homepage Welcome to WebmasterWorld Guest from 174.129.163.183
register, free tools, login, search, subscribe, help, library, announcements, recent posts, open posts,
Pubcon Website
Home / Forums Index / Google / Google Finance, Govt, Policy and Business Issues
Forum Library, Charter, Moderators: goodroi

Google Finance, Govt, Policy and Business Issues Forum

    
Google Account Privacy and Security Issues
MyNewPC




msg:3631637
 5:32 pm on Apr 21, 2008 (gmt 0)

When Google detects their cookie from any of their products (Google Groups, AdSense, Google Checkout, Gmail, to name a few) on your computer, they force you to log in through the same Google account. This causes both privacy and security issues.

For example, I use my Gmail account solely for business purposes primarily regarding correspondence from one ad network. That's because I had repeated issues with my other email accounts either blocking their emails or bouncing emails from them. So if you have to give your business partner access to your Gmail account, you are automatically giving that person access to all of your other Google accounts.

It's no one else's business which Google Groups I post on or what my Google Groups screen name is. What if I give an employee access to one of my Google accounts? Then he has access to all of my information for all other Google products in which I participate. He could also sign up with other Google products using my identity.

If you want to post anonymously on the Google AdSense Help Forums, you can't because Google employees monitor that forum and they have access to your account and your IP address which will allow them to determine whose AdSense account is being discussed and allow them access to my AdSense account.

I guess Google could argue that they provide all of these services free of charge so if you don't like their policy, you don't have to use them. But is that the way to run a business?

Has anyone determined a workaround to this?

 

pontifex




msg:3631715
 7:30 pm on Apr 21, 2008 (gmt 0)

Using Opera, IE and Firefox on two machines, meshed together with Synergy gives you 6 possible identities :)

Kate82




msg:3631729
 7:44 pm on Apr 21, 2008 (gmt 0)

I just log out if I'm that worried about it. Once you log out of any of them, you then have to sign back into that account. I use my gmail account as my login to everything since I keep logged in 24/7.

If I am logging into a business account though, I have to log out of my account and then in as that one. It's annoying, but Google does not FORCE you to use that account. I have created at least 5 accounts in my time for various business purposes. Not only that, but you can make a google account our of a non-Gmail email address.

And to make my life easier ... if I need to get into another google account, I usually just open up IE and login through there.

You wanna talk a SE that attaches everything to you and does not allow you to disassociate (Google will let you remove your account from other areas of Google) ... Let's talk Yahoo. You CAN'T disassociate an account once its been associated. Quite irritating.

They aren't trying to take over the world. Google as an entity is just a set of engineers and marketers just trying to make your day to day easier, and you logins fewer.

As for your employees, I would suggest having your personal account (in which you join Google groups) and business account separate. Login to one from IE and the other from FF.

explorador




msg:3631772
 8:46 pm on Apr 21, 2008 (gmt 0)

They try to unify your data so they can track you in a better way.

MyNewPC




msg:3631777
 8:53 pm on Apr 21, 2008 (gmt 0)

I've been in the AdSense program since it first started nearly 5 years ago. My login email was always my business email address until a couple of months ago when Google forced me to link my AdSense account to my Gmail address. They indicated at the time that you didn't have to do it then, but if you didn't you were taken to that same message screen each time you attempt to log into your AdSense account and that eventually you would be forced to.

If someone uses my computer and I'm logged into Gmail, they shouldn't have access to my AdSense account without having to log in to my AdSense account. Having to repeatedly log in and out of a Google account is not an acceptable solution.

MyNewPC




msg:3631778
 8:54 pm on Apr 21, 2008 (gmt 0)

They try to unify your data so they can track you in a better way.

That's obvious, but in so doing, they have created privacy and security issues.

zeus




msg:3631788
 9:13 pm on Apr 21, 2008 (gmt 0)

MyNewpc - yes and its getting on my nervs, I dont want to be loged in, so everytime i check adsense i log out at once - that just a new way to get more correct date from every search you do, then they can be 99% sure that you are making those searches.

incrediBILL




msg:3631802
 9:45 pm on Apr 21, 2008 (gmt 0)

Too funny, am I the only person here that knows how to use anonymous proxy servers to avoid prying eyes?

thecoalman




msg:3631855
 11:23 pm on Apr 21, 2008 (gmt 0)

I don't see this myself, I have two accounts. One I use for webmastertools and one for adsense with two separate email addresses associated with them. The adsense cookie will expire but I can just relog. I haven't seen anything that says you need another account.

Edit: just tested it, went to my dashboard on webmastertools, already logged in. Same browser window and I went to Adsense page and it automatically it logged me in, guess the cookie was still good from yesterday. That's the only thing i see is ocssiaonlly the coookie expires from adsense. Rough guess is 24 hours, is that normal?

edit_g




msg:3631857
 11:33 pm on Apr 21, 2008 (gmt 0)

Are you kidding? That's like saying that your bank should have a different name for you for each service you use with them and you have to identify yourself differently when talking about your savings account and your mortgage.

If it worries you so much, just create different accounts...

MyNewPC




msg:3631868
 12:00 am on Apr 22, 2008 (gmt 0)

thecoalman, if you were automatically logged in, that means your accounts are associated with each other.

edit_g, I very much disagree with your bank analogy. Banks are government regulated where you must provide your legal name, taxpayer number, etc. I am not saying I want the ability to provide different personal info. for each Google product. I am saying that providing linked logins to different products should not be required for the reasons I previously stated.

incrediBILL




msg:3631872
 12:07 am on Apr 22, 2008 (gmt 0)

If it worries you so much, just create different accounts...

