I Pit Google for finding Yet Another Way to spy on us.

The BBQ Pit
#1

Now, for all I know, maybe they’ve done this all along, and maybe I’m just the slowest user in the world to have just noticed. But, for all that, I just noticed this.

When you receive e-mail via gmail, and the e-mail contains a link, Google modifies that link, so that Google will track when you click on it.

Note, this appears to apply to incoming e-mails RECEIVED via gmail. I don’t see this happening on outgoing e-mails SENT from gmail to elsewhere.

When you receive an e-mail with a link, Google modifies the link in situ to point to google itself instead. Example: I sent an e-mail (from yahoo mail) to my gmail address, including this link: [noparse]doggie.freeshell.org[/noparse]

The e-mail I received at gmail contains instead:

[noparse]http://www.google.com/url?q=http%3A%2F%2Fdoggie.freeshell.org&sa=D&sntz=1&usg=AFQjCNEjBlhRLwy5bYBe8FyBj2eZJuQgNA[/noparse]

(It works the same way also whether or not the link includes the [noparse]http://[/noparse] prefix.) The visible text in the e-mail stays the same (as in the original), it’s the link hidden behind the visible text that’s hacked. So you have to be paying attention to notice.

When you click on the link, it goes to google, which briefly shows a “redirecting…” page, then you get to your originally-linked page.

So Google is snooping on the links that people send to one another, and snooping on the receiving user when he clicks on that link.

That seems to me, like a step too far. Yes, we all know that Google is trying to accumulate All The Knowledge in the Universe about all of us (with substantial success so far). But this level of spying on their users is just a step too far. (It also implies they’re spying on e-mails sent to me by other people, who have never consented to any Google terms of service.)

Can someone recommend another free on-line web-based e-mail service? (Other than yahoo, please. I have other grouses about them.) I’m willing to put up with web ads and other devices like that in return for the free service, but please, a little less outright covert spying on our e-mails. (And yes, I’ve known all along that google has always scanned our e-mails for showing those targetted ads, and I even consented to that when I signed up. But, spying on the links we send to one another, and spying when we click on those links, STILL seems like a step too far.)

I originally believed that Google did no evil. I’ve wavered on that for years, though. In recent years, I’ve become increasingly convinced that Google is Evil. Now I’m more sure of it than ever!

#2

My Gmail doesn’t do this.

However, the URL format you included is what you get if you copy a link from a Google search results page. Now only is that not “wrong,” but most sites that search results or links as a service use a similar tracking format.

#3

My old ISP did the same thing on their webmail interface. I don’t believe the intent was to spy, but rather to open the link in a new window and not allow the link to be followed if you were logged out. Gmail does not do this to links in email I read through my phone’s email app.

#4

With due respect (this being the Pit notwithstanding, where any respect at all is generally considered gratuitous), Justin_Bailey and KronJonDerSohn your remarks don’t agree with what I think I’m seeing.

I created e-mails with links by simply typing the link by hand, not by copying it (along with any attached junk) from somewhere. So the links I sent were really just [noparse]doggie.freeshell.org[/noparse] or [noparse]http://doggie.freeshell.org[/noparse] with nothing else.

Both yahoo and gmail, upon receiving these, recognize the link and convert it to an ACTUAL link. Both of them contrive to open the link, when I click it, in a new window (or tab).

E-mail as received by yahoo:

[noparse]<a href=“http://doggie.freeshell.org” target=_blank >http://doggie.freeshell.org</a>[/noparse]

Note the visual text is unchanged, and the actual link is the same, and it will open in a new tab.

E-mail as received by gmail:

[noparse]<a href=“http://www.google.com/url?q=http%3A%2F%2Fdoggie.freeshell.org&sa=D&sntz=1&usg=AFQjCNEjBlhRLwy5bYBe8FyBj2eZJuQgNA” target="_blank">http://doggie.freeshell.org</a>[/noparse]

Note the visual text is unchanged, but the actual link is hacked (and it will also open in a new tab). So they aren’t doing this just to make it open in a new tab, because the yahoo way does that too. And it doesn’t stop me from going there while not signed in. As I type this, I am not signed in to google. Yet by cutting and pasting the link, just as I typed it above, I can still go there. (ETA: I mean, by cutting and pasting the ENTIRE link, just as I cut-and-pasted it above, I can still go there.)

Displaying links that appear to go to one place but actually go to some other place is a standard technique used by spammers and phishers and trojans. How often have we been advised to be careful clicking on links in e-mails because they may not go where they say they go? And here, Google – Google dammit, a theoretically honest outfit! – is modifying its users’ e-mails in this way, and adding all that tracking information! If that isn’t HACKING its own customers’ e-mails, then what is? That’s was really galls me here, not simply the infinite spying that Google does (which, after all, everybody already knows they do).

