Kiziller
@rr.com | reply to Mele20
Re: Chrome Browser (Google) combats IE8's Privacy Tools
Here is an excellent update in a new thread for those of us who are still using Chrome !!!!
»Google's Chrome Browser - Security & Privacy Issues |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
| reply to swhx7
But with clauses like this:
12.1 The Software which you use may automatically download and install updates from time to time from Google. These updates are designed to improve, enhance and further develop the Services and may take the form of bug fixes, enhanced functions, new software modules and completely new versions. You agree to receive such updates (and permit Google to deliver these to you) as part of your use of the Services. You don't know what Chrome will send to Google tomorrow. |
|
swhx7
Premium
join:2006-07-23
Elbonia
 ·RoadRunner Cable
1 edit | reply to Mele20
At many points in the development of the Mozilla/Firefox browsers, there were debates or power struggles pitting the principle of user control against providers of online applications demanding the power to overrule users to make the apps work as intended. For example, website devs wanted the ability to overwrite the status line, manipulate the context menu, suppress the address bar, and similar things, while others said users should be able to prevent such manipulation.
Generally the user-control principle won. But the philosophical conflict goes on. And I think what we have here in Chrome is a browser specially adapted to one company's web-based applications. It's easier for Google to build its own browser than to try to influence the direction of browsers that don't allow them as much control as they'd like.
The danger is that useful web applications will start to depend on specialized clients, leading to the web being re-fragmented into proprietary ghettos. I'd rather see a web with more standards compliance, total control on the client side, and web services adapting to these conditions rather than vice-versa.
Edit:
After posting the above I came to this Register editorial making similar points in more depth. »www.theregister.co.uk/2008/09/04···nalysis/
Also this Cnet article clarifies about what Chrome sends to Google. »news.cnet.com/8301-13860_3-10031661-56.html |
|
NetFixer
Freedom is NOT Free
Premium
join:2004-06-24
Murfreesboro, TN
 ·Vonage
 ·AT&T Southeast
 ·Cingular Wireless
·AT&T CallVantage
| reply to salzan
said by salzan  :That's how I read it too but I don't see how a third party using Chrome to display my website can give Google license to do anything with my content. It can't, but it will be easier to block the browser user agent, than to try to recover damages in court. Google may say that its motto is "Don't be evil", but it is Google who defines what is evil.
--
History does not long entrust the care of freedom to the weak or the timid.
-- Dwight D. Eisenhower
Test your firewall.
Smell the flowers. |
|
SUMware
Premium
join:2002-05-21
2 edits | reply to Mele20
EULA Updated
New EULA version contains: quote:
11. Content license from you
11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services.
Note: Didn't see any other EULA changes at time of this edit. |
|
chrisretusn
Retired
Premium
join:2007-08-13
Philippines
1 edit | reply to sivran
Re: Chrome Browser (Google) combats IE8's Privacy Tools
I am not reading between the lines it is pretty clear with the TOS listed above (Google is revising the TOS by the way) that if I submit pictures using Chrome to a on line photo sharing service I give "Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. (Services being Chrome.)
Edit to add this link
TapTheHive - This Post Not Made In Chrome; Google's EULA Sucks Fixed  |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
| reply to NetFixer
said by NetFixer :I think I may just need to block the Gobble* browser from even accessing my web sites.  * No I did not misspell Google; gobbling up the IP rights of others sounds like what it is intended to do.  That's how I read it too but I don't see how a third party using Chrome to display my website can give Google license to do anything with my content. |
|
sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:
·RoadRunner Cable
| reply to chrisretusn
Re: Chrome Browser (Google) combats IE8's Privacy Tools
Of course it is. But it is not one to which you submit content.
Or do you mean to agree with those who've implied that Chrome automatically streams everything you upload, be it pictures, your clickstream, your posts on dslreports, or whatever else you do with the browser?
Come on man, Google is much more subtle than that. Otherwise they'd be right up there with ABetterInternet, Gator, Zango, and the like.
