Show Notes URIs = Google Queries

Hey,

Looking at Show Notes (sn-438-notes.pdf) I see that all 
of the URIs are Google Serach Query URLs.

What's with that?
0
Guy
1/15/2014 12:00:01 PM
grc.securitynow 3529 articles. 0 followers. Follow

26 Replies
541 Views

Similar Articles

[PageSpeed] 3

Guy was heard to say :

> Looking at Show Notes (sn-438-notes.pdf) I see that all
> of the URIs are Google Search Query URLs.

Interesting: yes, they are. And have been so in previous PDFs.

As the PDF's were created strictly by Steve Gibson, as he stated in SN-438, 
he is the individual responsible for the "feature".

> What's with that?

Well (I suppose you do know, but for the general audience):

To start, I find it very Interesting that the the PDF creator decided to use 
such construct for links. Most of them could have been a direct link to the 
page in question.

That those links are as they are means that:

1.- Google gets to know which links were clicked in those PDF's.
2.- If the user has a Google cookie (most probably),
    the user could be identified.
3.- Having identified an unique user, Google could keep track of how
    many users have clicked in each and all links on each PDF.
4.- Steve Gibson may get a report back of pdf link usage.

I assume that this will be reported as "a mistake", and the Google links 
would be erased in future PDFs. :-(

Thanks for the report, Guy.


-- 
Mark Cross @ 01/15/2014 11:51 a.m.
Everything is always okay in the end, if it's not okay, then it's not the 
end.

0
Mark
1/15/2014 4:06:24 PM
On 2014-01-15 8:06, Mark Cross wrote:
[...]
> That those links are as they are means that:
>
> 1.- Google gets to know which links were clicked in those PDF's.
> 2.- If the user has a Google cookie (most probably),
>      the user could be identified.
> 3.- Having identified an unique user, Google could keep track of how
>      many users have clicked in each and all links on each PDF.
> 4.- Steve Gibson may get a report back of pdf link usage.
>
> I assume that this will be reported as "a mistake", and the Google links
> would be erased in future PDFs. :-(
>
> Thanks for the report, Guy.

http://www.t75.org/2012/06/deconstructing-googles-url-search-parameters/

See the comment by "Bas Braams". My speculation is that these pdf's are 
authored in Google Drive/docs and exported to PDF from there. Google is 
kind enough to keep their redirect code in place upon export.

You could also add the following point to your above:
5. If these links lead to malware, Google may prevent their redirection

 From a quick read about the link format, I don't think your "4" above 
is a possibility, though. There are no google analytics (or whatever) 
related tags in the URLs in the show note PDFs.

Regards,
Sam
0
Sam
1/15/2014 6:55:22 PM
Sam Schinke was heard to say :

> On 2014-01-15 8:06, Mark Cross wrote:
> [...]

Yep, expanding the thread without explaining anything more.

My answer here will be in three parts:
1.- To the general public. An executive summary.
2.- To the general public, a detailed description.
3.- To Sam Schinke, and to what he has added.

Search for this lines:
+-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
Background:

1.- The link itself.
The first link in the SN-432-notes.pdf looks like this site on the PDF page:
     https://onlycoin.com

But is loaded with this effective link behind:
    https://www.google.com/url?q=https%3A%2F%2Fonlycoin.com&sa=D&sntz=1&usg=AFQjCNGt6l0O2JBAfYwmHi3hIRY-hGZNlg

The site linked is clear:
    https://www.google.com/url?
The searched term is also clear:
    q=https%3A%2F%2Fonlycoin.com     which becomes, after decoding:    https://onlycoin.com
A couple of controls:
    &sa=D&sntz=1&
And a string of ~34 chars called usg
    usg=AFQjCNGt6l0O2JBAfYwmHi3hIRY-hGZNlg

2.- The page provided by Sam:

It is the first result from this google search string: "google search usg"
https://www.google.com/search?q=google+search+usg&btnG=Search&hl=en&tbo=d&output=search

A very simple search.

+-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
1.- Executive summary.

> http://www.t75.org/2012/06/deconstructing-googles-url-search-parameters/

The link provided by Sam does not explain what the usg string is.
The page only goes as far as to say:
    11. usg=AFQjCNGqhzD-SwHsPkbxvXmjiAr_iM5n8g
    "Again, something too secret to share. USaGe? USerGoogle?"

> See the comment by "Bas Braams".

The comment to which Sam directs us, just say that the usg may be a Google docs string
    "I don't really have a clue what the Google Docs team has in mind with this
    encoding, and in fact I suspect that it just reflects a software error; the
    encoding is (I suspect) a remnant of something else. However, I do not know this."

++++++
The only real content:

> My speculation is that these pdf's are
> authored in Google Drive/docs and exported to PDF from there.

May be, may be not, But Steve should have cleaned it before exposing everyone to the PDFs.
+++++

But all the above is just distracting us from the real issue, the Google redirect.

Google gets to know what we "do" or "do not do" by the redirect.

Thus my comment: Expanding without explaining.






+-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
2.- To the general public, a detailed description.

> http://www.t75.org/2012/06/deconstructing-googles-url-search-parameters/

Nothing additional to see there for the more prominent usg= parameter
    11. usg=AFQjCNGqhzD-SwHsPkbxvXmjiAr_iM5n8g
    "Again, something too secret to share. USaGe? USerGoogle?"

> See the comment by "Bas Braams".

That comment only goes to say that:
    "I don’t really have a clue what the Google Docs team has in mind with
    this encoding, and in fact I suspect that it just reflects a software
    error; the encoding is (I suspect) a remnant of something else.
    However, I do not know this."


> My speculation is that these pdf's are authored in Google Drive/docs
> and exported to PDF from there.

And speculation it is, Sam. We don't know. It well could be a web page
exported as PDF, or anything else converted to PDF.

> Google is kind enough to keep their redirect code in place upon export.

There is no kindness in such action, it just goes to ensure future tracking
of every link that once was in a document. Just knowledge to what is
important and what not to users. Knowledge to convert into monetary gain.

No, no kindness at all, just money: Google IS evil.


++++
Let me expand a bit on this:

Our browser, on receiving a link to visit goes to the resolved IP of such
domain link (https://www.google.com in this case). the browser expecting
to get a web page, presents the headers, any related cookie, and ask for the
web page (url) and all the additional parameters that a URL could be loaded with
    (?q=https%3A%2F%2Fonlycoin.com&sa=D&sntz=1&usg=AFQjCNGt6l0O2JBAfYwmHi3hIRY-hGZNlg)

On receiving all the above, Google could see what is the IP of the requesting
party (if you have a fix IP and use it, you have been IDed with just that little
information.) if you are using a special screen, a set of special web fonts,
and/or you leave JavaScript active on Google.com, you are most probably
IDentified. (see the Panopticlick page: https://panopticlick.eff.org/).
If all the above fails to IDentify you, don't worry, there are still cookies
that are specific tailored to identify you as individual.

That is exactly like the MACH3 Turbo men's razor: what the first miss, the other two get.

Additionally, the usg= is also transmitted, in the same connection !!.
Linking the two (user ID and link ID) has never been easier.

Of course, to be strictly fair: I am Assuming the usg is a link ID, which
we are not sure it is. But then again, why should I trust Google? TNO, anyone?

What is being discussed is the usg value. But the simple, not discussed redirect
IS the main problem:               hiding in plain sight?     ;-)

+++++

[....]
> You could also add the following point to your above:
> 5. If these links lead to malware, Google may prevent their redirection

And by the redirect get to know what people (specific people) like or not.

Thanks, but: no thanks.

 
> From a quick read about the link format, I don't think your "4" above
> is a possibility, though. There are no google analytics (or whatever)
> related tags in the URLs in the show note PDFs.

You mean this:
>> 4.- Steve Gibson may get a report back of pdf link usage.

Is the word "may" no soft enough for your taste?

The link allows Google to both identify the user and the specific instance
of the link. Google could connect the dots between both, they may report
back to Steve.



Whether Steve is actively expecting this to work this way, I'll say:
>> I assume that this will be reported as "a mistake", and the Google links
>> would be erased in future PDFs. :-(


+-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
3.- To Sam Schinke, and to what he has added.

Just the idea that the PDF was edited in Google docs, and, by mistake?,
the links were still there after the conversion.

Well, then:
    Steve, please, could you remove the google redirects on your PDFs?


-- 
Mark Cross @ 01/15/2014 5:38 p.m.
The truth is what is; what should be is a dirty lie.

