Search Mailing List Archives


Limit search to: Subject & Body Subject Author
Sort by: Reverse Sort
Limit to: All This Week Last Week This Month Last Month
Select Date Range     through    

[liberationtech] question about browser/Gmail subject line / browser history exposure

Eric Davis edavis at google.com
Tue Jul 17 22:48:24 PDT 2012


Hi Katrin,

Thanks for your response.  We would be happy to discuss this over the phone
with you and other interested members of the Liberation Tech List.  If that
sounds good to you, would you please coordinate with the others and send
some times that work on your end.

Regards,

- Eric
Eric Davis | Google Public Policy | edavis at google.com | 650.492.4612

On Mon, Jul 16, 2012 at 6:20 AM, Katrin Verclas <katrin at mobileactive.org>wrote:

> Hi, Eric - thanks for this message.  I appreciate the the cautions you
> note re. public wifi and internet cafe use, and all of us in this field
> certainly appreciate your use of https by default.  Gmail does stand out in
> that regard in comparison to the other, often-used email providers in the
> countries that I work in (such as Yahoo and Hotmail.)
>
> However, you are not addressing my question re. browser history.  I am
> copying the Liberation Tech list where this was discussed to keep my
> colleagues there in the loop.  I am also copying David from the GNI who was
> looking into this.  It would be great if you could reply to all.
>
> While I understand your reasoning (such as on putting the onus on the user
> to be educated and aware), our use case is a person who is not necessarily
> a self-described activist, has only recently learned how to use a computer,
> and definitely has not had any formal (or even informal) training.
>  Privacy-protected browsing is not in their repertoire, for the most part.
>
> That person may say something in a subject line that can be construed as
> political involvement when, in fact,  it is not.  Or it may be someone who
> is just getting involved, say in the context of an upcoming election, for
> instance, revealing accidentally political affinities when that may not be
> advisable.
>
> This feature lowers the barrier for 'accidental' invasion of privacy
> significantly after a user has logged out of gmail. It does not require a
> any knowledge of tech and no premeditation. (Installing and reading
> keylogger software does require some tech knowledge AND premeditation.)
> It is also a real threat in many countries where there are a large number
> of informers who do not necessarily have deep technical knowledge.
>
> This feature, given in the countries that I and many on the list here work
> in, does beg the question why, from the standpoint of usability,  you all
> believe it is a desirable/necessary feature?
>
> Incidentally, as noted, Yahoo and Hotmail do not store the subject line of
> email in their browser history when a user has logged out.
>
> Love to hear more linking to each email as a separate page with a title
> tag is critical for usability, and whether that modifying what's displayed
> in the title tag of an HTML page after logout is possible.
>
> If you like to see some of the sensitive and personal information we were
> able to glean from the logs in an internet cafe in a repressive country,
> we'd be happy to share that.  I think it'll make the case quite
> convincingly that maybe user privacy should override usability in this case
> for many users who rely on shared computers.
>
> Thanks so much for addressing this topic more specifically.
>
> All the best,
>
> Katrin
>
>
>
> On Jul 14, 2012, at 1:56 AM, Eric Davis wrote:
>
> > Hi Katrin,
> >
> > Thanks for flagging this.  As someone who works on security issues, I
> appreciate your concerns.  Google product security is designed with the
> typical user in mind, so most of it works in the background.  However,
> there are some choices users should make themselves, especially since
> different users have different objectives and priorities.  We believe
> education is an essential part of security, and to that end provide
> materials such as in our "Good to Know" campaign, and we are an active
> member of the NCSA, a now-global organization focused on security education.
> >
> > When someone uses a publicly accessible computer or an open wifi system,
> they are increasing their security/privacy risks.  This goes beyond email
> subject headers; for example, if someone checks their email via an open
> wifi system and their email provider doesn't use session wide https, the
> full content of their emails and chat sessions are exposed to anyone using
> a packet sniffer.  There are packet sniffing browser apps such as
> Firesheep, which can be installed within minutes by non-technical users.
>  Gmail is the only major email provider that provides session wide https by
> default.
> >
> > Some publicly accessible computers (as well as some personal computers)
