Google Blogoscoped

Forum

Slashdot completely exposing e-mail addresses via Google

Brian Mingus [PersonRank 10]

Sunday, January 7, 2007
13 years ago2,974 views

If you consider that Slashdot's advertisers include the likes of Microsoft, then this list of their poster's e-mail addresses is a very valuable Google search indeed:
"by * 0..1e+07 * gmail|hotmail|yahoo com|org|net on" site:slashdot.org

google.com/search?num=100& ...

Whatever address obfuscation system they are using is not being applied very consistently.

/pd [PersonRank 10]

13 years ago #

yeah thats a pretty nasty thing to be left open!1

Haochi [PersonRank 10]

13 years ago #

It looks like more people on /. is using Gmail than Yahoo and Hotmail.

Jake's View [PersonRank 10]

13 years ago #

Or you could try google.com/search?q=%22by+*+0. ...

Brian Mingus [PersonRank 10]

13 years ago #

Or google.com/search?num=100& ...

Slashdot has an option to "Show your real email address without cowering behind childish anonymity or obfuscation." but I doubt many people actually selected it. My own address is presently listed in those Google results (although I have now disabled it on Slashdot)

Since obfuscation techniques are applied randomly to each shown address, you only have to look through a small sample of slashdot e-mail addresses in order to learn of all them.

Here are the techniques you have to decode:

user[put at-character here]domain.com
`moc.user' `ta' `domain'
userNO[put at-character here]SPAMdomain.com
user[put at-character here]domain.cLISPom minus language (LISP, COBOL, etc...)
user[put at-character here]domainQUOTE.com minus punct
user[put at-character here][put at-character here][put at-character here]domain...com
user AT domain DOT com
user[put at-character here]NospAm.domain.com
(user) (at) (domain.com)
[user] [at] [domain.com]
user&domain,com
user[put at-character here]dom3.14ain.com minus pi
user[put at-character here]do[ ]n.com ['mai' in gap]

This is security by obscurity at its worst. What is the use of randomly inserting LISP or COBOL into such a lame obfuscation technique?

For those that read this far, here's the code I used. It's only two hours away from having every single e-mail on slashdot: pastebin.ca/309575

Brian Mingus [PersonRank 10]

13 years ago #

This is possibly even worse on Wikipedia. If you "Enable e-mails from other users," there is a special form that you can fill out that does not expose that user's e-mail address to you. But if you then check "Send me copies of emails I send to other users," then the e-mail address is available as plain text in the copy of the e-mail you receive.

An e-mail harvester would only have to create a dummy account and cycle through every single account, trying to send e-mails.

Juha-Matti Laurio [PersonRank 10]

13 years ago #

The example queries of Brian Mingus and Jake's View include information about the Safari browser...

google . com/search?num=100&hl=en&lr=&__client=safari&__
etc.

It doesn't affect to the results, but Google get information about Safari clients when people click these links, and they are not Safari users ;-)

Brian Mingus [PersonRank 10]

13 years ago #

And I am actually using Konqueror, not Safari :) I used to strip all that out, but why bother?

Jake's View [PersonRank 10]

13 years ago #

I'm using Firefox...

Brian Mingus [PersonRank 10]

13 years ago #

I use Firefox when I can, but right now I am on the Kubuntu live cd.

Philipp Lenssen [PersonRank 10]

13 years ago #

Brian can you explain the "0..1e+07" part of your search query?

Juha-Matti Laurio [PersonRank 10]

13 years ago #

Brian, this was only related to statistics collected by Google. You can forget the issue!

Brian Mingus [PersonRank 10]

13 years ago #

It's just an expression that says "match any number."

Technically, it's:
0..1.797693134862e+308

(Returning 17 billion docs)

This thread is locked as it's old... but you can create a new thread in the forum. 

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!