Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Chrome Google Privacy Security

Google Workers Sidestepping Controversial Chrome Tool Sparks Security Worries (cnet.com) 55

Google is facing a backlash over an internal tool for the company's Chrome browser that some employees worry is intended for spying on workers organizing protests and discussing workplace issues. From a report: To get around using the tool, some employees have turned to third-party browsers. That's prompted at least one security engineer at Google to voice concern over the possible vulnerabilities that using outside software could bring. The tool is a software extension for Google's Chrome browser, which is installed on all employee computers. It's designed to activate when workers create calendar events that include more than 100 people or use more than 10 rooms. Google said the tool is a pop-up reminder that asks people to "be mindful" before setting up large meetings. But some employees have accused Google management of trying to keep tabs on big gatherings. Google has called those claims "categorically false" and said the purpose of the tool is to cut down on calendar spam. To avoid the extension, employees are encouraging each other to use browsers other than Chrome, a Google security engineer wrote in an internal forum, screenshots of which were reviewed by CNET. Those browsers include Chromium, the open-source browser foundation on which Google Chrome is built, the engineer wrote, adding that people shifting to other browsers "has an impact on overall security of this fleet."
This discussion has been archived. No new comments can be posted.

Google Workers Sidestepping Controversial Chrome Tool Sparks Security Worries

Comments Filter:
  • Chromium (Score:4, Insightful)

    by Mononymous ( 6156676 ) on Wednesday October 30, 2019 @12:35PM (#59362416)

    Of course using open source Chromium instead of proprietary spyware Chrome has an impact on security. It's more secure.

    • Do you have the complete source code for both Browsers? The people in TFA do.

  • Lol. (Score:5, Insightful)

    by RightSaidFred99 ( 874576 ) on Wednesday October 30, 2019 @12:37PM (#59362436)

    Works at google, too stupid to realize they don't need a plugin to monitor such things.

    This is just typical modern bullshit, these people want to feel like they're in exciting times and are being oppressed by The Man.

    • Re:Lol. (Score:4, Insightful)

      by alvinrod ( 889928 ) on Wednesday October 30, 2019 @12:49PM (#59362500)
      I wouldn't be surprised if the some the people realized that the same programs they built to vacuum up data on all of Google's users could just as easily be turned around and pointed at them.

      I suspect that technology people in general are a bit more of the tinfoil hat types in and of themselves as well.
    • Yeah. Was going to say the same thing: Wouldn't it be easier to just implement that funcitonality server-side? It being a plugin doesn't make much sense to me if spying was what it was intended for.
      They could even just log eveything silently and then pass the identities of the people organazing and attending to the higher-ups.
      • Maybe the higher-ups didn't want to alert members of the Google Calendar team (who knows how many people has access to that source code) about that backdoor. Also, if they used GCal as a spying software -- even if the target were their own employees -- and got caught, the backlash on clients and potential clients would be ENORMOUS.

    • these people want to feel like they're in exciting times and are being oppressed by The Man.

      I'm important and you should be very afraid of what I might do. Hey -- HEY! I'M TALKING TO YOU! LOOK OVER HERE, DAMNIT!!!

  • by bluefoxlucid ( 723572 ) on Wednesday October 30, 2019 @12:40PM (#59362450) Homepage Journal

    It looks like you're organizing your coworkers. Would you like help?

  • Probably just using Internet Explorer. Nobody would suspect that.
  • "Security" concerns? (Score:5, Interesting)

    by mysidia ( 191772 ) on Wednesday October 30, 2019 @12:52PM (#59362512)

    That's prompted at least one security engineer at Google to voice concern over the possible vulnerabilities that using outside software could bring.

    ONLY Google would think such nonsense; Less-biased third party security firms, including German Federal Office for Information Security have already picked out Firefox as the most secure browser [forbes.com]; everyone else in the world uses browsers written by someone else -- Also, using different browsers is a good thing for testing applications and that sites, etc for interoperability.

    • If third party browsers were really an issue they'd A) be using Edge and B) disallow installs.
    • by doom ( 14564 )

      Yes... I was just thinking that if Google's internal security worries about "third party" software, then shouldn't everyone outside of Google be worried about using Google's software?

      Let's all just roll our own, eh?

    • Less biased? Are you saying that it's not a security risk for a company to use 3rd party software over its own in house developed software?

      When did Slashdot users stop actually using their brains? Is everyone so quick to go "Google Chrome bad mmmkaaay" that they forgot the whole subject of the post was in house developed and understood code vs 3rd party non-vetted tools?

      If we were talking about programs people don't have a biased opinion about absolutely no one here would be rooting for installing 3rd party

      • by mysidia ( 191772 )

        we were talking about programs people don't have a biased opinion about absolutely no one ....

        No; the bias is unfounded trust caused by favoritism for software developed in-house, solely because it was developed internally.
        The fact is that all software potentially contains bugs. Software that has been developed in house and only reviewed by internal teams is some of the highest risk software, Because it is a limited audience that has even seen it; Its for the same reason that developers should

  • Who would use company email and calendars to organize something that many companies are known for discreeetly firing employees for doing?

  • by GregMmm ( 5115215 ) on Wednesday October 30, 2019 @12:55PM (#59362534)

    So, employees at Google are fearing their own security of spying on them. Why would they think this. I found with like experience, it takes one to know one. Google has been spying on everyone else so long it's just like breathing. They assume a tool is there to spy, because they have been spying themselves and recognize how it could be used.

