[PLUG] Additional information -- [OT?] Internet privacy? ?? ???

Sun Feb 4 15:20:13 UTC 2018

On 02/04/2018 03:17 AM, King Beowulf wrote:
> On 02/03/2018 09:58 AM, Richard Owlett wrote:
>> On 02/02/2018 05:48 PM, Richard Owlett wrote:
>>> Called my brother to wish him a "Happy Birthday".
>>> As I'm the geek sibling, he asked a geek type question.
>>> He has been viewing youtube(sp?) videos.
>>> He suspects they have been publishing his email address.
>>> He objects.
>>>
>>
>> I spoke to him this morning.
>> He is viewing the youtube videos anonymously - so problems are not login
>> information.
>>
>> He clarified a symptom I hadn't caught before.
>> He is getting his mail without signing in to his gmail account.
> 
> Yes. he is logging in. The email client or browser is caching his login
> credentials. If via Edge browser...In other words, he checks email via
> Edge/FF/etc, then pops over to youtube in the same browser session, he
> is now logged into youtube.  Logging into any one google service means
> you are logged into ALL OF THEM.  This is a "convenience feature". Now
> the advertising tracking software scrapes his browser history and email
> address so that a better google user experience is made available.
> 
>> He is now using Windows 10. He did not have this problem when he was
>> using Windows 7.
> 
> Win10 has a lot of 'opt out' telemetry settings. most are benign, some
> not so much. I was surprised at the network traffic when I run win10 in
> a virtual machine. he needs to go into privacy settings in newer
> builds/releases and turn it all off. It's on by default.
> 
> https://www.theregister.co.uk/2017/08/09/microsofts_privacy_enhancements/
> 
> https://www.extremetech.com/computing/247311-microsoft-finally-reveals-exactly-telemetry-windows-10-collects-pc
> 
> https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization
> 
>>
>> I'm beginning to suspect a cookie problem.
> 
> See above. also browser add ons. MS Edge tends to install those
> on-the-fly to improve the "user experience".  See security settings.
> 
>> I've also sent him an email asking to reply so I can see the header
>> information so I tell exactly what email client he is using.
> 
> Does he email anyone?  ANY OF THOSE PEOPLE could have given up his email
> somewhere along the data path. It's not encrypted after all. He could be
> perfectly diligent in his online activities but that does not mean
> someone else didn't get their address book compromised.
> 
> remember: using email is an open plain text protocol.  Anyone anywhere
> can view your address and message at any time. You can encrypt the
> message but not the headers (unless you physically trade keys with
> EVERYONE you may want to email)
> 
> You do not have to be a geek to understand any of this. The web has been
> around for a generation, the internet for two. Its the same principle as
> handing out paper checks (name, address, telephone, account number,
> routing number) or handing your credit card to same random server.
> 
> -Ed

Thank you.
I didn't know that youtube and Google were related.
I suspect he is viewing his mail with a browser (possibly Firefox) 
rather than an email client.
I use SeaMonkey (and its predecessors from days of Netscape 4) and was 
always aware of what tool I was using.