inici   obs. meteorològic   samplesets   fotos   esmuc   joies de fusta   rossi   campanes   ref.colomina   voltforum   index   cercador   webmail    
 CEWT diumenge 23 de novembre 2014  
Pàgines: 1 
Citar Citar 
No tinc facebook, ni messenger, ni linkedin, ni myspace, ni google+, ni gmail ni res que s'hi assembli.
 
 
He provat això del Facebook. I ja m'he donat de baixa, ho sento pels "amics" que m'havien afegit. Com si no passés prou hores davant l'ordinador!
 
A més de consideracions de seguretat (una gran empresa amb tantes dades personals i fins i tot íntimes de tanta gent, no em fa ni mica de gràcia del mal ús que en puguin fer ells o d'altres que accedeixin a la seva base de dades), és una pèrdua de temps considerable per, a canvi, relativament poca informació. D'acord que es pot estar en contacte amb molta gent, però com diu un anunci d'una altra cosa: HI HA VIDA MÉS ENLLÀ DE LA PANTALLA. Només falta que ens alienem tant que ens relacionem amb els coneguts d'aquesta manera.
 
En canvi, des de sempre, m'han agradat molt més els fòrums. És més immaterial. No conec personalment gairebé ningú de personatges amb qui comunico sovint, fins i tot intensament. Prefereixo no arribar-los a conèixer mai físicament, que hi hagi només intercanvi intel·lectual per dir-ho d'alguna manera. El Facebook espatllaria ben ràpid aquesta particularitat, de fet, ha estat a punt d'espatllar-ho, per això l'he aturat en sec.
 
Hi ha un altre aspecte, el de la solitud. La solitud pot ser trista, buida, però és aquesta buidor la que ens empeny cap el nostre interior, és una gran font de creativitat i generadora de grans idees. Arthur Schopenhauer digué: "die Einsamkeit ist das Los aller hervorragenden Geister; sie werden solche bisweilen beseufzen, aber stets als das kleinere von zwei Übeln erwählen" - la solitud és la sort de totes les ments extraordinàries; de vegades se'n lamentaran, però sempre la preferiran posats a triar entre dos inconvenients.
 
El Facebook ens camufla la solitud, però només és un miratge: seguim sols, sense estar sols, i sense sentir la tan necessària solitud.
WWW pc (csct
kskt ^X^XMMCCLX m.), VII.XII.MMVIII a les XII:XXXVII:XIV UTC IP registrada
Citar Citar 
Doncs bé, vegi's a on porta això:
 
http://consumerist.com/5150175/facebooks-new-terms-of-service-we-can-do-anything -we-want-with-your-content-forever
 
 
*
Facebook's New Terms Of Service: "We Can Do Anything We Want With Your Content. Forever."
By Chris Walters, 6:14 PM on Sun Feb 15 2009, 566,515 views

This post has generated a lot of responses, including from Facebook. Check them out here.

Facebook's terms of service (TOS) used to say that when you closed an account on their network, any rights they claimed to the original content you uploaded would expire. Not anymore.

Now, anything you upload to Facebook can be used by Facebook in any way they deem fit, forever, no matter what you do later.* Want to close your account? Good for you, but Facebook still has the right to do whatever it wants with your old content. They can even sublicense it if they want.

You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof.

That language is the same as in the old TOS, but there was an important couple of lines at the end of that section that have been removed:

You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.

Furthermore, the "Termination" section near the end of the TOS states:

The following sections will survive any termination of your use of the Facebook Service: Prohibited Conduct, User Content, Your Privacy Practices, Gift Credits, Ownership; Proprietary Rights, Licenses, Submissions, User Disputes; Complaints, Indemnity, General Disclaimers, Limitation on Liability, Termination and Changes to the Facebook Service, Arbitration, Governing Law; Venue and Jurisdiction and Other.

Make sure you never upload anything you don't feel comfortable giving away forever, because it's Facebook's now.

....
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #I XVIII.II.MMIX a les XVIII:VI:LVI UTC IP registrada
Citar Citar 
O sigui que jo m'acullo al meu dret a la propia imatge i a la intimitat i ells poden fer el que els doni la real gana i passar-se'm per l'entrecuix. Molt noecon.
Email esbarsabina ( CLXXVI m.), Resposta #II XIX.II.MMIX a les XII:XLVI:XVIII UTC IP registrada
Citar Citar 
La xarxa social controla els 'trending topic' amb un algoritme secret. Periodistes i experts esbossen a l'Ara.cat les ombres de l'eina més revolucionària dels últims anys
 
ISAAC SALVATIERRA
 
Barcelona | Actualitzada el 25/09/2011 20:40
 
http://www.ara.cat/xarxes/twitter-hashtag-trending_topic_0_560944044.html
 
Twitter s'ha convertit en un termòmetre del dia a dia. Una àgora pública on abocar-hi les cabòries ciutadanes. Un lloc d'expressió, sovint fora de l'opinió general. La xarxa de missatges curts és una eina idònia per denunciar-hi injustícies. Twitter és immediat i això encanta als periodistes. D'aquí que un trending topic de seguida sigui notícia. No hi ha res millor que un bon hashtag (l'etiqueta que permet classificar els tuits per temes) per fer activar l'instint periodísitic.
 
La setmana passada, sense anar més lluny, #rtvedetodos va denunciar amb més força que ningú la decisió del consell d'administració de RTVE de tenir accés a l'edició de les notícies abans que s'emetin. El rebombori general va fer que en 24 hores la decisió quedés revocada.
 
Rectificar a cop de TT (trending topic): algú ja ho ha anomenat Twittocràcia. Espanya va viure la primera revolució per mòbil el 13-M: les manifestacions ciutadanes davant les seus del PP la vigília de les eleccions generals de 2004 per reclamar explicacions sobre l'autoria dels atemptats de Madrid. Concentracions espontànies convocades via sms amb un "pásalo" al final. Un gran primer assaig del que permet fer ara la tècnica amb un mòbil intel·ligent i una xarxa social.
 
Però la Twittocràcia també té ombres. Poca transparència, facilitat per escampar rumors... Periodistes i experts en noves tecnologies esbossen a l'Ara.cat els punts febles de la vigilància 2.0.
 
1. Poca transparència: TT i la fórmula de la Coca-cola
 
TT: Trending topic. És el top 10 dels hashtags més usats del dia. Aparèixer al llistat de TT global o estatal et converteix sovint en notícia. D'aquí la influència que està exercint aquest llistat diari de temes calents. Però, qui controla els TT? Els controla Twitter. Albert Cuesta, analista en tecnologies de la informació i col·laborador de l'ARA, adverteix dels riscos de donar-hi massa importància. "No coneixem l'algoritme, no sabem quins criteris fan que un hashtag passi per davant d'un altre, no hi ha cap mena de transparència, és una caixa negra que s'escapa del nostre control", alerta Cuesta. "L'algoritme és tant secret com la fórmula de la Coca-cola i de vegades pot interessar que un tema passi per davant d'un altre", conclou. No cal oblidar que el primer TT està patrocinat.
 
La setmana passada #twitterencatala va arribar amb penes i treballs al TT espanyol. L'objectiu de convertir-se en TT mundial va quedar lluny. Per què algunes etiquetes es col·loquen de seguida al top 10 (#elconvidat, dilluns passat, per exemple) i altres pugen tant lentament? Cuesta desconfia dels criteris de Twitter. Aquesta mateixa setmana passada hi va haver crítiques entre els tuitaires nord-americans arran de l'execució de Troy Davis als Estats Units. Alguns usuaris van detectar que el hashtag de la campanya per reclamar que s'aturés la sentència de mort desapareixia del TT.
 
El periodista Juan Varela reclama un "veritable control" públic sobre el funcionament de les xarxes socials. "Les xarxes socials són obscures i exerceixen un control 2.0 sobre els continguts, dades, algoritme i participació que ningú controla ni és capaç de fiscalitzar. En pocs anys de vida ja tenen una llarga història de censura, decisions arbitràries sobre continguts i grups", remarca.
 
2. Eina generacional: no tothom és a Twitter
 
La força que va adquirir el moviment dels indignats a Twitter es correspon a la realitat? Twitter és una eina del segle XXI en què tothom hi és benvingut, però no tothom té les mateixes facilitats per ser-hi. Per què el drama de les pensions no té visibilitat a Twitter? Segurament perquè els pensionistes no tenen Twitter.
 
Diu Varela: "Les xarxes socials tenen el valor de donar visibilitat a altres veus, però la debilitat de sobrerepresentar grups i opinions. La gent s'ha adonat que pot reaccionar ràpidament i llançar causes amb resposta immediata de l'opinió pública o dels implicats. Aquesta estratègia està funcionant i toca als mitjans afegir informació i fonts que permetin valorar la seva vertadera influència i impacte".
 
3. Cau de rumors: cal contrastar, com sempre
 
Twitter és una eina ideal per difondre notícies abans que ningú però també ho és per difondre rumors falsos. Des de fa uns mesos, les notícies d'última hora han deixat de donar-les les agències de notícies. Ara neixen a Twitter. De vegades, de fonts poc clares. Les presses i les males praxis periodístiques poden jugar males passades. Fa uns dies, una notícia falsa sobre la mort del regidor del PP Alberto Fernández Díaz, va evidenciar-ho.
 
El periodista de RAC1 Xavi Bundó, encarregat de fer la selecció diària dels temes més destacats d'internet a El Món a RAC1 de Jordi Basté, diu que cal posar els cinc sentits per no deixar-se endur per les eufòries de Twitter. "És una gran eina per detectar notícies i temes que preocupen els ciutadans, però no podem donar a Twitter la clau de la realitat", afirma. Res de nou, per tant. Twitter és una nova font d'informació, però com a font d'informació cal contrastar-la i verificar-la.
 
4. La moda del coixinet
 
El periodista Saül Gordillo, consultor d'El Periódico en matèria de social mèdia, troba que el Twitter és una eina revolucionària però també ha detectat una certa obsessió pels TT i pels hashtag entre els mitjans de comunicació. Un recurs, de vegades buit, per mostrar modernitat. "Hi ha un cert esnobisme a l'hora de destacar cada matí a les ràdios els hashtags del dia, de vegades sense massa sentit", diu. Creu, però, que d'aquí un temps tot es tornarà a posar al seu lloc. Gordillo també desconfia dels TT. Amb tot, troba que el hashtag és una gran manera d'organitzar els tuits. És una via d'explorar fora del seu timeline i de posar-se en contacte amb usuaris de Twitter a qui no segueix.
 
5. No hi ha control possible: Twitter no fa públic l'arxiu
 
Twitter només mostra els últims 1.500 tuits d'un usuari o etiqueta. L'empresa amaga informació. O millor dit: se la ven. El gran negoci potencial de la xarxa de microblogging són les dades amagades darrere els 140 caràcters de cada tuit (informació valuosa sobre l'usuari i els seus gustos). La xarxa ofereix el seu flux de dades en temps real a unes poques empreses i lloga el seu arxiu complet. La resta del món només té accés als últims 1.500 tuits.
 
Tot plegat, segons Albert Cuesta, fa impossible que se'n pugui fer un control públic i debilita la xarxa social. No podem saber del cert, per exemple, quants tuits es van fer amb el hashtag #twitterencatala durant la campanya per situar-lo com a TT.
 
A Catalunya, Twit.cat té emmagatzemats més de 800.000 tuits, a través d'un sistema d'arxiu propi. La comunitat catalana de tuitaires organitza els tuits de més de 16.000 usuaris i elabora minut a minut un TT alternatiu. Dani Casanovas, fundador de Twit.cat i director de l'empresa Initec, assegura que no exerceixen cap mena de control sobre el 'trending topic'. Com que per ser membre de la comunitat has de seguir el compte de Twitter de Twit.cat, de vegades envien alguns tuits patrocinats, i aquests són els seus ingressos. Però no tenen TT patrocinats.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #III XXVI.IX.MMXI a les I:XL:VIII UTC IP registrada
Citar Citar 
http://yro.slashdot.org/story/11/10/18/1429223/facebook-is-building-shadow-profi les-of-non-users?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Slashdot%2Fslashdot+%28Slashdot%29
 
Facebook Is Building Shadow Profiles of Non-Users 278
Posted by timothy on Tuesday October 18, @11:09AM
from the list-of-users-who-don't-exist dept.
An anonymous reader writes "As noted previously, Max Schrems of Europe Versus Facebook has filed numerous complaints about Facebook's data collection practices. One complaint that has failed to draw much scrutiny regards Facebook's creation of Shadow Profiles. 'This is done by different functions that encourage users to hand personal data of other users and non-users to Facebook... (e.g. synchronizing mobile phones, importing personal data from e-mail providers, importing personal information from instant messaging services, sending invitations to friends or saving search queries when users search for other people on facebook.com). This means that even if you don't use it, you may already have a profile on Facebook.'"
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #IV XVIII.X.MMXI a les XXI:II:XV UTC IP registrada
Citar Citar 
Encara més: tot i no utilitzar-lo, Facebook va enregistrant tots els moviments que fem, al web i físicament:
 
http://lifehacker.com/5843969/facebook-is-tracking-your-every-move-on-the-web-he res-how-to-stop-it
 
Facebook Is Tracking Your Every Move on the Web; Here’s How to Stop It

Facebook Is Tracking Your Every Move on the Web; Here's How to Stop It Over the weekend, Dave Winer wrote an article at Scripting.com explaining how Facebook keeps track of where you are on the web after logging in, without your consent. Nik Cubrilovic dug a little deeper, and discovered that Facebook can still track where you are, even if you log out. Facebook, for its part, has denied the claims. Regardless of who you believe, here's how to protect yourself, and keep your browsing habits to yourself.

The whole issue has stirred up a lot of debate in privacy circles over the past few days. Here's what the fuss is about, and what you can do to protect your privacy if you're worried.

Facebook Is Tracking Your Every Move on the Web; Here's How to Stop It
The Issue: Facebook's Social Apps are Always Watching

For quite some time now, Facebook's user tracking hasn't been limited to your time on the site: any third-party web site or service that's connected to Facebook or that uses a Like button is sending over your information, without your explicit permission. However, Winer noticed something mostly overlooked in last week's Facebook changes: Facebook's new Open Graph-enabled social web apps all send information to Facebook and can post to your profile or share with your friends whether you want them to or not.

Essentially, by using these apps, just reading an article, listening to a song, or watching a video, you're sending information to Facebook which can then be automatically shared with your friends or added to your profile, and Facebook doesn't ask for your permission to do it. Winer's solution is to simply log out of Facebook when you're not using it, and avoid clicking Like buttons and tying other services on the web to your Facebook account if you can help it, and he urges Facebook to make its cookies expire, which they currently do not.

Facebook Is Tracking Your Every Move on the Web; Here's How to Stop It
Digging Deeper: Logging Out Isn't Enough

Nik Cubrilovic looked over Winer's piece, and discovered that logging out of Facebook, as Winer suggests, may deauthorize your browser from Facebook and its web applications, but it doesn't stop Facebook's cookies from sending information to Facebook about where you are and what you're doing there.

Writing at AppSpot, he discovered that Facebook's tracking cookies-which never expire, are only altered instead of deleted when a user logs out. This means that the tracking cookies still have your account number embedded in them and still know which user you are after you've logged out.

That also means that when you visit another site with Facebook-enabled social applications, from Like buttons to Open Graph apps, even though you're a logged out user, Facebook still knows you're there, and by "you," we mean specifically your account, not an anonymous Facebook user. Cubrilovic notes that the only way to really stop Facebook from knowing every site you visit and social application you use is to log out and summarily delete all Facebook cookies from your system.

Facebook Is Tracking Your Every Move on the Web; Here's How to Stop It
Why You Should Care

If you're the type of person who doesn't really use Facebook for anything you wouldn't normally consider public anyway, you should take note: everything you do on the web is fair game. If what Cubrilovic and Winer are saying is true, Facebook considers visiting a web site or service that's connected to Facebook the same thing as broadcasting it to your friends at worst, and permission for them to know you're there at best.

Facebook says that this has nothing to do with tracking movements, and that they have no desire to collect information about where you are on the web and what you're doing. They want to make sure that you can seamlessly log in at any time to Facebook and to sites and services that connect with it and share what you're doing.

In fact, a number of Facebook engineers have posted comments to Winer's original post and Cubrilovic's analysis pointing this out. There's also some excellent discussion in this comment thread at Hacker News about the issue as well. Essentially, they say this is a feature, not a problem, so if you have an issue with it, it's up to you to do something about it.
What Can I Do About It?

Whether or not Facebook is tracking your browsing even when you're logged out, if you don't want third-party sites to send data to Facebook, you have some options. You could scrub your system clean of all Facebook.com cookies every time you use Facebook, but a number of developers have already stepped up with browser extensions to block Facebook services on third-party sites. Here are a few:

* Facebook Privacy List for Adblock Plus is perfect for those of you who already have AdBlock Plus installed (get ABP for Chrome or Firefox). Just download the subscription and add it to AdBlock Plus to specifically block Facebook plugins and scripts all over the web—including the Like button-whenever you're not visiting Facebook directly.
* Facebook Disconnect for Chrome keeps Facebook from dropping those tracking cookies on your system in the first place, and disables them when you're finished using Facebook-enabled services. It's essentially an on/off switch for third-party access to Facebook servers, meaning you'll still be able to log in to Facebook and use the site normally, but when you're visiting another site or using another application, that site or service won't be able to use your information to communicate with Facebook.
* Facebook Is Tracking Your Every Move on the Web; Here's How to Stop It Disconnect for Chrome and Firefox is a new plugin from the developer behind Facebook Disconnect, but it doesn't stop with Facebook. Disconnect takes protection to a another level and blocks tracking cookies from Facebook, Google, Twitter, Digg, and Yahoo, and prevents all of those services from obtaining your browsing or search history from third party sites that you may visit. The app doesn't stop any of those services from working when you're visiting the specific sites, for you can still search at Google and use Google+, but Google's +1 button likely won't work on third party sites, for example. The extension also lets you see how many requests are blocked, in real time as they come in, and unblock select services if, for example, you really want to Like or +1 an article you read, or share it with friends.

Ultimately, the goal of all of these tools is to give you control over what you share with Facebook or any other social service, and what you post to your profile, as opposed to taking a backseat and allowing the service you're using to govern it for you. What's really at issue is exactly how deep Facebook has its fingers into your data, and how difficult they-and other social services-make it to opt out or control what's sent or transmitted. That's where extensions like these come in.

However you feel about it, Facebook likely won't change it in the near future. If you're concerned, you should to take steps to protect your privacy. As a number of commenters at Hacker News point out, it's not that there's anything inherently "good" or "evil" about what Facebook is doing-that would be oversimplifying an already complex topic. It's really an opt-in/opt-out issue.

What do you think of the assertions? Do you think Facebook has a vested interest in knowing as much about you and your browsing habits as possible, or is this much ado about nothing? Share your thoughts in the comments below.

Update: Nic Cubrilovic has posted an update to his story after discussing the matter with Facebook engineers. They have agreed to make changes to the way their cookies are stored and handled so your account information is not present when you log out of Facebook.

However, while Facebook has changed its cookie-handling process, the cookies are still retained and not deleted after logout, and do not expire. They remove your account information when you log out, but they still contain some non-personal data about your browser and the system you're using. Nic still recommends you clear your Facebook cookies after every session, and we still suggest that if you're concerned, that you do the same, and try one of the extensions above, or Priv3 or Firefox to protect yourself.
You can reach Alan Henry, the author of this post, at alan@lifehacker.com, or better yet, follow him on Twitter or Google+.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #V XVI.XI.MMXI a les IX:XXI:XLVI UTC IP registrada
Citar Citar 
Els Twits esborrats no s'han esborrat pas realment, estan arxivats i hi ha que els pot veure i suar. No és doncs veritat el que ens deien, que es poden esborrar!
 
http://www.federalnewsradio.com/?nid=239&sid=2658996
 
Library of Congress to receive entire Twitter archive

Wednesday - 12/7/2011, 12:34am ET
speaker icon Listen
Bill Lefurgy, digital initiatives program manager, Library of Congress

Download
By Michael O'Connell
Web Editor
Federal News Radio

The Library of Congress and Twitter have signed an agreement that will see an archive of every public Tweet ever sent handed over to the library's repository of historical documents.

"We have an agreement with Twitter where they have a bunch of servers with their historic archive of tweets, everything that was sent out and declared to be public," said Bill Lefurgy, the digital initiatives program manager at the library's national digital information infrastructure and preservation program. The archives don't contain tweets that users have protected, but everything else — billions and billions of tweets — are there.

Lefurgy joined the Federal Drive with Tom Temin and Amy Morris Tuesday morning to talk about the library's digital mission.

Using new technical processes it has developed, Twitter is moving a large quantity of electronic data from one electronic source to another. "They've had to do some pretty nifty experimentation and invention to develop the tools and a process to be able to move all of that data over to us," Lefurgy said.

The Library of Congress has long been the repository of important, historical documents and the Twitter library, as a whole, is something historic in itself.

"We were excited to be involved with acquiring the Twitter archives because it's a unique record of our time," Lefurgy said. "It's also a unique way of communication. It's not so much that people are going to be interested in what you or I had for lunch, which some people like to say on Twitter."

Researchers will be able to look at the Twitter archive as a complete set of data, which they could then data-mine for interesting information.

"There have been studies involved with what are the moods of the public at various times of the day in reaction to certain kinds of news events," Lefurgy said. "There's all these interesting kinds of mixing and matching that can be done using the tweets as a big set of data."

One benefit for the Library of Congress in receiving this large data set is that it's been forced to stretch itself technologically.

"It's been difficult at times," Lefurgy said. "But we firmly believe that we have to do this kind of thing because we anticipate that we'll be bringing in large data sets again into the future. We don't know specifically what, but certainly there's no sign of data getting smaller or less complicated or less interesting."

The library's Twitter partnership comes amid a renewed push by the administration and the National Archives and Records Administration for federal agencies to better archive their own social media postings and emails as potential government records.

"We're basically in the same situation as the National Archives, only on a much larger scale," Lefurgy said. "We tend to have a much larger perspective in terms of what we collect."
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #VI VIII.XII.MMXI a les XIV:XLVI:II UTC IP registrada
Citar Citar 
Els perills de les grans empreses que controlen molt el veiem en la benvinguda que google ha donat a la majoria absoluta del PP traduint noms propis, places i carrers de Catalunya a l'espanyol. Molts catalans encara confien en gmail, tot i això. Diuen que és un error tècnic, cosa que costa de creure per molts motius. Una traducció massiva així només pot ser política, i algú deu haver pagat per això, amb crisi o sense. Indecència!
padron_cruz.jpg
padron_cruz.jpg
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #VII XVII.XII.MMXI a les -:XV:XXXIII UTC IP registrada
Citar Citar 
I ara Google...
 
Polèmic canvi de la politica de confidencialitat de dades de Google

Amb la mesura, d'acceptació obligatòria i que entrarà en vigor l'1 de març, la companyia californiana podrà seguir els passos dels usuaris en qualsevol programa

Google ha anunciat una revisió profunda, i polèmica, de les condicions d'ús dels seus serveis i de la gestió de la informació personal dels seus milions d'usuaris. L'empresa justifica el canvi, d'acceptació obligatòria per a tots els usuaris i que entrarà en vigor l'1 de març, per millorar l'experiència i la comoditat dels internautes. Amb tot, la nova normativa ha aixecat molta suspicàcia perquè Google fusionarà una seixantena de regles de funcionament en una de sola i obtindrà així una visió global de cada usuari. Això li permetrà, per exemple, creuar dades i seguir les seves activitats en qualsevol servei.

'En resum, tractarem els usuaris com un usuari únic a través de tots els nostres productes', afirma Google: 'Hem rescrit la política de confidencialitat de Google de la A a la Z perquè sigui més simple i comprensible.'

Amb aquesta nova normativa, diu la companyia, els internautes obtindran millors resultats en les seves cerques, perquè Google s'encarregarà d'analitzar les peticions garbellant informacions en tots els seus serveis: 'Podem arribar a dir-los que arribaran tard a una cita si opten per anar per un camí determinat, perquè podrem analitzar la seva agenda, la situació on es troben i les condicions del trànsit.'

Per primera vegada, doncs, Google començarà a combinar dades repartides en desenes de serveis que té en línia, per a obtenir un perfil més concret i molt més detallat dels seus usuaris. L'anunci de la nova política de gestió de dades ja ha generat tot de suspicàcies entre associacions de consumidors i de protecció de dades, i al portal tecnològic Gizmodo ja qualifiquen la mesura com la fi de la política de cara amable de Google respecte als usuaris.

En el comunicat específic, Google es compromet a mantenir la seva política d'alliberament de dades, per la qual tot usuari teòricament pot recuperar la seva informació quan vulgui. També insisteix que no es vendrà ni compartirà amb tercers la informació personal dels usuaris sense permís.

 
 
http://www.vilaweb.cat/noticia/3975610/20120125/google-unifica-politica-confiden cialitat-dades-seixanta-serveis.html
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #VIII XXV.I.MMXII a les XII:XL:XXXIX UTC IP registrada
Citar Citar 
http://www.ara.cat/xarxes/Twitter-podra-aplicar-censura-territoris_0_635336539.h tml
 
 
Twitter podrà aplicar censura per territoris

La xarxa social ha desenvolupat un sistema de censura per impedir que missatges inadequats per algunes cultures o països puguin estar a l'abast d'usuaris en els territoris afectats
EFE

Los Angeles | Actualitzada el 27/01/2012 07:18

La xarxa social Twitter ha anunciat aquest divendres que ha desenvolupat un sistema de censura per impedir que missatges que puguin resultar inadequats en algunes cultures o països puguin estar a l'abast dels usuaris en els territoris afectats, ha informat en el seu bloc la companyia californiana.

Per justificar la mesura, Twitter argumenta que la idea de llibertat d'expressió s'entén de forma diversa en diferents llocs del planeta, i posa com a exemple que governs com el de França o Alemanya prohibeixen la publicació de continguts favorables al nazisme.

"Fins ara, l'única manera que podríem ajustar-nos als límits d'aquests països era retirant el contingut globalment. A partir d'avui, tenim la possibilitat de retenir continguts d'usuaris en un país específic al temps que està disponible a la resta del món", explica Twitter en el seu portal.

No concreta criteris

La xarxa social no deixa clar en la seva publicació com determinarà exactament quins missatges sobrepassen el dret a la llibertat d'expressió a cada país, si bé a la seva pàgina d'ajuda a l'usuari apunta que el bloqueig de tuitea respondrà a una sol · licitud per part d'una "entitat autoritzada".

"En el nostre continu esforç per fer que els nostres serveis estiguin disponibles a tot arreu, si rebem una petició vàlida i apropiada d'una entitat autoritzada, pot ser necessari impedir l'accés de cert contingut en un país determinat de tant en tant", ha indicat.

Twitter ha insistit que vetllarà per la transparència del procés de censura de tuiteig i notificarà als usuaris que el contingut sigui restringit i marcarà el missatge amb un avís que expliciti que ha estat vetat.
censura-twitter_araima20120127_0064_24.jpg
censura-twitter_araima20120127_0064_24.jpg
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #IX XXVII.I.MMXII a les XII:III:III UTC IP registrada
Citar Citar 
Moltes coses sospitoses.
 
Visualització prèvia: Política de privadesa

Aquesta Política de privadesa tindrà efecte a partir de l’1 de març de 2012 i substituirà la Política de privadesa existent. Consulti la nostra pàgina d’informació general per obtenir-ne més detalls.

Última modificació: 1 de març de 2012 (vegeu versions arxivades)

Podeu utilitzar els nostres serveis de moltes maneres, tant per buscar i compartir informació com per comunicar-vos amb altres usuaris o crear contingut nou. Quan compartiu dades amb nosaltres (per exemple, quan creeu un Compte de Google), podem millorar encara més aquests serveis mostrant-vos resultats de cerca i anuncis més rellevants, ajudant-vos a posar-vos en contacte amb altres usuaris o permetent-vos compartir contingut amb altres usuaris de manera més ràpida i senzilla. Com a usuaris dels nostres serveis, us volem informar clarament sobre com fem servir les vostres dades i com podeu protegir la vostra privadesa.

La present Política de Privadesa descriu:

* quines dades recollim i amb quina finalitat ho fem;
* com utilitzem aquestes dades;
* les opcions que oferim, incloent-hi com accedir a les dades i com actualitzar-les.

Hem intentat proporcionar una descripció senzilla, però si no esteu familiaritzat amb termes clau com “galetes”, “adreça IP”, “pixel tags” i “navegador”, informeu-vos sobre el seu significat abans de continuar. La vostra privadesa és important per a Google, per la qual cosa, independentment de si sou un usuari nou o un usuari experimentat, us recomanem que llegiu la nostra política i us poseu en contacte amb nosaltres amb nosaltres si teniu qualsevol dubte.
Dades recollides per Google

La recollida de dades es fa per millorar el servei que oferim a tots els nostres usuaris, des d’aspectes bàsics com deduir l’idioma que parlen fins a aspectes més complexos com determinar quins anuncis els poden ser de més utilitat o quins usuaris són més importants per a ells a Internet.

La recollida de dades es duu a terme de dues maneres:

*

La informació que vostè ens proporciona. Per exemple, molts dels nostres serveis requereixen que s’inscrigui en un compte de Google. Durant aquest procés us demanarem una sèrie de dades personals com, per exemple, el nom, l’adreça de correu electrònic, el número de telèfon o les dades de la targeta de crèdit. Per aprofitar al màxim les funcions de compartir que us oferim, potser també us demanarem que creeu un Perfil públic de Google, que pot incloure el vostre nom i una fotografia.
*

Dades que obtenim a través de la utilització dels nostres serveis. Podem recollir dades sobre quins serveis feu servir i com els feu servir, per exemple, quan visiteu una pàgina web que utilitzi els nostres serveis publicitaris o quan visualitzeu o interactueu amb els nostres anuncis i el nostre contingut. Aquestes dades inclouen:
o

Dades sobre el dispositiu

Podem recollir dades específiques sobre el vostre dispositiu (per exemple, el model de l’equip, la versió del sistema operatiu, els identificadors únics i les dades sobre la xarxa mòbil, incloent-hi el número de telèfon). Google pot associar els identificadors del vostre dispositiu o el vostre número de telèfon amb el vostre Compte de Google.
o

Dades de registre

Quan utilitza els nostres serveis o visualitza continguts proporcionats per Google, és possible que recollim i emmagatzemem automàticament alguna informació als registres del servidor. Això pot incloure:
+ informació detallada sobre com utilitzeu el nostre servei, per exemple, les vostres consultes de cerca;
+ - dades telefòniques com, per exemple, el vostre número de telèfon, el número de la persona que fa la trucada, els números de desviament, l’hora i la data de les trucades, la durada de les trucades, informació sobre encaminament de missatges SMS i tipus de trucades;
+ l’adreça IP;
+ informació sobre el vostre dispositiu com, per exemple, errors, activitat del sistema, ajustaments del maquinari, tipus de navegador, idioma del navegador, data i hora de la vostra sol·licitud i URL de referència;
+ galetes, que permetran identificar el vostre navegador o el vostre Compte de Google.
o

Dades sobre la ubicació física

Quan utilitzeu un servei de Google que pugui registrar la vostra ubicació física, podem recollir i tractar les dades sobre la vostra ubicació real, per exemple, els senyals de GPS enviats per un dispositiu mòbil. També podem utilitzar diferents tecnologies per determinar la vostra ubicació, com les dades dels sensors del vostre dispositiu, que proporcionen, per exemple, informació sobre els punts d’accés Wi-Fi i les antenes de telefonia mòbil més properes.
o

Números exclusius d’aplicació

Alguns serveis inclouen un número d’aplicació únic. Aquest número i la informació sobre la seva instal·lació (per exemple, el tipus de sistema operatiu i el número de versió de l’aplicació) es pot enviar a Google quan instal·li o desinstal·li aquest servei o quan el servei contacti de manera periòdica amb els nostres servidors, com ara per realitzar actualitzacions automàtiques.
o

Emmagatzematge local

Podem recollir i emmagatzemar dades (incloent-hi dades de caràcter personal) de manera local en el vostre dispositiu emprant mecanismes com l’emmagatzematge web del navegador (incloent-hi HTML 5) i memòries cau de dades d’aplicacions.
o

Galetes i identificadors anònims

Utilitzem diverses tecnologies per recollir i emmagatzemar dades quan accediu a un servei de Google, incloent-hi l’enviament d’una o més galetes o identificadors anònims al vostre dispositiu. També fem servir les galetes i els identificadors anònims quan interactueu amb els serveis que oferim als nostres partners, com els serveis de publicitat o les funcions de Google que poden aparèixer en altres pàgines web.

Com utilitzem les dades recollides

Les dades que recollim a través de tots els nostres serveis s’utilitzen per prestar, mantenir, protegir i millorar aquests serveis, desenvolupar serveis nous i vetllar per la protecció de Google i dels nostres usuaris. També fem servir aquestes dades per oferir-vos un contingut personalitzat, com, per exemple, resultats de cerca i anuncis més rellevants.

Podem fer servir el nom que ens proporcioneu per al vostre Perfil de Google en tots els serveis que requereixin disposar d’un Compte de Google per poder-los utilitzar. Així mateix, podem substituir els noms que hàgiu associat amb anterioritat al vostre Compte de Google per tal que pugueu ser identificat de manera coherent en tots els nostres serveis. Si altres usuaris ja tenen l’adreça de correu electrònic o les dades que serveixin per identificar-vos, podem mostrar-los les dades del vostre Perfil públic de Google, com, per exemple, el nom i la fotografia.

Si us poseu en contacte amb Google, és possible que desem un registre de la vostra comunicació per poder resoldre més fàcilment qualsevol incidència que s’hagi produït. Podem utilitzar la vostra adreça de correu electrònic per enviar-vos informació sobre els nostres serveis, incloent-hi informació sobre propers canvis o millores.

Fem servir les dades recollides a través de les galetes i altres tecnologies, per exemple, els pixel tags, per millorar l’experiència de l’usuari i la qualitat general dels nostres serveis. Per exemple, si deseu les preferències d’idioma, podrem fer que els nostres serveis es mostrin en l’idioma que s’ha triat. Quan us mostrem anuncis personalitzats, no associarem galetes o identificadors anònims a dades especialment protegides, com, per exemple, les relatives a la raça, la religió, l’orientació sexual o la salut.

Podem combinar les dades personals que ens proporcioneu amb relació a un servei determinat amb dades procedents d’altres serveis de Google, incloent-hi dades personals, per exemple, perquè us sigui més fàcil compartir contingut amb la gent que coneixeu. No combinem les dades de les galetes de DoubleClick amb dades de caràcter personal llevat que ens ho autoritzeu.

Us demanarem el vostre consentiment abans d’utilitzar les vostres dades per a altres finalitats diferents de les que estableix aquesta Política de Privadesa.

Google tracta les dades personals en els seus servidors, que estan situats a diferents països del món. Podem tractar les vostres dades personals en un servidor que no estigui ubicat al vostre país de residència.
Transparència i elecció

Als usuaris els preocupen diferents aspectes de la seva privadesa. El nostre objectiu és informar-vos clarament sobre les dades que recollim, per tal que pugueu prendre decisions adequades pel que fa al seu ús. Per exemple, podeu:

* usar el Tauler de Control de Google per revisar i controlar determinades categories de dades vinculades al vostre Compte de Google;
* usar l’Administrador de Preferències d’Anuncis per Veure i editar les vostres preferències d’anuncis, per exemple, les categories que siguin del vostre interès. Des d’aquí també us podeu autoexcloure de determinats serveis publicitaris de Google;
* usar el nostre editor per visualitzar i per ajustar el Perfil de Google que es mostra de determinats usuaris;
* Controlar amb qui compartiu les vostres dades;
* obtenir informació de molts dels nostres serveis.

també podeu configurar el navegador perquè bloquegi totes les galetes, incloent-li les associades als nostres serveis, o per saber quan és Google qui us envia una galeta. No obstant això, heu de tenir en compte que si deshabiliteu les galetes, és possible que molts dels nostres serveis no funcionin correctament. Per exemple, podria ser que no recordéssim les vostres preferències d’idioma.
Dades que compartiu

Molts dels nostres serveis us permeten compartir les vostres dades amb altres usuaris. Tingueu en compte que els motors de cerca, incloent-hi Google, poden indexar les dades que compartiu de manera pública. Els nostres serveis us ofereixen diferents opcions per compartir o eliminar el contingut d’aquestes dades.
Com accedir a les vostres dades personals i actualitzar-les

Cada vegada que utilitzeu els nostres serveis, us oferim la possibilitat d’accedir a les vostres dades personals. Si aquestes dades són incorrectes, intentem posar a la vostra disposició els mitjans necessaris perquè les actualitzeu o les elimineu ràpidament, llevat que estiguem obligats a conservar-les per motius legítims relacionats amb la nostra activitat o per motius legals. Quan actualitzeu les vostres dades personals, és possible que us demanem que verifiqueu la vostra identitat abans de processar la vostra sol·licitud.

Ens reservem el dret a no tramitar les sol·licituds que siguin excessivament reiterades, que impliquin un esforç tècnic desproporcionat (per exemple, desenvolupar un sistema nou o modificar de manera significativa una política vigent), que posin en risc la privadesa de tercers o que siguin substancialment inviables (per exemple, sol·licituds relatives a dades emmagatzemades en còpies de seguretat).

Quan us puguem oferir la possibilitat d’accedir a les vostres dades personals i modificar-les, ho farem de manera gratuïta, llevat que això comporti un esforç desproporcionat. Quan prestem els nostres serveis, protegim les vostres dades procurant que no es puguin eliminar de manera accidental o intencionada. Per aquest motiu, encara que elimineu les vostres dades dels nostres serveis, és possible que no destruïm immediatament les còpies residuals emmagatzemades als nostres servidors actius ni les dades emmagatzemades als nostres sistemes de seguretat.
Dades personals que compartim

No compartirem les vostres dades personals amb empreses, organitzacions o persones físiques alienes a Google, llevat dels casos següents:

*

Consentiment

Només compartim les vostres dades personals amb empreses, organitzacions o persones físiques alienes a Google en cas que ens hàgiu donat el consentiment per fer-ho. El consentiment és necessari per compartir dades personals especialment protegides.
*

Administradors de domini

Si el vostre Compte de Google està gestionat per un administrador de domini (per exemple, en el cas dels usuaris de Google Apps), aquest administrador de domini i els tercers que prestin suport als usuaris de la vostra organització tindran accés a les dades del vostre Compte de Google (incloent-hi l’adreça de correu electrònic i altres dades). El vostre administrador de domini podrà:
o visualitzar dades estadístiques relatives al vostre compte, per exemple, amb relació a les aplicacions que heu instal·lat;
o canviar la contrasenya del vostre compte;
o suspendre o impedir l’accés al vostre compte;
o accedir a dades emmagatzemades amb relació al vostre compte o conservar aquestes dades;
o obtenir dades del vostre compte per complir qualsevol requisit previst a la legislació o a la normativa aplicables o per atendre qualsevol requeriment d’un òrgan administratiu o judicial;
o limitar la vostra capacitat per eliminar o per editar les dades o els ajustos de privadesa.

