funsec mailing list archives

Re: Google's "Shared Endorsements"

From: Daniël W. Crompton <daniel.crompton () gmail com>
Date: Tue, 15 Oct 2013 22:24:35 +0200

My apologies Charlie, list,

I've recently been trying out different mail tracking software which
augments the in-browser mail client with a webbug and all the links with a
redirected url, much like you would get in a marketing mail. Signals (
https://app.getsignals.com/) by Hubspot was the current one I was trying,
there are quite a number of them which modify the mails in subtle and less
subtle ways.

I have disabled it,
D.



On 15 October 2013 21:32, Charlie Derr <cderr () simons-rock edu> wrote:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/15/2013 02:52 PM, Dani￫l W. Crompton wrote:


I had the checkbox unchecked too and assumed that it was because I'm in

the EU were an opt-in is mandatory. Isn't

the same true in CA?

D.


Hi Dani￫l,
    I'm curious how the URL (that Rob originally shared) got "changed" in
your email to the list.   It seems to
redirect to the correct url, but I guess I'm confused why my browser
hopped through app.getsignals.com rather than
going directly to nakedsecurity.sophos.com. (and the apparent attempted
obfuscation of this fact in the HTML version
of the message also seems odd)

         eagerly awaiting an explanation,
            thanks so very much in advance,
               ~c


On 15 October 2013 20:26, Rob, grandpa of Ryan, Trevor, Devon & Hannah <

rmslade () shaw ca

https://app.getsignals.com/link?url=mailto%3Armslade%40shaw.ca&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=916b5382b2384c9fb1970d15fa0a5e12

wrote:


A lot of people are concerned about Google's new "Shared Endorsements"

scheme:

http://nakedsecurity.sophos.com/2013/10/15/how-to-remove-your-face-from-googles-upcoming-shared-endorsement-ads/
<

https://app.getsignals.com/link?url=http%3A%2F%2Fnakedsecurity.sophos.com%2F2013%2F10%2F15%2Fhow-to-remove-your-face-from-googles-upcoming-shared-endorsement-ads%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=429f1ffbc1854ebca32b4f337ed545cc



 However, one should give credit where credit is due.  This is not one

of Facebook's functions, where, regardless

of what you've set or unset in the past, every time they add a new

feature it defaults to "wide open."  If you have

been careful with your Google account in the past, you will probably

find yourself still protected. I'm pretty

paranoid, but when I checked the Shared Endorsements setting page (
http://nakedsecurity.sophos.com/2013/10/15/how-to-remove-your-face-from-googles-upcoming-shared-endorsement-ads/
<

https://app.getsignals.com/link?url=http%3A%2F%2Fnakedsecurity.sophos.com%2F2013%2F10%2F15%2Fhow-to-remove-your-face-from-googles-upcoming-shared-endorsement-ads%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=6f5985417a8443d9bde5c12cd26805ef

) on my accounts, and the "Based

upon my activity, Google may show my name and profile photo in shared

endorsements that appear in ads" box is

unchecked on all of them.  I can only assume that it is because I've

been circumspect in my settings in the past.


======================  (quote inserted randomly by Pegasus Mailer)

rslade () vcn bc ca

https://app.getsignals.com/link?url=mailto%3Arslade%40vcn.bc.ca&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=40a6df2802634d7b87c4ed9e5440e753

slade () victoria tc ca

https://app.getsignals.com/link?url=mailto%3Aslade%40victoria.tc.ca&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=582755915fe04424b5a8f40b20e30ca8

rslade () computercrime org

https://app.getsignals.com/link?url=mailto%3Arslade%40computercrime.org&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=bca9d867624348df837ddf74ba64a545

Good people do not need laws to tell them to act responsibly,

while bad people will find a way around the laws.            - Plato

victoria.tc.ca/techrev/rms.htm

https://app.getsignals.com/link?url=http%3A%2F%2Fvictoria.tc.ca%2Ftechrev%2Frms.htm&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=9d6a28c6e0a045be871bcb0f18374166

http://www.infosecbc.org/links

https://app.getsignals.com/link?url=http%3A%2F%2Fwww.infosecbc.org%2Flinks&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=40883b0e18af4c4fbd4c89c398e73b44

http://blogs.securiteam.com/index.php/archives/author/p1/

https://app.getsignals.com/link?url=http%3A%2F%2Fblogs.securiteam.com%2Findex.php%2Farchives%2Fauthor%2Fp1%2F&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=b3638b63f46f418aa3dfb9f5e6296c58

http://twitter.com/rslade

https://app.getsignals.com/link?url=http%3A%2F%2Ftwitter.com%2Frslade&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=70e358074bd84116a8e015d8b43d8e67

