Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Google Search and Gmail Correlation
From: "Ádám Szilveszter dr." <adam () nhh hu>
Date: Thu, 24 Feb 2005 13:12:24 +0100

Hello Cody,

I think that what you are observing is this: the cookie you get when 
visiting your gmail account is valid for the whole google.com domain, and 
therefore will be transferred again when you do web searches as well.

As you write, this is not a bug per se, the cookie mechanism is working as 
expected.

It is also obvious that such an approach may raise privacy concerns.

Now, *if* google wanted to mitigate this problem, it would be easy. They 
should migrate the gmail service web frontend to a subdomain (say: 
gmail.google.com) or even a whole new domain (gmail.com exists already but 
www.gmail.com merely redirects) and make the cookie only valid in that 
domain/subdomain.

The questions is, do they want to do this?

And yes, for now, if you are privacy conscious, delete the cookie before 
doing a Google search (or using any other Google service).

Regards:

Szilveszter Adam
Budapest
Hungary
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault