Hacker News new | ask | show | jobs
by msteigerwalt 6704 days ago
Exactly. This is something a user of Google Toolbar might have cause to gripe about (assuming they weren't told in advance), but not someone who owns a website with 404s that get redirected.

However, for people who like to put sensitive user data in GET variables (coughMonstercough), this is yet another reason why they shouldn't do that.
1 comments
bp001 6704 days ago
Where it becomes a problem for people who own a website is when this behavior causes additional support calls due to a more informative 404 page being masked.

It will likely result in incidences where support staff have a checklist of "do you have the Google Toolbar installed? Uninstall it first." However, I don't imagine there will be a ton of cases like this.

I do think it is a mistake that the Google Toolbar enables this by default. Taking this power away from the website owners is not good. And let's be honest, At least 50% of people who have the toolbar installed are not technically savvy and a good portion of them probably didn't even intend to install the software (it was bundled with another download, etc).

Also, I don't see a problem with the practice of putting sensitive data in GET variables if the website is protected by SSL - Am I missing something? Edit: Thanks for the reply aaco, those are both valid reasons and I appreciate the insight.

link
aaco 6704 days ago
"Also, I don't see a problem with the practice of putting sensitive data in GET variables if the website is protected by SSL - Am I missing something?"

GET requests are logged by the web server and in the browser history in plain text, even for SSL requests.

Therefore any server administrator or computer user can have access to those information just reading the server log or the browser history.

link
pchristensen 6704 days ago
"At least 50% of people who have the toolbar installed are not technically savvy and a good portion of them probably didn't even intend to install the software (it was bundled with another download, etc)" - If you think this can't be possible, then you don't talk to enough normal people!
link
bp001 6704 days ago
The thing that makes me say that a lot of people don't even realize this software is installed is due to two main scenarios:

1. When downloading other software, I have seen several instances where the Google toolbar is bundled, and you have to go into an advanced menu to de-select it. 2. Many OEMs are now shipping computers to people with the Google Toolbar installed.

I believe these two cases account for a large number of the installs. Possibly even greater than the number of users who intentionally go out and download it, but more likely in the 30% range of new installs.

Of course, I have no real numbers on this, and so it is pretty much a guess.

link