"Does Google care about what I think? No."

chewy, I don't know what else to say other than referring back to what I said in message #89.

Net_Wizard, if you go to [toolbar.google.com...] then the very first link is to the toolbar help page. The first link on that page is to our Frequently Asked Questions page. I'm not sure why you think someone has to install the toolbar before reading the Frequently Asked Questions page?

The problem with the "accident" theory, and its corollary that Google will listen to us, is that past history doesn't support it. The "related sites" on the adsense ads will be back -- as soon as the noise and attention subside, it will be back in some form.

Google keeps pushing the envelope. While other companies were pushing their own ill-advised envelopes, such as the rush to portals during the dot-com era on the part of several search engines, Google appeared out of obscurity with their own agenda.

Google was using maximum cookies from the beginning, which was a time when cookies were much more controversial than they are now. Google didn't care; they did it anyway. Federal sites have been prohibited from using persistent cookies altogether since the final years of the Clinton administration, and DoubleClick was under fire for cookies and web bugs. Most search engines used five or ten-year cookies. Google comes along and uses a cookie that 1) expires in 2038, 2) is served just by merely landing on a page at google.com, and 3) issues a unique ID even though they don't need a unique ID for the official reason for the cookie, which is to set preferences. (They wouldn't even need a cookie to set preferences, and if they wanted to use a cookie anyway, they sure wouldn't have to issue one to everyone who lands on any of their pages -- even before they do a search!)

In December 2000, Google introduced the toolbar that updates without asking. Sure, they tell you in the privacy policy that using the advanced features causes it to phone home. That's because Alexa was already on the receiving end of a class-action suit for not telling their toolbar users what sort of information they collected. Alexa lost that suit.

In December 2001, someone cracked the URL checksum in the toolbar and came out with a program called PRMaster. It had a Windows desktop interface and could not be used for anything other than manual inquiries. But Google tracked down the programmer and got the program stopped. Several months later they changed the checksum algo. The old PRMaster checksum algo started reporting bogus results, instead of just not responding, and this continued for months. This incident showed Google's attitude toward anyone who trespasses on their turf.

Google used the cache copy from the beginning. No other engine, except for a couple of very obscure ones, has had the arrogance to flaunt U.S. copyright laws this way. Even though the cache copy should be opt-in, it's not even a very convenient opt-out. Sticking a META in every page is not something that's easily done. And what about text files, and other pages that don't have headers?

Google never comments on public policy issues that matter to Internet users all over the world. They have no comment on their dealings with U.S. officials, and no comment on other privacy issues. They have never felt the need to justify why they need their cookie (except to "improve our search results"). At the same time, GG has the gall to say on WebmasterWorld, more than once, that he thinks Google has the best privacy policy in the business.

Google grabbed all of your images during the first half of 2001, and it wasn't until June or so that we found out that they were starting an image search. So now we all had to scramble to protect our images, and wait another six months until our new robots.txt purged the images they already had.

Over the last year, Google has demonstrated that selling ads and making money is more important to them than the integrity of their search results.

I don't see all of the above as a series of accidents, and I don't see any evidence that Google learns from feedback. Instead, I see a pattern of behavior. It might be a strategy, or it might not. But it's definitely a pattern.

Either trust them or don't!

MS has done auto updating for months/years, if you trust them, let them......it is probably for your own good. If you suffer from paranoia then get rid of them and go back to the cave. This is the future....welcome to the new world :)

Hmm, trust them? Isn't this thread about how they have broken our trust that we gave them?

SN

For what my 2 cents are worth, I am going to continue to use the toolbar - at least the the v1 revision - until Google decides to do a few fixes to v2, hopefully including the ability to turn off automatic updates as well as hiding the "search web" button (again).

I never meant to cause this much drama! I just wanted to get the attention of Google to make sure they understood automatic updates are a terrible idea and to show that there are other well educated people out there which agree.

