Google: we will share your name with anyone who asks us for it

Forum

Google: we will share your name with anyone who asks us for it (View post)
Juha-Matti Laurio	Tuesday, September 23, 2008 15 years ago • 5,516 views
Back to the story Real-name-behind-gmail-users discussed in July http://blogoscoped.com/forum/135954.html link: http://blogs.securiteam.com/index.php/archives/1144 with screenshots included
Above 1 comments were made in the forum before this was blogged,
Andy Wong	15 years ago #
The markets with Google are still expanding and the top priority of Google is to occupy markets. Security and privacy is not yet a big concern to Google yet. A past example was Microsoft. DOS, Windows 3.2, Win95/98 had little effective security mechanism, while Unix at early stage had implemented security. But Microsoft sold the easiness of Windows well, while security always has conflicts with easiness.
TOMHTML	15 years ago #
"This is all a Chrome desktop app will show you – do you know at which domain you’re currently entering your Google password?" ==> that is really a wrong idea from Google, I do not like that. Just as the missing statusbar, you have to use your mouse (and not the keyboard) to roll over links to discover their target... FAILED!
Ionut Alex. Chitu	15 years ago #
IE has a similar feature called kiosk, but it's not accessible from the UI. Edit a IE shortcut and append -k mail.google.com or type in Start/Run: iexplore -k mail.google.com To exit the kiosk mode, press Alt+F4.
Juha-Matti Laurio	15 years ago #
The fact how this will help phishing gangs has not been discussed yet
Philipp Lenssen	15 years ago #
> The fact how this will help phishing gangs > has not been discussed yet You mean in the thread, in the post, or ...?
Philipp Lenssen	15 years ago #
Google Lively now has adjusted the way it lets people enter their Google Account password to join a gadget room, perhaps in reaction to the phishing problem mentioned: they will now pop up a new window which shows the address bar. That's much better than before. I wonder though, is it possible in today's browsers to pop up a window (on click) which then contains no address bar (which would allow you to add a HTML/CSS-faked address bar)? I just tried var winRef = window.open('http: //example.com', 'somename', 'location=0'); which still showed the URL in several browsers but I'm not sure that's the right way. (I guess if it would be possible, it would be a browser issue, for starters.) PS: The new login method is still not as good as using the same window would be. The site could still pop up a DHTML window that looks at least somewhat similar in some browsers to a regular new window.
Tony Ruscoe	15 years ago #
Philipp, I think most, if not all, modern browsers always show the address bar in popups as a security feature even if it's switched off using JavaScript (unless the site is trusted) but there would be nothing stopping someone detecting which browser you were using an mimicking the browser window using DHTML and JavaScript to popup some kind of fake modal window with a fake URL. (It wouldn't appear in your task bar but how many would notice that?) Then again, how many people even check URLs in their address bar before signing into their Google Account anyway. If you see a link on a website saying "Try this new service from Google" I bet many would just sign in without even checking the address bar...
Philipp Lenssen	15 years ago #
Here's Google's official announcement, I just got an alert: http://groups.google.com/group/lively-help-announcements--alerts/browse_thread/thread/cac41ef5731666d3?hl=en&pli=1 <<One of the main benefits of this version is a streamlined sign-in process, which should help with repeated sign-in problems, as well as alleviating phishing risks.>>
Juha-Matti Laurio	15 years ago #
Philipp: Yes, I mean in this thread.

Forum home

>> More posts

Blog | Forum more >> Archive | Feed | Google's blogs | About

This site unofficially covers Google™ and more with some rights reserved. Join our forum!