On 02/03/2018 09:58 AM, Richard Owlett wrote: > On 02/02/2018 05:48 PM, Richard Owlett wrote: >> Called my brother to wish him a "Happy Birthday". >> As I'm the geek sibling, he asked a geek type question. >> He has been viewing youtube(sp?) videos. >> He suspects they have been publishing his email address. >> He objects. >> > > I spoke to him this morning. > He is viewing the youtube videos anonymously - so problems are not login > information. > > He clarified a symptom I hadn't caught before. > He is getting his mail without signing in to his gmail account.
Yes. he is logging in. The email client or browser is caching his login credentials. If via Edge browser...In other words, he checks email via Edge/FF/etc, then pops over to youtube in the same browser session, he is now logged into youtube. Logging into any one google service means you are logged into ALL OF THEM. This is a "convenience feature". Now the advertising tracking software scrapes his browser history and email address so that a better google user experience is made available. > He is now using Windows 10. He did not have this problem when he was > using Windows 7. Win10 has a lot of 'opt out' telemetry settings. most are benign, some not so much. I was surprised at the network traffic when I run win10 in a virtual machine. he needs to go into privacy settings in newer builds/releases and turn it all off. It's on by default. https://www.theregister.co.uk/2017/08/09/microsofts_privacy_enhancements/ https://www.extremetech.com/computing/247311-microsoft-finally-reveals-exactly-telemetry-windows-10-collects-pc https://docs.microsoft.com/en-us/windows/configuration/configure-windows-diagnostic-data-in-your-organization > > I'm beginning to suspect a cookie problem. See above. also browser add ons. MS Edge tends to install those on-the-fly to improve the "user experience". See security settings. > I've also sent him an email asking to reply so I can see the header > information so I tell exactly what email client he is using. Does he email anyone? ANY OF THOSE PEOPLE could have given up his email somewhere along the data path. It's not encrypted after all. He could be perfectly diligent in his online activities but that does not mean someone else didn't get their address book compromised. remember: using email is an open plain text protocol. Anyone anywhere can view your address and message at any time. You can encrypt the message but not the headers (unless you physically trade keys with EVERYONE you may want to email) You do not have to be a geek to understand any of this. The web has been around for a generation, the internet for two. Its the same principle as handing out paper checks (name, address, telephone, account number, routing number) or handing your credit card to same random server. -Ed
Description: OpenPGP digital signature
_______________________________________________ PLUG mailing list PLUG@pdxlinux.org http://lists.pdxlinux.org/mailman/listinfo/plug