0
Mark
1/15/2014 9:39:41 PM
On 1/16/2014 00:39, Mark Cross wrote:
<snip>
>
> Just the idea that the PDF was edited in Google docs, and, by mistake?,
> the links were still there after the conversion.
>
> Well, then:
>      Steve, please, could you remove the google redirects on your PDFs?
>

I'll be interested to hear the outcome.
I notice the PDF has no identifying information indicating the generator.
Also if you open it in a text editor the redirects are all in plain text 
right near the front and outside the compressed portions of the PDF... 
so they could even have been added after generation??

Li

0
Li
1/17/2014 7:12:15 PM
On 2014-01-15 13:39, Mark Cross wrote:
[...]

> +-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
> 2.- To the general public, a detailed description.
>
>> http://www.t75.org/2012/06/deconstructing-googles-url-search-parameters/
>
> Nothing additional to see there for the more prominent usg= parameter
>     11. usg=AFQjCNGqhzD-SwHsPkbxvXmjiAr_iM5n8g
>     "Again, something too secret to share. USaGe? USerGoogle?"

There are other speculations about the usg= parameter elsewhere. Most of 
them seem to imply that it is a hash of, or deterministically derived 
from, the redirected URL value. This seems possible as all examples of 
valid redirect links to a given URL seem to contain precisely the same 
usg= value.

The value of usg= can be decoded as Base64, though that doesn't really 
reveal much.

>> My speculation is that these pdf's are authored in Google Drive/docs
>> and exported to PDF from there.
>
> And speculation it is, Sam. We don't know. It well could be a web page
> exported as PDF, or anything else converted to PDF.

Right -- when I say speculation, I really do mean speculation. The PDFs 
don't seem to have any tags indicating how they were generated, but the 
symptom (google redirects in a PDF) is consistent with the comment I 
referenced.

>> Google is kind enough to keep their redirect code in place upon export.
>
> There is no kindness in such action, it just goes to ensure future tracking
> of every link that once was in a document. Just knowledge to what is
> important and what not to users. Knowledge to convert into monetary gain.
>
> No, no kindness at all, just money: Google IS evil.

That would have been sarcasm on my part.

I think, overall, you have read more into my initial response than was 
intended. My intent was strictly to convey the information contained in 
that response, nothing more.

>> From a quick read about the link format, I don't think your "4" above
>> is a possibility, though. There are no google analytics (or whatever)
>> related tags in the URLs in the show note PDFs.
>
> You mean this:
>>> 4.- Steve Gibson may get a report back of pdf link usage.
>
> Is the word "may" no soft enough for your taste?

Such a speculation on your part, IMO, requires more work before it can 
get to the point of "may". ;)

For instance, your speculation requires that Google has not only their 
regular goo.gl URL shortening service (which I didn't mention) which 
explicitly offers public "click analytics", and their publicly 
documented and freely (up to 10 million hits a month) google-analytics 
stuff (which I mentioned), but also a super-secret version via their 
own, internal API, leveraged entirely on the usg= parameter, for which 
only Steve (or other "in" people) is offered analytics. And the 
availability of this third type of analytics have somehow remained secret.

eg:
https://support.google.com/analytics/answer/1033867?rd=2

Not to mention that bit.ly (which Steve uses for some links) already 
provides various analytics. eg:

https://bitly.com/nsabribe+

(Add a "+" to any bitly shortened URL to get the analytics, apparently. 
Can also double as a "preview" ala preview.tinyurl.com)

That bit.ly links in the show notes PDFs are also wrapped in a Google 
redirect is another argument against the Google redirect being some 
secret method intentionally used by Steve for metrics -- there are 
simpler, non-redundant, ways for him to gather such metrics if he wishes to.

> The link allows Google to both identify the user and the specific instance
> of the link. Google could connect the dots between both, they may report
> back to Steve.

Sure, it is possible, if you posit a secret conspiracy to which Steve is 
a party. If Google had such a product (legit-looking redirects through a 
google.com domain that include non-google-account-anonymized analytics) 
I am fairly sure that they would be trying to sell it rather than 
keeping it a secret and creating competing products in google-analytics 
and goo.gl. And even if they did have such a product, my suspicion is 
that Steve isn't "special" enough to Google to be given secret access.

Frankly, though, theories that rely on secret conspiracies usually don't 
impress. ;)

AFAICT, the usg parameter ensures that a redirect has been generated by 
Google's code rather than by an arbitrary user. The usg= parameters also 
seem to expire or become invalid eventually. Find some older examples of 
usg= links online, for instance -- following them leads to a redirect 
notification page with a link leading to a similar URL with a different 
usg= value.

eg: 
http://analytics.blogspot.ca/2009/04/upcoming-change-to-googlecom-search.html

The first bit of the usg parameter does seem to encode some relatively 
static stuff -- many usg values found online begin with "AFQjC", and all 
of the ones I reproduced in a Google Drive spreadsheet began with 
"Alhdy2". So there may be multiple fields embedded in that value. It is 
opaque to us, though a similarly opaque field in Google's search 
parameters has apparently been decoded and understood:

http://gqs-decoder.blogspot.it/2013/08/google-referrer-query-strings-debunked-part-1.html

Anyways, AFAICT, usg= isn't a "protocol buffer", at least not without 
some more massaging than I have been able to give it.

https://code.google.com/p/protobuf/downloads/list

> +-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
> 3.- To Sam Schinke, and to what he has added.
>
> Just the idea that the PDF was edited in Google docs, and, by mistake?,
> the links were still there after the conversion.

If you create any kind of document in Google Drive, Google provides a 
"Download as > PDF" option right in the Drive UI. So there needn't be 
any extra conversion steps or work, just creating a document with some 
links, and then saving/exporting it as a PDF.

Actually, I've just tried to reproduce these redirect links in a text 
document, and cannot. I create a text document in Google Drive, place a 
link on some text, and Download as PDF. AFAICT, the link I input is 
reproduced verbatim at all stages of this process. Of course, as Drive 
exists almost entirely as javascript, there could be details that are 
hidden.

Trying again to reproduce some descriptions of this issue, I *can* cause 
Google Drive to re-write a URL pasted into a spreadsheet table, but the 
issue with "text" documents doesn't seem to manifest for me.

Two things, though. First, I am getting different USG values compared to 
example URLs I am trying to reproduce (so it isn't just a hash of the 
URL), and second, upon "publishing" the spreadsheet as a web-page, the 
redirects seem to disappear.

Well, maybe Google is tweaking things in that department as there are a 
number of threads in Google's product forums documenting this particular 
'feature', so I have no doubt that at one point (or for some people) 
exported documents did push URLs through redirects.

Ah, I think I've figured it out...

In Google Drive, create a text document, and create some links in that 
document. Then use Chrome to "print" (Ctrl-P, or Menu->Print) the 
document, with "Save as PDF" as the destination. The one example of that 
I tried is full of Google redirects.

If this is what Steve is doing, switching to "Download as PDF" may be a 
trivial cure.

FWIW, when I do this (print a Google Drive text document as PDF via 
Chrome), the redirect links are identical to those found in the show 
notes PDFs.

https://www.google.com/url?q=https%3A%2F%2Fonlycoin.com&sa=D&sntz=1&usg=AFQjCNGt6l0O2JBAfYwmHi3hIRY-hGZNlg

vs

https://www.google.com/url?q=https%3A%2F%2Fonlycoin.com&sa=D&sntz=1&usg=AFQjCNGt6l0O2JBAfYwmHi3hIRY-hGZNlg

Other techniques I can use to obtain a redirect seem to use a different 
usg=parameter each time, though (eg, Google search with noscript 
blocking google.com, then mouseover a result)

> Well, then:
>      Steve, please, could you remove the google redirects on your PDFs?

I don't disagree at all. I don't necessarily want my Google cookies 
being sent to Google in association with various links about the NSA or 
other arbitrary topics without it being my own explicit decision. 
Whether Steve will have the best luck if he generates the documents in 
another format and then upload them to Google Drive (presumably to share 
with Leo et al in advance) or does some post-processing before providing 
them for GRC visitors is another question.

Note, I am also speculating about the above work-flow. It seems a 
reasonable guess as Leo at least has expressed an admiration for Google 
products, and doesn't require actual malice on the part of any of the 
human participants.

That said, users should be protecting themselves if they are worried 
about Google gathering data via redirects. First, stick them in your 
hosts file. Second, find or write an extension for your browser of 
choice that unwraps these types of redirects. They have the mildly 
beneficial feature of not obfuscating the destination link (unlike 
bit.ly URLs, for instace)

Regards,
Sam
0
Sam
1/18/2014 1:56:01 AM
Sam Schinke was heard to say :

> On 2014-01-15 13:39, Mark Cross wrote:
> [...]
> 
>> +-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
>> 2.- To the general public, a detailed description.
[...]
> There are other speculations about the usg= parameter elsewhere.