Consulteu la política de privadesa del vostre administrador de domini per obtenir-ne informació més detallada.
*

Tractament extern

Proporcionem les vostres dades personals a les nostres filials o a organitzacions i a altres tercers de confiança perquè les tractin en nom de Google seguint les nostres instruccions, d’acord amb la nostra Política de Privadesa i adoptant totes les mesures necessàries per garantir-ne la confidencialitat i la seguretat.
*

Motius legals

Només compartim les vostres dades personals amb empreses, organitzacions o persones físiques alienes a Google si considerem de bona fe que existeix un necessitat raonable d’accedir a aquestes dades o d’utilitzar-les, conservar-les o revelar-les per:
o complir qualsevol requisit previst a la legislació o a la normativa aplicables o atendre qualsevol requeriment d’un òrgan administratiu o judicial;
o complir el que es preveu a les condicions del servei vigents, incloent-hi en el marc de la investigació de possibles infraccions;
o detectar, impedir o actuar davant de qualsevol frau o incidència tècnica o de seguretat;
o protegir els drets, els béns o la seguretat de Google, dels nostres usuaris o del públic en general de la manera que ho exigeix o ho permet la legislació aplicable.

Podem compartir dades consolidades i de caràcter no personal amb el públic en general i amb els nostres partners, incloent-hi editors, anunciants i pàgines web relacionades. Per exemple, podem compartir públicament dades per mostrar tendències sobre la utilització general dels nostres serveis.

En cas que Google participi en una fusió, una adquisició o una venda d’actius, ens assegurarem de mantenir la confidencialitat de les dades personals i informarem els usuaris afectats abans no es transfereixin les seves dades personals o passin a estar subjectes a una política de privadesa diferent.
Seguretat de les dades

Ens esforcem per protegir Google i els nostres usuaris contra qualsevol modificació, divulgació o destrucció no autoritzada de les dades que conservem i per impedir l’accés no autoritzat a aquestes dades. En particular:

* encriptem molts dels nostres serveis mitjançant el protocol SSL;
* us oferim la possibilitat de verificar la vostra identitat amb dues passes per accedir al Compte de Google i també una funció de navegació segura a Google Chrome.
* revisem la nostra política en matèria de recollida, d’emmagatzematge i de tractament de dades, incloent-hi les mesures de seguretat físiques, per impedir l’accés no autoritzat als nostres sistemes;
* limitem l’accés a les dades personals als treballadors, als contractistes i als agents de Google que necessàriament les hagin de conèixer per poder-les tractar per compte nostre. Aquestes persones estan subjectes a obligacions de confidencialitat estrictes i poden ser objecte de mesures disciplinàries, incloent-hi l’acomiadament, en cas que incompleixin aquestes obligacions.

Aplicació

La nostra Política de Privadesa s’aplica a tots els serveis que ofereix Google Inc. i a les seves filials, incloent-hi els serveis oferts en altres pàgines web (per exemple, els nostres serveis publicitaris), però en queden exclosos els serveis que estiguin subjectes a polítiques de privadesa independents que no incorporin aquesta Política de Privadesa.

La nostra Política de Privadesa no s’aplica als serveis oferts per altres companyies o persones físiques, incloent-hi els productes o pàgines web que es puguin mostrar en els resultats de les cerques que hàgiu fet, les pàgines web que incloguin serveis de Google o altres pàgines web a les quals es pugui accedir mitjançant hipervincles a través dels nostres serveis. La nostra Política de Privadesa no regula les activitats de tractament de dades d’altres companyies i d’organitzacions que anunciïn els nostres serveis i que puguin fer servir galetes, pixel tags i altres tecnologies per publicar i oferir els anuncis corresponents.
Compliment

RevisemA Google verifiquem el compliment de la nostra Política de Privadesa regularment. Així mateix, estem adherits a diferents codis d’autoregulació. En cas que rebem una reclamació formal per escrit, ens posem en contacte amb la persona que l’hagi formulada per fer-ne un seguiment. Treballem amb les autoritats reguladores competents, incloent-hi les autoritats locals de protecció de dades, per resoldre qualsevol reclamació relacionada amb la transferència de dades de caràcter personal que no hàgim pogut solucionar directament amb l’usuari.
Modificacions

Aquesta Política de Privadesa pot ser modificada en qualsevol moment. No limitarem els drets que us corresponen a l’empara d’aquesta Política de Privadesa sense el vostre consentiment exprés. Publicarem totes les modificacions de la Política de Privadesa en aquesta pàgina i, si són importants, les notificarem d’una manera més destacada (per exemple, si la modificació afecta determinats serveis, us enviarem una notificació per correu electrònic). A més a més, arxivarem les versions anteriors d’aquesta Política de Privadesa perquè pugueu consultar-les.
Polítiques relacionades amb productes específics

La informació següent descriu les polítiques de privadesa relacionades específicament amb determinats productes i serveis de Google que podeu utilitzar:

* Chrome i Chrome OS
* Google Books
* Google Wallet
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #X XXX.I.MMXII a les VI:XXXVI:LIII UTC IP registrada
Citar Citar 
Ah, això...
 
Si puja o envia contingut als nostres Serveis, concedeix llicència internacional a Google (i als seus col·laboradors) per utilitzar, allotjar, emmagatzemar, reproduir, modificar, crear treballs derivatius (com a resultat de traduccions, adaptacions o d’altres canvis que fem perquè el contingut funcioni millor amb els nostres Serveis), comunicar, publicar, exhibir i visualitzar públicament i distribuir aquest contingut. Els drets que concedeix amb aquesta llicència es limiten al propòsit d’operar, promocionar i millorar els nostres Serveis i desenvolupar-ne de nous. Aquesta llicència continuarà existint encara que deixi d’utilitzar els nostres Serveis (per exemple, una llista d’empreses que hagi afegit a Google Maps)
 
Responem a les notificacions de presumptes infraccions dels drets d’autor i tanquem els comptes d’infractors reincidents d’acord amb el procés establert per la llei nord-americana de protecció dels drets d’autor (DMCA, Digital Millennium Copyright Act).
 
Això m'ha passat a mi, per penjar un video d'un cor cantant cançons populars catalanes, enregistrat personalment i amb continguts propis. Això si, ells en poden fer el que volen.
 
Condicions d’ús de Google

Aquestes Condicions d’ús de Google tindran efecte a partir del dia 1 de març de 2012 i substituiran les Condicions d’ús de Google existents. Consulteu la nostra pàgina d’informació general per obtenir-ne més detalls.

Última modificació: 1 de març de 2012
Benvingut a Google!

Gràcies per utilitzar els nostres productes i serveis («Serveis»). Els Serveis els proporciona Google Inc. («Google»), amb seu a 1600 Amphitheatre Parkway, Mountain View, CA 94043, Estats Units.

La utilització dels nostres Serveis comporta l’acceptació d’aquestes condicions. Llegeixi-les atentament.

Els nostres Serveis són molt variats i de vegades poden incloure condicions o requisits del producte addicionals (inclosos requisits d’edat). Les condicions addicionals estaran disponibles amb els Serveis rellevants i formaran part del seu acord amb nosaltres si utilitza aquests Serveis.
Utilització dels nostres Serveis

Ha de seguir totes les polítiques disponibles en els Serveis.

No faci un mal ús dels nostres Serveis. Per exemple, no interfereixi amb els nostres Serveis ni intenti accedir-hi amb mètodes diferents dels de la interfície i les instruccions que li hem subministrat. Només podrà utilitzar els nostres Serveis d’acord amb la llei, incloses les lleis i normatives de control d’exportació i reexportació aplicables. Podrem suspendre o deixar de subministrar-li els nostres Serveis en cas d’incompliment de les nostres condicions o de les nostres polítiques, o bé si estem investigant una presumpta conducta indeguda.

La utilització dels nostres Serveis no li concedeix cap dret de propietat intel·lectual dels nostres Serveis o del contingut al qual accedeix. No podrà utilitzar el contingut dels nostres Serveis si no obté permís del propietari o si la llei no ho permet. Aquestes condicions no li concedeixen el dret d’utilitzar cap marca o logotip que s’utilitzi en els nostres Serveis. No elimini, no amagui ni modifiqui cap avís legal que es mostri en els nostres Serveis o juntament amb ells.

Els nostres Serveis mostren continguts que no pertanyen a Google. Aquest contingut està sota la responsabilitat total de l’entitat que el posa a disposició dels usuaris. Podrem revisar el contingut per determinar si és il·legal o si incompleix les nostres polítiques i eliminar-lo o rebutjar la visualització del contingut que entenguem que incompleix les nostres polítiques o la legislació aplicable. Aquest fet no implica necessàriament que revisem contingut; per tant, no ha de suposar que ho farem.

En relació amb la utilització que faci dels Serveis, podrem enviar-li anuncis de servei, missatges administratius i altra informació. Podrà anul·lar la subscripció a algunes d’aquestes comunicacions.
El seu Compte de Google

En alguns casos és necessari crear un Compte de Google per utilitzar alguns dels nostres Serveis. Podrà crear el seu propi Compte de Google o bé un administrador li’n pot assignar un, per exemple la seva empresa o la seva institució educativa. Si utilitza un Compte de Google que li ha assignat un administrador, és possible que s’hi apliquin condicions diferents o addicionals i que el seu administrador pugui accedir al seu compte o desactivar-lo.

Si s’assabentés de qualsevol ús no autoritzat de la seva contrasenya o del seu compte, segueixi aquestes instruccions.
Privadesa i Protecció de Drets d’Autor

Les polítiques de privadesa de Google expliquen quin ús fem de les seves dades personals i com protegim la seva privadesa quan utilitza els nostres Serveis. En utilitzar els nostres Serveis, vostè accepta que Google podrà utilitzar aquestes dades d’acord amb les nostres polítiques de privadesa.

Responem a les notificacions de presumptes infraccions dels drets d’autor i tanquem els comptes d’infractors reincidents d’acord amb el procés establert per la llei nord-americana de protecció dels drets d’autor (DMCA, Digital Millennium Copyright Act).

Proporcionem informació per ajudar els titulars dels drets d’autor a gestionar la seva propietat intel·lectual en línia. Si creu que algú està transgredint els seus drets d’autor i ens ho vol notificar, podra trobar informació sobre com enviar notificacions i la política de Google sobre les respostes a les notificacions al nostre Centre d’Ajuda.
El seu contingut en els nostres Serveis

Alguns dels nostres Serveis li permeten enviar contingut. Vostè conserva els drets de propietat intel·lectual d’aquest contingut. És a dir, el seu contingut continuarà sent seu.

Si puja o envia contingut als nostres Serveis, concedeix llicència internacional a Google (i als seus col·laboradors) per utilitzar, allotjar, emmagatzemar, reproduir, modificar, crear treballs derivatius (com a resultat de traduccions, adaptacions o d’altres canvis que fem perquè el contingut funcioni millor amb els nostres Serveis), comunicar, publicar, exhibir i visualitzar públicament i distribuir aquest contingut. Els drets que concedeix amb aquesta llicència es limiten al propòsit d’operar, promocionar i millorar els nostres Serveis i desenvolupar-ne de nous. Aquesta llicència continuarà existint encara que deixi d’utilitzar els nostres Serveis (per exemple, una llista d’empreses que hagi afegit a Google Maps). Alguns Serveis poden oferir-li maneres d’accedir i d’eliminar contingut que s’ha proporcionat a aquest Servei. En alguns dels nostres Serveis s’apliquen condicions o configuració que restringeixen l’abast d’ús del contingut enviat als nostres Serveis. Asseguri’s que disposa dels drets necessaris per concedir-nos aquesta llicència de qualsevol contingut que enviï als nostres Serveis.

Podrà trobar més informació sobre com Google utilitza i emmagatzema el contingut a la Política de Privadesa o a les condicions addicionals de Serveis concrets. Si ens envia comentaris o suggeriments quant als nostres Serveis, podrem utilitzar els seus comentaris o suggeriments sense el seu consentiment.
Quant al Programari dels nostres Serveis

Quan un Servei requereix o inclou programari que es pugui baixar, aquest programari es podrà actualitzar automàticament al seu dispositiu quan hi hagi una versió o una funció nova disponible. Alguns Serveis poden permetre-li ajustar la configuració d’actualització automàtica.

Google li proporciona llicència personal, internacional, lliure de drets d’autor, no assignable i no exclusiva per utilitzar el programari que li ha proporcionat Google com a part dels Serveis. Aquesta llicència té com a únic propòsit permetre-li utilitzar i gaudir dels beneficis dels Serveis que subministra Google tal com estipulen aquestes condicions. Vostè no podrà copiar, modificar, distribuir, vendre ni llogar cap part dels nostres Serveis o el programari que s’hi inclou, ni podrà tractar amb enginyeria inversa o intentar extreure el codi font d’aquest programari, tret que aquestes restriccions estiguessin prohibides per llei o que hagi obtingut un permís nostre per escrit.

El programari de codi obert és important per a nosaltres. Part del programari que s’utilitza als nostres Serveis es podrà oferir amb una llicència de codi obert que posarem a la seva disposició. És possible que existeixin disposicions de la llicència de codi obert que invalidin expressament aquestes condicions.
Modificació i Resolució dels nostres Serveis

Canviem i millorem els nostres Serveis constantment. Podrem afegir o eliminar funcionalitats o característiques i també suspendre o interrompre del tot un Servei.

Podrà deixar d’utilitzar els nostres Serveis en qualsevol moment, encara que ens sabrà greu que ho faci. Google també podrà deixar de subministrar-li Serveis o bé afegir o crear nous límits als nostres Serveis en qualsevol moment.

Creiem que les seves dades li pertanyen i que és important que hi pugui accedir. En cas de terminació d’un Servei, i sempre que això sigui raonablement possible, li ho notificarem amb una anticipació raonable i li donarem l’oportunitat de retirar la informació d’aquell Servei.
Les nostres garanties i exempcions

Subministrem els nostres Serveis amb un nivell d’habilitats comercialment raonable i esperem que gaudeixi utilitzant-los. Amb tot, hi ha certs aspectes que no prometem pel que fa als nostres Serveis.

EXCEPTE PER A TOT ALLÒ QUE S’ESTABLEIX EXPRESSAMENT EN AQUESTES CONDICIONS O EN CONDICIONS ADDICIONALS, NI GOOGLE NI ELS SEUS PROVEÏDORS O DISTRIBUÏDORS FAN CAP PROMESA CONCRETA SOBRE ELS SERVEIS. PER EXEMPLE, NO ASSUMIM CAP COMPROMÍS PEL QUE FA AL CONTINGUT DELS SERVEIS, A LA FUNCIONALITAT CONCRETA DELS SERVEIS, A LA SEVA FIABILITAT, A LA DISPONIBILITAT O A LA CAPACITAT PER SATISFER LES SEVES NECESSITATS. SUBMINISTREM ELS SERVEIS «TAL COM SÓN».

EN ALGUNES JURISDICCIONS ES PREVEUEN DETERMINADES GARANTIES, PER EXEMPLE, LA GARANTIA IMPLÍCITA DE COMERCIALITZACIÓ, D’IDONEÏTAT PER A UN FI CONCRET I DE NO-INFRACCIÓ. EN LA MESURA PERMESA PER LA LLEI, EXCLOEM TOTES LES GARANTIES.
Responsabilitat pels nostres Serveis

EN LA MESURA PERMESA PER LA LLEI, NI GOOGLE NI ELS SEUS PROVEÏDORS O DISTRIBUÏDORS SERAN RESPONSABLES DE LES PÈRDUES DE BENEFICIS, D’INGRESSOS, DE DADES O FINANCERES, NI PER DANYS INDIRECTES, ESPECIALS, DERIVATS, EXEMPLARS O PUNITIUS.

EN LA MESURA PERMESA PER LA LLEI, LA RESPONSABILITAT TOTAL DE GOOGLE I DELS SEUS PROVEÏDORS I DISTRIBUÏDORS, PER QUALSEVOL RECLAMACIÓ EN VIRTUT D’AQUESTES CONDICIONS, INCLOSA QUALSEVOL GARANTIA IMPLÍCITA, ESTARÀ LIMITADA A LA QUANTITAT QUE VOSTÈ VA PAGAR PER UTILITZAR ELS SERVEIS (O A SUBMINISTRAR-LI ELS SERVEIS DE NOU, A ELECCIÓ DE GOOGLE).

EN TOT CAS, NI GOOGLE NI ELS SEUS PROVEÏDORS I DISTRIBUÏDORS SERAN RESPONSABLES DE CAP PÈRDUA O DANY QUE NO SIGUI RAONABLEMENT PREVISIBLE.
Usos comercials dels nostres Serveis

Si fa servir els nostres Serveis en nom d’una empresa, l’empresa en qüestió accepta aquestes condicions. Eximirà i indemnitzarà Google i els seus afiliats, gestors, agents i assalariats de qualsevol reclamació, plet o acció que es derivi de l’ús dels Serveis o de l’incompliment d’aquestes condicions, o bé que s’hi relacioni, inclosa qualsevol responsabilitat o despesa que resulti de reclamacions, pèrdues, danys, plets, judicis, costs de litigis i honoraris d’advocats.
Quant a aquestes Condicions

En algunes ocasions podrem modificar aquestes condicions o les condicions addicionals que s’apliquen a un Servei, per exemple, per reflectir canvis en les lleis o en els nostres Serveis. Revisi les condicions periòdicament. Publicarem notificacions sobre les modificacions que fem a aquestes condicions en aquesta pàgina. Els avisos de modificació de condicions addicionals es publicaran al Servei aplicable. Els canvis no s’aplicaran retroactivament i entraran en vigor no abans de catorze dies després de la seva publicació. No obstant això, els canvis concrets d’una nova funcionalitat d’un Servei o els canvis fets per raons legals entraran en vigor immediatament. Si no està d’acord amb les condicions modificades, cal que deixi d’utilitzar el Servei corresponent.

Si hi ha cap conflicte entre aquestes condicions i les condicions addicionals, les condicions addicionals prevaldran per a aquell conflicte.

Aquestes condicions regeixen la relació entre Google i vostè. No generen cap dret a tercers beneficiaris.

Si vostè no compleix aquestes condicions, i nosaltres no prenem cap mesura immediatament, això no implica que renunciem als drets que ens corresponguin (com ara emprendre accions en el futur).

Si qualsevol de les disposicions d’aquestes condicions resultés inaplicable, aquest fet no afectarà la resta de les condicions.

Les lleis de Califòrnia, Estats Units, excloses les normes sobre conflicte de lleis, són aplicables a qualsevol conflicte que sorgeixi com a conseqüència o en relació amb aquestes condicions dels Serveis. Totes les reclamacions derivades d’aquestes condicions o dels Serveis es litigaran exclusivament als tribunals federals o estatals del comtat de Santa Clara, Califòrnia, EUA, i vostè i Google consenten sotmetre’s a la jurisdicció personal d’aquests tribunals.

