If you're sitting at someone's computer you can do all sorts of stuff. Their calendar and email are probably already open. You can look at their photos. You can even listen to their music.
Update: I should add that this probably should be optional since it goes against a reasonable expectation. But considering it requires an "attacker" to have physical control of the computer, I don't find it super serious. Dropbox behaves the same way (though I guess you usually don't see anything else on the web that you can't on the desktop).
I completely agree with you, and in general hate when people whine about security where there wouldn't be an expectation of some.
That being said, I think it would be nice if Google made this particular functionality optional. For some shared user environments where you want to maintain the illusion of privacy (e.g. "family computer"), it might be nice to force password to view more sensitive information (e.g. e-mail).
I won't comment on DropBox because I don't expect any better from them with regards to security.
> That being said, I think it would be nice if Google made this particular functionality optional. For some shared user environments where you want to maintain the illusion of privacy (e.g. "family computer"), it might be nice to force password to view more sensitive information (e.g. e-mail).
Agreed. No difference for me since I have my Google powered mail all going into Mail.app which does not require a password, but in some shared environments I definitely see the point. Though in a shared environment you should be using different accounts otherwise stuff like Google Drive and Dropbox don't really make sense anyway.
A shared computer can still have different user accounts. There's really no reason to share an account anyways, and on Mac and Windows machines at least (can't speak to any particular Linux) this gains you access to parental controls and other useful widgets.
Basically if you leave your account logged in, it's expected behavior that anyone who rolls up to the console has access to everything that account does. This is not a security issue at all.
Of course it can. Google can obfuscate it if they like (presumably quite well, being Google), but ultimately it's just data on the machine. Malware has just as ready access to that as everything else.
If I log out of my Google account in the browser, I have a reasonable expectation that things on that computer can't log into my Google account in the browser without my credentials.
Google Drive saves your login credentials, or at least some sort of authentication token, otherwise you'd have to enter them every time at launch.
Naturally, anyone with access to your computer could use those to access your Google Account. Google just made it more convenient for you, the authorized user, to do so, by adding this feature. It does not reduce security in any way, as even without the option to log in to your account on the web, the authentication information for Google Drive will still be on your machine unless you want to log in every time.
Of course, they could use a special authorization token _just_ for Google Drive, but that's not how Google's services have ever worked.
"but that's not how Google's services have ever worked."
That's not totally true. A few services (Wallet, Account Activity) require you to re-authorize yourself.
It's unfortunate that most Google products request "Full Account Access" (along with specific services) -- especially as most third party apps request only what they need. See: https://accounts.google.com/b/0/IssuedAuthSubTokens?hl=en
I have a few apps on my phone that only have access tokens for google reader. Oh, and this is the list of access given to Google Drive:
Google Drive — Google Contacts, Google Contacts, Full Account Access, Google Docs, Google Docs, Google Docs, Google Talk
So they're 90% of the way there, they just need to get rid of the 'full account access' that's layered on top of access to the specific parts of the account for some inane reason.
This probably happens because Google Drive's windows service caches your credentials (or the special password you 2-factor users have to make for programs that can't do 2-factor), in order to authenticate and sync between cloud and desktop.
Clicking the link uses those cached creds to authenticate you and pass you to the website...then since you're already authenticated, clicking "Gmail" takes you to your inbox.
So maybe the credentials we give to Drive shouldn't have permissions to Gmail? Can we set the permissions for the 2-factor passwords we create? Why not?
This just in... every web browser is a security back door to all your web apps!
If you sign in to a web service and click "remember this computer", close the browser, get up and walk away, and someone else sits down at your logged in computer they have access to all your web stuff!
This is a bunch of alarmist nonsense. For starters this is no "backdoor" it's front and center, and the author acts as if the concept of locking a user profile behind a password on the OS level is a completely foreign one.
Client side software devs assume that a user set up a local password because there is only so much that can be done for the user, and otherwise this makes this sort of software very cumbersome to use on a continuous bases.
I wasn't concerned for this exact reason. I have a secure desktop password and take adequate precautions to ensure security.
The only real risk is with work computers, and anyone who doesn't have their desktop go to screensaver with password unlock after 5-15 minutes activity is just an idiot.
When I was in the bank getting my mortgage, I noticed their computers stay on for ~2 minutes before going back to a password screen for very obvious reasons.
This is obvious for me - no news.
However, I just talked to my friend working as a teacher in school here and it is kinda a big news for him. The teachers there had expectation that if you log out from Google on web you can lend your laptop and that person will not be able to read your emails.
I just can imagine how many other security holes people create by not understanding technology they use.
With the new unified Google, users should think of local Drive as local Google. It is hard to say if web based logout should trigger a local client app logout, outside the web browser. Leaky abstractions FTL.
That the choice between security and convenience can be made, in this situation, is a reason I value these combined services less than I value identical services provided from separate organizations.
If all of my eggs are in one basket, tradeoffs between security and convenience will be too tempting.
Update: I should add that this probably should be optional since it goes against a reasonable expectation. But considering it requires an "attacker" to have physical control of the computer, I don't find it super serious. Dropbox behaves the same way (though I guess you usually don't see anything else on the web that you can't on the desktop).