Clicking on that link (while signed in, at least) takes me to this page:


<HTML><HEAD>
<meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>Redirecting</TITLE>
<META HTTP-EQUIV="refresh" content="1; url=http://doggie.freeshell.org">
</HEAD>
<BODY onLoad="location.replace('http://doggie.freeshell.org'+document.location.hash)">
Redirecting you to http://doggie.freeshell.org</BODY></HTML>

Of course, Google has already picked up all that additional tracking information that they added to the URL. They’re SPYING on the links we send to one another, and then they’re tracking/spying some more when the recipient clicks on the link, I still sez! That last step, I still think, is going too far.

Obligatory cursing in the Pit: Fuck Google for that! I want to find another e-mail provider that doesn’t do shit like that. Actually modifying users’ links in their emails this way is, or ought to be, illegal, I think.

#5

In college, a friend was showing me something in her email. I noticed she had Gmail. I said, “I wouldn’t trust Google with my information.” She dismsssed my concern. Sometime later (I forget the context) she said, “Trust no one.”

The next day I saw her photo on the front page of the student newspaper. She was in a secret society.

She now works for Google.

#6

No WAY!!!

#7

As a test, I sent an email from my Yahoo account to my gmail account, with just www.cnn.com manually typed into body (and that was all there was in the body). It looked unadulterated in gmail, I’m not seeing any redirect, but maybe I’m not looking for it properly and the redirect was too quick.

When you just hover your pointer over the email address, does it show the adulterated email or the original email?

#8

That is exactly the test I tried, only I added a few additional words to the message too. Yes, it “looks” just like I typed it, but when I hover, I see the longer “hacked” URL as shown in my OP. When I look at the HTML source, I can see the full [noparse]<a …>…</a>[/noparse] HTML link as shown in post #4 above. When I click on that (in the View->Page Source window), it fetches the page and shows that in Page Source view too. That’s where I got the full little HTML page shown above. ETA: Because I run my browser with JavaScript DISabled, it can’t do the onload redirection shown there, but instead does the REFRESH with the 1-second delay as shown. So I actually see it.

By the way, I have my gmail set up to run in “Basic HTML” mode. This seems to have the pleasant side-effect that I DON’T see that side-bar on the right with the messge-sensitive targeted advertisements. That whole column of ads simply just isn’t there! For all I bitch about fucking Google scarfing up all the info it can – even to the point of hacking my e-mail – I’ll admit that I appreciate that!

Note, by putting this in the Pit rather than GQ or IMHO, I’m hoping to singlehandedly stir up a nationwide (if not worldwide) revolution against Google and all privacy-snarfing web operators! Let there be blood in the streets!

#9

I don’t see this either, but didn’t you know Google automatically scans your email for keywords and uses those to display targeted ads? Isn’t that worse than tracking URLs?

I do however, notice that in search results. And it’s very irritating if your page doesn’t load fully/Java doesn’t work, which means you can see the URL of the page you want, but clicking it doesn’t do anything.

#10

I’m pretty sure this is how Gmail has always worked. That’s the entire reason they got into the email business in the first place. They aren’t so much tracking you as tracking whether certain URLs are clicked, so they know whether they should be higher or lower in their search results.

And, of course, to help with targeted advertising. Which, while it sounds evil, really seems like it would be the awesomest thing ever. If I only saw ads for things I might be interested in? Heck, there’d even be fewer ads because you can get straight to your audience.

#11

Yeah, cuz, you know, advertising that supports free shareware like gmail and countless other programs is teh evilist evah!

I’ve been googling around and I STILL cannot find the free lunch I so richly deserve!

WTF OMG Eleventy111!!!

#12

They don’t need a link redirector to track that information. My free version of Google Analytics allows me to see what links people click on to exit my domain. I assume Google is using something at least as sophisticated internally.

Ironically, the purpose of this might actually be to increase your privacy. By running through a redirector, Google hides the referrer information from 3rd party sites, protecting you from their analytics. Additionally, it allows them to flag malware and bad sites, protecting you from viruses and scams.

#13

That’s the difference. I went to gmail in html mode via https://mail.google.com/mail/?ui=html and now I see what you are seeing. I even see the redirect when I click the link.

No doubt in the non-HTML version of the Gmail app whatever they are doing via the redirect can be done in a more hidden/transparent manner.

#14

I.e., a “sorority”?

#15

While we’re in here pitting Google, let me add my complaint.

I use iGoogle as my homepage. It’s great! I can see headlines from the BBC, NPR, Fox News, and the NY Times all on one page (I like to see how the different sites spin the same news).

On the same page I can also see my local weather, a handy calendar. and a wikipedia search widget.

I use the stuff ALL THE TIME!

Now today I am informed that “iGoogle will not be available after November 1, 2013.”

#16

Just wait until you see Google Livingroom!

If Jehovahs Witnesses, Salesmen or “Police Officers” appear at your door wearing a helmet with omnidirectional cameras…Don’t let them in!

#17

They’re working on Google bedroom. To be followed by Google shower room.

#18

I expect they’ll just buy up GoDaddy and rebrand it as Google Shower.

#19

You could use hushmail with adblock.