Per obtenir informació sobre com posar-se en contacte amb Google, visiti la nostra pàgina de contacte.

WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XI XXX.I.MMXII a les VI:XLIX:LVI UTC IP registrada
Citar Citar 
http://www.ara.cat/xarxes/Google-esquivava-privacitat-rastrejar-lactivitat_0_647 935337.html
 
Google esquivava l'escut de privacitat d'Apple per rastrejar l'activitat de milions d'usuaris

Havia creat un codi que enganyava el navegador Safari i desbloquejava la possibilitat de fer un seguiment dels internautes
EFE

Washington | Actualitzada el 17/02/2012 16:41

Google i algunes companyies de publicitat a internet, com Vibrant Media Inc., WPP PLC's Media Innovation Group LLC i PointRoll Inc., han esquivat l'escut de privacitat de milions d'usuaris del buscador d'Apple als seus ordinadors i iPhones, segons assegura aquest divendres el diari nord-americà 'The Wall Street Journal'. Això ha permès, diu el rotatiu, que Google i les altres empreses rastregessin els hàbits de navegació de persones que volien que se'ls protegís d'aquest tipus de vigilància.

"Les companyies utilitzaven una codificació especial que enganya el navegador Safari Web d'Apple i els permetia vigilar molts usuaris", afegeix el diari. "Safari, el buscador d'internet més utilitzat en aparells mòbils, està dissenyat per bloquejar aquest seguiment excepte si l'usuari opta per permetre'l", assenyala l'article. Segons 'The Wall Street Journal', després que els periodistes del mitjà es posessin en contacte amb Google per informar-se sobre aquest cas, l'empresa va "desactivar la codificació".
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XII XVIII.II.MMXII a les IX:XLVII:XLIII UTC IP registrada
Citar Citar 
http://www.ara.cat/xarxes/Google-espanyolitza-Blogger-afavoreix-continguts_0_665 933491.html
 
Google espanyolitza els dominis en els blocs de Blogger i afavoreix la censura de continguts

La companyia del cercador afegeix l'extensió '.es' al domini '.com' sense previ avís. La mesura permet un major control territorial dels continguts publicats a la xarxa
ARA

Barcelona | Actualitzada el 18/03/2012 10:12

Google va provocar aquest dissabte la indignació dels usuaris que utilitzen el seu servei Blooger per a crear blocs en afegir, sense previ avís, una extensió territorial als dominis. D'aquest manera, els bloggers es van trobar que, de cop i volta, el seu blog afegia l'extensió '.es' al domini '.com' (ex: xxxx.blogspot.com.es).

La companyia explica a la seva pàgina de suport que la mesura pretén impulsar un "major respecte a les lleis locals" de manera que sigui més fàcil eliminar un contingut que "les violi". Dos arguments que els usuaris han interpretat com una voluntat de tenir més control sobre els continguts publicats als blocs i facilitar, així, la censura a la xarxa.

Els bloguers catalans afegeixen un altre malestar a la mesura: l'espanyolització del domini, tal i com recull Vilaweb. El diari cita el bloguer Xavi Caballé, que en el seu blog assenyala dues maneres d'evitar que s'afegeixi el sufix '.es' al domini '.com'.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XIII XVIII.III.MMXII a les X:XXXIII:III UTC IP registrada
Citar Citar 
http://www.technolog.msnbc.msn.com/technology/gadgetbox/sen-al-franken-facebook- google-users-you-are-their-product-609349
 
Sen. Al Franken to Facebook, Google users: 'You are their product'
via Technolog

Facebook, iPhone, Twitter and Wii. Technology evolves at the speed of light. Msnbc.com's tech reporters look at the gadgets, games and innovations changing our world.

Advertise | AdChoices
Sen.

Win McNamee / Getty Images

U.S. Sen. Al Franken, D-Minn., speaks at a news conference March 21, 2012 at the U.S. Capitol.

Once again proving he's the one government representative who gets this whole technology thing, Sen. Al Franken D-Minn., called out Facebook and Google during a speech for American Bar Association's Antitrust Section.

Franken, who chairs new Senate subcommittee on Privacy, Technology, and the Law, was there Thursday to call for greater enforcement of antitrust laws for all-encompassing tech and media companies, including mobile and cable services, as well as online services. Such Web corporations, he said, is "where privacy becomes an antitrust issue."

Last year, when it was revealed that iPhones and iPads were mapping user locations in accessible files for up to a year, Franken, D-Minn., got down to business, firing off pointed questions in a two-page open letter to Apple CEO Steve Jobs. Franken also joined other senators urging Facebook to "reverse a plan that would allow app developers the ability to request access to users’ addresses, phone numbers and other contact information."

In his ABA speech, Franken noted how the more that "average Americans depend on Google and Facebook daily, "the less incentive (the companies) have to respect your privacy," he said. Both of these "free" services make the bulk of their money via user profiles, allowing third parties to target ads using the extensive personal information stored there. "You are not their client, you are their product," he said.

Institutions that "protect our individual privacy rights from the government don’t apply to the private sector," Franken said. "The Fourth Amendment doesn’t apply to corporations. The Freedom of Information Act doesn’t apply to Silicon Valley. And you can’t impeach Google if it breaks its 'Don’t be evil' campaign pledge."

Franken pointed to Google's new privacy policy, which now covers all of the search giant's many services:

If you don’t want your search results shared with other Google sites -- if you don’t want some kind of super-profile being created for you based on everything you search, every site you surf, and every video you watch on YouTube -- you will have to find a search engine that’s comparable to Google. Not easy.

If you want a free email service that doesn’t use your words to target ads to you, you’ll have to figure out how to port years and years of Gmail messages somewhere else, which is about as easy as developing your own free email service.

Franken had equally sharp words for Facebook:

If you use Facebook -- as I do -- Facebook in all likelihood has a unique digital file of your face, one that can be as accurate as a fingerprint and that can be used to identify you in a photo of a large crowd.

You might not like that Facebook shares your political opinions with Politico, but are you really going to delete all the photos, all the posts, all the connections -- the presence you’ve spent years establishing on the world’s dominant social network? The more dominant these companies become over the sectors in which they operate, the less incentive they have to respect your privacy.

"It isn't time for alarm bells just yet," Franken said. But wouldn’t we feel a lot more comfortable about that if we knew that market forces would act to stop such an egregious abuse of our privacy? And shouldn’t we be concerned that, as these companies that trade in your personal information keep getting bigger and bigger, they become less and less accountable?"

Click here to read Sen. Al Franken's full speech.

Helen A.S. Popkin goes blah blah blah about the Internet. Tell her to get a real job on Twitter and/or Facebook. Also, Google+.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XIV I.IV.MMXII a les VIII:L:- UTC IP registrada
Citar Citar 
http://www.engadget.com/2012/03/29/google-patent-application-google-plus-ghost-p rofile/
 
 
Au va, qui s'ho creu que no hi buscaran res?
 
 
Google patent app details method for generating a 'ghost profile,' a world of anonymous G+ users
By Darren Murph posted Mar 29th 2012 8:36PM
Image
Google hasn't exactly had the easiest time keeping the privacy hawks off of its back, but if a recently published patent application is any indication of its future intentions, well... let's just say we could see a lot more people hiding behind an online veil. Made public today, Google's most recent patent app details a "system and method for generating a ghost profile for a social network," which would -- in theory, at least -- allow a user to use certain features in a social network without converting to a social network profile. For those curious, the ghostly profiles would be unsearchable, and comments that originated from said profiles would be shown as being from "partial names." The real question: are G+ ghosts allowed in the Facebook compound?
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XV I.IV.MMXII a les VIII:LI:XXVII UTC IP registrada
Citar Citar 
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XVI I.IV.MMXII a les IX:III:XX UTC IP registrada
Citar Citar 
Twitter és pèrdua de temps i una fal·làcia: ens fa creure independents però ens empassem opinions individuals i sovint sense contrastar. Teòricament ens podem comunicar amb tot el món, també famosos i poderosos, però en realitat són quatre gats i als qui tallen el bacallà tampoc no arribem. En qualsevol cas el temps i els recursos esmerçats no estan pas en una relació prudent amb els valors que en traiem. Ho deixo estar, vaja.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XVII XIII.IV.MMXII a les IX:I:XII UTC IP registrada
Citar Citar 
http://www.elpuntavui.cat/noticia/article/13-comunicacio/20-comunicacio/528679-g oogle-monopolitza-la-informacio-personal.html
 
Xarxa soci@l
Alejandro Suárez
“Google monopolitza la informació personal”
14/04/12 02:00 - Xantal Llavinaemail protegit
Tweet
[Alejandro Suárez és l'autor del llibre ‘Desnudando a Google' Foto: ARXIU.]
Alejandro Suárez és l'autor del llibre ‘Desnudando a Google' Foto: ARXIU.
1 2
Canals relacionats

* Canal: Televisió

Google només fa
una cosa més bé que vendre publicitat i és vendre la companyia com Disneyland
per a adults

Amb quines eines domina Google el mercat publicitari mundial? Com opera des de paradisos fiscals? Quins beneficis obté de totes les aplicacions que ofereix de manera gratuïta? Totes aquestes preguntes troben resposta al llibre Desnudando a Google, en què el jove empresari Alejandro Suárez intenta desemmascarar aquest gran imperi d'internet.

Ha canviat molt Google des dels seus inicis?

Sí, ara mateix ja té més de mil milions d'usuaris i té a l'abast dades personals d'incalculable valor. L'any 2000 només tenia 200 empleats i ara ja en té 30.000; és un fenomen total en el món de la tecnologia. Internet ja no s'entén sense Google.

Google ja és una paraula habitual, googlejar ja és un verb molt utilitzat…

Sí; de fet hi ha molta gent que ja no es connecta a internet, es connecta a Google. A Espanya el 97% de les cerques que es fan per internet es realitzen a través d'aquest cercador.

Al llibre Desnudando a Google intentes descobrir secrets que fins ara no se sabien d'aquesta empresa. Tens una relació d'amor-odi amb Google?

Bé, aquesta relació estranya ve de quan jo hi vaig començar a treballar, l'any 2000, quan encara era una empresa molt petita. Però va ser el 2004 quan aquesta gran corporació va començar a trepitjar les línies vermelles que ells mateixos van advertir que mai traspassarien. Ara el seu negoci està sobrepassant l'ètica.

Assegures que el camí que ara mateix està agafant és “inquietant”. Per què?

Sí, el principal perill és el control de les nostres dades. Google emmagatzema diàriament quantitats inimaginables d'informació personal que va segmentant. I, com que és una empresa privada, pot canviar les seves condicions i la seva política utilitzant sense prejudicis les nostres dades.

De fet, hi ha una certa preocupació pel que pot fer Google amb les nostres dades. Fins on pot arribar aquesta violació de privacitat?

Google vol saber més i ho emmascara dient que aportant més informació seran molt més efectius. Cal revisar les condicions de privacitat de l'empresa perquè poden xocar amb la legislació europea. Ara Google només fa una cosa més bé que vendre publicitat i és vendre la companyia com un lloc idíl·lic, com un Disneyland per a adults.

Una de les tesis que més han sorprès del teu llibre és l'afirmació que Google devia als espanyols més de 300 milions d'euros. Google s'ha aprofitat d'un paradís fiscal europeu?

Sí, com també ho fa Facebook. S'instal·len amb una fiscalitat creativa, però finalment no tributen al nostre país i s'emporten milers d'euros fora de les nostres fronteres. Google factura a l'Estat espanyol entre 450 i 550 milions d'euros, i ells només tributen als Estats Units. Ens podem permetre que més de la meitat del mercat publicitari d'internet acabi a les illes Bermudes? Crec que no.

Google ha censurat el teu llibre a la xarxa?

No, Google no té tics autoritaris. No han censurat cap dels continguts del meu llibre.

Per què no hi ha seu de Google a Barcelona?

Realment a Espanya només hi ha una delegació comercial a Madrid, perquè només aposten per potenciar la publicitat d'una manera més directa i després expatrien una quantitat molt elevada de guanys.

I creus que Facebook finalment s'acabarà menjant Google?

Facebook és el Google del 2005. La gran diferència és que Google té molts monopolis i Facebook, per ara, és una xarxa social. I esborrar-se de Google és molt difícil; en canvi, donar-se de baixa de Facebook no tant.

Google ens ha proporcionat el correu electrònic, la geolocalització, la cerca d'informació..., però tots aquests serveis els ofereix gratuïtament. Com s'enriqueix l'empresa?

Res és gratuït al món i els productes de Google tampoc. El que fem és un intercanvi d'informació personal per la utilització d'un producte, que no sempre val la pena. Cal ser conscients dels perills que hi ha amb aquest intercanvi constant que fem amb aquesta empresa.

Dius, però, que és una empresa apassionant, que si no existís s'hauria d'inventar; creus que n'hi haurà un substitut pròximament?

Jo crec que no, ni a mitjà ni a llarg termini. Google és el major monopoli d'informació personal del món, té més de mil milions de perfils i d'informació confidencial que l'aprofita comercialment i publicitàriament. Però també és cert que Google ofereix serveis que, ara mateix, si no existissin, no s'entendria l'internet que ara tots coneixem.
A la vida real...

Alejandro Suárez és periodista de formació i empresari d'internet des de fa més de quinze anys. Vicepresident de l'Associació d'Inversors i Emprenedors d'Internet, conseller delegat d'Oci Networks i Lazer Rede de blocs al Brasil, president de la Inversora Foley i soci i conseller d'empreses com ara Gestiona Ràdio, Yes.fm i Smarty Content.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XVIII XIV.IV.MMXII a les IV:LII:X UTC IP registrada
Citar Citar 
Vinga, una mica més de control:
 
http://blog.twitter.com/2012/05/new-tailored-suggestions-for-you-to.html
 
New tailored suggestions for you to follow on Twitter
1631186720527634754
Thursday, May 17, 2012
Every day, hundreds of thousands of people sign up for Twitter to get closer to the things they care about — friends, businesses, celebrities, news and information from all over. If you’ve used Twitter for awhile, you know it can take some effort to find and follow the accounts that really reflect your interests. If you’re signing up for Twitter for the first time, we want that process to be easy and fast.

Currently, when new users come to Twitter, we show them all almost the same suggestions for what or who to follow. That isn’t ideal. Since you have individual interests, you should get individual suggestions. After all, even though millions of people love Justin Bieber, FC Barcelona or Kim Kardashian, not everyone using Twitter may want to follow them. A football fan in Italy who loves to travel may want to follow @chiellini, @walksofItaly and @nytimestravel. An aspiring chef who loves to laugh can follow @epicurious, @seriousrecipes and @SteveCarell. And a mom whose son is traveling in Australia can feel connected to him and keep up with the latest news where he is by following @smh.

To make it easier and faster for everyone to get started on Twitter, we’re beginning some experiments with tailored suggestions in a number of countries around the world. The first experiment will show new users a list of accounts that we recommend you follow, alongside a timeline filled with Tweets from those accounts. If you’re part of the experiment, you’ll see a Twitter experience that’s relevant to you right when you sign up. (Of course, you can always choose to not follow the suggested accounts that don’t interest you.)

New users may see a list of tailored suggestions (left) and a timeline with Tweets from those accounts (right) as they sign up for an account.

New users may see a list of tailored suggestions (left) and a timeline with Tweets from those accounts (right) as they sign up for an account.

If you’re a current user, you may see tailored suggestions in Who to follow so you can constantly find interesting and relevant accounts that are new to you. In both cases, we hope it’s effortless for the Italian football-and-travel fan to follow @chiellini, @walksofItaly and @nytimestravel. To see which accounts we’d recommend for you, visit our preview page.

Current users may see tailored suggestions in “Who to follow”.

These tailored suggestions are based on accounts followed by other Twitter users and visits to websites in the Twitter ecosystem. We receive visit information when sites have integrated Twitter buttons or widgets, similar to what many other web companies — including LinkedIn, Facebook and YouTube — do when they’re integrated into websites. By recognizing which accounts are frequently followed by people who visit popular sites, we can recommend those accounts to others who have visited those sites within the last ten days.

As always, we are committed to providing you with simple and meaningful choices about the information we collect to improve your Twitter experience. For those who don’t want to tailor Twitter, we offer ways to turn off this collection. As the Federal Trade Commission’s CTO, Ed Felten, mentioned earlier today, we support Do Not Track (DNT), which is reflected in our privacy policy as one of the ways you can indicate your preference. If you have DNT enabled in your browser settings, we will not collect the information that enables this feature, so you won’t see any tailored suggestions. We hope that our support of DNT highlights its importance as a privacy tool for consumers and creates even more interest and wider adoption across the web.

Additionally, new users will see an option to “Tailor Twitter based on my recent website visits” along with a link to “Learn more” when they create an account on Twitter.com. Current users will see a new “Personalization” section in account settings, with the same option to tailor Twitter. Of course, you can disable these options at any time, which will stop the collection of information for the feature and remove any tailored suggestions we have for you. You can even choose to turn off tailored suggestions from the preview page (which shows some suggestions we’d make for you).

Every day, experienced Twitter users are brought closer to the things they care about in unique, profound ways. Today’s experiment in providing tailored suggestions lets novice users go from zero to pro faster and more easily than ever before. So even if you’re not a football-loving Italian who wants to travel the world, we hope this experiment immediately makes Twitter yours, and you can start getting closer to the things you care about with just a few clicks or taps.

- Othman Laraki, Director, Growth and International (@othman)

 
Ah, Twitter ja es ara un ecosistema sembla!
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XIX XIX.V.MMXII a les X:XV:XXIX UTC IP registrada
Citar Citar 
Per si algú no s'ho acaba de creure:  http://www.vilaweb.cat/noticia/4023812/20120626/facebook-canvia-mail-perfil-usua ris-sense-avisar.html
 
Facebook canvia el mail del perfil dels usuaris sense avisar

En els perfils i les cronologies apareix un nou correu electrònic amb el domini @facebook.com i el que l'usuari havia triat queda amagat

Facebook ha canviat les adreces de correu electrònic en els perfils dels milions d'usuaris que té a tot el món. El canvi, que es va aplicar ahir, suposa que de cop i volta, sense que cap usuari ho hagi demanat, l'adreça que es pot veure en la informació del perfil i en la cronologia acaba amb el domini facebook.com; Facebook posa per defecte el nom, un punt (o sense punt), i el primer o segon cognom, seguit de @facebook.com. En el cas dels correus electrònics més complexos, hi posa tot un seguit de números abans de @facebook.com

Facebook unifica en un sol domini de correu electrònic tots els usuaris que té, i amaga les adreces de correu que cadascú havia introduït en el moment de crear el perfil.

L'única explicació que ha ofert la xarxa social, a requeriment d'un periodista de Reuters, és que ja van anunciar el mes d'abril passat que actualitzaven les adreces i que cada usuari pot decidir quin és l'adreça que vol mostrar en la seva cronologia. El mes d'abril Facebook va publicar una breu nota, que va passar desaparcebuda, en què deia que tothom tindria una mateixa adreça per enviar correu per Facebook i que les nova adreces s'implementarien 'les setmanes vinents'. No deia, però, que aquesta nova adreça amagaria per defecte l'adreça que cadascú havia posat com a informació de contacte.

