Here I had described a surprising behaviour from Gmail. The bottom line here was that Google was using knowledge about my work email address which was configured in gmail as a backup address ( I will cover this in a different post when i have some time), in ways that can be clearly construed as a breach of privacy boundaries and at the very least as very unusual behaviour.
Quick recap - I had sent a calendar invite from my work address to someone at a fairly well known startup. The response to that calendar invite was automatically forwarded to my gmail address and my gmail address was exposed to all the people on this invite list without my consent. This is a clear breach of privacy. The reason for providing additional email addresses to an email provider are -
1. For forwarding emails to another address
2. For recovering account information in case one forgets his/her account information
To use this information in a way that exposes more information than i seek to share with others, is a clear breach of my privacy. Google must plug this leak. There are a lot of other dangerous possibilities once a service provider tries to stretch functionality that spans natural boundaries like professional life and personal life. It is critical that each function that spans these natural boundaries is evaluated for inadvertent or intended privacy abuse.
For example, assuming Gmail allows me to configure multiple mail forwarding addresses for specific kinds of rules (which it does). I may want to forward emails related to a specific topic to my wife. This will require me to add my wife's email address as one of the email addresses in my gmail account. My wife will actually confirm this as we'd have discussed this offline. Now if this acceptance is used to construe (mis) that both these email IDs are mine, i may start to receive calendar invites sent out by my wife from her email account. My gmail experience is just a step away from this possibility.
Calendering conflicts in today's world span personal and professional commitments and hence Google is trying to deliver functionality that allows you to keep your gmail calendar with your work calendar. But these are boundaries that need to be tread very carefully. We, the consumers, cannot leave this responsibility solely to Google and must raise concerns everytime we come across an interaction with Google or similar companies that don't look correct. This is the age when, consumers have to be doubly vigilant. It is hard to not provide information as you seek functionality but policing the usage of that information must be done by consumers.
Google must respond to this !! If you have experienced similar issues with other sites/providers please post it in the comments here so that we can investigate and raise awareness of these issues.
Showing posts with label Cloud. Show all posts
Showing posts with label Cloud. Show all posts
Sunday, August 29, 2010
Tuesday, August 17, 2010
CDNs - the rise of the anticloud
I was at a meeting with Akamai the other day. Akamai is a very fascinating company and i have followed both their business and technology progress quite closely. in fact, I have made money on their stock. Akamai has been delivering services in the Cloud business model for longer than the term Cloud has been in existence. In a strange way, though, I consider them anticloud. They are a force driving decentralization of content while Cloud is the force of centralization of both content and processing. In many ways Akamai is stretching the boundaries of the Cloud to the edges and in an extreme situation right to the home. This extreme situation is when CDNs merge with P2P technologies to deliver content from the end points themselves. Now, if anybody thinks this is hypothetical and fantasy then, look at Red Swoosh acquisition by Akamai. What P2P lacks, arguably, is the content management sophistication of traditional CDNs but companies like Akamai see no reason why the management cannot be extended to a content delivery node sitting on any of home network devices viz., wifi router, broadband router, set-top box etc.
In principle, this may allow some users to become data center providers for their community where the service is delivered by Akamai through its partners but the real estate is rented from end-users who make the capital investment into buying bigger network devices.
The forces pushing the content to the edges are not new - network congestion which gets exacerbated by rise of video. Today's digital video is not your father's video content. It is much bigger in resolution, higher in frame rates, interactive, 3D etc. All these factors demand data capacity of unprecedented levels. A 4K video (which you can upload on youtube now and is actually a resolution of 4096x3072) will not take a lot of simultaneous viewers to clog the internet backbone. Through the history of the internet, the last mile has been the bottleneck but with the advent of video the rate limiting characteristic of the last mile is preventing the meltdown of the internet. Thank god, we don't have all the internet users on broadband !! It is easy for people who have seen Indian cities transform in last 10 years to relate with this. The prosperity has resulted in explosion of car ownership but the roads have failed to keep pace and result is massive traffic jams.
It is no surprise that Cloud providers are launching or looking to launch their own CDNs. It is not easy though to build out POPs across the globe even for large companies. For video the Cloud will be distributed and stretched to include the homes. It is the management of content that will be Cloud based but the data is more likely to reside on the edges. Microsoft has over a period of time has moved away from using Akamai and Limelight networks to owning CDN assets on the edges and Azure CDN i believe is totally MSFT owned now.
Things are getting really interesting in this space and it may be time to go long on Akamai again but at $40+ it is a little too high for me.
In principle, this may allow some users to become data center providers for their community where the service is delivered by Akamai through its partners but the real estate is rented from end-users who make the capital investment into buying bigger network devices.
The forces pushing the content to the edges are not new - network congestion which gets exacerbated by rise of video. Today's digital video is not your father's video content. It is much bigger in resolution, higher in frame rates, interactive, 3D etc. All these factors demand data capacity of unprecedented levels. A 4K video (which you can upload on youtube now and is actually a resolution of 4096x3072) will not take a lot of simultaneous viewers to clog the internet backbone. Through the history of the internet, the last mile has been the bottleneck but with the advent of video the rate limiting characteristic of the last mile is preventing the meltdown of the internet. Thank god, we don't have all the internet users on broadband !! It is easy for people who have seen Indian cities transform in last 10 years to relate with this. The prosperity has resulted in explosion of car ownership but the roads have failed to keep pace and result is massive traffic jams.