Being speculations, that solves: about nothing.


[...]
> The PDFs
> don't seem to have any tags indicating how they were generated, but the
> symptom (google redirects in a PDF) is consistent with the comment I
> referenced.

As is common for speculations to be "consistent" but not "definitive".


> I think, overall, you have read more into my initial response than was
> intended.

I think you have written much more that was needed, raising speculative 
interpretations.

> My intent was strictly to convey the information contained in
> that response, nothing more.

Then: just quote the response needed, no lost time reading what is not 
necessary to be read. Much like you are doing again in this post.
 
[...]
> Such a speculation on your part, IMO, requires more work before it can
> get to the point of "may". ;)

Yes, It IS speculation on My Part, correct. So? It may not happen?

Hmmm. maybe what I understand of the word "may" is more lenient than what 
you take it to be, but that is pure and simple semantics, do you mean to 
discuss semantics here?

> For instance, your speculation requires that Google has not only their
[clipped some complexity not relevant]

The only couple of things Google needs are:
    1.- An ID of the human doing the clicking.
    2.- An ID of the link being clicked.

Simple, it works.        KISS    Sam.

> Not to mention that bit.ly (which Steve uses for some links) already
> provides various analytics. eg:
> 
> https://bitly.com/nsabribe+

And provide those based _only_ the link ID.
Imagine what would be possible adding the User-ID.

>> The link allows Google to both identify the user and the specific
>> instance of the link. Google could connect the dots between both, they
>> may report back to Steve.

> Sure, it is possible

That's it, stop right there. That is what my "may" meant.

[...]
> Frankly, though, theories that rely on secret conspiracies usually don't
> impress. ;)

No speculation impress, Sam, including yours that Steve is perfectly 
innocent of anything. You are just speculating.

Stop the "expanding without explaining" machine. This is borderline FUD.
 

> AFAICT, the usg parameter
[...]

Just more speculation on your part, again.

>> +-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
>> 3.- To Sam Schinke, and to what he has added.
>>
>> Just the idea that the PDF was edited in Google docs, and, by mistake?,
>> the links were still there after the conversion.



> If this is what Steve is doing, switching to "Download as PDF" may be a
> trivial cure.

It is only a matter to ask him to implement it, Isn't it ?

 
[...]

>> Well, then:
>>      Steve, please, could you remove the google redirects on your PDFs?
 
> I don't disagree at all.

But you don't agree either?


> I don't necessarily want my Google cookies
> being sent to Google in association with various links about the NSA or
> other arbitrary topics without it being my own explicit decision.

"I don't necessarily want ... "
      is not the same as
"I necessarily have to believe and support the notion that my privacy is 
better served by not having ...."



> Note, I am also speculating about the above work-flow. It seems a
> reasonable guess as Leo at least has expressed an admiration for Google
> products, and doesn't require actual malice on the part of any of the
> human participants.

You are the one defending Steve right to not be accused of anything.
You are the only one making a case against a possible malice.

Nobody is calling that malice, just plain greed, if it is indeed happening.

But better yet if it doesn't happen.
 
> That said, users should be protecting themselves if they are worried
> about Google gathering data via redirects.

And Steve should be working towards the same goal, should he not?

> First, stick them in your hosts file.

That does not work in this case.

> Second, find or write an extension for your browser of
> choice that unwraps these types of redirects.

The link unwrapper works with links to be presented in a page, links in a 
buffer that can be edited/modified, not links clicked.

We would need a PDF link unwrapper (if such thing may exist).

> They have the mildly beneficial feature of not obfuscating the
> destination link (unlike bit.ly URLs, for instance)

Bit.ly Links should also be unwrapped.

-- 
Mark Cross @ 01/18/2014 12:23 a.m.
The man who strikes first admits that his ideas have given out.

0
Mark
1/18/2014 4:33:43 AM
On 2014-01-17 20:33, Mark Cross wrote:
> Sam Schinke was heard to say :
>> On 2014-01-15 13:39, Mark Cross wrote:
>> [...]
>>
>>> +-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
>>> 2.- To the general public, a detailed description.
> [...]
>> There are other speculations about the usg= parameter elsewhere.
>
> Being speculations, that solves: about nothing.

No, speculation can quite often be valuable. Speculation allows you to 
publicly form a theory and test it against reality. If reality doesn't 
match your theory, you modify said theory. Others are able to 
participate along with you in this process.

> [...]
>> The PDFs
>> don't seem to have any tags indicating how they were generated, but the
>> symptom (google redirects in a PDF) is consistent with the comment I
>> referenced.
>
> As is common for speculations to be "consistent" but not "definitive".

Right. I'll revisit that later, if you don't mind.

>> I think, overall, you have read more into my initial response than was
>> intended.
>
> I think you have written much more that was needed, raising speculative
> interpretations.

They are neither more or less speculative than any interpretations you 
have raised, so I'm not sure what your issue is. Particularly given the 
problems your speculations have in the consistency department.

>> My intent was strictly to convey the information contained in
>> that response, nothing more.
>
> Then: just quote the response needed, no lost time reading what is not
> necessary to be read. Much like you are doing again in this post.

You seem to have a penchant for telling others how they should or should 
not post, Mark. That is a silly habit. If you disagree with something 
that is written, please feel free to express your disagreement.

> [...]
>> Such a speculation on your part, IMO, requires more work before it can
>> get to the point of "may". ;)
>
> Yes, It IS speculation on My Part, correct. So? It may not happen?
>
> Hmmm. maybe what I understand of the word "may" is more lenient than what
> you take it to be, but that is pure and simple semantics, do you mean to
> discuss semantics here?

No, not at all. There are a number of ways in which your speculation 
isn't consistent with what we know of reality. Therefore, your 
speculation requires either a substitute reality we don't know about 
(ie: secret conspiracies). Along those lines, your speculation also 
fails the test of Occam's and/or Hanlon's Razor.

>> For instance, your speculation requires that Google has not only their
> [clipped some complexity not relevant]
>
> The only couple of things Google needs are:
>      1.- An ID of the human doing the clicking.
>      2.- An ID of the link being clicked.
>
> Simple, it works.        KISS    Sam.

Are you changing your claim to "Google may track who clicks on the 
links"? The above two items are certainly all Google needs to track the 
links. No dispute there at all.

For that information to be made available to a non-Google third party 
requires a method for doing so. For your speculation to be consistent 
with the world as we know it requires this method to have the following 
properties:

3.- It must exist
4.- It must be secret

Those are the points you claim are "not relevant" in your snippery, 
above. They are entirely relevant. If you wish to claim your speculation 
is consistent, one or the other must be accounted for. You either need 
to demonstrate (3) or accept (4), including accepting that people will 
always be able to point out that (4) needs to be true.

Both (3) and (4) being true *may* still be possible, but that isn't the 
end of the requirements for your speculation. Steve having exclusive 
access to such methods is also a requirement. That sort of secret 
conspiracy is the stuff of government spy agencies. So sure, we could 
fairly say that the NSA *may* be obtaining (via coercion or attack) 
information correlating followed Google redirect links to Google 
cookie-holders, and possibly even correlating the *creator* of those 
links in some fashion, where those links are unique (I did manage to 
reproduce one of Steve's redirected links in software, so that isn't 
always consistent with the behaviour of the system).

But to speculate that a small software developer somewhere in California 
with no known special relationship to Google  (or much of anyone else) 
has some secret spy-level capability obtained from Google without anyone 
else's knowledge, and chooses to exercise it in .pdf documents used as 
notes for a free/promotional podcast? No, that is silly conspiracy 
stuff. Even if each individual step is actually possible, the whole 
simply falls to its own complexity.

It is a great disservice to the concept of speculation to not preface 
theories that involve such a number of leaps and violations of parsimony 
with terms more skeptical than "may", IMO.

Anyways, I do still agree that avoiding Google tracking, much less the 
appearance of the remote possibility of participation convoluted chain 
of improbabilities your speculation is well worth eliminating those 
Google redirects.

But lets be realistic about what your speculation means.

>> Not to mention that bit.ly (which Steve uses for some links) already
>> provides various analytics. eg:
>>
>> https://bitly.com/nsabribe+
>
> And provide those based _only_ the link ID.

Right. They also have the following property:

The Bitly Analytics links can be shown to exist.

