Shostack + Friends Blog Archive

 

Google VPN, Macs, and Privacy

NudeCybot (hey, you’re blogging again!) asked me for opinions on Google Secure Access (or just GSA), and sent me a link to Kevin Stock’s Google Secure Access on Mac OS X. There’s a lot of critiques of Google’s Privacy policy around GSA: “Hide what you’re doing from everyone but us! And, umm, anyone who asks us real nice.” So lets look at exactly what Google sees.

One of the things Kevin shows is that by visiting https://vpn.google.com/getpass/, you’re given an IP address of a server, and a username and password. Now, that’s fascinating to me, because you can use a tool like Curl to download the access bits. And you can do so without a cookie. That’s important, because it drives a lack of linkage. You can even use Curl over tor/privoxy to get your data:
curl --proxy localhost:8118 https://vpn.google.com/getpass/
Add a -D and see that Google isn’t even setting a cookie on the connection.

So its not clear that Google knows who the users of GSA are. Unlike a lot of their services, it doesn’t require that you share your “Google name” with them. Google names include gmail, orkut, or often even your regular Google cookie. (Come on, whose name do you search on most?) But that’s not strong privacy, and it’s likely to break, when you login to a non-SSL site, or ego-search, or, umm, expose your cookies to them. It could break if you check email without encryption.

Jumping back to Kevin’s script, I found the Applescript solution both slow and also a bit worrying (an attacker pretending to be Google can feed stuff into that script). So I started writing a shell script to do much the same thing, with a few bits of code added for resilience against attackers. The only bit missing is exactly how to feed a password into the Mac’s command line pppd.

Some technical comments on Kevin’s scripts are after the break.

  • Sed is faster to invoke than Perl. sed 's/<[^>]*>//g' will strip XML from your lines…
  • The MacOSXHints post, “Accessing a VPN (PPTP) via the command line” seems quite relevant to eliminating Applescript, and getting your connection the same day you ask for it. (Maybe that’s a tad harsh. I find Applescript to be awfully slow.)
  • My only open question is how to get a password into the script.