tag:blogger.com,1999:blog-16750015.post3701198224177719505..comments2024-01-24T20:01:37.600-05:00Comments on slight paranoia: Two honest Google employees: our products don't protect your privacyChristopher Soghoianhttp://www.blogger.com/profile/08950937382104783909noreply@blogger.comBlogger21125tag:blogger.com,1999:blog-16750015.post-3744423943765160902013-03-27T23:00:50.833-04:002013-03-27T23:00:50.833-04:00For documents, Google should implement a password ...For documents, Google should implement a password protection facility to individual Google drive files. That would be the ultimate solution. Till then intermediate solutions like using <a href="http://www.skipser.com/p/2/p/password-protect-google-drive-document.html" rel="nofollow">google scritps for password protected google docs</a> could be used.Arunnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-83687236978498048462012-12-19T04:07:35.538-05:002012-12-19T04:07:35.538-05:00@Anonymous said:Encrypt everything. Have any of yo...@Anonymous said:Encrypt everything. Have any of you heard of Truecrypt?<br /><br />Unfortunately that does not solve the issue of a web based email system. Truecrypt only encrypts your local hard drive, and there are also some incompatibilities with some of the newer file systems. It's a good program, but it does not solve the issue being addressed here.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-33342301588080053422012-03-02T09:42:26.592-05:002012-03-02T09:42:26.592-05:00@Anonymous claiming Google Docs guess rar password...@Anonymous claiming Google Docs guess rar passwords - please demonstrate your claim. Doesn't work for with with zip or 7z archives.<br /><br />@NIC1138: Please read "Why Johny Can't Encrypt", all the answers are there.<br /><br />@Kimberley D - Very well said. Other than policy reform, we need concrete, easy to use solutions that people can use now.<br /><br />@David Herzog Would love to have that on video :-)Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-70887225713779944722011-12-23T15:00:03.745-05:002011-12-23T15:00:03.745-05:00>...dehumanization of myself into an electronic...>...dehumanization of myself into an electronic asset. id rather not be consumed.<br /><br /><br />Beautifully put, Dudeman.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-65968878250664884292011-11-13T02:19:03.210-05:002011-11-13T02:19:03.210-05:00Hello people. Encrypt everything. Have any of you ...Hello people. Encrypt everything. Have any of you heard of Truecrypt?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-65321403139542976852011-11-08T11:20:35.546-05:002011-11-08T11:20:35.546-05:00my gmail is a means for people to tell me they nee...my gmail is a means for people to tell me they need to speak to me in person :). ill never have a facebook, twitter, or other social media account as we live in a nebulizing police state, and i fear that a harmless conversation about a baked potato or a surfboard will lead to an invasion of my privacy and dehumanization of myself into an electronic asset. id rather not be consumed.<br /><br />thanks for this blogpost.Dudemanhttp://www.vice.comnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-15504321721911132972011-11-05T22:01:07.013-04:002011-11-05T22:01:07.013-04:00first, the problem with encrypting your mail is po...first, the problem with encrypting your mail is post-processing, namely - search.<br />if you encrypt your mail, you won't be able to search it.<br /><br />second, all existing encryption schemes (pgp, gpg, s/mime) leave headers open, which in practice means that recipients and exact date are known. sometimes this is all or at least a large part of that authorities or whoever is snooping at your mail is after.rojerhttps://www.blogger.com/profile/02447775082158665952noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-41632612290832331192011-11-04T10:39:07.865-04:002011-11-04T10:39:07.865-04:00Try this: upload a rar to google docs with the pas...Try this: upload a rar to google docs with the password "google", and you can see the file contents on docs itself. They TRY dictionary passwords even for your stored data.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-86190544607945486142011-11-03T17:05:23.194-04:002011-11-03T17:05:23.194-04:00Chris, you are right on with this post and the Tim...Chris, you are right on with this post and the Times piece.<br /><br />I've been telling professional and student journalists for a couple of years now that they really need to keep their sensitive documents and email off Google and other cloud-based software services.<br /><br />A Google rep visited the Missouri School of Journalism to show students the company's services (many of which are great and I use daily). I asked him what Google would do if law enforcement asked for a reporter's notes stored in Google Docs. He said he would have to get back to me, but never did.<br /><br />That didn't inspire a lot of trust.David Herzoghttps://www.blogger.com/profile/09341572772271586684noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-64972514888408933682011-11-03T13:34:30.752-04:002011-11-03T13:34:30.752-04:00@Alternative News:
no, not at all..
