Since we have recently implemented Google Checkout, I will be trying your method to increase our gc conversions.

Thanks
Matt

Ultimately this post is about social engineering and profiling grabbing data from any source you can, be it twitter, facebook or blog comments.

Talking with a lovely gentlemen the other day who wanted to remain nameless suggested using javascript executed through flash was an alternate method as it bypassed many of the safeguards put in place by the browser, but in turn will meet flash own limited ones I haven’t tested this but he did show several impressive examples using what appeared to be this technique.

It really needs to be emphasised the information you can grab is very very limited, their is an exception to this and that is if the javascript is run on the local machine. i.e if I could convince a user to execute a script residing on their local machine, then you would have full read/write access.

Wouldn’t you just hit permission denied on the window.frames['myframe'].document.getelementbyid?

I must be missing something?

or a flash game, then its reliant on a bit of social engineering humans are creature of habit, the first thing I do is open my emails the second is look at messages, the funny picture of my mates friday night out etc, of course in theory this should effect users surfing the web from work less because depending on company policy they wouldn’t have opened a gmail account or facebook but how many people really obey company policies?

I had little doubt that Google tracks everything we do, they’ve not exactly made a secret of it. But, in my limited knowledge of cookies and tracking it seemed quite probable that others could gain information to my accounts if I surfed while logged in. Your findings prove my suspicions to be correct.

Good for marketing, I suppose; but horrific for personal data security. The last 4 digits and type of credit card??? Guess, I won’t be using Google Check out if I can help it.