Forgot your password?
typodupeerror
Google Privacy Your Rights Online

Google Building Privacy Red Team 92

Posted by samzenpus
from the first-responders dept.
Trailrunner7 writes "Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy 'red team,' a group of people charged with finding and resolving privacy risks in the company's products. The concept of a red team is one that's been used in security for decades, with small teams of experts trying to break a given software application, get into a network or circumvent a security system as part of a penetration test or a similar engagement. The idea is sometimes applied in the real world as well, in the form of people attempting to gain entry to a secure facility or other restricted area."
This discussion has been archived. No new comments can be posted.

Google Building Privacy Red Team

Comments Filter:
  • by symbolset (646467) * on Wednesday August 22, 2012 @08:25PM (#41089033) Journal
    It's a good idea too. Deliberately cause mayhem to encourage and test true redundancy.
  • I think... (Score:4, Insightful)

    by Jafafa Hots (580169) on Wednesday August 22, 2012 @08:25PM (#41089045) Homepage Journal

    ...the concerns about Google and privacy have next to nothing to do with what hackers might do with the data Google collects on you, rather than what Google will do with it.

    • Re: (Score:3, Informative)

      by desertfool (21262)

      And that is exactly what I wanted to say. I'm more worried about Google than anyone else.

      Long live Adblock and Ghostery.

      • by bhagwad (1426855)
        Than ANYONE else? Really? So if you had to choose an ISP, you would rather use a corporation like say AT&T or Time Warner rather than Google?
      • If you were a Chinese dissident using gmail to communicate and collaborate, you might have different priorities.
      • by WoLpH (699064)

        Unfortunately Ghostery and/or Adblock are not always an option.

        My bank (ABN-AMRO) has recently updated their website and with that added Omniture tracking to all pages. If you use Ghostery (as I do) the site just stops functioning entirely and the entire Internet banking system doesn't work anymore.

        So unless I permit Omniture to see everything what I am doing and effectively giving them access to my bank account including transferring money to other accounts... I cannot access my Internet banking system any

      • Hyperbole (Score:5, Insightful)

        by brunes69 (86786) <slashdot&keirstead,org> on Thursday August 23, 2012 @06:54AM (#41092583) Homepage

        Yes, because it is much worse for Google to know I prefer a BMW to a Toyota and serve me ads appropriately, vs. having someone use the same information to steal my identity, take out a second mortgage on my home, and leave me destitute.

        You can take my house, but PLEASE don't ask me what my car preference is!

        Can we tone down the hyperbole please? Comparing using personal data for marketing vs. using it to steal from innocents is just stupid.

      • by Yvanhoe (564877)
        I still like that Google are making sure that no one can get data from them without their accord. It is a separate issue.
    • Re: (Score:3, Insightful)

      by Anonymous Coward

      You shouldn't be concerned about Google. This data is Google's most valuable possession, and the company's entire value is dependent upon that data staying in the company. Google is the producer and consumer of the data, and they're not going to let it out. Google (and everyone in charge there) also has a strong sense of ethics, and while some things have gone wrong, their record is still pretty stellar.

      Who you SHOULD be worried about are the companies that exist solely to collect and sell information. They

    • "...the concerns about Google and privacy have next to nothing to do with what hackers might do with the data Google collects on you, rather than what Google will do with it."

      Yes. It isn't privacy "vulnerabilities" we should care about so much with Google, but the privacy losses that are inherent in their business model.

  • And here I thought, silly me, that it was the massive fines by the EU and Canadian regulators as to their practices that caused this change.

    Never mind.

    I'm sure they're doing it for the reason you say.

  • by NoKaOi (1415755) on Wednesday August 22, 2012 @08:37PM (#41089163)

    The fine referenced in the summary was an intentional violation of privacy, at least from what I understand. It sounds like the point of the red team is to find unintentional security flaws that may cause privacy risks. That's good and all, but it really doesn't address the issue that the article and summary are pretending to address.

    • by LordLucless (582312) on Wednesday August 22, 2012 @08:45PM (#41089231)

      Google is big. It's also a way to find ways the left hand is intentionally violating privacy, that the right hand doesn't know about. In big companies, decisions that could potentially impact privacy are made by people who don't necessarily have the awareness of legislation that lets them know they're opening the company to liability by doing what they're doing - they're just trying to get their project off the ground. The potential privacy violation doesn't percolate up to the top where people who know the sort of poo the company could get into by doing it actually hear of it.

      • by shentino (1139071) on Wednesday August 22, 2012 @11:19PM (#41090347)

        The violation may have been intentional, but the malice may still not have been there.

