Technology

 by Brendon J. Wilson

Spying With GMail

If you haven’t noticed, there’s lately been an overabundance of news about Google, including a deluge of product announcements, GMail privacy histrionics, and IPO speculations. Though I’m reluctant to contribute to the insanity, there is one element of the GMail privacy flap that I haven’t yet seen discussed, and so I feel the need to discuss the topic.

The GMail privacy discussions have taken one of two predictable forms. In one camp, privacy advocates tug their tinfoil hats further down their heads, and mutter to themselves that GMail will inevitably be bad because allowing someone to read all your email is never a good thing. In the other camp, seemingly level-headed, though somewhat indifferent, pseudo-champions of GMail point out that no one is holding a gun to anyone’s head – if you don’t want Google or advertisers getting access to your email, they say, simply don’t use the service.

Into this arena, I would like to present a third possibility: GMail might be a threat to your privacy, even if you don’t use the service. To illustrate how this is possible, it’s necessary to understand a little about signaling.

If you want to know whether or not a major operation is underway at the local FBI office, there’s a simple way to find out: watch the office over a long period of time and record the number of pizzas deliveries. Those nights that differ significantly from the average represent nights on which an operation is underway. Though this example is known to be an urban legend, it does provide a simple example to use to explain signaling – as you can probably guess, signaling reveals information to an outside party through an indirect channel. In the case of the FBI example, someone monitoring the deliveries knows that something is up; however, they don’t know exactly what operation is taking place. Nevertheless, the signal that the FBI is working harder/later than usual may be enough to convince a criminal to change their plans, and hence foil the FBI’s operation.

So how does this relate to GMail?

Well, you have to consider how Google’s advertising system, AdWords, works. Anyone can get an AdWords account with Google, allowing them to create a campaign that will display a specific advertisement to users when they search for the keywords associated with the campaign. For example, I created an AdWords campaign for my book, associating a simple text ad with the keywords “java”, “p2p”, and “jxta” – whenever someone entered those words into Google, they saw my ad.

Google’s AdWords system provides an advertiser with reports on the ad campaign detailing the number of times an advertisement has been displayed and the number of times a user has clicked on the ad. Though the AdWords administrative interface doesn’t report who saw my advertisement, throwing GMail into the mix makes this irrelevant. In order for me to be able to spy on a GMail user, I only need to carefully craft an AdWords campaign with a very specific set of keywords, and monitor if anyone ever triggers the display of my advertisement. This technique allows any user, not just Google, to effectively monitor GMail-based email communications, and only requires one of the parties (preferably the recipient) to be a GMail user.

Is this attack practical for general-purpose spying? Probably not. It’s unclear at this point whether GMail uses email headers that would permit this attack to be specific to an email address. It’s also unclear whether Google will filter out proper names to limit the ability of an attacker to target a particular person. However, an attacker could conceivably use knowledge of their victim to tailor the AdWords campaigns’ keywords to be arbitrarily precise.

That said, this flaw isn’t as bad as it seems – I doubt we’ll see companies blocking access to GMail, or filtering email destined for GMail accounts. After all, companies a hemorrhaging intellectual property via unencrypted email every day. Though this attack may allow GMail to be used to spy on a user from afar, the limited scope of any attack puts its risk below most of the other virus or spyware-based threats.

in Technology 2 comments
 by Brendon J. Wilson

Anti-Social Software

I was recently invited by Lauren Zuravleff, Helen Chen, and Daniel Steinberg to blog on java.net. I have accepted this invitation, and will be writing about some of the less programming-centric issues in the world of software. In the interest of maintaining my own web site’s whuffie, I will be reproducing these articles here. The original version of this article appears here.

In light of the recent announcement that Sun Microsystems and Microsoft would stop their bickering and play nicely with each other, I thought it only appropriate to write my first entry on java.net about the need for software that knows how to be social and play well with others. Social networking systems, despite being the new Hot Technology to grab the attention of Valley venture capitalists, are lately being subjected to a healthy dose of criticism: for systems designed to help people interact, why can’t any of the systems interact? And why have the systems overlooked some of the most obvious functionality a user or a developer might want?

The design of the current breed of social networking software repeats the mistakes of another social technology: instant messaging. Whether you chose to use ICQ, AIM, Yahoo! Messenger, or MSN Messenger as your messenger of choice, one thing became abundantly clear the minute you clicked “I agree” to the End User License Agreement – you were part of their system now. Instant messaging companies put a wall around their users by design, and they liked it that way. For one thing, it gave them a chance to figure out how they were going to make any money – at least until astute companies like Jabber and Cerulean Studios figured out that instant messaging companies had overlooked the fact that people using different chat systems still wanted to chat with each other! Imagine that!

