Post 9iwdL82XY9Cm865CyG by teko@niu.moe
(DIR) More posts by teko@niu.moe
(DIR) Post #9itrB52MfvQvnxDwZs by ggnoredo@social.linux.pizza
2019-05-17T09:49:45Z
2 likes, 4 repeats
Did you know that your data on any #google product is available globally with a public URL? No password, no security, anything. Go to your google dashboard and request to download your data, after that you will see a JSON file for each photo you have, each message you sent or for anything you use inside google ecosystem from purchasing products to YouTube search history. You will see that public URL in that JSON file
(DIR) Post #9iwDkdXMz1ICFR0QJk by finlaydag33k@social.linux.pizza
2019-05-17T12:08:23Z
0 likes, 0 repeats
@ggnoredo You can't even download your data as a JSON file... I can only get a zipfile containing the data slammed in something like my GDrive or Dropbox (or mailed to me or w/e)
(DIR) Post #9iwDkdu3cfRNNncXgG by pedro@social.linux.pizza
2019-05-17T14:01:31Z
0 likes, 0 repeats
@finlaydag33k @ggnoredo he meant inside the ZIP
(DIR) Post #9iwDkeAMe2U6CNFZ68 by finlaydag33k@social.linux.pizza
2019-05-17T14:18:10Z
0 likes, 0 repeats
@pedro @ggnoredo downloaded it, looked in the JSON file... aaaaand nothing (tested with locationhistory).So unless it has to be a specific one and/or there is a major difference between the exported for Country A and Country B, I'ma have to call bs on this one...
(DIR) Post #9iwDkeTVUrnT9kCqw4 by ggnoredo@social.linux.pizza
2019-05-18T06:42:59Z
0 likes, 1 repeats
@finlaydag33k @pedro sorry but no. Please have a look at the screenshot that belongs to 1 of my photos in google photos. That url is public
(DIR) Post #9iwdL82XY9Cm865CyG by teko@niu.moe
2019-05-18T18:26:56Z
0 likes, 0 repeats
@ggnoredo @finlaydag33k @pedro @coy this is not an issue at all, most of the big sites do this to make sharing easier. The URLs are public but the length of the string acts as a sort of password. Calculate how many different combinations you can have with those characters and I assure you it would be a number too big to do anything with. Theres a reason why this discovery isnt big news that everybody knows
(DIR) Post #9iwdL8TTvykvTegixs by coy@kawen.space
2019-05-18T19:39:00.522586Z
0 likes, 0 repeats
@teko @pedro @finlaydag33k @ggnoredo >security by obscurity:blobthinkingfast: It isn't big news because everyone expects this sort of behavior now, as if it were normal, which it is the new norm but it is not normal. I 100% guarantee you that those URLs are being scraped in large quantities just for the hell of it, for sensitive data, for blackmail, etc., to presume google or whoever has your best interests in mind is essentially suicide.
(DIR) Post #9iyf2nHAbF3Ek8ENDk by finlaydag33k@social.linux.pizza
2019-05-18T19:53:58Z
0 likes, 1 repeats
@coy Tbf... I'm literally writing a scraper/bruteforcer rn XD
(DIR) Post #9iyf3gyfVDWfUy0O9o by teko@niu.moe
2019-05-19T12:40:03Z
0 likes, 0 repeats
@coy @finlaydag33k @ggnoredo @pedro you are not smarter than Google engineers, there's plenty of battles to easily win on privacy and this is not one of them. If you think those URLs are being scraped then you do not know enough about what you're talking about to comment. I'm really disheartened from trying to make points on and challenge people on here because it just falls on death ears. My points are ignored.
(DIR) Post #9iyf3hA0p2bG49JRq4 by finlaydag33k@social.linux.pizza
2019-05-19T15:34:12Z
1 likes, 0 repeats
@teko I think you underestimate the issue here.The issue is not about Google scraping the images but "malicious" people scraping the images.It'll take a tremendous amount of resources to do so but the fact that it's actually possible like this is just mind boggling.If those Google engineers really where that smart as you claim, they'd probably have this link only in there if it was a public image to begin with.
(DIR) Post #9iyhI2pNGEzNEBd5ay by coy@kawen.space
2019-05-19T19:32:41.438866Z
1 likes, 0 repeats
@teko Okay? Insult my intelligence more please and thank. The links are public and can be accessed by anyone, it contains all sorts of data, and you’re telling me smart people decided to do this? The existence of the urls is now a known unknown, not an unknown unknown (the url), which is why I mentioned security by obscurity, and Google is really known for this, in multiple ways back to their beginnings. I hear and read what you are saying, but this is 100% going to be abused if not already. The link is not a “password” and that is ridiculous. That’s the definition of security by obscurity.The reason I mention this as a privacy issue is because it is 100% consistent with their other day to day operations, and how they handle data even internally. I have read that one google engineer decided to look through google data (the private stuff) to find info on another google engineer they liked and their kinks and sexual preference. That is their company ethic, and when the one who was being stalked wrote about this event she essentially said it was common and that she had done it too.But you’re right, we should be talking about known connections to US intelligence services, CIA money being pumped into google very early on, we should be talking about analytics built into every app and of course the operating systems, and the absurd reach just two companies have. We should be talking about the blatant propagandism coming from these companies. We should be talking about google phoning home near constantly on every single device they run software on, and with chrome, android, and their web presence, that’s… pretty much everyone! Oh, and don’t think Firefox is any safer, for every connection made, there are ~4 tracker connections made by firefox. The thing that should happen now is legislation… The problem is now we’re dealing with the military industrial complex changing its methods to spying not killing, and using companies to do it, blending their culture into our daily lives. I wonder what the effect of that will be?
(DIR) Post #9iykSPKUknSbm5oqHI by teko@niu.moe
2019-05-19T20:03:17Z
0 likes, 0 repeats
@coy im insulting your intelligence because hearing (or seeing) very opinionated talk no matter the intent when there's a misunderstanding of whats gone wrong is very frustrating and im sure you've seen it too in your lifetime. I will say it again, they know what they're doing and this one single point is not an issue for reasons I've already said. Seeing heated talk on how its something that professionals have completely missed, both inside and out Google, is frankly absurd.
(DIR) Post #9iykSPYJvOWGSyHspM by teko@niu.moe
2019-05-19T20:05:48Z
0 likes, 0 repeats
@coy I've noticed you add in facts at the end of some of your posts that have nothing to do with whats being said. I completely agree with the last paragraph and im not complaining you've included it as you clearly care about it. I just really want these issues that I care about so much, privacy and security, to be understood on my "side" so that its easier to win people over with ACTUAL things that are affecting THEM specifically. This is not one of them unfortunately.
(DIR) Post #9iykSPf3WLuInrRGKG by teko@niu.moe
2019-05-19T20:08:01Z
1 likes, 0 repeats
@coy on Firefox now and I could mention also how its a security nightmare and the fact its being used for Tor is insane. Its a massive, massive shame they cant decide on being a good competitor or a privacy focused browser because they accomplish neither and are diving headfirst into failure.
(DIR) Post #9iykYYTtdoMdta9EKO by coy@kawen.space
2019-05-19T20:09:17.212384Z
0 likes, 0 repeats
@teko you should have better manners friendo, you have misunderstood yourself