PlanetFunk

It seems that one attack vector used to hack accounts is based on the same email address being used on multiple sites. This would also go for email addresses using a simple algorithm (ie. news.ycombinator@somedomain.net for HN, facebook@somedomain.net at FB, etc).

In the age of keepass/lastpass etc, and on a scale of 1 to "tin foil hat", would it be better to use a randomly generated address for each site (ie. 46ia0ygd51tw9src@somedomain.net)?

Edit: This is using your own custom domain, and catch all email address. You could probably use gmail/hotmail accounts, but setting them up would be very annoying.

Over the last week I've developed and released an extension for Chrome/Firefox that collapses and adds a toggle bar to each Google+ stream post.

I've also just released a bookmark that takes the extension code (from code.google.com) and injects it into the G+ page for those browsers that can't use the extension.

now, my understanding is that this is basically user-control cross-site scripting (XSS).

The thing is, it's exactly what all of the extensions are doing anyway, isn't it?

Is there something I'm missing?