Google launched the Buzz service in early February.  Google Buzz is the search and advertising giant’s misguided attempt to create a social network that would rival Twitter, FaceBook, MySpace, and Bebo.  As with everything else Google has done, they arrived late to the game, put their interests above those of their customers, and asked us to trade our basic right to Internet privacy away in order to use their fantastic new service.  It’s still too early to know definitively, but it looks like this time we didn’t fall for it.  They’ll have to go back to the drawing board if they want to cash in on social network advertising.

There’s been a lot of hullabaloo on the web over the past few weeks about Google Buzz’s faulty privacy measures.  The first issue is that Google just launched Buzz without telling anyone how it would affect them.  So one day everyone logs into Gmail and sees this Buzz crap.  What’s that about?  Don’t we have a right to decide what we want to run and what we don’t?  Sure you can turn it off, but the point is that it should’ve been our choice to turn it on in the first place.

The next issue is the “autofollow” setting.  It seems that part of the end user agreement (which no one reads because if they did they’d realize their Gmail isn’t private) authorizes Google to publicly publish a list of everyone you talk to over Google Buzz.  So you chat with friends and send a few emails, and the world knows it.  This isn’t the same as FaceBook which can be configured so that your friends can’t even see your friends list let alone the general public.  Now anyone who wants to can see who you communicate with.  It’s hard for me to imagine a more horrific violation of privacy, although I guess capturing your credit card numbers from your Gmail and posting those publicly would be worse.

Am I overreacting?  I don’t think so, but then again I hardly ever think I’m overreacting .  Imagine how fun your life would be if you got an email from an old girlfriend who found you on Google Buzz and you didn’t even answer her.  And your wife looks at your list of autofollowers and wants to know who this woman is.  That’ll be a fun discussion.  I don’t know about you, but I do not want a public list of everyone I email.  That would not be a good move for a security practitioner.

And finally, the GPS functionalities on Google Buzz Mobile really push the limits of privacy.  I would also suggest that this could put you in actual physical danger.  They’ve integrated Google Buzz with Google Maps.  So you pull your phone out of your pocket and post your latest status to Buzz.  Now everyone who follows you sees where you are on their Google Map.  I don’t know about you, but I’m not sure I want everyone who follows me to know where I am all the time.  At the very least, they now know you’re not at home and they can go rob you.  Or imagine if your son gets in an argument with his friend who can then track him down in the mall parking lot using Google Maps and attack him.  Google claims they’ll add the option to turn this off at an undisclosed future date.  Stop and think about it for a minute.  If Google can do this with Google Buzz, then what stops them from using the GPS in your mobile phone from tracking you at all times so they can serve location based ads?

Here’s what you can do:

1. Disable Buzz entirely by scrolling to the bottom of the Buzz page and selecting “turn off Buzz”.
2. Disable Autofollow: Go to your Google Profile page settings and uncheck the box which was thoughtfully checked by default labeled “Display the list of people I’m following and people following me.”
3. Block a single person from following you: click on her name in your list of followers and then choose to block her.
4. Turn off GPS features: Never mind, you can’t do that.

This represents a larger pattern of Google behavior.

I have been writing about the evil of Google for years and years.  And no one listened.  People seem shocked that Google is willing to violate their privacy in order to make a quick buck.  But their entire business model is built on violating our privacy.  Their browser toolbar monitors the web sites we visit.  They monitor what we search for and they know what ads we view.  They read and analyze Gmail so they can target us better for ads.  Google Desktop is a quick way to find information on your computer, and a quick way for Google to learn just what is on your computer.  Are you running their browser, their OS, or using their phone?  Add up everything they know about you and it gets pretty damn scary.  They probably know you better than your mother does.  And I promise you that it will get worse.

Why will it get worse?  Because Google is being handsomely rewarded by Internet advertisers and Wall Street investors.   They’ve systematically robbed us of our privacy so much more egregiously than any of their competitors and they’re laughing all the way to bank.

We’ve come a long way since two college kids sat in our offices at PC Magazine and showed us their snazzy new search algorithms.  Google isn’t about search anymore, and it sure as hell isn’t about a couple of excited and brilliant kids.  They are a full-fledged advertising company who will sell your privacy for a buck (or less).  The spirit of simply being a better search engine has been dead for years.

The question is, how long will you tolerate their violations of your privacy?

There was a really insightful posting about Microsoft’s law enforcement investigation compliance policies over at GamePolitics.

MSFT Criminal Compliance Handbook Leaked | GamePolitics.

The most important thing to realize is that I was writing stuff 10 years ago trying to alert businesses and consumers that Microsoft was tracking what we did.  Companies embed tracking information in hardware and on web sites also.  No big shock there to most people.

But the shock is just how ready Microsoft is to hand everything about you over to a law enforcement agency.  They designed the information stores for their online services so that they could easily obtain your info and provide it when asked.  I’m talking about Windows Live, Windows Live ID Windows Live Messenger, Hotmail and Xbox Live.

For example, law enforcement could get a warrant for your Xbox Live account and obtain your full name, address, credit card, Microsoft PassPort account and then have access to all your Hotmail email. And your IP address.

The big picture is that if you’re using Microsoft anything you should know that Big Brother is watching you.  The same is true for Google – Gmail, the search engine, desktop search – so I’m not calling out Microsoft for anything others don’t do.

They know where you are, your web activities, the text of your email, the games you play and the movies you watch.

My latest blog post on IDGuardian went live this morning. Apparently Tee had nothing better to do while trapped at home during Snowmaggedon 2010.

The article is a bunch of personal safety techniques that I’ve learned over the years.  Here are some highlights:

Always keep track of expenditures you have made using your credit and debit cards (and in a hotel watch what gets charged to your room).