Per poder tornar a mostrar el correu electrònic que cada usuari havia triat, cal anar a l'opció d'editar el perfil; i allà on hi apareix la informació bàsica, modificar la configuració general en a 'informació de contacte'. Allà apareix l'adreça que Facebook ha amagat
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XX XXVI.VI.MMXII a les XII:LVIII:VII UTC IP registrada
Citar Citar 
I dropbox... compte, compte!
 
http://paranoia.dubfire.net/2011/04/how-dropbox-sacrifices-user-privacy-for.html
 

slight paranoia

Analysis and opinion by Christopher Soghoian, security and privacy researcher.
Tuesday, April 12, 2011
How Dropbox sacrifices user privacy for cost savings
Note: This flaw is different than the authentication flaw in Dropbox that Derek Newton recently published.

Summary

Dropbox, the popular cloud based backup service deduplicates the files that its users have stored online. This means that if two different users store the same file in their respective accounts, Dropbox will only actually store a single copy of the file on its servers.

The service tells users that it "uses the same secure methods as banks and the military to send and store your data" and that "[a]ll files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password." However, the company does in fact have access to the unencrypted data (if it didn't, it wouldn't be able to detect duplicate data across different accounts).

This bandwidth and disk storage design tweak creates an easily observable side channel through which a single bit of data (whether any particular file is already stored by one or more users) can be observed.

If you value your privacy or are worried about what might happen if Dropbox were compelled by a court order to disclose which of its users have stored a particular file, you should encrypt your data yourself with a tool like truecrypt or switch to one of several cloud based backup services that encrypt data with a key only known to the user.

Introduction

For those of you who haven't heard of it, Dropbox is a popular cloud-based backup service that automatically synchronizes user data. It is really easy to use and the company even offers users 2GB of storage for free, with the option to pay for more space.

The problem is, offering free storage space to users can be quite expensive, at least once you gain millions of users. In what I suspect was a price-motivated design decision, Dropbox deduplicates the data uploaded by its users. What this means is that if two users backup the same file, Dropbox only stores a single copy of it. The file still appears in both users' accounts, but the company doesn't consume storage space nor upload bandwidth on a second copy of the file.

The company's CTO described the deduplication in a note posted in the "Bugs & Troubleshooting" section on the company's web forum last year:

Woah! How did that 750MB file upload so quickly?

Dropbox tries to be very smart about minimizing the amount of bandwidth used. If we detect that a file you're trying to upload has already been uploaded to Dropbox, we don't make you upload it again. Similarly, if you make a change to a file that's already on Dropbox, you'll only have to upload the pieces of the file that changed.

This works across all data on Dropbox, not just your own account. There are no security implications [emphasis added] - your data is still kept logically separated and not affected by changes that other users make to their data.

Ashkan Soltani was able to verify the deduplication for himself a couple weeks ago. It took just a few minutes with a packet sniffer. A new randomly generated 6.8MB file uploaded to dropbox lead to 7.4MB of network traffic, while a 6.4MB file that had been previously uploaded to a different dropbox account lead to just 16KB in network traffic.

Claims of security and privacy

There are long standing privacy and security concerns with storing data in the cloud, and so Dropbox has a helpful page on their website which attempts to address these:

Your files are actually safer while stored in your Dropbox than on your computer in some cases. We use the same secure methods as banks and the military to send and store your data.

Dropbox takes the security of your files and of our software very seriously. We use the best tools and engineering practices available to build our software, and we have smart people making sure that Dropbox remains secure. Your files are backed-up, stored securely, and password-protected.

...

Dropbox uses modern encryption methods to both transfer and store your data...

All files stored on Dropbox servers are encrypted (AES-256) and are inaccessible without your account password


Reading through this document, it would be easy for anyone but a crypto expert to get the false impression that Dropbox does in fact protect the security and privacy of users' data. Many users and even the technology press will not realize that AES-256 is useless against many attacks if the encryption key isn't kept private.

What is missing from the firm's website is a statement regarding how the company is using encryption, and in particular, what kinds of keys are used and who has access to them.

Encryption and deduplication

Encryption and deduplication are two technologies that generally don't mix well. If the encryption is done correctly, it should not be possible to detect what files a user has stored (or even if they have stored the same file as someone else), and so deduplication will not be possible.

Dropbox is likely calculating hashes of users' files before they are transmitted to the company's servers. While it is not clear if the company is using a single encryption key for all of the files users' have stored with the service, or multiple encryption keys, it doesn't really matter (from a privacy and security standpoint), because Dropbox knows the keys. If the company didn't have access to the encryption keys, it wouldn't be able to detect duplicate files.

While the decision to deduplicate data has probably saved the company quite a bit of storage space and bandwidth, it has significant flaws which are particularly troubling given the statements made by the company on its security and privacy page.

Cloud backup providers do not need to design their products this way. Spideroak and Tarsnap are two competing services that encrypt their users' data with a key only known to that user. These companies have opted to put their users' privacy first, but the side effect is that they require more back-end storage space. If 20 users upload the same file, both companies upload and store 20 copies of that file (and in fact, they have no way of knowing if a user is uploading something that another user has backed up).

Why is this a problem?

As Ashkan Soltani was able to test in just a few minutes, it is possible to determine if any given file is already stored by one or more Dropbox users, simply by observing the amount of data transferred between your own computer and Dropbox's servers. If the file isn't already stored by Dropbox, the entire file will be uploaded. If Dropbox has the file already, just a few kb of communication will occur.

While this doesn't tell you which other users have uploaded this file, presumably Dropbox can figure it out. I doubt they'd do it if asked by a random user, but when presented with a court order, they could be forced to.

What this means, is that from the comfort of their desks, law enforcement agencies or copyright trolls can upload contraband files to Dropbox, watch the amount of bandwidth consumed, and then obtain a court order if the amount of data transferred is smaller than the size of the file.

Last year, the New York Attorney General announced that Facebook, MySpace and IsoHunt had agreed to start comparing every image uploaded by a user to an AG supplied database of more than 8000 hashes of child pornography. It is easy to imagine a similar database of hashes for pirated movies and songs, ebooks stripped of DRM, or leaked US government diplomatic cables.

Responsible Disclosure

On April 1, 2011, Marcia Hofmann at the Electronic Frontier Foundation contacted Dropbox to let them know about the flaw, and that a researcher would be publishing the information on April 12th. There are plenty of horror stories of security researchers getting threatened by companies, and so I hoped that by keeping my identity a secret, and having an EFF attorney notify the company about the flaw, that I would reduce my risk of trouble.

At 6:15PM west coast time on April 11th, an attorney from Fenwick & West retained by Dropbox left Marcia a voicemail message, in which he reveled that: "the company is updating their privacy policy and security overview that is on the website to add further detail."

Marcia spoke with the company's attorney this morning, and was told that the company will be updating its privacy policy and security overview to clarify that if Dropbox receives a warrant, it has the ability to remove its own encryption to provide data to law enforcement.

While I want to praise the company for being willing to clarify the security statements made on its website, I hope this will be a first step on this issue, and not the last.

It is unlikely that the millions of existing Dropbox users will stumble across the new privacy policy in their regular web browsing. As such, the company should send out an email to its users to let them know about this flaw, and advise them of the steps they can take if they are concerned about the privacy of their data.

I also urge the company to abandon its deduplication system design, and embrace strong encryption with a key only known to each user. Other online backup services have done it for some time. This is the only real way that data can be secure in the cloud.
at 1:00 PM
95 comments:

gmoore said...

Nice article. Well presented. Excellant conclusions. Thanks for the conginued work...
1:33 PM
Von said...

I think for the truly paranoid, any service that stores individual files is likely to have privacy leaks, because even with encryption, comparing file sizes can tell you a lot. Storing everything in a big dropbox volume would prevent that at the cost of performance since the whole volume has to be synced as a individual file.
2:15 PM
ultra said...

This is why I recommend Wuala, it's all encrypted with your user password, you lose your password, you lose your files. Tight enough they can store user's data on eachother's machines without any threat to privacy.
2:30 PM
Anonymous said...

Thanks Christopher.

How does this effect users who store data from password applications in Dropbox so that it is accessible by phone, laptop, etc.? I store my 1password data in Dropbox, should I be worried? If so, are there any good alternatives?
3:25 PM
Anonymous said...

Spideroak seems to save space the same way as dropbox. Here's a snip from their website...


Storage Redundancy Savings

Have two copies of the same file? In your SpiderOak account, the 2nd (or 3rd or...) copy doesn't use any more space. Or maybe there are instances when you have a folder with 10 or 20 different "renamed" versions of a similar file as you worked on it over time? SpiderOak internally detects the redundancy in these situations and saves you online storage space.



How do they know what's redundant if it's encrypted?
3:52 PM
Marcel said...

@Anonymous: Spideroak can simply get a hash of the file encrypted with your password, it would not be a problem if it's the same file on your own account.
4:26 PM
Emad said...

"However, the company does in fact have access to the unencrypted data (if it didn't, it wouldn't be able to detect duplicate data across different accounts)."

I don't think you've established that this is necessarily true.

It is possible they hash the file prior to encrypting it, then encrypt it. Afterwards, you simply compare the hash of a newly updated file to the stored hash.
4:34 PM
Zandr said...

Chris, we dealt with this in the Tahoe-LAFS project.

It is NOT a valid assumption that deduplication requires the keys to be known. Tahoe used a method called convergent encryption to achieve exactly this property, and it does not require the storage provider to have the keys.

You are correct that there is a confirmation attack created, and for this reason we ended up adding what we called a 'convergence secret', a per-user salt that eliminates that attack.

Each user still gets the benefit of deduplication within their account (so backing up the same thing is fast), but there's no confirmation attack against other users.

Ping me and I'll be happy to explain this at length.
4:34 PM
Anonymous said...

"However, the company does in fact have access to the unencrypted data (if it didn't, it wouldn't be able to detect duplicate data across different accounts)."

A) One-way encrypt file 1 and file 2.
B) Compare encrypted versions of files 1 and 2.
C) If encrypted 1 == encrypted 2 then the source files are == too.

Some password databases/comparisons work in a similar fashion. That doesn't mean that you can easily get to the source information without cracking the encryption.

I'm no security expert, just positing a theory that your conclusion isn't necessarily based on fact or even a well structured argument. I'm not saying it isn't true, but this portion of your argument is less than compelling, which makes me less inclined to read the remainder of your post.
4:36 PM
Emad said...

Wait, i retract what i said, dropbox would still need to be able to decrypt the data.
4:38 PM
Janno said...

In the passed I raised similar security concerns about dropbox on twitter. Immediately I was contacted by a dropbox representative which was very open to me about the way they secure the data. And yes, data is encrypted over tls while transferred and yes dropbox will encrypt the data on s3 storage. So yes, dropbox can access your files but the emplyees are off course not allowed to do that. If it needs to be more secure you should encrypt the data yourself before transferring.
4:44 PM
Anonymous said...

7-Zip will compress and password protect files - and then upload to Dropbox.
4:44 PM
Steven Leckart said...

I'm confused. How can I reproduce this attack? Aren't the hashes secure hashes, SHA-256? Has SHA-256 been cracked? How can I get a stranger's data. I tried to packet sniff but it looks like all the dropbox traffic from my computer is encrypted over SSL. Can you help me?
5:19 PM
Knysliux001 said...

Simply put, if dropbox has the ability to recover your lost password, they have to save it somewhere on their servers and therefore technically *can* open your files.
Wuala technology is superior and far more secure:
http://www.wuala.com/en/learn/technology
5:41 PM
bzzzwa said...

It seems SpiderOak does not deduplicate data [ https://spideroak.com/blog/20100827150530-why-spideroak-doesnt-de-duplicate-data
-across-users-and-why-it-should-worry-you-if-we-did ] but Wuala does [ https://bugs.wuala.com/view.php?id=3339 ]. Bad new for me as a vivid Wuala user..
5:59 PM
Daniel Larsson said...

SpiderOak only deduplicates YOUR so the only data that is compressed is is your personal data.

We do not deduplicate across accounts by choice and by design since its impossible to deduplicate already encrypted data and we do not have the passkeys to decrypt it.

https://spideroak.com
6:01 PM
Arash (Dropbox CTO) said...

Hi all,
Just wanted to chime in from Dropbox.

We understand the concern that the government could try to guess whether a particular file has been uploaded to Dropbox based on processing times and then request that Dropbox identify a user who has access to that file. However, to seek user content information, the government needs to comply with the provisions of the Electronic Communications Privacy Act by obtaining a warrant supported by probable cause (or in some cases a court order from a judge). Those safeguards protect user privacy. De-duplication does not make users any more vulnerable to intrusive government actions. Today, a government agency could ask any online service to provide the names of all users who have a particular file, whether or not the service employs de-duplication. And in that case, the government would also need to support its request with a warrant or court order. The rules that provide a check against unwarranted government snooping apply to online services equally, regardless of their back-end architecture.

-arash
6:05 PM
Anonymous said...

if you want security just encrypt your files - and no more deduption will be done, although your files will take longer to upload.

anyway, there is no way that a hash could be made without having the complete file, and it is pretty obvious a 750Mb takes 5 seconds to upload that it is a dupe, no need to deep analyse it or use a packet sniffer for that lol.

and if it is a 1 way process, then it is not a 1 to many relationship - there is no way that a file, could link back to users only users could have link access to files - many to 1. even if that were so, unverified free accounts are unable to be traced back to their owner.
6:33 PM
Tonetheman said...

Mmmmm yes if I was writing dropbox I would have done the same thing. Especially if I am paying the bills. Git works exactly the same way in terms of hashes. It is a reasonable way to handle duplicate content.

It almost sounds like you are suggesting they drum up some fake traffic when the hashes match... pretty sure that is a bad idea. And also runs up their bandwidth costs. Maybe on paid accounts?

Cloud storage is that. Storage on another persons machine. Dropbox is dead freaking simple and it just works. For me it is a great interface and if they can save some bandwidth based on a hash that has already been uploaded then more power to them.
6:52 PM
Anonymous said...

what you asking for is a deniable file system, in which, you store something, but there is no evidence to show that you are the one who stored it.. This is simply not the goal of Dropbox.

Sure, everyone wants more security, more privacy protection. Then, encrypt your damn files before using a service like Dropbox.
6:56 PM
Ryan said...

Whether my files are encrypted at rest on Dropbox's server or not is of less concern to me than that they are encrypted as the travel over the wire, or through the air. (i.e. SSL)

But I can see how one might be more paranoid if they were sharing child porn or even pirated movies in their Dropbox.

In which case, if you're going to deal with contraband, I wouldn't depend on a free service to keep you safe from the big bad feds?
8:56 PM
jtemplin said...

Great post.

At Lockify.com we're using encryption/decryption on the client (and a variety of verification methods) to show and ensure your private communications.

Mention this post and we'll get you early access to the private beta.

Jack
Co-Founder, Lockify
8:59 PM
Zooko O'Whielacronx said...

Chris:

I don't understand why this deduplication makes any difference, considering that Dropbox has all the keys.

Is it not the case that Dropbox has access to the encryption keys that protect the user data anyway?

This must be the case because there is a "password reset" operation that you can go through to get access to your files again in case you've forgotten your password. This implies that Dropbox itself has the power to use that same process to get access to your files without knowing your password.

In which case the following set of people can read or alter any of the user's files:

An employee of Dropbox acting according to company policy, an employee of Dropbox acting illicitly, a law enforcement agent who persuades or compels Dropbox to do their bidding, an intruder who illicitly gains access to Dropbox's servers.

In addition, anyone who can bribe or coerce any of those people, steal the laptop or phone from one of those people, or gain access to one of those people's computers (such as through malware) also gains the ability to read or change or delete any file of any user.

In light of this, I don't see why it matters whether any of those people *also* have the ability to detect duplicate files using this hash comparison. They already have the ability to read all of the files contents.

Regards,

Zooko Wilcox-O'Hearn
http://zooko.com
http://tahoe-lafs.org
10:28 PM
Roberto Scaccia said...

" If the company didn't have access to the encryption keys, it wouldn't be able to detect duplicate files."

This is not true! Before the encryption on the client, dropbox determines the hash of the files. So the server stores the encrypted file and its hash (of the unencrypted content).

It can determine the duplicated file only with the hash and it doesn't have to use the key to decrypt the file.

But sure, it would be more secure if they didn't have the encryption key Wink
1:53 AM
Roberto Scaccia said...

But true, if they have to serve the same file to different people they have to know the encryption key.

Your paranoia is ok for DropBox dedeuplication. But we know that they know our encryption keys and we have only to evaluate if the service justifies the loss of privacy and security.

But you're right.
2:06 AM
ewalk153 said...

I understand the concern here, but at the same time I prefer the faster synchronization. Perhaps an advanced option to disable this feature for an entire account and leverage a more secure process (ie less data leakage) would solve the concern of those who place a premium on privacy.
3:02 AM
Zooko said...

Chris:

As Zandr said, we try to get the best of both worlds in Tahoe-LAFS by combining convergent encryption with an added secret.

The reason we invented the "added convergence secret" was not merely due to the "confirmation of a file" attack, which is what your report is about, but also a subtler and potentially more dangerous attack called the "learn the remaining information" attack.

The intuition behind the "learn the remaining information" attack is that if you give someone the secure hash of your data, and if they can perform, let's say, 2⁵⁰ computations (or buy a rainbow table with 2⁵⁰ entries), and if they can know or guess all but 50 bits of the contents of your file, then they can brute force the remaining 50 bits by comparing against the secure hash that you gave them.

For example, if you receive a PDF document from your bank which contains pages of pages of boilerplate, plus your name and account number and current balance, and you store that on a cloud storage provider that does convergent encryption, then the attacker can try different names, account numbers, and balances (assuming that he is a customer of the same bank and knows the contents of the boilerplate).

For another example if you set up a Linux server and put your MySQL password into /etc/my.cnf and then back up /etc/my.cnf onto a cloud storage service that uses convergent encryption, and attacker now gets the chance to try to brute force your MySQL password. (Of course if your password is long enough they will still fail, but some people rely on the fact that attackers cannot attempt large numbers of guesses (like 2⁵⁰ guesses) against your MySQL password. By using convergent encryption, you may be unwittingly giving attackers that opportunity.)

Our discovery of the "learn the remaining information" attack was due to Drew Perttula, who thus became the second member of the "I Hacked Tahoe-LAFS!" Hall of Fame:

http://tahoe-lafs.org/hacktahoelafs/drew_perttula.html

The solution (originally suggested by Drew) is to add an "added convergence secret" which gets securely mixed into the secure hash before that secure hash is used as an encryption key. Each time you set up a Tahoe-LAFS client it generates a new random added convergence secret and stores it in that Tahoe-LAFS client's configuration directory. This means that (like Spideroak according to Daniel Larsson's comment above) you automatically deduplicate files with yourself but not with anyone else. It also means that nobody can perform either the confirmation-of-a-file attack nor the learn-the-remaining-information attack on you.

If you choose to share your added convergence secret with someone else, then you gain automatic deduplication of your files with their files, but you are *still* not vulnerable to either of these two attacks from your Tahoe-LAFS storage provider nor from anyone else in the world except that person whom you shared your secret with! So this is an interesting trade-off between security and efficiency and is arguably a better trade-off than any other deduplication offering that I have seen.

If you choose to set your added convergence secret to a guessable or widely known value such as the empty string, then you gain automatic deduplication of your files with anyone else who set theirs to the same string, but you are also vulnerable to these two attacks by anyone.

Thanks for your attention.

Regards

Zooko
3:04 AM
Renji said...

This de-duplication feature has saved me lots of bandwidth. Unless one is using dropbox to share illegal files, they shouldn't be worrying about that or the feds.

