Information freedom for open source users.

Google on Monday patched five vulnerabilities in Chrome by issuing a new “stable” build of the browser.

nk497 writes “When it comes to security flaws, who should be warned first: users or software vendors? The debate has flared up again, after Google researcher Tavis Ormandy published a flaw in Windows Support. As previously noted on Slashdot, Google has since promised to back researchers that give vendors at least 60-days to sort out a solution to reported flaws, while Microsoft has responded by renaming responsible disclosure as “coordinated vulnerability disclosure.” Microsoft is set to announce something related to community-based defence at Black Hat, but it’s not likely to be a bug bounty, as the firm has again said it won’t pay for vulnerabilities. So what other methods for managing disclosures could the security industry develop, that balance vendors need for time to develop a solution and researchers’ needs to work together and publish?”

Read more of this story at Slashdot.

It wasn’t long ago that we were reading about the air war between Microsoft and Google over a vulnerability disclosure from a Google employee, Tavis Ormandy, that affected

eldavojohn writes “A startup called Metaweb (looks like an ontological, entity-based approach to Web 2.0 tagging) has been acquired by Google. You can find out what they’re about from a super marketing fluff video they put together. The neat thing about Metaweb is that the database of entities it has is free. Will Google be able to make Metaweb work on their omniscient scale, or was this just Google making sure a startup doesn’t become yet another player in search?”

Read more of this story at Slashdot.

tekgoblin noted joyous rumors for anyone forced to use multiple Google accounts “Wouldn’t it be great if you could log into all of your Google accounts at the same time if you have multiple? Well it seems that Google may be implementing a way to do this in the near future. Right now it can be done with scripts such as a Greasemonkey script, but that isn’t as easy as
Google doing it for us.

The people over at Google Operating System have had users submit a screenshot of what looks like a beta test for multiple account login. It appears that it will be available for Calendar, Code, Docs, Gmail, Reader, and Sites for the test but surely it will be across all Google apps when its released.”

Read more of this story at Slashdot.

A post at TechCrunch claims knowledge of large investments from Google into social game company Zynga, makers of FarmVille and Mafia Wars. The amount of money involved is not small — somewhere in the $100-200 million range — and could facilitate Google’s expansion into the games market. Quoting:
“The investment was made by Google itself, not Google Ventures, say our sources, and it’s a highly strategic deal. Zynga will be the cornerstone of a new Google Games to launch later this year, say multiple sources. Not only will Zynga’s games give Google Games a solid base of social games to build on, but it will also give Google the beginning of a true social graph as users log into Google to play the games. And I wouldn’t be surprised to see PayPal being replaced with Google Checkout as the primary payment option. Zynga is supposedly PayPal’s biggest single customer, and Google is always looking for ways to make Google Checkout relevant.”

Read more of this story at Slashdot.

wombatmobile writes “The world’s most popular search engine company is a leading supporter of open standards. It pours money and people into initiatives that promote, assist, support and implement Web standards. As a core foundation of is mission statement, all web assets should ideally be of a kind that it can work with. Strange then, that the world’s most popular search engine doesn’t index all of the current important Web standards formats. Doug Schepers of W3C blogs about how Scalable Vector Graphics content is recognized and not recognized by search engines, currently and historically.” Readability really helps out on this site.

Read more of this story at Slashdot.

wombatmobile writes “The world’s most popular search engine company is a leading supporter of open standards. It pours money and people into initiatives that promote, assist, support and implement Web standards. As a core foundation of is mission statement, all web assets should ideally be of a kind that it can work with. Strange then, that the world’s most popular search engine doesn’t index all of the current important Web standards formats. Doug Schepers of W3C blogs about how Scalable Vector Graphics content is recognized and not recognized by search engines, currently and historically.” Readability really helps out on this site.

Read more of this story at Slashdot.

An anonymous reader sends word of a proof-of-concept Google Chrome browser extension that steals users’ login details. The developer, Andreas Grech, says that he is trying to raise awareness about security among end users, and therefore chose Chrome as a test-bed because of its reputation as the safest browser. Grech says he does not doubt that Chrome is a safe browser, but the point is that such an extension could be written for any of them. Grech says he has not uploaded his extension to the Google Chrome repository or anywhere else; but he has published enough details to allow others to reproduce the technique easily.

Read more of this story at Slashdot.

schliz writes “The Australian Privacy Commissioner has found Google guilty of breaching the country’s Privacy Act when it collected unsecured WiFi payload data with its Street View vehicles. While the Commissioner could not penalize the company, Google agreed to publish an apology on its Australian blog, and work more closely with her during the next three years. Globally, Google is said to have collected some 600 GB of data transmitted over public WiFi networks. In May, the company put its high-definition Australian Street View plans on hold to audit its processes.”

