« The World According to del.icio.us | Main | ETech »

February 02, 2007

Comments

Anonymous

When you are logged in your email address is displayed at the top of most Google search result pages... right next to a logout link.

mike

At the end of the day, google provide a free tool - and it is up to you if you use it. Perhaps you don't agree with their methods, or like the fact that they are recording your search info ... but you chose to use them, no one is forcing you too.

The google personal searching stuff is scary, scary how you can forget its doing its stuff until you perform a search on someone elses machine and get totally different results. Its clever and useful and does potential violate my privacy, but that's my choice, and it is the price I pay for a better service.

Fazal Majid

Google's cookie is set until 2038, so you could wait for a while for the "login" to time out...

Yet another reason why you should put Google in Firefox's cookie domain blacklist. And if you don't use a browser that allows you to ban evil domains like google.com or doubleclick.net from setting cookies, why you should switch.

David

Personally, I would have noticed immediately if I was logged into someone's account. But I understand how this could make you feel kinda helpless if you don't notice the display in the upper right hand corner.

Daniel Brandt

What fun! Hijack someone's Google account while they're away from their desk! Just get an account with a username that looks like their username. An upper-case "I" (eye) looks like a lower-case "L" (assuming that Google retains case when they display the username), and there are other substitutions that probably wouldn't get noticed.

bernardo

In order to protect one's privacy online, one must practice good "internet hygiene": Log out after using any service, clean your browser regularly (browser history, cache, and especially cookies), verify who you are logged in as, etc.

If your hygiene habits aren't good, you can't really be surprised when they fail to protect you from this kind of thing. Don't brush your teeth, get cavities. Don't use a condom, get STDs (or a baby). Don't log out or clear your cookies, get a stranger in your accounts.

Cleaning your cookies is especially important, since many sites out there (which I sometimes end up at when I misspell a domain name) can use scripts to read your cookies and thus help themselves into whatever account you are logged into at the time. Well, it's not quite that trivial, but still pretty dangerous.

I have two different Google accounts I use for many services (one which is personal, used for serious things and for emailing friends and family, and one whose email address is given out online, likely to be spammed, and not trivially connected with my real name), so every time I visit any Google-related page, the very first thing my eyes do when looking at the page (it's almost not conscious) is to see which account (if any) I am using.

I also have more than one PayPal account, bank accounts with three banks, and three OTHER banks that offer me credit. You can bet your behind that I am never logged into any of these sites for any longer than I need to be; As soon as I'm done, it's "LogOut"!

Google puts the Google Account information on the top right for a reason. If you ignored it, and if you don't log out, then that's your fault. And if you're surprised that it did not log you out, then that's your fault too: Upon signing up for a service that holds such precious information, you should have either read about the persistence of its log-in, or tested it, rather than just assumed it works as you wish it did. You know what they say about when you "assume"...

bernardo

I should also add that I realize you might have never signed up for Google's search-history feature yourself. Someone just went on your computer and logged on to a service that allowed them to see the Google searches you made from then on.

I guess a good part of online hygiene is to let other people use your computer as little as possible, and to monitor them closely when they do.

Although, still, his email address on the top right of each page should have been enough for you to notice it and log him off...

Aaron Newman

Wow, this article scares the bejesus out of me. I have a much different point of view then other commenters - Google's offering a free service but they absolutely have a strong obligation - if Google wants to be an Internet giant, they absolutely have an obligation to take care of your personal private information (What ever happened to "Don't be evil?"). The same way someone taking my credit card has a legal obligation to protect that from leaking out - Google absolutely needs to protect private information like what searches you are doing.

Google is playing with a loaded gun. It's potentially embarrassing here in the US, but there are plenty of places in the world where governments will "kill" for this type of information.

bernardo

"The same way someone taking my credit card has a legal obligation to protect that from leaking out..."

Yes, but when you hand your credit card to a cashier or delivery person or whatever, then if you care about your credit card, it's your responsibility to make sure you get it back.

Is it the responsibility of the company who hosts your account (Google, your bank, your credit card company) to make it impossible for you to allow someone else access to that account? Yes, in part. But beyond a certain point, the responsibility falls on the account's individual owner. Yes, Google has the responsibility to make sure no one can access your account unless they have your username and password, or access to your computer. But it's up to you to restrict who gets access to your username and password or computer, and (if you care about your account) to monitor the people to whom you give that access.

Hugues de Saint Salvy

Honestly it is partly your fault for not logging yourself out of his Google account... After two months of internet browsing on various Google websites, you had never noticed the guy's email address and logout link on the top right corner?? Do you never use Google?

