Google "Secure Access" FAQ + Download link

Google Secure Access (Beta): Frequently Asked Questions

What is Google Secure Access?

Google Secure Access is a downloadable client application that allows
users to establish a more secure WiFi connection.

Why would I want to download and install Google Secure Access?

Google Secure Access allows you to establish a more secure connection
while using Google WiFi. By using Google Secure Access, your internet
traffic will be encrypted, preventing others from viewing the
information you transmit.

Does Google Secure Access connect to a VPN server?

Yes, Google Secure Access connects to Google's VPN ("Virtual Private
Network") server provided for this service.

Why did Google develop Google Secure Access?

One of our engineers recognized that secure WiFi was virtually
non-existent at most locations. As a result, he used his 20% project
time to begin an initiative to offer users more secure WiFi access.
Google Secure Access is the result of this endeavor.

What sort of information does Google have access to?

If you choose to use Google Secure Access, your internet traffic will
be encrypted and sent through Google's servers to the Internet. The
data that is received will then be encrypted and sent back through our
servers to your computer. Your privacy is important to us, we strongly
encourage you to read our Privacy Policy to be fully informed about how
your privacy is protected.

Is there a fee for using Google Secure Access?

No, Google Secure Access is free.

Where can I go to download Google Secure Access?

The program can currently be downloaded at certain Google WiFi
locations in the San Francisco Bay Area.

When I install Google Secure Access, why does it ask if I also want to
install the Google Toolbar?

We've included the option to install the Google Toolbar because it
improves your browsing experience.

Can I uninstall Google Secure Access?

Yes. You can uninstall Google Secure Access by simply running the
Uninstall program. This can be found by clicking on Start Menu,
Programs, Google Secure Access, and then choosing Uninstall.

How do I make my connection even more secure?

You can make your connection even more secure by using a software
firewall. Windows XP users with Service Pack 2 can find it by clicking
on Start, Control Panel, and then choosing Windows Firewall.

Will my corporate VPN still work?

Yes. You can connect to your corporate VPN while running Google Secure
Access.

I have configured Google Secure Access to connect automatically, but
it's not working. What's going on?

Certain wireless LAN management utilities and older wireless LAN
adapter drivers prevent Google Secure Access from detecting that you're
connected to the Google WiFi network. In this case it will not connect
automatically, and you should connect manually to ensure the privacy
and security of your network traffic.

Will Google Secure Access work at other locations?

While Google Secure Access should work, we have not tested it at other
locations.

Why is Google Secure Access a beta product?

Google Secure Access is a new product that is only available at certain
locations in the San Francisco Bay Area. We are constantly working to
improve this product.

link to installer :

https://wifi.google.com/download.html

Think this is about Joe Bloggs in the street ? Nahh....
Methinks what Google are trying to do is offer a facility to the Corps to
allow their wireless workers to Net connect encrypted. Mass-market data
collection exercise.

1-How long will it be before they start charging for it (assuming it's
succesful enough) ??
2-How long will it be before the FBI/US Govt want to have access to any
encypted transmitted data.
3-Why the hell should I give Google access to my Net traffic just so they
can do stats monitoring etc... ?

Call this innovation ? More like a Corp control exercise. Screw em'...

S

<(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> Google Secure Access (Beta): Frequently Asked Questions
>
> What is Google Secure Access?
>
> Google Secure Access is a downloadable client application that allows
> users to establish a more secure WiFi connection.
>
> Why would I want to download and install Google Secure Access?
>
> Google Secure Access allows you to establish a more secure connection
> while using Google WiFi. By using Google Secure Access, your internet
> traffic will be encrypted, preventing others from viewing the
> information you transmit.
>
> Does Google Secure Access connect to a VPN server?
>
> Yes, Google Secure Access connects to Google's VPN ("Virtual Private
> Network") server provided for this service.
>
> Why did Google develop Google Secure Access?
>
> One of our engineers recognized that secure WiFi was virtually
> non-existent at most locations. As a result, he used his 20% project
> time to begin an initiative to offer users more secure WiFi access.
> Google Secure Access is the result of this endeavor.
>
> What sort of information does Google have access to?
>
> If you choose to use Google Secure Access, your internet traffic will
> be encrypted and sent through Google's servers to the Internet. The
> data that is received will then be encrypted and sent back through our
> servers to your computer. Your privacy is important to us, we strongly
> encourage you to read our Privacy Policy to be fully informed about how
> your privacy is protected.
>
> Is there a fee for using Google Secure Access?
>
> No, Google Secure Access is free.
>
> Where can I go to download Google Secure Access?
>
> The program can currently be downloaded at certain Google WiFi
> locations in the San Francisco Bay Area.
>
> When I install Google Secure Access, why does it ask if I also want to
> install the Google Toolbar?
>
> We've included the option to install the Google Toolbar because it
> improves your browsing experience.
>
> Can I uninstall Google Secure Access?
>
> Yes. You can uninstall Google Secure Access by simply running the
> Uninstall program. This can be found by clicking on Start Menu,
> Programs, Google Secure Access, and then choosing Uninstall.
>
> How do I make my connection even more secure?
>
> You can make your connection even more secure by using a software
> firewall. Windows XP users with Service Pack 2 can find it by clicking
> on Start, Control Panel, and then choosing Windows Firewall.
>
> Will my corporate VPN still work?
>
> Yes. You can connect to your corporate VPN while running Google Secure
> Access.
>
> I have configured Google Secure Access to connect automatically, but
> it's not working. What's going on?
>
> Certain wireless LAN management utilities and older wireless LAN
> adapter drivers prevent Google Secure Access from detecting that you're
> connected to the Google WiFi network. In this case it will not connect
> automatically, and you should connect manually to ensure the privacy
> and security of your network traffic.
>
> Will Google Secure Access work at other locations?
>
> While Google Secure Access should work, we have not tested it at other
> locations.
>
> Why is Google Secure Access a beta product?
>
> Google Secure Access is a new product that is only available at certain
> locations in the San Francisco Bay Area. We are constantly working to
> improve this product.
>
> link to installer :
>
> https://wifi.google.com/download.html
>

On Wed, 21 Sep 2005 12:56:45 GMT, "Steve Berry" <(E-Mail Removed)>
wrote:

>Think this is about Joe Bloggs in the street ? Nahh....

