» » Privacy Leak at Google

Privacy Leak at Google

posted in: News, Technical | 0

What is Privacy

Privacy is the state of not being observed or disturbed by other people. As we have reported on earlier, as a small company we have an enormous dependency on Google and also a big appreciation for Google. Google has upheld their credo ‘Do No Evil’ for a long time and we, possibly somewhat naively, rely on it mostly.

Furthermore we believe that often it’s in the interest of website viewers to remember some data. Remembering some trivial bits of information about site visits simplify visiting the site in a landscape that’s becoming increasingly complex. In the context of the European GDPR laws some sort of frenzy seems to be forming where it frequently seems as if companies are denied their freedom to conduct their business.

Google AdWords

Cameras: Privacy
Cameras: Privacy

One of the services of Google that’s frequently under fire is the online advertising through Google AdWords. In our freelance experience we have even experienced companies taking it upon themselves to deny their employees access to this Google service explicitly. Partially we understand this, after all the state of not being observed or disturbed appears to be violated when we type a search word in one site, and then soon thereafter see advertisements for products related to that search word on an often entirely unrelated site. Unfortunately the comprehension level of how the web works is simply not good enough in many cases to defend this.

In a society where our own governments spy on us quite elaborately and often very sloppily it often appears careless to us to attack technology companies as harshly as the EU does.

However, despite out opinions over a certain hypocrisy on this matter, we also don’t hesitate to publish about a dataleak we recently found at Google. This leak doesn’t have as much to do with AdWords itself as it does to the related processes. AdWords and the related Analytics products are growing fast in complexity. Sometimes the new innovations are not immediately understood properly and mistakes are made. As long-time customers of the, and this should be noticed, free products and services of Google, when such a mistake happens we’re depending on Google Support.

It’s this support where we found our privacy leak.

Need Support?

3DN has been using Google products for several decades. We set up a Google account decades ago and have tried out Analytics and AdWords several times. Our Google account does not even have the 3DN name in it as our Google usage precedes the founding of 3DN. We have attempted to change this in the past but Google products do have a tendency to become fairly embedded in our day to day life so it turned out not to be as easy as we hoped. Major services like Google’s also change frequently with new features being introduced frequently and products being lumped together under yet another umbrella. We believe the overlapping of our attempts to change our account and an organisational change at Google overlapped and this is the reason why we somehow lost access to our main 3DN Analytics account. It’s not a large problem, often in our experience it’s just a matter of contacting Google Support.

We found the following article on how to regain access to your Google Analytics Account. We should mention that this is no official Google page but we have found many references on the internet to follow this procedure so we cautiously assume that this is indeed Google policy.

3. Create a text file and save it as analytics.txt

  • Be sure to have your Google Analytics account number (UA-XXXXXXXX-X) with you. You can find the account number in your website source code. It is usually in the <head> section of a website.
  • In the text file, add the following information:Analytics.txt file info
  • Don’t forget to replace {INSERT EMAIL ADDRESS}, {INSERT UA-ID}, and {INSERT DATE} with your own information.

Whether it is indeed formal policy of Google support to request making such a file or not, fact is that it’s widespread and the mentioned file analytics.txt can be found back on MANY sites.

What’s Leaking here?

As 3DN we are not going to do a full disclosure of all the sites that have this file and what’s in it. We will let Google do that for us. For example, try the following query on Google:

As you can see Google provides us with the means to find all these filkes easily. On the Dutch Google I instantly found 31 thousand references. Not all of these are analytics.txt files obviously, many are references to how to contact support and how to prepare. Purely from an academic background we will show one file we found on the site of the Ripple Foundation, an organization that claims to support an ‘open’ healthcare platform. Other examples are easily found.

Privacy Leak
Privacy Leak

 

Immediately we see the problem here:

  • The email address of someone whom (probably legitimately) claims to have access on
  • The Google Analytics account number UA-56085693-1

is disclosed to anybody who knows what to search for.

Your Opinion

We appreciate hearing from you how severe you think this leak is:

How Serious do you rate this Leak

Leave a Reply

Your email address will not be published. Required fields are marked *