June 4th, 2005

(no subject)

sorry... forgot to introduce myself before i started commenting.

I'm Alan, and I head my own corporation which primarily focuses on science and technology, with their relation to the arts. I have worked with computers since I was a 9 year old, hence why this business started as a club back in 1996. I spend my freelance time helping others with anything that I can offer help with, and I am in the middle of a project to get a version of LiveJournal (the server) working on a Windows NT based system.

I've just completed a year-long Honors in Research dissertation and project related to computer network security at the Academy (which is one of two high schools I am graduating from this year) and I am going to be a freshman at UConn next year - attempting a possible double degree program culminating in a BS in Business Management (which I already have been accepted) and a possible BS in Computer Science or BSE in Computer Science & Engineering (it will be one or the other)... I think that's just about it about me.
  • jc

Google and LiveJournal

With all the kerfuffle surrounding Google's launch of their Web Accelerator and the veritable shitstorm that resulted from it, I was wondering what the community's position (and perhaps more importantly, LiveJournal/SixApart's position) on it is, given that there are tried and tested ways of blocking the Web Accelerator from accessing sites, as well as ways of preventing the Google Toolbar from changing page content using AutoLink.

A number of web sites have implemented access restrictions lately to block the GWA from accessing pages, and the reasons given for these restrictions - notably the eight provided over at Wolf-howl's block page - raise a number of important concerns for LiveJournal users, especially the security concerns. Use of the GWA proxy with a LiveJournal login session makes all of that user's LiveJournal cookies, account information and access rights available to Google's servers, as the Accelerator may for example pre-fetch editinfo.bml or friends-only entries even if the user doesn't access them.

Those users of the GWA won't necessarily be aware that this essentially personal and confidential data is being accessed on their behalf, unless they read through the T&Cs or the support page, essentially making webmasters responsible for raising awareness of this and in some cases blocking the GWA entirely. I'm sure its pre-fetch habits ultimately lead to an increase in used (and wasted) bandwidth, and I'm sure few users would be happy to know that their friends-only entries may be being funneled through a virtual proxy provided by a company people are starting to distrust.

The solution I have encountered for blocking GWA from accessing pages relies on mod_rewrite, although there may be a more elegant solution for a site the size of LiveJournal. (A number of solutions also exist for blocking Google Toolbar's rewrite capabilities.) Thoughts?