My best hopes were to cause a quicker improvement to the toolbar, not to fuel an anti-Google rebellion :(

I consider myself rather technically knowledgable with PCs, having over 15 years experience and code daily in several languages. My educated opinion is that I don't feel as threatened by the actions of Google as several other folks have claimed they do here.

By the way, I leave pagerank reporting turned on at all times - it's not that I have nothing to hide, I just doubt Google will ever single me out and my browing history - they have MUCH better things to do. Think of what I save annually in not needing tinfoil hats! :)

Actually its another about people not taking personal responsibility for their actions.

Similar to the kooks that complain about nudity or cursing on TV; turn it off or change the channel if you don't like it! Block the updates, dump the toolbar, or install the Alexa or new Altavista toolbar instead--personal responsibility.

Which by the way, my cell phone, satellite TV, & Internet provider update my phones, receivers, and modems without notification and I pay for their services.

To me, Google is a lot like Nordstrom's (high-end retail store) - it got where it is not by being the cheapest or the only game in town, but by being excellent. As a result, I place higher expectations upon Google as a company. Anything that breaks down that trust will cause the same effect you see everywhere in capitalism - users will vote with their feet and move on to another search engine that hasn't made them feel betrayed.

That said, auto-updates are great for people who aren't technically adept (interesting antecdotes in this article from Wired [wired.com]). Giving them an option is more likely to confuse than enlighten them, and depending on them to seek out updates on their own is hopeless. But that has to be squared with the feelings of professional computer guys and girls, for whom things like Gator and MS service pack 6 have created a deep-set fear of installing anything without carefully researching the consequences.

Part of the reason I trust Google is that it makes the effort to differentiate between the Terms of Service and "not the usual yada yada". That the toolbar automatically updates should be stated clearly in the not-yada-yada section. If Google is willing to support use of the toolbar without auto-updates, there should be directions linked right there describing how to disable the feature.

I don't think there's anything malicious going on here, but Google should keep in mind that technical people were its first adopters, and technical people were the source of many recommendations to non-technical people. As said before, CYA isn't enough, and isn't going to endear Google to those who were its first and biggest fans.

/my two cents
g.

Actually its another about people not taking personal responsibility for their actions.

So, I suppose that it's my personal responsibility and not my trusted friends responsibility to respect my privacy and my property? It's okay then to go to my friends house, invade their privacy and destroy their property because they trusted me?

Which by the way, my cell phone, satellite TV, & Internet provider update my phones, receivers, and modems without notification and I pay for their services.

Nobody update hardwares automatically :). If your hardware cease to function properly then you might have to upgrade or buy a newer model.

In the case of drivers or internet connection softwares...I don't know about your ISP...but mine, including AOL, MSN always gives the option to update or download features but not automatically...probably scared of any liabilities incurred by just auto updating customer computers.

Net_Wizard, if you go to [toolbar.google.com...] then the very first link is to the toolbar help page. The first link on that page is to our Frequently Asked Questions page. I'm not sure why you think someone has to install the toolbar before reading the Frequently Asked Questions page?

I see, you choose to ignore the other points that I posted.

Okay, so you want to discuss possibilities and probabilities. Fine.

-------------------------
[toolbar.google.com...]

- there are 3 options for the users on what to do at that page
-1. hyperlink - help page
-2. drop down - select your language
-3. button - Get the Google Toolbar

Question: What are the probabilities of somebody who would actually click on the help page link(option1) and not 'Get the Google Toolbar'(option3) button? Please be honest.
-------------------------

Just to humor you and would be Google_drones. Let say I clicked on the 'help page' first before I download the Toolbar.

-------------------------
[toolbar.google.com...]

