Trust Google to intercept and route your net traffic?
What could possibly go wrong?
Google will shortly release its first WiFi router and has made automatic updating a frontline feature. The new "OnHub" is designed to offer a rather more pleasant experience for home users, starting with a cute coffee cup form factor and extending to an app-driven user interface. Google's even banished blinking lights [Heresy …
"Beg pardon? How does let them know my browsing history? Are you one of those people who use the Google search page instead of the address bar to input URLs...?"
Its not just browsing history... But lets also consider why they want your wifi unit....
Like BT and other providers, they can use the spare capacity to act as a hot spot.
Also they can use it as a known GPS location to help better pin point you in terms of A-GPS.
If you worry about the Chinese hardware being bugged. Think again.. do you really trust Google?
Here's a qute from someone on Hackers' News which spells it out...
"Oh, come on. Just connect your Google router to your Google fiber connection and connect to it with your smartphone or laptop running a Google operating system and Google browser. Visit your Google home page (using Google's DNS servers, of course) to read your Google Mail, or perhaps catch up on the news with Google News, or use Google+ to see what your friends are up to, or get a little work done on Google Docs. Should you do some Google searches and end up on some non-Google sites, don't worry - you're still safe under the watchful eye of Google AdSense and Google Analytics. What have you got to be so paranoid about?"
The new "OnHub" is designed to offer a rather more pleasant experience for home users, starting with a cute coffee cup form factor and extending to an app-driven user interface. Google's even banished blinking lights [Heresy! - Ed.] and instead equipped the device with a glowing ring that changes hue to report its status.
Yes, it's always a good idea to make a dangerous tool helpful and apparently innocuous.
Google inside? Not in a billion years. If you need any help understanding that I suggest you look at the current Android mess, and how well they are onboard with ideas that protect your privacy.
This Google OnHub thing seems to be modeled on the Google Nexus. They may not care about your privacy, but they do take care of security. Unless a FISA judge tells them to hand your data to US agencies in secret. But hey, that’s way better than AT&T, which astonishes even the intelligence community with how eager they are to sell out their customers.
In my opinion, the biggest competition this device faces is not another high-end router, but no router. The ISPs are pushing really hard to upgrade people to combination modem and WiFi routers. Preferably rented. And this would have been good for consumers, because the ISP is in charge of maintaining and upgrading those things for the lifetime of the service. Except that they forgot to include customer service and good software updates.
It’s also tricky to get IPv6 through the combination modem and WiFi routers. IPv4 with NAT works because, eh, another layer of NAT, nobody will notice, incoming connections are for pirates anyway. IPv6 requires proper prefix delegation, which is handled differently depending on the ISP, and the customer probably has to log into the combination modem WiFi router thingy to place it into bridge mode. If it even has a proper bridge mode. I’m curious to see how Google intends to handle this issue.
" look at the current Android mess"
That's correct. It's impossible to turn on location services, to locate yourself, while not also agreeing to send the location to Google for helpful ad-making and generally intruding into your life.
And, god, how much configuration I had to do just to stop Google from sneakily eating my data allowance when I'm out and about. The same goes for eating my battery juice.
It's stylish and cool and all that, and I'm sure it'll sell well to those who like/can afford that sort of thing, but no, no thanks.
What with having to ensure Microsoft don't get the Back door with Windows 10, why would I now give Google control of the Front door?
I was musing recently about whether or not Microsoft had plans for such a thing - it would seem to fit with Windows 10's ideas about sharing WiFi access and acting as a distribution hub for Windows Update. If they weren't planning it, then Google have shown them the way.
... evil Google is going to slurp every bit it can. Seems this, from Wired, might make some pause before jumping on with the cleats. Then again, probably not.
The company that already knows your location, your email, your search history, now sniffing around everything you connect to the internet? Yikes. Not to mention, there’s the fact that it would be all too easy for Google to make the OnHub better for Google services than others, in the hopes that maybe you find yourself going to YouTube and not Netflix.
Wuellner promises, proudly, that none of this is happening. “We’re actually really proud of the work we’ve done around making sure OnHub is a trustworthy and secure member of your family,” he says. “We’ve drawn a very strong, hard and fast line around inspecting any information or websites about the content you’re looking at in your home.” There are settings in the app, too, that users can toggle on and off to determine what data is being shared. [Pushing the limits of Fair Use here.
