Google Workers Sidestepping Controversial Chrome Tool Sparks Security Worries (cnet.com) 55
Google is facing a backlash over an internal tool for the company's Chrome browser that some employees worry is intended for spying on workers organizing protests and discussing workplace issues. From a report: To get around using the tool, some employees have turned to third-party browsers. That's prompted at least one security engineer at Google to voice concern over the possible vulnerabilities that using outside software could bring. The tool is a software extension for Google's Chrome browser, which is installed on all employee computers. It's designed to activate when workers create calendar events that include more than 100 people or use more than 10 rooms. Google said the tool is a pop-up reminder that asks people to "be mindful" before setting up large meetings. But some employees have accused Google management of trying to keep tabs on big gatherings. Google has called those claims "categorically false" and said the purpose of the tool is to cut down on calendar spam. To avoid the extension, employees are encouraging each other to use browsers other than Chrome, a Google security engineer wrote in an internal forum, screenshots of which were reviewed by CNET. Those browsers include Chromium, the open-source browser foundation on which Google Chrome is built, the engineer wrote, adding that people shifting to other browsers "has an impact on overall security of this fleet."
Chromium (Score:4, Insightful)
Of course using open source Chromium instead of proprietary spyware Chrome has an impact on security. It's more secure.
Re:Chromium (Score:5, Interesting)
That's just a busted myth that's still taken serious by folks who have something illogical against open source software. OSS is used widely enough - and linux and BSD, two OS's that pretty much rule the server world, are definitely lucrative enough target to entice black hats to try and find such vulnerabilities. This myth only lives because some ignorant people still think that OSS is barely used at all in corporate world.
Of course there will always be some vulnerabilities - the complexity of a whole OS or even just a browser and a set of libraries is such that it's practically unavoidable. The heart bleed attack was actually quite good example of how fast vulnerabilities get fixed in widely used OSS products when found in the wild. Certain companies have far worse record on that specifically, as well as in vulnerabilities in general - and apparently some people just cant help but take this personally, even though it makes no frigging sense whatsoever.
Security through obscurity is not security - that's not why Linux is the most used server OS on internet with over 95% share.
Re: (Score:2)
Do you have the complete source code for both Browsers? The people in TFA do.
Re: (Score:2)
tide goes in, tide goes out (Score:1)
no one can explain that!
Re:Hate on unions, or hate on Google? (Score:4, Insightful)
What's a right wing slashdotter to do? Who should we root for in this story?
You have to think for yourself for a change and form an opinion on your own without party lines to guide you?
As a libertarian, I don't really differentiate between a powerful corporation that could for all intents and purposes be the government of a medium sized country, a powerful trade union, or a powerful government. I feel that a lot of the issues we have stem from organizations (whether they be government or private) becoming big and powerful to the point that they abuse said power with impunity. In the case of a union vs google, I'd root for both of them existing in a permanent state of conflict and keeping each other in check; with the occasional 3rd party coming out of nowhere to prod the status quo and keep it from entering a state of stable complacency.
Re: (Score:2)
The word libertarian nowdays seems to stand for right-libertarian, which I'm assuming you are - but that's beside the point... I'm just glad to see sensible post from a right-libertarian on slashdot for a change :) Sometimes it feels like only the stupid ones are represented here, and I do know they don't speak for the whole ideology. Thanks, from the left.
Re: (Score:2, Funny)
What's a slashdotter to do? Grab some popcorn and enjoy the show as the woke left eats itself, of course.
You can't even say conservative stuff anymore ... (Score:1, Troll)
... but also the conservatives are winning the culture war. Conservatives are the victims and the victors!
Not eating themselves... trump's more like... spontaneous human combustion.
Re: (Score:1)
From Umberto Eco's 14 common features of fascism, number 8:
"8.) The followers must feel humiliated by the ostentatious wealth and force of their enemies.
When I was a boy I was taught to think of Englishmen as the five-meal people. They ate more frequently than the poor but sober Italians. Jews are rich and help each other through a secret web of mutual assistance. However, the followers of Ur-Fascism must also be convinced that they can overwhelm the enemies. Thus, by a continuous shifting of rhetorical foc
Re: Hate on unions, or hate on Google? (Score:2)
Re: (Score:2)
Since some of those noisy employees are rather high level (including at least two top SVPs), and I suspect Larry Page is as well, I think it's fair to say Google is Woke Left.
