A few days ago I received the same spam message in my both Gmail inboxes (they have very different names), at a distance of a few seconds. I asked then some people if they have received the same message, and they didn’t. I was hoping that if the message has been sent to tens of milions of addresses, changes are it gets to both my inboxes too. But no, no one else got that message.
Fabricating, one conclusion could be that both my gmail addresses have got into some spammer’s list through some more in depth analysis, based on web behavior, that would classify the humans behind an address. Of course, a human analyst could make a lot of connections between the two addresses, as one of them is frequently used for bug reporting on the Debian lists, while the other may have been used by mistake when sending some automated crash reports.
Now, the biggest target of my web related concerns is Google. How much could Google automatedly find out about me? Let’s start with a few examples:
- Google can know when I start my computer (and to an extend when I wake up 🙂 ), as when my computer dehibernates the IM program and the mail client will connect to Google. Also it can know when I go to sleep.
- Google can read 99% of my e-mails, as I encrypt very few of them.
- Google can, of course, make a connection between my two accounts.
- Google can draw even more connections between e-mail addresses, as when I am at foreign computers I use to send myself links to study in detail at home. I also use to send myself the school homeworks, and open them at some computer at school. (this will happen no more, as will put an end to my scotch stinginess and buy and flash drive tomorrow 😛 ).
- Of course, after drawing those connections, Google could guess where I study and where I work, at least.
- The biggest one is that I gave my full, correct, details (addresses, phone number, a link to my CV etc) to Google, in order to apply for Summer of Code.
- If I login to the web interface of my gmail account all other google services will personalized for me (blogger navigating, search), this happened a few times. This means that it is as simple as it gets for Google to make draw a relation between that account and my searched (of course, that is also possible with the IP address, though harder, as I am behind a router with more computers).
- After killing a Firefox session at school and starting Firefox again after 2 weeks on the same computer with my account, I was automatically logged in (this is more security than privacy, but anyway).
Since all of the stuff I wrote before is more of an exercise, things may not be as bad. Let’s continue the pseudo-paranoia exercise anyway. What’s to do about this? Well, I don’t how much that matters, but I start with:
- deleting those damn cookies once in a while.
- use more diverse search engines. Monoculture and inbreeding leads to disasters.
- having the mail program check my e-mail at long intervals (3 hours now). This is also good for security, as the password is sent less often, and also generally as you are less disturbed by noise.
- logging on IM less often. This is less of an option, as I have many acquaintances that use gtalk and ymess (and that gtalk thing it’s friggin xmpp that has been existing for years, but no one uses it if it doesn’t have the Google/Yahoo/MS trademark). I will just do it.
- carrying a usb drive with me.
- learning about all those geeky thinks like tor, maybe privoxy.
- use different servers for sending my e-mail.
- not having this blog on blogspot :P.
This article will probably be updated as I find out more things to be concerned for, or as people tell me that some sections of the article are pure shit. And of course, if I learn how to format this, and also be a bit coherent.