google, privacy, e-mail, from
Google started editing people's e-mails in GSuite, replacing links with a link through google.com:
https://mobile.twitter.com/sneakdotberlin/status/1317734739537653760
https://twitter.com/tblodt/status/1317875714981416962?s=20
This means that Google will track a click on a link *in e-mail* even if you're using an external client.
I am *guessing* this is under the pretext of phishing protection, but it actually *creates* additional phishing risk for text-only clients, since now all links are google.com links.
re: google, privacy, e-mail, from :birdsite:
@rysiek I really need to move my domain off google apps. Still looking for a good alternative though.
google, privacy, e-mail, from :birdsite:
@rysiek also, isn't this gonna trip all the phishing warnings in Thunderbird in case of HTML email?
google, privacy, e-mail, from :birdsite:
@rysiek I'm seeing some data-saferedirecturl attributes in the links in 3 different accounts but the href seems to still be the correct one in all of them. But stuff like this is what made me switch to mailbox.org for my personal e-mail.
google, privacy, e-mail, from :birdsite:
@rysiek from the twitter thread I saw this is something configurable and it's off for the domain I control on gmail, and I assume it's also off for the other I don't.
google, privacy, e-mail, from
@jmcs yeah, apparently it is on by default for domains where "enable future security enhancements" or whatever the checkbox is called is checked.
I still feel this needed way better communication. "Guys, we will start replacing links in your e-mails since you have that checkbox checked" would have helped.
google, privacy, e-mail, from :birdsite:
@rysiek I wonder how that behaves if you GPG sign an email from an external client. Will it break the signature? This should be tested... Hmm.
google, privacy, e-mail, from
@sa0bse I would guess so, yes.
google, privacy, e-mail, from :birdsite:
@rysiek that was already happening in Google Hangouts for a while. I used to copy and paste the link text instead of clicking on it. Now it is time to start doing that in emails as well.
google, privacy, e-mail, from
@brunofontes sure, but modifying e-mails seems like a particularly important line in the sand. it's an open protocol, it's been around for half a century, there's a certain well-established expectation how it works that closely mirrors snail-mail. And modifying snail-mail in-transit has a really bad rep even amongst regular non-techie people.
google, privacy, e-mail, from :birdsite:
@rysiek Yes, I agree with you!
That's why I created my own email server (still use Gmail for work and I have my gmail account though). But I prefer to have it untouched and static, so I keep disabled the dynamic email option since day one.
google, privacy, e-mail, from :birdsite:
@rysiek well, this explains why a bunch of links I got sent today triggered Thunderbird's phishing filter.
google, privacy, e-mail, from
@rysiek 🤷🏻♂️
re: google, privacy, e-mail, from :birdsite:
re: google, privacy, e-mail, from
@lnxw37a2 I am unaware. Does it?
I know Outlook/O365 used to follow links in e-mails to presumably check them for phishing and such, which meant one-time password reset links and such were constantly fscked for users there.
google, privacy, e-mail, from :birdsite:
@rysiek This looks like the last straw. Do they do this with non-g-suite Gmail too?
google, privacy, e-mail, from
@dimpase no idea.
google, privacy, e-mail, from :birdsite:
@rysiek can confirm: my Canadian email provider switched to GSuite, and today links like https://www.helloworld.ca/
in the browser show
https://www.google.com/url?q=https%3A%2F%2Fwww.helloworld.ca%2F&sa=D&sntz=1&usg=AFQjCNEo79nysYH1BAajDsqpTATG1FiLO on mouse over. So its the same scummy trick as birdsite or bookface.
re: google, privacy, e-mail, from
@rysiek Nope, it's for tracking.
re: google, privacy, e-mail, from
@drwho oh, definitely. I wasn't talking about actual reason. Just the *pretext*. 😉
re: google, privacy, e-mail, from
@rysiek Oh. Okay.
google, privacy, e-mail, from
@rysiek it's also annoying because it breaks https://f-droid.org/en/packages/app.fedilab.nitterizeme/ .
The GMail Android app is even more insidious: it shows the original URL when you long-press, but goes via a google redirect when you click the link. If you use a browser that just follows the redirect you won't notice.
google, privacy, e-mail, from
@raboof holy cow...
google, privacy, e-mail, from
@rysiek I think amazon does the same, propably the other big 4 or 5 and other services will join this too, I'm not a fan of it
@alex the issue is that this is enabled by default for G-Suite users who have the "enable future security improvements" or whatever it's called thing enabled -- which is also enabled by default, as far as I can tell.
There's a world of difference between privacy encroachment by your employer and privacy encroachment by the service provider of your employer, potentially without your employer's knowledge.
google, privacy, e-mail, from :birdsite:
@rysiek God, I can't wait until I can finish my degree and I can finally get rid of my Google account.
google, privacy, e-mail, from :birdsite:
@rysiek coming from a company who once said that letting them read your email was like "letting your dog see you naked," it seems that this dog has become quite smart - not to say intrusive.
google, privacy, e-mail, from
hey @sneak I should have tagged you in this. for some reason the fact that you're here was completely lost on me