> Imagine what would be possible adding the User-ID.

No doubt Bit.ly can now correlate my ID with bitly links I follow, since 
I signed up for an account to see if there is any additional interface 
for links, etc. Each Bit.ly link I follow will now return my Bit.ly 
cookie (and indeed, following multiple Bit.ly links would always have 
been correlatable)

It wouldn't, however, be consistent with what is known to speculate that 
Bit.ly has some undocumented secret way that Steve, or other special 
types, can obtain this de-anonymised analytics data. It is possible such 
a method exists, but not consistent with available information.

>>> The link allows Google to both identify the user and the specific
>>> instance of the link. Google could connect the dots between both, they
>>> may report back to Steve.
>
>> Sure, it is possible
>
> That's it, stop right there. That is what my "may" meant.

Right. Well, like I said, such a possibility requires a complex pile of 
conspiracies that make the opposite the much more parsimonious explanation.

> [...]
>> Frankly, though, theories that rely on secret conspiracies usually don't
>> impress. ;)
>
> No speculation impress, Sam, including yours that Steve is perfectly
> innocent of anything. You are just speculating.

I have demonstrated for myself (and anyone else who wishes to repeat my 
steps) a perfectly innocent way that *precisely* the same Google 
redirect link as seen in Steve's PDF's can be created in a Google Drive 
document when printed to a PDF.

That is not speculation.

That this same workflow is used by Steve *is* a speculation, but that 
speculation has the advantage of a) being parsimonious (there are no 
moving parts or factors required that we don't already know about) and 
b) being consistent with my above demonstration.

> Stop the "expanding without explaining" machine. This is borderline FUD.

No, saying "It isn't likely that FOO is a bad/malicious/hostile act 
because BAR" is the opposite of FUD.

FUD is precisely what you are doing:

<q>
The link allows Google to both identify the user and the specific
instance of the link. Google could connect the dots between both, they
may report back to Steve.
</q>

That is FUD. "This bad thing may happen. That bad thing may happen. And 
if those don't happen, that other bad thing may happen". Textbook FUD.

>> AFAICT, the usg parameter
> [...]
>
> Just more speculation on your part, again.

Yep, absolutely. The usg parameter is not documented by Google, so there 
is nowhere else to go with it, really.

And again, no documentation or available information indicating that 
this parameter is used by Google to perform tracking and/or provide 
those services to third parties means that your speculation requires 
these activities to be performed in secret.

>>> +-++--+++---++++----+++++-----++++++------+++++++-------++++++++--------
>>> 3.- To Sam Schinke, and to what he has added.
>>>
>>> Just the idea that the PDF was edited in Google docs, and, by mistake?,
>>> the links were still there after the conversion.
>
>
>
>> If this is what Steve is doing, switching to "Download as PDF" may be a
>> trivial cure.
>
> It is only a matter to ask him to implement it, Isn't it ?

Right, and it has the great advantage of not adding lots of extra steps 
to whatever workflow he uses.

>>> Well, then:
>>>       Steve, please, could you remove the google redirects on your PDFs?
>
>> I don't disagree at all.
>
> But you don't agree either?

I don't don't agree. It is a fair request. Whether it messes up Steve's 
workflow too much to be practical is something only he can decide.

>> I don't necessarily want my Google cookies
>> being sent to Google in association with various links about the NSA or
>> other arbitrary topics without it being my own explicit decision.
>
> "I don't necessarily want ..."
>        is not the same as
> "I necessarily have to believe and support the notion that my privacy is
> better served by not having ...."

No, the words you wrote aren't the same as the words I wrote, I agree.

I see no value in the redirects in the show notes, and would prefer to 
see links that go directly to the correct site.

There are situations (eg, when using Google directly) where such 
redirects are pretty hard to avoid. And a bit silly to boot, to be 
concerned about tracking from redirects while using an entity one 
clearly mistrusts.

So like I said before, people who mis-trust Google (or facebook, etc) 
should be empowered to ensure their own privacy in those regards.

Anyways, that is more directed towards the tendency of people to gripe 
about how evil Google is, while continuing to use Google services.

>> Note, I am also speculating about the above work-flow. It seems a
>> reasonable guess as Leo at least has expressed an admiration for Google
>> products, and doesn't require actual malice on the part of any of the
>> human participants.
>
> You are the one defending Steve right to not be accused of anything.

No, that isn't what I have done. I am discussing specific speculations, 
and why they are the vastly less likely explanation for the information 
we have available, not saying that Steve has a right not to be accused 
of things. Those are two very different things.

That said, if there was an accusation made, rather than a speculation, 
there might be relevant laws that would indeed protect an individual 
from untrue and/or malicious accusations.

> You are the only one making a case against a possible malice.

I would make a fairly similar case if someone said that Steve (or 
someone else for that matter) may eat babies for breakfast, as well.

> Nobody is calling that malice, just plain greed, if it is indeed happening.

Greed to the detriment of others (including their privacy) meets my 
definition of malice.

> But better yet if it doesn't happen.
>
>> That said, users should be protecting themselves if they are worried
>> about Google gathering data via redirects.
>
> And Steve should be working towards the same goal, should he not?

Sure, we all should.

>> First, stick them in your hosts file.
>
> That does not work in this case.

Sure it does. If your objective is to reveal nothing to Google, putting 
Google in your hosts file (or adblock rules, or firewall) accomplishes that.

>> Second, find or write an extension for your browser of
>> choice that unwraps these types of redirects.
>
> The link unwrapper works with links to be presented in a page, links in a
> buffer that can be edited/modified, not links clicked.

Is there a particular unwrapper you are talking about?

Modifying URLs as they are being accessed should also be possible. But 
then, someone would have to write it.

> We would need a PDF link unwrapper (if such thing may exist).
>
>> They have the mildly beneficial feature of not obfuscating the
>> destination link (unlike bit.ly URLs, for instance)
>
> Bit.ly Links should also be unwrapped.

That kind of thing would be tricky to do without following the link.

I guess a large service (like Google) could visit such a link once and 
then cache the results, and display the unwrapped result without 
contributing significantly to analytics. What Google is doing with 
images in GMail works a bit like that now, and they are introducing 
optional compression on Chrome for mobile devices which would make 
something like that possible.

Regards,
Sam
0
Sam
1/18/2014 8:35:35 PM
Sam Schinke was heard to say :
[all clipped]

You have added nothing. I'll answer later, not this week.

-- 
Mark Cross @ 01/18/2014 11:53 p.m.
The fewer the facts, the stronger the opinion.

0
Mark
1/19/2014 3:55:20 AM
On 2014-01-18 19:55, Mark Cross wrote:
> Sam Schinke was heard to say :
> [all clipped]
>
> You have added nothing. I'll answer later, not this week.

You speculate. I speculate and do a bit of work researching/reproducing 
what seems to be going on. Yet it is only your speculations that are 
"adding". Gotcha.

Regards,
Sam

0
Sam
1/19/2014 5:43:21 PM
Sam Schinke was heard to say :

> On 2014-01-18 19:55, Mark Cross wrote:
>> Sam Schinke was heard to say :
>> [all clipped]
>>
>> You have added nothing. I'll answer later, not this week.
> 
> You speculate. I speculate and do a bit of work researching/reproducing
> what seems to be going on. Yet it is only your speculations that are
> "adding". Gotcha.


Desperate to feed the discussion? Firing the flame?


No initial speculation on my part. Some forced speculations to answer your 
speculations, maybe, we will see in my answer what is my new opinion.

And, for "adding": there are issues that are "complete", no additional 
discussion is required, nor any additional discussion adds anything
useful to the point.


Facts wont change because you rush them.

And "flawed research" looks just like data creation to justify some curve 
fitting, no real research.

-- 
Mark Cross @ 01/19/2014 2:57 p.m.
If the opposite of pro is con, then what must be the opposite of progress?

0
Mark
1/19/2014 7:08:24 PM
On 2014-01-19 11:08, Mark Cross wrote:
> Sam Schinke was heard to say :
>
>> On 2014-01-18 19:55, Mark Cross wrote:
>>> Sam Schinke was heard to say :
>>> [all clipped]
>>>
>>> You have added nothing. I'll answer later, not this week.
>>
>> You speculate. I speculate and do a bit of work researching/reproducing
>> what seems to be going on. Yet it is only your speculations that are
>> "adding". Gotcha.
>
>
> Desperate to feed the discussion?

No. If you are done with it, that is completely fine. That you 
characterize others' contributions as adding nothing is amusing, nothing 
more.

