Google Web Accelerator - Security Risk

[Ryan FB]

Just thought I'd warn the people here, especially since this a registered-users-only forum. Google's new web accelerator works by caching pages you view and serving them up to other people who request them. The problem is, in its current incarnation, it is a major security/privacy risk. Any page you view while using the accelerator can be viewed by any other user. So, for example, if you log in to LCVG while using the accelerator and view your private messages, anyone else visiting the site might see those pages and be able to view those messages as well. The only pages not affected by this are https, ones you specifically tell the accelerator to exclude, and pages which serve up specific messages saying they should not be cached. I haven't seen if LCVG specifically is affected, but many other forums are. I would strongly advise against using it in its current form.

[Camp]

I can't seem to download it.

The security risk is a gaping hole but I still find the idea of the app very interesting. Kind of like Bit Torrent for web browsing. I'll certainly watch this one evolve.

[Robot Monkey]

Thanks for the warning. Does Ggogle allow websites to opt out in anyway?

[Ryan FB]

Just an update to say that LCVG is probably not affected by this as it sends out "Cache-Control: private" with the headers for forum pages, which the accelerator seems to obey. Apparently, GWA ignores the "Cache-Control: no-cache" directive that some servers use instead.