It's about Joe Coffee browsing at hot spots and coffee shops. Google
wi-fi secure access currently only works at two hot spots in the San
Francisco Bay area. Kapp's Pizza Bar and Grill and one at Airborne
Gymnastics. I note that you're in UK. Wait your turn.

>Methinks what Google are trying to do is offer a facility to the Corps to
>allow their wireless workers to Net connect encrypted. Mass-market data
>collection exercise.

Amazing. Could you explain how they might do that with a local VPN
client and server at a remote hot spot? I haven't seen the server end
but methinks it would be difficult without a rather elaborate data
collector at the hot spot end.

>1-How long will it be before they start charging for it (assuming it's
>succesful enough) ??

The client will probably remain free. The server will probably either
cost money, or throw advertising in your face to pay the bills. I'm
guessing, but I would like to point out that almost all of the beta
stuff offered by Google on the client side has been free and remains
free.

>2-How long will it be before the FBI/US Govt want to have access to any
>encypted transmitted data.

They already have access. The traffic between the client and the
wi-fi hot spot will be encrypted by the VPN. The traffic between the
hot spot and the ISP is not and could be sniffed by law enforcement
agencies.

>3-Why the hell should I give Google access to my Net traffic just so they
>can do stats monitoring etc... ?

Why not? If you're doing porno downloads or spamming at a wireless
hot spot, I'm sure it might induce you to clean up your act.

>Call this innovation ? More like a Corp control exercise. Screw em'...

I don't think so, but you're entitled to your paranoia. Methinks you
might be over-reacting.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Inline...

"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 21 Sep 2005 12:56:45 GMT, "Steve Berry" <(E-Mail Removed)>
> wrote:
>
>>Think this is about Joe Bloggs in the street ? Nahh....
>
> It's about Joe Coffee browsing at hot spots and coffee shops. Google
> wi-fi secure access currently only works at two hot spots in the San
> Francisco Bay area. Kapp's Pizza Bar and Grill and one at Airborne
> Gymnastics. I note that you're in UK. Wait your turn.

Yeah now it is, what about in 2/3 years time ?
BTW who do you define Joe Bloggs as being ?
To me he's anyone and everyone from the lone surfer to the Corp CIO.
Who says hot spots will be limited to Coffee Shops ?
Google could (theoretically) set em' up wherever they God Damn please.
In theory what's to stop them scaling up "hot-spots" to "large-scale hot
spots" - then they can target companies/employees using wireless networks.
What's to stop them ? - not a lot assuming they've got the financial
resources to do so.

>
>>Methinks what Google are trying to do is offer a facility to the Corps to
>>allow their wireless workers to Net connect encrypted. Mass-market data
>>collection exercise.
>
> Amazing. Could you explain how they might do that with a local VPN
> client and server at a remote hot spot? I haven't seen the server end
> but methinks it would be difficult without a rather elaborate data
> collector at the hot spot end.

Gimme' a break. Do you doubt Google could currently afford that if they
wished ?
Just because they haven't implemented it yet doesn't mean to say they're not
giving themselves
the means to do so. This is about nothing more than creating a "catch-net".
No doubt MS will follow-suit. Thanks but if I want my wireless data
encrypted I'll choose to do it through the company I'm employed by. How the
hell can you or anyone else know what Google will do (or be asked to do)
with that data ? Sure offer the service if you wish, just don't expect
everyone to jump on it.

>
>>1-How long will it be before they start charging for it (assuming it's
>>succesful enough) ??
>
> The client will probably remain free. The server will probably either
> cost money, or throw advertising in your face to pay the bills. I'm
> guessing, but I would like to point out that almost all of the beta
> stuff offered by Google on the client side has been free and remains
> free.

Missing the point. Whether it's free or not now isn't the point.
At some point in the future if this is a success, someone within Google will
be sitting there saying
"Hmm.. Over a X year period, we've had X amount of people using that
service, and we've got all this lovely data". Why don't we charge em' for it
? Even that is secondary to the fact that as an individual, you're
reliqushing control to a Corp. Thanks but no thanks. What they're trying to
do is no better than what MS have done over the years. All about control and
very little else. Kinda' boring actually.

>
>>2-How long will it be before the FBI/US Govt want to have access to any
>>encypted transmitted data.
>
> They already have access. The traffic between the client and the
> wi-fi hot spot will be encrypted by the VPN. The traffic between the
> hot spot and the ISP is not and could be sniffed by law enforcement
> agencies.

Or anyone else ???

>
>>3-Why the hell should I give Google access to my Net traffic just so they
>>can do stats monitoring etc... ?
>
> Why not? If you're doing porno downloads or spamming at a wireless
> hot spot, I'm sure it might induce you to clean up your act.

That's funny. Mr Porn merchant wants his daily dose of porn and the only way
to get it is a daily trip down to Starbucks !! Can just imagine the trail of
Net Users with holes cut in their newspapers so no-one will recognise em' !
If I were that type do you think I'd actually be worried about what data I'm
downloading anyway ?

>
>>Call this innovation ? More like a Corp control exercise. Screw em'...
>
> I don't think so, but you're entitled to your paranoia. Methinks you
> might be over-reacting.

Hmm..don't think so. Just the same old story - companies wanting control of
infrastructure/data paths (& associated data).
That said, some will probably find it useful, but I'll be giving it a
permanent body-swerve.

Rgds, S

>
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

On Wed, 21 Sep 2005 18:31:00 GMT, "Steve Berry" <(E-Mail Removed)>
wrote:

>> It's about Joe Coffee browsing at hot spots and coffee shops. Google
>> wi-fi secure access currently only works at two hot spots in the San
>> Francisco Bay area. Kapp's Pizza Bar and Grill and one at Airborne
>> Gymnastics. I note that you're in UK. Wait your turn.

>Yeah now it is, what about in 2/3 years time ?

Google's motto is "Do No Evil". From friends that are employed by
Google, I find that they take this seriously. If the same
announcement had been made by SBC or one of the cellular companies, I
would be VERY suspicious and paranoid. I have to make a few value
judgements in my lifetime, and would say that Google can generally be
trusted to do the right thing.

