// you’re reading...

Software

Latest GSpace doesn’t really require GMail.. (GMail as an anonymous File Relay)

By john October 9, 2006 Post a comment

This is probably very obvious but I was installing the latest version of Gmail Space today - 0.5.1 - ( a FireFox extension for accessing GMail as a filestore in the browser, get it here: http://www.rjonna.com/ext/gspace.php ) and came across some interesting and most likely unintended functionality.

You can use your own arbitrary email address as GSpace storage. This latest release (and possibly others, have not tested) seems to communicate with GMail in a way that relays the data via the GMail SMTP servers and back and forth to your personal server. It appears actually to proxy the login over to the specified server, without any valid gmail credentials..

Pretty simple stuff actually, when you configure it, instead of giving it your gmail address simply give it your personal email address and password. GSpace communicates with GMail which then relays the mail to your personal account. When retrieving it does the same and somehow pulls the content back over. Note that the connection to the 3rd party server comes from GMail, not the connecting client.

My GMail account stays empty (since I never gave it my account id) but my personal email account gets the files as per the screencaps. The connection to the 3rd part mailserver comes from GOOGLE and not from my desktop PC.

Last oddity, if I delete the file from GSpace it does NOT remove it from my server but it is unavailable in GSpace (it must be keeping an internal counter?). If I delete from my email it STILL shows in GSpace(It seems to be caching the files locally).

Some security implications of this would be things like large scale piracy. Someone sets up an SMTP server, distributes the file drop information (login info for an email account on the mail server) and that data is transferred anonymously via GMail with no audit trail. Google can’t look for it since the data is NOT ON THEIR SERVER but thousands of people around the world can easily access the pirated data and be anonymized at the Google GMail SMTP gateway.

Anyone know why Google would be relaying data like this? Seems ripe for abuse… I may be missing something obvious but it feels wrong to me.

Some photos and logfiles



Webmail Contents
This is the contents of my PERSONAL email account (webmail interface)



Thunderbird Contents
GSpace files in Thunderbird via IMAP




Webmail Contents
Capture of the config screen for GSpace, note that its my PERSONAL account login information.


GSpace Contents
Screen capture of the contents of GSpace.


Here is my mailserver log. Note that the connection is coming FROM Gmail, not from my office ISP. My personal identity is not compromised in this workflow from a Gmail/GSpace perspective, I am totally anonymous to the 3rd party mailserver(my own in this case).



# host 64.233.166.178
178.166.233.64.in-addr.arpa domain name pointer py-out-1112.google.com.


9 17:35:14.00:Info:218318848: Adding (X-IP-stats: Incoming Last 0, First 244, in=51, out=0, spam=0)
17:35:14.00:Info:218318848: Adding (X-External-IP: 64.233.166.178)
17:35:14.00:Info:218318848: check friends
17:35:14.00:Info:218318848: friend: ok
17:35:14.00:Info:218318848: process exceptions
17:35:14.00:Info:218318848: friend: processed
17:35:14.00:Info:218318848: process centipaid
17:35:14.00:Info:218318848: Rename
17:35:14.00:Info:218318848: Hashed maildir path is (xxxx)
17:35:14.00:Info:218318848: UTOTAL: NEW 0xf53b5d0 nref=1 n=0 (global=231)
17:35:14.00:Info:218318848: fld_lock: (INBOX) msg.c:6995
17:35:14.00:Info:218318848: fld_lock_user siberian.org#siberian#_INBOX
17:35:14.00:Info:218318848: fld_slib_unlock_user now (siberian.org#siberian#_INBOX)
17:35:14.00:Info:218318848: fld_unlock_user siberian.org#siberian#_INBOX
17:35:14.00:Info:218318848: slib_unlock n=0 f=0
17:35:14.00:Info:218318848: UTOTAL: FREE 0xf53b5d0 nref=0 n=0 (global=231)
17:35:14.00:Info:218318848: msg: [4629097] Stored: 64.233.166.178 <479ffcd60610091739l4f8a9000y74058311dd1d29f7@mail.gmail.com> “Stored locally”
17:35:14.00:Info:218318848: msg: deliver locals done 1 Deliver locals
17:35:14.00:Info:218318848: msg: dsn send (delivered)

[?]

Discussion

One comment for “Latest GSpace doesn’t really require GMail.. (GMail as an anonymous File Relay)”

  1. test

    Posted by john | October 3, 2007, 12:01 am

Post a comment

Bird on UmbrellaRace DayMisc Caye in BelizeFin!