> Firing the flame?

Nope, no interest in flames at all.

> No initial speculation on my part.

Your initial post to the thread consisted almost entirely of speculation.

> Some forced speculations to answer your
> speculations, maybe, we will see in my answer what is my new opinion.

Sure thing, Mark. You are always welcome to an opinion, or to change 
your prior opinions. No harm no foul, as it were.

> And, for "adding": there are issues that are "complete", no additional
> discussion is required, nor any additional discussion adds anything
> useful to the point.

And of course, in your mind you are the sole arbiter of what discussion 
of what issues is useful or required. Like I said before, that is a 
silly way to participate in a public discussion.

> Facts wont change because you rush them.

Nor will they change because you bury your head in the sand. And there 
are only a handful of facts relating to this topic, in the end.

> And "flawed research" looks just like data creation to justify some curve
> fitting, no real research.

It looks to me much more like you are rejecting reproduction of a 
specific result because said result isn't consistent with your own theory.

There is no "curve" or "statistics" to manipulate here, just a handful 
of bits that happen to be identical when a particular method is used. 
That may or may not be meaningful, but it doesn't mean those particular 
bits were manipulated or dishonestly derived.

Regards,
Sam
0
Sam
1/19/2014 8:24:46 PM
On 2014-01-15 13:39, Mark Cross wrote:
[...]
>> http://www.t75.org/2012/06/deconstructing-googles-url-search-parameters/
>
> The link provided by Sam does not explain what the usg string is.
> The page only goes as far as to say:
>      11. usg=AFQjCNGqhzD-SwHsPkbxvXmjiAr_iM5n8g
>      "Again, something too secret to share. USaGe? USerGoogle?"
>
>> See the comment by "Bas Braams".
>
> The comment to which Sam directs us, just say that the usg may be a Google docs string
>      "I don't really have a clue what the Google Docs team has in mind with this
>      encoding, and in fact I suspect that it just reflects a software error; the
>      encoding is (I suspect) a remnant of something else. However, I do not know this."

FWIW, this is not remotely close to an accurate summary of the Bas 
Braams comment I was referencing. The above quote is more along the 
lines of a final wrapup, and the comment doesn't "just" say the above.

More interesting is the following part of the referenced comment:

<q>
Hyperlinks in a Google Docs text document are encoded in a similar way 
as described in the present article for search parameters, and the 
encoding may survive export of the Docs text document to pdf, odt, docx 
or rtf format or publication to the web. I describe the situation in a 
sequence of postings [1] on the Google Docs product forum.
</q>

In particular:
<q>
the encoding may survive export of the Docs text document to pdf, odt, 
docx or rtf format or publication to the web.
</q>

And of course, the comment also contained the following:
<q>
http://www.google.com/url?q=URL&sa=D&sntz=1&usg=CODE

where URL denotes the proper target of the hyperlink and CODE denotes 
some string of about 34 characters, perhaps a hash of some kind. As an 
example, if the Google Docs text document contains a link to 
http://www.example.com and the link address has been edited (as 
described under [1]) then the hyperlink in the exported or published 
document will go to

http://www.google.com/url?q=http%3A%2F%2Fwww.example.com&sa=D&sntz=1&usg=AFQjCNEFCU3RF7exbH39Ef7Szy9s-UX8WA
</q>

Which indicates that when a particular URL is encoded into a redirect in 
Google documents, it is given a very specific usg parameter. Sure, this 
still doesn't explain what the usg parameter contains, but it does 
detail that identical usg parameters may be obtained (as confirmed by 
me) from disparate Google Docs/Drive encodings of a specific URL.

Regards,
Sam
0
Sam
1/19/2014 8:47:19 PM
Sam Schinke wrote:

Sam ... Please... Let Mark alone.  He may be knowledgeable, or he may be 
wrong (I don't know) but he seems set in his ways, and is determined not 
to let anyone have the last word ... so.  Let him have the last word, 
and we can all sleep.

I respect you both for your knowledge and willingness to share those 
technical skills with us, but I am somewhat nonplussed at this constant 
back-and-forth between two of our resident experts.

Love Louis
> 
> Regards,
> Sam


-- 
LWB
Retired & Retarded   or   Retarded & Retired
Either way, more time than I know what to do with.
https://onebiteless.com/
0
LWBone
1/19/2014 9:45:51 PM
LWBone was heard to say :

> Sam Schinke wrote:
> 
> Sam ... Please... Let Mark alone.

That's foolish, no one will benefit of a different point of view, and, 
leaving humility aside, a valid point of view.

Or would you preffer that I do not say anything and thus we will have no 
discussion, because Mark is wrong even before he speaks?

Is that your request?

> He may be knowledgeable, or he may be wrong

Or I may NOT be knowledgeable, or I may be RIGHT.

> (I don't know)

And you will never find out if I am right, as has been proven so in several 
instances in the past. But there are issues in which it is just IMPOSSIBLE 
to have a reasonable exchange with Sam, as with Passwords. There is simply 
no way in which he controls himself and learns something about passwords.

> but he seems set in his ways, and is determined not
> to let anyone have the last word ... so.

No, I don't believe that somebody which IS wrong should have the last word.
That will just maintain the lie, the wrong perception. And we will keep 
failing on the same issues, again and again, and again.

> Let him have the last word, and we can all sleep.

That is not the solution, Louis. As the point will reappear many times till 
it is correctly set. Once we all understand *correctly* an issue, there is 
no need for discussion.

Sam is stubborn in his descriptions. I am stubborn in the corrections.

The goal for a discussion must be to learn something out of it, or the 
discussion is a fool and futile exercise in lost time.

When Sam try to lecture me/us on some arcane detail, he complicates (extend) 
things a lot more than needed and hides the issue in a lot of technical 
jargon. And he is good at it, at extending the discussion, and hiding the 
real issue, I mean.

He is also and equally able of being wrong. But he will not agree to that.

And this last 7 posts are just a clear example of that. I am saying: I can 
not discuss this issue now, I'll do it latter (just wait) 7 posts ago, and 
look at what happens: additional posts, additional claims, more flames.

An ever growing list of new issues. No Louis, it is NOT me who makes the 
posting long, but I do accept that I won't leave an issue un-finished.


-- 
Mark Cross @ 01/19/2014 6:27 p.m.
Women might be able to fake orgasms. But men can fake a whole relationship.

0
Mark
1/19/2014 11:05:52 PM
Sam Schinke was heard to say :

> On 2014-01-19 11:08, Mark Cross wrote:
>> Sam Schinke was heard to say :
>>
>>> On 2014-01-18 19:55, Mark Cross wrote:
>>>> Sam Schinke was heard to say :
>>>> [all clipped]
>>>>
>>>> You have added nothing. I'll answer later, not this week.
>>>
>>> You speculate. I speculate and do a bit of work researching/reproducing
>>> what seems to be going on. Yet it is only your speculations that are
>>> "adding". Gotcha.

>> Desperate to feed the discussion?
> 
> No. If you are done with it, that is completely fine.

No, I am not done with it, as I said: "I'll answer later, not this week."
That is a clear admission that I am not done with it.

> That you
> characterize others' contributions as adding nothing is amusing, nothing
> more.

The only "other" that I am characterizing as "adding nothing" is you in this 
thread. And I have several reasons to say so.

That you find it amusing is a good thing for you, why don't you share the 
yoke so we all could laugh together at it ?

To me, no knowing which is the yoke, seems exactly as an attempt to an 
insult, as to say: you claims are not serious (which they are).

Yes, "some more", but later.

>> Firing the flame?
> 
> Nope, no interest in flames at all.

Then why use insults?.

>> No initial speculation on my part.
> 
> Your initial post to the thread consisted almost entirely of speculation.

Your opinion, we will see.

>> Some forced speculations to answer your
>> speculations, maybe, we will see in my answer what is my new opinion.
> 
> Sure thing, Mark. You are always welcome to an opinion, or to change
> your prior opinions. No harm no foul, as it were.

I am welcome to an opinion as long it is the same as yours ?

>> And, for "adding": there are issues that are "complete", no additional
>> discussion is required, nor any additional discussion adds anything
>> useful to the point.
> 
> And of course, in your mind you are the sole arbiter of what discussion
> of what issues is useful or required. Like I said before, that is a
> silly way to participate in a public discussion.

Yes I am the sole arbiter as to what is my opinion in the matter.

As you are the sole arbiter to keep discussing a point.
 
>> Facts wont change because you rush them.
> 
> Nor will they change because you bury your head in the sand.

