Adam Fields (weblog)

This blog is largely deprecated, but is being preserved here for historical interest. Check out my index page at adamfields.com for more up to date info. My main trade is technology strategy, process/project management, and performance optimization consulting, with a focus on enterprise and open source CMS and related technologies. More information. I write periodic long pieces here, shorter stuff goes on twitter or app.net.

5/6/2005

They don’t necessarily know who you are

In the last post, I wrote a lot about what’s wrong with Google’s new services and terms of service. I think one thing bears important repeating.

MANY of your important interactions with Google are unencrypted. As such, it is even more trivially easy to steal the value of someone’s Google cookie, and possibly pose as that person to Google. It’s possible that Google has taken precautions against this, but the risk is currently unknown. If this is possible, I think that throws a huge wrench into the use of this information by law enforcement.

I remember early discussions when it was first revealed that Google was storing a persistent lifetime cookie. It was generally perceived to be “okay” only because the value was not to be tied to search history in any way. We predicted that someday it would be.

Sometimes the slippery slope is actually slippery.


Comments are closed.

Powered by WordPress