Programming Blog
Web development , php , ajax , symfony, framework, zend
How a Simple URL Hack Can Expose Your Gmail Address [Privacy]
In: Coding
14 Feb 2010
Google raised a lot of privacy concerns this week over things like allowing people to figure out your private email address in Buzz replies. Security weblog Social Hacking details another method your Gmail address can be exposed using a URL hack.
The Social Hacking post points out that users with numeric profile address (e.g., http://www.google.com/profiles/104424237445852766735–the numeric address of the post’s author) may think that means their Google account username is still hidden. Turns out with that number, it’s actually very easy to divine a user’s account id. Here’s how it works (from ReadWriteWeb):
First, you simply copy the numbers from a user’s Google profile and then append these numbers to http://picasaweb.google.com/[numbers].
For some users who haven’t customized their Picasa page, the username (which is also their Gmail address) will come right up. If the user has customized the account and added a nickname, you simply have to replace the URL in the address bar with javascript:alert(_user.name); and a small pop-up window will show you the username.
The solution, from Social Hacking:
To protect yourself from this access, visit the Picasa settings page. Under “Your gallery URL,” add a new username and select the new username for your gallery URL. Also, you may want to edit your nickname.
I suppose the point here isn’t that Google’s done you wrong in every way, but it’s worth recognizing that when you go public with Google accounts, they really are public, and they tie together in more ways than you might realize.
Comment Form
About this blog
This blog delivers stylish and dynamic news for designers and web-developers on all subjects of design, ranging from: CSS, Ajax, Javascript, web design, graphics, typography, advertising & much more. Our goal is to help you communicate effectively on the web with an engaging website or functional interface.
4 Responses to How a Simple URL Hack Can Expose Your Gmail Address [Privacy]
streak_tlu
March 16th, 2010 at 1:45 am
advertise on one of those banners on facebook, i know at my school it only costs 5 dollars but it is different for each school.
daddybear
March 16th, 2010 at 7:07 pm
Open messenger > messenger > my account info > sign in – the link for making new ID's and Alias is on right hand side – I think you can have 5 – when complete > finish
Look for dropbox at top of panel to choose your alias after you hit "go to room" during chat sequence
scarlettt_ohara
April 9th, 2010 at 10:35 am
I don't think many people care about privacy – both young and old.
Older people like to put shit on younger people for pretty much anything, including 'social networking' sites, but the fact is that it is the older generation who introduced security cameras and are pushing for policies to “fight crime”.
Take, for example, the new 'smart card' (read national ID card). That’s a massive invasion of everyones privacy but most boomers don’t care because they think it will protect them against “welfare cheats” who they stereotype as being young.
Aarica L
April 30th, 2010 at 7:59 am
love the shirt !