
This MIT Website Tracks Your Digital Footprint Through Gmail - Libertatea
http://newsfeed.time.com/2013/07/05/this-mit-website-tracks-your-digital-footprint-through-gmail/
======
jakeburtn
If you want to go straight to the tool:
[https://immersion.media.mit.edu](https://immersion.media.mit.edu)

------
pumainmotion
Hi, one of the team members of Immersion here. If you have any questions, I'd
be happy to answer them. Thanks for your feedback and comments!

------
agilebyte
Works great, perfectly determined which people in my workplace are programmers
and which are biologists (by giving them a different color).

Could one subvert the graph building with the following? Construct an email
address A1 that will forward emails to you from person B. Likewise, you
communicate with B through their B1. After a period of time (or n messages),
switch the pass through entity to a different email address A2 and make a rule
on the mail server to bounce the emails from B if they try to reach you at A1.
Keep using A1 with someone else.

------
lucb1e
It's odd that I have yet to see a single website that handles oauth failures
gracefully. (e.g. hitting the cancel button).

~~~
pumainmotion
Good point. We'll take care of this during our next server update. Thanks!

------
andyhmltn
Wow, this is pretty awesome. If I look at mine, you can clearly see links
between certain groups of friends / family.

------
jamestc
Interesting, but not very useful to somebody who's an avid deleter of old
e-mails. Kind of paints an odd picture.

Also, anyone else get a stuck logout&delete button after getting the data?
Ended up having to revoke access via Gmail Accounts.

~~~
pumainmotion
That's the first we've heard of that error. When the user logs out, they are
also presented with the link to revoke access via Gmail. Sorry you weren't
able to get to that page. If you want to make sure that your data is deleted,
we can do a manual delete of your metadata (if it exists on our server) for
you. Just write to us at the address on the website.

------
cryptokill
very interesting, analyzed 40k+ emails and I didn't find that much I didn't
already know. More surprised about what can be seen with just an oauth token.

~~~
eterm
It's not just any OAuth token it's a token that asks for permissions to "view
all your mail" among other things.

Most Oauth tokens won't ask for this highly elevated permission.

OAuth is not designed around Authentication, the Auth in OAuth is actually
about Authorisation. It was designed for this purpose, to authorise others to
have access to your mail, or contacts, etc. That it has been co-opted for
Authentication purposes (particularly in Oauth2) has just been a side effect.

------
aw3c2
What the ...?

Never ever share your login credentials with a third-party.

This could have been done as local open-source tool. Why is this a web app?

You can do this yourself with tools like Gephi.

~~~
eterm
It's not asking for your login credentials, it uses an oauth system and asks
for permissions.

~~~
zhemao
And plus, you know the NSA is looking at your mail anyway, so what further
harm could a bunch of MIT grad students do?

~~~
jlgaddis
I have more trust in the grad students.

------
kimlelly
Well, when you use Gmail, you must pretty much be ok with the idea of being
tracked...

