On Sun, Oct 13, 2013 at 3:33 PM, Greg Schmitz <greg@amipa.org> wrote:
> On 10/13/2013 05:48 AM, Royce Williams wrote:
>>
>> Greg, for what it's worth, neither of those domains do much of
>> anything other than redirect to other sites, most of which aren't
>> doing SSL. Ditto for attalascom.com, as Arthur pointed out
>> off-thread.
>>
>> That being said, mymail.acsalaska.net doesn't have SSL, but should.
>> As it was explained to me, implementing the latter would be
>> non-trivial, but would have been worth the effort, IMO (though may be
>> moot now, as they're moving to Google-hosted mail services).
>>
>> Is there a case where having local-to-the-ISP caching servers would
>> provide Google (and by extension, the Three Letter Agencies)
>> information about your connection or traffic that it couldn't get by
>> demanding info from Google (which they can do) or demanding info from
>> ACS (which they can do)?
>>
>> Or, since the only thing that Google caches do is cache Google
>> content, perhaps you're suggesting that there's correlation info
>> available when using Google caches instead of Google's products
>> directly? If so, I'm not sure how that would work; could you provide
>> a little more detail?
>
> Royce, my concern is, simply, how aware will Google be of goings on at ACS
> because of the Google services and appliances ACS is adding to the ACS
> network. I can stop using ACS mail services and I try to limit my use of
> Google services. That said I am concerned because ACS, at my home anyway,
> is the only way for me to access The Internet. No doubt ACS had to sign an
> NDA for both gmail and GGC (Google values its privacy). I am aware of the
> issues regarding "Three letter agencies" but my concern is Google.
>
> Regarding Google's use of NDAs see for example:
> http://blogs.berkeley.edu/2013/03/06/the-good-not-so-good-and-long-view-on-google-mail/
Greg, I hear you, and have similar concerns throughout the Internet,
TLAs, GOOG, and others, so I think that a healthy amount of skepticism
(some might say, "paranoia") is generally well-advised.
That being said (and I have no knowledge of the workings of Google's
caching infrastructure, so I'm speaking totally out of turn here) ...
the Google caches sit on public IP space, with (I believe) no special
access to their colocated networks than any other hosts on the
Internet, other than being very, very local. Since the only
information that would be passed to those caches is the information
sent by the browser and/or Google software while interacting with
Google's servers, I really don't see an abuse vector that isn't
already present by using Google services without the caches present.
In other words: they're CDN servers, not generic web proxies.
Internet traffic does not pass through them en masse. Rather, they're
more like Akamai caches, serving data locally when requested (via DNS
anycast). If you ask DNS for "www.google.com" or "www.youtube.com",
then DNS anycast will answer using the IPs of the caches closest to
you. And if you ask DNS for Yahoo, Tor, NSA.gov or
mylittleponyfanfic.info, nothing you're doing hits Google's cache
boxes because they have no skin in the game because their DNS is not
controlled by Yahoo.
https://peering.google.com/about/ggc.html
As to the mail-hosting thing, that's less clear-cut, in my view. I
have no knowledge of how it might work, but It's reasonable to assume
that by migrating email accounts wholesale to the Google cloud,
usernames and passwords could be stored there. It's always a good
idea to use different passwords for different services/companies.
Since such a migration would involve starting with credentials
controlled by a single company, and a subset of them moving to another
company ... well, they should be different passwords. In other words,
if your email and DSL passwords are the same, it might be a good idea
to change 'em both, and keep them different.
That Berkeley piece is really good. I'd be especially interested in
encouraging anyone hosting with Google to pursue a "no data mining
clause" as described there.
Again, I'm not an ACS employee, my opinions are my own, and I know
nothing about these deployments other than that they happened and/or
are planned.
Royce
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Sun Oct 13 17:09:05 2013
This archive was generated by hypermail 2.1.8 : Sun Oct 13 2013 - 17:09:05 AKDT