Social networking systems have followed a similar path, coding users into the very same corner, building high and thick walls between their communities and discouraging the very activities for which they claim they were designed. Social networking systems are pathologically anti-social on three fronts: their lack of functionality, lack of a web services API, and lack of federation.

Lack of Functionality

People have different kinds of relationships: some of their colleagues are friends, some of them are business acquaintances, and some of them are random people they only seem to run into when neither of them has a pen. One would think that the ability to categorize and segment classes of relationships would be a central requirement for a social networking system. Unfortunately, not one of the social networking systems I’ve used (Friendster, LinkedIn, Orkut, Zerendipity) is capable of distinguishing between types of relationship networks.

Only Orkut provides a faint acknowledgement of this user requirement, allowing a user to categorize their relationships from the neutral “haven’t met” category to the exuberant “best friend” category. It makes me wonder: am I the only one with enemies? I don’t know about you, but personally I’d like to track my enemies and their friends, if only in the interest of keeping all my organs in their designated anatomical configuration. The current systems seem to ignore the fact that people belong to many social groups, and have relationships with people which they’d prefer members of their other groups didn’t know about.

Putting this shortcoming aside, one has to consider what benefit a user gains from joining a social networking system. Alright, I’ve joined – now what? Oh, I can find other people – I, uh, guess that’s kind of cool. Can I import my friend’s contact information into my Outlook address book and keep it up to date (like Plaxo)? No? Can I send and receive messages to and from my social network from my regular email client? No? So what, exactly, is it that I’m supposed to do with this thing? The current state of social networking systems mimics the early days of the laser – a technology searching for an application. What better way to enable application of social networking systems than a new-fangled web services API?

Lack of a Web Services API

One of the smartest things Amazon ever did was create the Amazon Associates program – the service through which web sites can get compensated for directing surfers to Amazon products. All you have to do is add an associates ID to the end of an Amazon URL in your web page and poof you get a commission on each time one of your surfers goes to Amazon and buys something. Though technically not a web service, the program allowed developers outside of Amazon to leverage its technology, extending Amazon’s reach to people who weren’t even surfing Amazon.com.

Since then, both Amazon and Google have provided developers with access to their technology through web services APIs, spawning numerous unique applications and the odd book or two. But Amazon and Google didn’t do it for charity – new applications tie users and developers to their platforms, which in turn drive revenue through more books sales and advertising revenue. It’s apparently called a business model.

Meanwhile, social networking systems are sitting around with gobs of personal information, relationship information, and no way to let anyone else use it. Think of the applications these systems could enable! For example: Amazon makes personalized recommendations by comparing your previous purchases to those of other Amazon shoppers – but does this really make sense? Amazon makes a bold assumption that people who buy one item have the same tastes in other items – what if instead Amazon refined its personalization by knowing the identity of your friends and tying your recommendations to what you had in common with what they had bought recently? Exposing this kind of information through a web services API would allow other companies to refine their personalization, resulting better efficiency for licensees of the technology and a nice revenue stream for the social networking system. Two words: cha, and ching!

Lack of Federation

The worst part about social networking systems is the duplication of effort they require of the user. Do they honestly expect someone who is already a part of another system to upload all their information and invite all their friends to yet another social networking system – YASNS? I don’t know about you, but I consider it a bad sign when your target users have to invent an acronym for the sole purpose of describing how annoying they find your service.

When you think about it, it doesn’t really make sense to have a centralized system to track distributed relationships – hence the invention of the FOAF (friend-of-a-friend) schema. The only hope for social networking systems, now that developers (like TypePad) are starting to adopt FOAF, is to figure out how quickly to reposition themselves to leverage their existing database of personal information, index publicly available FOAF data from the web, and start providing value-added personalization services to other companies.

Conclusion

Although I’m normally not one to condone stereotypes, I found I couldn’t disagree when I overheard someone lament: Isn’t it a little ironic that social networking software is being created by a bunch of antisocial geeks? Yup. Social networking systems are currently like the geeky guy in “Singles“, the one with the high-tech watch full of pretty girls’ phone numbers that he’ll never actually call. If there’s one shortcoming we geeks suffer, it’s our obsession with creating new technology or re-creating existing technology in the name of “doing it better”, while remaining blissfully oblivious of the fact that no one can actually use it.

On the other hand, the people behind these systems aren’t dumb and neither are their venture capitalists. I doubt that anything I’m suggesting here hasn’t already crossed the minds of those involved in the development of social networking systems. Given the involvement of Google in Orkut, coupled with Google’s recent move into search personalization technology, it seems likely that these companies had these types of strategies in mind from the beginning. I can only guess that I don’t know the right people to be privy to such knowledge – now if only there were some kind of computer service to correct that.

in Technology 0 comments