dear google

[piranha]

why do you want me to hate you? i really don't want to. i don't actually want to uninstall all your software because i am coming to distrust you as much as i distrust microsoft. i've dumped gmail, picasa, chrome, and search when you decided you knew better than i do what my real name is and that you somehow have a greater right to it than i do, but i still love google maps and google earth and google sketchup, and a whole host of lab stuff. you've given me a lot of neat software. but frankly, i'd rather pay for it in $$ than have you extract your price in whatever way you feel justified. because it's not "free".

now it looks like i might need to uninstall those apps as well, because you have decided you know better than i do what connections i allow to breach my firewall, and when.

for the last month every hour a process called ksfetch got stopped by my network monitor littlesnitch (HIGHLY recommended) when trying to connect to tools.google.com over TCP port 443 (https). it doesn't take long to find out that this is a google update process, probably serving apps related to keystone. usually i have always whitelisted google update processes because i've considered them trustworthy enough. though in general i prefer to have an option to tick "automatic updates" rather than have it happen behind my back, which option doesn't exist in google software (black star for that). but worse, ksfetch started to hammer my system, i had to dismiss 4(!) dialogues each time, and in fact i couldn't whitelist it with littlesnitch, which is what i had initially wanted to do. what the fuck?

turns out google does something sneaky for which i haven't discerned the reason -- ksfetch gets created as a new process in /tmp, and therefore littlesnitch can't associate any white (or black) listing parameters with it because it isn't a standard app. why in the world would google do such a thing? this is the sort of thing malware does! i looked in google's product update forum, where there are tons of people inquiring about this, and the only customer service rep who showed her face warned sweetly that disabling this would mean we'd no longer get security updates. no shit, sherlock! whose fault is that, do you think? why doesn't google act like a good software citizen on my machine?

so i archived and removed the /Library/Google/GoogleSoftwareUpdate directory. felt a bit drastic, but i wanted some peace while figuring out a more elegant solution. except it didn't give me peace for long; seems google software recreates that directory and its files when it notices it missing.

the littlesnitch people offered this workaround (in terminal, either use sudo or issue as root):
defaults write com.google.Keystone.Agent checkInterval 604800

which supposedly sets the launch agent to check only once a week (in seconds; can be set to longer or shorter as you wish). that slowed things down on 10.6.8, but it's nowhere near once a week; it still dials home several times a day. i don't want to waste any more time, and i am stopping myself -- barely -- from just wiping all google software from my system. this is my last try; restricting all access to the directories, including for all users (if present).


chmod -R 000 /Users/yourPersonalHomeDir/Library/Google
chmod -R 000 /Library/Google


most people won't ever even notice, so google seems not to care about those of us who're actually active in monitoring our systems.

i wonder whether there is a growth limit to corporations beyond which they simply no longer give a fuck about anything but their bottom line. if i ever allow myself to run a corporation, somebody please knock me over the head when i start to act like i know better than anyone else what's good for people instead of actually listening to them.

ETA 2012-08-22: ok, so denying google all permissions on both directories "works". i am writing a script to undo the permission once a week for a short period of time, so it can phone home and check for updates. the whole thing is kludgy as hell, and i don't really like running my system with kludges like this; automatic updates are supposed to be a winning proposition for everybody. it also means that GoogleUpdateUpdateAgent throws an exception every time it tries to run: "KSStatsCollection requires a storage path." but that's less annoying for me because it just clutters up the log, like so many other apps. as this has been going on since june, it looks like google doesn't give a shit that some techies are complaining; alrighty then, i'll have to treat google software as actively hostile to my system. sucks when companies i used to love turn more and more to crap.

Comments

[kore]

YIKES. Wow.

[wild_irises]

I have a lot of friends who work for Google, and one of them recently had a gmail status line which read "First come the entrepreneurs and then come the greeedy," or words to that effect.

I haven't asked zir if it's a comment on zir job, but it seems like a good guess.

[piranha]

*sigh*. yeah, same here, having friends who work there. since i've become so pissed about google we don't talk about it for the most part, because i don't want them to feel i am dissing their choice of employment. i don't. google is certainly not among the truly evil companies anyway, but i think i am extra disappointed because they used to feel like "one of us", but don't anymore.

[phoebe_zeitgeist]

Most people won't notice, but we're still grateful to be alerted by the more vigilant among us. I wouldn't have known about this if you hadn't posted, and am glad to have had the chance to try to do something about it just in case. (I'm not sure it's actually affecting me, but I've got the GoogleSoftwareUpdate sitting in my library directory, so it's certainly possible that it has been.)

I found what looked like an interesting approach to the problem here, where SupportM claims to have taken care of it by the simple expedient of changing the read/write permissions on the relevant folder and then locking it down. I'm far from knowledgeable enough to have a clue whether this would work, or why -- there's something that feels intuitively plausible about it, but that's probably because I know nothing about it -- but having found it, I thought it might be worth running by you. If it does work, it certainly makes for a relatively simple fix for people who only use terminal commands when we really, really can't help it.

[piranha]

glad it was useful!

as far as i can tell at this point it just does an awful lot of calling back home to see whether there are updates of any kind. i am greatly in favour of automatic security updates, because then a potential problem can be fixed without me having to have heard about it already; google can just push the fix out. which is why i wanted to whitelist them. the thing is of course that we'll never know what it might be doing if it's doing this so often, and i dislike that.

your intuition is good. :) yes, what that person describes does the same thing as the chmod i did -- changing permissions on the directory -- except through the finder. i tend to use the unix side of things because i know for sure what works there, but yes, if you don't feel as comfortable using the terminal, this is a fine way of doing it instead.

however, in the long view of things, locking google away from being able to connect is suboptimal, because then one gets no more security updates. at this point that strikes me as riskier than trusting google. i will probably write a small script that unlocks that directory once a week or even once a day. or maybe let littlesnitch give all aps access to tools.google.com, but i am ornery about it right now. why can't they just be upfront about this stuff?