-There are 8 options for the users on what to do at that page
-1. FAQ
-2. Google menu
-3. Autofill
-4. Version Information - bold mine
-5. Toolbar Buttons
-6. Toolbar Options
-7. Pop-up Blocker
-8. Contact us

Question: What are the probabilities of somebody actually clicking on FAQ link and not say to 'Version Information' or 'Toolbar Buttons' or 'Toolbar Options' before downloading the toolbar? Please be honest.
-------------------------

Just to humor you and would be Google_drones. Let say I clicked on the 'FAQ' link first 'before' I download the Toolbar and bear in mind that this 2nd click I made away from downloading the toolbar, not to mention that I have to back click later to actually click the button 'Get the Google Toolbar'.

-------------------------
[toolbar.google.com...]

Wow! I counted more or less 60 links to follow.

Question: What are the probabilities of somebody actually clicking 'directly' on the link for 'How can I learn when a new version is available'? Please be honest.
-------------------------

In summary of the above process. A user in order to see this...

The Google Toolbar automatically updates itself when a new version is available. This may not happen immediately, but it will eventually. If you learn that there's a new version out and you've just got to have it, you can reinstall the toolbar to make sure you're driving the latest model. (You may need to uninstall first, though this shouldn't normally be necessary.)

At the barest minimum, the user have to click 3 times 'away' from downloading the toolbar just in order for the user to read the above paragraph. What are the chances of that happening? I think I have better luck with the lottery.

At the maximum, the user have to click more or less 100 and 'by chance' would be able to read the above paragraph. What are the statistical probabilities that the user have to go through all that to download the toolbar?

In Google Terms of Use

The most important document when you download the toolbar. Here, I, as a user, have the option to 'Agree or Disagree' with the terms.

Within the terms, Google is very explicit in what the user can and can't do with the toolbar BUT why is it not spelled out in this important document that 'I either agree or disagree for Google to auto-update the toolbar without any further notice'.

That's very conveniently left out and the fact of its auto-update is buried 3 clicks away from the toolbar home page.

I say the intent is malicious

I say the intent is malicious.

I heard an ugly rumor today. The next version of the toolbar will quietly overwrite the latest version, same as always. But if you have the pop-up blocker selected, this new version will behave slightly differently. It will block not just the popups that it blocks now, but other ads as well. Curiously, all these new blocked ads may tend to be any ad not served by Google, Inc.

Could there be any truth to this rumor? Please confirm or deny, GG.

There should be an option to "Check For Updates and Install Updates Automatically". In all the software I write this is the approach I take, 90% of the people use the option.

"So, I suppose that it's my personal responsibility and not my trusted friends responsibility to respect my privacy and my property? It's okay then to go to my friends house, invade their privacy and destroy their property because they trusted me?"

Your friend came over to your house, and you invited him in, and when he walked in he said he might change the channel on your TV, and when he does change it you start complaining about him? It's baffling how people can take no responsibility for their actions. YOU installed the toolbar. The Pope didn't sneak into your house and do it. They tell you it auto-updates. Delete it if you didn't pay attention and don't want that. Craziest thread of the year.

Okay Steve, invite me to your house and I'll break a few things and more. Hope that would make you happy :)

Anyway...

Security Issue

A few things I found out about auto-update.

1. March 1999

It was discovered that Macromedia have created a huge security risk to its Mac users through the 'optional' auto update feature which periodically checks the Macromedia download site for the latest revision of Shockwave.

If it needs an update, the software reports back to Macromedia the Shockwave sites users have visited.
But in cases where Web sites use password validation in their addresses, this information - which can include the passwords, as well as data about secure Web sites, even those behind a firewall, and hard disk information -
is passed back to Macromedia.

2. June 2003

Symantec under fire for bugs, flaws

...customers using Symantec AntiVirus Corporate Edition reported that an 'automated' antivirus definition update from the security company caused the antivirus software to fail,...

Furthermore...

Attackers who have a copy of the flawed ActiveX code with a valid digital signature could trick Microsoft Windows systems into accepting the control, opening that system to attack even if it did not already have the faulty component installed,...

