Google speed bump draws scorn

Google has raised privacy and security hackles once again, this time by developing an application that accelerates Web surfing but can also delete pages or serve up password-protected content.

The complaints center on the search giant's Web Accelerator, which was released on Wednesday. Downloadable software for broadband users, Web Accelerator is intended to speed access to Web pages by serving up cached or compressed copies of sites from Google's servers.

Though the software can be useful to consumers who are in a hurry--broadband connections already deliver pages quickly--critics were quick to find a potentially damaging glitch. A flaw with Web Accelerator, which Google acknowledges, can serve cached copies of private discussion groups or password-protected pages to people using the software.

News.context

What's new:
Critics are rankled over a flaw with Google's new Web acceleration software that can serve cached copies of password-protected content.

Bottom line:
Google says it is working on a fix for the Web Accelerator threat. Regardless, privacy advocates charge that the search engine's privacy policy doesn't address some consumer concerns.

More stories on this topic

For example, using the software, a Web surfer might call up a discussion group page and see the name of another group member, making it appear as if the surfer is signed in as that user. Web Accelerator does not cache secure Web sites using the "HTTPS" specification, such as banking or credit card pages, however, so data such as financial transactions are not at stake.

Marissa Mayer, Google's vice president of Web products, said the company is working on a fix but downplayed the threat. "It looks worse than it is," she said. "We've cached the page with that user name on it. But you are not actually signed in; you couldn't operate as that person," she said, adding it has affected only a small number of sites.

"We're committed to provide users the utmost of integrity in security and privacy, and we're working with urgency to solve this problem," she added.

More broadly, privacy advocates are concerned about the scope of data collected with the Web Accelerator, charging that Google's privacy policy does not address some important consumer issues. Critics say the tool's capabilities to monitor a person's travels across the Web feeds into an overarching worry that Google is becoming a massive market research firm capable of collecting oodles of information on millions of people.

Not a Google first
"The business they're in here with this new product is market research--they'll be looking at what people are doing on the Internet, what they're reading, what they're buying," said Richard Smith, a privacy and security expert who runs the Web site Computerbytesman.org. "There's potentially a lot of information just from the click-stream of the URLs people visit."

Google has run into privacy and security problems before when introducing new services. The company's free e-mail service, Gmail, roiled the privacy community for its practice of scanning the contents of e-mail to deliver related ads. Although the furor eventually subsided. Google's desktop search software, introduced late last year, contained a security glitch that temporarily exposed private data on the Web. And Google's latest toolbar was the subject of criticism for a feature that converted text on third-party Web pages to Google-designated links.

Google's Mayer said the Web Accelerator is not a market research tool. Rather, the company built the application to give people the same fast experience they have at Google--most search pages are returned in a fraction of a second--while surfing the Web at large. If the tool can help someone save two or three hours a month surfing the Web, that person might spend more time searching with Google, Mayer reasoned.

Google states in its privacy policy that it does not share personally identifiable information with use of the software. Still, privacy experts warn that the policy is silent about what click-stream data

the secure language "HTTPF"

Is this supposed to mean the encryption protocol HTTPS?

How does Google get access to passworded discussion boards anyway?

[SmokieUK]

RE:

Google lists password protected discussion sites because (as it was briefly stated in the article):

"[i]... the problem happens only on a small number of sites, typically discussion groups, because those sites are not passing the proper no-cache header information.[/i]"

[aabcdefghij987654321]

Author is confused about HTTPF and HTTPS

"Web Accelerator does not cache secure Web sites in the programming language "HTTPF" such as banking or credit card pages"

There is a fledging "HTTPF" filtering proxy (it's a web proxy which strips potentially executable code) and perhaps is what google are using.

And, yes, banking and credit card pages always use HTTPS.

I suspect the author knows little about either and has confused the two. I stopped reading about that point.

[ron williams]

Changing the Internet

What are all forums supposed to change and insert the "no cache" header. Whats going to happen if my members install this. Google needs to not be Microsoft and downplay there errors and release software too early. View my forum at http://holycow.audionine.com

[OneWithTech]

What the F$%&k is [httpf]

I'm going to shed a little somethin' on those who, maybe don't understand web code, let alone what exactly [httpf] is!

