new social attack vector

[dsrtao]

Let us suppose that our target, Tom, is a habitual user of an RSS aggregator. Early on Tom used the service as a fast browser selector, making filtering decisions but ultimately viewing the content by clicking the links. Soon, however, he starts reading some sources right in the aggregator. Eventually Tom relies on the aggregator for leads, filtering and the majority of reading.

Now Mallory gains control of the aggregator in such a fashion that she can insert, edit and delete stories. Tom has a high degree of unwarranted trust in his news source. I don't see any standard verification mechanisms in place for Tom to assure authenticity...

Google is perfectly positioned to be Mallory.

Comments

[jducoeur]

While true, I find it hard to believe that any serious manipulation would go unnoticed for more than, oh, about ten minutes before it was all over the Net. So unless you got *all* your information through the aggregator (a possibility, admittedly, but a dumb move), you're likely to find out fairly fast.

And the reality is that Google doesn't have a particularly secure lock on this space. I've fallen into Google Reader as my principal source for tech news, but its hold there is insecure: there are a bunch of other well-reviewed options. So if they did piss people off, they could lose much of their audience with great speed.

So I'm not *too* worried about this particular danger. Frankly, it's a fair ways down on my list of "Things about Google that worry me"...