As far as passwords or other personal documents goes, you can't expect someone else to have that, so no duplication fear, and it is encrypted during transfer.
3:45 AM
Crypto Undertaker said...

"Many users and even the technology press will not realize that AES-256 is useless against many attacks if the encryption key isn't kept private."

True. In fact we are doing our best developing this tool: http://tomb.dyne.org
4:20 AM
davidsarah said...

Zooko wrote: "In light of this, I don't see why it matters whether any of those people *also* have the ability to detect duplicate files using this hash comparison. They already have the ability to read all of the files contents."

It matters to the extent that anyone, not just those people you listed, can do an online plaintext confirmation / partial-information attack.
7:09 AM
davidsarah said...

I wrote, "it matters to the extent that anyone ... can do an online plaintext confirmation ... attack."

However, without the keys they wouldn't know which dropbox user had previously uploaded that file, unless this attack was combined with traffic analysis of uploads.
7:17 AM
Swappy said...

The article started very well, but is misleading in many ways.
1. Encryption , access to data and access to encrypted data are three different things.

In terms of deduplication, a common practice can be - to analyse the bytestream and replace the chunk of data.

As far as Private key and encryption is concerned, As they state: No one can access the (Legible) Data, so unless you have the Private key, you can not access the legible data.

What exact algorithm they have used to analyse the stream, encrypt, replace, manage file system etc. is a Proprietary secrtes and better that way.

But as far as feasibility - It is possible to deduplicate AND keep your data safe/encrypted at the same time.

So no need for another Privacy Paranoia.
DropBox is a superb service, and innovative in some ways as well.
9:04 AM
Tracy Dryden said...

Of course they have to have access to the encryption keys! Not necessarily to DETECT duplicate files, but to STORE a single copy of a duplicate file (the whole point) and allow multiple users to access it. Think about it!

I'd be more worried if I were storing something I'd be afraid to allow others access to, but I'm not. The only truly secret data I keep in my dropbox is my passwords, and the file they're in is already encrypted.
9:12 AM
JLR said...

Absolutly False,
"However, the company does in fact have access to the unencrypted data (if it didn't, it wouldn't be able to detect duplicate data across different accounts).

Just need to save a short hash of the data, How do you write this If you didn't known how it works?
9:29 AM
Lena Monteiro said...

I think there is a lot of confusion here...

Given a file from a first user, you can either encrypt yourself and/or let DropBox do it for you. DropBox than stores it somewhere with the encryption that it is always there (how can you recover it if DropBox would not have it in first place?).

Now, given another file from a second user, the only way to guarantee that this file is the same as the first one from the first user is to compare sizes, names AND contents, bit by bit. No hash codes over the files can guarantee that two files are identical regardless their lengths (unless the lenghts of the files are smaller than the length of the hash codes).

Therefore, whatever DropBox would do with my files, it has to have my encryption keys with the risks and advantages associated to it.

On the other hand, what is the real benefit of deduplication as it is a complex technique?

Compression and other techniques would be far more effective and fast than this while keeping the privacy.

Thanks.

Bressan
9:37 AM
Anonymous said...

When I signed up for Dropbox, I didn't provide a crypto key at any time. I didn't have to move one between systems that use my Dropbox account. Therefore, I knew that any encryption that went on was on their end, and they could read any of my files, without any further analysis.

I don't use it for anything I'd consider sensitive. Unless I did the encryption, and managed the key myself, that would be foolish. I use it to hold some of my personal projects that I might want to work on from several places, and if somebody examines them it won't bother me much.
9:38 AM
Anonymous said...

I'm surprised someone so smart doesn't assume that anything they put in the "cloud" will get turned over to law enforcement if a warrant is produced. Same goes for putting something dodgy on such a service.

Honestly, what else did you expect?
10:17 AM
Jeremy said...

Well, there is file level deduplication and block level deduplication. If they are able to detect only a portion of a file has changed and then only upload that portion, they must be doing block level deduplication.


When deduping and storing blocks, the hash of that block is used as an index. When they store that block they encrypt it, not the entire file.


Granted, they would use the same key to encrypt all blocks. However, with that said, from a storage perspective, even if you unencrypted all the blocks, you would have to know how to reassemble the blocks into actual files.


That information could be stored elsewhere and be unique to each user account. That information could then be encrypted by a unique key generated on user account creation using the user's password.


I for one appreciate the reduced bandwidth block level deduplication provides and would hate to have to encrypt and upload the whole file every time I edited a single line. It would make the service impracticable and expensive.
10:27 AM
Anonymous said...

Question... Why cant Dropbox, do the file./hash compare once they have obtained the user encryption key after the outside user has logged on? This is a possibility, right?
11:04 AM
Anonymous said...

While it is not clear if the company is using a single encryption key for all of the files users' have stored with the service, or multiple encryption keys, it doesn't really matter (from a privacy and security standpoint), because Dropbox knows the keys.

When I was evaluating Dropbox for business use, I investigated whether or not Dropbox allowed defining your own encryption key. At that time I discovered they use a single encryption key for all files for all users. This may or may not be the case now. Conclusion: don't use Dropbox for sensitive data unless you encrypt it ahead of time.
1:29 PM
Anonymous said...

You get what you pay for.

Another service worth checking out is JungleDisk.

Private crypto keys:
http://support.jungledisk.com/forums/61795/entries/74357

Settings for different types of authentication (see Derek Newton discussion)
http://support.jungledisk.com/forums/61795/entries/74268
1:41 PM
Ryan O'Hara said...

Think about it... how could a 750 MB upload even deduplicate on the server and still upload in 5 seconds? You would still have to upload the file. Deduplication is done on the client and is therefore safe.
2:14 PM
Anonymous said...

Dropbox obviously is able to decrypt your data, the web interface is proof of that. How else would they be able to serve the original unencrypted files over HTTP(S)?
5:14 PM
Larry D'Anna said...

You're being totally unreasonable here. There is no reason at all for users to expect that dropbox doesn't have access to their data. The way dropbox stores data is exactly the way I expected it stores data. If a dropbox-like system did encrypt data at rest, it would be advertised as a feature.

You can't expect every piece of software to be suitable for every purpose. Dropbox is for you grandma to upload her files. If she's worried about leaking the fact that the particular files exist, or that they might be subject to a search warrant, then she's got unusual enough security requirements that she should do a lot of reading and think damn hard about what she's doing before uploading those files.
9:03 PM
joequincy said...

Seems that as long as your concern is only bandwidth, and not storage... there would be no issue. First time a file is uploaded, save two copies to the server and encrypt one with the user's key, and the other with the system's key. When testing a hash of a new upload, if there's a match, decrypt the system's copy, and save a copy encrypted with the new user's key.

Bandwidth seems like it'd be a much larger expensive than storage in a system like Dropbox.
10:43 PM
Anonymous said...

There seems to be a common misconception in several of these posts regarding hashes. If two files have the same hash, they are not necessarily the same. If they have different hashes, they are definitely different.
4:33 AM
Nathaniel Borenstein said...

The real problem here is that nearly everyone has unrealistic assumptions and beliefs about what is secure, and what it means to be secure. The fact is, unless the encryption is being done under your control, as close to you as possible, and unless only the encrypted form is being transmitted to the cloud provider, your security and privacy will never be absolute. The sooner and more clearly people are educated about this, in my opinion, the better.

My own assumption is that any file that ever leaves my computer is potentially visible to the whole world. (Files on my computer are also potentially visible, though a bit less so -- though that's another story.) Thus if I ever have a file that I really care to keep secret from a determined opponent -- which I generally don't -- I will use pgp or something similar to encrypt it on my personal computer, and I will only store it or transmit it in that form, and I will guard my keys and password like the crown jewels.

We would do our users more of a service by educating them in this semi-paranoid manner of behavior than by giving them assurances of security and privacy that simply can't hold up under a court order. And that includes any form of encryption that is performed in the cloud, because the provider needs to be able to decrypt it as well, and therefore can be compelled to do so under a court order.

This is a message that no one wants to hear, so no vendors are giving it. Instead, they are lying, or at least heavily shading the truth. Encryption in the cloud is almost certainly adequate for certain kinds of secrets, such as cheating on your spouse. It is generally adequate for others, such as most corporate proprietary data. It is absolutely not adequate for anything that you want to keep from a government with applicable jurisdiction, or from serious, determined hackers.

What dropbox provides is more than adequate for most users. Those with a more stringent need for privacy -- most often because they are breaking either a just or unjust law -- need to take responsibility for their own privacy, not count on a remote, third party service to provide it.
8:58 AM
Anonymous said...

Jungledisk is another option. JD is owned by Rackspace but will store data on either Rackspace or Amazon S3. Users create and keep encryption keys. Various options authentication options.
11:45 AM
Trevor said...

Great read. I look forward to sharing with other technical professionals.
1:57 PM
Anonymous said...

Another anonymous wrote:

"There seems to be a common misconception in several of these posts regarding hashes. If two files have the same hash, they are not necessarily the same."

True, but hash collisions are a problem. See:

https://permabit.wordpress.com/2008/07/18/what-do-hash-collisions-really-mean/
2:45 PM
Anonymous said...

I have a question here. If Dropbox identifies that the file that you try to upload has got the same hash with a file they already store, are they performing a subsequent byte-by-byte comparison? Because if not, it might be possible that a hash collision will cause your file not to be uploaded. Quite apart from the security concerns that were the subject of this thread, this may mean simply that the file you thought you safely backed up is not actually there. When attempting to retrieve the file, you would be served with somebody else's file having the same hash.
4:54 AM
Anonymous said...

Can anyone recommend any local free backup software that uses good encryption (eg private key) and then can place the backup in the Dropbox folder, for Windows and Ubuntu?

All of these cloud backup services should provide a separate and free encryption backup software and then a separate method to backup on the cloud the encrypted data
9:02 AM
Rakkhi Samarasekera said...

Really great article. I will not be using Dropbox without an Trucrypt volume going forward. Means losing access via my iPhone but potentially a small price to pay.
6:59 AM
Anonymous said...

Dropbox uses Amazon S3 for storage. All data stored in S3, is stored encrypted. Both Amazon and Dropbox know this encryption key. (Though Dropbox may be encrypting it separately on top of that).

One user's files are kept separate from another's logically, probably through a database that Dropbox maintains. All files are likely stored on S3 in one bucket (think: Directory), as per-user subdirectories would not be useful with a deduplication setup, and all the sharing options that Dropbox offers.

Dropbox relies on deduplication to survive. If you were to sign up for S3, upload 2GB, store it all month, and download 4GB, it would cost you about $0.95 each month. That doesn't sound like much, but if you invite the whole free world to store stuff on your dime, that adds up. By only storing files once, you are saving lots of space and bandwidth. Further, the Dropbox client will copy between eachother within a LAN to save even more bandwidth.

Customers that buy 50/100GB plans are getting gouged compared to buying it direct from Amazon, but the value-add that Dropbox has is worth it, and they end up paying for the free users's storage and bandwidth.

This will all fall apart if every user uploaded a 2GB truecrypt volume, which they couldn't deduplicate, costing Dropbox a lot to store.
11:37 PM
Brad said...

This is for Arash (Dropbox CTO):

The issue is not that we're safeguarded by law (we're not, that kind of thing has been proven to be pretty arbitrary), nor is it about the efficiency or nature of your deduplication technologies. It's that your marketing claims that my data was completely obfuscated from viewing by your employees and you've now backtracked and stated that's not the case.

That's a lie.
1:57 AM
Erik Haugen said...

Arash; you are missing the point. It might be sort of true that "De-duplication does not make users any more vulnerable to intrusive government actions" - what makes users vulnerable is the fact that you, Dropbox, have the key to decrypt the users data. The point isn't that the government can demand a duplicated file. The point is they can demand *any* file, and you can provide it. The author of this article, Christopher Soghoian, is pointing out that by simply storing decrypting keys only with the user (passphrase/etc), you would protect your users from government requests. This would be a compelling feature for some users. It isn't really true to say that "The rules that provide a check against unwarranted government snooping apply to online services equally, regardless of their back-end architecture" - in fact, a service architected so that only users have the keys would be much safer from any government snooping (see Spideroak). But I appreciate that your company has finally clarified that your files are not effectively encrypted on your servers.
2:57 AM
Jon Brown said...

If I understand correctly. Deduplication can happen pre encryption, but serving that file back up to you would require DB to decyrpted the file from another user's account... Hence DB can decrypt a file and serve it to someone else on the premise that those files were identical pre-encryption.

I applaud the effort to push DB to be more transparent about their security and I feel better off knowing the data isn't protected from court order or extremely dedicated hackers, but I'm still comfortable storing my data there including my 1P files which are encrypted and unique anyway.

One point regarding the other cloud storage systems. Imagine this: court order reads "the next time use X access this data you are instructed to intercept and provide to Law enforcement the encryption key for user X's data". All is still ok as long ad that key never is transmited so the next court order cones down: you are to modify your software to deliver the encryption key for user X to law enforcement". The point is that any time a third party is involved LE can compel them to expose your data one way or another.
12:23 PM
John Grimes said...

It seems that the SpiderOak.com service uses a similar system to DropBox.

I use GnuPG to encrypt files before upload. It's an extra step but it ensures they're safe from snoops.
7:35 PM
Anonymous said...

This is a concern even if you aren't sharing contraband. What if you are sharing information that is legal, but damaging to a big corporation or a government?


@Arash (Dropbox CTO):

Sounds like Dropbox has a level of trust and faith in government and the law that I don't share. With the amount of overt abuse of the law in this realm, it's hard to see how such faith is warranted.

@Tonetheman:

And that is precisely why I would not use a system that you designed.
1:15 PM
ssp said...

Thanks for spelling the issues out. Finally something readable to link to.

Great blog title as well.
3:32 PM
SecretSync said...

Hi, we've just launched a sync tool, SecretSync, that provides client-side encryption for Dropbox. (In beta.)

http://getsecretsync.com

SecretSync ensures that your files are encrypted on your computer before being put into Dropbox. It's similar to using TrueCrypt, except it's file-based, like Dropbox. I.e. you just put files in a special folder on your computer, and the encryption happens.

With client-side encryption, de-duplication can't occur. This is because AES encryption requires what's called an initialization vector, or IV. This is a 'nonce' that changes every time you encrypt. So every time you update a file, it looks entirely different. If 10 people were to upload the exact same file using SecretSync, it would literally be as 10 unique file signatures.
5:04 PM
The Guitar Master said...

If your data is that sensitive, you should be encrypting with your own keys before storing on something like dropbox. It's free / very cheap so don't use it for storing national secrets or pictures of you and that lap dancer. I don't think this is a big deal!
4:41 AM
Jon said...

While people are mentioning alternatives that actually care about your privacy I thought i'd mention a site I launched this week called www.senditonthenet.com

We operate in a similar manner to wuala (in that we don't know what your password is and can't access your data) however we don't require a software download, it runs entirely in your web browser.
2:06 PM
Anonymous said...

just to summarize and follow up on a few things:

dropbox is not the only service that controls both ends and tries to use hashes as proofs that the client has a file. connected (now iron mountain) uses the same method. the aol attachment store uses the same method.

it is risky to use a hash as a proof that the client has a file. consider the case where a piece of malware leaks file hashes to an attacker. the attacker, using their custom client, asserts they have a file with that hash value. the system says "already got it", and gives them access to the file from then on. the implication is you need to protect hashes on stored files as rigorously as you'd protect the files themselves as the hashes "stand in" for access to the contents.

this also suggests that if someone were to merely distribute hashes of popular movies, you could get them from dropbox, as it is likely to have at least one of those.

regarding hash collisions, usually file size has to compare equal but not file name, as people often change that.

if you implement this, you may want to use an HMAC rather than a standard hash, so that you are not easily compelled to compare values with those in databases of forbidden content just because you can.

[i'll be anonymous in this posting, but many of you know me...]
2:11 PM
nevermore said...

Zooko said:

"Is it not the case that Dropbox has access to the encryption keys that protect the user data anyway?

This must be the case because there is a "password reset" operation that you can go through to get access to your files again in case you've forgotten your password. This implies that Dropbox itself has the power to use that same process to get access to your files without knowing your password."

Think again. Password reset will give a Dropbox employee access to a customer's file, but it will also leave the file protected by a new password that is then unknown to the customer. The employe has no way to retrieve the customer's original password to return the account to the state it was in before he gained access to the data. The customer may not know that his privacy has been compromised, but he may become suspicious when his password has been rendered ineffective.
9:47 PM
Drug War said...

If you are TRULY paranoid, why are you storing your sensitive data in the cloud anyway? Shouldn't it be triple duplicated locally with a remote thermite kill trigger?

I do appreciate you bringing this to light. It is important for companies to clearly display their terms of usage. This changes nothing about how I use Dropbox because nothing I want secret will find it's way into the cloud-nether.
9:53 PM
cj said...

I don't think you have idea of what you are talking about. You could easily compare a hash against another hash, to find a match, without it being unencrypted. encryption of both pieces of data are encrypted, I think you are just jealous drop-box is doing well. Many of your assumptions just show your lack of knowledge on the subject. This sounds more like smear attack against dropbox.
11:19 PM
Erik Haugen said...

Nevermore: Zooko is right. The point is that if it is possible to implement a "password reset" feature for recovering from forgotten passwords, then the password must not be the thing required to unlock a file. Instead, it must be the case that Dropbox has whatever is needed to recover the file. This means, necessarily, that Dropbox can decrypt any file, and can do it without the user knowing. As an aside, this is an important tradeoff - password recovery would be impossible if Dropbox made themselves unable to comply with government requests, if passwords were the key for decrypting the file.
2:07 AM
Anonymous said...

When I say the Dropbox service I've had a feeling that wasn't secure... and I was right! Some familiars use it and recommend it, but I guessed (and guessed right) that would not be possible to provide that service without a backdoor... at least in most country's isn't possible.

Even if you encrypt using some tool like 7-zip it uses AES-256... you need at least an 40 characters password to achieve the 256 bits of protection... and AES wasn't considered that much secure even when it won the AES contest... the best was Serpent Algorithm... but security wasn't definitely the priority... the current AES was considered the algorithm with less security margin (meaning that would probably be the one more easily attacked of all in the final, somewhere in the future).

You can still use truecrypt volumes, but it's not so "simple" to use... and most people will not use it.

And if the company can be server a court order to revealed the content's what prevent them from updating their client software to start surveillance their clients?

Any service that can compare your local contents with the ones in their systems, is an automatic red flag! If they can prevent you from sending your file because someone else have the same file, and they can "copy" to your account, double red flag! They can't have the content's encrypted, with a code that they don't know, and go their, open the encrypted file, extract the file from the other and send to your account the same file... unless they know what the secret (password) that protects the file is... or the file isn't encrypted at all!
If they can see both the contents their and in your computer... they can access your account and the files aren't really encrypted... unless the extend of that is a file that contains the hash [for example: SHA-512 with a personal salt (for privacy reasons, always different from user to user to prevent hash comparative with current databases)] associated to the account, that compare with your local one to see if they have already been upload successfully... because it can send a file encrypted and separately send and hash so the service knows that their is a new file their... even if they can't see the file it self. But they need to see the file names, and for convenience when they are sent, and how big they are... because the person wants to know what is their and what isn't. I don't know how would they do this... because to be secure would be difficult to manage.
1:23 PM
Erik Haugen said...

cj said: "You could easily compare a hash against another hash, to find a match, without it being unencrypted. encryption of both pieces of data are encrypted" No, because then when the 2nd uploader tries to retrieve the file, this user won't be able to get the original without the first uploader's keys for decrypting. The optimization here does in fact mean that Dropbox has the means to decrypt any files.
1:58 PM
Anonymous said...