Here is [httpf] explained in detail:
http://httpf.sourceforge.net/
Here is another little snippet on [httpf]:

--------------------------------------------
[html] httpf A WWW Security Proxy (in C using POSIX threads) for filtering HTTP and HTML to only forward allowed/harmless content.
--------------------------------------------

In English this means JACK. It's not a protocal in the sence of "true web" protocols. This protocol is only used in the circumstances stated above. And 95% of the web-developers out there will tell you that: "They've Never Used It"!

So that leads me to answer the last question for everybody. Google is very good at quite a few technologies, but also very good with the PR.

You see the Circle C that denotes a copyright at the bottom of our web pages. This nomenclature is used to protect our "Finished Works". The USPTO (United States Patent and Trademark Office) ensures that complying with the rules set by them our "publications","pictures",and "overall copy" are protected under these rights.

What if Google is violating the Copy Protection of every site that it "Caches" on there servers? My programmer was a little pissed that a "Vanilla Envelope" with the tag link "Do Not Bend" shows up at my house address to him at Matrix Structures Online. Funny, American Express just did that to me not to long ago.

Apparently it's OK to start using that data you've been mining for the last couple of years. All that mining at my expence and the expense of everybody else that likes to keep there copy protected.

How convienent for Chase, American Express, and Google, to use "My Copy" for there profit!

Hence the PR runaround!

www.tech01.net

[OneWithTech]

A better httpf definition

httpf is a kernel module to allow queueing of people for busy sites. When web site is overloaded with number of connections, new people are assigned a tracking number and accepted as their time has come...
httpf A filtering proxy which processes HTTP- and HTML-traffic to enhance the security: Remove javascript calls, check document types, remove client infos (operating system, browser version)

www.tech01.net

[dmehus]

It's a typographical error

Below is a copy I've sent to CNET News.com editors to alert them of the typographical error in the third paragraph of this story. To send your own reports of typos or factual inaccuracies, send e-mail to: report-news-bugs@cnet.com and a copy editor or the CNET News.com managing editor, Jon Skillings, will respond to your report.

<Begin>
Dear CNET News.com Editors:

There appears to be a typographical error in the third paragraph of "Google speed bump draws scorn" located at http://news.com.com/Google+speed+bump+draws+scorn/2100-1032_3-5698447.html, where "HTTPF" should be corrected to read "HTTPS". Or, ideally, instead of mentioning the acronym, mention secure sockets layer transfer or something similar. However, simply updating it from "HTTPF" to "HTTPS" would more than suffice.

Cheers,
Doug M.
dmehus AT telus DOT net
<End>

Another error

Also, read the first sentence of this paragraph:

The complaints center on the search giant's Web Accelerator, which was released on Wednesday. Downloadable software for broadband users, Web Accelerator is intended to speed access to Web pages by serving up cached or compressed copies of sites from Google's servers.

It seems like there should be something after the "released on Wednesday" part.

[rockerrb]

Privacy advocates need to give it a rest

Google's new web accelarator doesn't work any differently than any other service on the web: It's free and it's use is not mandatory. If your privacy is such a big concern to you then don't use it. Targeted web marketing is the past, current and future of the internet. Goolge and it's stock will continue to grow for a very long time.

[rockerrb]

Privacy advocates need to give it a rest

Google's new web accelarator doesn't work any differently than any other service on the web: It's free and it's use is not mandatory. If your privacy is such a big concern to you then don't use it. Targeted web marketing is the past, current and future of the internet.
Goolge is a huge multibillion dollar company. Any minor technical problems should be quickly and easily resolved. Goolge and it's stock will continue to grow for a very long time.

Its in beta

In my opinion google is doing nothing wrong and has not promoted or presented this app incorectly. The thing is in beta. Of course there will be errors. Of course there will be security leaks. betas should not be entered into lightly by anyone. When you use a beta you take responsibility for your own information and security because the software is known to be faulty. Its in beta to fix the faults and find out what is desired for the program. This is a non news item. Sheesh

[Jon Skillings]

The typo has been corrected

As several of you have pointed out, HTTPS is the correct term. The story has been fixed. Thanks for calling the typo to our attention.