> are infected with malware, including keyloggers.  There are of course
> additional considerations about spyware when using computers in repressive
> regimes.  In the event someone uses a publicly accessible computer, he or
> she should especially be sure to enable 2-Step Verification, our
> multi-factor authentication feature.  With 2-Step Verification running, a
> third party wouldn't be able to log into my Gmail account just by using my
> password.  Facebook offers a similar feature.
> >
> > In addition to running browser incognito mode when using a public
> computer, we also strongly recommend people sign out of their account when
> they're done.  Again, first and foremost, users should take steps to
> protect the content of their private emails.
> >
> > I hope this is helpful.  I'd be happy to speak with you in more detail
> over the phone.
> >
> > Best Regards,
> >
> > - Eric
> > Eric Davis | Google Public Policy | edavis at google.com | 650.492.4612
> >
> > ---------- Forwarded message ----------
> > From: Katrin Verclas <katrin at mobileactive.org>
> > Date: Wed, Jul 4, 2012 at 4:59 AM
> > Subject: Fwd: question about browser/Gmail subject line / browser
> history exposure
> > To: Christine Chen <christinechen at google.com>
> >
> >
> > Hi Christine - Not sure you are the right person to contact but wanted
> to make you aware of this below, and figured you know who would be a good
> contact.
> >
> > Can you or relevant colleague provide any insight into this (or try to
> change it?)  We like recommending gmail over Yahoo etc mail services
> because of your security practices but this seems problematic.
> >
> > Thanks for looking into it.
> >
> > Regards,
> >
> > Katrin
> >
> >
> >
> > Begin forwarded message:
> >
> > > From: Katrin Verclas <katrin at mobileactive.org>
> > > Date: July 4, 2012 7:52:55 AM EDT
> > > To: Stanford tech list List <liberationtech at lists.stanford.edu>
> > > Cc: "Jillian C. York" <jillian at eff.org>, Wojtek Bogusz <
> wojtek at frontlinedefenders.org>
> > > Bcc: human-rights-online-project-leads at googlegroups.com
> > > Subject: question about browser/Gmail subject line / browser history
> exposure
> > >
> > > Hi all --
> > >
> > > Question for you:  A colleague noticed in an Internet cafe (in a
> repressive country) that in FireFox and Chrome the browser history reveals
> the subject line of gmail. The history also reveals the name of the person
> a user Facebook-messaged and profile pages visited.  The same was not true
> for Yahoo or hotmail.
> > >
> > > See below for a sample screenshot that illustrates what I am talking
> about (using the latest version of FF on Mac OS)  It seems to be a function
> of gmail/FB not the browser (same happens in Chrome and Safari, did not try
> for IE).  As I said, Yahoo mail and Hotmail do not reveal the subject line
> in the history as far as we could see.
> > >
> > > So - is this and oversight or deliberate on the part of Gmail/F?
> > >
> > > It seems potentially rather problematic since most users do not delete
> their history nor use any private browsing features or software when in an
> internet cafe.  We looked at detailed name/subject line/FB social grapsh in
> the browser history of machines in the cafe for at least eight months
> back). With this information it is very easy to see an individual's
> activity without any other digital logs installed.
> > >
> > > Curious about this from a technical POV and whether it can be fixed by
> Gmail/Facebook.  We can involve the right people there; after understanding
> this better.
> > >
> > > In the meantime, this definitely should be covered in any trainings
> (that is - do not use a a sensitive or revealing subject line, delete your
> history, browse in private mode, etc)
> > >
> > > Thanks for any insights.
> > >
> > > Best,
> > >
> > > Katrin
> > >
> > >
> > >
> >
> >
> >
> > Katrin Verclas
> > MobileActive.org
> > katrin at mobileactive.org
> >
> > skype/twitter: katrinskaya
> > (347) 281-7191
> >
> > Check out SaferMobile.org
> > Using Mobile Technology More Securely. For Activists, Rights Defenders,
> and Journalists.
> > https://safermobile.org
> >
> > MobileActive.org: A global network of people using mobile technology for
> social impact
> > http://mobileactive.org
> >
> >
> >
> >
> > <Screen shot 2012-07-04 at 7.37.19 AM.png>
>
>
> Katrin Verclas
> MobileActive.org
> katrin at mobileactive.org
>
> skype/twitter: katrinskaya
> (347) 281-7191
>
> Check out SaferMobile.org
> Using Mobile Technology More Securely. For Activists, Rights Defenders,
> and Journalists.
> https://safermobile.org
>
> MobileActive.org: A global network of people using mobile technology for
> social impact
> http://mobileactive.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20120717/3ec5d61d/attachment.html>


More information about the liberationtech mailing list