>BTW who do you define Joe Bloggs as being ?

My average user is called Joe SixPack for the home user and Joe Coffee
for the coffee shop seat warmer. These are generally in reference to
users with minimal computer expertise. I do have average and median
demographics and statistics on their internet use habits and features
used, but can't really leak them without breaking NDA's.

>To me he's anyone and everyone from the lone surfer to the Corp CIO.

Yep. That covers everyone except the geeks, hackers, students, and
spammers.

>Who says hot spots will be limited to Coffee Shops ?

Good point. There are also airports, bus stations, hotels,
restraunts, railway stations, parks, and public buildings. Of course
most of these alreay have for pay wi-fi so there may be some
difficulties with the owners considering Google a revenue loss.

>Google could (theoretically) set em' up wherever they God Damn please.

I know a bit about site aquisition and managment and can assure you
that this is not the case. Business's know money when they smell it
and would not miss a chance to charge for the access point. Municipal
government want contracts and permits. Businesses with existing
commerical arrangements might find free to be bad business.

>In theory what's to stop them scaling up "hot-spots" to "large-scale hot
>spots" - then they can target companies/employees using wireless networks.
>What's to stop them ? - not a lot assuming they've got the financial
>resources to do so.

Not much to stop them except lack of demand. The most vocal demand
for free wi-fi are home users in nearby apartments and offices that
want free internet rather than paying an ISP for DSL or cable.
Opinions as to the viability of such a system occupied by
non-customers varies somewhat from abuse to a great deal. If Google
offered free wireless internet, with no restrictions beyond the usual
bandwidth limiting, in trade for some ads, non-intrusive statistics,
and some light monitoring, would you go for it? I know quite a few
that would.

>> Amazing. Could you explain how they might do that with a local VPN
>> client and server at a remote hot spot? I haven't seen the server end
>> but methinks it would be difficult without a rather elaborate data
>> collector at the hot spot end.

>Gimme' a break. Do you doubt Google could currently afford that if they
>wished ?

Nice way to avoid the question. I didn't ask they could afford to do
it. I asked precisely how they would impliment such a spy system?
Hint: Have you ever tried to sniff gigabit ethernet? Think of it as
drinking from a fire hose.

>Just because they haven't implemented it yet doesn't mean to say they're not
>giving themselves
>the means to do so.

If you have any proof that they're sniffing, I would be very
interested in hearing it. Otherwise, please confine you accusations
and predictions of abuse to reality. Do you have any past evidence
that Google has done anything even close to what you're suggesting?

>This is about nothing more than creating a "catch-net".

Pardon my ignorance but what's that?

>No doubt MS will follow-suit.

Nope. Microsoft never follows. They just buy the leading company.

>Thanks but if I want my wireless data
>encrypted I'll choose to do it through the company I'm employed by.

That's fair. It's possible that the Google VPN client has some back
doors and security issues. However, I'm fairly sure that these have
been checked by security professionals. Given time, they may chose to
hvae it certified by an independent lab. If Google is really nice,
they might allow their VPN termination server to accept other clients
such as the Cisco VPN client or SafeNet client. Would that make you
happy?

>How the
>hell can you or anyone else know what Google will do (or be asked to do)
>with that data ?

Well, they are required by law to disclose their security policies.
Also, you could just ask them what they are collecting and how it's
used. Start here:
http://googleblog.blogspot.com/

>Sure offer the service if you wish, just don't expect
>everyone to jump on it.

I'm not offering any service. Like everything else, new ideas require
some risk. Personally, I don't think offering anything for free has
any manner of long term viability, but it does sound nice.

>Missing the point. Whether it's free or not now isn't the point.
>At some point in the future if this is a success, someone within Google will
>be sitting there saying
>"Hmm.. Over a X year period, we've had X amount of people using that
>service, and we've got all this lovely data". Why don't we charge em' for it
>? Even that is secondary to the fact that as an individual, you're
>reliqushing control to a Corp. Thanks but no thanks. What they're trying to
>do is no better than what MS have done over the years. All about control and
>very little else. Kinda' boring actually.

Not too bad a conspiracy theory. If you don't mind, I don't want to
argue with you about this level of speculation.

>> They already have access. The traffic between the client and the
>> wi-fi hot spot will be encrypted by the VPN. The traffic between the
>> hot spot and the ISP is not and could be sniffed by law enforcement
>> agencies.

>Or anyone else ???

Why would any *COMPANY* find it necessary to do something so invasive
and stupid? I can see the various law enforcement acronyms doing such
things. They don't know any better. However, a company is
responsible to its owners and stockholders. If any company were
caught sniffing, say goodby to their reputation. I don't know any
company that would risk that, especially the big ones that have the
most to lose.

>That's funny. Mr Porn merchant wants his daily dose of porn and the only way
>to get it is a daily trip down to Starbucks !! Can just imagine the trail of
>Net Users with holes cut in their newspapers so no-one will recognise em' !
>If I were that type do you think I'd actually be worried about what data I'm
>downloading anyway ?

Not until your caught and get kicked off the system. I sometimes get
to play enforcer on some hot-spot system and a WISP. That's the
standard line. Frankly, I don't care what they look at or download.
I only care about the quantity. One Bitorrent user can hog the entire
system. I don't care if he's downloading movies, cd images, or porno,
he's history if I catch him.

>Hmm..don't think so. Just the same old story - companies wanting control of
>infrastructure/data paths (& associated data).
>That said, some will probably find it useful, but I'll be giving it a
>permanent body-swerve.

As I mentioned. You are entitled to your own level of paranoia.


--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Wed, 21 Sep 2005 18:31:00 GMT, "Steve Berry" <(E-Mail Removed)>
> wrote:
>
>>> It's about Joe Coffee browsing at hot spots and coffee shops. Google
>>> wi-fi secure access currently only works at two hot spots in the San
>>> Francisco Bay area. Kapp's Pizza Bar and Grill and one at Airborne
>>> Gymnastics. I note that you're in UK. Wait your turn.
>
>>Yeah now it is, what about in 2/3 years time ?
>
> Google's motto is "Do No Evil". From friends that are employed by
> Google, I find that they take this seriously. If the same
> announcement had been made by SBC or one of the cellular companies, I
> would be VERY suspicious and paranoid. I have to make a few value
> judgements in my lifetime, and would say that Google can generally be
> trusted to do the right thing.
>

Hmm....You're asking users to take alot on face value/show leaps of faith in
Google.
As you may have guessed, I'm not so trusting, not of Google in particular
( search engine is obviously
excellent & Google Earth as a product is absolutely fantastic etc.. ), I'm
just suspicious of what Google *could* do with that data. The scenario
they've put in place potentially gives em' an awful lot of power.
Yeah, that does scare me !

>>BTW who do you define Joe Bloggs as being ?
>
> My average user is called Joe SixPack for the home user and Joe Coffee
> for the coffee shop seat warmer. These are generally in reference to
> users with minimal computer expertise. I do have average and median
> demographics and statistics on their internet use habits and features
> used, but can't really leak them without breaking NDA's.

Therein lies the point - not so much what Google are setting up, but why are
they doing it ?
I mentioned previously about mass-market data collection, what is
statistical study if it doesn't involve mass-market data collection ? I'm
still more concerned about what Google will do with that data.
I'm speculating here, but I can see scenarios where they could easily sell
statistical analyses of users
habits to third-party companies. It's potentially mind-blowing what else
they could do with that data.
Yeah, I'm still scared !

>
>>To me he's anyone and everyone from the lone surfer to the Corp CIO.
>
> Yep. That covers everyone except the geeks, hackers, students, and
> spammers.
>
>>Who says hot spots will be limited to Coffee Shops ?
>
> Good point. There are also airports, bus stations, hotels,
> restraunts, railway stations, parks, and public buildings. Of course
> most of these alreay have for pay wi-fi so there may be some
> difficulties with the owners considering Google a revenue loss.
>
>>Google could (theoretically) set em' up wherever they God Damn please.
>
> I know a bit about site aquisition and managment and can assure you
> that this is not the case. Business's know money when they smell it
> and would not miss a chance to charge for the access point. Municipal
> government want contracts and permits. Businesses with existing
> commerical arrangements might find free to be bad business.

I never said free. You're right about Business needs though. If the SF
instance shows
potential as a revenue source, which could be scaled, I doubt they'll refuse
to look at it.

>
>>In theory what's to stop them scaling up "hot-spots" to "large-scale hot
>>spots" - then they can target companies/employees using wireless networks.
>>What's to stop them ? - not a lot assuming they've got the financial
>>resources to do so.
>
> Not much to stop them except lack of demand. The most vocal demand
> for free wi-fi are home users in nearby apartments and offices that
> want free internet rather than paying an ISP for DSL or cable.
> Opinions as to the viability of such a system occupied by
> non-customers varies somewhat from abuse to a great deal. If Google
> offered free wireless internet, with no restrictions beyond the usual
> bandwidth limiting, in trade for some ads, non-intrusive statistics,
> and some light monitoring, would you go for it? I know quite a few
> that would.

Depends on what I want to use it for - casual browsing - perhaps, business
needs where
securing data paths is a concern - forget it. Typically most businesses
implement free access initially
to try and create a user-base/judge the potential viability of a service -
then at some point, they'll "change the ballpark"/ possibly charge for it -
Hotmail for example ? Do you think if GMail was the only existing Web-based
mail reader, Google wouldn't be tempted to charge for it ? The larger the
user-base, the more the argument to charge for it comes into effect.

>
>>> Amazing. Could you explain how they might do that with a local VPN
>>> client and server at a remote hot spot? I haven't seen the server end
>>> but methinks it would be difficult without a rather elaborate data
>>> collector at the hot spot end.
>
>>Gimme' a break. Do you doubt Google could currently afford that if they
>>wished ?
>
> Nice way to avoid the question.

I avoided it because frankly I don't know, as you've probably guessed !
However, I do think to ignore the possibility ( in arguably what is the most
creative industry the World has seen ) doesn't follow history. This industry
has shown time and time again that if something
doesn't exist and there is a potential need for it/resources to implement
it, it will tend to get created.
Maybe I'm "crystal-ball" gazing here, but the core fact of the matter is the
potential level of control Google are attempting to give themselves with
this is staggering.

I didn't ask they could afford to do
> it. I asked precisely how they would impliment such a spy system?
> Hint: Have you ever tried to sniff gigabit ethernet? Think of it as
> drinking from a fire hose.

You asked that because you probably know I couldn't answer it.
Do you think the same set of circumstances will exist in 5/10 years time ?

>
>>Just because they haven't implemented it yet doesn't mean to say they're
>>not
>>giving themselves
>>the means to do so.
>
> If you have any proof that they're sniffing, I would be very
> interested in hearing it. Otherwise, please confine you accusations
> and predictions of abuse to reality. Do you have any past evidence
> that Google has done anything even close to what you're suggesting?

I never accused them of anything ( other than trying to control data
paths -which is exactly what they're doing ). So what you're saying is just
because I've never had a drink in my
life, I'm never going to have one ? If I send a letter snail-mail I expect
the postal service to deliver it.
Sure they can conduct all the statistical analyses on how many mails are
sent by district, what colour
stamps are used or whatever, but that doesn't give them the right to analyse
what I've wriiten about
or who I'm writing to - that's MY business. When I browse. I browse for me
not to be a result of a stats collection by a third-party. The bottom line
is as a user, you're potentially losing control. Ultimately that's what I
don't like.

>
>>This is about nothing more than creating a "catch-net".

Sorry - See the ref to user-base above.

>
> Pardon my ignorance but what's that?
>
>>No doubt MS will follow-suit.
>
> Nope. Microsoft never follows. They just buy the leading company.

Or the second-leading (Connectix for example when VMWare told em' to get
stuffed).
You're telling me MSs attempts at a Search Engine/Virtual Earth aren't
attenpts to follow/compete with Google then ?

>
>>Thanks but if I want my wireless data
>>encrypted I'll choose to do it through the company I'm employed by.
>
> That's fair. It's possible that the Google VPN client has some back
> doors and security issues. However, I'm fairly sure that these have
> been checked by security professionals. Given time, they may chose to
> hvae it certified by an independent lab. If Google is really nice,
> they might allow their VPN termination server to accept other clients
> such as the Cisco VPN client or SafeNet client. Would that make you
> happy?

