Why I fired Google

One of the many reasons I’ve been leaving Google for other services.

Searal - Parallel Search

One of the examples I am showing up here is that why I am using Searal now and fired google search from my browser –

I was looking for the solution for this query “JBAS014688: Wrong type for max-threads. Expected [EXPRESSION, INT] but was OBJECT

And check out what is google results –

Google

And then I have searched on Searalwhich is saying that it provides relevant results quicker –

searal

Searalis a simple idea, but I think it definitely provides better results and solve the purpose. Not even that before this I only see what google wants me to see. But now I can independently see different results from different search engines. And then I can choose to best from it. This is one of the proofs.

View original post

How to start a secure browser: Quark

Ran across this paper today about a pretty cool new browser, Quark:

Quark, a browser whose kernel has been implemented and verified in the Coq proof assistant. We give a specification of our kernel, show that the implementation satisfies the specification, and finally show that the specification implies several security properties, including tab non-interference, cookie integrity and confidentiality, and address bar integrity.

Let’s put this into more simple terms. Unlike standard programming practice with unit tests, which essentially test cases that the developer defines, these go one step further and prove that the base kernel of the system will do precisely what is specified and nothing else, if all of the assumptions are valid about the OS-base, etc.

This is to programming what mathematical proofs are to mathematics. A unit test suite is similar to doing scientific experiments and deducing your system matches the specs perfectly, a proof in programming is precisely the same as a proof in mathematics. It stops being a theory and starting being absolute fact.

This is pretty cool, especially since the code is all there to work with; proven (literally), and entirely open for review. Perhaps this will inspire some security types to do the same with cryptographic kernels.

Epic, a privacy browser with a fatal flaw

I ran across this new browser recently, Epic.

Why should I use Epic?

When you use the Epic Privacy Browser, you get privacy in a fast, simple browser! Have a fabulous browsing experience and gain privacy over what you browse and search. Protect your browsing and searches from hundreds of companies and governments.

Awesome, except for one thing – The software is closed source, and worse is supported by essentially a form of advertising.

Epic like most browsers earns a commission on searches we drive. So the more you use Epic’s default search engine, the more you support Epic and our continued privacy efforts

Combine this with the fact it is owned by a private company based out of the US (and thus subject to NSL and the like.)

Hidden Reflex is a privately-funded software start-up company based in the United States

Sadly, great idea, bad execution. If you want to have a higher assurance of privacy, you shouldn’t use this, use an open source browser with appropriate security related plugins – NoScript, RequestPolicy, Adblock edge (Not Adblock plus, which has been compromised). These are a good start, there are others out there that can help even more.

Sadly, if you are a company that wants to provide a believable amount of privacy, you must do at least the following:

  • Your company cannot be based out of the US (Lavabit had to shut down, likely to avoid being forced to put backdoors in it’s software). I am forced to assume that any organization based out of the US is (or can be) similarly compromised.
  • Your company needs to have it’s software open sourced. You can keep the copyright on the brand however. (Open Sourced software allows for more public review of the code.)
  • You company needs to not use servers in the US to store your code or installer and you should have a hash of your installer to assure it’s not been tampered with.

Without those 3 things, you can no longer claim your software has privacy in mind and be believed anymore.

Google, this doesn’t prove anything

You can paint over this, but it will still just rust through.

Google is trying to put on a good show of security theatre recently, and the media is almost falling for it (via WaPo)

Google is racing to encrypt the torrents of information that flow among its data centers around the world in a bid to thwart snooping by the NSA and the intelligence agencies of foreign governments, company officials said Friday.

I really want to say this means something, but it doesn’t. As we saw just a few days ago, the NSA is more than willing and able to put backdoors into everything. They could encrypt every bit of traffic between all of their servers, and it would be meaningless if they were forced to give away the root keys via a NSL, or had someone inside of Google who could place a “bug” or get the certificates themselves.

They almost recognize this, but miss the target by about a meter.

Encrypting information flowing among data centers will not make it impossible for intelligence agencies to snoop on individual users of Google services, nor will it have any effect on legal requirements that the company comply with court orders or valid national security requests for data. But company officials and independent security experts said that increasingly widespread use of encryption technology makes mass surveillance more difficult — whether conducted by governments or other sophisticated hackers.

