| Average Customer Rating: |  4.5 |
| Release Date: | 2008-10-20 |
| Publisher: | Addison-Wesley Professional |
| Author | Greg Conti |
| Number of pages: | 360 |
| ISBN: | 0321518667 |
| Language: | Original Language: English; Unknown: English; Published: English; |
Product Categories
Product description
| |
|
What Does Google Know about You? And Who Are They Telling? When you use Google’s “free” services, you pay, big time–with personal information about yourself. Google is making a fortune on what it knows about you…and you may be shocked by just how much Google does know. Googling Security is the first book to reveal how Google’s vast information stockpiles could be used against you or your business–and what you can do to protect yourself. Unlike other books on Google hacking, this book covers information you disclose when using all of Google’s top applications, not just what savvy users can retrieve via Google’s search results. West Point computer science professor Greg Conti reveals the privacy implications of Gmail, Google Maps, Google Talk, Google Groups, Google Alerts, Google’s new mobile applications, and more. Drawing on his own advanced security research, Conti shows how Google’s databases can be used by others with bad intent, even if Google succeeds in its pledge of “don’t be evil.” -
Uncover the trail of informational “bread crumbs” you leave when you use Google search -
How Gmail could be used to track your personal network of friends, family, and acquaintances -
How Google’s map and location tools could disclose the locations of your home, employer, family and friends, travel plans, and intentions -
How the information stockpiles of Google and other online companies may be spilled, lost, taken, shared, or subpoenaed and later used for identity theft or even blackmail -
How the Google AdSense and DoubleClick advertising services could track you around the Web -
How to systematically reduce the personal information you expose or give away This book is a wake-up call and a “how-to” self-defense manual: an indispensable resource for everyone, from private citizens to security professionals, who relies on Google. Preface xiii Acknowledgments xix About the Author xxi Chapter 1: Googling 1 Chapter 2: Information Flows and Leakage 31 Chapter 3: Footprints, Fingerprints, and Connections 59 Chapter 4: Search 97 Chapter 5: Communications 139 Chapter 6: Mapping, Directions, and Imagery 177 Chapter 7: Advertising and Embedded Content 205 Chapter 8: Googlebot 239 Chapter 9: Countermeasures 259 Chapter 10: Conclusions and a Look to the Future 299 Index 317
|
Customer reviews
«
Google may not be evil, but its still worth keeping an eye on
»
Disclaimer: I know the author personally and was given a review copy of the book.
I haven't read many (non-religious) books that totally change my outlook about the world we live in. In 2008, Robert O'Harrow's "No Place to Hide" is one such book and Greg Conti's Googling Security is the second.
The book begins with a simple question. "Have you ever searched for something you wouldn't want you grandmother to know about?" A simple but powerful question. Of course all of us have searched for topics we would rather our grandmother, friends, or spouse not know about. Would you ever consider posting the sum of your Google queries on your blog or website? Probably not, but just about all of us have given this information to Google in our dealings with them over the years. The book helps you take a look at how the sum of that information gathered through the use of the multitude of Google's "free" tools adds up to take a huge chunk of our privacy and very well could be giving Google a solid look into our personalities to include things most of us would prefer keep private.
Breakdown of the chapters:
Chapter 1: Googling 1
Chapter 2: Information Flows and Leakage 31
Chapter 3: Footprints, Fingerprints, and Connections 59
Chapter 4: Search 97
Chapter 5: Communications 139
Chapter 6: Mapping, Directions, and Imagery 177
Chapter 7: Advertising and Embedded Content 205
Chapter 8: Googlebot 239
Chapter 9: Countermeasures 259
Chapter 10: Conclusions and a Look to the Future 299
A common theme that the author found while conducting research for the book was "Google will collect personal information from you to provide you with a better experience." Right now we expect Google to "do no evil" and their current policies say they don't personally identify its users but as the author points out through the chapters in the book; Google gathers A LOT of data they DO tell us about and the ability to gather even more data is already built into its "free" services.
Some other reviewers have said that its "preaching to the choir." While I agree that the normal person that would buy this book is in the IT field, I wouldnt be so quick to immediately say that the average system admin or evern security guy understands the magnitude of information gathering that could possibly be going on and the value and power of that information. While not specifically mentioned in the book I would encourage anyone interested in the topic to check out Conti's DEFCON 16 presentation on "Could Googling Take Down a President, a Prime Minister, or an Average Citizen?" When you think about the importance or value of that first page of results returned by Google and think about how events, commerce, or public opinion could be shaped by crafting the results that are returned you have a powerful tool(weapon?). What if the top results for a certain political candidate consistently only returned negative commentary? or if events were "buried" by Google never returning those results? Just because Google doesn't currently appear to be altering results or collecting and using personal information, its important to understand the power every user gives to Google in both personal information and the power of controlling what is presented to searchers.
One of the best things the book has that most books covering similar (privacy) type topics is a countermeasures chapter. While saying "don't use Google" really isn't an option for most people the best advice from the chapter was teaching people to know and understand what they are disclosing and adjusting the behavior accordingly.
My only dislike in the book was the coverage of "physical" information leakage (TEMPEST). The material is good, but I don't think it was pertinent to the Google and privacy discussion.
Rating: 
(5
out of 5) @ 2009-01-02
|
«
An excellent book, but I question the audience
»
There's no question that Greg Conti writes excellent books. Last year's Security Data Visualization book earned 5 stars, and I put Googling Security in the same league. Conti takes a thorough and methodical look at the privacy consequences of Google's services, incorporating technical realities and thoughtful analysis. My only question is whether this book will matter to the intended audience.
