This time I will share with you my finding, regards Google Drive/docs.
Lets start from old news,form a year ago:
Generally speaking
Above all,I like Google,I don't like to way they took our privacy.
This story will show you where is the limits,and why tracking files and the people who read them, it's not a smart move in the world where the privacy is waking up.
Google drive act as a cloud service by Google Inc, with abilities to store data,and writing docs it's one of the features the service gives,which is good as long as they tracking you,but don't leave hidden tracking mines in the files.
Here you can see the difference between Google Docs and Google Drive)
The finding
Lets start from old news,form a year ago:
NSA can track you with cookies from Google, iOS, Android – and it might be legal
By Graham Templeton on December 11, 2013
By Graham Templeton on December 11, 2013
Generally speaking
Above all,I like Google,I don't like to way they took our privacy.
This story will show you where is the limits,and why tracking files and the people who read them, it's not a smart move in the world where the privacy is waking up.
Google drive act as a cloud service by Google Inc, with abilities to store data,and writing docs it's one of the features the service gives,which is good as long as they tracking you,but don't leave hidden tracking mines in the files.
Here you can see the difference between Google Docs and Google Drive)
The finding
I was reading my CV which in the first time, has been written with Google Drive service, then I saw something really interesting,hyperlinks which were different then the original which was added by me.
I didn't ask Google to track for me my file.
I didn't ask Google to track for me my file.
Even after converting the file to PDF ,I had those Google mysterious tracking links.
Checking them out I saw how the redirection is being made:
Example:
This :
Takes you to :
Original hyperlink
cookie string
I was getting a cookie as well,in the time when I clicked on the hyperlink and got redirected:
q=http://valleywag.gawker.com/facebook-lets-you-track-friends-precise-location-throug-1564328515
sa=D
sntz=1
usg=8888
sa=D
sntz=1
usg=8888
Host: www.google.com
User-Agent:
DNT: 1
Cookie:PREF=ID=88:U=88:FF=0:LD=iw:NR=100:TM=111:LM=11:SG=2:S=aaaa; NID=67=888-pldwa-er-88_88-8888; SID=888888888_88888888888888-DKanetR1_8888888888888_8888888_8888-888-88-888_888_88_88; HSID=888; APISID=3T0NSCkPbont-Cks/88-88
Connection: keep-alive
User-Agent:
DNT: 1
Cookie:PREF=ID=88:U=88:FF=0:LD=iw:NR=100:TM=111:LM=11:SG=2:S=aaaa; NID=67=888-pldwa-er-88_88-8888; SID=888888888_88888888888888-DKanetR1_8888888888888_8888888_8888-888-88-888_888_88_88; HSID=888; APISID=3T0NSCkPbont-Cks/88-88
Connection: keep-alive
Lets see some videos,to have more proof :
Here is the exported PDF from the drive:
Now I wanted to know more about Google behaviour, what is the purpose of those links,is someone knew about it or not?.s
Looking for the strings:" "&sa=D&sntz=1&usg=" in Google gave me only 92 normal results.
My attention went into "Google redirection URL flaw disclosed" which led me to Google Account Phishing Vulnerability.
More digging gave me this: https://productforums.google.com/forum/#!topic/sites/TJGiFrSkKlk and finally I saw a question in stackexchange.com:
More digging gave me more explanation.
Conclusion
Google track hyperlinks in Google search, some people think it's related to redirection and nothing more,others saw the attack options,but having this in docs/drive is less known and this should concern not only the owner of the files but the readers of them.
Tracking users files, show us why Google don't see the red line.
Knowing that's your files are being tracked, and sent anonymously to Google,put anyone who gets them under surveillance.
You should think about it,as adding your own hidden tracking script, to spy on someone who gets a file from you.
Solution
Always check the hyperlink before opening it.
Don't write the file in Drive/Doc
Don't add hyperlinks.
P.S.
I've done confirmation only in Drive,but it seems to be the same in Google docs as well.
-----------------
Conclusion
Google track hyperlinks in Google search, some people think it's related to redirection and nothing more,others saw the attack options,but having this in docs/drive is less known and this should concern not only the owner of the files but the readers of them.
Tracking users files, show us why Google don't see the red line.
Knowing that's your files are being tracked, and sent anonymously to Google,put anyone who gets them under surveillance.
You should think about it,as adding your own hidden tracking script, to spy on someone who gets a file from you.
Solution
Always check the hyperlink before opening it.
Don't write the file in Drive/Doc
Don't add hyperlinks.
P.S.
I've done confirmation only in Drive,but it seems to be the same in Google docs as well.
-----------------
For more info about Google tracking and it's uses:
http://www.google.com/policies/technologies/types/
http://forums.mozillazine.org/viewtopic.php?f=40&t=2835935
http://forums.mozillazine.org/viewtopic.php?f=40&t=2835935
