MyWay, Excite, and iWon to offer more email space

Should be interesting. It would be nice to see large freemail accounts that don't have all the privacy implications of gmail.

There are no privacy implications with Gmail, surely everyone uses Google?

Yes there are.

I'm quite happy with my gmail account so far. It's been funny, since most of my gmail interactions have been on the topic of google and gmail, so the ads have been ads for other google services. errrr, yeah, i'm already here, kids.

I've made proof of concept of explotation through the ads.

I set up a situation in which it can be used to trick people into giving away their bank passwords.

Never ran the exploit of course, but it was damn easy and the proof of concept shows that Google's not doing much to prevent what I personally told them could be done.

What people simply don't get is that the predictability of the ad means people can find ways to deliver their message/exploit with email sent to the GMail service.

This is a flaw with the integral way they operate and monetize their free service and all they can do is mitigate against it, they can't eliminate this threat.

Since I have to keep getting new bankcards due to forgetting my password I won't worry about that particular flaw.

It will be interesting to see how the various services develop as they move through the testing processes.

Arg, you don't get it. That's just one example. In the space of five minutes I can give you as many as I can type. There are no limits.

Think of it this way, the ads are a form of an attachment that others can appent to email you send to a gmail user.

Your reaction is "that particular attachment doesn't worry me".

That makes no sense, the problem isn't that one attachment, it's the fact that others have the ability to predict (to varying degrees of success) what they need to do to attach something to messages sent to Gmail.

I'd have no problem using a Gmail account, I've more of a problem sending mail to any.

If I were so inclinded Beth, I could serve your friends disparaging messages about you next to the emails you send to Gmail users.

This is not just a "bank" problem. This is a problem in which the predictability of contextual advertising allows other a way to attach messages to particular people's emails.

Miscreants may use it for more than just commerce. There are many ways, the problem is one of the very concept and not specific implementations (that can be fixed) the concept itself has the flaw.

Email is a private medium between restricted participants.

Contextual ads mean that to some degree there is predictability of what will be served.

If others can predict this they can directly manipulate it (anyone with a credit card can sign up and start running ads next to your emails within 5 minutes).

If others can manipulate it they can perform exploits.

Now Google can mitigate against it but only to some degree, as the flaw is inherent to the system.

So, if I decide I want to deliver my message with all of your emails to your friends (who use Gmail) I can (to varying degrees of success).

The bank expample was just a simple proof of concept for a technical writer. I ahve thought of hundreds of ways to do bad things with Gmail's ads and if I were so inclined I could think of thousands more.

The flaw is that through the predictability of contextual ads it makes a private medium open to people who can successfully guess at and append their messages to your emails.

This is not to say that it's a big deal and you shouldn't use it. Feel free to. I have an account (I'll probably give it away to a friend who has been pestering me for it as I have no use for webmail) and I have no fear of using it.

I might not be willing to respond to Gmail users though. Many whole servers and small ISPs refuse to allow it and direct you to the gmail is creepy website.

The riss are such that some should not be too concerned. But the risks are inherent to the service and I have already made proof of concept for this.

I might create proof of cobcept of being able to disparage someone next to emails they send if any media outlets or security firms are interested in seeing it. It's child's play. Anyone can do it.

I've read a few of your other posts related to Google, gmail, and the contextual ads, craven. I've understood what you've written (in the posts I've read) about the variety of ways the service may be taken advantage of. I reacted to the bank password one because it struck me as funny in my situation.

As I've noted, I'm interested in this development process. I'll keep playing along with a number of the providers til I find one I like as much as the one I use as my primary service.

Wanna test a proof of concept?

I can't.
You just told me to re-start my computer.

Huh?

(you know - the rotating avatars)

Ahh, you always do that to me (reference an avatar and I have no idea what you were talkin' about).

You're welcome.



Sorry.
I snorted again.