Friday, February 12, 2010

Too Easy: How a Simple Hack Can Turn Your Numeric Google Profile URL Back into a Gmail Address

Over the last few days, there has been a lot of buzz about how much private information your public Google profile contains if you don't choose the right settings. The URL of your profile alone can already give away your Gmail address. To hide this address from public view, you can switch your profile URL away from showing your name to using an address that features a 21-digit number instead of your username. However, as it turns out, this isn't a foolproof method either. By using a very simple trick, anybody can quickly figure out your Gmail address from these numbers.
Google is no more (or less) guilty of this sort of oversight than the other players. What they all have in common is the need to get new "products" out the door quickly, without a whole lot of peer review (project to project).

In our modern world, such oversight (when practiced) does little god, as the participants for the most part have not been "indoctrinated" to the benefits. They see these high level meetings as a waste of time, they eschew lengthy design processes that might avoid such risks.

If our Facebook or Google info gets out, maybe not such a big deal, but you can bet the same atmosphere prevails where software is written for banks, hospitals, and other systems for which security might actually matter. It's a cultural thing, and there is no inner sanctum of developers who are not allowed to have their attention spans eroded by MTV, video games, or even new Internet "tools" such as Buzz.

No comments:

Post a Comment