@Joe_0237@fosstodon.org wrote:
Today I found out that google docs infects html exports with spyware, no scripts, but links in your document are replaced with invisible google tracking redirects. I was using their software because a friend wanted me to work with him on a google doc, he is a pretty big fan of their software, but we were both somehow absolutely shocked that they would go that far.
_cnt0 ( @_cnt0@unilem.org ) 25•9 months agoThey’ve been doing the same with all hyperlinks in the gmail web frontend. Not when you fetch the mails via imap/pop, though.
Sha'ul ( @Shaul@lemmy.ca ) 19•9 months agoHow are people surprised? How is this news?
The second you mentioned Google you’re talking about an all-seeing totalitarian state. Nothing you said about imbedding tracking links in docs is surprised. As a corporation they are always developing new ways to pimp you out and make you turn tricks for Google without you knowing while they keep all of the pay from your actiities.
Google tries to turn every human on the planent into their personal money making whore.
p_consti ( @p_consti@feddit.de ) 17•9 months agoIt’s the same thing in emails, if you use the web application. All links are redirect links over their servers.
mspencer712 ( @mspencer712@programming.dev ) 9•9 months agoAre there any beneficial side effects? If they discover a URL is malicious after it’s been exported, would this allow them to intercept the click and stop someone from reaching the malicious site?
d0ntpan1c ( @d0ntpan1c@lemmy.blahaj.zone ) 28•9 months agoThat’s how Microsoft markets their “safe links” in Outlook, which is more or less the same behavior of wrapping all links with a redirect. Whether they actually do anything with that to save you from phishing attempts or whatever… who knows. Even if there is a safety feature, it’s still an easy way to mine url query params for data or learn about the user for other purposes (which they may or may not be doing)
IMO if you can’t turn it off, there’s a secondary motive to the feature. Especially when the feature is marketed from a place of fear rather than aid.
foksmash ( @foksmash@lemm.ee ) 4•9 months agoThe MS security feature does work quite well (at least for Enterprise).
𝕸𝖔𝖘𝖘 ( @01189998819991197253@infosec.pub ) English1•9 months agoI’m not sure I would categorize it as working “quite well”. At least not in my experience. It’s better than nothing.
foksmash ( @foksmash@lemm.ee ) 2•9 months agoYa, I would tend to agree and left out the context. It’s not our only URL filtering tool, we have a full proxy and URL rewrite in email for that but it does help fill in gaps when people click links from devices we don’t manage.
Sotuanduso ( @Sotuanduso@lemm.ee ) English9•9 months agoI was skeptical about this, but yeah, I tested it, and can confirm.
FeelzGoodMan420 ( @FeelzGoodMan420@eviltoast.org ) English4•9 months agoCan someone eli5 this please? What’s going on here?
Sotuanduso ( @Sotuanduso@lemm.ee ) English30•9 months agoI have a Google Doc that’s a statblock for an RPG. It has a link to the mage armor spell, which goes directly to https://www.d20pfsrd.com/magic/all-spells/m/mage-armor/.
I just downloaded that statblock as an html. Then I opened that html file. The statblock is there and it all looks pretty much the same.
But then I hover over the mage armor link and it instead goes to https://www.google.com/url?q=https://www.d20pfsrd.com/magic/all-spells/m/mage-armor/&sa=D&source=editors&ust=1696552528610887&usg=AOvVaw1Wgq9wmajthwTbYmk1EmHx.
This page immediately redirects to the proper destination in a fraction of a second. Blink and you’ll miss it. However, it does allow Google to track that I clicked the link, and probably associate it back to me and/or the original document.
FeelzGoodMan420 ( @FeelzGoodMan420@eviltoast.org ) English6•9 months agoThanks. Got it. Could a pihole potentially block this?
Edit: nvm then you just simply couldn’t open the links.
shrugal ( @shrugal@lemm.ee ) 8•9 months agoAfaik there are browser extensions that find and replace these kinds of tracking links with the original ones.
FeelzGoodMan420 ( @FeelzGoodMan420@eviltoast.org ) English7•9 months agoOh, right. Like clearURL and certain ublock origin lists?
Sotuanduso ( @Sotuanduso@lemm.ee ) English4•9 months agoIt’s probably easy enough to write a script that will go through the generated HTML and just scrub out the Google.
BarqsHasBite ( @someguy3@lemmy.ca ) English2•9 months agoSo if there’s only a few links, you could manually replace them?
Sotuanduso ( @Sotuanduso@lemm.ee ) English5•9 months agoYes. You could probably also write a simple script that scrubs the Googles out.
library_napper ( @library_napper@monyet.cc ) 4•9 months agoGoogle would argue that this is a security feature.
Many business intentionally do this in google hosted email. It allows google to display warmings about links to malicious websites
IWantToFuckSpez ( @IWantToFuckSpez@kbin.social ) 2•9 months agoWrite your own exporter in Apps Script if you have to keep using Google workspace
Joe :fedora: :debian: :ferris: ( @Joe_0237@fosstodon.org ) 2•9 months ago@IWantToFuckSpez @tavu another option would be to parse the file and urls and remove the trackers from the formal export. Or to do it by hand if you don’t to it much.
Joe :fedora: :debian: :ferris: ( @Joe_0237@fosstodon.org ) 2•9 months ago@tavu my post is also here on mastodon https://fosstodon.org/@Joe_0237/111145684757912952
Hi! I’m over here on lemmy, and created this post as a link to your post. I don’t think there’s a mutually compatible way to repost/boost a mastodon post into a lemmy community, but this seemed close enough.