How about common sense? (Score:2)
If Google executives want to know which meetings are booked in their company calendar system, using which company rooms, they can open their own calendar which will receive that information from the server. You can try it yourself - open Outlook or whatever your company uses for scheduling meetings. Pretend you're going to schedule a meeting in the big conference room. It'll show you who else has that room booked.
If you wanted to "spy", to know which meetings are booked, there would be no need to change
Re: (Score:2)
Yup - and personally I feel fairly certain that the company actually is spying on their employees, and I'm 100% certain that they won't advertise it with a popup. If you don't think that they are spying their empoyees, just replace "won't" with "wouldn't".
Re: (Score:1)
Lol. (Score:5, Insightful)
Works at google, too stupid to realize they don't need a plugin to monitor such things.
This is just typical modern bullshit, these people want to feel like they're in exciting times and are being oppressed by The Man.
Re:Lol. (Score:4, Insightful)
I suspect that technology people in general are a bit more of the tinfoil hat types in and of themselves as well.
Re: (Score:2)
They could even just log eveything silently and then pass the identities of the people organazing and attending to the higher-ups.
Re: (Score:2)
Maybe the higher-ups didn't want to alert members of the Google Calendar team (who knows how many people has access to that source code) about that backdoor. Also, if they used GCal as a spying software -- even if the target were their own employees -- and got caught, the backlash on clients and potential clients would be ENORMOUS.
Re: (Score:3)
these people want to feel like they're in exciting times and are being oppressed by The Man.
I'm important and you should be very afraid of what I might do. Hey -- HEY! I'M TALKING TO YOU! LOOK OVER HERE, DAMNIT!!!
Google has detected a Union (Score:4, Funny)
It looks like you're organizing your coworkers. Would you like help?
Third party browser? (Score:2)
"Security" concerns? (Score:5, Interesting)
That's prompted at least one security engineer at Google to voice concern over the possible vulnerabilities that using outside software could bring.
ONLY Google would think such nonsense; Less-biased third party security firms, including German Federal Office for Information Security have already picked out Firefox as the most secure browser [forbes.com]; everyone else in the world uses browsers written by someone else -- Also, using different browsers is a good thing for testing applications and that sites, etc for interoperability.
Re: "Security" concerns? (Score:1)
Re: (Score:3)
Yes... I was just thinking that if Google's internal security worries about "third party" software, then shouldn't everyone outside of Google be worried about using Google's software?
Let's all just roll our own, eh?
Re: (Score:2)
Less biased? Are you saying that it's not a security risk for a company to use 3rd party software over its own in house developed software?
When did Slashdot users stop actually using their brains? Is everyone so quick to go "Google Chrome bad mmmkaaay" that they forgot the whole subject of the post was in house developed and understood code vs 3rd party non-vetted tools?
If we were talking about programs people don't have a biased opinion about absolutely no one here would be rooting for installing 3rd party
Re: (Score:2)
we were talking about programs people don't have a biased opinion about absolutely no one ....
No; the bias is unfounded trust caused by favoritism for software developed in-house, solely because it was developed internally.
The fact is that all software potentially contains bugs. Software that has been developed in house and only reviewed by internal teams is some of the highest risk software, Because it is a limited audience that has even seen it; Its for the same reason that developers should
Common sense (Score:2)
Who would use company email and calendars to organize something that many companies are known for discreeetly firing employees for doing?
Takes a spy to know one. (Score:4, Interesting)
So, employees at Google are fearing their own security of spying on them. Why would they think this. I found with like experience, it takes one to know one. Google has been spying on everyone else so long it's just like breathing. They assume a tool is there to spy, because they have been spying themselves and recognize how it could be used.
If this is the environment Google has they might be in for some serious rough roads ahead. Once your employees don't believe in you leadership/management they will start to rip themselves apart. It can happen slowly, or very fast.
Should be fun to watch.
Re: (Score:2)
Why would they think this. I found with like experience, it takes one to know one.
