MacInTouch Amazon link...

Google (and Chrome) security issues

Channels
Security
I think you're confusing them with Facebook. Google has specific privacy policies in place that contradict your claim.
Of course, if you leave yourself logged into your Google account and then use Google services (like YouTube or Google Search, for example), Google does keep track of things you've searched for, video searches, the history of what you've watched (all of which you may delete if you wish or even turn off the tracking) but those details are yours and are not shared with advertisers (which I assume is what you are referring to).

Those details are only provided to third parties if there's a legal requirement to do so (as in some sort of criminal matter - a request by law enforcement) or a query by a G Suite admin whose domain you are a part of, but in this latter case, it's your company's privacy policy that trumps your personal privacy; take that up with your company's IT/HR personnel.

Do note that there are exceptions to this, but they involve things like "endorsements", which, of course, involve you promoting yourself as an authority; in this case, yes, you are spreading your own info across the web.

Have there been leaks or errors in the execution of their policies? Sure; but Apple manages to fubar things, as well.
Google lies through their teeth, which certainly puts them in a class with Facebook, but they have clever dodges, such as saying they don't personally identify any things, but the whole point is that they don't have to, since their data science allows them to reconstruct all of that. Use any of their services at your own peril.

See, for instance, this article, which includes this simple statement:
NYTimes said:
10 Tips to Avoid Leaving Tracks Around the Internet
“The number one thing that people can do is to stop using Google,” wrote privacy consultant Bob Gellman. “If you use Gmail and use Google to search the web, Google know more about you than any other institution. And that goes double if you use other Google services like Google Maps, Waze, Google Docs, etc.”
And:
"I don’t like Apple’s phones, their operating systems, or their looks,” wrote Aaron Soice, "but the one thing Apple gets right is valuing your data security. Purely in terms of data, Apple serves you; Google serves you to the sharks."
 


Ric Ford

MacInTouch
Purely in terms of data, Apple serves you...
Let's not fool ourselves, because that's patently untrue on its face, regardless of Apple's clever reality distortion fields and marketing. The company very obviously uses you and me and the rest of its customers and all our very personal data and interactions to serve itself and its profits/shareholders (as I've described in past posts and others have documented all over the Internet).

That's not to say Google isn't equally as bad or worse, and I don't have enough space or energy to begin to describe Facebook's abuses and destruction, but let's not paint Apple as the panacea or our benefactor.
 


Let's not fool ourselves, because that's patently untrue on its face, regardless of Apple's clever reality distortion fields and marketing. The company very obviously uses you and me and the rest of its customers and all our very personal data and interactions to serve itself and its profits/shareholders (as I've described in past posts and others have documented all over the Internet).

That's not to say Google isn't equally as bad or worse, and I don't have enough space or energy to begin to describe Facebook's abuses and destruction, but let's not paint Apple as the panacea or our benefactor.
It was a direct quote, and not my own opinion, which is somewhat more guarded: Apple will always use whatever data you allow it to have to sell products and services to you, and probably to help it decide which new products/features and services to offer. But its basic business model stands alone. It does not exist to sell ads, nor to enable "analytics" that threaten democracy. It sells such information on to no one. And with Microsoft, it has made a firm stand against the intrusion of government into private information.

Google is in another class altogether, and then there's (shudder) Facebook.

Yes, Apple does use "you and me and the rest of its customers and all our very personal data and interactions to serve itself and its profits/shareholders." Just like every company, ever, starting with the ma and pa general store that kept a record of the credit extended to each customer in town. The question is whether it shares or abuses that normal business relationship with a customer, or buckles under government threats to constitutional guarantees of privacy. I'm old and suspicious enough not to trust Apple or any other large corporation without proof, but what evidence there is indicates that Apple does not abuse that trust, unlike almost any other tech giant (possibly Microsoft excepted).
 


Ric Ford

MacInTouch
Apple will always use whatever data you allow it to have to sell products and services to you, and probably to help it decide which new products/features and services to offer. But its basic business model stands alone. It does not exist to sell ads...
It may not literally “exist” to sell ads, but note the facts in this previous post regarding Apple’s ad businesses.

Meanwhile...

#advertising
 


Ric Ford

MacInTouch
Yes, Apple does use "you and me and the rest of its customers and all our very personal data and interactions to serve itself and its profits/shareholders." Just like every company, ever, starting with the ma and pa general store that kept a record of the credit extended to each customer in town. The question is whether it shares or abuses that normal business relationship with a customer, or buckles under government threats to constitutional guarantees of privacy.
I guess it depends on where you live...
The Guardian said:
What price privacy when Apple gets into bed with China?
... Apple’s website contains thefollowing bold declaration: “At Apple we believe privacy is a fundamental human right.” What ancient English adage does this bring to mind? Answer: “Fine words butter no parsnips.” In other words, what matters is not what you say, but what you do.

