A posting on Darkness Productions, alerted us to GTalkR, a Flash based service for chatting on the Google Talk system. It has, what looks like, a very pretty and easy to use interface. Om Malik took a look at it, and he liked it, though he questioned the storage of chat logs on their servers.

After we took a closer look, we think he neglected to question and explore what happens when you provide your username and password to this service — it appears they have access to all aspects of your Google Account. This is a major problem. Personally, I don’t want anyone else having my information, let alone the information of hundreds, possibly thousands, of others. My links for the privacy policy and terms of service weren’t functioning. No insights into the storage architecture they are using makes me nervous. I suspect the creators are well intentioned, but that doesn’t remove the need to pay attention to privacy and security.

Now, I’m all for having apps created to make using other apps easier. However, neglecting any of the “CIA Principles” to do so, just seems wrong. If this service were on Google servers, run by Google employees, this might be a different story, but alas, this is not the case.

Use this with caution – and always be careful before giving out your username and password.

About the Author Michael Santarcangelo

The founder of Security Catalyst, Michael develops exceptional leaders and powerful communicators with the security mindset for success.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}

Don't know where to start?

Check out Security Catalyst Office Hours to meet your peers and celebrate the good, help each other, and figure out your best next step. We meet each Friday… and it’s free to attend.