Right - and the article's scenario is that some untrustworthy code has somehow obtained (with or without the user's OK) root access such that it can see the allegedly plaintext data and do something nefarious with it. But fundamentally they're complaining that in that scenario, said code running as root can (gasp) access private data. Well, duh, if they gave it root access, it's game over for local security: that's how root access works.

They say the info is only available if the device has been rooted: the malicious software has root access. And their "solution" is that Google should store the local data in encrypted form. Anyone notice a fundamental flaw in this "solution", or heck, in the assumptions underlying their alleged problem?

If you rooted your device and therefore you disabled the security, what good is encrypting data locally? Any hack worth its salt would... well, I won't elaborate, but to software running as root, by definition, any locally accessible data and software is accessible. (And of course the same goes for an attacker having leisurely physical access to the hardware.) Basic security facts.

Honestly this all strengthens the argument for keeping all sensitive data only & always in the cloud: then the meagre security of your local device (pc, phone, whatever) might well not be the weakest link in the chain. This aspect did get a brief mention in the article, sort of, but it should have been the focus.

I wonder if the ebook sales indicate more precisely what people actually want to read, as opposed to what the marketing machine of bookstores convinces them to buy. (You didn't really think that piles of "our recommended books" or even "best-seller" lists were fair and/or merely the things that bookstore employees liked, did you?)

Of course marketing does affect ebook sales as well, but perhaps not as much as the effect of being in a store and seeing a pile of what's clearly the latest hot seller, the book that everybody is talking about, which obviously you should buy. Not to mention that the selection in a physical store is so limited, which thus skews sales toward what is already selling well (whether fairly or not).

Well, um, I have to admit that we are indeed given ice cream too. Ben & Jerry's "Fairly Nuts" is my current favorite, though their Chocolate Fudge Brownie is a close second. Luckily the freezer is on the floor above mine so I always walk up the stairs to work off the calories in advance. That works, right??

Whatever they decide to do, some people are going to complain. The gmail-based service lets people use POP and IMAP so they can use a different UI if they want. So you've got real flexibility, and a default UI that (in most people's opinions) doesn't suck. So... what was the problem again?

so... which other hackers are you suggesting would have (as their primary goal) to access the Gmail accounts of Chinese human rights activists? Perhaps you should reread http://googleblog.blogspot.com/2010/01/new-approach-to-china.html if you are fortunate enough to have access to it.

The point is China's ongoing surveillance and censorship of its own citizens, which I hope nobody needs extra evidence to believe in.

Gears was a smart way to get important new features into stagnant older browsers (we're looking at you, IE...) and implemented far more quickly than any standards process allows. Now that those features are in the HTML5 standard, there's no reason to require gears. Until the next round of feature-adding, of course...