Different accounts don't help if you're using a residential cable modem or DSL which tends to have rather static IPs as it can be easily assumed they're all you or at a minimum limited to people in your house.

I'll say it again: anonymous proxy

thecoalman




msg:3631875
 12:10 am on Apr 22, 2008 (gmt 0)

thecoalman, if you were automatically logged in, that means your accounts are associated with each other.

It's too separate accounts, up in the left hand corner there is the correct but different email addresses associated with them. I can't be logged into just one and access both.

Edit: let me explain exactly what I can do, it appears the adsense cookie is tied to a browser session. If I do as described above I can switch back and forth with the two seperate accounts. I closed FF then restarted it. If I go to my webmastertools page I'm still logged in, If go to the adsense account I'm now logged out. I need to relog into adsense. I can then go back to what was mentioned above and switch between the two, if I log out of the adsense account I'm still logged into the webmastertools account.

turbosaab




msg:3631893
 12:36 am on Apr 22, 2008 (gmt 0)

Another thing to watch out for is the web history feature. If, for example, you are logged into a client account and then perform a Google search, it can be recorded into their web history.

MyNewPC




msg:3631907
 1:09 am on Apr 22, 2008 (gmt 0)

Different accounts don't help if you're using a residential cable modem or DSL which tends to have rather static IPs as it can be easily assumed they're all you or at a minimum limited to people in your house.

That's me. Residential cable modem.

hannamyluv




msg:3631959
 2:40 am on Apr 22, 2008 (gmt 0)

I would like it if they asked for reverification of a password for different services. I had a client that gave me access to his Analytics through one of my Google Accounts, except it gave me access to everything. So every time I go to check my AdSense, I get automatically logged into his AdSense account. I don't want to see his AdSense numbers and I have some other clients who would be very uncomfortable if they thought that in granting access to Analytics, that someone could also look at finacial info.

Sure, I can log back out each time I log in, but frankly, doing so is a PITA.

MyNewPC




msg:3631961
 2:54 am on Apr 22, 2008 (gmt 0)

That is a perfect example of what I'm referring to.

AjiNIMC




msg:3632030
 6:20 am on Apr 22, 2008 (gmt 0)

They know almost everything about you, I once wrote about it at [webmasterworld.com...] (Google and Privacy - antonyms?)

Web_speed




msg:3632043
 6:52 am on Apr 22, 2008 (gmt 0)

Too funny, am I the only person here that knows how to use anonymous proxy servers to avoid prying eyes?

Man oh man, this would have an even more serious security implications. You hardly ever know who is behind them "Anonymous" proxy servers and exactly what data do they track...passwords...usernames...browsing habits...etc. every time you visit a site and login to it via the proxy service. (DING)

Anon Proxy servers = your in/out browser http requests going via a third party before hitting the correct server. WATCH OUT! and beware of the information you provide while surfing the web via these services. Some would argue that 99.9% of web communication is going anyway via a number of unknown servers before hitting the destination server. These however are random servers transferring random small packets of data upstream. Nothing like a proxy server which gets (and capable of storing) the entire POST and/or GET requests that you make (web forms you submit).

P.S.
incrediBILL, I am sure that you know what you are doing. My post is for the people who may misunderstood you and will try to login to their Adsense/Adwords, paypal or bank account via an anon proxy. A big NO! NO!

[edited by: Web_speed at 7:15 am (utc) on April 22, 2008]

ronin




msg:3632267
 1:11 pm on Apr 22, 2008 (gmt 0)

Surely it is technically possible for Username A and Password A (social login) to refer to the same account (as far as Google is concerned) as Username B and Password B (business login)?

In that case why must I also then be forced to enter Username A and Password A for business logins like Adsense and Analytics, when I would rather keep a distinct business login and password (for the sake of client-side security)?

Please, just give us the option, Google, to access different services on the same account using different combinations of usernames and passwords. It can't be that difficult to implement.

PowerUp




msg:3632382
 3:17 pm on Apr 22, 2008 (gmt 0)

I've been in the AdSense program since it first started nearly 5 years ago. My login email was always my business email address until a couple of months ago when Google forced me to link my AdSense account to my Gmail address. They indicated at the time that you didn't have to do it then, but if you didn't you were taken to that same message screen each time you attempt to log into your AdSense account and that eventually you would be forced to.

I got this notification too sometime last year, I think. I thought I had to link to my Adsense to my Gmail account too. I then clicked on other options and was able to keep my Yahoo email as my login for my Adsense... until today. And no nagging screens popping up.

MyNewPC




msg:3632449
 4:25 pm on Apr 22, 2008 (gmt 0)

They rolled this out to AdSense accounts over a several month time period, beginning last year. It came to my account in February 2008. There was no "other options" to select at that time.

Hugene




msg:3632570
 6:25 pm on Apr 22, 2008 (gmt 0)

The Google account is definitely becoming a problem, and G needs to work on it quick.

The root of the problem is Gmail and the rest, and here is why: I am logged to Gmail all the time, so if someone hijacks my computer, he can see all my other Google services, which is a recipe for disaster.

Now, I understand that G is trying to build an uniform online platform (you don't need a password to start Word of Firefox on your PC) but they need to make the system more secure. Here are my suggestions to the big G (I want my money after):

* provide a selective-login control system, where you decide if you will be required for username/password or not when logging in to a service.
* provide extra security settings, like controllable login expiry timers.
* all this can be unified in an account-control pannel

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Google / Google Finance, Govt, Policy and Business Issues
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About
© Webmaster World 1996-2014 all rights reserved