Posted June 12, 2007 1:49 pm by with 2 comments

Tweet about this on TwitterShare on LinkedInShare on Google+Share on FacebookBuffer this page

Loren Baker found a DigitalPoint thread exposing a potential security weakness in Google Video this week which could raise a legitimate privacy concern. Use the Google Video feature to “Post to my blog” and your password and login information are not protected. No https, no encryption, no SSL: they’re listed right in the headers.

In a nutshell, according to this user, Google is passing private information which includes MySpace, LiveJournal, Blogger, and TypePad login details over unsecure channels. And since Blogger accounts sometimes use Google Accounts for login, such a flaw could expose a user’s GMail, Google AdWords, Google AdSense, and maybe even Google Checkout information (unless this information is encrypted).

Also at Search Engine Journal today, a story on how privacy is Google’s new “click fraud.”

As one Digger pointed out, the Google Video problem is not what Google needed hitting the headlines this week, even if it is easily fixed.

  • Don’t a lot of sites do this? I mean they might not pass the info for other sites like in this case but it’s still an issue right? Most blogs, Digg, etc etc right?

  • Since Google is mostly used, it will be a big problem for them and users of Google.