REVIEW: "Googling Security", Greg Conti
- BKGGLSEC.RVW 20091020
"Googling Security", Greg Conti, 2009, 978-0-321-51866-8,
%A Greg Conti conti@... www.GregConti.com www.rumint.org
%C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8
%G 978-0-321-51866-8 0-321-51866-7
%I Addison-Wesley Publishing Co.
%O U$49.99/C$54.99 416-447-5101 800-822-6339 bkexpress@...
%O Audience i+ Tech 2 Writing 2 (see revfaq.htm for explanation)
%P 332 p.
%T "Googling Security: How Much Does Google Know About You?"
The title is ever so slightly misleading: the subtitle is much
clearer. This is not about doing Web searches to find security tools
or information, but, rather, the information that Google collects from
(and relating to) Internet users in the course of providing its
services and tools. The preface states that the intent is to raise
awareness of the privacy risks involved in using Google, its utilities
and services, and of similar systems and agencies. Conti does not,
for the most part, present solutions: some activities admit of no
resolution. Google is not being singled out because the author
doesn't like the company, but because it is the largest and most
pervasive search and information system, with the greatest
implications, and because the policies and decisions resulting from
discussions of these issues can be applied more generally.
Chapter one is an overview of the online world, and online activity,
and the scope and capabilities of Google. There are extensive
endnotes supporting the stories and studies cited in the text. The
normal information flows involved with computer operations are
outlined in chapter two, and Conti points out the potential areas of
leakage. Although not named as such, he provides an excellent
explanation of the trusted computing base (TCB), as well as reviewing
covert channels such as TEMPEST and acoustic surveillance, and
Internet entities. Turning more specifically to the structure of
requests from browsers, chapter three notes the information that is
captured by server logs. The author also notes data provided by users
themselves, and that which can be obtained from statistical analysis
of a large amount of activity.
Chapter four notes the various search sites and functions, as well as
the intelligence that can be inferred about someone, simply by
examining the search requests submitted. Communications, mostly
Gmail, is the subject of chapter five. Chapter six examines the
mapping and related imagery functions, discussing the information
disclosed by requests for directions, as well as the occasional
invasion of privacy involved in the collection of satellite
photographs. (Personally, while I don't use Google Earth, I use
Google Maps quite a bit. I was interested to see that my non-standard
interaction with the system inadvertantly protected against some of
the dangers Conti points out. I don't "express interest" by clicking
on the "Print" or "Link ..." buttons, but tend to copy the link
location URL and use that. Of course, if Google buys up TinyURL I may
be in trouble ... :-) Tracing functions related to the provision of
advertising, as well as malicious enterprises associated with
commercial proclamations, are noted in chapter seven. Webbot, spider,
or crawler operations are detailed in chapter eight. Although Conti
did not promise a solution, chapter nine does provide recommendations
and resources to raise awareness of the issues, and assist with
protecting the reader's privacy. Chapter ten finishes off with a look
to the future, and the forces which ensure that whether or not Google
survives, the privacy situation online is unlikely to change.
The book is certainly interesting and illuminating. Internet users,
for the most part, may have encountered security awareness material
that speaks of the dangers of certain types of activities, but not
necessarily of how much information they disclose in the course of
normal pursuits. While Google is used as a specific example in many
parts of this work, the internal operations of many of the services
and utilities are not examined to the internal depth they might have
been. A more accurate title might be "Privacy While Surfing."
Which is an important enough topic to read about in any case.
copyright Robert M. Slade, 2009 BKGGLSEC.RVW 20091020
====================== (quote inserted randomly by Pegasus Mailer)
rslade@... slade@... rslade@...
When a subject becomes totally obsolete we make it a required
course. - Peter Drucker