No because Google still control it. I don't have an issue with the service
at all. I do have an issue
with data collection.Offer the service and say we'll not monitor anything
other than System Performance issues and I'd be happy.The whole principle of
data collection and its potential uses is just one I strongly object to.
That's just my opinion though.

>
>>How the
>>hell can you or anyone else know what Google will do (or be asked to do)
>>with that data ?
>
> Well, they are required by law to disclose their security policies.
> Also, you could just ask them what they are collecting and how it's
> used. Start here:
> http://googleblog.blogspot.com/

I'm not interested in what they're collecting now - that's potentially a
constantly moving playing field anyway. I am interested in why they're
collecting it ?

>
>>Sure offer the service if you wish, just don't expect
>>everyone to jump on it.
>
> I'm not offering any service. Like everything else, new ideas require
> some risk. Personally, I don't think offering anything for free has
> any manner of long term viability, but it does sound nice.

Very true. If everything in life was free, we'd all be poor though I guess.

>
>>Missing the point. Whether it's free or not now isn't the point.
>>At some point in the future if this is a success, someone within Google
>>will
>>be sitting there saying
>>"Hmm.. Over a X year period, we've had X amount of people using that
>>service, and we've got all this lovely data". Why don't we charge em' for
>>it
>>? Even that is secondary to the fact that as an individual, you're
>>reliqushing control to a Corp. Thanks but no thanks. What they're trying
>>to
>>do is no better than what MS have done over the years. All about control
>>and
>>very little else. Kinda' boring actually.
>
> Not too bad a conspiracy theory. If you don't mind, I don't want to
> argue with you about this level of speculation.

OkeyDokey. That's what happens when I watch the X-Files too much.

>
>>> They already have access. The traffic between the client and the
>>> wi-fi hot spot will be encrypted by the VPN. The traffic between the
>>> hot spot and the ISP is not and could be sniffed by law enforcement
>>> agencies.
>
>>Or anyone else ???
>
> Why would any *COMPANY* find it necessary to do something so invasive
> and stupid? I can see the various law enforcement acronyms doing such
> things. They don't know any better. However, a company is
> responsible to its owners and stockholders. If any company were
> caught sniffing, say goodby to their reputation. I don't know any
> company that would risk that, especially the big ones that have the
> most to lose.

What about the "Garbage bin" sniffing by both MS and Oracle in the past ?
Huge Corps- makng lots and lots of money resorting to "dumpster-diving" I
believe you guys call it and paying third-parties to do the dirty work for
em'.
When you see Corps acting like that is it any wonder the individual
perspective is "Why should I trust them when that's what they get up to ?"
Besides, the service is either securable end-to-end or it isn't. If an
individual could potentially sniff-it he/she could easily pass the results
to a third-party ( who's probably paying them to do so ).
I'll always find that issue about "trust" is the key one. All the
technology/ideas floating around and
we still come back to that same old issue about human-trust. Tough-nut to
crack.

>
>>That's funny. Mr Porn merchant wants his daily dose of porn and the only
>>way
>>to get it is a daily trip down to Starbucks !! Can just imagine the trail
>>of
>>Net Users with holes cut in their newspapers so no-one will recognise em'
>>!
>>If I were that type do you think I'd actually be worried about what data
>>I'm
>>downloading anyway ?
>
> Not until your caught and get kicked off the system. I sometimes get
> to play enforcer on some hot-spot system and a WISP. That's the
> standard line. Frankly, I don't care what they look at or download.
> I only care about the quantity. One Bitorrent user can hog the entire
> system. I don't care if he's downloading movies, cd images, or porno,
> he's history if I catch him.

Oohhh the power !

>
>>Hmm..don't think so. Just the same old story - companies wanting control
>>of
>>infrastructure/data paths (& associated data).
>>That said, some will probably find it useful, but I'll be giving it a
>>permanent body-swerve.
>
> As I mentioned. You are entitled to your own level of paranoia.

Thanks for that - I've seen too much not to necessarily trust what I look
at.

>
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

Rgds, S

On Thu, 22 Sep 2005 14:11:03 GMT, "Steve Berry" <(E-Mail Removed)>
wrote:

I don't have much time to debate this stuff, so I'll limit my comments
to direct questions.

>Hmm....You're asking users to take alot on face value/show leaps of faith in
>Google.

Yes. I already do that with various ISP's, hosting services, cellular
providers, and telco service providers I deal with. When you're in
business there's an assumption of trust that has to be there or
nothing ever happens. The Japanese have developed this to a fine art
in that they will not do business with anyone they even suspect is
potentially untrustworthy. I've been running my own businesses long
enough to know that it's much easier and better to treat ones
customers and vendors as trustworthy, than to initiate some type of
adversary action. I tend to trust everyone and treat them
accordingly. Yeah, I get burned on occasion, but the greatest
majority of the people I deal with a honest and trustworthy. I think
Google qualifies.

>Therein lies the point - not so much what Google are setting up, but why are
>they doing it ?

Well, I can only guess as to why their stockholders want Google to
make money. Perhaps it's because they expect a return on their
investment?

>I mentioned previously about mass-market data collection, what is
>statistical study if it doesn't involve mass-market data collection ?

Most ISP's generate statistics on their overall customers traffic
usage and patterns. This is commonly deemed acceptable. It only
becomes an issue the traffic and use patterns are traceable to
individually identifiable customers.

Incidentally, Google currently sells keyword lookup use patterns,
click thru counts, and statistics to their advertisers. How else
could one know which search terms to "buy" and how effective the
advertising. However, none of these are traceable to individual
users.

>Do you think if GMail was the only existing Web-based
>mail reader, Google wouldn't be tempted to charge for it ? The larger the
>user-base, the more the argument to charge for it comes into effect.

The could use the Yahoo and Hotmail examples and only charge for
premium service. I think a better example will be Microsloth
Anti-Spyware Beta 1. Currently it's free until the end of the year.
Nobody knows if they're going to charge for it. Tradition has it that
once something is free, chargeing for the same thing results in
massive user alienation and eventual collapse of the marketing plan.
Let's see if MS is going to charge for their Anti-Spyware service.