Watch the insults Sam. I am not "burying my head in the sand", in fact, I 
decided exactly not to. But a "cool off time" is a good measure, as I 
recommend you take it as well.

> And there are only a handful of facts relating to this topic, in the end.

No, facts could always be searched, paths for research are many, and there 
are always new ways to look at an issue.. But yes, "fundamental proven 
facts" are few. Well, lets say "agreed upon" are few.
> 
>> And "flawed research" looks just like data creation to justify some curve
>> fitting, no real research.

> It looks to me much more like you are rejecting reproduction of a
> specific result because said result isn't consistent with your own theory.

Next week, Sam. I really do not have the time today.

> There is no "curve" or "statistics" to manipulate here, just a handful
> of bits that happen to be identical when a particular method is used.
> That may or may not be meaningful, but it doesn't mean those particular
> bits were manipulated or dishonestly derived.

The term "flawed" means:
     http://www.merriam-webster.com/thesaurus/flawed
         "having a fault"
     Synonyms amiss, bad, defective, flawed, imperfect

And having a fault is how I find it to be.

-- 
Mark Cross @ 01/19/2014 5:04 p.m.
It's not enough that we do our best; sometimes we have to do what's 
required. — Winston Churchill
0
Mark
1/19/2014 11:25:51 PM
[for the unabridged version, see Guy's post above]

> Hey,
> 
> Looking at Show Notes (sn-438-notes.pdf) I see that all 
> of the URIs are Google Serach Query URLs.
> 
> What's with that?

How annoying!  Thanks for the heads-up Guy.

My production chain has long been to author the doc as a shared 
"Document" under Google Drive, in the "Security Now" folder that 
I've shared with Leo.

Then I "Download as PDF"... and that's it.

Figures that Google would stick their nose into the process. :(

The Google Docs authoring environment is actually pretty nice 
but I can certainly use Word, as I do with the Q&A questions. 
What would be even COOLER was if I could arrange to somehow 
export directly from my outliner which is the original source of 
the text.  As it is, I'm writing it all in a different app -- 
"ThoughtManager Desktop" (I've been a fan of outliners for 
decades) then I copy & paste the whole thing over into Google 
Docs -- where none of the formatting survives -- and manually 
reformat the entire thing so it comes out looking as "finished" 
as it does.

I'll experiment with alternatives for tomorrow's podcast.

Thanks for making note of it!

-- 
________________________________________________________________
Steve.               Working on moving the SQRL project forward.
0
Steve
1/20/2014 8:53:45 PM
On Mon, 20 Jan 2014 14:53:45 -0600, Steve Gibson <news007_@_grc.com> wrote:

> What would be even COOLER was if I could arrange to somehow
> export directly from my outliner which is the original source of
> the text.  As it is, I'm writing it all in a different app --
> "ThoughtManager Desktop" (I've been a fan of outliners for
> decades) then I copy & paste the whole thing over into Google
> Docs -- where none of the formatting survives -- and manually
> reformat the entire thing so it comes out looking as "finished"
> as it does.

You can always install a PDF printer like PDFCreator or one of the other  
alternatives and use that to print to PDF if there is not an export option.

-- 
Todd Russell, Director of IT, Saint Joseph Abbey and Seminary College
http://www.sjasc.edu
0
Todd
1/21/2014 7:38:25 PM
On 2014-01-20 12:53, Steve Gibson wrote:
> [for the unabridged version, see Guy's post above]
>> Hey,
>>
>> Looking at Show Notes (sn-438-notes.pdf) I see that all
>> of the URIs are Google Serach Query URLs.
>>
>> What's with that?
>
> How annoying!  Thanks for the heads-up Guy.
>
> My production chain has long been to author the doc as a shared
> "Document" under Google Drive, in the "Security Now" folder that
> I've shared with Leo.
>
> Then I "Download as PDF"... and that's it.

I can confirm that "Download as -> PDF" in Firefox leaves Google 
redirects on links for me as well. It doesn't do that in Chrome, so the 
scripting code or back-end code (or something!) must be different for 
the two browsers.

> Figures that Google would stick their nose into the process. :(
>
> The Google Docs authoring environment is actually pretty nice
> but I can certainly use Word, as I do with the Q&A questions.
> What would be even COOLER was if I could arrange to somehow
> export directly from my outliner which is the original source of
> the text.  As it is, I'm writing it all in a different app --
> "ThoughtManager Desktop" (I've been a fan of outliners for
> decades) then I copy & paste the whole thing over into Google
> Docs -- where none of the formatting survives -- and manually
> reformat the entire thing so it comes out looking as "finished"
> as it does.

Does your version support "Word export"? If so, Google Drive might have 
better luck parsing an exported Word document than a copy and paste of 
the text.

http://i1-win.softpedia-static.com/screenshots/ThoughtManager-Desktop_2.png

Or you could give something like this a try (*g*):

http://www.theoutlinerofgiants.com/

Regards,
Sam
0
Sam
1/22/2014 5:08:09 AM
[for the unabridged version, see Sam Schinke's post above]

> > Then I "Download as PDF"... and that's it.

> I can confirm that "Download as -> PDF" in Firefox leaves
> Google redirects on links for me as well. It doesn't do that
> in Chrome, so the scripting code or back-end code (or something!)
> must be different for the two browsers.

Whoa!  Really!  That's FANTASTIC Sam!  Problem solved!

Yesterday I settled for posting a big red warning notice at the 
top of the PDF.  I'll go and re-download as PDF through Chrome!

Thanks!!!

########## Darnit!... It didn't work for me, Sam.  I used 
Windows Chrome, re-downloaded the Show Notes... and still got 
Google redirect links.  So... it must be something else.  If you 
discover what, let me know!  Thanks!!


> Does your version support "Word export"? If so, Google Drive
> might have better luck parsing an exported Word document than
> a copy and paste of the text.
> 
> http://i1-win.softpedia-static.com/screenshots/ThoughtManager-Desktop_2.png

Yeah... I gave that a shot yesterday... but Word's outliner 
format is bare-bones without frills, and switching to non 
outliner view lost all sense of any outline.


> Or you could give something like this a try (*g*):
> 
> http://www.theoutlinerofgiants.com/

Whoa!... That looks WONDERFUL!  I'll check it out.  Thanks!

-- 
________________________________________________________________
Steve.               Working on moving the SQRL project forward.
0
Steve
1/22/2014 5:39:50 PM
On 2014-01-22 9:39, Steve Gibson wrote:
> [for the unabridged version, see Sam Schinke's post above]
>
>>> Then I "Download as PDF"... and that's it.
>
>> I can confirm that "Download as -> PDF" in Firefox leaves
>> Google redirects on links for me as well. It doesn't do that
>> in Chrome, so the scripting code or back-end code (or something!)
>> must be different for the two browsers.
>
> Whoa!  Really!  That's FANTASTIC Sam!  Problem solved!
>
> Yesterday I settled for posting a big red warning notice at the
> top of the PDF.  I'll go and re-download as PDF through Chrome!
>
> Thanks!!!
>
> ########## Darnit!... It didn't work for me, Sam.  I used
> Windows Chrome, re-downloaded the Show Notes... and still got
> Google redirect links.  So... it must be something else.  If you
> discover what, let me know!  Thanks!!

Yeah, this seems to be an on-and-off bug/feature. Sometimes it happens, 
other times it doesn't. :(

Following some of the links to Google Product forums posts by that Bas 
Braams fellow seems to indicate he has had a similar experience. The 
redirects on particular publishing options seem to come and go.

I was successfully grabbing non-redirected PDFs in Chrome the other day, 
but now they all seem to have redirects again.

"Publish to the Web" seems to strip the redirects presently. But ugh, 
who wants to gamble on how various publishing options will act, day to day?

..docx and .odt downloads also seem to be "clean" at present.

There seem to be a few people aware of this issue. EG:
http://webapps.stackexchange.com/questions/42652/can-i-prevent-google-from-tracking-which-links-i-follow-in-downloaded-pdfs

Regards,
Sam
0
Sam
1/22/2014 6:11:00 PM
[for the unabridged version, see Sam Schinke's post above]

> There seem to be a few people aware of this issue. EG:
> http://webapps.stackexchange.com/questions/42652/can-i-prevent-google-from-tracking-which-links-i-follow-in-downloaded-pdfs

Yes. I wound up there, too, yesterday morning.

Using a web-based "solution" is, as you say, fundamentally 
fraught with trouble.

