I did specify that the IP address is not clearly associated with Etacts, though it turns out that it probably is them. However, that's not the point. My post is an an invitation of sorts to check one's Activity Window, plus my suggestions in terms of what steps can be taken when an intrusion is suspected. BTW, the tone of my post was not meant to be outrageous nor accusatory of Etacts.
> Also, wiping your computer or using 1Password isn't going to stop you from giving your password to random web apps...
I'm not incautious with my password in the least. It's generally not hazardous to sign in with Google elsewhere, provided you trust the site. You can make an assessment of the risks and benefits of singing in through your Google account yourself on a site-by-site basis. If you have reason to believe that they've violated your trust or that a security breach has happened, you can revoke access (from that site) and change your password (or even decide to be paranoid and never login elsewhere again).
Changing my password that I've given to a website hardly qualifies as "revoking access". I have no problem using my Google Account as a login mechanism when it's through oAuth or xAuth or whatever Google is using these days for that pass through, but the Facebook give-us-your-login-temporarily style stuff is unacceptable.
the Facebook give-us-your-login-temporarily style stuff is unacceptable
Agreed. IMO, asking for your password when there are API's readily available is alone enough to disqualify a company from being "trustworthy". Just the idea of keeping a bunch of GMail passwords in some decryptable database is quite a bit scary.
Not if you give your username and passwords to websites. I feel like you don't understand this distinction all up and down this thread...
Also, man, what is the point of DBANing your install? Is software that is no longer accessible to the OS or likely even any consumer level hardware going to magically log your keystrokes, I mean make you give your usernames and passwords to websites and then be surprised that they use them?
>Not if you give your username and passwords to websites. I feel like you don't understand this distinction all up and down this thread...
I've never given my username and password directly to websites, except for Etacts. For the other sites, I simply authorized them (through the Google interface) to access certain functionalities. Behind the scenes Google doesn't provide them with my password: https://www.google.com/support/accounts/bin/answer.py?answer...
They also put such sites on a list of that is accessible from your account. You can remove sites from that list at any time.
> Also, man, what is the point of DBANing your install?
Yeah, that's sort of unrelated. I've been planning a clean install for a while.
> you give your usernames and passwords to websites and then be surprised that they use them?
When THEY use them? No. When someone else does, yes.
Anyway, we have beaten this horse to death many times over.
You're giving your password to someone else. You don't magically get some guarantee that they are safe, that they won't be stolen etc. Yes, I know that oAuth perms can be revoked, that is the entire point and that's why it's dumb to give a site your credentials when better alternatives exist.
"I've never given my username and password directly to websites, except for Etacts." This is all about Etacts right? How do you expect someone to be accessing your account? You gave them your user and password. The point is, you hand out your username and password, it just makes you look silly to suggest that your account is being compromised by covert wifi sniffers (you are using encryption right?), etc.
I still don't understand why you need to DBAN to do an OS reinstall unless you are just using the term DBAN loosely.
> Also, wiping your computer or using 1Password isn't going to stop you from giving your password to random web apps...
I'm not incautious with my password in the least. It's generally not hazardous to sign in with Google elsewhere, provided you trust the site. You can make an assessment of the risks and benefits of singing in through your Google account yourself on a site-by-site basis. If you have reason to believe that they've violated your trust or that a security breach has happened, you can revoke access (from that site) and change your password (or even decide to be paranoid and never login elsewhere again).