Ben Rothke's review does a nice job summarizing the book, so I won't do that here. Instead, I'd like to share this thought: do the millions of Google's users care about how Google collects and uses personal information? I argue the answer is largely "no," and I recognize that Conti's book is intended to try to change that point of view. However, I really doubt it will have that effect.
I see three main consumers for Conti's book, meaning groups of people most likely to play close attention to the technical details while trying to implement privacy-preserving countermeasures. The first includes organized criminals. A certain component of organized crime is tech-savvy, motivated, and likely to adopt practices to shield their less technical colleagues.
The second includes national intelligence services and related operatives. When reading Googling Security I thought to myself "This is a big OPSEC manual," similar to Johnny Long's great No Tech Hacking book. Google Security contains all the right material for an operative to construct a false identity, and then know how to act as safely as possible to not compromise that identity. In fact, the operative could move to the other extreme and use Google's services to construct what looks like a convincing false person, with a presence on a variety of sites.
The third group (which receives some attention in the text) includes national governments and other regulatory agencies. Even without sustained popular pressure, we have seen regulatory bodies exert privacy measures on private companies. This is probably the best route to move Google in the direction Conti would like.
One related note on nation states: Conti writes on p 4: "I view Google as the equivalent of a nation-state because of its top-tier intellectual talent, financial resources in the billions of dollars, and world-class information processing resources combined with ten years of interaction data." I reject that argument, just as I reject similar arguments regarding Bill Gates' wealth and so on. Neither Google nor Bill Gates nor any other similar actor can deny a person of life, liberty, or property. If any Google employee tried to imprison any person on behalf of "Google," he would suffer criminal charges. The tiniest nation-state on Earth has more legal power in this regard, especially when you add in other aspects of sovereignty like issuing passports, minting currency, imposing taxes, and the like.
I also think Conti fails to appreciate the benefit of putting your data in the hands of a provider. At one point Conti mentions having one's data "safe on your home computer." Safe from what? Theft? Fire? Disk failure? Intruders who convince someone to click on a malicious link? The more consumers become service users and less system administrators, the better overall level of security we will attain.
Regardless of my reservations, if you want to read the best book on how Google services impact your privacy, I strongly recommend Googling Security.
Rating:
(5
out of 5) @ 2008-12-08
|
«
Succeeds in creating awareness about privacy and security risks
»
How much could you learn about someone based only on the words or phrases used in Google search? Maybe just a little bit. But imagine that you are also able to track the links this person selects. And don't forget the IP address, which indicates the geographical location. Oh, yes, and the personal Gmail account with contacts, chats, and e-mails with their attachments. Did I mention that this person also searches information in Google Groups, uses Google Maps, and enjoys watching YouTube videos?
Those wonderful "free" services offered by Google (and other companies) come with a price: your personal data. Greg Conti raises the alert. He describes in a very understandable manner the way this profiling/fingerprinting could happen. He also highlights parts of the Google's privacy policy and analyses the implications about the way the information could be used and the fact that the data maximum retention period may not be as well defined as one could think. Fortunately, he also suggests some countermeasures that can be taken in order to reduce our personal-data disclosure to Google.
At the end of every chapter, the endnotes nicely complement the treated topic by providing the sources of the information he presents or additional resources to better understand the subject.
The book is addressed to any Google user (beginner, intermediate or advanced). Some basic understanding of concepts such as IP-address, DNS server, and cookies may help to understand some very specific sections of the book but it is not mandatory.
It is definitely a recommended read for any internet user concerned about privacy and the way personal data could be (mis)used.
Rating: 
(4
out of 5) @ 2008-11-28
|
«
Good, but may be preaching to the choir
»
This is a well written book, and an interesting read. It really points out the possibility in data mining the details from what you give Google via search, mail, finance or other services they offer. The downside to the book is if you are already a privacy enthusiast you already know most of the material, so it may be preaching to the choir. Still, it's a good book to hand to your less techie friends so they understand what they expose about themselves online.
Rating:
(4
out of 5) @ 2008-11-27
|
«
resistance is futile
»
In buying this book on amazon, and leaving a review on amazon, the net knows that much more about me.
This book addresses one of those game theory scenarios, where whats good for the collective (maximum data) is bad for the individual (loss of privacy). The rational response is to let everyone else fully disclose and capitalize on that, while maintaining your own privacy.
I probably knew most of the material in this book beforehand, being in tech, but its unlikely I can abide by the recommendations. My Google RSS Reader is loaded up with 100+ feeds, some of which spool up 100 articles per day. Google Calender is best of breed. And Google Email offers POP/IMAP for free, whereas Yahoo email does not. All three of these "killer apps" work best when logged in continuously. So I login from home and work, and they stay logged in 24x7. As a result, whenever something pops in my head, and I do a search, Google is able to track that, and tie that to my name because my name is tied to my email.
I may switch to NewsGator or Bloglines, and go back to Yahoo email/ Calender. And I may code up something on my linux firewall to switch its MAC / IP address on a weekly basis. And I may ditch my Grandcentral, with the cost that I will have to give out my real cell phone number to merchants. But I probably won't.
I was able to muster a small pyrrhic victory, and steer clear of the G1 (google) phone. Which is integrated tightly with Google, such connecting with a Gmail address, and all the contacts associated with that email address.
Also, re. chaffing countermeasure, with Firefox TrackMeNot is interesting. I tried that out sometime back, and had it cranked up to some number of queries per minute. It wasn't long before Google (temporarily) blocked my IP address with some error message. And I just noticed that I have TrackMeNot turned on at work at a rigorous "chaffing" pace, and it was not disabled. I assume that is because Google cannot easily turn off chaff coming out of a big corp, thats behind a firewall/ NAT. This might be something of a loophole. I will have to explore this further.
Rating:
(4
out of 5) @ 2008-11-24
|
|
 |
Similar products |
 |
|
|
|