Google docs infects html exports with google tracking redirects. - eviltoast

@Joe_0237@fosstodon.org wrote:

Today I found out that google docs infects html exports with spyware, no scripts, but links in your document are replaced with invisible google tracking redirects. I was using their software because a friend wanted me to work with him on a google doc, he is a pretty big fan of their software, but we were both somehow absolutely shocked that they would go that far.

  • mspencer712@programming.dev
    link
    fedilink
    arrow-up
    11
    ·
    1 year ago

    Are there any beneficial side effects? If they discover a URL is malicious after it’s been exported, would this allow them to intercept the click and stop someone from reaching the malicious site?

    • d0ntpan1c@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      30
      ·
      1 year ago

      That’s how Microsoft markets their “safe links” in Outlook, which is more or less the same behavior of wrapping all links with a redirect. Whether they actually do anything with that to save you from phishing attempts or whatever… who knows. Even if there is a safety feature, it’s still an easy way to mine url query params for data or learn about the user for other purposes (which they may or may not be doing)

      IMO if you can’t turn it off, there’s a secondary motive to the feature. Especially when the feature is marketed from a place of fear rather than aid.

      • foksmash@lemm.ee
        link
        fedilink
        arrow-up
        5
        arrow-down
        2
        ·
        1 year ago

        The MS security feature does work quite well (at least for Enterprise).

        • 𝕸𝖔𝖘𝖘@infosec.pub
          link
          fedilink
          English
          arrow-up
          0
          ·
          1 year ago

          I’m not sure I would categorize it as working “quite well”. At least not in my experience. It’s better than nothing.

          • foksmash@lemm.ee
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Ya, I would tend to agree and left out the context. It’s not our only URL filtering tool, we have a full proxy and URL rewrite in email for that but it does help fill in gaps when people click links from devices we don’t manage.

    • Linus_Torvalds@lemmy.world
      link
      fedilink
      arrow-up
      3
      arrow-down
      3
      ·
      1 year ago

      While I would be sceptical that this is the main reason, this might be a valid argument. Google can track users and protect the stupid users at the same time, who otherwise would endanger the public image of Google Docs(‘i GoT sCaMmEd oN gOoGlE dOcS’)