      • by Johnny Mnemonic (176043) <mdinsmore.gmail@com> on Thursday August 23, 2012 @12:08AM (#41090677) Homepage Journal

        c.f. the wifi sniffing debacle. I'm pretty sure that what transpired was the developers of the product downloaded a public source program, like AirSnort. And then used it, probably with the intention of just collecting unencrypted SSIDs, but accidentally left on the more intrusive features as well.

        They should have noticed that it was collecting data at a rate greater than SSIDs would indicate, but I can see overlooking that as well.

        • by arose (644256)
          Hell, the developers might have even done it intentionally, either to collect debbuging data and switch it off later or because they could or whatnot. Hell, maybe their managers knew two (and didn't grok what it was about). That still wouldn't make it the company wide effort to harvest wifi trafic data for mining purposes that some poeple are convinced it was. It definitely though Google a lesson about transparency though (i.e. delete the data, code, documents and memories in question next tim). :-/
    • by arose (644256)
      See, if they can convince Apple that it is a good idea to look for that kind of thing they might bother fixing their browser.
    • by Anonymous Coward on Wednesday August 22, 2012 @09:09PM (#41089413)

      No, it wasn't intentional. A workaround was intentionally used to make a particular non-tracking cookie work on Safari (it was a simple preference cookie used for user functionality). However, the browser reacted to the workaround by allowing *all* third-party cookies involved, including the DoubleClick cookie. That was unexpected and unintentional. Nobody realized it was going to happen, and the team responsible for the workaround had nothing to do with the advertising cookie.

      Posting anonymously because I work for Google.

      • by Anonymous Coward on Wednesday August 22, 2012 @09:25PM (#41089531)

        And if you need a reference, read the original [webpolicy.org] analysis that spawned this entire debacle. It makes it very clear that one cookie, "_drt_" (which is fairly innocuous), is the only one that is deliberately set using the workaround. The unintended side-effect is that on future page loads, the "id" cookie (and others) can be directly set (no workaround needed) because Safari considers a domain whitelisted if it has *any* cookies set, and allows all further cookies.

  • I mean, "Privacy Red" - that will go well on the t-shirts, baseball hats and pens. And sound impressive to vacuous blondes at parties; "Hey, is this guy boring you? I'm on a Privacy Red team!".
  • by Lord_of_the_nerf (895604) on Wednesday August 22, 2012 @09:05PM (#41089377)

    ...a grizzled old Google veteran, brought out of retirement. He has a rag-tag team consisting of an arrogant young prodigy, a burnt out developer with a death wish, a hard-as-nails female programmer and a sassy ex-con who learned all his coding on the street.

    They are PRIVACY RED TEAM!

  • If you beamed down with Captain Kirk and were on the "red team" wearing a "red shirt" it wasn't going to end well for you [memory-alpha.org]. I wonder if the same will be true at Google as they bring daylight into the dark corners of Google.
  • It charges $4.95 a minute.
  • So QA teams are called 'Red Teams' now? So sexy.

  • by 93 Escort Wagon (326346) on Wednesday August 22, 2012 @10:41PM (#41090047)

    Back in the days when ActiveX was first created, I mean. But simply having a team doesn't mean that team will be allowed by the powers-that-be to make any meaningful difference.

    Here, for example - according to the linked article, this team is all about external penetration and threat testing. I don't know anyone whose primary concern regarding Google's data collection is about what an external attacker could do with that information. And the $22.5 million fine was about Google's own internal decisions and behavior, not about what some hacker pulled off because of poor security on Google's part.

    This just smells like theater. Much like Microsoft's statements about security a decade or so ago.

  • Am I really the first to make that reference?
  • the entire userbase constitutes Facebook's privacy 'red team'.
  • This is useless unless google builds a privacy culture within itself and also lobbies the government to respect individual liberty and rights again.

    • by Ruedii (2712279)

      Lets face the facts: That privacy culture is exactly why they are the target of these investigations.

      I agree, it is unfair that Google is being held to such a higher standard. However, I also think with their privacy culture, they SHOULD be putting their money where their mouth is, like this, and hire a team of specialists to address privacy issues with their products.

      The fact that other companies sweep their problems under the rug and that we instead complain about Google for the problems we admit, only p

  • I don't know why people focus so much on Google. A lot of other companies have far worse privacy practices, and many of those companies make absolutely no attempt to provide proper privacy or user data security.

    Just take Facebook for example.

  • ... ensuring security and privacy of customer data is.

    I always thought that the stupidest things that Eric Schmidt ever did were all those blase comments about how we had to learn to live without privacy, etc. (check google for eric schmidt quotes).

    I'm not saying that they don't care about these issues, but in the past they have sounded like they don't care.

    I reckon that they should instead make security and privacy of data their top priority, and let their customers know about it too (instead of the opposi

The world is moving so fast these days that the man who says it can't be done is generally interrupted by someone doing it. -- E. Hubbard

Working...