via MintLife Blog.

“When you use Google’s “free” services, you pay, big time–with personal information about yourself. Google is making a fortune on what it knows about you… and you may be shocked by just how much Google does know. Googling Security is the first book to reveal how Google’s vast information stockpiles could be used against you or your business–and what you can do to protect yourself.”

Read more on Boing Boing or the review on Slashdot.

I love the idea and hope it does well and would love to use it, but it’s not for me at this stage. Let me explain why.

I installed the addon and restarted Firefox, but was greeted with an instant crash on startup. To recover I had to restart in FF Safe Mode, disable Ubiquity, restart normally, saved my session, close all my open tabs, reenable Ubiquity, and restart again before all was well.

The privacy and security issues that can arise are putting me off. Take, for example, the first feed they recommend – Herd. The about:ubiquity page says:

“Help us. Subscribe to the Herd, which will add your data to the dashboard—it’s completely anonymous and will help us make Ubiquity better and safer.”

So I click the link and I’m taken to a page of referrers, one of which is:

https://mail.google.com/mail/?account_id=aoctavio%40gmail.com

Hardly anonymous…

Then there’s the comments in the code for the second most popular feed. Comments like:


// TODO: Security hull breach!
return eval( splitString[1] );

// Ugly hack to parse out the event description.


Also, the frightening security warning:

“Since a Ubiquity command can do anything, and it has full access to your web browser, a bad person could write a Ubiquity command to steal your personal information or do malicious things to your computer. You should not install Ubiquity commands unless you are confident that the source is trustworthy.”

Finally, I’m wondering whether the addon grabs the latest version of the feed if it’s changed, and how I would be notified of that? If I subscribe to one of the user submitted feeds and the user decides to abuse that feed, am I only affected when I accept a new update, or do they have full access from the moment I subscribe? I can check the code when I subscribe, but would I see any changes before they take effect?

So with the comments, the security warning and possibility of malicious feeds I think I’ll leave it for now, but do tell me how you get on with it if you use it. I’ll certainly be revisiting it once it’s a little more fleshed out and I wish the team the best of luck.

Great article with lots of good examples.

How do I know it was from blogrolling.com? Well, I use Sneakemail disposable email addresses for all my web-based accounts, and this particular address is the only one that has received SPAM.

It’s possible that there’s been another breach at blogrolling.com, but who knows? Suffice to say, I’ve updated my account and changed the email address (and password while I was at it), so even if it was compromised I won’t have to deal with any more SPAM.

The German interior minister might want to think about that.

“You can guess 40,000 billion passwords a second for about 10 million bucks”.

Now that’s some serious speed (and some serious money), but nothing I don’t expect several governments to have to hand.

Keep those passwords strong and long…

Isn’t this how films like Terminator start?

(Thanks, Si, for the link!)