>> I didn't ask they could afford to do
>> it. I asked precisely how they would impliment such a spy system?
>> Hint: Have you ever tried to sniff gigabit ethernet? Think of it as
>> drinking from a fire hose.
>
>You asked that because you probably know I couldn't answer it.

No, I asked a rhetorical question because I knew that if you thought
about it, you would see the problem with Google sniffing traffic.
There's just too much of it. It's also somewhat tricky with gigabit.
I'll spare you the details because I'm a bit busy today. If you want
some real entertainment, try sniffing a single session extracted from
a multiplexed fiber link. Unfortunately, there are commercial
products designed to do exactly that, so we can assume that someone is
sniffing telco mux traffic. Probably our trustworthy government
fighting terrorism or something.

>Do you think the same set of circumstances will exist in 5/10 years time ?

Of course not. I expect the volume of traffic and ubiquitous
encryption to make it even more difficult for Google to sniff your
traffic.

>Or the second-leading (Connectix for example when VMWare told em' to get
>stuffed).
>You're telling me MSs attempts at a Search Engine/Virtual Earth aren't
>attenpts to follow/compete with Google then ?

I'll keep it short. MS has tired to get out of the product biz and go
into the service business many times. MSN is the closest
approximation to a successful attempt. They've tried to turn their
software business into a rental business. Almost everything they seem
to be planning is drifting in the ASP (applications service provider)
direction despite massive resistance from the customer base. When you
think of such services as large database cartography, think of it in
terms of what direction MS is trying to move the customers.

>> http://googleblog.blogspot.com/
>
>I'm not interested in what they're collecting now - that's potentially a
>constantly moving playing field anyway. I am interested in why they're
>collecting it ?

Then post a question on their weblog asking exactly what they plan to
do with all the information they may or may not be gathering via their
VPN client or server. Go directly to the source and see if they can
answer your concerns.

>Very true. If everything in life was free, we'd all be poor though I guess.

One of my sidelines was reviewing business plans. Most sounded like
science fiction. The really entertaining ones were those that plan to
make money by giving something away. It's kinda difficult to eat
"market share". Since the dot com meltdown, most of the free
everything plans are gone.

>What about the "Garbage bin" sniffing by both MS and Oracle in the past ?

Sorry. I have no idea what you're talking about. Almost every
company that could gather statistics in the past have attempted to do
so. That was when the acceptable limits of such behavior had not been
established. The music players were logging what songs you played or
downloaded. Web portals were collecting URL's viewed. MS was
collecting installed software lists. Ad nausium. Most of these
companies still do that with one difference. The data is no longer
traceable to individual users. Is that acceptable to you?

>Huge Corps- makng lots and lots of money resorting to "dumpster-diving" I
>believe you guys call it and paying third-parties to do the dirty work for
>em'.

Oh that. That's called espionage and is far more common than you
would expect. Much of my early education in telco practices came from
fishing BSP's (Bell System Practices) out of the dumpter at telco
training offices. Some of my best souse code finds came from dumpster
diving. I fail to see the connection between such practices and your
suggestion of Google's potential breaches of privacy.

>When you see Corps acting like that is it any wonder the individual
>perspective is "Why should I trust them when that's what they get up to ?"

Sorry. I guess you can't trust me because I do dumpster diving.
Might as well add that the first thing I did on a new design was
reverse engineer the competitions. Of course prying information
during interviews from employees of competitors was unethical.
Hanging around a Silicon Valley bar (and I'm a non-drinker) just to
pry rumors from the competition is also unethical. Of course, trading
customers should be banned or made illegal. Surely, I'm more evil
than a mere dumpster diver.

Hint: I you ever decide to go into business for yourself, you'll
probably find yourself doing many things that are marginal. It's a
constant problem and bugs me as I don't have any built in sense of
ethics. I learned mine by working for companies of various sizes and
paying attention to how and why they do such things. If you expect
everyone in business to be squeaky clean and ethical, you're in for a
rude suprise. Some are more ethical than others and I consider Google
to be among the best.

>Besides, the service is either securable end-to-end or it isn't.

Great. None of the local ISP's offer VPN termination services to
non-commerical customers. But, you want end to end so that would
required that all server farms switch to accepting only SSL secured
web browsing. Not this week.

The immediate problem is the wireless link. It's just too easy to
sniff or spoof. The minimal solution is to encrypt just the wireless
part of the puzzle. That's good enough for the casual user. You can
solve the security problems of the internet another time.

>> I only care about the quantity. One Bitorrent user can hog the entire
>> system. I don't care if he's downloading movies, cd images, or porno,
>> he's history if I catch him.
>
>Oohhh the power !

Oh, the responsibility. I have to justify my actions when the irate
customer calls up and complains, or when the hot spot refers them to
me. I blocked a laptop user at a local hot spot last week because he
had an active spam bot running on his laptop. The bozo called me at
home and demanded to know why I had the "right" to block him. He knew
about the spam bot and was going to do something about it when he got
to work, but needed to do something on the internet first. I asked
for the name of his employer and he hung up on me. Fortunately, that
only happens about every other month so it doesn't bug me much. Try
some power or responsibility some day. You probably won't like it.

>Thanks for that - I've seen too much not to necessarily trust what I look
>at.

Fine. What have you seen Google doing that offends you? There have
been some pissing matches with the Scientology mob and battles with
hit counter enhancing utility vendors. Same with tricky web pages
intended only to be first on the searches. However, I don't recall
anything that would constitute a breach of trust by Google. What did
they do to make you not trust them?



--
Jeff Liebermann (E-Mail Removed)
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

"Jeff Liebermann" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> On Thu, 22 Sep 2005 14:11:03 GMT, "Steve Berry" <(E-Mail Removed)>
> wrote:
>
> I don't have much time to debate this stuff, so I'll limit my comments
> to direct questions.
>
>>Hmm....You're asking users to take alot on face value/show leaps of faith
>>in
>>Google.
>
> Yes. I already do that with various ISP's, hosting services, cellular
> providers, and telco service providers I deal with. When you're in
> business there's an assumption of trust that has to be there or
> nothing ever happens. The Japanese have developed this to a fine art
> in that they will not do business with anyone they even suspect is
> potentially untrustworthy. I've been running my own businesses long
> enough to know that it's much easier and better to treat ones
> customers and vendors as trustworthy, than to initiate some type of
> adversary action. I tend to trust everyone and treat them
> accordingly. Yeah, I get burned on occasion, but the greatest
> majority of the people I deal with a honest and trustworthy. I think
> Google qualifies.

