Simon Willison’s Weblog

Items tagged google, gmail

Filters: google × gmail ×


WARNING: Google Buzz Has A Huge Privacy Flaw. Interesting one this: by default, Buzz creates a public profile for you that lists the people you follow—but your default set of followers is derived from the people you contact most frequently using Gmail. This means users of Buzz may inadvertently reveal their most frequent contacts, which is an issue for people like journalists with anonymous sources, unhappy employees seeking new work or even people having e-mail based affairs. # 11th February 2010, 11:30 am

Fixing the Google Account problem. 3,000+ words explaining how to open a Google Doc invitation sent to an e-mail address that isn’t associated with your Google account. Worth reading just to get an idea for the enormous complexity involved in running a large scale identity system and designing an interface for managing aliases and multiple profiles. Google haven’t got it right yet—has anyone else? # 25th January 2010, 11:21 am

Introducing Closure Tools. Google have released the pure-JavaScript library, apparently used for Gmail, Google Docs and Google Maps. It comes with a powerful JavaScript optimiser tool with linting built in and an accompanying Firebug extension to ensure the obfuscated code it produces can still be debugged. There’s also a template system which precompiles down to JavaScript and can also be called from Java. # 6th November 2009, 7:33 am

David Airey: Google’s Gmail security failure leaves my business sabotaged (via) Gmail had a CSRF hole a while ago that allowed attackers to add forwarding filter rules to your account. David Airey’s domain name was hijacked by an extortionist who forwarded the transfer confirmation e-mail on to themselves. # 26th December 2007, 12:16 pm

Gmail Greasemonkey API (via) The new version of Gmail includes API hooks for Greasemonkey script authors. The documentation is by Mark Pilgrim, author of Greasemonkey Hacks. # 7th November 2007, 10:38 am

Mailplane (via) A commercial OS X Gmail client built around a site-specific browser. # 25th October 2007, 7:57 am

The password anti-pattern. What I don’t understand is why Google / Yahoo! / other webmail providers haven’t just deployed a simple OAuth-style API for accessing the address book. Sites have been scraping them for years anyway; surely it’s better to offer an official API than continue to see users hand out their passwords? # 12th October 2007, 9:25 am

Google GMail E-mail Hijack Technique. Apparently Gmail has a CSRF vulnerability that lets malicious sites add new filters to your filter list—meaning an attacker could add a rule that forwards all messages to them without your knowledge. # 27th September 2007, 10:29 am

Google To “Out Open” Facebook On November 5. “Google will announce a new set of APIs on November 5 that will allow developers to leverage Google’s social graph data. They’ll start with Orkut and iGoogle (Google’s personalized home page), and expand from there to include Gmail, Google Talk and other Google services over time.” # 21st September 2007, 11:23 pm