--------------

Macromedia and Symantec have acknowledged the security hole that their 'auto-update' have created and have taken steps to prevent exploitation of this bugs.

Of course we also heard the infamous 'windows auto update' exploit.

All this have been fixed BUT it's always after the fact and the damage has already been done.

So, what's to prevent somebody exploiting this backdoor in my computer that Google have left open because the auto-update pass through my fire-wall and my anti-virus? I bet, somebody is looking into this already and it's not only Google.

--------------

Quote from the net

This is the primary objection to auto-update - it is fundamentally insecure with a development process lacking security controls. The second is basic trust.

--------------
Further reading

The Risk of Programs That Update Automatically [schram.net] Read it, maybe this will wake you up, as to what is Google doing.

So, play with fire at your own risk.

--------------

and Steve, I hope your friends are as nice as me :)

Cheers

So... don't... install... it.

I have to admit; I've been reading this thread and thinking the same thin as Steveb. If you don't like it then don't install it.

Today I turned my sleeping toolbar on to check out some pages and it went through the auto update process. No big deal, and when I was done with it I unchecked the Google toolbar from the toolbar menu and walla....another toolbar disappears. Uncheck the other toolbar and Google disappears. After playing around with this and rebooting the problem was still there.

Bye bye Google toolbar old friend it was fun while it lasted. No more little green lines for me if it means spending ANY time at all repairing my main machine.

It was an obvious, conscious, technically informed, and more-than-likely a hotly debated policy within Google mgt to automatically update the toolbar. This is not something that happens by accident or because it was a good idea at 3am when it was programmed

Exactly. For me, the issue is not so much whether disclosure via the FAQ is sufficient. This was a design decision. Google was well-aware of the routes that other software vendors had taken for self-updating software. A common technique is a dialog "[software product] has detected a new version. Would you like to update now?" As others have pointed out, even Microsoft's window's auto-update service is opt-in and updates are only installed if the user explicity chooses to do so. Windows computers around the world would be much more secure if Microsoft silently pushed it's weekly security patches without obtaining user consent. But Micrsoft made a design decision not to do so. And Google, aware of the actions of other software vendors, made a design decision to update the toolbar without prompting - or even notifying - the user. This leaves one question. Why?

Look at the huge mess we're all experiencing from the sobig.f virus.

All of us who patched our computers are suffering because of all of those who didn't. Maybe THAT (general issue) is what Google considered when making the choice to auto-update.

That said, I do agree with others who have (politely) urged Google to offer better disclosure and more options. As I noted earlier, when there's a CRITICAL toolbar update available, a good compromise from Google would be insisting that toolbar users either upgrade OR disable their toolbar. This'd be win-win; there'd be no active toolbars vulnerable to any future exploits... and users would have an option.

For those that keep using the "don't install it then" logic, remember that it is the ONLY way to get the current pagerank on most sites. Some of us do SEO work from time to time around here ;)

For those that keep using the "don't install it then" logic, remember that it is the ONLY way to get the current pagerank on most sites. Some of us do SEO work
from time to time around here ;)

The larger issue, and the real weakness with the "don't install it" logic, is that we're not just talking about our own little lives here. (Are we?) The toolbar is already installed on millions of computers whose novice owners have no idea it's going out and bulking itself up every now and then. If they did know, most of them wouldn't care, but many of them *would* care, and therefore everyone should know.

Putting it in the FAQ/privacy page just isn't nearly enough. Gator uses the same defense to claim that their users have "opted in to receive targeted offers". But Gator is slime.

Kackle - are you the guy who writes Google Watch? Your mantra is remarkably similar in style. I read the article on mind control. Very enlightening. Luckily my brain cells are no longer receptive as my mobile phone has already destroyed the ones receptive to non ionising radiation ;)

I have a question for you. If, in order to secure world domination, Google wants everyone to use the toolbar so much, why did they destroy the attractiveness of PageRank, their number one toolbar marketing machine? Perhaps they were just double slying the people watching google to put them off the scent?

