[liberationtech] question about browser/Gmail subject line / browser history exposure

Mon Jul 16 06:20:47 PDT 2012

Hi, Eric - thanks for this message.  I appreciate the the cautions you note re. public wifi and internet cafe use, and all of us in this field certainly appreciate your use of https by default.  Gmail does stand out in that regard in comparison to the other, often-used email providers in the countries that I work in (such as Yahoo and Hotmail.)

However, you are not addressing my question re. browser history.  I am copying the Liberation Tech list where this was discussed to keep my colleagues there in the loop.  I am also copying David from the GNI who was looking into this.  It would be great if you could reply to all.  

While I understand your reasoning (such as on putting the onus on the user to be educated and aware), our use case is a person who is not necessarily a self-described activist, has only recently learned how to use a computer, and definitely has not had any formal (or even informal) training.  Privacy-protected browsing is not in their repertoire, for the most part.  

That person may say something in a subject line that can be construed as political involvement when, in fact,  it is not.  Or it may be someone who is just getting involved, say in the context of an upcoming election, for instance, revealing accidentally political affinities when that may not be advisable. 

This feature lowers the barrier for 'accidental' invasion of privacy significantly after a user has logged out of gmail. It does not require a any knowledge of tech and no premeditation. (Installing and reading keylogger software does require some tech knowledge AND premeditation.)   It is also a real threat in many countries where there are a large number of informers who do not necessarily have deep technical knowledge.  

This feature, given in the countries that I and many on the list here work in, does beg the question why, from the standpoint of usability,  you all believe it is a desirable/necessary feature?  

Incidentally, as noted, Yahoo and Hotmail do not store the subject line of email in their browser history when a user has logged out.  

Love to hear more linking to each email as a separate page with a title tag is critical for usability, and whether that modifying what's displayed in the title tag of an HTML page after logout is possible.  

If you like to see some of the sensitive and personal information we were able to glean from the logs in an internet cafe in a repressive country, we'd be happy to share that.  I think it'll make the case quite convincingly that maybe user privacy should override usability in this case for many users who rely on shared computers.  

Thanks so much for addressing this topic more specifically.

All the best,

Katrin 

On Jul 14, 2012, at 1:56 AM, Eric Davis wrote:

> Hi Katrin,
> 
> Thanks for flagging this.  As someone who works on security issues, I appreciate your concerns.  Google product security is designed with the typical user in mind, so most of it works in the background.  However, there are some choices users should make themselves, especially since different users have different objectives and priorities.  We believe education is an essential part of security, and to that end provide materials such as in our "Good to Know" campaign, and we are an active member of the NCSA, a now-global organization focused on security education.
> 
> When someone uses a publicly accessible computer or an open wifi system, they are increasing their security/privacy risks.  This goes beyond email subject headers; for example, if someone checks their email via an open wifi system and their email provider doesn't use session wide https, the full content of their emails and chat sessions are exposed to anyone using a packet sniffer.  There are packet sniffing browser apps such as Firesheep, which can be installed within minutes by non-technical users.  Gmail is the only major email provider that provides session wide https by default. 
> 
> Some publicly accessible computers (as well as some personal computers) are infected with malware, including keyloggers.  There are of course additional considerations about spyware when using computers in repressive regimes.  In the event someone uses a publicly accessible computer, he or she should especially be sure to enable 2-Step Verification, our multi-factor authentication feature.  With 2-Step Verification running, a third party wouldn't be able to log into my Gmail account just by using my password.  Facebook offers a similar feature.  
> 
> In addition to running browser incognito mode when using a public computer, we also strongly recommend people sign out of their account when they're done.  Again, first and foremost, users should take steps to protect the content of their private emails.  
> 
> I hope this is helpful.  I'd be happy to speak with you in more detail over the phone.
> 
> Best Regards,
> 
> - Eric
> Eric Davis | Google Public Policy | edavis at google.com | 650.492.4612
> 
> ---------- Forwarded message ----------
> From: Katrin Verclas <katrin at mobileactive.org>
> Date: Wed, Jul 4, 2012 at 4:59 AM
> Subject: Fwd: question about browser/Gmail subject line / browser history exposure
> To: Christine Chen <christinechen at google.com>
> 
> 
> Hi Christine - Not sure you are the right person to contact but wanted to make you aware of this below, and figured you know who would be a good contact.
> 
> Can you or relevant colleague provide any insight into this (or try to change it?)  We like recommending gmail over Yahoo etc mail services because of your security practices but this seems problematic.
> 
> Thanks for looking into it.
> 
> Regards,
> 
> Katrin
> 
> 
> 
> Begin forwarded message:
> 
> > From: Katrin Verclas <katrin at mobileactive.org>
> > Date: July 4, 2012 7:52:55 AM EDT
> > To: Stanford tech list List <liberationtech at lists.stanford.edu>
> > Cc: "Jillian C. York" <jillian at eff.org>, Wojtek Bogusz <wojtek at frontlinedefenders.org>
> > Bcc: human-rights-online-project-leads at googlegroups.com
> > Subject: question about browser/Gmail subject line / browser history exposure
> >
> > Hi all --
> >
> > Question for you:  A colleague noticed in an Internet cafe (in a repressive country) that in FireFox and Chrome the browser history reveals the subject line of gmail. The history also reveals the name of the person a user Facebook-messaged and profile pages visited.  The same was not true for Yahoo or hotmail.
> >
> > See below for a sample screenshot that illustrates what I am talking about (using the latest version of FF on Mac OS)  It seems to be a function of gmail/FB not the browser (same happens in Chrome and Safari, did not try for IE).  As I said, Yahoo mail and Hotmail do not reveal the subject line in the history as far as we could see.
> >
> > So - is this and oversight or deliberate on the part of Gmail/F?
> >
> > It seems potentially rather problematic since most users do not delete their history nor use any private browsing features or software when in an internet cafe.  We looked at detailed name/subject line/FB social grapsh in the browser history of machines in the cafe for at least eight months back). With this information it is very easy to see an individual's activity without any other digital logs installed.
> >
> > Curious about this from a technical POV and whether it can be fixed by Gmail/Facebook.  We can involve the right people there; after understanding this better.
> >
> > In the meantime, this definitely should be covered in any trainings (that is - do not use a a sensitive or revealing subject line, delete your history, browse in private mode, etc)
> >
> > Thanks for any insights.
> >
> > Best,
> >
> > Katrin
> >
> >
> >
> 
> 
> 
> Katrin Verclas
> MobileActive.org
> katrin at mobileactive.org
> 
> skype/twitter: katrinskaya
> (347) 281-7191
> 
> Check out SaferMobile.org
> Using Mobile Technology More Securely. For Activists, Rights Defenders, and Journalists.
> https://safermobile.org
> 
> MobileActive.org: A global network of people using mobile technology for social impact
> http://mobileactive.org
> 
> 
> 
> 
> <Screen shot 2012-07-04 at 7.37.19 AM.png>

Katrin Verclas
MobileActive.org
katrin at mobileactive.org

skype/twitter: katrinskaya
(347) 281-7191

Check out SaferMobile.org 
Using Mobile Technology More Securely. For Activists, Rights Defenders, and Journalists.
https://safermobile.org

MobileActive.org: A global network of people using mobile technology for social impact
http://mobileactive.org