What brings this to mind is the announcement that from now on, iCloud data generated by Apple users with a mainland Chinese account will be stored and managed by a Chinese data management firm – Guizhou-Cloud Big Data (GCBD). “With effect from 28 February 2018,” the notice reads, “iCloud services associated with your Apple ID will be operated by GCBD. Use of these services and all the data you store with iCloud – including photos, videos, documents and backups – will be subject to the terms and conditions of iCloud operated by GCBD.”

The new terms and conditions for Apple users in China contain a clause. “If you understand and agree,” it reads, “Apple and GCBD have the right to access your data stored on its servers. This includes permission sharing, exchange and disclosure of all user data (including content) according to the application of the law.”
Top10VPN said:
In China, Apple Isn’t the Privacy Advocate It Claims to Be
... The first shift in what Apple offered its Chinese users took place in mid 2017, when it suddenly removed more than 60 VPN apps from its China App Store, including those from popular providers like ExpressVPN, StarVPN, and VyprVPN, all of whom were not registered in China. Suddenly, accessing content beyond the Great Firewall became significantly more difficult. Developers were only sent a short notification saying that their app was removed because “it includes content that is illegal in China.” Only after the removals received significant media attention did Apple release a statement saying that it was complying with local laws.

... While this censoring of apps received significant attention among China watchers and Asia privacy experts, it got little coverage in the US, where Apple was taking advantage of the controversy around Facebook’s role in the Cambridge Analytica data-harvesting scandal to promote itself as a tech company that cared about user privacy.

For global tech and human rights advocates, this positioning reeked of hypocrisy.
#applesecurity #appleprivacy
 


I guess it depends on where you live...
Didn't the EU enact legislation some years back to insure that all cloudy data owned by EU citizens and entities had to be stored on systems in the EU?

If I also recall correctly, Apple has stated for years that it abides by the laws invert jurisdiction in which it does business. You can certainly complain about the laws there or here, but at least there's an internal consistency to their actions. The cloud data service requirement and banning of VPNs in China are parts of a larger governmental effort to enable the government to monitor all Internet traffic in the country) and limits its access to parts of the Internet beyond its borders. It will be interesting to see where Apple comes down in its oft-stated commitment to protecting users' privacy when that is fully implemented.
 


Ric Ford

MacInTouch
For those of you still using Chrome after it destroyed a bunch of Mac systems via its invisible updater rootkit:
BleepingComputer said:
Chrome Zero-Day Bug with Exploit in the Wild Gets A Patch
Google on Thursday night started to roll out an update for Chrome that patches two use-after-free vulnerabilities, one of them having at least one exploit in the wild. Both security issues are serious as they could be leveraged to take control of a vulnerable system ... a fix for them is delivered with Google Chrome 78.0.3904.87, available for Windows, Mac, and Linux users. The update will reach the entire user base of the browser in the coming days, possibly weeks, Google informs in a blog post.
 


Ric Ford

MacInTouch
As if Google didn't already have enough extremely personal data on everyone...
Ars Technica said:
Google has access to detailed health records on tens of millions of Americans
Google quietly partnered last year with Ascension—the country's second-largest health system—and has since gained access to detailed medical records on tens of millions of Americans, according to a November 11 report by The Wall Street Journal.

The endeavor, code-named "Project Nightingale," has enabled at least 150 Google employees to see patient health information, which includes diagnoses, laboratory test results, hospitalization records, and other data, according to internal documents and the newspaper's sources. In all, the data amounts to complete medical records, WSJ notes, and contains patient names and birth dates.
Of course, Apple has jumped into the same arena with both feet....
CB Insights said:
Apple Is Going After The Healthcare Industry, Starting With Personal Health Data
The market opportunity in healthcare is huge, and Apple sees healthcare and wellness as a core part of its app, services, and wearables strategies. Now the company is aiming to become your personal health record, jumping into research, medical devices, and more.
 


Ric Ford

MacInTouch
What could possibly go wrong with storing personal photos/videos in the "cloud" – in this case, Google's?
Bleeping Computer said:
Google Bug Sent Private Google Photos Videos to Other Users
In a serious privacy lapse, Google is notifying users that videos stored in their Google Photos account were mistakenly shared with other unrelated users.

... As you can imagine, for those who are affected, this is a serious privacy lapse as users expect their photos and videos to remain private and not be shared with any others.

This bug also illustrates the inherent risks of storing your data in the cloud. Unless you can encrypt your cloud data using a passphrase you supply and that only you know, bugs like this or inappropriate access by cloud storage employees could lead to your private information, photos, and videos being exposed.
 


For those of you still using Chrome after it destroyed a bunch of Mac systems via its invisible updater rootkit:
With all the problems being reported about Chrome and constant updates, is the Chromium browser affected by any of them? The problem I have with Chromium is finding out when there is an update. I know I can manually check for an update, but that takes planning for something I don't often use.
 