-- 
________________________________________________________________
Steve.               Working on moving the SQRL project forward.
0
Steve
1/22/2014 6:50:46 PM
On Mon, 20 Jan 2014 12:53:45 -0800, Steve Gibson <news007_@_grc.com> 
wrote:
> Figures that Google would stick their nose into the process. :(


> The Google Docs authoring environment is actually pretty nice 
> but I can certainly use Word, as I do with the Q&A questions.

But then Microsoft might stuck their nose in the process. 

I propose LibreOffice. 

.... But then the Open Document Foundation might stick their nose in. 
Hm. 

Better audit the entire code base first, to make sure. 

And in the meantime, the optimal solution is to hand code the PDF in 
your favourite text editor. 

:-D 

aaron
0
aaron
1/22/2014 7:23:28 PM
[for the unabridged version, see aaron's post above]

Aaron...

You DID say "optimal", didn't you?  <g>

-- 
________________________________________________________________
Steve.               Working on moving the SQRL project forward.
0
Steve
1/22/2014 9:34:41 PM
:: On Wed, 22 Jan 2014 14:23:28 -0500
:: (grc.securitynow)
:: <almarsoft.8386404724964219063@news.grc.com>
:: aaron <fake@fakeemail.com> wrote:

 
> And in the meantime, the optimal solution is to hand code the PDF in 
> your favourite text editor. 
> 
> :-D 

LOL ! Well, there *is* an alternative, that is

http://pages.cs.wisc.edu/~ghost/redmon/

add ghostscript to it, fiddle a bit with the config and you'll have
full control over your PDF files generation :)


0
ObiWan
1/23/2014 4:49:35 PM
Steve Gibson was heard to say :

> [for the unabridged version, see Sam Schinke's post above]
[...]
> ########## Darnit!... It didn't work for me, Sam.


What we use to use here is a network PDF printer. A server PDF printer.
A network "PDF to file" server instance and 
a network "PDF to mail" server instance.

Anyone sends a document to print, gets back an e-mail with the PDF, or
just goes out as an e-mail.

We use Cups for the server, Not sure how that could be implemented in your 
network, but sure is a very nice and useful piece of software to have 
installed.

As a printer does deal mostly with images, it should not process links in 
special ways (that may be changed though).

You have been told to use the "install a PDF printer like PDFCreator" in the 
Todd Russel post:
    http://www.GRC.com/groups/securitynow:24903

I highly recommend you to follow such advice, even if only to try it.


Then you can directly print from the outliner to a PDF document.

-- 
Mark Cross @ 01/24/2014 12:42 a.m.
Am I ranting? I hope so. My ranting gets raves.

0
Mark
1/24/2014 4:54:22 AM
Mark Cross was heard to say :

> [...]
> You have been told to use the "install a PDF printer like PDFCreator" in

For example:
    http://www.novapdf.com/kb/how-to-install-and-use-nova-pdf-server-as-a-shared-network-pdf-printer-102.html

-- 
Mark Cross @ 01/24/2014 1:01 a.m.
The afternoon knows what the morning never suspected. — Cousin Woodman

0
Mark
1/24/2014 5:02:52 AM
Reply:

Similar Artilces:

Query a Query
I have a result set in a query. Is it possible to query this query? (no specific SQL dialect, can it be done generically?) Petros -- PETROS GAVRIELIDES wrote: > I have a result set in a query. > Is it possible to query this query? > > (no specific SQL dialect, can it be done generically?) There is a generic answer to your question: Yes, there is a construct called a sub-query that allows you, in 1 SQL statement, to query from a query. But, generically speaking, not all DB engines support this construct. For instance, Firebird only added it just over a y...

Is Google googling?
What is the deal? Has anyone ever had "Outbound" ICMP pings when just coming online on a dialup. I'm getting Outgoing Tcpip Kernel Driver pings to Google Inc. (NETBLK-GOOGLE) [216.239.35.100] 2400 E. Bayshore Parkway, Mountain View, CA 94043 US, every time I log on to the internet. It also is followed by Outgoing pings going to InfoHouse, Inc. (NETBLK-INFOHOUSE-BLK) [64.61.61.86] 41 Pacella Park Drive, Randolph, MA 02368 US. These ping are consistent every log on, 3 of each for a total of 6. Why would Google be doing this and how? I am running WindowsXP Pro and I have ...

show query
Hi All I have a query that I am using to import data for an old system. It seems very slow and I was hoping that someone could tell me why? insert into trans_scale ( rcode, transid, siteno, year, inout, random, freqcode, scalefreq) select t.rcode, t.recno, t.siteno, t.year, t.inout, COALESCE (c.random,0), (case when c.company = 'Y' then 'BC' when c.state = 'Y' then 'ST' when c.USFS = 'Y' then 'FS' w...

How to Query A Query
I have been trying to build a crosstab report that reports everydate within a selected range across the top and specific row information. 7/1 7/2 7/3 . . . Name Detail1 Detail2 Detail3 Name Detail1 What I get as output is only the dates that contain information in the rows. I can get the information I need by using a query within a query (nested). Can a nested query be done in Informaker 5? What about version 6 or 7? Thanks for your help Convert your SQL to syntax, and you can write anything you want. So if your DB support...

show notes????
I fell behind a little with show and I found that the twit.tv podcst link only goes back to a certain number and that number and before are the ones found on Grc.com/security now. I'm working at catching up, but I notice that many episodes where Steve mentions the show notes they are not posted on grc.com/securitynow for example episode 176 drop my rights. If anyone aware of whats going on /up to date, could inform me as to what is going on please let me know. In article <MPG.241b8175b15bc484989680@news.grc.com>, Daniel.Rockel@gmail.com says... > I fell be...

show notes
Steve mentions them every so often, but I only see links to show notes for shows 20 and 164 on the security now page, and I don't see any links in either the text, html or pdf versions of the show. On 10/08/2011 01:44 PM, jay thompson wrote: > Steve mentions them every so often, but I only see links to show notes > for shows 20 and 164 on the security now page, and I don't see any links > in either the text, html or pdf versions of the show. There is some kind of a "show notes" thing on twit.tv... http://wiki.twit.tv/wiki/Security_Now_321 It's all listener-contributed and I'm not sure how helpful it will be. -- FireXware https://defuse.ca/ http://crackstation.net/ ...

Query about Queries
Hello all, As a relatively new user to Sybase I am hoping someone can point me in the right direction. We are getting ready to go live with our database and I am wondering what types of queries I should be running for system performance purposes. If anyone has any suggestions they would be more than appreciated. Thanks in advance, Jerry ...

How to query a query...
I'm working on converting an Access DB that I created into an ASP.NET application (and attempting to learn ASP at the same time...). One of my queries was very complex and required running a different query first, and then working off of that one. Any suggestions on the best way to do this in ASP? The following is a sample of code I'm using so you can see the type of data-binding I'm using. Thanks for the help! myConnection = New OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; " +"Data Source=" + Server.MapPath("/EquipmentCheckout.mdb")) strS...

Google home page does not show the google logo and who knows what else
Name: Marlene Lawrence Email: marlenelawrence2003atyahoodotcom Product: Firefox Summary: Google home page does not show the google logo and who knows what else Comments: 1. For a couple of months now since I downloaded the latest version of Firefox I have been unable to see the complete Google Home Page. I use an older Windows XP system (latest version available) on a Gateway portable and have lots of available memory. I see the search box and one or two lines underneath but the majority of the Google home page (which is my default home page) that shows when using Internet ...

To Show or Not to Show
Hi ;) I have a DataSet where i want to check a value for each row ..then depending on the value for each row i want to show or hide something inside the datagrid ...is this possible ? cant find the right way to do it the main thing is to show or hide a label in every row of the Datagrid Thanks in advance for any help Cheers Are they associated?Loop through each item: if ( myitem(i) == whatever ) myrow(i) = "" (I assume you don't want the whole row to disappear) End LoopPicky Yes they are associated .... In the database theres a field witch is True or False ....the DataSet is the DataGrid DataSource then i want the DataGrid specific columm for every Row to show the label if its True or hide if its False Thanks so much People ....i really need help on this .. Please can anyone give me a hand Thanks If you place code in the ItemDataBound event (See MSDN), then you can decide for each row whether to show the column or not based on a test of the dataset value. If you are trying to hide the entire row, you can either use a where clause in your select to remove those rows which are false or use the DataTable filter.Joe Brinkman Hi :) Looks like i didnt explain very well what i want to do ... Its more like this ..i have a label for each row of the DataGrid ..but depending on the result that the DataSet has ..in this case True or False ..the labels will be visible or not ...that will make the DataGrid ...

google notes
Name: Product: Firefox Summary: google notes Comments: I was tricked into upgrading to 3.6... how do I get back to 3.5x so I can run google notes! Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 (.NET CLR 3.5.30729) From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender for them to see it. ...

