Privacy and Protection, Virtual World Platforms

Phishy Tips from Google Lively

08.08.08 | No Comments

Google’s Lively posted some handy anti-phishing tips for its users, thus drawing attention to the fact that in a browser-based virtual world, well, there’s a browser thing in the middle, and spoofing sites and log-ins isn’t so tricky to pull off.

Among the handy tips:

“Always be cautions when clicking on links, especially if you see any of the warning signs above. The purpose of these sites is to direct you to a website where they can collect your username, password, or other personal info. “

Of course, the fact that Lively rooms are embedded in the browser, and can be further embedded in any site, it means that all Web sites that have Lively rooms want you to access those rooms by entering your username and password into the Google application. With the pop-up input screen, the URL isn’t visible, so it isn’t terribly difficult to replicate the input console in a way that the user doesn’t realize that he’s not entering a Google domain.

“URL/Website Warning Signs

* It doesn’t look exactly like an Lively page, or the HTML loads incorrectly.
* The URL doesn’t look like other Lively or Google URLs (lively.com or google.com is immediately before the forward slash). It’s not safe just because it says Lively somewhere in the URL.
* The page will accept any username/password without returning an error.
* If you clicked a link in an email, verify that the Web address in your browser is the same as the address shown in the email.”

Again, the issue here is that when you go to enter a Lively room embedded in a blog or site, there IS no URL. There’s a little screen capture of the room, and when you click it a window pops open asking for your user name and pass code – which are the same as your Google ID.

Perhaps they should recommend not entering rooms when the Lively room is embedded in a site? But that would kind of defeat the purpose, no?

Google has also been trying to deal with the plethora of sex-oriented rooms (much as EA is trying to sort out Sporn), it all just goes to prove that code without policy is an invitation to a mess.

Today’s top Lively rooms:

Tagged: , ,

speak up

Add your comment below, or trackback from your own site.

Subscribe to these comments.

*Required Fields

Creative Commons License
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 Unported License.