17 Jun 2009
A number of high-profile privacy and information security experts have written to Google chief executive Eric Schmidt demanding the search firm change its privacy settings to improve users' security.
They are concerned that Google's default privacy settings for some of its cloud-based services are not adequate.
The letter says: "We write to you today to express our concern that many users of Google’s cloud-based services are needlessly exposed to an array of privacy and security risks."
Unless a user enables specific security options any email, document, spreadsheet, presentation and calendar plan is transferred to Google’s servers without encryption.
The letter adds: "We ask you to increase users’ security and privacy protection by enabling by default transport-level encryption (HTTPS) for Google Mail, Docs and Calendar, a technology already enabled by default for Google Voice, Health, AdWords and AdSense."
Widely available tools known as packet sniffers make it easy for even amateur hackers to intercept users’ confidential files and communications as they are transmitted between a user’s laptop or handheld device and Google’s servers, if security options are not enabled.
Users can easily "enable" these security option by ticking the "always use https" option in the settings tab.
But as the letter points out, few will be aware of this option.
In 2008, a year after first being notified of the flaw, Google announced the release of a new configuration option in Gmail to protect authentication cookies and to force the use of HTTPS for Gmail sessions, but switched the option to " off" by default.
Users of Microsoft Hotmail, Yahoo Mail, Facebook and MySpace are also vulnerable to these attacks, and have no option to switch to https.
As a concerned consumer, I ask you to increase users' security and privacy protection by enabling by default transport-level encryption (HTTPS) for Google Mail, Docs and Calendar, a technology already enabled by default for Google Voice, Health, AdWords and AdSense. I recently set up my parents with Google mail. They are already anxious about using the Internet, and knowing that they are further impacted by this default setting makes us all uneasy.
Posted by: MaryEllen Hernandez 22 Jun 2009
Have your say on this article
Newsletters
Latest stories from Privacy
Latest videos
You may also like
Will Google’s new privacy policy impact how you use its services?
John Lewis CIO Paul Coby tells Computing about the benefits business intelligence brings to his business
Rubbish in... rubbish enterprise. Why proper data management is so important (video, 6 min)
This Forrester report compares the costs and benefits of legacy email and productivity software with Google Apps
Upcoming Events
The implementation of robust, relevant digital strategies is more crucial than ever to the success of insurance businesses
Date: 01 Mar 2012
Time: 09:00am
A showcase of the latest in the information content and management
Date: 20 Mar 2012
Time: 09:00am
Receive the latest jobs direct to your inbox
Are you being paid what you are worth?
