Tuesday, May 20, 2008


I can't believe this is happening for real...

So, how can we enforce Google to never do read() on a /var/users/john_smith/heath_records.db? How about a read() implemented from within a kernel-level via RAW-disk access that would never be logged?

I wonder when we would get another cool service from Google, e.g. "Google Thoughts", where people would be able to store their most private and personal thoughts, so that they could "access and managed them from all over the world", "in a secure fashion", of course. Right, add the Thought Police to this picture and welcome to Orwell's Oceania!

There is a difference between using the Web for blog writing vs. giving away all the private aspects of your life for free to some corporation in an unencrypted form. I wonder whether all the people who understands the notion of the local hard disk will be vaporized some time...


Unknown said...

It will (would) be interesting to see if ALL of Google's senior management are willing to post their information to the database?

My guess is no.

Everybody likes to talk about how Privacy really isn't a big deal - until their private information is revealed. Then all of a sudden it's not such a good idea any more.

Ultimately you have to give the customer control over his/her data, and also allow them a way to easily remove their personal data and be sure that no further records are maintained on the system.

The lack of REAL transparency will be the real inhibitor to ensuring privacy.

Unknown said...

Those of us in the United States are going to get an electronic patient health record, whether we like it or not. It is simply a matter of economics; the drive to streamline processes and increase profits for providers and insurers.

I'm not sure that Google is any worse than Microsoft, or Unisys, or Uncle Sam when it comes to designing and implementing this kind of technology.

Rhetorically :), if not Google, who should be permitted to build these kind of systems handling sensitive personal information?

yoshi said...

Sigh. "1984" is a emotional overreaction. This is not the government and this isn't about control of information over you.

Your hospital already has this information. Your insurance provider already has this information. There has been security breaches left and right. You are late to the game if you think this is a looming new threat to you (and by your comment you think this is going to enslave us). The door is open and the horses gone.

What I would love is a common format to suck my health information into some sort of token. That I would be more useful.

Joanna Rutkowska said...

@c0uchw4rrior, @yoshi:

The problem with providing this info to Google is that... we provide them to The Google, a single company that wants to control the information regarding every aspect of our lives: what we're searching for (Google queries), our email (GMail), our meetings (Google Calendar), our documents (Google Documents), and on our health records ending!

The concentration of all our personal information in one single place (i.e. Google internal servers) is what is dangerous.

On a side note: why is that 99% of people who don't agree with me post from anonymous accounts, while those who agree usually use their full names? Hey, I'm not Google, you don't have to be afraid of me ;)

MilkyWhite said...

Joanna, what about taking Yoshi's idea and instead of sucking all of the information into a single token, suck information about the "paths to" the information into a single token? The information could still be secured where it's stored (in multiple places) but information about where it's stored could be condensed, stored, and kept only with its owner. That way you would know where and how your information is stored, including having access to it all, but it wouldn't all be stored together.

Would that be better?

Anonymous said...

Google's money can change even your thoughts :), have fun !

GoranP said...

I totally agree that giving so much information to Google is extremely dangerous. Googles sole purpose is to suck every if not all information that exists on planet Earth. That is enormous power for one private company to have... I believe much greater than monopolistic rule of ...let's say oil companies. Don't take me wrong - I do use google and it's applications because they are quite good, but releasing Health application to general public (that in general is not quite educated about online risks) is really dangerous if not unresponisible. Is there no law that could prevent such kind of public online application?

Robert McArdle said...

...Storing your private email (CHECK)
...Storing all your offline/online documents (CHECK)
...Storing every website you visit (even the dodgy ones)(CHECK)
...Track were you are every minute of the day (calendar)(CHECK)
...Take care of all of your private photos (including THAT one from the christmas party)(CHECK)
...Track all of your friends/family (CHECK)
...And now, look after your entire medical history (including that worrying rash from last year)(CHECK)

At what point should we start to get REALLY worried? I think Joanna is right on Google Thoughts - the only reason that is not a reality is due to technological restrictions - but they most likely have someone working on that.

Anonymous said...

The human factor has already problem

They have plan for us to control us (Google and all Empire)

Only imagine year of 2050
In that year the real problem it is:

The Robots will make news and politics and the humans can defeat with them because they are already robot and hasn’t feel.

I think it is so dangerous!

When we watching the society, (my idea) we will see the untruth humans.
We will see the peoples try to upgrade the bad natures.

We are security men (and J is woman) but the real answer, who are they (other peoples)?
How they can learn the security (the society of 2050)?

Watch this www.nebraskacoeds.com

Do you think these guys are mind? , Do you think the guys can be good mother for their Childs?

What they want learn to their Childs, the sexy dreams?

Sometimes I’m asking from my self, can I secure my future of my family and my self?

Is There any way for do this?

And my idea about our world, we are like little things you can imagine on your mind even little that a computer virus in our universe!

For find real answer you can see the “Horton hears a who” movie (animation), find that on Amazon.

Albert Einstein is quoted as saying,

"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former"

Thank you Joanna , N

Anonymous said...

It's very easy to get data from people. Google is offering free services. People don't care about privacy. Does anybody care? Well, maybe a few of us.

People are the Problem, not Google. People want free services, not privacy. Gadu-Gadu is the most popular IM in Poland. There are over 8 million users. GG don't even have SSL mode. People don't care...

Anonymous said...

'Nineteen Eighty Four' indeed - Orwell never dreamed just how subversively the powers that be would enslave the masses via marketing and media. If we are to believe the things that happen in the world nowadays...look at U.S. Gov't, the controversy in the Middle-East, the environment, capitalism and the never-ending drive to increase profits, well, soon enough its not hard that 2 + 2 is indeed = to 5.

Anonymous said...

Hey Joanna, what do you think of this implementing malicious hardware:-
Any comment?

Joanna Rutkowska said...

Thanks for the link anonymous. This is very interesting, although I very much doubt anybody implementing such a backdoor on e.g. Core 2 Duo. Embedded processors for our phones - maybe, but mainstream PC CPUs - doubtful. In case of modern PC processors I would rather expect somebody infecting the microcode.