[graydon]

Once a week is way, way too slow for "mobile device" security updates that run payment systems; I realize that's not what you're talking about but I'd be astonished if that set of concerns isn't driving Google's defaults. ("several times a day" is probably too slow for those; they should probably be on some kind of "check for updates and a changed checksum before each use" system.)

If you expose or make optional update processes, people, as a statistical abstraction, turn them off; they're in the middle of doing something and don't want the update to interfere with it. I suspect what you're seeing is the beginning of "you can't turn this off" countermeasures.

That said, my guess would be that it's in /tmp because whoever wrote it wasn't thinking about what they were doing beyond "I need a place to stash files", rather than conscious nefarity.

Though, really, google's business model is to be useful enough that you'll tolerate their ads; it only works if they're providing a net decrease in insecurity. ("I know where I am and how to get where I'm going, but I now also know much more about local eating establishments than I wanted to; still a net win" sort of thing.)

The default insecurity target -- what actual people worry about -- is now a quantity they're trying to _change_, though, which is unhelpful to the core model. So I certainly wouldn't want to suggest I believe they're not completely evil; anything their size and ad-supported more or less has to be, because they more or less have to be trying to change people's ideas of what they should worry about.

[peoppenheimer]

Thanks for this post; figuring out all those requests from Little Snitch (yay!) was on my to-do list. What has the fallout from chmod 000 /Library/Google been so far?

[piranha]

nothing bad; both google earth and sketchup are running without a hitch. so far no more ksfetch attempts to call out! i am feeling all smug, *snrk*.

i expect i will have to wriite a script that changes the permissions back once a week so i can get security updates. that's easy enough to do, at least.

[green_knight]

Thanks for the warning. I don't use any google apps, and I won't after this. I refuse to install Chrome for two reasons: one, the force translate which - at least in the windows version I used - could not be turned off. Hey, some of us speak more than one language at the same time! We don't want a crappy translation, we want original content!

And the other was that I was told at the time - when Chrome first came out - that it would update itself if and when it wanted to, and that you could not turn off the autoupdates.

I've also just thrown Flash Player off my machine again. I installed it for the Olympics, but I don't have time to watch, and I'm sick and tired of clearing out cookies. But mostly, I'm tired of looking at Activity Monitor to find that - even without, y'know, actively running any flash content, it's regularly eating 30% of processing power _sitting in the background and phoning home_.

I thought Apple was a bit bonkers delivering a computer without Flash installation. After a little monitoring, I've changed my mind.

[zeborah]

I've been weaning myself a little bit away from Google stuff except Gmail is hard to wean oneself away from and I'm thus far too lazy to investigate decent alternatives to Reader. And Scholar and Books are useful for my work. And...

But for maps I almost always use OpenStreetMap these days - as a bonus, being crowdsourced it has up-to-date information on where shops are in my city, as opposed to Google's streetview and satellite imagery which are still pre-earthquake. (Eighteen months is a long time when the buildings start coming down. And keep coming down. Non-stop demolition; every time I go through town to my dayjob the view's a little different.) It is behind all Google's flashness in other respects but seems to be constantly growing.

[green_knight]

Ooh, thanks. That's a very nice map indeed, very detailed, including footpaths (which appear to be reasonably correct) - let's see if I can form a habit. (Still have gmail, won't get rid of gmail unless things *really* go south.)

[outlier_lynn]

"i wonder whether there is a growth limit to corporations beyond which they simply no longer give a fuck about anything but their bottom line."

As soon as a company becomes publicly traded, they are required to only be concerned about the bottom line. Some start out that way (facebook), but many a good company like google has gone to the dark side simply by becoming a public corporation.

And this is getting worse with each passing year. We had a brief moment in the early 1970s when it seemed that taking a "longer view" of corporate health was getting traction, but it crumbled in the 80s when everyone was looking for short term gains. We have not recovered. It isn't the music industry where one gets "money for nothing and chicks for free." It is investment banking.

You *think* you can just uninstall the Google Apps?

[(Anonymous)]

I have never installed ANY Google software. No Chrome (Safari, on MBP), no GoogleTalk (do use Adium), no Google Earth, etc.

I tried LittleSnitch and it complained about the massive amounts of traffic that was being sent to Google for all sorts of processes. Then moved to HandsOff! and got the ksfetch hammering as well.

So, I've tried to follow through the system, removing everything Google. Si nada - still have many calls being sent out to big G, mostly over Curl or through Ping [and please don't argue that pings are harmless].

So, good luck on removing this bad citizen. I haven't been able to work out who is calling Curl, but would love to boot G. "Beware the Jabberwock, my son; the claws that catch... [Jabber is owned by G].

Re: You *think* you can just uninstall the Google Apps?

[piranha]

jabber is owned by google? since when?

sketchup, on the other hand, has been sold to trimble (big in GIS/BIM/AEC), which is probably not a good thing for the free version, though it might be good for sketchup pro.

kinda interesting that you have these problems despite never having installed any google software. i don't like it.

i have by now managed to stop all calls out from google software. alas it means that i get a couple of crashes of their software a day, but eh, small price to pay.