Thursday, September 01, 2011

They Live

Ever since finding out about Google Cloud Print embedded into the Chrome browser, I feel like I'm living in a Sci Fi movie. I've discovered a nefarious secret plot, and nobody else is onto it yet. When you search for information on it, you see nothing but happy people who think it's cool but probably haven't used it.

I tried to use it, and it scares the hell out of me.

Our firewall and proxy servers are pretty well bolted down. They don't allow any traffic we don't explicitly name, and we blacklist a ton of URL's above and beyond what the filtering software blocks. Google Chrome's Cloud Print just works, right out of the chute, in ways that are difficult to track down exactly.

From a firewall standpoint, we were able to shut it off entirely, but through the proxy, it's a far trickier operation. The conversation essentially goes from client to google.com directly. It hops to SSL pretty much right away, meaning you have no idea what's going on from a packet capture standpoint. It's all on port 443, and it just works. Google can see behind your firewalls and into your enterprise, using Chrome as a spy agent.

I am not a fan of that for a lot of reasons that should be obvious. I'm even less of a fan of the fact that I cannot cleanly and easily lock down that capability. The options I have are draconian and will definitely result in an internal shit-storm.

Apparently "do no evil" is an increasingly subjective and malleable standard for the Google juggernaut, because this is pretty damned evil.