hey Roland, haven't seen you in a while :)
yup i noticed it, too. as always i tried to
configure the dll intern options.html with
the reshacker to do my custom options and layout...
it didn't work :(
although it's more likely that it has something to do with
the conflicts since the deinstallation of former releases
were not complete, the "downloaded program files" folder
saved version 1.1.56-deleon in a subfolder called "conflict.1"
well, i edited both GoogleNav.dlls but no effect...
i was too lazy to do some more research on it but
now that i see your post i think i'm gonna have a look
at it soon :)

hm i just saw that it's easier than i thought:
the location of the dll now is
\downloaded program files\conflict.1\googletoolbar_en_1.1.57-deleon.dll
(or \downloaded program files\googletoolbar_en_1.1.57-deleon.dll if installed clean),
former versions were all named googlenav.dll

It's scary because I was never asked if I wanted this upgrade or not. And you may see that the download date is 03/06/2002 and it was only activated today 21/06/2002. Will we see a google toolbar on the Lavasoft Ad-Aware list of spyware?

Now you've got me seriously spooked. I downloaded the toolbar for my Explorer 5.5 on June 2. It was version 1.1.56. I know, because I wrote it down after checking "About Google Toolbar."

I checked today and magically I now have 1.1.57.

Here's what has me spooked. I only use Explorer maybe five minutes per day, and I use it with all ActiveX disabled, all active scripting disabled, and file downloads disabled. Google sidesteps all of this when they update the toolbar. Believe me, I would notice if I was queried before the update. Like I said, I use Explorer five minutes per day, and I'm very conscious that it's vulnerable.

In other words, Google has full access to my hard disk whenever I use Explorer, because the PageRank feature is phoning home to Google all the time. Every time it phones home, Google has the power to do anything at all to my hard disk.

Can anyone else confirm that their toolbar gets updated even when you have all this stuff disabled in Explorer?

Does this qualify as spyware?

Spyware?

No I don't think so. It doesn't do anything but spy on every URL you go to (advanced option). But as far as reading your filesystem and spying on other things. No they don't do that.

Mine has been updated without my permission also. Even the dastardly Microsoft asks first...

[toolbar.google.com ] : Periodically, the Google Toolbar contacts our servers to see if you are running the most current version. If necessary, we will automatically provide you with the latest update to the Google Toolbar....
Google may decide to change this Privacy Policy from time to time...we will post those changes on this page...

I recall seeing the first sentence when "accepting" the download of the toolbar. I believe you are agreeing to install whatever software Google chooses, limited by the restrictions on the website privacy pages. Caveat downloaditor.

Okay, let me be sure I have this right.

One sunny day, bright and early, Google decides to modify their privacy policy. This new sentence is added:

"Those who have the toolbar installed agree that Google may scrutinize, download, and store in Google's archive, for future reference and in perpetuity, all files accessible to the toolbar on the user's computer."

Since I'm not in the habit of perusing Google's privacy policy with a non-Explorer browser before I fire up Explorer with its toolbar, I happen to hear about this privacy policy change two days later on WebmasterWorld.

I use Explorer that same morning. As in the past, Google again jumps my ZoneAlarm, waltzes around all of my paranoid Explorer security settings, and installs the biggest and best toolbar yet. I don't know about it, because I didn't read the new sentence in their privacy policy. This new toolbar software is so cool that you don't even have to be using Explorer anymore. All you need is a static IP, a broadband connection, and you need to be in the habit of leaving your computer on for long periods of time.

Google sucks up whatever looks interesting on my hard disk. What's more, it's perfectly legal because their privacy policy says that they can do this.

Who's at fault? Both Google and Microsoft are at fault. When I set something in IE that says "disable file downloads" I expect this to mean what it says. It's worked okay a couple of times last year in that it stops a certain number of worms and viruses that may be trying to get in. But it doesn't do squat to stop Google's toolbar upgrades. To allow Google downloads like automatic toolbar upgrades, when I've checked everything in that huge security panel even remotely related to preventing this sort of abuse, is definitely a bug or a design flaw in IE.

And also, Google is at fault because they are exploiting a weakness in the IE browser. There must be a way for Google to find out if I have "Disable file downloads" checked. If this is checked, they should ask before they upgrade anything on IE. I don't care what their privacy policy says.

Both Google and Microsoft are a menace to society. What's wrong with my analysis?

depends. i'm sure msie has a build-in subroutie for downloading upgrades
etc. that involves checking the security settings set by the user.
now if google does not use this subroutine but has its own upgrade-engine
it's not ms's fault anymore...
i don't suppose google to make use of flaws, i rather think that the toolbar
does really have an own upgrade-engine and just doesn't check the security
settings (which of course would be possible and very easy)

I would not doubt for a second that the NSA and CIA don't have employees inside Microsoft. I know for sure the NSA does. I am sure there are plenty of ways into your computer without you worrying about Google Toolbar exploring your hard drive. You should be more concerned what Google will do with your browsing history. That is something you already allow them to watch and log.

It would be nice if there was a way to get them to purge that log.

From www.google.com/privacy.html
Google notes and saves information such as time of day, browser type, browser language, and IP address with each query. That information is used to verify our records and to provide more relevant services to users. For example, Google may use your IP address or browser language to determine which language to use when showing search results or advertisements.

What's perhaps more worrisome than the record of sites surfed that's compiled via the toolbar, is the record of search terms you've used. That happens even when you don't have the toolbar.

If you erase your 36-year Google cookie with the unique ID regularly, they still have your (quite often) static IP number. Search terms are a vector into your state of mind at a given point in time. Google shows no interest in periodically purging such data.

Does anyone know of other sites "powered by Google" that are not so rude? I've found three so far:

aol.co.uk - no cookie
netscape.com - harmless cookie
earthlink.com - harmless cookie

I'll tolerate a pop-up or two just to avoid adding my static IP and my search terms to Google's database. I wonder if such "powered by" sites are required to feed the user's IP to Google from their backdoor feed? I know they can't read Google cookies because it's a different domain.

Maybe it's time to ask them whether Google gets this information when they pass along the query.

I'll mention a few things that most readers already know, but makes sense to repeat:
- The toolbar does auto-update when we have new versions. This is documented in the Frequently Asked Questions section of the toolbar help:
[toolbar.google.com...]
(dbowers also noted that we mention the auto-update in our privacy section.)

Google still works fine if you disable cookies (we won't be able to remember your search settings like languages though.)

Also, if use the toolbar without the advanced features enabled, the toolbar is completely inert--it doesn't send any information to Google whatsoever as you surf.

If you are still worried about your privacy, you always have the option of not installing the toolbar. It's an advanced tool that we provide to users, and the opt-in for advanced features keeps most people happy. But if for some reason the toolbar makes you uncomfortable, then by all means don't run it. :)

Google's language on their toolbar privacy policy is pretty industry standard. And they have been up front about it and give a nice warning to users about the advanced version.