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon profitable cause... |
|
chrisretusn
Retired
Premium
join:2007-08-13
Philippines
| reply to sivran
said by sivran :I believe part 11.1 to pertain more to such services as YouTube, Docs, Picasa, Pages, Blogger, etc. than to the browser itself. The license applies to "Everything Google" but this clause really doesn't have any bearing on the browser. From the Chrome TOS.
quote:
1.1 Your use of Google’s products, software, services and web sites (referred to collectively as the “Services” in this document and excluding any services provided to you by Google under a separate written agreement)
Chrome is a Google product.
--
Chris
Living in Paradise!! |
|
SUMware
Premium
join:2002-05-21
2 edits | reply to Mele20
Re: Chrome BETA Available
said by Mele20 :I can reproduce the results you got ....anyone can....by cheating. Everyone doing the test correctly sees Fx leaking TPC on the context test. Your cheap attack on my character makes me even more certain that either you don't how to do the tests or you cheated. So, you accuse me of cheating? You are absolutely hilariously stunning!!!
What can I say except that you clearly have more pressing personal issues than TPC. |
|
Mele20
Premium
join:2001-06-05
Hilo, HI
| reply to SUMware
Re: Chrome BETA Available
I can reproduce the results you got ....anyone can....by cheating. Everyone doing the test correctly sees Fx leaking TPC on the context test. Your cheap attack on my character makes me even more certain that either you don't how to do the tests or you cheated.
If you look at the pages there you'll see they are not finished. That is because Steve Gibson decided to work on the DNS Nameserver Spoofability Test and that is almost finished now so he will be finishing up the cookie forensics tests soon.
--
"The same ferocity that our founders devoted to protect the freedom and independence of the press is now appropriate for our defense of the freedom of the internet. The stakes are the same: the survival of our Republic". Al Gore, The Assault on Reason |
|
SUMware
Premium
join:2002-05-21
| reply to Mele20
Google Chrome vulnerable to carpet-bombing flaw
I regret posting this before matunga could bring it to our attention... he must be taking a well deserved siesta.
From ZDNet
September 2nd, 2008 - quote:
Google’s shiny new Web browser is vulnerable to a carpet-bombing vulnerability that could expose Windows users to malicious hacker attacks.
Just hours after the release of Google Chrome, researcher Aviv Raff discovered that he could combine two vulnerabilities — a flaw in Apple Safari (WebKit) and a Java bug discussed at this year’s Black Hat conference — to trick users into launching executables direct from the new browser.
Raff has cooked up a harmless demo of the attack in action, showing how a Google Chrome users can be lured into downloading and launching a JAR (Java Archive) file that gets executed without warning.
In the proof-of-concept, Raff’s code shows how a malicious hacker can use a clever social engineering lure — it requires two mouse clicks — to plant malware on Windows desktops.
The Google Chrome user-agent shows that Chrome is actually WebKit 525.13 (Safari 3.1), which is an outdated/vulnerable version of that browser.
Apple patched the carpet-bombing issue with Safari v3.1.2.
Some Google Chrome early adopters using Windows Vista are reporting that files downloaded from the Internet are automatically dropped on the desktop, setting up a scenario where a combo-attack using this unpatched IE flaw could be used in attacks.
Oh my, "...a combo-attack using using this unpatched IE flaw..."
Well, now we know why matunga hasn't jumped all over this. |
|
SUMware
Premium
join:2002-05-21
| reply to Mele20
Google Says 'Chrome' EULA Was A Mistake
From Ars Technica
September 03, 2008 - quote:
Google on Chrome EULA controversy: our bad, we'll change it
Google's new web browser Chrome is fast, shiny, and requires users to sign their very lives over to Google before they can use it. Today's Internet outrage du jour has been Chrome's EULA, which appears to give Google a nonexclusive right to display and distribute every bit of content transmitted through the browser. Now, Google tells Ars that it's a mistake, the EULA will be corrected, and the correction will be retroactive.
As noted by an attorney at Tap the Hive and various and sundry other sites, the Chrome EULA reads like a lot of Google's other EULAs. It requires users to "give Google a perpetual, irrevocable, worldwide, royalty-free, and nonexclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services."
Google's Rebecca Ward, Senior Product Counsel for Google Chrome, now tells Ars Technica that the company tries to reuse these licenses as much as possible, "in order to keep things simple for our users." Ward admits that sometimes "this means that the legal terms for a specific product may include terms that don't apply well to the use of that product" and says that Google is "working quickly to remove language from Section 11 of the current Google Chrome terms of service. This change will apply retroactively to all users who have downloaded Google Chrome."