I do however understand your concern because I am trying to raise awareness on a security issue that stems from the same problem: the fact that people are more or less constantly logged into their Google account and often do not bother to sign out from their personal computer. This implies that all of their Google information is available for viewing by anybody who happens to get access to this computer for a couple of minutes. Google has taken steps to increase security for sensitive data (remember how you said that you couldn't access the searches in the other guy's search history ; even though you were logged in, Google asked you to re-enter the password to see this page). But there are other Google Services which are still not secured. Here's an illustrated example for Google Docs and Spreadsheets: http://lepetitradiateur.blogspot.com/2007/01/suggestion-increased-security-in.html

Jeremy Sisson

I think this is a broader issue with online applications. When my data is stored outside my company's firewall, who knows what can happen.

I love the applications Google is producing now, but I can't trust that my data is safe.

Joe Duck

Arggh - I can't believe how many otherwise smart people here are blaming *you* for this! Of course we should all use extreme caution, log out religiously, and change passwords BUT WE DON'T and NEVER WILL! It's up to Google to create routines that protect privacy, and in this they have failed. Not to mention that all searches are logged and tracked at Google to your IP already, giving Google total access to the search history of your machine (which is easily trackable to an individual person).

Cuneyt Ozveren

Folks,

Great to see a good discussion on this topic here and on John Battelle's blog. I would like to add a couple of points to the comments made here:

First of all, my bigger concern going forward is the possibility that someone could turn this into real spyware, something that only runs for a few seconds and logs you in to some bogus "Google" account. After that, the mechanism that Google has so efficiently designed would kick in and start sending your searches to the bogus account. Other variations on this may include changing your login to something undetectable by replacing the letter “l” with the digit “1,” as suggested by Daniel Brandt, above. Since the spyware would only run for a few seconds, it could be virtually undetectable.

Second, as some of you have asked, I also asked myself the question “how on earth did I miss the upper right hand corner login for two months?” Let me clarify that I never use the Google main page. I use the little search window in Firefox and directly go to the search results (you could also be using Google toolbar, for example). Here is a link that will take you to a heat map (which tracks eye movement) of Google's search results page, which shows that people almost never look at the upper right hand corner. http://www.eyetools.com/inpage/research_google_eyetracking_heatmap.htm This is probably why Google moved some of their higher-paying ads directly above the search results.

I think it is important to keep these discussions going. It is the best way to make companies pay attention and make their services better.

jelo

Just don't search for anything you shouldn't be searching for...and you'll have nothing to be embarrassed about...

Disseminate

Just found this topic while doing a search for what Google is up to.

I have a NEW forum linked to my new site (remotely hosted as I'm not purchasing a domain) and EVERY TIME I post, I notice a googlebot shows up and appears to be scanning my entries. The site is so new, it's not listed on any search engines yet and until/unless I get a counter going on the site itself, I'm unable to see if google is also sniffing the site. I am suspicious and became more so when I saw a news report about Google Street cam or whatever it's called.

It's not paranoia, it's vigilance - what the hell is this company up to?

Canadian Online Pharmacy


this blog is great, I really like has many qualities, for one has very good subject for discucion.

buy viagra

great blog about Google the Spy? thanks for sharing

buy propecia

How can I spy on Google Chrome history?
I think my 10 yr old son is looking at inappropriate webpages. is there any way to spy on his google chrome history or recover deleted history?

Donde Invertir

Thanks for all information . I'm very interesting in your blog please send any update.

How to Lose Weight

Hello there, I'm having problems viewing your blog on my iPhone, the comment form isn't showing properly for me. (Just thought you might want to know, I'm typing this from my laptop.)

-Jessica

soft cialis

could they not just remove the "vulgar" posts from the website and that was it?. We also remember Yahoo! giving information to the Chinese government which then arrested and jailed a Chinese journalist.

generic viagra

here's the thing , about 4 or 5 days ago i downloaded frostwire to download music, but the thing is i only downloaded 1 song, and a friend had told me frostwire doesn't give you viruses and he said he didn't have a virus on his and it worked fine , so i believed him, about 25 min. after i downloaded frostwire, something popped up saying i had malware , trojan, etc. Now that i used my internet i can only use yahoo, google, and certian limited amount of websites, it blocks youtube, myspace,facebook, sports , and many more websites and says that this website could contain risks and what not, but come on those three websites are trustworthy , the thing that pops up is red and it has two options install , which costs money and continue unprotected. How is it My Antivirus Norton Antivirus didn't detect anything and that crap did , how do i get rid of it

sildenafil citrate

Something happened to me recently that turned this discussion upside down.

sildenafil citrate

Well, it's not quite that trivial, but still pretty dangerous.

dll files

this post is worth a read i have already bookmarked the url for a later read.

The comments to this entry are closed.