Does Gmail's Perpetual Window Play Fast, Loose With Data?
This fine piece in Wired about a "perpetual window into Gmail" caught my attention this weekend for two reasons.
First, I live in Gmail. It's my primary, personal email haven. Second, considering the data-sucking sounds Path made this month, the idea that Google has left open some potentially serious paths to users' data is alarming.
Here's the rub: Oauth, the standard that lets users grant Web apps permission to connect to another without having to type in a user name and password every time, has made it so simple for users to federate access between Web services that people aren't preserving their privacy any longer.
With people connecting dozens of apps to their Google, Facebook and Twitter accounts, it opens up security risks.
However, said Wired, Gmail is the worst transgressor. Services connected to Gmail via Oauth are issued a token that gives unlimited access to your complete Gmail history."
Updated: Thanks to Wired, I can trace the apps I gave permission to talk to my Google account
Gmail account. Though Gmail isn't among my list, this still gives me a good idea of all the little tunnels I've potentially created for my Google account.
Now, it's not that I think these apps, many of which are also made by Google, will abuse my privacy or hijack my data for malicious purposes.
But as Wired sagely noted, some of these apps are built by college kids, part-time workers or even employees with less than honorable intentions:
Any of these services becomes the weakest link to access the email for thousands of users. If one's hacked or the list of tokens leaked, everyone who ever used that service risks exposing his complete Gmail archive.
It sucks to think that
I and so many others have opened dozens or hundreds of little vulnerabilities. I've They've inadvertently, though willingly for convenience sake, created dozens of paths for perpetrators to exploit to access their Gmail--if someone so desired.
If those apps they connect Gmail with are hacked, cracked, hijacked or otherwise misused ... well, there's their Gmail data for anyone to see. And they wouldn't ever even know about it if the perp was careful and devious enough.
I guess we should be grateful Google has a link next to each app that will let users revoke access for the app to Gmail. Users can also change their passwords to revoke Oauth token access.
Even so, it's a disturbing thought. Are you concerned, or is this overblown?