An email I've been expecting arrived today:

Dear Google user,

We're getting rid of over 60 different privacy policies across Google and replacing them with one that's a lot shorter and easier to read. Our new policy covers multiple products and features, reflecting our desire to create one beautifully simple and intuitive experience across Google.

In less poetic prose, what this means is that Google will be combining all of the data they collect on you across 60 different areas, and will be using it to determine what you see when you search, read email, or otherwise interact with one of dozens of Google services. Of course, they already to this to a large extent; now they're just going to do it in an even bigger way.

The plan has raise the ire of many critics who argue the move violates user privacy, increases the potential for inadvertent information disclosure, and leaves users with no opt-out option. Of course, Google does offer a "data liberation option" which is a rather fancy way of saying you can just quit using Google and take (a copy of) your data with you if you don't like the change. But while getting out altogether could be a viable option for some, for many it may not be.

Ironically, while the proposed changes are very beneficial to Google, from a user use perspective they simply make Google search results even less meaningful. Ultimately, I use a search engine to help me find what I don't already know, to discover what others are experiencing, to gain a broader view of the Web and increase my knowledge of the world at large. I don't want narcissistic results that only provide a myopic view into my own world. Sure, that helps Google serve ads, but how does it help me?

You can reduce the profiling and restore some usefulness to Google searches if you (1) almost never actually login to Google; (2) logout the second you're done; (3) keep your Web history cleared;  (4) use NoScript religiously to disallow javascript from Google or their services unless absolutely necessary; (5) close your browser and flush cookies after any Google session; and (6) if possible, use multiple computers.

That's a lot of work though. And it still won't get rid of all of Google's 'personalization' in searches. Since what is relevant from Google's standpoint isn't useful to me, I've found a far easier route is just to switch search engines. DuckDuckGo is my default; it has both a secure and a plain HTML option.

In September 2011, the Microsoft Digital Crimes Unit successfully shutdown the Kelihos spam botnet and - for the first time - named a defendant in a civil case against the perpetrators. On January 23, 2012, the Microsoft Digital Crimes Unit named a new defendant in the civil charges - a defendant that is allegedly a former employee of an antivirus vendor.

According to the amended complaint, "Microsoft alleges that Andrey N. Sabelnikov, a citizen of Russia, is responsible for the operations of the Kelihos botnet." The revision further explains, "On Oct. 26, we successfully settled with defendants Dominique Alexander Piatti and dotFREE Group, allowing us to dismiss the case against them. Today, thanks to their cooperation and new evidence, we have named a new defendant to the civil lawsuit we believe to be the operator of the Kelihos botnet."

The statement, from Richard Domingues Boscovich, a Senior Attorney for the Microsoft Digital Crimes Unit, then goes on to read that Sabelnikov is alleged to have written "the code for and either created, or participated in creating, the Kelihos malware."

The amended complaint filed by Microsoft states that "Defendant Andrey N. Sabelnikov is an individual residing in St. Petersburg, Russian Federation.  Defendant currently works on a freelance basis for a software development and consulting firm.  Prior to his current employment, Defendant worked as a software engineer and project manager at a company that provided firewall, antivirus and security software.

According to a BBC News report, a LinkedIn profile for an Andrey N. Sabelnikov claims previous employment at Agnitum, a security vendor in St. Petersburg, Russia that is best known for Outpost Firewall. A spokesperson for the company confirmed with BBC news that "Andrey Sabelnikov worked at Agnitum from 2005 till 2008."

It's worth noting that the first variants - considered very 'alpha stage' - did not appear until the latter part of 2009, which is pretty good indication that the malware was not created during Sabelnikov's time at Agnitum. Despite the facts, it's likely to fuel the misguided conspiracy theories that antivirus vendors write and distribute malware in order to sell more antivirus software.

Randy Abrams, via his Security Through Absurdity blog, discusses the chilling permissions problem he uncovered on his T-Mobile / HTC supplied Android device. It seems a demo of the seemingly innocuous Bejeweled game from Electronic Arts is preinstalled on the device with a range of permissions typically reserved for spyware type applications. Concerning permissions include the ability to:

• Read and write contact data
• Send SMS messages
• Receive SMS messages
• Determine Course and GPS location
• Record audio

According to Randy, these extensive permissions aren't a part of the paid version of Bejeweled. In response to Randy's inquiries into the invasive permission problem, EA Games has put the blame on HTC, who in turn has put the blame on T-Mobile. Currently there is no removal option and apparently attempting to remove the demo game manually may void the warranty on the device.

If you own or are considering a purchase of a T-Mobile HTC device, I strongly encourage a read of Randy's excellent discussion of the problem: The Mysterious Permissions of Bejeweled 2.

New review posted: Avira Internet Security 2012.