I'm not a Dropbox user but AFAIK there's something installed on the machine, this piece of software might compute the hash before encryption and send it.

So the knowledge of the keys is not required to compute the hash, Dropbox can do that without it. So it's not a proof they know the keys.

But if they don't publish the key management (where are the keys, who has access etc.) it's all crap. Security based on speculation of how things work is not a security.

In today's world, no-one attacks the algorithms. It's the key management that is attacked (including dictionary / brute force / dictionary attacks).
7:51 PM
Neil Coffey said...

I think a lot of the discussion can be summarised as "to anybody who knew a little bit about how encryption/security works, it was always obvious that in reality, Dropbox employees technically could read customers' files".

And that's absolutely fine in principle-- there are all sorts of centralised systems that we use in our day-to-day lives where employees and Powers That Be can read our data. Even with the knowledge that Dropbox employees could technically read uesrs' files, or that the government could force Dropbox to patch the software so that they could read them, etc., we may well come to the conclusion that the benefits of using the service still outweigh the risks. Even as somebody more able to assess the risks, I still use Dropbox for that very reason and think that it is an extremely useful piece of software when used appropriately. The point is that in order to assess this risk-benefit equation, we need to be open about the risks.

The problem in this case is that Dropbox chose to make the claim that employees couldn't access customers' data. The fact that some users with specialist knowledge could determine the falsity of that claim does not detract from the problem that to the average user, the claim is misleading.

The issue of encryption is a grey area. Dropbox, and surely lots of other services, are bandying "AES-256" about in the knowledge that this may *imply* a higher level of security than is actually the case. As has been pointed out, actually achieving 256 bits of entropy from a password is hugely unlikely with the types of passwords that most users will choose. However, in this case, it's hard to say that an actual false claim is being made: it is technically true (presumably) that they use AES-256 encryption.
6:21 AM
snemarch said...

"So the knowledge of the keys is not required to compute the hash, Dropbox can do that without it. So it's not a proof they know the keys."

Check the post DIRECTLY ABOVE yours.

"If Dropbox identifies that the file that you try to upload has got the same hash with a file they already store, are they performing a subsequent byte-by-byte comparison?"

They can't be doing that, as that would require the entire file to be uploaded again, and network traffic shows that it isn't.

Now, one thing is what DropBox is doing - it's a reasonable level of 'security' for a free service, and the deduplication can be a big benefit for end-users as well.

The big problem is that THEY HAVE BEEN LYING about security and privacy all along.
8:03 AM
Noah said...

What if I want fast, online file storage and sync that doesn't waste precious bandwidth and storage uploading files that have already been stored?

I deliberately use Dropbox for non-private information, such as university coursework. As such it is faster and cheaper to use than other software I use for more private data eg Wuala.

I agree that it would be nice to have people well informed that their data could be accessed by government agencies with a warrant, but it is the economies of scale that data-deduplication affords that allows Dropbox to provide me with a service for next to nothing.
7:11 PM
Dave said...

Any thoughts on the security & reliability of CrashPlan? I love the service, and the fact that you can also backup "free" to other computers you own, or to friends who want to share space with you. The pricing plan is also in line with SpiderOak, but obviously CrashPlan is backup-only (no sync, etc).
9:30 AM
Anonymous said...

Would be interesting to hear how you judge the security of TeamDrive(www.teamdrive.com). Does it go beyond the security of SpiderOak?
12:52 PM
Anonymous said...

Also problematic is the fact that Dropbox's CTO does not know how to spell a one-syllable word like "whoa."

How can I trust a man to encrypt my data if he cannot spell as well as I could when I was in second grade?
12:57 PM
CableCat said...

You can not assume that because deduplications is used, that the files are not properly encrypted.

All you need to do, is to derive the encryption key from that data in the file. So each file is encrypted with its own key. But if more people have the same file, they will encrypt it the same way, and dedublication will work.
5:12 PM
Brent W. said...

The point is that Dropbox made misleading claims about their security. Fact.

The point is NOT that you should know better than to believe a misleading claim. If you know better, good for you. But that does NOT relieve Dropbox of its obligation to make accurate claims about its security practices.

Dropbox has revised its claims so that they are now more accurate. That is good. But many users signed up for the service, based on a flawed explanation of that service. This is not insignificant.

The point is NOT that Dropbox is a bad service. Dropbox is an excellent service. It just does NOT provide exactly the level of service that it claimed to provide.
8:15 PM
Erik Haugen said...

CableCat says "if more people have the same file, they will encrypt it the same way" - but how do they decrypt it? Do they need any special information, like a password, to decrypt it? The point is that with deduplication, all parties "owning" that file have to be able to retrieve it. This means that passwords must not be necessary to decrypt files, since everyone only has their own password. So we can make the assumption that dropbox has the means to decrypt any file without the user's permission or knowledge.
6:35 PM
Anonymous said...

And pray tell, where did Mr. Borenstein purchase the crystal ball that told him that people who protect their stuff "most often do so because they are breaking a law". Speculative nonsense.
4:50 PM
Marty said...

The issue here is that they made a claim that simply cannot be true, and so it would be better if DropBox just retracted the comment.

I don't have a problem with how dropbox operates, whether the file is encrypted and the user password stored so the dropbox framework can decrypt content on the basis of dedupe, that level of access is acceptable to me..

I would imagine in the instance of duplicated files, DropBox would decrypt the initial uploaded file, and re-encrypt it with a generic shared hash which is associated to all the other users, and I assume this shared hash would encrypted to each users own password so atleast at the raw user database level no two hash keys are alike - even for duplicated files..

Also, most file systems have some kind of user access control which even at root level requires full access to the physical data in order to serve it. So just like on your corporate storage for example, you'll have standard users unable to access certain areas of your storage, but system level as well as administrators would be able to access all areas.

I would atleast hope DropBox only allow root access to physical data and it's decryption at Platform level and only allow the core platform at the content owner real world access to it, meaning DropBox staff would NOT be unable to access the physical data because the user access layer in the DropBox architecture..
12:17 PM
Anonymous said...

Nice way of pointing out the completely obvious.

Of course Dropbox has access to the contents of the files - you don't just need to analyze the de-duplication feature to see that.

The public files link feature and the automatic photo galleries make that clear.

I find it bizarre that you're kicking up such a fuss about something that most people knew about years ago. I guess you're just trying to make a name for yourself, but what a curious way to go about it.
10:11 AM
Richard2957 said...

The publication of this blog has done a great disservice to the shareholders at Dropbox and to the good citizens of the world.

The only users who truly need to fear the Privacy issue are those that are breaking the law. I for one would be happy to see these people's privacy being broken by the relevant authorities. To me then the chance that child-porn and other illegal activities are placed at risk is a feature, not a bug.

Dropbox offers an excellent service, and provides as good a security level as can be reasonably be expected from cloud storage. It would be a shame if their profitability was hit just so that criminals could have their lives made easier.

But you got to pull readers into your blog, haven't you.
11:44 AM
Sylvain said...

Wuala is a good swiss alternative (free for the first GB) develloped by a swiss University. With Wuala all your files get encrypted on your computer, so that no one - including the employees at Wuala and LaCie - can access your private files. Apparently the servers are in Switzerland, France and Germany.
12:18 PM
David C said...

@Richard2957

I disagree with your assessment. The real issue is not with the government or rights-holders being able to subpoena incriminating evidence, it's with Dropbox employees having access to sensitive personal information. When I signed up for Dropbox, they claimed that their employees had no way of accessing my data. Now I come to find out from a third party that the only thing preventing them from doing so is company policies. This is unacceptable. I replaced the "My Documents" folder with Dropbox and as such have many documents containing account numbers, SSN, etc located on their servers. Even if the employees follow their policies, that's no guarantee that someone couldn't access my sensitive info if the employee's login info or laptop were stolen/compromised.

I will be researching how to encrypt all my data to Dropbox. I know of TrueCrypt, but did not find it very user-friendly when I tried it in the past. Does anyone know of any alternatives?
3:35 AM
dimecadmoium said...

I'm curious as to how you KNEW they didn't md5sum (or similar) on the user's computer and then check for a similar sum (and maybe even size) on their servers. They wouldn't need the encryption key if that was done, but I see nothing addressing that fact.
3:26 PM
Erik Haugen said...

@dimecadmoium: It's difficult to tell exactly what you are suggesting. I suppose you're right, that if it made sense for Dropbox to trust the hash generated by the client, then they would know they already had the file. However, that wouldn't matter much, since they would need the encryption key of the client that really uploaded it in order to send the file back to the other, new client.
3:58 PM
Anonymous said...

If dropbox deduplicates files on their servers, it doesn't mean they have plaintext access to them.

Dropbox could simply compare hash values to determine if two files are equal, without knowing anything about the content. If the hash value is provided by the dropbox client within the upload, but before encryption, files in the cloud ARE encrypted.
10:42 AM
Anonymous said...

"If the hash value is provided by the dropbox client within the upload, but before encryption, files in the cloud ARE encrypted."—But, then if the 2nd uploader requests the file, dropbox would have to decrypt the file before sending it back, since the 2nd uploader would not be able to decrypt a file encrypted by the 1st uploader.
1:34 AM
filme porno said...

I didn`t know that they can sacrifice users privacy, how can i find out if my files have been watched?
4:50 PM
Unknown said...

I took a look at Wuala for comparison. If everything is encrypted, and their people can't access the files because they don't have the keys- then how does sharing work?

Does someone you share a folder with have to have your key?
3:24 PM
Erik Haugen said...

Regarding Wuala: I'm speculating here, I haven't use Wuala. Wuala stores the keys used for en/decrypting each file. Those keys are encrypted somehow with users' passwords.

When you share a file with someone else, it's conceivable that Wuala might use public/private keys to encrypt the file key with the public portion of the other party's password-key without knowing that user's private password. Maybe that private key is encrypted with the user's password? Just a guess.

Note that this does not require Wuala to store all the secrets required to decrypt anything after this operation is completed, so they still would be unable to do the deduping that Dropbox does. Also, it seems you can not recover a lost password with Wuala.
5:24 PM
Anonymous said...

Nice article:

-----
It says: Many users and even the technology press will not realize that AES-256 is useless against MANY ATTACKS if the encryption key isn't kept private.
-----

Well, many users and even the technology press will not realize that AES-256 is useless if the encryption key isn't kept private.
6:42 AM
Anonymous said...

Dropbox installs a client on your computer... so they have access to the plaintext version of your file BEFORE it gets transferred.

It is stupid easy for the client to hash the plaintext file, send the file size and hash to the server to see if it's a duplicate of an existing file, and if it is just store your filename and a reference to the existing file on the server.

This wouldn't be a performance improvement if dropbox had to go and decrypt everyone's files just to check if your latest upload is a duplicate. So clearly dropbox is storing your data encrypted, but an index of everyone's data is used for the de-duplication. Since file names are irrelevant to de-duplication, that index probably does not include filenames. But this has nothing to do with privacy, because the public does not have access to the index and, as someone else mentioned, if the government has a warrant they can search or seize your information on the dropbox servers regardless of their performance optimizations.

If an attacker is watching my dropbox connection, de-duplication means that it's HARDER for an attacker to guess which files I am uploading, since duplicate files of any size become a small fixed size upload - they look the same to an attacker. And if I am uploading unique files, the attacker cannot know what they are anyway, unless he watched me download them from the web... in which case, he already knows that I have them without the use of dropbox.
7:05 PM

Post a Comment
Newer Post Older Post Home
Subscribe to: Post Comments (Atom)
Christopher Soghoian, Ph.D. is a Washington, DC based privacy and security researcher. He is the Principal Technologist in the Speech, Privacy and Technology Project at the American Civil Liberties Union.

This is his personal blog, and the views expressed here are his own.

Click here to visit his home page.
Subscribe To This Blog (RSS)

Subscribe in a reader
Blog Archive

► 2012 (12)

▼ 2011 (30)
► December (2)
► November (2)
► September (1)
► August (1)
► June (1)
► May (2)
▼ April (2)
How can US law enforcement agencies access locatio...
How Dropbox sacrifices user privacy for cost savin...
► March (3)
► February (6)
► January (10)

► 2010 (18)

► 2009 (46)

► 2007 (49)

► 2006 (127)

► 2005 (103)

Creative Commons License
This work by Christopher Soghoian is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 3.0 Unported License
DMCA Takedown Policy
Simple template. Powered by Blogger.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXI I.II.MMXIII a les X:L:XV UTC IP registrada
Citar Citar 
Vinga, més llenya, europeus!
 
http://www.bbc.co.uk/news/technology-21263321
 
31 January 2013 Last updated at 11:10 GMT
Share this page

Email
Print

1.6K

Share
Facebook
Twitter

Experts warn on wire-tapping of the cloud
By Jane Wakefield Technology reporter
A server room Increasingly consumers and businesses are relying on cloud computing
Continue reading the main story
Related Stories

Email and web use 'to be watched'
Safeguards 'vital for web plans'

Leading privacy expert Caspar Bowden has warned Europeans using US cloud services that their data could be snooped on.

In a report, he highlights how the Foreign Intelligence Surveillance Act Amendment Act (FISAAA) allows US authorities to spy on cloud data.

This includes services such as Amazon Cloud Drive, Apple iCloud and Google Drive.

He told the BBC this heralded a new era of "cloud surveillance".
Foreign policy

Mr Bowden, former chief privacy adviser to Microsoft Europe, made a name for himself as a privacy advocate when the controversial Regulation of Investigatory Powers Act (RIPA) came into force in the UK in 2000.

Parliament accepted some of the amendments proposed by Mr Bowden as the then director of the Foundation for Information Policy Research.

Now he has turned his attention to US legislation and has co-authored the Fighting Cyber Crime and Protecting Privacy in the Cloud report which was recently presented to the European Parliament.

In it he said that FISAAA "expressly permits purely political surveillance", so that anyone with stored information relating to US foreign policy could find themselves of interest to the US authorities.

"Anyone who, for example, belongs to a campaign group which may oppose some aspect of US foreign policy, whether it be the Iraq war or climate change," he said.

The FISAAA was originally drafted in 2008, and was recently renewed until 2017. It was added on to existing legislation to take account of cloud computing, which was just emerging as a means of data storage.

"What's amazing is that nobody really spotted it for four years," said Mr Bowden.

"When FISAAA was extended to cover cloud computing, encrypting data to and from the cloud becomes irrelevant so it is surprising that nobody noticed this," he added.
Tiny supercomputer

Adam Mitton, a partner at law firm Harbottle & Lewis, agreed that the FISAAA could be a threat to privacy but questioned how much it was used.

"In theory there is a clear threat to the privacy of European citizens, but in reality the fact that it is obscure suggests that the threat isn't as great as it might be perceived," he said.

"If it was being used by an authority and having an impact on individual citizens, I think that the source of the information would come to light. The legislation is now five years old and I'm not aware of any case that has relied on it," he added.

Storing data in the cloud is becoming hugely popular not just for consumers who use it to keep photographs and other personal data safe but for businesses which are increasingly using cloud services to offer back-end processing power.

Under the FISAAA, US cloud providers can be compelled to release data from any citizen living outside of the US.

"The fibre-optic cable that carries the data is split and a miniature supercomputer scans all the data in real-time with any material of possible interest being instantly copied to the NSA [National Security Agency]," said Mr Bowden.

The court order is made in secret and remains secret - meaning it would not show up in things such as Google's transparency reports, which aim to document data requests from governments around the world.

"We have long known that the Americans can spy on foreign data but FISAAA extends this to reach inside the data centre. It allows the authorities to enact surveillance on a mass scale because it is wired into the infrastructure," Mr Bowden said.

A hearing on the European Parliament's findings of the report is due next month.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXII I.II.MMXIII a les XVIII:IV:L UTC IP registrada
Citar Citar 
Google under fire for sending users' information to developers
 
http://www.latimes.com/business/technology/la-fi-tn-google-under-fire-for-sendin g-users-information-to-developers-20130213,0,7558815.story
 

Google under fire for sending users' information to developers

print
Comments
6

google wallet

The Google Wallet app is used for mobile payments. (Bloomberg / February 14, 2013)

By Jessica Guynn

February 14, 2013, 5:00 a.m.
SAN FRANCISCO -- Sebastian Holst makes yoga mobile apps with his wife, a yoga instructor.

The Mobile Yogi is sold in all the major mobile app stores. But when someone buys his app in the Google Play store, Holst automatically gets something he says he didn't ask for: the buyer's full name, location and email address.

He says consumers are not aware that Google Inc. is sharing their personal information with third parties. No other app store transmits users' personal information to third-party developers when they buy apps, he said.

"Google is not taking reasonable steps to ensure that this data is used correctly," said Holst, whose app has 120,000 users.

Google is coming under fire just as regulators in the U.S. and overseas are stepping up their scrutiny of how all the players in the industry -- mobile apps, stores, advertising networks and others -- handle consumers' private information. Regulators are pushing for greater transparency of what information is collected by apps and how it's shared.

Google Play has worked differently than Apple Inc.'s iTunes since it launched in October 2008. An app developer sets up an account through the mobile payment system Google Wallet, which makes them a merchant in the store. When someone buys his or her app from Google Play, that transaction -- and the customer's information -- is sent to the developer. The developer has to comply with rules about what he or she can do with the information.

But at Apple, iTunes is the merchant. App developers say they never receive customer information.

Google defended how Google Play operates in an emailed statement.

"Google Wallet shares the information necessary to process a transaction, which is clearly spelled out in the Google Wallet Privacy Notice," Google said.

Barry Schwartz, Search Engine Land's news editor, said he prefers it that way.

"I want to be able to service my customers, and yes, they are my customers, not Google’s and not Apple’s customers. They download our products. They call the developer with questions. We provide them the tools and the content. They are our customers,” Schwartz wrote in a blog post. "Apple doesn't tell us who our customers are, and when we need that information to verify ownership or to give refunds, we are left with blindfolds on. Google, in my opinion, does it right by making the user who downloads the app our customer."

But Danny Sullivan, founding editor of Search Engine Land, said Google should make it clear to consumers that their information is being shared with third-party developers.

"Google's privacy policies don't make clear this is happening, something Google probably needs to correct," Sullivan said. "I sure had no idea that Google Play did this."

Nor did Dan Nolan, an Australian app developer. He said he was astonished when he found out that Google was sending him users' names, email addresses, city and ZIP Code. He wrote a blog post Wednesday condemning Google for doing it.

Nolan runs a popular app in Australia called the Paul Keating Insult Generator that throws out quips worthy of the former labor prime minister there.

"Under no circumstances should I be able to get the information of the people who are buying my apps unless they opt into it and it's made crystal clear to them that I’m getting this information," Nolan said.

Privacy watchdogs say consumers are largely in the dark that Google is sending their information to outside developers despite assurances from Google that it tells them when they sign up for Google Wallet. That, they say, is "troublesome."

"The question is: What constitutes meaningful consent?" said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "The bottom line is that users are not able to control how their data is being gathered and disclosed."

Apple may have started the mobile app boom in 2008, but Google is catching up. As of October, Google Play had the same number of apps -- 700,000 -- as Apple.

Google is trying to press its advantage by making it easier for developers to build apps and easier for users to buy them. Apps help fuel the growing popularity of phones that run Google's Android software. Apple’s app sales still generate several times the revenue of Google's.

