Wednesday, February 22, 2012

Google's New Privacy Policy: Nothing to write home about

What was changed fundamentally when Google switched to its new Privacy Policy instead of multiple Policies, each policy related to a different product?


Many people think that this change is the End of Google as You Know it.
Some of them think that the slogan Don't be Evil should no longer be associated with the company.


As you can easily guess from this post's title my opinion is different.


The Problem
Google is gathering a lot of information about its users.  Usage of this information could threaten these users Privacy. 


The information is used by Google mainly for advertising, because its Business Model is based on optimizing the advertising to each user profile or characteristics.


User Privacy could be violated not only for undesired advertisement but for other purposes.      


Is Google unique?
Gathering user information and analyzing it by Business Intelligence tools is a common practice. Many Web based companies like Amazon or eBay gather and analyze information. Smaller companies and traditional software vendors are using similar methods as well.  


The only differentiator is Google dominance in some Web related markets, especially Search Engine.


The Risks
1. Google will use private information for other purposes than matching advertisements to user profile.
The probability for risk events of this kind is low. Google has too much to lose. 


2. People will receive advertisement they do not want to receive, as well as Spam advertisement messages.
What is new? They are already receiving plenty of advertisements. Receiving advertisements in Search based on information gathered in YouTube is not a significant change.   


3. A Google employee who has permissions to access the information or acquire such access authority will use it and violate your Privacy (for example, by selling your private information). 
This is a higher probability risk than the previous risks.  It should be mitigated. The employee could be a gambler that lost a lot of money or someone who is going to be fired from Google. 
It is not a new risk. 60% of misusing your private baking details are attributed to internal threats(i.e.  a bank's employee). 


4. External unauthorized Web user will access or copy your private data kept in Google's Systems.
The probability of this threat is lower than the probability of the previous threat (Insider i.e. Google's employee). Google probably will take the required actions to protect the data, but a data breach could occur.
I am not sure that your Private data is better protected on your Smart Phone, Desktop or Mobile Computer


What you should know and do?

  • Once your private data is in the Web it is unforgettable. The data will not be cleaned or erased for ever unless you do  it.

Implications: 
1. Do not feed private data to the Web if you do not need to.
2. Clean it if you do not need it anymore.


  • Companies as well as other less honest organizations and people will track your activity in the Web in order to get information about you and your activity patterns. They may use sophisticated software. 
Implication: 
Protect yourself. There are a lot of software products you may use. Some of them are even free for a consumer. Do not Track Plus is an example of software protecting you from tracking for free.


  •  Some of them will do more than tracking and gathering information: They will aim at controlling your computer and using your identity, inserting Malware in your computer, Phishing or other methods.
Implication: 
Protect yourself. There are a lot of software products you may use. Some of them are even free for a consumer. I can recommend Advanced SystemCare Spybot and Avira. All of them has free consumer edition. It is up to you to decide if the free edition is good enough or you want the full edition, which is not for free.


What else could be done to protect Privacy?

  • Do not post sensitive private data if it is not necessary.
  • Do not use services in the Web using your Private data in non-Secure methods.



My Take
It is reasonable to replace multi-Privacy Policies by a single privacy Policy.
Do not forget that most users, do not read these policies before ticking the "I agree box". 
No significant change to the Privacy policy was added by Google, so there is nothing to write home about.


The World Wide Web is a World Wild Web. Expect all types of deception, Privacy and Security violations and prepare to mitigate them. 


The main problem is not companies like Google gathering and analyzing your data and using it for their purposes the main problem is you.


If you are not aware of the risks and do nothing to protect yourself sooner or later, you will be harmed.


As far as Privacy is concerned, it is more a Users Awareness issue than any other issue. 
The same conclusion is applicable to Security. Penetration Tests I have done in the past, usually revealed, that The Chain is as strong as the weakest link in the chain.

Human behavior is the weakest link in Security as well as in Privacy. 










Wednesday, February 15, 2012

How hot is cloud Computing?

In previous posts such as Cloud Computing: Hype, Vision or Reality?Hyped Cloud TechnologiesPAAS is not Mainstream yetSaaS is going MainstreamFuture applications: SaaS or traditional? I discussed Cloud Computing.


Recently I read Joe McKendrick's interesting article titled:Cloud Computing Market Hot, But How Hot? Estimates are All Over the Map

Joe's views and predictions are similar to mine. However, he base his opinions on actual survey done by him, as part of his work with Unisphere Research/Information Today Inc and on leading Analyst firms predictions.


I recommend reading Joe's article. 
The following bullets quote few highlights:



  • Market Research Media,cited in the Bloomberg report, says the cloud market will reach $270 billion in 2020.
  • Forrester is a tad less optimistic, predicting last year that the market will hit $241 billion by that time. 
  • Research firm IDC says the market will hit about $55 billion by 2014.
  • The larger companies in the survey are most inclined to be supporting their own private internal clouds. Close to half of the companies with workforces of greater than 10,000 employees (45%) have private clouds in production or in limited use. By contrast, only 11% of the mid-size companies in the survey have such efforts underway.
  • Public cloud adoption, on the other hand, is most pronounced among the smaller companies in the survey. One-third of companies with 1,000 or fewer employees use public cloud services, versus 19% of the largest companies in the survey.




Saturday, February 4, 2012

A Quarter is not a Long term indicator

Apple's December 2011, quarter was described by SplatF as a Monster i.e. as a very successful quarter with high revenues growth. You can see the charts in the article Apple's Monster Quarter in Charts.


Is this a positive Long Term indicator?
I am not sure. A company whose revenues are based on two products: iphone 53% and ipad 20% depends on these products. 


Success of competing products or a major decrease of
shipments of Smartphones and Tablets could be a catastrophe for Apple, if it will not be Innovative and develop new types of products.

Public Cloud Core Banking: Hype or Reality? - Revisited

  More than 4 years ago I was asked if Public Cloud Core Banking is a Hype or a Short Term Reality? If you had read the post, you would prob...