Better yet, use cash to remain anonymous while keeping your credit cards safe.

In the immortal words of Kenny Rogers, “you never count your money, while you’re sitting at the table”, comes the next bit of advice. Waving a wad of cash around in Manila Airport just might be the dumbest thing you could do regarding your personal safety. When you change money, count it at the counter before you leave, shielding it from public view with your body, and then make sure no one follows you when you leave the money changer. Don’t carry your wallet in your back pocket.

Don’t give out personally identifying information (PII) to anyone.

It’s important to orient yourself when you land and when you check into your hotel.

When you’re at the airport, keep a close eye on your belongings.

Always protect your smartphone.

NUREMBERG, Germany, November 17/PRNewswire/ — NCP engineering GmbH in Nuremberg announces the release of the first universal IPsec VPN Client Suite for Windows 7. This software not only supports all 32 and 64 Bit Microsoft operating systems but also includes comprehensive performance features for easy and economical Remote Access such as: VPN Path Finder technology, optimisation for 64 bit systems and support for the latest drivers as well as WLAN roaming. The compatibility with VPN Gateways of all renowned manufacturers is also of utmost importance.

The NCP Secure Entry Client meets, in its latest version 9.2, the constantly growing needs of VPN Clients for 64 Bit Windows systems and complies with the main requirements of companies to only have to use one universal IPsec VPN Client in heterogeneous IT landscapes. The consistent operation and user interface reduces helpdesk costs and training costs. A highlight of the new version is the “NCP VPN Path Finder Technology”. This performance feature allows users to also establish IPsec data connections behind firewalls which have a port configuration that usually makes it impossible to establish IPsec communication (e.g. in hotels or public hotspots). Therefore, there are no longer any issues to comprehensively implement an IPsec based security policy.

Further improvements in version 9.2 are: support for the newest Intel Wi-Fi driver and mobile broadband, the 64 bit optimization, WLAN roaming and “tip of the day”. The 64 bit optimization increases data throughput by about 20%, WLAN roaming automatically chooses the strongest available access point with the same SSID and the “tip of the day” shows the user examples of the wide range of potential uses of the NCP VPN Client. Handling for user and administrator is also improved. Examples for these improvements are e.g. the optimized WLAN GUI and field intensity, profile exports and the revised 3G/UMTS configuration

The NCP Secure Entry Client offers, as the VPN Client Suite, coordinated communication and safety related performance features for universal Remote Access. The VPN Client offers, as a Client Suite, an intuitive, graphical user interface; its own dialler, a dynamic personal firewall and the integrated support of a large number of mobile connect cards. Teleworkers hence really get a true “one-click-solution”. Comfort functions include budget manager, WISPr-support, automatic media type recognition, import of profiles of “foreign” VPN gateways and OTP mobile support reduce support costs and operating costs.

Companies can download a 30 day unlimited trial of the Client’s version at http://www.ncp-e.com/en/downloads/software.html

New technology offers freedom from fear in an increasingly digital world

WASHINGTON – InZero Systems announced the launch of revolutionary new computer hardware that eliminates the threat of network-originated data compromises and virus attacks at a panel discussion on cybersecurity.  This new technology (see photo of the groundbreaking device) unveiled at the National Press Club by InZero Chairman and Chief Executive Officer, Louis Hughes, walls off intrusions and viruses, while allowing full access to the outside world; providing secure communication and freedom from fear of intrusion, loss of data, and intellectual property theft.  Mr. Hughes, former President and COO of Lockheed Martin and Executive Vice President of General Motors, was joined by General Wesley K. Clark (Ret.), Chairman of the Advisory Board, InZero Systems; Adam Hils, Principal Research Analyst, Gartner; and Phil Zimmerman, Creator of PGP and one of the top 50 tech visionaries according to PC World.

“The national security of the United States is increasingly dependent on our ability to safeguard vital information,” said General Wesley Clark (Ret.).  “As terrorism and espionage continue to gain footholds in the digital world, we must be prepared to face the onslaught of cyber attacks our nation and economy experience on a daily basis.  The technology unveiled by InZero Systems today promises to be a key part of our digital defense.”

The InZero Secure PC changes the security paradigm by providing essentially “two computers in one”: a standard computing module and a secure “InZero Gateway” module.  The InZero Gateway module is directly connected to the internet.  It isolates and hosts potentially dangerous network applications, processes incoming and outgoing files and transfers files to and from the computing module, which is permanently offline.  This dual-module approach ensures the PC is secure while maintaining the capability to send and receive emails, process attachments, browse the internet, and download/upload documents.

“Today’s computer hardware is not designed to simultaneously address the security challenges of the internet while facilitating the rapid flow of information in our digital economy,” said Louis Hughes, Chairman and CEO of InZero Systems.  “Attempts to deploy security software fixes to remedy the situation have led to a constant game of catch-up between hackers and IT security companies–with no end in sight.  Until now.  For the first time, by deploying InZero hardware, you will finally be free to safely go anywhere you want on the internet.”

Beyond the secure PC, InZero Gateway modules can be interconnected to create secure networks, allow organizations to effortlessly extend their perimeters, and allow secure remote access  (no matter how many viruses are on the remote PC).  These modules can also create a secure internet by providing trusted connections between unfamiliar partners, based on the use of InZero technology.  This can serve as a foundation for secure direct communications, secure cloud computing, secure grid computing, secure social networks, and secure online applications.

###

About InZero

InZero Systems began operations in 2005 with the goal of providing organizations with a far more effective, yet fundamentally different, approach to protecting sensitive data.  Headquartered in Herndon, Virginia, the company is led by cybersecurity experts, entrepreneurs, and Fortune 100 senior executives and has grown to more than 60 employees.  More information can be found at InZeroSystems.com.