Re: [Staffslug] Google and conspiracy theory...
2008/11/28 <staffslug(a)staffslug.org.uk>:
Anyway, I noticed this morning that, if you have GMail open they seem
to have added a little bit to it. It's seemingly innocuous but I
can't help but wonder. Look at the lower half of the Gmail screen.
It gives you the details of how long ago your current IP address was
last being used (presumably to connect to Google).
It appears to be an indication of when the last activity of that
account happened. It lets you know if you are logged onto the account
from another IP, which could be a useful indicator that someone else
has got your account details.
I used Horde webmail for a while - whenever I logged in, it told me
when my last login was, and what IP it was from. I liked that, because
it gave me the chance to spot any anomalies. The GMail thing looks to
be a similar thing to me, albeit less obvious.
As I say probably harmless... but is it. Have Google made sure that
information is secure? I don't know and I haven't seen any details
about it either. I don't know whether I can opt out of that data
being bounced back to my screen.
Fair question, but have they made *any* of the information they have
on you secure? How do they store your password? Plain text? Encrypted?
Hashed? Salted & hashed? (I've had arguments with PayPal and the
Student Loans Company about this, because they limit the password
length, and I was worried that they might not hash my password. Maybe
they do, maybe they don't, they wouldn't tell me one way or the
other.)
What about the web server access logs? Are they secure? Or the
contents of the e-mails? Personally, I'd be more concerned about
whether the passwords, e-mails etc are secure.
Russ