Interesting People mailing list archives
nore on California Gmail legislation misguided; Gmail has more serious privacy flaws
From: dave () farber net
Date: Sat, 29 May 2004 10:53 -0400
..... Forwarded Message ....... From: Richard Wiggins <richard.wiggins () gmail com> To: David Farber <dave () farber net> Cc: galler () umich edu Date: Sat, 29 May 2004 10:19:32 -0400 Subj: California Gmail legislation misguided; Gmail has more serious privacy flaws Dave, The prospect of this becoming law is frightening. The cure is far worse than the purported risk. I have to wonder how many people who pontificate over the risks Gmail might pose have actually used or even seen it. And now they've leapt to legislating. I've been a Gmail beta tester for 6 weeks now. The targeted ads are similar to what a Google search pulls up -- unobtrusive and often quite relevant to the topic of the mail. Also, often hilariously off target, but relevant or not, easy to ignore. The State of California proposes to declare that it trusts some robots -- those that inspect for spam or viruses -- and to outlaw other robots. Look, folks, either you trust a robot to examine your content, or you don't. I don't want a legislator deciding which robots and intelligent agents I can subscribe to freely. Now here's the big irony: There is a huge, real privacy flaw in Gmail. As a beta tester I've informed them of the flaw but no word yet as to a fix. Suppose I visit your office, Dave, and sign in quickly to look at Gmail using your computer. Suppose I forget to sign out. From, now on you can continue to read my mail. You can read my mail FOREVER -- until you shut down your computer or your Web browser. Even if I log in at another computer, you stay logged in. I can't detect that you're reading my mail, and I can't stop you from reading my mail. I've tested this with multiple computers, including over a 10 day span. Google's Gmail team needs to do two things: -- Implement an aggressive session timeout. With up to 1 gig of your life searchable, it's a big deal if you leave a public terminal logged it. The timeout should be maybe 15 minutes. The Web client -- a brilliant piece of work otherwise -- should save state across the password challenge. -- Detect when you log in from a second computer, and disconnect the older session. Google will fix these flaws. Gmail is young. It's in beta. In the meantime, any call for legislation is WAY premature. There might be good reason to regulate what Google does with data it gathers, but basically outlawing the Gmail concept is way over the top. I hope the California legislature contemplates that Google could easily take their $25 billion and relocate to another state. /rich On Fri, 28 May 2004 16:48:00 -0500, David Farber <dave () farber net> wrote:
Begin forwarded message: From: "Annie I. Anton" <aianton () mindspring com> Date: May 28, 2004 1:46:19 PM EDT To: David Farber <dave () farber net> Subject: For IP? California votes for Google mail safeguards The Register » Internet and Law » Digital Rights/Digital Wrongs » Original URL: http://www.theregister.com/2004/05/28/gmail_legislation_passed/ California votes for Google mail safeguards By Andrew Orlowski in San Francisco (andrew.orlowski () theregister co uk) Published Friday 28th May 2004 03:17 GMT The Californian state Senate has voted to introduce safeguards on email services that, like
------------------------------------- You are subscribed as interesting-people () lists elistx com To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- nore on California Gmail legislation misguided; Gmail has more serious privacy flaws dave (May 29)