Clarification of Google iframe

[foothead]

I wouldn't doubt that Google is probably taking more than they should, but wouldn't think too much beyond that. For someone to get at your PM's would still fall into the eavesdropping category... e.g. I doubt they're getting a print out of everyone's PM's. And if they are... well.... I'm making a second account and sending it dick pics

Correct me if I'm wrong, but is all text entered within an iFrame not automatically viewable to the iFrame source? Even if the PM itself is sent through a secure manner, google would be able to aggregate our PMs by "reading" them a they are composed.

I have seen this technique used to glean credit card information on multiple occasions. Wrap a secured site within an iframe, and you gain access to personal information without any need for interception.

 

[Bahawolf1]

May you point out where you're seeing that the site is being loaded from within an iframe? I see that some of the marketing scripts mention iframe from within the script name, but the site itself is not being loaded via an iframe.

EDIT: Sorry, I just saw the attachment. External scripts can be loaded in via an iFrame, without exposin g the content of the entire site.

 

[Technician1]

Correct me if I'm wrong, but is all text entered within an iFrame not automatically viewable to the iFrame source? Even if the PM itself is sent through a secure manner, google would be able to aggregate our PMs by "reading" them a they are composed.

I have seen this technique used to glean credit card information on multiple occasions. Wrap a secured site within an iframe, and you gain access to personal information without any need for interception.

Yeah. Because Google has sufficient manpower to sit and personally read billions of personal messages every minute.

The bottom line is everything on the internet is public everything you type and send through the internet is public anyone can see it if they want to don't assume there is any privacy or safety in public.

 

[Bahawolf1]

Yeah. Because Google has sufficient manpower to sit and personally read billions of personal messages every minute.

The bottom line is everything on the internet is public everything you type and send through the internet is public anyone can see it if they want to don't assume there is any privacy or safety in public.

Agreed.

Though I think it is important to be alert online, there is very little to be obtained through ComputerForums. This community doesn't process orders for anything, and there really isn't any propietary or valuable data that can be stolen.

From a security standpoint, the site is running an older version of vBulletin. This is a larger security concern than any script being pulled in via an iframe. Seeing as the scripts are coming directly from Google, there is little chance for the source to be manipulated. That being said, the site is at a higher risk of someone exploiting the software, and dumping the database, than it is of Google reading your private messages.

Making it a habit of having a unique password for each site reduces your risk. Using a third party app like LastPass makes it incredibly easy nowadays, and then you don't have to worry about getting accounts stolen due to a data leak.