clearly you ...@Alternative News:<br /><br />no, not at all..<br /><br />clearly you do not understand how PGP works. If you only ever transmitted ciphered data using gmail and distributed your public key over the internet, as long as you had reliable public keys of your intended recipients your mail would only ever be stored in a computationally secure format on google's servers, and still readable by the intended recipient.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-63872931678321448132011-11-03T11:17:31.729-04:002011-11-03T11:17:31.729-04:00JTemplin pushes his "Lockify.com" in an ...JTemplin pushes his "Lockify.com" in an earlier comment, but it seems to me it's not invulnerable to the same trap that GMail and other unencrypted hosted mail solution are. From the Lockify page: <br /><i>"Using our web application, our browser extension, or our forthcoming smartphone and desktop apps, your sensitive information is encrypted on your computer. The decryption key is embedded into a link that you share with your recipient using your existing communication tools (email, chat, SMS, etc.). The result? Even we can't view your private communications.</i>"<br /><br />The way I read this, anyone who can get hold of the unencrypted email (e.g. the FBI using an NSL or the cops using a court order) can get both the link and the encryption key. This means your "private" communications are now open to them as well as to your intended recipient.<br /><br />True encryption using both your own private/public key pair and the recipient's key pair is one of the only solutions I know of that will work. And right now that's a PITA to implement.Angushttps://www.blogger.com/profile/16615297276057575453noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-88318160999714512462011-11-03T10:06:54.653-04:002011-11-03T10:06:54.653-04:00I spoke with a Google engineer back around 2006 wh...I spoke with a Google engineer back around 2006 who was working on a solution to this problem: a way to encrypt the data so Google couldn't see what they were using. <br /><br />I don't know what he's doing now, but the product he described (a sort of Google file repository where all your files are encrypted to elliminate consumer distrust) has not launched and appears to have been cancelled.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-60406884072510648182011-11-03T07:32:37.082-04:002011-11-03T07:32:37.082-04:00Terrific post. It's not discussed enough that ...Terrific post. It's not discussed enough that the ad-based business model that underpins the Google, Facebook, etc is non-compatible with their customers' privacy.<br /><br />At Lockify.com we use client-side encryption & decryption (among many other measures) to ensure that our users' private info stays private. We believe it's a model we're be seeing a lot more of in the coming years.<br /><br />Happy to expedite early access to any one who mentions this post.<br /><br />Jack<br />jtemplin at lockify.com dotcomJack Templinhttp://www.lockify.comnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-28920859376525604002011-11-03T00:33:03.383-04:002011-11-03T00:33:03.383-04:00lol Peter you've missed the boat.lol Peter you've missed the boat.Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-57781837707855962962011-11-02T23:48:40.454-04:002011-11-02T23:48:40.454-04:00How about paid google accounts, e.g. google apps u...How about paid google accounts, e.g. google apps users. Does Google encrypt mails and docs that I use on paid corporate account since there are no ads on those?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-6745026458307123452011-11-02T22:47:51.575-04:002011-11-02T22:47:51.575-04:00I'm becoming increasingly frustrated by the nu...I'm becoming increasingly frustrated by the number of well-written articles in mainstream media about how Google, Facebook, etc. don't protect private data.<br /><br />People are not completely unaware that isn't keeping their data secure. What they do lack awareness about is what alternative options exist for non-technical people. <br />Their other choices don't tend to be similarly sized companies with a large advertising budget. <br /><br />You have the ability to get a sizable audience to read your words. Use that power for good. They already know that problems exist. What they need is concrete suggestions and steps they can use today to take action.Kimberley Dhttp://www.to-evolve.com/aboutnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-70996660516934870002011-11-02T21:40:44.776-04:002011-11-02T21:40:44.776-04:00Does anyone else find the fact that this is hosted...Does anyone else find the fact that this is hosted by Google at all ironic?<br /><br />How can we use PGP to secure gmail? If they have it on their servers wouldn't it make no difference to encrypt our home PCs? What secure web mail companies are out there?Alternative Newshttp://endthelie.comnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-67739436593907641972011-11-02T19:57:26.363-04:002011-11-02T19:57:26.363-04:00TL;DRTL;DRAnonymousnoreply@blogger.comtag:blogger.com,1999:blog-16750015.post-82175009612585815662011-11-02T19:28:26.408-04:002011-11-02T19:28:26.408-04:00The solution - a browser that allows you to select...The solution - a browser that allows you to selectively opt-in/opt-out of sending private data.Anonymoushttps://www.blogger.com/profile/07858074897556111844noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-76491162776061315872011-11-02T18:30:34.602-04:002011-11-02T18:30:34.602-04:00I find it really hard to understand why people don...I find it really hard to understand why people don't use PGP more often. People: the solutions are out there, just pick it up and use it!<br /><br />You may choose to rely on companies to protect your privacy. But if you are really concerned, you really should learn to use PGP, and take care of it by yourself. It is safer, and will let to keep using any other service you like (e.g. gmail, dropbox...)<br /><br />I don't know how these services you mention work, but it looks to me just that they have a great set of applications that automate the process of encrypting stuff with a key that is generated in your machine. So it's really not different that using any other encryption solution. It's just a good application that help you out...<br /><br />I don't think we should demand e.g. Google to care about this. It is not reasonable. As it is not right to hope that ISPs don cooperate with governments. The more you take care of your digital security yourself, the better for your.<br /><br />Anyway, it's crazy that journalists and protesters and whistle-blowers and the like just don't seem to care about that. The tech is in the reach of their hands, but they don't seem to realize they should be using it!Nicolauhttps://www.blogger.com/profile/09316830278881493792noreply@blogger.comtag:blogger.com,1999:blog-16750015.post-21309907163956020042011-11-02T18:09:59.975-04:002011-11-02T18:09:59.975-04:00Thanks you for sharing, Chris. I never understood ...Thanks you for sharing, Chris. I never understood why Google et al do not encrypt our data. I see your point from business perspective. How hard is it to change the way they are doing it? I do not see how hard this can be. For example, if I have 100 documents stored in google doc, they could extract very basic information that help them figure out what Ad to present and keep the documents encrypted when stored. We all know from IR perspective that you do not need the entire document after you extract the necessary information to classify it and run your business model. If this is the case and Google was ordered to release those data they can release only what they know which at that time is not much. It will be a general classification about the user data but not his data since it is encrypted. <br /><br />Maybe I am wrong but I do not think that Google et al are taking the privacy issue seriously. I am sure they can come up with a way to run their business model and keep their users data secure.Anonymousnoreply@blogger.com