Google still broken, BBC fixed.
So 3 weeks after I mentioned the Google script insertion flaw, and long after I mentioned it to them (years really of course as it’s the same as one from 2002) it’s still sitting there - and this is a company we trust with our email? I wonder how long it really takes to fix trivially simple security holes in your product?
The BBC news site is fixed now though, in fact they fixed pretty quickly, and also removed all the personal tracking stuff they had on the page both from ATDMT and Red Sherriff. The Red Sherriff stuff was mentioned on the privacy page, the other stuff wasn’t and it was this I mentioned. Well done the BBC.