We Have To Trust Blogger

A long time ago, if we were setting up trusted hosts, in a browser trust list, we would add "www.blogger.com" to the list. The "www" alias is what would be used by any web services in our browsers.

Then Blogger rolled out New Blogger, and started using "www2.blogger.com" to separate migrated blogs from unmigrated ones. And a lot of Bloggers lost the ability to maintain their blogs, because their browsers were setup to trust "www.blogger.com".

Just recently, when Old Blogger was decommissioned, some ISPs providing access to Blogger as "www.blogger.com" again found their customers unable to maintain their blogs.

Similarly, we have to trust all Blogger content. Some security filters examine each script, one by one, to decide if it is safe to allow on the computer. If Blogger scripts have to be examined, one by one, before being allowed to run, what happens to the programs that are waiting for the scripts to run?

The Blogger dashboard involves hundreds of scripts. Some Firefox users are seeing "WARNING UNRESPONSIVE SCRIPT", because some security programs protect, by examining each script, one by one, to determine if it is safe.

Either Blogger is safe, or it is not safe - but it needs to be considered safe, on a domain basis. Not one script, at a time.
Heuristic Detection is an effective way to locate unknown threats for the most up-to-date realtime protection, but there are downsides.
Obviously this sort of scanning and analysis can take some time, which may slow-down system performance.

If we're going to trust Blogger, we're going to have to trust all content, from "*.blogger.com", or simply "blogger.com". Not "www.blogger.com" - and not by scanning content. We have to be prepared for Blogger to expand use of the "blogger.com" domain, not restrict themselves to "www*.blogger.com".

>> Top

Comments