[davidrudder]

"Due to this increasing misuse of the service and a desire to keep our community safe and secure, we are deprecating downloads." What misuse? Did I miss something? Lots of pedo-porn or something? Or was it simply people using Google code to transfer pirated files?

[marshray]

Any time you serve raw user-supplied files from * .[your site].com you take on some risk.

Older browsers in particular just love to treat everything under the same second level domain as coming from the "same origin". Browsers even have a hardcoded list of country codes and exceptions to prevent "example.co.uk" from setting cookies for all of "*.co.uk".

It's a total security mess and ICANN is not helping the situation by selling new gTLDs.

[a3_nm]

Err... Google can just use a custom domain (e.g. "googleusercontent.com" that they already use) to serve user-supplied files rather than stopping the service altogether, so I guess this is not the issue here.

[marshray]

Do you have any idea what it takes to (securely) bring up a new domain at that scale?

Hint: Take a look at the Subject Alt Names on some of the Google SSL certs sometime.