No, it doesn’t make any difference with mass surveillance, none at all. If they don’t fight the NSLs directly and have a proven audited system to assure that there are no spooks inside planting bugs or giving out root keys, then they haven’t done anything more than security theatre.

This doesn’t change a thing, as long as Google is in the US and these NSLs get issues without any real oversight or transparency, then they could one-time pad everything between their servers and it would mean very little. The system is compromised, it is proven to be compromised.

If you have a rusty piece of metal, no amount of rust paint will top the rust. You need to get rid of the rust first. American businesses need to show that they are willing to actually defy these orders to prove to anyone that they are trustworthy again. Lavabit did, but they don’t have the resources of Microsoft, Google or Amazon.

Sucks, but it’s a fact. If you want secure transmissions and need confidentiality, you cannot use American services with any certainty anymore, even if they put on a big show.

Why does this not exist? The “most amazing” restaurants

Futuristic.

TNG always discussed the possibility of holodecks. I don’t think we have this tech at all yet, but what if instead of having a full holodeck, we can have a room which whisks you away to another world. What if we can enjoy our most amazing french dinner while feeling like we are sitting in Paris? Or perhaps enjoy a delicious jamaican meal – complete with fantastic rum – feeling like sitting right next to the beach, complete with sounds and smells?

So real it scares you.

Watch the following. It’s really mean, but it makes a good point.

It’s a screen, so realistic that the most absurd visuals on it, combined with good sound effects and some other special effects, convince people the city is really being destroyed.

Now, this is a mean-spirited prank, and the screen isn’t cheap. What if we took this idea and went with it a bit further.

Let’s expand this a bit.

Obviously we can imitate a single window effectively, LG just proved that. Probably with little work we could do an entire wall, possibly all walls in a room. We have had ultra realistic sound for pretty much a few decades now. We can easily do scents to match a specific video. Combine these elements and you have a room where you can be whisked away to anywhere in the world pretty realistically, for example, Paris, complete with sound and smell.

Mmmm, you can really smell the urine.

However, this would not be cheap, my estimates would be that it wouldn’t be that much more expensive than a fully decked out VIP section in a expensive restaurant or club. Now, people spend tons of money in a club or restaurant, and the more unique the experience the more people will shell out. So, why not put two and two together.

In the words of Gordon Ramsay.

Why not have a restaurant or club where you can rent the “holodeck” room. Where you experience is not just the food and drink, but travelling the world. Enjoying the food in the atmosphere it was meant to be enjoyed in. It would be the “most amazing” experience ever to enjoy with your food. Every aspect of it would be controlled; temperature, scents, sights, sounds.

You wouldn’t be able to walk past the walls, mind you, but who goes for a walk around when they are eating food anyways. The atmosphere would just be designed to amplify the enjoyment of the meal. The chef would not only be able to determine what you eat, but precisely what environment is around you to enjoy it in. Suddenly, the restaurant experience becomes complete and fully adaptable to the chef’s whims.

Why does this not exist?

“No one would pay for it!”

People are already paying a fortune for dinner experiences like the following:

I just hope it doesn’t rain.

Why would they not pay for the experience of enjoying something like that in a perfectly controlled environment? The investment isn’t anything more than the investment in these luxury clubs and restaurants, especially since you don’t need to put it on top of a building or in a very expensive location. You could build room after room, each one giving a tailored experience to your guests.

Techies are not chefs. (or chefs are not techies)

To put this politely, you are full of brown stuff if you actually believe this. Google Molecular Gastronomy and then we can chat.

Risk

This is risky, but starting a high-end restaurant is risky. If you aren’t willing to try something new that makes you stand out, you probably shouldn’t invest in one in the first place. If you can pull this off, combined with good food, you will easily book every room for every day.

Conclusions

This is just a neat idea, I realized it was possible when I saw OLEDs and 3d video without glasses at CES a couple of years back. Still kinda amazed no one is trying it out. Maybe we will see one soon.