Google Is Tracking Your (and My) Purchases

Interesting. Google is harvesting information from Gmail about any purchases you make and then compiling them into a Purchases page.

Checking out my Purchases page, it looks like Google has a fairly accurate record of all my Amazon, Steam and (not surprising) Google Play purchases.

Honestly, I’m not sure why Google does things like this. It adds very little value to end users, Google claims they’re not using this information to target ads, and I imagine most people are going to find this creepy AF.

Stop Asking Security Questions

I typically see one or both of these pieces of advice regarding the ubiquitous “security questions”:

1. Users should go to absurd lengths to hide personal details about themselves online to make it impossible for hackers to guess the answers to security questions.

A company might ask you to use your favorite movie as a security question? Better not let anybody know about your affinity for Italian horror films.

2. Users should never answer security questions truthfully. Treat them for what they (sort of) are, secondary passwords and use arbitrary answers to them.

Like so much of infosec, these pieces of advice treat the user as the problem rather than the convoluted security mechanisms they are forced to endure. The best advice is, simply,

3. Stop asking users security questions.

Security questions add additional difficulty to accessing accounts without adding any additional security. At best, they force users to create and track multiple pseudo-passwords. At worst (which I suspect happens routinely), they trick users into tying easily discoverable personal information to their accounts, which makes targeted hacking attempts much more likely to succeed.

Just stop using them.