Loren Baker found a DigitalPoint thread exposing a potential security weakness in Google Video this week which could raise a legitimate privacy concern. Use the Google Video feature to “Post to my blog” and your password and login information are not protected. No https, no encryption, no SSL: they’re listed right in the headers.
In a nutshell, according to this user, Google is passing private information which includes MySpace, LiveJournal, Blogger, and TypePad login details over unsecure channels. And since Blogger accounts sometimes use Google Accounts for login, such a flaw could expose a userâ€™s GMail, Google AdWords, Google AdSense, and maybe even Google Checkout information (unless this information is encrypted).
Also at Search Engine Journal today, a story on how privacy is Google’s new “click fraud.”
As one Digger pointed out, the Google Video problem is not what Google needed hitting the headlines this week, even if it is easily fixed.