Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Who's got it? Who's giving it away? How to protect your privacy and steal it from other people. For intellectual privacy, personal privacy, and blackhats alike... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
New Gmail UI Privacy Implications
Posted by: mrbene
Date: November 01, 2007 10:15PM

The new Gmail UI (currently being rolled out) adds the active email address to the title of the Inbox web page so that it displays as "Gmail - Inbox (<NN>) - <user>@gmail.com". <NN> is the count of unopened emails.

The old UI would only display "Gmail - Inbox (<NN>)".

This new UI exposes the users email address to other users on the computer who have access to the web browser, through a quick review of the browser history. This is a reduction in personal privacy - a roommate, spouse, child or sibling could have access to the same computer and notice that you were using a previously undisclosed email address. Similarly, it increases the need for clearing the browser history on public computers, whether internet kiosks or internet cafe.

I took a look at a possible email harvesting vector of opening an iframe to mail.google.com and examining the title of the iframe - as far as I know this isn't possible, not only because of some rather decent iframe-busting on the part of Google, but also because my domain isn't Google.com, and therefore document.iFrame.document.title wouldn't be accessible.

Options: ReplyQuote
Re: New Gmail UI Privacy Implications
Posted by: Ivan
Date: June 17, 2009 04:31PM

I know that this is old message but I'm doing some research on profiling users and find that this issue is more dangerous right now.

After user logout from GMail we can track all emails and labels that user read/open. With all this informations (labels names and subjects of emails) we can find more usefull informations very easy (e.g. using some social engineering) ...

http://www.security-net.biz/

Options: ReplyQuote
Re: New Gmail UI Privacy Implications
Posted by: Anonymous User
Date: June 17, 2009 06:41PM

SOP yes - it's a bummer. Framebusters no - a) can't be circumvented and b) the HTML only/mobile Gmail just don't have them.

Options: ReplyQuote
Re: New Gmail UI Privacy Implications
Posted by: sirdarckcat
Date: August 16, 2009 11:42AM

@mario what?

--------------------------------
http://sirdarckcat.blogspot.com/ http://www.sirdarckcat.net/ http://foro.elhacker.net/ http://twitter.com/sirdarckcat

Options: ReplyQuote
Re: New Gmail UI Privacy Implications
Posted by: Anonymous User
Date: August 16, 2009 03:53PM

nvm - must have been late :)

Options: ReplyQuote


Sorry, only registered users may post in this forum.