Wed

Sep 13
2006

Marc Hedlund

Marc Hedlund

Question about GMail referers

When I get referers from GMail messages on my new blog, they often contain a query string parameter labeled 'cat' with a cleartext, meaningful value in it. I've often been able to determine, from the 'cat' value, exactly who is talking about my site in email, and in one case, exactly what they thought of what we're doing! (Fortunately, the news was good.) In other cases, the information has been more general, but still meaningful (for instance, the name of a mailing list to which I sent a launch announcement).

I don't use GMail, so I'm not sure exactly what 'cat' is. Labels? Search terms? Any ideas from the GMail crowd? I also don't understand, at all, why I would be getting this information. I should not be seeing any information people are using to organize or search for their mail. (Yahoo Mail and Hotmail both have meaningless, to me, URLs.) Anyone know why this would happen? The Google GMail privacy faq says:

Google also takes several steps to guard the confidentiality of users' information by offering a number of industry-leading protections. Among other things, Gmail users benefit from: [...] Minimized "referrer" header information. When you click on links in messages, the web browser that loads contains a referrer header. When you click on links in Gmail, Google takes steps to eliminate this referrer header, preventing others from knowing that you clicked on a link from an email.

Hmmm....

Update: I can't believe I missed the opportunity to title this post, "The cat's out of the bag."


tags: nitty gritty tech  | comments: 5   | Sphere It
submit:

 
Previous  |  Next

0 TrackBacks

TrackBack URL for this entry: http://blogs.oreilly.com/cgi-bin/mt/mt-t.cgi/4923

Comments: 5

  RichB [09.14.06 12:42 AM]

It's very easy to strip referer info - Google should redirect through an interstitial page. eg:

http://mail.google.com/interstitial?http://radar.oreilly.com

That way, the only referer information you would get is that it came from the interstital page.
The downside is the extra page request - but this can be cached to the limit, so most times it will be local.


Richard

  Chris [09.14.06 08:24 AM]

My guess is that these are the "categories" (Google's version of tags) used to file the email thread. It does seem odd and a potential privacy issue that these values would get passed along outside GMail.

  Bob Aman [09.14.06 10:30 AM]

I've been noticing this as well, though I've yet to see any information go by that was sufficiently identifiable to figure out who sent/read the email.

  casey [09.14.06 10:45 AM]

Someone needs to write a Greasemonkey script to rip this out automatically for GMail users. Maybe I will if I have the time, and anyone else is interested. I don't want anyone to know this kind of information from my emails unless I feel like explicitly opting into it.

It also makes me consider switching email providers, and adds to my growing distrust of Google.

  Mick [11.04.08 01:24 PM]

Informative Info, Thanks for sharing.

Mick

Post A Comment:

 (please be patient, comments may take awhile to post)






Type the characters you see in the picture above.