It's worth noting that the EULA is largely unenforceable because the source code of Chrome is distributed under an open license. Users could simply download the source code, compile it themselves, and use it without having to agree to Google's EULA. The terms of the BSD license under which the source code is distributed are highly permissive and impose virtually no conditions or requirements on end users.
So, there you have it: a tempest in a (chrome) teapot. Not that it's the only one; as Ina Fried of News.com points out, Chrome's "Omnibar" can also access all keystrokes a user types, and Google will store some of this information along with IP addresses.
[some emphasis added] |
|
OZO
Premium
join:2003-01-17
| reply to dja
Re: Chrome Browser (Google) combats IE8's Privacy Tools
You're right.
If they want to reserve a limit for throughput via their Services I think what they're going to do is they will provide users with their own version of content (which they want to copy, modify, etc.) and users will take it from their servers instead of real source. Content providers in the Internet may be wrapped with Google Service proxy even if they don't know about it. And stream revenue goes...
It's just a wild guess, but so far they're doing all to make it happen...
--
Keep it simple, it'll become complex by itself... |
|
SUMware
Premium
join:2002-05-21
| reply to Mele20
The Register's 'Hal-Chrome' Logo |
3rd September 2008 - quote:
Astute Reg readers have pointed out a Chrome condition of service that effectively lets Google use any of your copyrighted material posted to the web via Chrome without paying you a cent.
...the relevant section 11.1 of the Chrome EULA...
But you may be posting material via Chrome to your employer's site and it owns the copyright of anything you create in work time. What then if Google adapts, modifies and distributes it? Your fan has brown stuff all over it but none of it sticks to Google.
Copyright-sensitive sysadms may banish Chrome from their networks because of this.
|
|
sivran
Long Live The Suite
Premium
join:2003-09-15
Arlington, TX
clubs:
·RoadRunner Cable
| reply to kvn864
said by kvn864 :said by chrisretusn :Why I will not use Chrome. 11. Content license from you 11.1 You retain copyright and any other rights you already hold in Content which you submit, post or display on or through, the Services. By submitting, posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any Content which you submit, post or display on or through, the Services. This license is for the sole purpose of enabling Google to display, distribute and promote the Services and may be revoked for certain Services as defined in the Additional Terms of those Services.
11.2 You agree that this license includes a right for Google to make such Content available to other companies, organizations or individuals with whom Google has relationships for the provision of syndicated services, and to use such Content in connection with the provision of those services. 11.3 You understand that Google, in performing the required technical steps to provide the Services to our users, may (a) transmit or distribute your Content over various public networks and in various media; and (b) make such changes to your Content as are necessary to conform and adapt that Content to the technical requirements of connecting networks, devices, services or media. You agree that this license shall permit Google to take these actions. Some of us really will pay attention to that. Can someone explain in simple language what info they collect and how? Is it what you type in the Chrome, or sites you visit? Thanks. I believe part 11.1 to pertain more to such services as YouTube, Docs, Picasa, Pages, Blogger, etc. than to the browser itself. The license applies to "Everything Google" but this clause really doesn't have any bearing on the browser.
We've also seen that clause before in GeoCities, years ago. Basically it meant that anything you upload to them became theirs and they had rights to use it, forever and ever, no matter if you closed your account or not. People raised a stink, and it got changed such that once you remove the material or cancel, that also revoked their right to display/use it in any fashion.
The change to be made here is to limit those rights to the lifetime of the account or the media contained within it, whichever dies first.
--
The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no warrants shall issue, but upon profitable cause... |
|
dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
 ·Verizon FIOS
| reply to Nerdtalker
said by Nerdtalker :This whole "spawns a new process for each tab" business is nice, but anyone else notice that RAM use is out of control? I just had 4 or 5 tabs open and each of them was eating up a good 40-60 MB apiece. In XP at least (i.e., the only one I can look at right now), the 'Mem Usage' column is the working set size for the process. Pages in the working set may be shared in physical memory.
In other words, 2+2 may equal 2, 3, or 4, if it's virtual memory you're talking about. |
|
