Login

Recent searches

No recent searches

Search options

Only available when logged in.
fosstodon.org is one of the many independent Mastodon servers you can use to participate in the fediverse.
Fosstodon is an invite only Mastodon instance that is open to those who are interested in technology; particularly free & open source software. If you wish to join, contact us for an invite.

Administered by:

Server stats:

10K
active users

fosstodon.org: AboutStatusProfiles directoryPrivacy policy

Mastodon: AboutGet the appKeyboard shortcutsView source codev4.3.6

Public
Joe :ferris: :nixos:

Today I found out that google docs infects html exports with spyware, no scripts, but links in your document are replaced with invisible google tracking redirects. I was using their software because a friend wanted me to work with him on a google doc, he is a pretty big fan of their software, but we were both somehow absolutely shocked that they would go that far.

Public
Joe :ferris: :nixos:

For those unfamiliar with html: the href section, everything between href=" and "> is the real link, and the section between > and </a> is the display text

This html feature is useful so that a link can display as smething like "Read more", "Profile", "Wiki" etc, but in this case it is misused.

Google tracks people that are not using any of their products by adding hidden tracking links to exports without designer knowledge or end user consent.

Public *
lil5 :golang: 🚲 🇳🇱

@Joe_0237 how manages to do this under the is beyond me,… do you get to see a cookie banner before the redirect (in a private window)?

Nope (see picture), if they are collecting data from these redirect links it’s totally against the gdpr:

Redirect Notice The page you were on is trying to send you to https://wikimediafoundation.org/. If you do not want to visit that page, you can return to the previous page.
Public
Joe :ferris: :nixos:

@lil5 Interesting find. Perhaps they only officially track the google user who made the doc, so users unwittingly help the google collect stats on the author and their site, or only those that are signed with in google are tracked, and almost every person with a computer is usually signed into an account. But even so, this tactic shows that there no trust, so why shouldn't they track everyone, its not like they have to share the code they say only tracks legally.

Public
ADG

@Joe_0237 @lil5 without a logged in account, the google domain gets the same data any other site would have. If they're not setting a cookie, and the link is taking you where it is intended, I don't see what they're doing wrong.

I'm up for being educated on this topic, as it affects my field of work. Thanks

JanC

@adg @Joe_0237 @lil5 They are changing a link in a standalone document without your permission to go through their servers on the google.com domain, which obvously allows them to track you...?

Oct 06, 2023, 06:15 PM·Public·Tusky
0boosts·0favorites
Public
lil5 :golang: 🚲 🇳🇱

@janc @adg @Joe_0237

In Google’s defense: the person clicking export already accepted the TOS

My concern is to any other person who hasn’t logged in, and hasn’t accepted Google’s TOS

I’d need to do some extra digging to what data is being collected and if it matters how much you have consent to.

Public
JanC

@lil5 @adg @Joe_0237 It's impossible to know how much data they collect, and what other data they link it to (or what they will aggregate it with in the future).

Public *
ADG

@janc @Joe_0237 @lil5 I get that what they're doing isn't obvious to the exporter, but every website you access is being sent your IP (unless running through a VPN or other forwarding mechanism). Unless you can prove that they're storing the IP address there is nothing breaking GDPR right?

Public
JanC

@adg @Joe_0237 @lil5 In this case it's sending the IP address of e.g an ebook's reader to a third party. That's not something that person expects or agreed with.

Also, breaking the GDPR doesn't require that we have proof, we only need that to convict somebody, and just like most other criminals big data companies will try to hide their crimes.

(And Google got caught violating laws many times before, so I'm definitely not going to trust them...)

ExploreLive feeds
About