I hope they do. The Japanese ethic is spot-on, but that trust element is
arguably the toughest to hold on to.
I guess that's one reason why the suicide rate in Japan is always so high.
Trust means different things to different people and if you get burned once
too many times, it can lead to you seroiusly
questioning the very reason why you do what you do. Meaning of life n' all
that.

>
>>Therein lies the point - not so much what Google are setting up, but why
>>are
>>they doing it ?
>
> Well, I can only guess as to why their stockholders want Google to
> make money. Perhaps it's because they expect a return on their
> investment?

Perhaps.

>
>>I mentioned previously about mass-market data collection, what is
>>statistical study if it doesn't involve mass-market data collection ?
>
> Most ISP's generate statistics on their overall customers traffic
> usage and patterns. This is commonly deemed acceptable. It only
> becomes an issue the traffic and use patterns are traceable to
> individually identifiable customers.
>
> Incidentally, Google currently sells keyword lookup use patterns,
> click thru counts, and statistics to their advertisers. How else
> could one know which search terms to "buy" and how effective the
> advertising. However, none of these are traceable to individual
> users.
>
>>Do you think if GMail was the only existing Web-based
>>mail reader, Google wouldn't be tempted to charge for it ? The larger the
>>user-base, the more the argument to charge for it comes into effect.
>
> The could use the Yahoo and Hotmail examples and only charge for
> premium service. I think a better example will be Microsloth
> Anti-Spyware Beta 1. Currently it's free until the end of the year.
> Nobody knows if they're going to charge for it. Tradition has it that
> once something is free, chargeing for the same thing results in
> massive user alienation and eventual collapse of the marketing plan.
> Let's see if MS is going to charge for their Anti-Spyware service.

Well it ain't theirs exactly. Sorry that's wrong - it is theirs now.
The usual product rebadging exercise.

>
>>> I didn't ask they could afford to do
>>> it. I asked precisely how they would impliment such a spy system?
>>> Hint: Have you ever tried to sniff gigabit ethernet? Think of it as
>>> drinking from a fire hose.
>>
>>You asked that because you probably know I couldn't answer it.
>
> No, I asked a rhetorical question because I knew that if you thought
> about it, you would see the problem with Google sniffing traffic.
> There's just too much of it. It's also somewhat tricky with gigabit.
> I'll spare you the details because I'm a bit busy today. If you want
> some real entertainment, try sniffing a single session extracted from
> a multiplexed fiber link. Unfortunately, there are commercial
> products designed to do exactly that, so we can assume that someone is
> sniffing telco mux traffic. Probably our trustworthy government
> fighting terrorism or something.

Wouldn't surprise me in the least.Unofortunately I don't currently have
access to that kit at home. Got a toaster though ?

>
>>Do you think the same set of circumstances will exist in 5/10 years time ?
>
> Of course not. I expect the volume of traffic and ubiquitous
> encryption to make it even more difficult for Google to sniff your
> traffic.

Betya' sniffing technology will have come on leaps and bounds though.
Take with pinch of salt.

>
>>Or the second-leading (Connectix for example when VMWare told em' to get
>>stuffed).
>>You're telling me MSs attempts at a Search Engine/Virtual Earth aren't
>>attenpts to follow/compete with Google then ?
>
> I'll keep it short. MS has tired to get out of the product biz and go
> into the service business many times. MSN is the closest
> approximation to a successful attempt. They've tried to turn their
> software business into a rental business. Almost everything they seem
> to be planning is drifting in the ASP (applications service provider)
> direction despite massive resistance from the customer base. When you
> think of such services as large database cartography, think of it in
> terms of what direction MS is trying to move the customers.

Yeah, I know they've been going on about the software as a service model for
years for fairly obvious reasons.

>
>>> http://googleblog.blogspot.com/
>>
>>I'm not interested in what they're collecting now - that's potentially a
>>constantly moving playing field anyway. I am interested in why they're
>>collecting it ?
>
> Then post a question on their weblog asking exactly what they plan to
> do with all the information they may or may not be gathering via their
> VPN client or server. Go directly to the source and see if they can
> answer your concerns.

May do. If I ask them I expect they can only answer in respect of current
projections.
No one really knows what the future holds. I guess Google are in the same
boat as the rest of us.

>
>>Very true. If everything in life was free, we'd all be poor though I
>>guess.
>
> One of my sidelines was reviewing business plans. Most sounded like
> science fiction. The really entertaining ones were those that plan to
> make money by giving something away. It's kinda difficult to eat
> "market share". Since the dot com meltdown, most of the free
> everything plans are gone.

The Chinese Govt do like Opensource, which is still free last time I looked
though. I guess that's more an anti-MS statement than
anything else.Getting Linux is a bit like getting a car with no petrol
(sorry gas). Until someone puts some gas in it, it ain't going nowhere.

>
>>What about the "Garbage bin" sniffing by both MS and Oracle in the past ?
>
> Sorry. I have no idea what you're talking about. Almost every
> company that could gather statistics in the past have attempted to do
> so. That was when the acceptable limits of such behavior had not been
> established. The music players were logging what songs you played or
> downloaded. Web portals were collecting URL's viewed. MS was
> collecting installed software lists. Ad nausium. Most of these
> companies still do that with one difference. The data is no longer
> traceable to individual users. Is that acceptable to you?

True but MSs recent WPA does log more machine details than I care to see.
They aren't naming the user, but they are naming location/IP/installed
OS/certain hardware items PID etc..., which is arguably more valuable than
user
info anyway..Just MS playing the numbers game again.

>
>>Huge Corps- makng lots and lots of money resorting to "dumpster-diving" I
>>believe you guys call it and paying third-parties to do the dirty work for
>>em'.
>
> Oh that. That's called espionage and is far more common than you
> would expect.