Read more of this story at Slashdot.

snydeq writes “The Chinese government has renewed Google’s Internet Content Provider license (announcement), enabling the company to continue to provide Web search and other local products to users in China. If Google had been unable to renew its license, it could have meant the end of the company’s operations in China, leaving search engine rival Baidu to dominate the market. Last week Google began making efforts to win over Chinese officials. Rather than automatically redirecting Google.cn visitors to Google’s Hong Kong search engine (a strategy the Chinese government found unacceptable), the company now sends visitors to a ‘landing page’ where they can choose to click on a link leading to the Hong Kong site, or stay to use unfiltered services such as music or text translation.”

Read more of this story at Slashdot.

GrApHiX42 writes “Starting on Thursday, Google is going to increase the salaries of gay and lesbian employees whose partners receive domestic partner health benefits, largely to compensate them for an extra tax they must pay that heterosexual married couples do not. Google is not the first company to make up for the extra tax. At least a few large employers already do. But benefits experts say Google’s move could inspire its Silicon Valley competitors to follow suit, because they compete for the same talent.”

Read more of this story at Slashdot.

shmG writes “Google Inc. has announced a “new approach” in China after the government said the company could no longer automatically redirect users to the unfiltered Hong Kong site. Move over Google, it’s Baidu Inc, with over 60 percent of share in internet search in China, to grab the chance and expand. It has announced new plans to hire U.S engineers to enhance its technical skills and propel its growth globally.”

Read more of this story at Slashdot.

angry tapir writes “In keeping with Google’s enthusiasm for the emerging HTML5 standard, many upcoming features of the company’s Gmail Web-based e-mail service will be rendered in HTML5. One feature that the Gmail design team is now working on is the ability to drag files from the desktop into the browser. Gmail will also make use of HTML5′s database standards. Currently the e-mail service uses Google Gears to store mail for offline reading, but over time that will migrate to the HTML5 standards.”

Read more of this story at Slashdot.

Trailrunner7 writes “The remote-wipe capability that Google recently invoked to remove a harmless application from some Android phones isn’t the only remote control feature that the company built into its mobile OS. It turns out that Android also includes a feature that enables Google to remotely install apps on users’ phones as well. Jon Oberheide, the security researcher who developed the application that Google remotely removed from Android phones, noticed during his research that the Android OS includes a feature called INSTALL_ASSET that allows Google to remotely install applications on users’ phones. ‘I don’t know what design decision they based that on. Maybe they just figured since they had the removal mechanism, it’s easy to have the install mechanism too,’ Oberheide said in an interview. ‘I don’t know if they’ve used it yet.’”

Read more of this story at Slashdot.

eldavojohn writes “It’s an old case, but there was an interesting development today when a judge ruled that YouTube is protected from Viacom by the safe harbor provisions of the DMCA, since YouTube helps rights owners manage their rights online and works cooperatively with entities like Viacom. Google’s calling it a victory, but I’m not sure if Viacom will take this without a fight.”

Read more of this story at Slashdot.

An anonymous reader writes “Google Voice is now open to anyone in the US, removing the need to search for an invite. At the Google Voice site, anyone with a US IP address and a US phone number can sign up for an account. Non-US IPs are blocked, and non-US-based phone numbers are prevented from attaching to Google Voice (with the single odd exception of the 403 area code of southern Alberta).” Good timing on the part of Frontier Communications Corp., which just filed a lawsuit claiming that the Google Voice feature connecting a user’s home, work, and cell phone numbers to another number infringes one of their patents.

Read more of this story at Slashdot.

An anonymous reader in the UK writes “Over the past several weeks we’ve discussed the rolling out of Google SSL search. Now an obstacle to the rollout has arisen, much to the frustration of school students and teachers alike. Content filter vendors have decided to block all Google SSL traffic — which also blocks access to Google Apps for Education. Google is working to appease these vendors. The questions at the heart of this situation are: Does a company (school, government) have a right to restrict SSL traffic so it can snoop your data, or does an individual have a right to encrypted Internet facilities? And, is the search data you create your data, or is it your employer’s (school’s)? IANAL but blocking SSL search seems at odds with the UK Data Protection Act, because some local governments here may be using the very same filtering service for their employees. It would also seem to go against the spirit of FIPS in the US (though I appreciate that federal standards are separate from schools in the States).”

Read more of this story at Slashdot.

Add Connecticut Attorney General Richard Blumenthal to the list of politicians out there who are shocked — shocked!

An anonymous reader passes along a DMCA takedown notice directed at Google and authored by the British Phonographic Industry, Britain’s equivalent of the RIAA. P2pnet identifies the BPI as the outfit that “contributed to the British government’s Digital Economy bill, complete with its ACTA Three Strikes and you’re Off The Net element, with hardly a murmur from the UK lamescream media.” Are there any precedents for a UK trade organization attempting to use an American law to force an American company to take down links to UK-copyrighted material?

Read more of this story at Slashdot.