Google on Chrome: we don't need your permission

For skeptics of Google's need for more transparency and accountability, consider the latest disturbing example of Google Chrome not asking tens of millions of Internet users for their permission to gain wide open access to their computers and content -- when it clearly should ask for permission -- like every other Internet browser provider does.    

Per ComputerWorld's article: "Google's Chrome now silently auto-updates Flash Player." 

  • "Unlike other browsers, Chrome updates itself automatically in the background without asking for permission or prompting users that security fixes or new features are available." 
  • "Google uses a unique approach, they don't ask users [for permission to update], they just do it" said Peter Betlem, Senior Director of Flash Player Engineering.  

What this means is that unlike all other browsers or Google competitors, Google does not believe it needs permission from users to gain wide open access to users' entire computer software and all its private contents.

  • The reason others ask for specific permission before adding or changing users' software is that they respect users' privacy and property, and user sanctity over their own computer and all of its contents.
  • Apparently everyone but Google understands that it is no longer a user's computer or a user's private information, if no permission or authorization is required to gain access to it and use it. 

In essence, Google is expanding the concept of an "open Internet" to not only mean an open "dumb" pipe of ISP bandwidth to every edge computer, but also an open "dumb" gateway that provides only Google automatic unencumbered access into the inside of every Chrome-enabled computer -- including its private contents. 

  • (Apparently Google has concluded that to fulfill its mission "to organize the world's information and make it universally accessible and useful" it must be able to seize access to whatever information it wants, whenever it wants, without the permission of its owners.)

Simply, Google effectively has established "master key access" to all Chrome users computers and then left them unlocked for Google's sole purposes.

Looked at yet another way, Google has created what is potentially a 30 million plus Google botnet of Chromed-computers. 

  • Moreover, Google has effectively constructed a Chrome botnet that is not that dissimilar in capability to bad-actor botnets that can distribute viruses, worms, trojans, spyware, spam, key-stroke logging malware, p-2-p file-sharing, etc.  

The primary difference here is that Google claims its botnet is a good botnet run by good guys with good intentions. 

  • The huge problem with that difference is that "security is Google's Achilles heel" (as I have documented in a seven-part research series).
  • This means if Chrome is ever hacked, (and according to Google, the Chinese have already successfully hacked Google), Google has essentially left all Chrome users completely vulnerable to whatever the hacker wants to automatically push out to Google's 30 million-plus Chrome users.
  • By blowing off the common sense, best-practice safety-net of respecting the need for permission and authorization from users before reconfiguring their software and potentially gaining access to all their information, Google has put all Chrome users at the mercy the inviolability of Google's security -- security that has already been proven by the Chinese to be porous.  

In other words, Google has unwittingly enlisted Chrome users into being part of a potential auto-virus, auto spam or auto-file-sharing network, that depends entirely on Google not being hacked.

  • And since Google has a well-known propensity for auto-integrating its software without users permission (like they recently did in making Google Buzz' gmail contacts automatically public), hackers could potentially spread their malware beyond Chrome users to the hundreds of millions of users of other Google free products like gmail, maps, search etc.
  • Google has effectively baited hackers to hack them, because if they can, Google has given them the automatic master key to the Internet's Chrome city -- and maybe beyond.  
  • The most catastrophic potential problem here is if Google were to be hacked and a "zero-day threat" was unleashed on these unsuspecting and trusting Chrome users.
    • (A zero-day threat is a hazard so new that no protection against it exists. To learn more, see Byron Acohido's national award-winning book on zero-day threats here.)    

Unfortunately, Google has taken its "innovation without permission" PR slogan to the extreme that Google does not need anyone's permission to do just about anything as long as Google can justify to itself that it is necessary for "innovation."  

  • Remember Google did not see the need to ask the permission of:
  • This sample list exposes a very disturbing pattern of Google behavior that too few appreciate. 

I have testified before Congress twice on Google and the web 2.0 movement's disregard for users privacy or the need for meaningful consent or permission of their users. 

  • At the time, I charitably called this cavalier behavior a "finders keepers losers weepers" ethos.
  • It now may be more appropriate to call it a "we don't need no stinking" permission ethos...


    For those who would like to learn more about the need for Google to have more transparency and accountability, see Precursor's sister watchdog site.