On 02/03/2018 09:58 AM, Richard Owlett wrote:
> On 02/02/2018 05:48 PM, Richard Owlett wrote:
>> Called my brother to wish him a "Happy Birthday".
>> As I'm the geek sibling, he asked a geek type question.
>> He has been viewing youtube(sp?) videos.
>> He suspects they have been publishing his email address.
>> He objects.
> I spoke to him this morning.
> He is viewing the youtube videos anonymously - so problems are not login
> information.
> He clarified a symptom I hadn't caught before.
> He is getting his mail without signing in to his gmail account.

Yes. he is logging in. The email client or browser is caching his login
credentials. If via Edge browser...In other words, he checks email via
Edge/FF/etc, then pops over to youtube in the same browser session, he
is now logged into youtube.  Logging into any one google service means
you are logged into ALL OF THEM.  This is a "convenience feature". Now
the advertising tracking software scrapes his browser history and email
address so that a better google user experience is made available.

> He is now using Windows 10. He did not have this problem when he was
> using Windows 7.

Win10 has a lot of 'opt out' telemetry settings. most are benign, some
not so much. I was surprised at the network traffic when I run win10 in
a virtual machine. he needs to go into privacy settings in newer
builds/releases and turn it all off. It's on by default.




> I'm beginning to suspect a cookie problem.

See above. also browser add ons. MS Edge tends to install those
on-the-fly to improve the "user experience".  See security settings.

> I've also sent him an email asking to reply so I can see the header
> information so I tell exactly what email client he is using.

Does he email anyone?  ANY OF THOSE PEOPLE could have given up his email
somewhere along the data path. It's not encrypted after all. He could be
perfectly diligent in his online activities but that does not mean
someone else didn't get their address book compromised.

remember: using email is an open plain text protocol.  Anyone anywhere
can view your address and message at any time. You can encrypt the
message but not the headers (unless you physically trade keys with
EVERYONE you may want to email)

You do not have to be a geek to understand any of this. The web has been
around for a generation, the internet for two. Its the same principle as
handing out paper checks (name, address, telephone, account number,
routing number) or handing your credit card to same random server.


Attachment: signature.asc
Description: OpenPGP digital signature

PLUG mailing list

Reply via email to