Actually, I think we've stumbled upon something! Google is planning on updating the toolbar to install Mind Operational Mapping.

It works by first assessing one's current mental processes ("Must boost Google rankings!") and remapping them with more sound and sustainable processes (e.g., "Must remember to wash behind ears daily!" and "Must communicate with son F2F instead of just over IM" and "Must turn off computer and seek out natural light" and "Must consume something other than Coke(tm) and Snickers(tm)")

Over time, Google will have slowly cultivated a cult of more productive citizens!

De-install your toolbar while you still can :O

> Mind Operational Mapping. << i thought MOMs use to do it..now google eh? LOL @ Adamguy

Guys :)

It's easy to criticize people who voice out against the majority or in this case against a popular search engine(for the moment) a.k.a. Google.

The issue of this thread is not about 'if you don't like it then don't install it'.

Just some points to remember;

1. When users downloaded and installed the Google Toolbar, are they aware of this auto-update?

-a. It's in the FAQ - see msg #99 why that is not remotely possible before download.

-b. It's in the Toolbar Privacy Policy - let me quote it for you...

Periodically, the Google Toolbar contacts our servers to see if you are running the most current version. If necessary, we will automatically provide you with the latest update to the Google Toolbar.

Unless my grammar is wrong, how would you interpret the sentence...

If necessary, we will automatically provide you with the latest update to the Google Toolbar.

?

-c. Automatic update of 'other features' - version is not a feature.

2. Did the users have agreed to auto-update according to Google Toolbar Terms of Use?
---------------------

This is not about 'the software'. It's about security. It's about trust. It's about how Google treat you...us.

The big questions is...Why is Google doing this?

Because it cares about you or me? If that's what you think, fine. I thought, I was the naive one.

I found this in my computer

ActiveX control ID{8EDAD21C-3584-4E66-A8AB-EB0E5584767D}
codebase:http://toolbar.google.com/data/GoogleActivate.cab

which is dependent on 2 other components,

activate.dll
activate.inf

located in my C:\WINDOWS\Downloaded Program Files folder.

I wonder what are they for? Any idea? :)

with all this talk about the google toolbar, is anyone aware of the client that it may also carry for doing genomeing or protein folding in stanford's distributed folding@home scientific research on proteins and genomes? ;)

Net_Wizard:

I just pulled a copy of the cabnit file there. It contains the dll and the inf files you mentioned. The dll doesn't look unusual, except it imports one function (WinVerifyTrust) from wintrust.dll. Haven't seen that one before. All of the other imports look pretty run of the mill.

If I had to guess I would say it is the core of the toolbar (InternetCloseHandle, InternetOpenA, InternetOpenUrlA, InternetReadFile are imported from wininet.dll). Just a guess though.

Jordan

for those that want to roll back to 1.1.70

1. Download the non-activex 1.1.70 full installer
[b]win2K/winXP[/b]
http://toolbar.google.com/data/en/big/1.1.70-big/GoogleToolbarInstaller.exe
[b]win9x/winME[/b]
http://toolbar.google.com/data/en/deleon/1.1.70-deleon/GoogleToolbarInstaller.exe

2. In your firewall, for "[b]toolbar.google.com[/b]" block the phrase "[b]/version[/b]"
if you do not have a firewall, you can instead add this to your HOSTS file
[b]toolbar.google.com 127.0.0.1[/b]
however this is not as flexible and may block other desired features with the toolbar

3. Install the 1.1.70 version you downloaded and fine tune your options.

wintrust.dll is used to communicate with secure pages in IE afaik

/claus

"I wonder what are they for?"

Directional vectors for the black helicopters.

>Directional vectors for the black helicopters.

Yeah, some even suggest that it can turn your Monitor into one giant video cam.

That would be great, only if Google would care to share how you look Steve ;)