Conversation

Notices

1. Embed this notice
   翠星石 (suiseiseki@freesoftwareextremist.com)'s status on Friday, 29-Sep-2023 20:34:30 JST 翠星石

   in reply to

   • Joe
   @Joe_0237 Wait till you learn about what "google analytics" and "google recaptcha" does.
   
   Thankfully there is free software that can extract documents from "google docs", but I don't think there are Haketilo scripts that allow for editing.
   
   I would recommend Etherpad instead, you just need to be careful to use a non-proprietary instance.
   • Embed this notice
     Joe (joe_0237@fosstodon.org)'s status on Friday, 29-Sep-2023 20:34:31 JST Joe

     Today I found out that google docs infects html exports with spyware, no scripts, but links in your document are replaced with invisible google tracking redirects. I was using their software because a friend wanted me to work with him on a google doc, he is a pretty big fan of their software, but we were both somehow absolutely shocked that they would go that far.

     Haelwenn /элвэн/ :triskell: likes this.
     Haelwenn /элвэн/ :triskell:, novatorine 🏴🏳️‍⚧️ and Alexandre Oliva repeated this.
   • Embed this notice
     tyil (tyil@fedi.tyil.nl)'s status on Sunday, 01-Oct-2023 21:35:13 JST tyil

     in reply to

     • Joe

     @Joe_0237@fosstodon.org Damn, the company that made tracking its core business adds tracking to literally everything they can? Who would've expected that!

     翠星石 likes this.
   • Embed this notice
     Joe (joe_0237@fosstodon.org)'s status on Sunday, 01-Oct-2023 21:35:14 JST Joe

     in reply to

     Google Docs exports automatically infected with tracking links:

     txt - unaffected
     html + AFFECTED
     odt - unaffected
     pdf - unaffected
     epub + AFFECTED
     rtf - unaffected
     docx - unaffected

     sample web html <a> tag:
     <a class="c4" href="https://www.google.com/url?q=https://wikimediafoundation.org/&amp;sa=D&amp;source=editors&amp;ust=1696089933805520&amp;usg=AOvVaw2ypOvslXzoEGwdryv4bFyJ">https://wikimediafoundation.org/</a>

     sample epub xhtml <a> tag:
     <a class="c5" href="https://www.google.com/url?q=https://wikimediafoundation.org/&amp;sa=D&amp;source=editors&amp;ust=1696087392161966&amp;usg=AOvVaw1v4xpIFWD9GYkMFifXd1uo">https://wikimediafoundation.org/</a>

     Haelwenn /элвэн/ :triskell: and NeonPurpleStar :heart_bi: like this.
     To-BOO-as HELL-gren repeated this.
   • Embed this notice
     Bø!rge (forteller@tutoteket.no)'s status on Thursday, 05-Oct-2023 19:17:07 JST Bø!rge

     in reply to

     • Ron Gilbert #KamalaHarris
     • Joe

     @grumpygamer This is a huge annoyance for me too! I've asked about it many time, without getting any satisfactory answer. Saying cryptpad is a good alternative for example is ridiculous. I use it personally, but it's just not good enough for collaborations.

     The closest thing I've found is Zoho. It is good, but any and all collaborators needs to have an account, which pretty much makes it useless. Haven't tried Notion, though, I should give that a shot.
     @Joe_0237

   • Embed this notice
     Ron Gilbert #KamalaHarris (grumpygamer@mastodon.gamedev.place)'s status on Thursday, 05-Oct-2023 19:17:09 JST Ron Gilbert #KamalaHarris

     in reply to

     • Joe

     @Joe_0237 Google docs is the only thing I still have to use from Google. What is a good web based alternative? I have yet to find one that isn't just a simple online notepad. I need a full featured editor and spreadsheet. I need something that non-technical people can collaborate with me by clicking on a link. I'm happy to pay for it.

   • Embed this notice
     Joe (joe_0237@fosstodon.org)'s status on Thursday, 05-Oct-2023 23:00:36 JST Joe

     in reply to

     For those unfamiliar with html: the href section, everything between href=" and "> is the real link, and the section between > and </a> is the display text

     This html feature is useful so that a link can display as smething like "Read more", "Profile", "Wiki" etc, but in this case it is misused.

     Google tracks people that are not using any of their products by adding hidden tracking links to exports without designer knowledge or end user consent.

   • Embed this notice
     Joe (joe_0237@fosstodon.org)'s status on Saturday, 07-Oct-2023 02:47:45 JST Joe

     in reply to

     #collaboraoffice is excellent free alternative to Googles collaborative office technology, its based on Libre Office technology, #collabora is the largest contributor to #libreoffice and does a lot of other good for #freesoftware . You can install it super easy if you have a #nextcloud instance, or if you use a nice cloud host, or for no charge if you want to learn some systems administration and use your own hardware.

     novatorine 🏴🏳️‍⚧️ repeated this.
   • Embed this notice
     Joe (joe_0237@fosstodon.org)'s status on Saturday, 07-Oct-2023 02:47:59 JST Joe

     in reply to

     • CryptPad
     • Jennifer Moore

     @unchartedworlds and @cryptpad recommend CryptPad for collaborative document editing
     https://cryptpad.org/

   • Embed this notice
     Joe (joe_0237@fosstodon.org)'s status on Saturday, 07-Oct-2023 18:05:01 JST Joe

     in reply to

     • Mark T. Tomczak
     • Ville Takanen

     @mark an ads and tracking firm puts unique codes on a redirect wrapper on exports from their product, that a malicious user can simply delete, not to track anyone, but to protect users from web publishers who want to push malicious links to other malicious sites, but don't know how to operate a text editor to fix the link or how to program their website.

     That sounds much more plausible now that you say it ...
     Seriously tho, the idea from @villetakanen that its a bug makes a lot more sense.

     翠星石 likes this.
   • Embed this notice
     Mark T. Tomczak (mark@mastodon.fixermark.com)'s status on Saturday, 07-Oct-2023 18:05:02 JST Mark T. Tomczak

     in reply to

     • Joe

     @Joe_0237 That's not a tracking link; it's a redirect notice.

     As ridiculous as it may sound to non-normies, Google added a feature ages ago where they warn a user when a link is about to go outside Google Drive (or, in the case of a corporate acount, outside the corporate intranet as configured in Google Apps). That feature is implemented by salting links in a doc with redirect wrappers.

     Why? Because users can't tell the difference, so sending someone a legit document that looks like it links to an internal company page but actually links to a third party proved to be an attack vector. One that needed to be defended against.

     (Yes, hypothetically they can be harvesting the redirect visits for link-out-following information. But that's not the primary purpose or the reason these links exist. They exist to pop up this page so that users have a moment to realize that the link they just clicked on isn't going to login.corpsite.org, it's going to login.hackers-steal-yo-creds.com)

   • Embed this notice
     fenix (librebits@masto.nobigtech.es)'s status on Monday, 09-Oct-2023 01:55:42 JST fenix

     in reply to

     • Joe

     @Joe_0237 happy #1984

     Alexandre Oliva likes this.