_______________________________________________

Fun and Misc security discussion for OT posts.

https://linuxbox.org/cgi-bin/mailman/listinfo/funsec

https://app.getsignals.com/link?url=https%3A%2F%2Flinuxbox.org%2Fcgi-bin%2Fmailman%2Flistinfo%2Ffunsec&ukey=agxzfnNpZ25hbHNjcnhyGAsSC1VzZXJQcm9maWxlGICAgICn1JYLDA&k=6ec565e7a0bf4a47ac042bb89b004684

Note: funsec is a public and open mailing list.





-- blaze your trail



_______________________________________________ Fun and Misc security

discussion for OT posts.

https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a

public and open mailing list.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Icedove - http://www.enigmail.net/

iQIcBAEBAgAGBQJSXZhDAAoJELuLPXMxqTZ/td0P/iMzUQ7xMJ51/0kIBS9mu0pq
hLNajZWKkZ+Ts5DO+HxdiAXWOJOHrr2iLVqXKEpwWjwxOW4tuJ5OSKe0FiaotWYi
LSS0sxrMqWsdpz+CqojfQfJKNzpB7XyjZlmzgo0hTt+hYw4C2804x6gnD8lx6Dr7
XDCsWjG01rsNLmrvsEPs7utswfq1kJrF7bT1vFGRWYSxeojXSLrQ0oUiLe1HfR0p
HYRORLc9odjxMASP26z5Xg0S8cfk5+vXeneM4Q8nDzzmR/46zdkSUGUcQYj5eBHo
G0uvq/oVk0p06IW/nATYjB4jtSmC5Zfqb//c7FRiPbMU5LJGyLYK25yqLJhp47RP
SfTTq1k7JXZiacrMGIfWvI8uezwfqEetQGI2wGgFTcZnvN5hWJ1kcGgjFEHSelR7
2VsNzC8oDf0chikLzYCGFWyaKGDQhV3UUxMbwPrJOMO3TxA0UtfFmwLLNS1QpKD5
OP7sH+pcJQdR/mSKZc1jxtQ3cSL5Q3r82DaniflmrZgDUTd6Gib/Ghpo/9eSnSwu
c+alVsd25R7sV3DfHvE2NGwkQo7WyI/LnvxJxp8CZVRG6EMX7uLBU/6m6DiW9wUW
R5JmeSzsOW5vCRWORwTarCiyuH1p/kj9YLHQ/OBmCAlEfol1mi2ivjEqJVP6gv8S
Z+hLagWG08xs+UG4Yxrc
=bgsj
-----END PGP SIGNATURE-----




-- 
blaze your trail

-- 
Daniël W. Crompton <daniel.crompton () gmail com>

<http://specialbrands.net/>

<http://specialbrands.net/>
http://specialbrands.net/

       <http://twitter.com/webhat>
<http://www.facebook.com/webhat><http://plancast.com/webhat><http://www.linkedin.com/in/redhat>

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

Google's "Shared Endorsements" Rob, grandpa of Ryan, Trevor, Devon & Hannah (Oct 15)
- Re: Google's "Shared Endorsements" Daniël W . Crompton (Oct 15)
  - Re: Google's "Shared Endorsements" Charlie Derr (Oct 15)
    - Re: Google's "Shared Endorsements" Daniël W . Crompton (Oct 15)
    - Re: Google's "Shared Endorsements" Rich Kulawiec (Oct 22)
    - Re: Google's "Shared Endorsements" Daniël W . Crompton (Oct 22)
    - Re: Google's "Shared Endorsements" Rich Kulawiec (Oct 26)
- <Possible follow-ups>
- Re: Google's "Shared Endorsements" Chester Wisniewski (Oct 15)