Google does not run its app store with the same ironclad control that Apple does, and that has occasionally led to problems.

It's also had run-ins with federal regulators over privacy. Google agreed in 2011 that it would ask users before sharing their data with outsiders to settle government claims that it violated its users' privacy with its social network Buzz.

The Federal Trade Commission settlement also required the search giant to submit to independent privacy audits every two years for 20 years. Last year Google had to pay $22.5 million to settle charges for bypassing the privacy settings of millions of Apple users. It was the largest penalty ever levied on a company by the FTC.

Google is not the only company to come under fire for how it shares information with app developers. In 2011, Facebook Inc. agreed to a 20-year privacy settlement with the FTC that required the company to get users' permission before changing the way it treats personal information. The FTC alleged that Facebook engaged in deceptive behavior when it promised that third-party apps would only have access to user information they needed when in fact many apps had unrestricted access to users' personal data.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXIII XV.II.MMXIII a les V:XXVII:XIII UTC IP registrada
Citar Citar 
http://www.naciodigital.cat/canaldigital/noticia/15022/google/incertesa
 

Empreses
Miquel Serrabassa | Actualitzat el 14/03/2013 a les 07:30h
Google i la incertesa
Torna a anunciar la desaparició de diversos serveis, entre ells el Google Reader
Ara fa dos anys, Google va començar una estratègia amb la que s'anirien decidint serveis per tancar, de cara a centrar-se només en una sèrie d'eines que fóssin realment rendibles i les pogués oferir amb més qualitat, enlloc de dividir els esforços. Diversos serveis han anat tancant -alguns d'ells encara amb usuaris- i ara, de nou, Google ha anunciat una altra llista amb noves eines que es donaran de baixa durant els propers mesos.

D'entre totes elles, la més sorprenent és Google Reader, el lector de fils RSS. De fet, dins d'aquest tipus d'eines, era una de les més completes i amb prou usuaris, tot i que ara la companyia californiana explica que un dels motius de la desaparició del Reader serà el baix número d'usuaris. El servei deixarà de funcionar aquest mateix mes de juliol.

També desapareixeran serveis d'Apps Script al setembre, juntament al CalDAV API. Aquest juny també deixarà d'existir Building Maker per fer edificis a Google Earth, i Cloud Connect ho farà el 30 d'abril tot i que amb l'aplicació de Google Drive com a alternativa. Google Voice App per Blackberry, l'API de cerca per compres o Snapseed per Windows i Mac són els altres escollits per aquest tancament.

El cert és que Google disposa de moltíssims serveis, i cada cop més, alguns d'ells van caient en desús o deixen de rebre l'atenció necessària. Ara, però, el fet de veure Google Reader tancat ens fa pensar que potser també acabarà amb un futur semblant Feedburner. I, veient que Picasa va acabar entaforat a Google+ com l'apartat de fotos, tampoc seria descartable que, a poc a poc, YouTube s'integrés a la xarxa social de Google, que sembla que és on la companyia vol que acabem anant a parar.

Potser amb la quantitat d'usuaris que té Google actualment a GMail o Android en té prou per poder-se permetre tancaments en sèrie com aquest. Però val a dir que, partits entre tots aquests serveis més petits hi ha molts usuaris que, a poc a poc, hauran de confiar en altres proveïdors, deixant d'utilitzar Google com a eina per tot, o per la majoria de tasques. Un fet que, al cap i a la fi, és prou bo.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXIV XIV.III.MMXIII a les XI:XXVII:XLVIII UTC IP registrada
Citar Citar 
http://www.vilaweb.cat/noticia/4149681/20131015/evitar-google-publiqui-publicita t-informacio-personal-seus-usuaris.html
 
Com evitar que Google+ faci publicitat amb informació personal dels seus usuaris

Google ha anunciat que des de l'11 de novembre podrà mostrar als anuncis publicitaris dades i fotos dels milions d'usuaris de la seva xarxa social


Google va anunciar divendres que tenia intenció de fer servir el nom, les fotos i ressenyes de productes dels quatre-cents milions d'usuaris de la xarxa social Google+ enllaçats amb anuncis que ven a les empreses. A partir de l'11 de novembre canviarà les condicions d'ús per permetre les anomenades recomanacions compartides: és a dir, que les ressenyes sobre restaurants, botigues i productes, cançons i continguts adquirits a Google Play dels usuaris puguin aparèixer, amb nom i foto, en anuncis publicitaris adreçats a amics i contactes seus, i al públic en general.

Amb aquest nou servei d'anuncis de 'productes compartits', Google es vol afegir a una tendència publicitària a què ja recorren rivals com Facebook.

Amb tot, els usuaris han de saber que hi ha una manera de desactivar i d'evitar aquesta opció de publicitat agressiva i invasora de la intimitat: cal anar a aquesta pàgina i desmarcar el quadradet final (si no és desmarcat ja), i desar els canvis.

 
Qui vulgui seguir fent servir Google i Facebook després d'això, allà ell. Jo no vull sortir a cap anunci!
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXV XV.X.MMXIII a les XVI:VIII:XLVII UTC IP registrada
Citar Citar 
Avui he entrat a https://www.google.com/settings/dashboard
 
Malgrat que tinc la sincronització del mòbil aturada, que no tinc gmail i que sempre he estat prudent amb les opcions de google, amb això veig com google té moltes més dades del que m'hagués pensat. Són gent perillosa!
 
Hauré d'esborrar tots els comptes de Google? o simplement el que passarà serà que seguiran tenint dades i no podré veure quines?
 
En qualsevol cas recomano entrar al taullel de control aquest i veure-ho cadascú d'un mateix.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXVI XXIII.X.MMXIII a les VI:XXXVIII:LII UTC IP registrada
Citar Citar 
.
keep.jpg
keep.jpg
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXVII XXVIII.XI.MMXIII a les IX:XXI:XV UTC IP registrada
Citar Citar 
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXVIII XIV.VI.MMXIV a les -:-:XII UTC IP registrada
Citar Citar 
http://www.huffingtonpost.com/sam-fiorella/the-insidiousness-of-face_b_4365645.h tml?utm_hp_ref=tw
 
The Insidiousness of Facebook Messenger's Mobile App Terms of Service
 
How much access to your (and your friends') personal data are you prepared to share for access to free mobile apps? I suspect the amount is significantly less than that which you actually agreed to share when blindly accepting the Terms of Service.

Case in point: Facebook's Messenger App, which boasts over 1,000,000,000 downloads, requires the acceptance of an alarming amount of personal data and, even more startling, direct control over your mobile device. I'm willing to bet that few, if any, of those who downloaded this app read the full Terms of Service before accepting them and downloading the app.

2013-11-30-Messenger.jpg
The Facebook Messenger app is a standalone version of the instant chat feature within the social network. You can easily access this within the Facebook app on your mobile device, but opening the full application also requires more memory, bandwidth, and battery life. As a result, Facebook offers this one feature as a standalone app in which you can instantly chat with your Facebook friends without having to launch the full Facebook app.

If you're one of those 1,000,000,000 people who have downloaded this app, take a moment to read the following. I've posted, word for word, a few of the most aggressive app permission you've accepted.


Allows the app to change the state of network connectivity

Allows the app to call phone numbers without your intervention. This may result in unexpected charges or calls. Malicious apps may cost you money by making calls without your confirmation.

Allows the app to send SMS messages. This may result in unexpected charges. Malicious apps may cost you money by sending messages without your confirmation.

Allows the app to record audio with microphone. This permission allows the app to record audio at any time without your confirmation.

Allows the app to take pictures and videos with the camera. This permission allows the app to use the camera at any time without your confirmation.

Allows the app to read you phone's call log, including data about incoming and outgoing calls. This permission allows apps to save your call log data, and malicious apps may share call log data without your knowledge.

Allows the app to read data about your contacts stored on your phone, including the frequency with which you've called, emailed, or communicated in other ways with specific individuals.

Allows the app to read personal profile information stored on your device, such as your name and contact information. This means the app can identify you and may send your profile information to others.

Allows the app to access the phone features of the device. This permission allows the app to determine the phone number and device IDs, whether a call is active, and the remote number connected by a call.

Allows the app to get a list of accounts known by the phone. This may include any accounts created by applications you have installed.
The fact that social media and mobile apps are so insidious is nothing new, we all know (or should know) that no app is truly free. "Free" online apps are paid for by the provision of personal data such as name, location, browsing history, etc. In turn, mobile developers and social networks charge advertisers to serve up highly targeted ads to specific groups of people.

In a way, it pays to offer some personal information for a better experience with online ads, which we all hate so much. However, Facebook Messenger's attempt to collect so much information and take control of our devices is unprecedented and, quite frankly, frightening. The fact that over a 1,000,000,000 people have accepted these terms is an alarming insight into the future of mobile apps and personal security.

If this many people have not read the Messenger Terms of Service (or have read it and don't care), how emboldened will mobile developers be in the future? I understand the nature of "free" mobile apps. I'm prepared to give up some personal data for the right to access a game, content, or social network for free and to have an improved advertising experience while enjoying that free service. However, Facebook has pushed this too far. It's time we stood up and said "no!"

Take the first step by deleting this app. Next, review the Terms of Service agreements you've previously accepted without reading, and be sure you're comfortable with the cost of free. The only way to curb this harmful trend is to take a stand. Read every online and mobile Terms of Service agreement before accepting and, where it goes too far, say no.

Will you say no?
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXIX IV.VIII.MMXIV a les XI:XIII:XV UTC IP registrada
Citar Citar 
http://bitelia.com/2014/08/que-tanto-sabe-google-mi?utm_content=bufferb1113& utm_medium=social&utm_source=twitter.com&utm_campaign=buffer
 
¿Qué tanto sabe Google sobre ti?
4 DE AGOSTO DE 2014, 21:31
¿Nunca te has puesto a pensar que tanto sabe la empresa que lo sabe todo, sobre ti? Si le preguntas a Google cualquier cosa, es increíblemente difícil que no sepa la respuesta, ¿crees que tu escapas de eso?

Fotografía: Eva Blue
Fotografía: Eva Blue
POR GABRIELA GONZALEZ
TEMAS: GUÍAS/TRUCOS INTERNET
MÁS DE: ANDROID, GMAIL, GOOGLE, YOUTUBE
Google es una empresa fabulosa y a la vez terrible, todo depende del punto de vista con el que se le vea. Los servicios que ofrece esta compañía tecnológica tienen pocos rivales o ninguno, y es por esto que millones y millones de personas en todo el mundo utilizan los productos de Google. Pero, estos productos no son gratuitos, sin importar que nunca hayas pagado un centavo por ellos, todo lo que Google ofrece viene con un precio que está escrito en letra pequeña en el contrato de servicios.
Google rastrea prácticamente todos nuestros movimientos en la red, incluso cuando no estamos conectados.

Google rastrea prácticamente todos nuestros movimientos en la red, incluso cuando no estamos conectados. Google sabe tanto sobre nosotros, que tal vez nos conoce mejor que algunos de nuestros amigos, o hasta nuestra madre. Aunque hay varias maneras de decidir que compartes y no con Google, y hasta que punto eres rastreado por la empresa, la mayoría de la gente no tiene idea de esto, y quienes conocen las herramientas y las utilizan siguen sin tener un escape total del ojo que todo lo ve, incluso si dejas de usar los servicios de Google.

¿Cuánto me conoce Google?

Si analizamos un poco donde tiene los ojos puestos este gigante, podemos calcular más o menos qué tanto sabe la empresa sobre nosotros. Seguro más de una vez te ha sacado una sonrisa el ver como los resultados de búsqueda de Google encuentran exactamente lo que quieres, como si el buscador fuese hecho especialmente para ti, y es porque lo es. Vamos a ver si sigues sonriendo al final de este artículo.

Si quieres saber qué dice Internet sobre ti, seguramente tu primera opción es ir a buscar en Google, y ahí encuentras la primera pista de cuanto sabe esta empresa sobre nosotros.

Tu historial de navegación

que sabe google de mi

Desde la página de Historial de Google, puedes revisar todas y cada una de las búsquedas que has hecho, desglosadas por hora y fecha, ya sean el la web, blogs, noticias, etc. Esto forma parte del rastreo que hace Google de todo lo que busques, desde cualquier dispositivo en el cual estés registrado con tu cuenta de Google. La empresa dice usarlo para mostrarte resultados más relevantes completamente amoldados a tus preferencias, pero esto también funciona como una burbuja en la que te mete Google y que no te deja salir de ese perfil de usuario que el buscador te crea.

Ya sea que inicies sesión con tu cuenta de Google o no, gracias a las cookies Google de todas manera rastrea todos los sitios que visitas, con que frecuencia lo haces, cuanto tiempo pasas en ellos, en que orden accedes, y mucho más. Además, esta información es más que útil para los anunciantes que compran espacio publicitario en Google, y para todo el marketing en el que se involucre la empresa. Y por supuesto, que alguien más que tu pueda tener acceso a este tipo de información, representa un problema de privacidad bastante grande.

¿Gmail privado? ¡Ja!

que tanto sabe google de mi

No existe tal cosa como el correo electrónico privado cuando hablamos de Google. Si vienes usando Gmail felizmente desde hace muchos años, como yo, y como millones de usuarios, debes saber que Google tiene acceso a todo lo que escribes desde tu cuenta. Incluso, utiliza el contenido de tus emails privados para mostrarte publicidad personalizada. Utiliza hasta lo que escriben quienes te escriben emails a ti, sin importar que vengan desde otro servicio de correo.

No es sorpresa que Google conozca tan bien tus gustos, si hasta en tus conversaciones privadas se mete.

Tus documentos, nuestros servidores

Puede que sean tus documentos, pero están en la nube de Google y por supuesto, Google puede leerlos. Todos los servicios de Google comparten unos términos de servicios unificados, así que si Google se toma la libertad de leer tus correos y obtener datos de ellos para lo que sea que hacen con la información, ¿puedes acaso esperar que tus documentos en Drive no sean leídos?

cuanto sabe google de mi

YouTube te ve

El sitio más popular del mundo para ver y compartir vídeos, también forma parte de Google, y por supuesto todo lo que haces en YouTube, queda almacenado. Google lleva cuenta de todos los vídeos que ves, tus suscripciones, las búsquedas que haces, etc. Desde el Panel de Control de Google puedes revisar toda la información que Google almacena sobre ti. Es una lista bastante larga. Prácticamente no hay una pizca de actividad online en la que Google no meta sus manos.

Android es abierto, como un libro

Con Android, Google no solo revisa tu historial de navegación, los vídeos que ves, las búsquedas que haces, y los documentos que almacenas: también rastrea todos los sitios a los que vas gracias a el uso del GPS, ¿no es genial como Google Now sabe donde estás y a donde vas?, genial y creepy. Android también almacena información del dispositivo, incluyendo contraseñas, redes WiFi, y datos de aplicaciones de terceros. Toda esta información de respaldo se almacena en los servidores de Google. ¡Hasta existe un historial de audio!

Todo esto y no he mencionado dos cosas gigantescas: la red social Google+, ni el navegador Google Chrome. Así que para resumir: Google almacena todos los datos que pasen por ahí.

Google no es una máquina sin sentimientos, ni un dios en el cielo

que tanto sabe google sobte mi

Hay que estar claros que esta información no va a una base de datos como va un libro a una vieja biblioteca a llevar polvo y alojar telarañas. Esta información es usada, con fines comerciales, y hasta políticos. Si hay algo más valioso en este planeta que el dinero, es la información, y es por esto que Google es la empresa más rica del mundo. Google comercia con la información que obtiene de los usuarios, y es gracias a esta moneda que ha amasado la fortuna que tiene.
Todo lo que fue, todo lo que es, y todo lo que será, probablemente Google lo sepa.

Puede sonar a película de ciencia ficción, pero esta empresa realmente quiere dominar el mundo, y de alguna manera un otra ya lo ha logrado. Google no es solo la empresa de publicidad más grande del mundo, es el propietario de los archivos históricos y personales de medio mundo. Si esa no es una razón para verlos con algo de miedo, no se cual pueda serlo. Google no solo recopila la información, la almacena para la eternidad (o hasta el apocalipsis zombie). Todo lo que fue, todo lo que es, y todo lo que será, probablemente Google lo sabe.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXX V.VIII.MMXIV a les II:XXIII:LIII UTC IP registrada
Citar Citar 
Anem avançant:
 
http://www.naciodigital.cat/noticia/72883/google/fara/negoci/amb/fotos/dels/usua ris/xarxes/socials
 
Google farà negoci amb les fotos dels usuaris de xarxes socials

El gegant informàtic Google ha formalitzat la compra de l'empresa nordamericana Jetpac, per un preu que no s'ha donat a conèixer. L'atractiu de Jetpac és que ha desenvolupat un avançat sistema informàtic que recull les fotos penjades a les xarxes socials -com Instagram, Facebook i Twitter-, les identifica i en reconeix la seva ubicació geogràfica. I després utilitza aquestes imatges per crear guies digitals de viatges o d'oci arreu del món sobre hàbits, curiositats i possiblitats d'oci que ofereix cada ciutat.

Jetpac ha recaptat 2,4 milions de dòlars d'inversors de capital de risc, conscients del futur que té el seu sistema informàtic, un aliat de qualitat en l'avanç cap a l'anomenada web semàntica, un camp en què Google hi està molt interessat. Aquest concepte vol dir que internet és capaç d'interpretar les dades que hi circulen i oferir respostes de manera intel·ligent.

Jetpac ja va desenvolupar una curiosa utilitat que consistia a desenvolupar un mecanisme que identificava els somriures a la cara de les persones, la qual cosa va permetre fer una hipòtesi de com de feliç és la població de cada ciutat.
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXXI XVII.VIII.MMXIV a les IX:XXI:VI UTC IP registrada
Citar Citar 
http://www.naciodigital.cat/canaldigital/noticia/16284/has/vist/google/vigila/te us/passos
 
Ja has vist que Google vigila els teus passos?

Els usuaris que tenen Smartphone poques vegades llegeixen les lleis de privacitat que quasi sempre accepten sense saber què posa. Gràcies a aquests permisos Google fa el seguiment dels seus usuaris mitjançant els permisos d’ubicació dels telèfons intel·ligents.

Vostè es pot trobar en aquest mapa si entra aquí https://maps.google.com/locationhistory/b/0 amb el compte de google que utilitza al seu smatphone i podrà veure que ha registrat molts dels llocs on ha anat durant l’últim mes. Aquest seguiment no només es fa per GPS, sinó que també amb xarxes mòbils i wifi. La privacitat de Google queda en entredit una vegada més ja que aquesta informació queda recollida i emmagatzemada.

La manera més fàcil de solucionar-ho amb Android és entrant a Google Maps des del telèfon mòbil, entrar a Configuració, després Configuració d’Ubicació i desactivar l’Historial d’ubicacions del nostre telèfon.
576_1408528947map2-660x4401.jpg
576_1408528947map2-660x4401.jpg
WWW pc (csct
kskt ^X^XMMCCLX m.), Resposta #XXXII XX.VIII.MMXIV a les XI:XI:XXXIV UTC IP registrada
Facebook (visites: ^VMMCCLXVIII)

Pàgines: 1  « | » Contestar Contestar Afegir enquesta Afegir enquesta Enviar el tema Enviar el tema

XXIII.XI.MMXIV a les IX:XXIX:XXXIX UTC - Hola, visitant. Clica aquí per a entrar .