Query works in 'test query' but refuses to show up in the datagrid on a web page
Hey, i've written a query to search a database dependant on variables chosen by user etc etc. Opened up a new sqldatasource, entered the query shown below and went on to the test query page. Entered some test variables, everything works as it should do. Try to get it to show in a datagrid on a webpage - nothing. No data shows.   SELECT dbo.DERIVATIVES.DERIVATIVE_ID, count(*) AS Matches FROM dbo.MAKES INNER JOIN dbo.MODELS ON dbo.MAKES.MAKE_ID = dbo.MODELS.MAKE_ID INNER JOIN dbo.DERIVATIVES ON dbo.MODELS.MODEL_ID = dbo.DERIVATIVES.MODEL_ID INNER JOIN dbo.[VALU...

Google maps only show street names (doesn't show drawn streets) when printed.
Name: Conrad Schneiker Email: conraddotschneikeratgmaildotcom Product: Gran Paradiso Summary: Google maps only show street names (doesn't show drawn streets) when printed. Comments: Example: http://maps.google.com/maps?ie=UTF8&oe=utf-8&client=firefox-a&q=trader+joes,&near=Tucson,+AZ&fb=1&view=map&cd=1&hl=en The print preview looks fine (which is why I'm guessing this is a FF issue), but drawn streets (vs street names) don't show up on the actual printout. This always worked fine before (and still works with the latest IE using same ...

SN show notes
It seems that the show notes are empty on most of the recent episodes of SN at the twit site... for example: If you go to this page: http://twit.tv/show/security-now/433 and click on the link to show notes (in the Wiki): http://wiki.twit.tv/wiki/Security_Now_433 you discover that the page is empty. I didn't check more than half a dozen recent shows but they are empty too. Perhaps it should link to Steve's hosted show notes? On 05.12.2013 19:43, Kerry Liles wrote: > It seems that the show notes are empty on most of the recent episodes of > SN at the twit site...

show plan query.
Hi, I am new to sybase. I need to monitor the performance of my stored procedure. My doubt is when I run the show plan for a stored procedure which takes arguments , the i/o cost for those statements which are present in the conditional block like ( if ) are also computed even if my supplied arguments doesn't evaluate to true for the conditional block. Does the show plan NOT bother about the arguments being passed ? It is the same irrespective of the arguments being passed to stored procedure ? One strength of using stored procs is the ability to compile the proc once (initial ...

Google Reader does not show up
Name: Erik Nomitch Email: enomitchatgmaildotcom Product: Gran Paradiso Summary: Google Reader does not show up Comments: 3 beta 3 kills the content on Google Reader. Only my list and searchbar shows, no stories. On 3 beta 3 and Linux. Browser Details: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9b3) Gecko/2008020513 Firefox/3.0b3 ...

Google toolbar not showing up
Name: Email: likealidatyahoodotcom Product: Firefox Summary: Google toolbar not showing up Comments: There is a space for where toolbar should be, it's checked in view but it's not showing up. Forums don't have any helps, only to go to previous version. help. Thanks. Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2b4) Gecko/20091124 Firefox/3.6b4 GTB5 From URL: http://hendrix.mozilla.org/ Note to readers: Hendrix gives no expectation of a response to this feedback but if you wish to provide one you must BCC (not CC) the sender f...

re show notes???
I was not aware there was a wiki. I must have missed the link to the wiki with Steve in the podcast mentioning "grc.com/securitynow" which is now only a partial list. Ok I will look at the wiki. ...

sugg : show # queries
What about showing a running count of the number queries to each server as part of the "tabular data" tab ? -- N. On Sun, 14 Jun 2009 14:43:41 +0000 (UTC), Ninho wrote: >What about showing a running count of the number queries to each server >as part of the "tabular data" tab ? GMTA! But I was thinking in the mouse-over popup and not necessarily real time. Now, we have to save the CSV to see 29-of-30 reliability. Bill -- Bill_MI - Bill in Michigan Expert Opinions $20, Shut-Up $50 [for the unabridged version, see Ninho post above] > ...

query to show duplicates
mytable      fld1 int     primkey                  fld2 varchar(20),                  fld3 varchar(20)From the definition of the above table, how do i do i modify my below query to only select the rows with duplicates in fld2.  I know a groupby with a having count will display the duplicates for a given field, but i want my query to see all the f...

Records are not showing up after insert query...
Hi, I am writing an application that uses C#, tableadapters and SQL Server Compact Edition. I have created an Insert query method using the TableAdapter Query Configuration Wizard. When I run my app, the Insert query is fired with no errors, but the records do no show up in the database. I have run the debugger and the Insert query is getting all the data it needs (no empty rows or fields), so I'm not sure what is going on here. I normally use stored procedures, but SQL Server Compact Edition only allows SQL statements. Thanks Current Sites:BestMatchComputers - Find great deals on ...

Notes in contacts do not show up in Outlook
Hi, One of my users is having an issue with not being able to view the notes they have entered for a contact when using Outlook 2K3. If I look at the contacts under GWC, the notes are there. Has anyone else encountered this? How do I resolve this? Thanks, Ed -- edelrincon ------------------------------------------------------------------------ Ed, It appears that in the past few days you have not received a response to your posting. That concerns us, and has triggered this automated reply. Has your problem been resolved? If not, you might try one of the fo...

how do i show arguments on a null query
I really need help guys, new to this powerbuilder thing, I just need to show at the top of the report that the arguments that they entered returned nothing, but powerbuilder won't touch anything, computed fields, even the date field, unless something is returned on the query....I'm here checking if any of you can drop a quick note...thanks in advance ---== Posted via the PFCGuide Web Newsreader ==--- http://www.pfcguide.com/_newsgroups/group_list.asp Have a datastore object using the same datawindow on the screen. Always retrieve the datastore and if rowcount is greater than 0...

DBI FAQ
Just an FYI - not knowing off-the-top-of-my-head where the Perl DBI FAQ is located, I went to google and searched for perl dbi faq and did NOT find anything starting with http://perlxml.net/fom-serve. In fact, the only reason I know that the DBI FAQ is at http://perlxml.net/fom-serve/cache/1.html is because I just saw a post from Michael Chase with a link to a few FAQ pages. Is there something that can be done to make that site *more* index and search friendly, so that engines like google can index it? It is currently *NOT* easy to find, especially since google does bring up...

Web resources about - Show Notes URIs = Google Queries - grc.securitynow

Notes and Queries - Wikipedia, the free encyclopedia
it is now published by Oxford University Press . The journal was originally subtitled "a medium of inter-communication for literary men, artists, ...

How Does Facebook Handle Graph Search Queries In A Timely Fashion?
How is Facebook able to quickly process the sort of queries about users and their friends generated by features such as Graph Search , despite ...

Facebook tests ad placements on Graph Search results page, not related to queries
Facebook began a small test today that inserts FBX and Marketplace ads between pages of Graph Search results, a spokesperson tells us. These ...

faroo_p2p: Six month after launch the FAROO Search API http://t.co/RQlyOBZC serves 24 million queries/month ...
faroo_p2p: Six month after launch the FAROO Search API http://t.co/RQlyOBZC serves 24 million queries/month. A tenfold increase in the last month. ...

App Store - IDdx: Infectious Disease Queries
Get IDdx: Infectious Disease Queries on the App Store. See screenshots and ratings, and read customer reviews.

Michael Jackson queries - Google - Flickr - Photo Sharing!
Explore Search Engine Land's photos on Flickr. Search Engine Land has uploaded 1714 photos to Flickr.

'Safari UniBar' Brings Searches and Web Queries to One Unified Bar - YouTube
Retweet: http://clicktotweet.com/27wfR Name: Safari UniBar Description: Combined web queries and search from one bar, just like Google Chrome. ...

Spaced out: NASA denies world's end as queries skyrocket
LOS ANGELES: If there's one US government body really looking forward to December 22, it's NASA. The space agency said it had been flooded with ...

Virgin queries Qantas on Tasman
Virgin Australia has urged the competition regulator to stop Qantas and Emirates from forming an alliance on the trans-Tasman route unless there ...

Firefox 14 protects search queries from 'bad guys,' not advertisers
Firefox 14 protects search queries from 'bad guys,' not advertisers Australian Macworld However, search engine guru Danny Sullivan from Search ...

Resources last updated: 3/11/2016 6:15:31 PM