I can easily "expect" how common it is.

Much of my early education in telco practices came from
> fishing BSP's (Bell System Practices) out of the dumpter at telco
> training offices. Some of my best souse code finds came from dumpster
> diving. I fail to see the connection between such practices and your
> suggestion of Google's potential breaches of privacy.

Behavioural pattern. To me the practice of "dumpster-diving" is completely
unethical and only exists because those that choose to do it can get away
with it.
Ok, so that's gone on probably in one form or another since the beginning of
time, but it still stinks. Nobody ever hear of shredders in Silicon Valley ?

>
>>When you see Corps acting like that is it any wonder the individual
>>perspective is "Why should I trust them when that's what they get up to ?"
>
> Sorry. I guess you can't trust me because I do dumpster diving.

I'm guessing you don't need to do it anymore ?? As before doing the diving
isn't really the issue, it's what you do with what you find that's probably
more important.
Some elements of Silicon Valley behavour shall we say I'd rather steer clear
of.

> Might as well add that the first thing I did on a new design was
> reverse engineer the competitions. Of course prying information
> during interviews from employees of competitors was unethical.
> Hanging around a Silicon Valley bar (and I'm a non-drinker) just to
> pry rumors from the competition is also unethical. Of course, trading
> customers should be banned or made illegal. Surely, I'm more evil
> than a mere dumpster diver.

No you're just a product of the modern-age
As Client Eastwood once said "Every man's got to know his limitations". For
some they just stretch further than others.

>
> Hint: I you ever decide to go into business for yourself, you'll
> probably find yourself doing many things that are marginal. It's a
> constant problem and bugs me as I don't have any built in sense of
> ethics. I learned mine by working for companies of various sizes and
> paying attention to how and why they do such things. If you expect
> everyone in business to be squeaky clean and ethical, you're in for a
> rude suprise. Some are more ethical than others and I consider Google
> to be among the best.

We finally get down to it. One man's pleasure is another man's poison.
Don't think my career's been as varied as yours, but I have dealt with those
I wouldn't rather have dealt with.
I learned I'm not the success at all costs type even though what I've seen
has probably been produced by those of that "Vintage" shall we say.
Corny as it sounds I value my soul ! I've got no wish to be reincarnated as
Steve "Developers..developers..developers..." Ballmer.
What the **** are you going on about Mr Sweaty ?

>
>>Besides, the service is either securable end-to-end or it isn't.
>
> Great. None of the local ISP's offer VPN termination services to
> non-commerical customers. But, you want end to end so that would
> required that all server farms switch to accepting only SSL secured
> web browsing. Not this week.

That's fine. I'll just avoid it then.

>
> The immediate problem is the wireless link. It's just too easy to
> sniff or spoof. The minimal solution is to encrypt just the wireless
> part of the puzzle. That's good enough for the casual user. You can
> solve the security problems of the internet another time.

If the user doen't give a stuff about where it's going then yeah that's ok.

>
>>> I only care about the quantity. One Bitorrent user can hog the entire
>>> system. I don't care if he's downloading movies, cd images, or porno,
>>> he's history if I catch him.
>>
>>Oohhh the power !
>
> Oh, the responsibility. I have to justify my actions when the irate
> customer calls up and complains, or when the hot spot refers them to
> me. I blocked a laptop user at a local hot spot last week because he
> had an active spam bot running on his laptop. The bozo called me at
> home and demanded to know why I had the "right" to block him. He knew
> about the spam bot and was going to do something about it when he got
> to work, but needed to do something on the internet first. I asked
> for the name of his employer and he hung up on me. Fortunately, that
> only happens about every other month so it doesn't bug me much. Try
> some power or responsibility some day. You probably won't like it.

I did and you're right I didn't. When people start to realise the truth of
the information age it ain't a pretty sight.
Started to realise that years ago when I got involved with some Compuware
products - and I thought "Jeez - this stuff's awesome"..So much potential
and alot of dev work going into products that most will never hear about. Ok
so even they nicked (sorry acquired) the flexlm licensing componants from
Globetrotter at the time, but hey welcome to Corp land.
Unfortunately I was working with a manager at the time. You know the type
"My Boss likes me cos' I get stuff done" blah..blah... and we go out for
drinkies etc..
Oh yeah ? What just you ? On the backs of others ? What you talking about
here ?
Needless to say, I left, guy was a (control) twat. What they needed to get
done was never going to get done - frankly the talent/incentive just wasn't
there. Oh well, c'est la vie. Another potential promising career bites the
dust before it even starts !

>
>>Thanks for that - I've seen too much not to necessarily trust what I look
>>at.
>
> Fine. What have you seen Google doing that offends you? There have
> been some pissing matches with the Scientology mob and battles with
> hit counter enhancing utility vendors. Same with tricky web pages
> intended only to be first on the searches. However, I don't recall
> anything that would constitute a breach of trust by Google. What did
> they do to make you not trust them?

Absolutely nothing ( the more MS employees they can nick (minus the court
cases) the better, but dump the MS practices before you go and get back to
being genuine people eh ?? )
I've just got this niggle with giving control to Corps when I don't have any
clear visibility as to what they're going to do with it. Bugs me no-end.
I'm still sitting here thinking Google, Where are you really going with this
???

Anywayz, many thanks for the input Jeff, it was educational to say the
least.

Rgds, S

>
>
>
> --
> Jeff Liebermann (E-Mail Removed)
> 150 Felker St #D http://www.LearnByDestroying.com
> Santa Cruz CA 95060 http://802.11junk.com
> Skype: JeffLiebermann AE6KS 831-336-2558

As a free alternative I use iPig with good success (even so it still
seems to be in beta)
The software (http://www.iopus.com/ipig) includes the option to set up
your *own* VPN server extremly easy. Thus all traffic goes to your
computer and not via the Google machines!

Interesting - thanks.

S

"WifiFan" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) oups.com...
> As a free alternative I use iPig with good success (even so it still
> seems to be in beta)
> The software (http://www.iopus.com/ipig) includes the option to set up
> your *own* VPN server extremly easy. Thus all traffic goes to your
> computer and not via the Google machines!
>