. I recognize a value in tor networks specific to helping reduce risk of exposure of an identity, but with this understood, the use of tor networks should be limited to cases where secrecy of identity is important. For example, I would not run Internet Banking, tax forms/info, financial services (including credit cards and retirement accounts) through tor -- that would be silly.
URL1=http://www.techworm.net/2015/03/hidd...s-nexus-6.html
URL1 Title: "Hidden Google VPN Connectivity App seen in latest Android 5.1 Lollipop version on Motorola’s Nexus 6"
Originally posted by URL1
There is a chance for both parties to gain something in this, at a cost of privacy on the part of the user.
So, here is the question:
Is such a trade-off a good idea? If the masses adopt and use such a service, Google helps raise the bar to attacking users of Android with MitM attacks on WiFi networks, but at a cost of risking more consumer browsing habits being leaked. This would appear to help them re-establish themselves as getting access to cookie-like information, but better, even while following the literal letter of request in cookie "DNT" requests, as the scope of that is limited to cookies.
An advantage of capitalism is competition and choice (for markets where competition exists.) People can choose to use a service or not. Consumers choose winners and losers. Once governments become involved, consumers are not the only decision-makers. Laws, rules, policies, regulations can all lead to denying consumers choice, causing governments to pick winners and losers instead. (Not arguing an advantage of one over the others -- statement of facts. I'm sure there are spaces people will agree that government intervention is required, while disagreement over others. This paragraph is a comment on an advantage of entrepreneur gambling with new ideas to test them in our marketplace, risking loss if they fail, but gaining profits when they succeed.)
This is no replacement for "tor" networks, as this is a single entity for a government to go harass to demand information about user's use of services. The implied focus of this is to protect from hostile WiFi networks not provide anonymization.
What do you think? Is this a good idea? Does this generally improve consumer-security? If a customer was asking for your advice, and their requirement was "free" would you advocate using this, or tor networks, dedicated commercial VPN (and pay), or something else?
Me? No. I will use my own VPN. Egress filtering and analysis is possible when you run your own VPN. You can also filter incoming content and perform your own network analysis on traffic to your devices, and your users. I recognize a value in tor networks specific to helping reduce risk of exposure of an identity, but with this understood, the use of tor networks should be limited to cases where secrecy of identity is important. For example, I would not run Internet Banking, tax forms/info, financial services (including credit cards and retirement accounts) through tor -- that would be silly.
Comment