Friday, February 24, 2006

Big Problem With Google Pages

Ken Schafer blogged A few hours ago Google launched Google Pages.

And they were so snowed by people wanting to try it out they had to stop taking new users, and it is now on a waiting list.
If you have a Gmail account you can create your own web site on Google using a very nifty AJAX interface. The application itself is great, although the standard templates leave something to be desired.

Some of the nicest features:
  • An “undo” button
  • Ability to add images, links and pages easily
  • Testing links while in edit mode
  • 100MB of storage
  • Simple, memorable URL
You should really try it out. But you might want to think twice before you hit “publish”. See that last feature (simple memorable URLs) is also the greatest weakness of Google Pages and I think it is going to cause a huge headache for Gmail users. And a potential PR nightmare for Google. Why?

When you hit publish your site goes live at username.googlepages.com.

Nothing wrong with that. In fact it looks like a feature - if you can remember your Gmail address you can remember your “Gpages” address.
It is not a bug. It is a "feature"
The problem is it is now trivial to reverse engineer your Gmail e-mail address. If you see a Google Pages site and want to e-mail the author - just replace googlepages.com with gmail.com.

I was all set to tell my kids and my 85 year-old mother (all Gmail users) that they could now post a web page or two super easy, but I’m not going to. I’ve worked very hard to make sure they’re addresses are not easy to find online and with one click of the publish button Google will make their e-mail addresses available to every stalker, sexual predator, phisher, and spammer out there!

I suggest you tell those non-technical users you know and care about that they should NOT use Gpages at this time. Right now I’d have to say that Gpages users are just setting themselves up for a whole heap of spam if they decide to post a site.

How long will it take spammers to get Gmail harvesters out in droves searching for URLs that can be converted into valid Gmail addresses?

(Note, if you already published a Googlepages site and are now worried about having exposed your personal information to the world, there is an “unpublish” option that you can use to take down the page.)
That sounds like a good idea.
I hate to say this but shame on Google for not seeing taht the bad guys could abuse this new service so easily. Given all the flack they’ve received about Blogger becoming a haven for spammers you would think they’d have learned to build some level of secure thinking into new products from the get-go.

Posted by Don Singleton at 12:42 PM

1 comment:

Hong Xiaowan said...

Your ideas cool. I also have a plan to perfect Google pages.
The Google Applications of Sitebases Protocol

3:20 AM

Post a Comment

Subscribe to: Post Comments (Atom)