Ric Ford

MacInTouch
The problem I have with Chromium is finding out when there is an update. I know I can manually check for an update, but that takes planning for something I don't often use.
I haven't tried it, but there'a a Chromium updater extension that checks FreeSMUG for new releases.

Apart from Google's dangerous Chrome updater and a few other proprietary parts, it uses the Chromium engine, so vulnerabilities and fixes there apply to both.
 


A stealth program, sneaking in under the covers of a major app and constantly running with all-powerful "root" priviliges... what could possibly go wrong?
I was curious about the hidden updater issue so did the Terminal check for com.google.Keystone.Agent - seems not on board in my system. But I do not
recall manually deleting it. Had Google desisted in installing the auto updater at some point? ... I have to take that back. Apparently the Terminal command did not reveal the file. I did a manual search in the LaunchAgents folder and, voila, there it was.
 



Thanks. Funny, one system I had with the "agent" installed did not reveal via the terminal command, indicating "not found" even though it did reside in the Launch Agents folder. Another system did reveal the existence, and a manual alternative to Terminal is also useful:

User > Library > Launch Agents​
I assume the file will reappear at the next update.
 


Another system did reveal the existence, and a manual alternative to Terminal is also useful:
User > Library > Launch AgentsI assume the file will reappear at the next update.
FWIW, I just checked the user library folder and did not find the Google file there, but it was in [MacHD] > Library > Launch Agents
with a datestamp of Feb 5.
 


I haven't tried it, but there'a a Chromium updater extension that checks FreeSMUG for new releases.
I've tried that before, and I tried it again a couple of days ago. It seems to work for one day, but disappears the next. It no longer appears with the other extensions. Any idea about what's happening? Do I need to keep the folder that contains the "unpacked extension" somewhere?
 


I've tried that before, and I tried it again a couple of days ago. It seems to work for one day, but disappears the next. It no longer appears with the other extensions. Any idea about what's happening? Do I need to keep the folder that contains the "unpacked extension" somewhere?
I think I solved the issue. I put the Chromium.app and the Updater extension-0.1.1.5 folder together in a folder (ChromiumStuff) in the Applications folder. The updater extension now appears with the other extensions.
 


Ric Ford

MacInTouch
I haven't tried it, but there'a a Chromium updater extension that checks FreeSMUG for new releases.
I think I solved the issue. I put the Chromium.app and the Updater extension-0.1.1.5 folder together in a folder (ChromiumStuff) in the Applications folder.
I looked at the extension's Github pages, and it seems to be unsupported and old, so I don't know how well it will work. You should probably check what it does at the next Chromium/Chrome update.
 


I looked at the extension's Github pages, and it seems to be unsupported and old, so I don't know how well it will work. You should probably check what it does at the next Chromium/Chrome update.
It worked today and showed the new Chromium update. I'll see if the extension still shows up in Chromium in a few days.
 


Apparently there's a vulnerability in Google's Authenticator app…
Does this refer to the Android Cerberus trojan?
ThreatFabric said:
The Cerberus banking Trojan that appeared on the threat landscape end of June 2019 has taken over from the infamous Anubis Trojan as major rented banking malware. While offering a feature-set that enables successful exfiltration of personally identifiable information (PII) from infected devices, Cerberus was still lacking features that could help lowering the detection barrier during the abuse of stolen information and fraud. Mid-January 2020, after new-year celebrations, Cerberus authors came back with a new variant that aimed to resolve that problem, a RAT feature to perform fraud from the infected device.

This new Cerberus variant has undergone refactoring of the code base and updates of the C2 communication protocol, but most notably it got enhanced with the RAT capability, possibility to steal device screen-lock credentials (PIN code or swipe pattern) and 2FA tokens from the Google Authenticator application.
This does not appear to be a Google Authenticator vulnerability so much as a complete Android device compromise enabled by a trojan that arrives by installing an app often called "Flash Player." Nevertheless, if this is what inspires hardware key adoption, more power to us, I guess.
 


Just to revisit briefly, since Chrome security issue was on the header today:
By setting the Keystone Agent checkInterval to 0, and by never having disabled
SIP (that one's over my head anyway) what is the potential hazard, still, of auto updater ...
i.e. is it safe not to remove it?
 


After the first year or so of its release, I have never allowed Google Chrome on any computer I own or support, as it was always being devious about it's real mission - to sell my information. I also never use the Google search engine for the same reasons.

Google and Adobe Flash have been nothing but problems and bad news on every forum for so many years, it seems like forever.
 


Speaking of Chrome updates, is it normal now for Google Chrome bookmarks to render
as black-out pellets? When I originally saw this intermittently I assumed the app
was in some sort of faulty state needing restart, but now it is the default mode in my experience.
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts