Tag: Google

Discovering If An Email Address Is Associated With A Google Account

For Google accounts, users can set up an alternate email address which Google explains can be used . . .

to sign in to your account. They can also be used to reach you in case you get locked out.

There is an odd feature about those alternate emails, however, which is buried in Google’s Account Help documentation–Google will, in some cases, publicly associate/reveal the alternate email address with the Google account.

When people might see your Gmail address instead of your alternate email address

When people share things with your alternate email address, they will sometimes see your primary Google Account email (Gmail) address listed instead. Some examples include:

– Google Docs: When someone shares content, like a document, with your alternate email address, your Gmail address will show instead of the alternate address.

– Google Sites: When someone shares a site with your alternate email address, your Gmail address will show instead of your alternate address.

– Calendar: When you respond to invitations forwarded from your alternate address, the event organizer will see the responses come from your Gmail address.

– Google Keep: When someone shares a note with your alternate email address, your Gmail address will show instead of your alternate address.

– Google Groups: If you remove an alternate email address that was part of a group, your Gmail address might show up instead.

– Google Ads: When you accept an invitation to use a Google Ads account with your alternate email address, your Gmail address and your alternate email address will show on the account access page.

This post at subfn.net notes that it is possible to use Google Analytics to determine if a given email address is an alternate email for any Google account.

1. Log into Google Analytics

2. Navigate to Admin > Account User Management > Add user

3. At this point, enter an email address. If the email is a backup email of a Google account, the primary Google email (e.g. the Google login email) will be disclosed

This seems like something that Google should make a lot clearer to users adding alternate emails.

Google to Require Seamless Update System Beginning With Android 11

In non-COVID-19 news, Google is apparently going to start requiring manufacturers to implement its “seamless update” system beginning with Android 11.

Essentially, Android 11 will require devices to have a separate system partition that is an identical copy of the main partition. When an updated to Android is available, the update installs itself on the second partition. When that installation is finished, the phone is rebooted, and the secondary partition becomes the primary partition.

The intent here is to reduce the downtime that can come with some Android updates, as well as always having a good partition that can be booted to if an update goes awry.

The system partition, by the way, is apparently relatively small on a typical Android device–it clocked in at about 320 megabytes on the 2016 Pixel 1.

AdIntuition Extension Highlights YouTube Videos Containing Affiliate Marketing–Google Removes It A Few Days Later

Researchers at Princeton’s Human-Computer Interaction Lab recently released a browser extension for Google Chrome and Firefox that highlights when a YouTube video includes sponsored content.

AdIntuition is a browser extension that alerts YouTube users when they watch a video containing a sponsorship. An influencer may endorse a product on social media, but it can be unclear if they were paid to endorse the product or if they genuinely endorse it without any incentive. The purpose of this research project was to automatically detect and disclose sponsored content to relieve users of the uncertainty about endorsements.

With the help of automatic disclosure software, content creators can no longer be deceptive about endorsements and viewers would be informed about any relationship between a social media influencer and a brand. AdIntuition is an automatic affiliate marketing disclosure tool that allows users to form an opinion about the content of a post with full information about sponsorships.

. . .

AdIntuition flags affiliate marketing, one type of social media marketing. In this type of marketing, a social media influencer provides a special link or coupon code, in addition to their endorsement of a product, in order to drive users to buy the product. Often a deal or promotion is given to users in the marketing campaign. The social media influencer is given a commission based off of the sales that they generate. Anyone can join an affiliate program.

Of course, Google almost immediately took down the Chrome extension, likely because the extensions does collect some information about the prevalance of affiliate marketing on YouTube for research purposes,

We will not share the data with anyone beyond our team. Our team is strictly interested in the research opportunities that the data will provide. We will not share your data for commercial purposes.

Silly researchers. Nobody shares information about Google users other than Google, and it better damn well be for commercial purposes.

Google Adding Some TLDs to Browser HSTS List Automatically

Apparently, Google is automatically adding some of its TLDs to browser HSTS lists–i.e., it is impossible to access any registered domains on those TLDs without using SSL on modern browsers.

As someone who likes to see as much Internet traffic encrypted by default, I think that’s kind of cool. As someone who owns quite a few domains on those TLDs, it is annoying that this was never disclosed when I purchased those domains.

Yes, HSTS is very good, but this can create some unexpected problems. There are occasionally situations where you may need to do an http call in the process of configuring or testing a site, and registrars need to be more upfront that this is not going to be possible with these Google-administered TLDs.

So Google has built HTTPS protection directly into a handful of top-level domains—the suffixes at the end of a URL like “.com.” Google added its internal .google top-level domain to the preload list in 2015 as a sort of pilot, and in 2017 the company started using the idea more extensively with its privately run suffixes “.foo” and “.dev.” But in May 2018, Google launched public registrations of “.app,” opening up automatic, preloaded encryption to anyone that wanted it. In February of this year, it opened up .dev to the public as well.

Which means that today, when you register a site through Google that uses “.app,” “.dev,” or “.page,” that page and any others you build off it are automatically added to a list that all mainstream browsers, including Chrome, Safari, Edge, Firefox, and Opera, check when they’re setting up encrypted web connections. It’s called the HTTPS Strict Transport Security preload list, or HSTS, and browsers use it to know which sites should only load as encrypted HTTPS automatically, rather than falling back to unencrypted HTTP in some circumstances. In short, it fully automates what can otherwise be a tricky scheme to set up.

“Web security stuff is complicated, and not every end user or even every site creator understands all of the complexities,” says Ben Fried, Google’s chief information officer. “The thing that I like about using these new top-level domains in this way is it dramatically decreases the burden on each site creator to get to the best practices. Nothing has to be done, because every subdomain in that top-level domain is HTTPS only and the browser won’t even try to access it any other way.”

The breakthrough moment came from engineer Ben McIlwain’s realization that an entire top-level domain could go on the preload list. “Internally it took off from there,” Fried says. “We realized these are two things that had developed independently that all of a sudden were way more powerful when combined.”