Comment Some details on how it works (Score 1) 139
It's a CSRF attack. For more details see this blog post http://getahead.ltd.uk/blog/joe/2007/01/01/csrf_at tacks_or_how_to_avoid_exposing_your_gmail_contacts .html#preview
Check out DocTree.
I've never been canoeing before, but I imagine there must be just a few simple heuristics you have to remember... Yes, don't fall out, and don't hit rocks.