Google Docs Identity Leak Bug Fixed

February 23, 2010 at 6:27 pm 7 comments

Yesterday I wrote about a bug in Google Docs that lets an arbitrary website find your identity. This morning I woke up to this piece of good news in my Inbox:

The fix is pushed out and live for all users as of the middle of last night. Basically we only show the username of collaborators if they are explicitly listed on the ACL of the spreadsheet.  Otherwise we call them “Anonymous user”. This means that an editor of the document had to already know the username in order for that username to be visible to collaborators.

I can confirm that the demo page no longer finds my identity. And the spreadsheet in my last post now looks like this:

The Google Docs help question “Collaborating: Why are some users anonymous?” explains:

If a document is set by the owner to be viewable or editable by everyone, then Google Docs does not show the names of those who choose to view or edit the document. Google Docs displays only the identities of users who are explicitly given permission to view or edit a document (either individually or as part of a group).

You might wonder what happens if the attacker explicitly gives permission to a whole bunch of users (say using scraped email addresses) . There seems to be an extra level of protection now:

Sounds like a happy resolution.

To stay on top of future posts, subscribe to the RSS feed or follow me on Twitter.

Entry filed under: Uncategorized. Tags: , , , .

How Google Docs Leaks Your Identity Data Privacy: The Story of a Paradigm Shift

7 Comments Add your own

  • 1. anonymous  |  February 23, 2010 at 9:52 pm

    I don’t remember seeing this option when sharing documents before ; am I right in guessing that the private mailing list shares were also vulnerable ?

    Reply
    • 2. Arvind  |  February 24, 2010 at 12:42 am

      That’s my guess as well.

      Reply
  • 3. How Google Docs Leaks Your Identity « 33 Bits of Entropy  |  February 24, 2010 at 5:38 am

    […] Update 2. Now fixed. […]

    Reply
  • 4. Alina  |  May 11, 2010 at 5:10 pm

    Unfortunately, it seems like the leak still exists in a slightly different version.
    I have noticed that on the docs.google.com page, where one can see the list of her documents, next to the document date column (which is the “last modified” date actually), there appears the user name of the last editor of the doc.

    Reply
    • 5. Arvind  |  May 11, 2010 at 5:18 pm

      Alina,

      Editing a doc is an explicit, user-initiated interaction, and so that would seem like the intended behavior rather than a bug. The reason that the earlier behavior was a bug was that you could get someone’s identity without them ever knowing.

      Reply
      • 6. Alina  |  May 11, 2010 at 5:43 pm

        This is inconsistent with the policy inside the doc itself, where even if you’re editing (and not only viewing), your name would appear to others as “anonymous #” (unless you were explicitly invited to view/edit the doc of course).

        Reply
  • 7. Alina  |  May 11, 2010 at 5:16 pm

    Unfortunately, it seems like the leak still exists in a slightly different version.
    I have noticed that in the docs.google.com page, where one can see her documents list, next to the document date column (which is the “last modified” date actually), there appears the user name of the last editor of the doc.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


About 33bits.org

I'm an assistant professor of computer science at Princeton. I research (and teach) information privacy and security, and moonlight in technology policy.

This is a blog about my research on breaking data anonymization, and more broadly about information privacy, law and policy.

For an explanation of the blog title and more info, see the About page.

Me, elsewhere

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 255 other followers