No announcement yet.

Brilliant idea from google to better data-mine customers...

  • Filter
  • Time
  • Show
Clear All
new posts

  • Brilliant idea from google to better data-mine customers...

    Assuming this is true:


    URL1 Title: "Hidden Google VPN Connectivity App seen in latest Android 5.1 Lollipop version on Motorola’s Nexus 6"

    Originally posted by URL1
    Android lollipop users may not require to use private VPN apps if what John Freml of Pocketables has posted is true. Google is trying out its own VPN connectivity App for providing secure services on open Wi-Fi systems.
    However here is where Freml found that the fun ends because he could not connect to any open Wi-Fi, secured Wi-Fi or 3G network.
    This is brilliant. It gives customers a *possible* advantage of better protection from attacks on hostile WiFi or data networks, decreasing risk of MitM attacks against them with various tools available for use on WiFi and wired networks. Meanwhile, it also gives google direct access to *full* browsing habits used through their VPN!

    There is a chance for both parties to gain something in this, at a cost of privacy on the part of the user.

    So, here is the question:
    Is such a trade-off a good idea? If the masses adopt and use such a service, Google helps raise the bar to attacking users of Android with MitM attacks on WiFi networks, but at a cost of risking more consumer browsing habits being leaked. This would appear to help them re-establish themselves as getting access to cookie-like information, but better, even while following the literal letter of request in cookie "DNT" requests, as the scope of that is limited to cookies.

    An advantage of capitalism is competition and choice (for markets where competition exists.) People can choose to use a service or not. Consumers choose winners and losers. Once governments become involved, consumers are not the only decision-makers. Laws, rules, policies, regulations can all lead to denying consumers choice, causing governments to pick winners and losers instead. (Not arguing an advantage of one over the others -- statement of facts. I'm sure there are spaces people will agree that government intervention is required, while disagreement over others. This paragraph is a comment on an advantage of entrepreneur gambling with new ideas to test them in our marketplace, risking loss if they fail, but gaining profits when they succeed.)

    This is no replacement for "tor" networks, as this is a single entity for a government to go harass to demand information about user's use of services. The implied focus of this is to protect from hostile WiFi networks not provide anonymization.

    What do you think? Is this a good idea? Does this generally improve consumer-security? If a customer was asking for your advice, and their requirement was "free" would you advocate using this, or tor networks, dedicated commercial VPN (and pay), or something else?

    Me? No. I will use my own VPN. Egress filtering and analysis is possible when you run your own VPN. You can also filter incoming content and perform your own network analysis on traffic to your devices, and your users. I recognize a value in tor networks specific to helping reduce risk of exposure of an identity, but with this understood, the use of tor networks should be limited to cases where secrecy of identity is important. For example, I would not run Internet Banking, tax forms/info, financial services (including credit cards and retirement accounts) through tor -- that would be silly.
    Last edited by TheCotMan; March 15, 2015, 21:52.

  • #2
    I feel that this would be a beneficial service for the vast majority of users, if this app where to go live and be present on all Android phones a lot more users are likely to use it. I can think of a few cases where I have been sitting with friends in Starbucks and they just casually connect their phones to the wifi despite repeated warnings. I also get told they can't be bothered to download any apps or pay for VPN service.

    The introduction of a free built in VPN would vastly reduce the number of people using their phones with care free abandon in these vulnerable situations. In regards to monitoring of browsing habits I think in the majority of cases that ship has already sailed, with people signing up for google on chrome and only using Google as their search engine. Any information Google does want to know they already do.