Google Blogoscoped

Forum

Google PII Extract w/ Firefox Cookie Bug

mrbene [PersonRank 10]

Thursday, February 22, 2007
11 years ago2,687 views

I was thinking about the recently reported Firefox Cookie Bug bugzilla.mozilla.org/show_bug. ... , especially the second demo lcamtuf.dione.cc/ffhostname_cn ... , which allows the extraction of cookie values from a 3rd party site. This had me examining the cookies set by Google when I log in and log out.

I wasn't particularly happy to find my unencrypted email address available in a cookie in a Google subdomain, even after having logged out (set to persist for 5 years). Regardless of Fx bugs, this isn't particularly sane Personally Identifiable Information (PII) management. Not to say that Google is the only one doing this, either – there are most definitely other high profile sites that write this type of data to cookies.

Anyone heard any rumblings about this in the wild?

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!