Comments on: Privacy, Gmail, and Unintended Consequences

By: Victor

Victor — Fri, 28 Sep 2007 22:16:02 +0000

As long someone pays others for Email marketing these things wont stop, thats my opinion…

By: Sahibinden

Sahibinden — Sun, 29 Jul 2007 00:26:17 +0000

I can think of all kinds of fun ways to probe people’s email by buying keywords

By: Anonymous Coward

Anonymous Coward — Sun, 22 Aug 2004 17:41:36 +0000

"Pity that people will spend thousands of hours, and millions of dollars arguing over the best way to protect us from ourselves, but that we won't spend five minutes learning to use a simple encryption
system that could completely erase these very issues."

It's there already, and almost every modern e-mail client supports it: it's called S/MIME.

By: deizel

deizel — Thu, 22 Jul 2004 23:56:15 +0000

this is the internet, the world-wide web, everything on it is in the public domain, unless it is secured, which in this story was not the case. i personally would never upload personal information to a location online unless i didn't mind the consequences. 'oops, i enabled something that specifically stated it was tracking software and clicked on a [quote]private[/quote] link'. must be google's fault of course. slightly sarcastic, i know, but the onus is not on google any more than it is one either end-user.

as for gmail, it's not in the public domain. your email's end up on google's secure gmail servers, which i'm sure is a legal requirement which is strictly in force. whether you are aware or not that people browse with link indexing software enabled (google or not), you should not be sending private links across the internet without any type of security in place. also, when it comes to the ads, google don't hire employees to sit and read through your email and pick out keywords. it's done by machine, the same ones that send your emails from one server to the next, scanning them for keywords which trigger of spam detectors, as your 'private' text file traverses the planet.

c'mon folks.

oh, and all email to my domain is also redirected to gmail. you've got to love it.

By: google.com

google.com — Fri, 07 May 2004 20:58:24 +0000

[quote=Rick Mason] You had better be prepared to share any links or file attachments you send to a GMail address with the entire world.[/quote]
Err.. that's not exactly true. Because links are spiderable, there is a chance they end up in google's cache, but that's what links do: they point people to /public/ resources, on /public/ webservers.
The attachements are not spiderable, and in no way public.

By: Andrew Sidwell

Andrew Sidwell — Tue, 04 May 2004 21:16:35 +0000

In the free version of Opera, if you allow AdWords advertising instead of generic banners, you get a similar effect. I am very cautious of who I let know “secret” URLs for that reason.

By: Rune

Rune — Fri, 30 Apr 2004 11:18:10 +0000

This could actually explain why the Googlebots tried to index pages hosted on my personal computer (address never revealed to anyone), only minutes after I activated a “dynamic dns” service, (which made the pages accessible to the outside world – only protected by a firewall), and I tested the pages using the “external” URL.

I never understood how they (The Bot-monsters) could guess I had stuff there. I was wondering about the dyn-dns service… But Googlebar, that actually makes sense…

By: Dave King

Dave King — Fri, 30 Apr 2004 05:46:58 +0000

This seems to be a textbook example of failed security through obscurity. As nosebreaker.com (the last poster) said a webserver is made to share information with the public. Putting a file in robots.txt is also a bad idea in my opinion, it’s just a different way of security through obscurity. A hacker can look at robots.txt just as easily as Google can and see the url for the file with “extremely personal information”. They can then download and use the informaition for whatever they want. johnny.ihackstuff.com/index.php a list of tons of searches to find stuff that has been spider by Google and is made public because the user trusted security through obscurity. A simple way to have solved this problem would have been to passoword protect the file or possibly the whole folder (which is very easy to do in both Apache and IIS). Security through obscurity does not work! Also, a not on Gmail, nobody should trust email to be secure or reliable. Email is easy to spoof, easy to do man in the middle attacks, and the integrity is not guarenteed. Gmail didn’t create this problem, I’m glad it’s making news though and getting this issue out so people will realize it.

By: nosebreaker.com

nosebreaker.com — Thu, 29 Apr 2004 19:30:04 +0000

I think the problem does not lie with google, but rather with the person hosting the file. Web traffic is PUBLIC traffic. The whole point of a web server is to SHARE information. If you don’t want to share it, don’t put it on a web server. Just because you didn’t know google would index it doesn’t mean it isn’t your fault for sharing it. The same thing goes for email. As soon as you send a message, you lose all rights to that message. Think of it this way, don’t tell a untrustworthy person something you don’t want them to share. With email, everyone is untrustworthy.

By: Seun Osewa

Seun Osewa — Thu, 29 Apr 2004 18:34:28 +0000

Yes, but no-one has established the nature of the harm that would come from someone inadvertently sending e-mail to a gmail.com adress!