Two points on that quote:
1. A router is a device which should have one, and only one, function. It is expendable. It is NOT a member of the family.
2. We’ve drawn a very strong, hard and fast line around inspecting any information or websites about the content you’re looking at in your home - that means absolutely nothing. Is the line a barrier to inspection, or does it define who can inspect and why?
@All_Of_The_Above re:switch-before-router - so the incoming WAN cable will now automagically do NAT and/or DHCP et. al. for everything else I plug into that switch, or does everyone get multiple routable IPs from their ISP except me...?
@ Blane Bramble: ah well, serves me right reacting blindly like that to the comment noting there's only one RJ45...
Yeah, well.. Some of us have large networks at home. Not just a wireless.
I have maxed out my ADSL modem/router with it's pitiful 4 ethernet ports, one of which goes to a separate switch to provide more ethernet ports. One such ethernet cable goes to a second wifi access point. I used to have a third wifi access point before it broke.
You really don't want to clog up the wireless spectrum too much with all that streaming going on. Hence all the wired stuff.
Why compromise the router when they already know all about you centrally. Too likely to break and be revealed and is vulnerable to a great deal of effort to tear down and discredit it already.
I would be more concerned about the firmware update being pwned by a third party actor, via poor SSL certificate maintenance, or routing DNS or IP traffic to a compromised host.
Google don't need to slurp all your data with this, they just want to intercept all those 404 responses and replace them with suggestions from Google's advertisers; similar functionality is already implemented in some routers from ISPs.
So if you can't find what you want, Google will suggest something based on your original query; the revenue from this will pay for the updates to the router software.
If you're ok with this, then it's no worse than other products already foisted on people by ISPs like BT.
No, there isn't a conspiracy - it's all out in the open and everyone seems to be playing the same game.
Why compromise the router when they already know all about you centrally
They know something about me centrally, I'm sure, but it isn't that meaningful or useful compared to what they could know if I fully embraced Google.
With this thing Google would have the same level of access to my internet traffic as my ISP has (even more, actually, since it gets in before the ISP sees what's going out). While I accept that my ISP can see all my traffic, it's primary function is to shift that traffic where it's supposed to go and not to monetize it. Google's primary aim is to make money out of aggregating and selling information : do you really think they're going to resist the urge to do something with it?
I don't, so no, not never.
You know, I would actually trust Google more than my ISP. Your ISP would sell your data in an instant to make a quick buck whereas Google don't sell your data.
Your ISP would probably think nothing about using Phorm style technology to intercept your stream and put it's own adverts in there.
Google, at least, have a reasonable grasp of security and provide updates. The router I got from my ISP never had any firmware updates despite known security holes.
Depends on your ISP, I suppose.
I'm sure all ISPs would sell my data in an instant if they thought they could get away with it, but as far as I can tell they aren't currently. Phorm caused a lot of fuss and I think my ISP would think carefully about breaching the fundamental basis of its arrangements with its customers (who, bear in mind, also include businesses and government organisations).
It would be naive of me to assume that my ISP won't ever play this game, but my point is that I absolutely know that Google is playing it now.
Security - never used an ISP router so I'm a bit better off than some. Google may understand and implement security better than ISPs, but that really just means ensuring only they can get at the data.
So I do what I can to say 'fuck you' to the data gatherers, and that includes putting things as much in my control as possible. Convenience isn't an issue.
"Google don't sell your data"
You obviously have no idea what that means.
Otherwise show me where I can purchase the data for "Pascal Monett" from Google. There's plenty of sites online that will allow me to buy a person's data (192.com, marketing lists, in the UK electoral role data) but I have never seen that data available for sale by Google, even though we have a very sizeable ad spend with them.
The key here is the word "centrally".
Also, it's not "compromising" the router, just augmenting it.
The goal, for Google, is to remove any destinction between "central" and perifery. From now on we are all in Google's domain, whether we want to or not. (That's the idea anyway.)
So you don't use Chrome? Not a problem any more.
So you only run Linux? Not a problem.
And so on.
Biting the hand that feeds IT © 1998–2019