So how many browser extensions do you have installed that report to do things handled far better on the server-side than in a browser?
It doesn't take a spy to recognize a spy, it just takes a little bit of common sense.
Calendar invites are processed on the back end. Making them, adding people to them, relaying invitation emails. Why would you send a message in any other possible way than from the server?
What about calendar apps that are not Chrome? Either it is fine to spam with them, or a browser extens
Don't be dumb. (Score:3)
How about you be smart enough not to use company equipment to organize your protests, meetings and plans during company time? Use your phone then you can sue the hell out of Google for spying if they track your plans that way.
I have no problem with people organizing and protesting company policies, but I also believe companies have a right to monitor what employees are doing on company equipment and limit what they can do in the name of security. Also, orignazing and holding personal meetings on company time on company property probably isn't the best thing either.
Re: Don't be dumb. (Score:1)
I've never been a fan megaphone injustice warriors (any idiot can point out a problem), but seeing "The New Google" eat itself from the inside out does offer a modicum of interest.
This coincides perfectly with Schmidts request not to cut-off H-1B visas to continue growing the talent pool, but it looks like they're trying to defuse an era of highly educated and compensated groups gutting corporations with their Les Miserables c
Re: (Score:2)
What is "company time" when one is a FTE paid a salary as opposed to an hourly employee with mandatory scheduled breaks? All time up to 40 hours per week? 60? 80?
Re: (Score:2)
pro-tip, if you work at google you more than likely are either already using an android phone and google calendar, or an iPhone with google calendar.
besides, once you sign that oath of fealty, you're in for life.
blood in, blood out.
Re: (Score:2)
pro-tip, if you work at google you more than likely are either already using an android phone and google calendar, or an iPhone with google calendar.
And your point is? Google can't just willy-nilly look at peoples personal calendar whenever they please, and if you're worried about that, use a third party calendar or web site to schedule your meatings.
Re: (Score:2)
Yes they can, they're Google.
That's what they do. That's what we've invited them into our lives to do: watch us.
At first it was just search results and advertising; that wasn't enough -- it was determined they needed to make little tracking devices for us to carry on our persons at all times; and while they can occasionally be used for talking or otherwise communicating -- their primary purpose is for tracking. Watching, listening, and collecting.
And still, that wasn't enough: personal digital assistants
Well, they're not wrong (Score:1)
Gosh (Score:2)
Is the source visible? Is it availaboe to Google workers? Can they "compile" it, if such a thing applies, and get the identical binary file?
This is why I dropped Google Chrome (Score:3)
At the beginning it was designed to allow lots of customization and had themes and lots of different options to make it customizable for lots of different types of users. Then the Google managers came in and decided for everyone that they knew better than the user.
Ever since they started to tie a google account to the browser I was done with them. It's unfortunate that they decided that grandma was more important than power users.
In related news ... (Score:3)
Re: (Score:2)
Re: (Score:2)
What did they expect? (Score:5, Insightful)
These people work for a spyware company whose job it is to hoover up data from people and sell it. How could they be upset they're being watched when their job is to enable the company to watch what people do?
It's as if they haven't thought things through.
It's Shadow IT all the way down (Score:1)
The company that furthers the use of unsanctioned "shadow IT" in other companies is now worried about security lapses possible with non-sanctioned IT deployed in its own walls? Shocking!
Why would you use company resources to do this? (Score:4, Insightful)
It seems kind of naive to assume you can use any companies systems and rooms without them knowing what youre doing, or at least wanting to know. And if youre doing this to schedule meetings to plan protests of the company itself? Seems pretty obvious any company would want to know about that. Whether or not you should be able to do this, its just wishful thinking to think any company isnt going to notice when more than 100 employees decide to hold a meeting that doesnt involve management, or otherwise isnt clearly work related. And if its to protest the company? Come on. Theyll know.
So, for Google employees: of course theyre "spying" on you, you work for them. They literally want to know what youre doing all day. If you dont want Google to know what youre doing, do it outside of work. Use some common sense.
Re: (Score:2)
Obviously because they don't have any other way to contact their coworkers en masse. It would be a violation of both company policy and their coworkers privacy to take that information home if they had access to it.