Security Pie

First, let me start stating that this is NOT a security issue with Google, even though it might be presented this way.

Unless you were hiding in a cave in the past hours you know that Google is taking some serious steps to protect its customers (you, me, all of us) after it was attacked one more time (see  ”Google on the defensive, vulnerable; China risks international and U.S. response“). Among other things, “Google Finally Improves Security of Gmail Connections as Consumer Watchdog Urged” which is great:

Consumer Watchdog said Google should use encryption for connections to all its Internet-based services, not just Gmail.The new security measures would not have prevented the sort of cyber attack that targeted Google from China. It does increase security to prevent third parties from snooping as information moves from a computer over a network to Google’s servers. Google has offered SSL encryption using the https protocol as an option since 2008

But if you look on the  the screenshot you can see that NOT all the traffic is encrypted… While this might be OK for static pages, who knows what other pages are not protected with SSL? Why can’t you turn it on for the entire site? It will add more credibility and assurance…

HTTPS by default - not so sure

The folks at consumerwatchdog.org are doing a very important job, keeping vendors honest and consumers alerts. The following video highlights some of the privacy issues with Chrome. I agree that Google should have warned Chrome users. I am sure that they will. Yet, I will continue to use Chrome (since I have nothing to hide). If I need to keep my privacy, I’ll use another tool.