Another entry in the internet security hall of shame....

Steven M. Bellovin smb at cs.columbia.edu
Fri Aug 26 15:59:15 EDT 2005


In message <91981b3e05082612381f919c1d at mail.gmail.com>, Chris Kuethe writes:
>On 8/26/05, Steven M. Bellovin <smb at cs.columbia.edu> wrote:
>> ...
>> If you don't trust your (or your correspondents') IM servers, it may be
>> a different situation.  I haven't read Google's privacy policies for
>> IM; if it's anything like gmail, they're using automated tools that
>> look at your messages and add to your behavioral profile.  As Peter
>> said, though, you can always run your own server or find one that you
>> do trust.
>
>Got a nice little surprise yesterday when I [ge]mailed someone, and
>moments later gaim beeps at me. Checking gaim, I see that suddenly
>these users had been added to my gaim/gtalk buddies list without my
>intervention. Grrrrrr....

Yup -- documented in the Googletalk pages.
>
>Anyway, I wouldn't be the least bit surprised if somewhere down the
>road a folder called "archived gtalk" shows up in gmail where you can
>search through all your old conversations.
>
That wouldn't be a surprise at all -- a number of IM programs, 
including at least Gabber and Psi, keep local logs.  Given Google's 
core competency of retaining searchable data, one would expect them to 
do that.

But this underscores one of my points: communications security is fine, 
but the real problem is *information* security, which includes the 
endpoint.  (Insert here Gene Spafford's comment about the Internet, 
park benches, cardboard shacks, and armored cars.)

		--Steven M. Bellovin, http://www.cs.columbia.edu/~smb



---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list