Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: Fw: Google Search and Gmail Correlation
From: "Esler, Joel CNTR/Sytex" <joel.esler () rcert-s army mil>
Date: Fri, 25 Feb 2005 16:10:13 -0500

IIRC, only if you turn on the "advanced features"

J

On Fri, 2005-02-25 at 15:46 -0500, Nancy Kramer wrote:

If you run the Google Toolbar they do know where you have been surfing on 
the web.  They do record it.  That's how you "pay" for the Toolbar.  Your 
theory sounds correct to me.

Regards,

Nancy Kramer
Webmaster http://www.americandreamcars.com
Free Color Picture Ads for Collector Cars
One of the Ten Best Places To Buy or Sell a Collector Car on the Web


At 04:28 AM 2/25/2005, Colin.Scott () csplc com wrote:


A little OT but I was pondering the other day about something.

Remember the Axis network camera "inurl" search that exposed internet
facing LAN cameras? Well I noticed that lots of those cameras are
configured on high ports. 7000 for example. Now, I wondered how Google gets
those cameras into its cache. Ok so there may be a web facing link
_somewhere_ that references the URL... but when you search there are
hundreds of these cameras in Google's cache. Now are Google going to tell
us that they got there merely from web links? Is Google doing port scans
when it finds an IP? Probably not.... So how about the Googlebar secretly
updating Google's cache when we use these things?

Just a ponder, please dont flame me if its been covered before, I havent
got my flame-proof trousers on today!  :)

Cheers,

Colin.







"Ádám Szilveszter
             dr." 
               <adam () nhh hu> 
To              Sent 
by:                  full-disclosure () lists netsys com 
full-disclosure-b                                          cc 
  ounces () lists nets 
    ys.com                                                Subject 
                                Re: [Full-Disclosure] Google 
Search                                        and Gmail 
Correlation                            24/02/2005 
12:12 




Hello Cody,

I think that what you are observing is this: the cookie you get when
visiting your gmail account is valid for the whole google.com domain, and
therefore will be transferred again when you do web searches as well.

As you write, this is not a bug per se, the cookie mechanism is working as
expected.

It is also obvious that such an approach may raise privacy concerns.

Now, *if* google wanted to mitigate this problem, it would be easy. They
should migrate the gmail service web frontend to a subdomain (say:
gmail.google.com) or even a whole new domain (gmail.com exists already but
www.gmail.com merely redirects) and make the cookie only valid in that
domain/subdomain.

The questions is, do they want to do this?

And yes, for now, if you are privacy conscious, delete the cookie before
doing a Google search (or using any other Google service).

Regards:

Szilveszter Adam
Budapest
Hungary
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html




***********************************************************************************

This e-mail is confidential and may contain privileged information.  If 
you are not the addressee or if you have received the e-mail in error, it may
be unlawful for you to read, copy, distribute, disclose or otherwise use 
the information which it contains.  Under these circumstances, please 
notify us immediately by returning this mail to 'mailerror () csplc com' and 
deleting this e-mail from your system.

Any views expressed by an individual within this e-mail do not necessarily 
reflect the views of Cadbury Schweppes Plc or its subsidiaries.  Cadbury 
Schweppes Plc will not be bound by any agreement entered into as a result 
of this email, unless its intention is clearly evidenced in the body of 
the email.  Whilst we have taken reasonable steps to ensure that this 
e-mail and attachments are free from viruses, recipients are advised to 
subject this mail to their own virus checking, in keeping with good 
computing practice. Please
note that email received by Cadbury Schweppes Plc or its subsidiaries may 
be monitored in accordance with the prevailing law in the United Kingdom.

***********************************************************************************


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html





--
No virus found in this incoming message.
Checked by AVG Anti-Virus.
Version: 7.0.300 / Virus Database: 266.4.0 - Release Date: 2/22/2005



-- 
Esler, Joel CNTR/Sytex <joel.esler () rcert-s army mil>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault