Google Blogoscoped

Forum

Google Privacy Problems Introduced Through Presentations  (View post)

Achille [PersonRank 2]

Tuesday, September 18, 2007
16 years ago5,489 views

I have another problem with the service, I emailed myself a document
(google provides several ways to upload documents, you can give it a link, upload a file, or email a file)

I emailed mysef a PowerPoint file this morning, every 30 minutes I keep getting the same document added to my account, it's stuck in a loop of some kind and it's broken

see image:
http://img217.imageshack.us/img217/8488/picture1mk3.png

And google docs view:
http://img63.imageshack.us/img63/2863/picture2ea1.png

I have no idea how to make it stop.

[TinyURLs expanded]

Neil Fraser [PersonRank 1]

16 years ago #

> I have no idea how to make it stop.

Hi Achille,

Post a message on the groups and someone from Google with manually kill that for you immediately:
http://groups.google.com/group/Something-in-Writely-is-Broken/topics?hl=en
It's a rare but known bug with a fix coming out soon.

TOMHTML [PersonRank 10]

16 years ago #

Strange bug :-/

TOMHTML [PersonRank 10]

16 years ago #

tony & I think the security hole has been fixed. I'm gonna contact Google to get a confirmation.

Philipp Lenssen [PersonRank 10]

16 years ago #

Tom, you're right --

Update: Google informed me that the bug is fixed. My tests show this seems to be the case indeed – I can’t reproduce the privacy vulnerability anymore.

pooin [PersonRank 8]

16 years ago #

Fast response. This demonstrates why Goog is better than MSFT

TOMHTML [PersonRank 10]

16 years ago #

Fast yes... anyway I have gathered 420+ mail addresses with that flaw :-/ I could have been worse

J. McNair [PersonRank 10]

16 years ago #

[put at-character here]TOMHTML
Just remember, "Don't be evil" with those email addresses 8-)

Thanks for catching this and other bugs before I started really using Google Docs. Now if only they could get rid of the "all entities have a public URL" even if it's not shared. Really, I think this is only a Picasa problem, though. Still, any kind of security through obscurity irks me.

Veky [PersonRank 10]

16 years ago #

> This demonstrates why Goog is better than MSFT

No. This just demonstrates they are younger. ;-) Microsoft was like that in their time too.

TOMHTML [PersonRank 10]

16 years ago #

The flaw is still there, somehow.
You just have to be on the chat, and use "Firebug" extension for Firefox, then listen HTTP request and you will see e-mails...

Tony Ruscoe [PersonRank 10]

16 years ago #

Oops!

I guess that's a bit more obscure but they really have no excuse to be passing email addresses in the HTTP requests!

TOMHTML [PersonRank 10]

16 years ago #

I wasn't sure and my friend Yoann confirms that it as been fixed too recently.

now it looks like too
0060 76 37 63 6b 7a 70 67 6b 63 5f 37 39 68 70 36 34 v7ckzpgkc_79hp64
0070 6e 78 40 77 72 69 74 65 6c 79 2e 61 70 70 73 2e nx[put at-character here]writely.apps.
0080 74 61 6c 6b 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 2f talk.google.com ...

TOMHTML [PersonRank 10]

16 years ago #

Sorry, I was wrong, it hasn't been fixed..
(I added breaklines)

c2
190
[[10,['339AE4016723C8F7',["rp",
"ajgv7ckzpgkc_79hp64nx[put at-character here]writely.apps.talk.google.com/
ajgv7ckzpgkca_ft7tvwm_B6ECA3FC","tomhtml[put at-character here]gmail.com/
TalkGadgetD8634481","a",,"TOMHTML (Vrai-Nom.com)"]
]]
]

Yoann get that and I said nothing ;-)

Philipp Lenssen [PersonRank 10]

16 years ago #

Does that even work with a hidden Iframe?
And what exactly does it reveal – only the email, or also the full name?

Martin Porcheron [PersonRank 10]

16 years ago #

Well, this is kind of related. But if you enable chat history saving in Gmail, it saves all your Google Presentations chats with the email addresses of everyone you were chatting with except the Presentation creator.

TOMHTML [PersonRank 10]

16 years ago #

[put at-character here]Philipp: it works in a "hidden iframe" as you said, and as you can see in my extract above, there is my email and my pseudonym

Forum home

Advertisement

 
Blog  |  Forum     more >> Archive | Feed | Google's blogs | About
Advertisement

 

This site unofficially covers Google™ and more with some rights reserved. Join our forum!