    If this is the environment Google has they might be in for some serious rough roads ahead. Once your employees don't believe in you leadership/management they will start to rip themselves apart. It can happen slowly, or very fast.

    Should be fun to watch.

    • by dissy ( 172727 )

      Why would they think this. I found with like experience, it takes one to know one.

      So how many browser extensions do you have installed that report to do things handled far better on the server-side than in a browser?

      It doesn't take a spy to recognize a spy, it just takes a little bit of common sense.

      Calendar invites are processed on the back end. Making them, adding people to them, relaying invitation emails. Why would you send a message in any other possible way than from the server?

      What about calendar apps that are not Chrome? Either it is fine to spam with them, or a browser extens

  • by bjwest ( 14070 ) on Wednesday October 30, 2019 @01:03PM (#59362564)

    How about you be smart enough not to use company equipment to organize your protests, meetings and plans during company time? Use your phone then you can sue the hell out of Google for spying if they track your plans that way.

    I have no problem with people organizing and protesting company policies, but I also believe companies have a right to monitor what employees are doing on company equipment and limit what they can do in the name of security. Also, orignazing and holding personal meetings on company time on company property probably isn't the best thing either.

    • Yep. Catalonia and Hong Kong are doing all of the debugging for the Googlers.

      I've never been a fan megaphone injustice warriors (any idiot can point out a problem), but seeing "The New Google" eat itself from the inside out does offer a modicum of interest.

      This coincides perfectly with Schmidts request not to cut-off H-1B visas to continue growing the talent pool, but it looks like they're trying to defuse an era of highly educated and compensated groups gutting corporations with their Les Miserables c
    • by DRJlaw ( 946416 )

      I have no problem with people organizing and protesting company policies, but I also believe companies have a right to monitor what employees are doing on company equipment and limit what they can do in the name of security. Also, orignazing and holding personal meetings on company time on company property probably isn't the best thing either.

      What is "company time" when one is a FTE paid a salary as opposed to an hourly employee with mandatory scheduled breaks? All time up to 40 hours per week? 60? 80?

    • pro-tip, if you work at google you more than likely are either already using an android phone and google calendar, or an iPhone with google calendar.

      besides, once you sign that oath of fealty, you're in for life.
      blood in, blood out.

      • by bjwest ( 14070 )

        pro-tip, if you work at google you more than likely are either already using an android phone and google calendar, or an iPhone with google calendar.

        And your point is? Google can't just willy-nilly look at peoples personal calendar whenever they please, and if you're worried about that, use a third party calendar or web site to schedule your meatings.

        • Yes they can, they're Google.

          That's what they do. That's what we've invited them into our lives to do: watch us.

          At first it was just search results and advertising; that wasn't enough -- it was determined they needed to make little tracking devices for us to carry on our persons at all times; and while they can occasionally be used for talking or otherwise communicating -- their primary purpose is for tracking. Watching, listening, and collecting.

          And still, that wasn't enough: personal digital assistants

  • Google proved with James Damore that they can and will fire good employees for crimethink. These people are right to be afraid. They know better than anyone the surveillance that they're under. After all, they're the ones building it for use on us.
  • Is the source visible? Is it availaboe to Google workers? Can they "compile" it, if such a thing applies, and get the identical binary file?

  • by DigitalisAkujin ( 846133 ) on Wednesday October 30, 2019 @01:13PM (#59362630) Homepage

    At the beginning it was designed to allow lots of customization and had themes and lots of different options to make it customizable for lots of different types of users. Then the Google managers came in and decided for everyone that they knew better than the user.

    Ever since they started to tie a google account to the browser I was done with them. It's unfortunate that they decided that grandma was more important than power users.

  • by fahrbot-bot ( 874524 ) on Wednesday October 30, 2019 @01:21PM (#59362658)
    Microsoft workers complain that their work PC, running Windows 10, are routinely reporting information to the company.
  • by smooth wombat ( 796938 ) on Wednesday October 30, 2019 @02:15PM (#59362942) Journal

    These people work for a spyware company whose job it is to hoover up data from people and sell it. How could they be upset they're being watched when their job is to enable the company to watch what people do?

    It's as if they haven't thought things through.

  • The company that furthers the use of unsanctioned "shadow IT" in other companies is now worried about security lapses possible with non-sanctioned IT deployed in its own walls? Shocking!

  • by Python ( 1141 ) on Wednesday October 30, 2019 @03:14PM (#59363156)

    It seems kind of naive to assume you can use any companies systems and rooms without them knowing what youre doing, or at least wanting to know. And if youre doing this to schedule meetings to plan protests of the company itself? Seems pretty obvious any company would want to know about that. Whether or not you should be able to do this, its just wishful thinking to think any company isnt going to notice when more than 100 employees decide to hold a meeting that doesnt involve management, or otherwise isnt clearly work related. And if its to protest the company? Come on. Theyll know.

    So, for Google employees: of course theyre "spying" on you, you work for them. They literally want to know what youre doing all day. If you dont want Google to know what youre doing, do it outside of work. Use some common sense.

    • Obviously because they don't have any other way to contact their coworkers en masse. It would be a violation of both company policy and their coworkers privacy to take that information home if they had access to it.

news: gotcha

Working...