On Apr 16, 8:26 am, meanderingthemaze <[email protected]> wrote: > While I am not attacking Google on this one, I do think they could be > doing more to inform people about Gears as they become more > widespread. [....] Like I said, since users are told it is Google > software, many people will assume it is safe because it is Google's > software. (You cannot assume that they understand what is really going > on behind the scenes. There are still people who don't know the > difference between Email and Web Browsers, for example.) I hope that > people will have more caution, but it still feels a little > irresponsible. I concur.
> But I digress. I am really interested in hearing more from Google > about the potentialsecurityhazards that Gears could introduce to > users and how to protect them from those hazards. FROM GOOGLE. I concur. > On Apr 16, 2:42 am, Eduard Martini <[email protected]> wrote: > > > This is not a "securityrisk". You are asked if you allow gears for > > that site. Nothing is hidden. It is like I make a site with a link > > asking: "Do you want to download and run my_virus.exe?" If you say > > yes, you got my virus. There are many "securityrisks" if the user > > just accepts all the warnings that he got, Gears brings nothing new. Nonsense. I install Gears, I of course am trusting it's developers (and trusting Google to administer the project properly). When I go to, say http://www.databreaches.net/wp-admin/tools.php and see "Turbo", click and see this, I haven't the SLIGHTEST idea to what extent I am trusting wordpress, or the administrators of databreaches.net: Turbo: Speed up WordPress WordPress now has support for Gears, which adds new features to your web browser. After you install and enable Gears, most of WordPress’ images, scripts, and CSS files will be stored locally on your computer. This speeds up page load time. Don’t install on a public or shared computer. Install Now I go to the Gears website, and look around for info that might give me some clue about the extent I would be trusting wordpress, or the administrators of databreaches.net by clicking 'Install Now'. Result: FAIL. IIRC, I looked into what extent I was trusting sites to store info locally by the flash plug-in, and I found the info I needed to feel I understood the security, and feel safe enabling it in some cases and able to control it on a site-by-site basis. Whether google does/does not intend to review all submitted code should be answered too.
