Up Front: Google may take a tiny step toward better security
Certain Web standards have been in place since the mid-1990s, since there was a Web. And certain companies rose to prominence by promoting their use. But when it comes time to evaluate which is more convenient, a few microseconds of delay or private communication in the clear, suddenly it's Google that's hiding behind a wall of public relations. Google's listening to its users now, and yesterday it demonstrated that fact, but why all the fuss about this privacy kick everyone's on?
Google considers defaulting to encrypted connections
Afternoon of Tuesday, June 16 • An open letter sent recently to Google CEO Eric Schmidt signed by 38 high-profile security figures including noted researcher and BT Group CSO Bruce Schneier, urged Google to consider the simple act of using Secure Sockets Layer to encrypt communications between its applications and its servers (Wired has the PDF).
Yesterday, in a post to the Google Online Security Blog indicates the company may experiment with the concept to see if this encryption thing actually works, and if it does, to provide default privacy protection for Gmail, Docs, and Calendar.
"Support for HTTPS is built into every Web browser and is widely used in the finance and health industries to protect consumers' sensitive information. Google even uses HTTPS encryption, enabled by default, to protect customers using Google Voice, Health, AdSense and Adwords," the letter read. "Rather than forcing users of Gmail, Docs and Calendar to "opt-in" to adequate security, Google should make security and privacy the default."
This HTTPS thing could really go somewhere, says Google Engineer Alma Whitten in her blog post yesterday. "We're planning a trial in which we'll move small samples of different types of Gmail users to HTTPS to see what their experience is, and whether it affects the performance of their e-mail. Does it load fast enough? Is it responsive enough? Are there particular regions, or networks, or computer setups that do particularly poorly on HTTPS?"
Google doesn't want to adversely impact anyone's online experience -- perhaps a 0.1% slower connection is not worth the privacy breach. Whitten adds that secure connectivity has always been an option for Gmail users, who are certainly free to opt in. Underscoring that she's proud of her company's security record, she noted in an update that the PhD.s in the letter took a swipe at Google's competitors: "Google is not the only Web 2.0 firm which leaves its customers vulnerable to data theft and account hijacking. Users of Microsoft Hotmail, Yahoo Mail, Facebook, and MySpace are also vulnerable to these attacks. Worst of all, these firms do not offer their customers any form of protection. Google at least offers its tech savvy customers a strong degree of protection from snooping attacks. However, due to the fact that HTTPS protection is disabled by default and only enabled via an obscure configuration
option, most regular users are likely to remain vulnerable."
Genachowski FCC hearings a convivial gathering
Morning of Tuesday, June 16 • A sparse but friendly group of Commerce, Science and Transportation Committee members had nothing but love for Julius Genachowski on Tuesday as the Senate prepares for hearings to confirm his appointment as head of the FCC. Most observers expect that process to be concluded by the Independence Day break -- perhaps even today, according to the Washington Post's Cecilia Kang.
PC Week's Roy Mark points out that nine Republican members of the committee were "boycotting" the hearing, leaving just two, Kay Bailey Hutchinson (TX) and Mike Johanns (NE). Mr. Johanns also took the day off after giving a brief statement saying, "If you aren't qualified, then I don't know who is." The Post's Amy Schatz noted that Genachowski, who has served at the FCC in two other administrations, supports using stimulus money to extend broadband service to underserved areas, and does not support resurrecting the "Fairness Doctrine" that some fear would stifle political speech.
Click fraud against Microsoft was a family affair
Monday, June 15 • Erika Morphy at E-Commerce Times reports that when Microsoft filed a civil claim on Monday against a trio of Canadians who allegedly used botnets to mess up advertising revenues for certain sites using Microsoft's ad platform, they didn't have to cast a wide net: The perpetrators are all family. Melanie Suen is the mother of Eric and Gordon Lam, and the three of them are accused of the click fraud, which Microsoft says cost over a million in reimbursements. The company seeks at least $750,000 in damages -- and a legal precedent. Cadie Metz at The Register has a good basic explanation of how this particular fraud worked and how the practice is affecting the industry.
Apple tells Pre users no one in particular it may cut off iTunes integration
From now on, most likely > Apple didn't mention any specific "unsupported third-party digital media players" by name, but commenters around the Web were pretty quick to infer that the company was dropping a hint to Pre Media Sync users with a support bulletin warning that "because software changes over time, newer versions of Apple's iTunes software may no longer provide syncing functionality with non-Apple digital media players."
"Apple designs the hardware and software to provide seamless integration of the iPhone and iPod with iTunes, the iTunes Store, and tens of thousands of apps on the App Store," the warning reads. "Apple is aware that some third-parties claim that their digital media players are able to sync with Apple software. However, Apple does not provide support for, or test for compatibility with, non-Apple digital media players and, because software changes over time, newer versions of Apple's iTunes software may no longer provide syncing functionality with non-Apple digital media players."
PreCentral points out that it's "mighty silly, given that all of the music in the iTunes Store is now DRM-free and Apple has no reason to be kicking people out of their happy little ecosystem." Macworld's Philip Michaels took a different view, saying that Apple has a history of making good on such warnings, and cautioning, "take note, Palm Pre owners -- that next iTunes update could be a doozy."
And CrunchGear notes an odd poll, which apparently indicates that two-thirds of respondents think Apple should have the right to block people from putting music on whatever devices they will. Devin Coldewey has some fun with it: "The willingness of the Apple crowd (and I'm typing this on a Mac so don't start a flame war, kids) to knife themselves in the back is astounding. Apple's products may be the future, but that's only if the fanboys let the future get here in the first place."
Jammie Thomas, day 3
All day today > More trial. More error. See our separate article for a recap of Tuesday's two most wince-inducing moments -- one for each side.
AFTER THE JUMP: Your tax dollars at work...