If you consider that Slashdot's advertisers include the likes of Microsoft, then this list of their poster's e-mail addresses is a very valuable Google search indeed: "by * 0..1e+07 * gmail|hotmail|yahoo com|org|net on" site:slashdot.org
http://www.google.com/search?num=100&hl=en&lr=&client=safari&rls=en-us&as_qdr=all&q=%22by+*+0..1e%2B07+*+gmail%7Chotmail%7Cyahoo+com%7Corg%7Cnet+on%22+site%3Aslashdot.org&btnG=Search
Whatever address obfuscation system they are using is not being applied very consistently. |
yeah thats a pretty nasty thing to be left open!1 |
It looks like more people on /. is using Gmail than Yahoo and Hotmail. |
Or http://www.google.com/search?num=100&hl=en&lr=&client=safari&rls=en-us&as_qdr=all&q=%22by+*+0..1e%2B07+*+*+*+*+net%7Ccom%7Cjp%7Cit%7Cde%7Cedu%7Cfr%7Cnl%7Cau%7Carpa%7Cbr%7Cuk%7Cpl%7Ctw%7Cca%7Cmx%7Cse%7Cbe%7Cfi%7Ces%7Cus%7Cch%7Cdk%7Cno%7Cat%7Cru%7Cmil%7Corg+on%22+site%3Aslashdot.org&btnG=Search
Slashdot has an option to "Show your real email address without cowering behind childish anonymity or obfuscation." but I doubt many people actually selected it. My own address is presently listed in those Google results (although I have now disabled it on Slashdot)
Since obfuscation techniques are applied randomly to each shown address, you only have to look through a small sample of slashdot e-mail addresses in order to learn of all them.
Here are the techniques you have to decode:
userdomain.com `moc.user' `ta' `domain' userNOSPAMdomain.com userdomain.cLISPom minus language (LISP, COBOL, etc...) userdomainQUOTE.com minus punct userdomain...com user AT domain DOT com userNospAm.domain.com (user) (at) (domain.com) [user] [at] [domain.com] user&domain,com userdom3.14ain.com minus pi userdo[ ]n.com ['mai' in gap]
This is security by obscurity at its worst. What is the use of randomly inserting LISP or COBOL into such a lame obfuscation technique?
For those that read this far, here's the code I used. It's only two hours away from having every single e-mail on slashdot: http://pastebin.ca/309575
|
This is possibly even worse on Wikipedia. If you "Enable e-mails from other users," there is a special form that you can fill out that does not expose that user's e-mail address to you. But if you then check "Send me copies of emails I send to other users," then the e-mail address is available as plain text in the copy of the e-mail you receive.
An e-mail harvester would only have to create a dummy account and cycle through every single account, trying to send e-mails. |
The example queries of Brian Mingus and Jake's View include information about the Safari browser...
google . com/search?num=100&hl=en&lr=&__client=safari&__ etc.
It doesn't affect to the results, but Google get information about Safari clients when people click these links, and they are not Safari users ;-) |
And I am actually using Konqueror, not Safari :) I used to strip all that out, but why bother? |
I use Firefox when I can, but right now I am on the Kubuntu live cd. |
Brian can you explain the "0..1e+07" part of your search query? |
Brian, this was only related to statistics collected by Google. You can forget the issue! |
It's just an expression that says "match any number."
Technically, it's: 0..1.797693134862e+308
(Returning 17 billion docs) |