Google’s Unspoken Security Vulnerability

Let’s be honest, I really like Google. Without them I couldn’t be as productive or near as smart as I am today. I often tell people, the most important Quotient out there isn’t Intelligence or Emotional, it’s their Google IQ. It’s OK if you don’t know it… but if you can’t find it then you’re in trouble.

I mentioned previously that Google’s browser, Chrome, fails what I consider to be an important security test, but I’ve been largely silent on another issue Google seems to have ignored.

However, I can only conclude that it’s a threat larger then we faced with GMail and should be rectified quickly.

Initially, when GMail was released it had no comprehensive security, i.e. most of the communication between you and GMail was unencrypted. Immediately, there was a outcry from the computing-public (at least those savvy enough to understand the implications) and Grease Monkey scripts were written to force an encrypted connection for all the transactions and now it’s an easily configured feature in GMail’s settings.

However, the same flaw has systematically been overlooked in Google Reader. As any ATOM / RSS convert knows, feeds have become a critical component of our computing existence and as any social network participant knows… they’re not  just for websites anymore.

Gone are the days when RSS was used simply for notifications that a public post or comment had been written. Now it’s used for some of my most intimate (at least of the digital sort) conversations. I get everything from status messages (which on Facebook aren’t as public as on twitter) to direct private messages all sent to my reader. Not only are they sent unencrypted, but even worse I’m forced to use an unencrypted connection to read them.

Historically, email was rarely encrypted on the wire when it was sent from the sender to the receiver’s email system, although that has recently changed. However, the main security concer with GMail was anyone on the same network could view the contents of their inbox as they were reading their messages!

I really don’t use email all that much anymore and instead rely on social networks and RSS notifications for the bulk of my personal communications. Which, thanks to Google Reader’s lack of an encrypted configuration, is sent free and in the clear!

I think it’s time Google acknowledges the role and responsibility that Google Reader has in people’s private lives and works to properly secrure that information.

About jay

I'm trying to build something interactive where I can learn from others and hopefully share useful knowledge too. thecapacity@gmail.com
This entry was posted in frustration, Google, security. Bookmark the permalink.

2 Responses to Google’s Unspoken Security Vulnerability

  1. Dan Turkenkopf says:

    Jay, I just go to https://www.google.com/reader and firebug reports all my traffic to the https site.

Comments are closed.