It is no surprise that Cloud providers are launching or looking to launch their own CDNs. It is not easy though to build out POPs across the globe even for large companies. For video the Cloud will be distributed and stretched to include the homes. It is the management of content that will be Cloud based but the data is more likely to reside on the edges. Microsoft has over a period of time has moved away from using Akamai and Limelight networks to owning CDN assets on the edges and Azure CDN i believe is totally MSFT owned now.
Things are getting really interesting in this space and it may be time to go long on Akamai again but at $40+ it is a little too high for me.
Wednesday, May 5, 2010
Strange use of my profile data on Gmail…….
Yesterday I sent out a calendar invite to the CTO of a well known cloud computing startup. When I view the response on Outlook on my PC, I see the acceptance email addressed to my Gmail address.
The acceptance email from this person on my iPhone was addressed to a friend of mine. On iPhone when I click on this friend’s name on the “to” field I see his Gmail address and my Gmail address in the details about my friend.
Now all this is very confusing because I sent my calendar invite from my work email and not Gmail. There is a connection though, I have set my work email as the forwarding address for the emails that I receive on my Gmail that match a set of filter criteria. More specifically, I have Google Alerts directed to my Gmail account and I forward those alerts to my work email address. Another important fact is that this startup Company is using Gmail for their corporate email.
So it is clear that when I send a calendar invite from my work email account to the personnel of this company it hits the Gmail servers. Gmail at that point is using my work email address to look up my personal Gmail account and is sending the responses to both my work email and my Gmail account. This is a big data privacy and security issue. When enterprises worry about moving their applications and data to the Cloud it is these kinds of leaks (inadvertent or otherwise) that they fear and rightly so.
In the traditional IT model, the likelihood of such events is low as there is clear physical and ownership separation of my personal data and my enterprise data. Google has a natural desire to maintain a single identity across all my aliases/accounts, which may or may not be a desired state for me. The massive analytics infrastructure operates across all data regardless of their ownership/tenancy boundaries.
While this may allow Google to offer valuable products and services to me, like highly personalized search results and recommendations, it exposes more information than I am comfortable disclosing and worst of all I don’t even fully understand what it might expose. This is a small but illustrative example that shows why it is imperative that enterprises follow the model of “trust but verify” with Cloud providers when engaging them. Cloud providers must share and expose their architectural details for 3rd party audit. There may be a case for identifying functions that are more prone to creating privacy/security risks like analytics which by design are meant to extract identifiable information from a large data sets regardless of tenant boundaries. These functions and their output data access should be controlled and controls should be made transparent. In fact, enterprise tenants should be able specify and verify what functions are allowed with specific data - like analytics. Consumers have little leverage with large Corporates since we consumers value the functionality delivered by these companies far more than the potential loss of privacy/security so we are unlikely to vote with our mouse clicks.
The acceptance email from this person on my iPhone was addressed to a friend of mine. On iPhone when I click on this friend’s name on the “to” field I see his Gmail address and my Gmail address in the details about my friend.
Now all this is very confusing because I sent my calendar invite from my work email and not Gmail. There is a connection though, I have set my work email as the forwarding address for the emails that I receive on my Gmail that match a set of filter criteria. More specifically, I have Google Alerts directed to my Gmail account and I forward those alerts to my work email address. Another important fact is that this startup Company is using Gmail for their corporate email.
So it is clear that when I send a calendar invite from my work email account to the personnel of this company it hits the Gmail servers. Gmail at that point is using my work email address to look up my personal Gmail account and is sending the responses to both my work email and my Gmail account. This is a big data privacy and security issue. When enterprises worry about moving their applications and data to the Cloud it is these kinds of leaks (inadvertent or otherwise) that they fear and rightly so.
In the traditional IT model, the likelihood of such events is low as there is clear physical and ownership separation of my personal data and my enterprise data. Google has a natural desire to maintain a single identity across all my aliases/accounts, which may or may not be a desired state for me. The massive analytics infrastructure operates across all data regardless of their ownership/tenancy boundaries.
While this may allow Google to offer valuable products and services to me, like highly personalized search results and recommendations, it exposes more information than I am comfortable disclosing and worst of all I don’t even fully understand what it might expose. This is a small but illustrative example that shows why it is imperative that enterprises follow the model of “trust but verify” with Cloud providers when engaging them. Cloud providers must share and expose their architectural details for 3rd party audit. There may be a case for identifying functions that are more prone to creating privacy/security risks like analytics which by design are meant to extract identifiable information from a large data sets regardless of tenant boundaries. These functions and their output data access should be controlled and controls should be made transparent. In fact, enterprise tenants should be able specify and verify what functions are allowed with specific data - like analytics. Consumers have little leverage with large Corporates since we consumers value the functionality delivered by these companies far more than the potential loss of privacy/security so we are unlikely to vote with our mouse clicks.
Subscribe to:
Posts (Atom)
Posts
