[18300] in cryptography@c2.net mail archive
Re: Another entry in the internet security hall of shame....
daemon@ATHENA.MIT.EDU (Steven M. Bellovin)
Fri Aug 26 17:09:57 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: "Steven M. Bellovin" <smb@cs.columbia.edu>
To: Chris Kuethe <chris.kuethe@gmail.com>
Cc: cryptography@metzdowd.com
In-Reply-To: Your message of "Fri, 26 Aug 2005 13:38:18 MDT."
<91981b3e05082612381f919c1d@mail.gmail.com>
Date: Fri, 26 Aug 2005 15:59:15 -0400
In message <91981b3e05082612381f919c1d@mail.gmail.com>, Chris Kuethe writes:
>On 8/26/05, Steven M. Bellovin <smb@cs.columbia.edu> wrote:
>> ...
>> If you don't trust your (or your correspondents') IM servers, it may be
>> a different situation. I haven't read Google's privacy policies for
>> IM; if it's anything like gmail, they're using automated tools that
>> look at your messages and add to your behavioral profile. As Peter
>> said, though, you can always run your own server or find one that you
>> do trust.
>
>Got a nice little surprise yesterday when I [ge]mailed someone, and
>moments later gaim beeps at me. Checking gaim, I see that suddenly
>these users had been added to my gaim/gtalk buddies list without my
>intervention. Grrrrrr....
Yup -- documented in the Googletalk pages.
>
>Anyway, I wouldn't be the least bit surprised if somewhere down the
>road a folder called "archived gtalk" shows up in gmail where you can
>search through all your old conversations.
>
That wouldn't be a surprise at all -- a number of IM programs,
including at least Gabber and Psi, keep local logs. Given Google's
core competency of retaining searchable data, one would expect them to
do that.
But this underscores one of my points: communications security is fine,
but the real problem is *information* security, which includes the
endpoint. (Insert here Gene Spafford's comment about the Internet,
park benches, cardboard shacks, and armored cars.)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
