Jump to content
Just visiting?

Google+ Thread

darrenm

By darrenm
in Tech Room

 Share

Recommended Posts

Tegis Grand Master

Tegis

Posted
  • VT Supporter
Posted

*tinfoil mode*

My phone privacy is way more important than a replaceable google account. Google is a business and selling "me" is their forte, and that could include phonenumbers in future EULAS.

 

I keep nothing of note there apart from my name. As the rev said, they probably know it already but I'm not willingly giving it to them.

 

/*tinfoil mode

Link to comment
Share on other sites
Tegis Grand Master

Tegis

Posted
  • VT Supporter
Posted

So your denying yourself additional security for no reason?

 

A bit yeah. We all have our little quirks. 

 

I can't imagine my Google account being disposable. I guess you don't use yours for purchases.

Only for the odd apps on the playstore, I use disposable cardnumbers, one of the best features my bank offers. Make a cardnumber valid for 24 hours, buy, done, gone!

Link to comment
Share on other sites
Davkaus Grand Master

Davkaus

Posted
Posted (edited)

I don't think it's an entirely outrageous idea to consider your Google account disposable, especially considering the exposure over the last few months that Google's user data is pretty much accessed by governments at will.

 

Google's services are useful, but I don't want everything I've ever thought or typed permanently tied in to one account.

Edited by Davkaus
Link to comment
Share on other sites
limpid Grand Master

limpid

Posted
  • Administrator
Posted

I'm not sure how disposable card numbers help. If you buy an app, a track, a film, a tablet from Google Play, that purchase is linked to the account, not the card. How is your account then disposable? Surely it's better to have an account that you use for your purchases, which you protect strongly, than run the risk of losing access to.purchases or returns.

 

I can understand having additional disposable accounts, but it makes sense to have a main account which you protect as strongly as the tools allow you to

Link to comment
Share on other sites
limpid Grand Master

limpid

Posted
  • Administrator
Posted

I've just spent another £300 on mine yesterday.

 

Google will know that it's not your real name and what your real name is. But you know that. I don't see the point in pretending it's anonymous. If you want to be anonymous, don't use Google. As you know it's not anonymous, you might has well have an protected account that you use for purchases, even if you use disposable accounts for other things.

 

Being a techie, I'd bet that your browser returns an almost unique fingerprint so I'd guess that your next disposable account is linked with your previous one the first time you browse to a page with analytics on it.

Link to comment
Share on other sites
Tegis Grand Master

Tegis

Posted
  • VT Supporter
Posted

When you buy stuff on other sites, do your user accounts use gmail?

If you mean, use gmail/google as a login service, then no

 

 

I'm not sure how disposable card numbers help. If you buy an app, a track, a film, a tablet from Google Play, that purchase is linked to the account, not the card. How is your account then disposable? Surely it's better to have an account that you use for your purchases, which you protect strongly, than run the risk of losing access to.purchases or returns.

 

I can understand having additional disposable accounts, but it makes sense to have a main account which you protect as strongly as the tools allow you to

If I bought expensive stuff like a tablet, yeah, I'd start consider the account as "non desposable" and act accordingly. (If google would supply hardware through the playstore in sweden that is. As of now, I can by f***all from them) As I dont, well you get the idea. The part about using disposable cardnumbers just makes the gmail-account even more disposable. I agree that it doesnt help with anything regarding returns.

Link to comment
Share on other sites
leviramsey Enthusiast

leviramsey

Posted
  • VT Supporter
Posted

When you buy stuff on other sites, do your user accounts use gmail?

If you mean, use gmail/google as a login service, then no

No, I mean have an account on another e-commerce site (perhaps one with 1-click ordering?) where a password reset request sends an email to your gmail.

In that case, this attack works:

1. take control of your gmail account

2. request a password reset on other site

3. act on the link in the email

4. buy stuff with the stored card number/direct debit details/etc.

5. profit!

Two factor authentication makes it at least somewhat harder to mount stage 1 of the attack.

  • Like 1
Link to comment
Share on other sites
Tegis Grand Master

Tegis

Posted
  • VT Supporter
Posted (edited)

 

 

When you buy stuff on other sites, do your user accounts use gmail?

If you mean, use gmail/google as a login service, then no

 

No, I mean have an account on another e-commerce site (perhaps one with 1-click ordering?) where a password reset request sends an email to your gmail.

In that case, this attack works:

1. take control of your gmail account

2. request a password reset on other site

3. act on the link in the email

4. buy stuff with the stored card number/direct debit details/etc.

5. profit!

Two factor authentication makes it at least somewhat harder to mount stage 1 of the attack.

 

 

Yes, but the bold bit will failurepoint in my case. It's a bit of a hassle but I never store creditcardnumbers, and if the e-commerce site stores it without my knowledge, the numbers will expire within 24h anyway.

 

With all this said, I will probably cave on this 2-factor password policy at some point, but not over a custom google+ url :) And I will probably use a second phone/number for it.

Edited by Tegis
Link to comment
Share on other sites
 Share
Go to topic listing
×
×
  • Create New...
Â