Ich habe heute einem Kunden in Deutschland ein geschäftliches Email geschickt mit mehreren Links darin. Der Kunde hat anschliessend auf das Email geantwortet. Darin sehen die URLs plötzlich wie folgt aus:
Google weiss also ganz genau, wer wann wem welche Mails geschickt hat, welche Links man empfohlen und wer auf welche Links geklickt hat…
source = gmail-imap zeigt, woher die Information stammt
ust = 1764835662000000 scheint eine UNIX Epoch in Mikrosekunden zu sein. Das Mail wurde um 09:07:34+01:00 verschickt, der Zeitstempel ist eine Woche (7 Tage) und 8 Sekunden später. Wahrscheinlich handelt es sich dabei um einen Ablauf-Zeitstempel oder Quarantäne-Zeitstempel (1764835662 = 2025-12-04 09:07:42).
usg = AOvVaw2sc2ixm97UmG8BMoTisw-I wird ein universell eindeutiger Hash sein.
Wollen wir, dass Google weiss, was wir da tun?
Frag die KI
Zum Spass wollte ich von Googles KI Gemini wissen, was sie darüber weiss?
Oli: “whats stands ust for in google urls”
Gemini: “The parameter ust in certain Google URLs (particularly those used for tracking redirects from services like Gmail) likely stands for a type of hash or time-based token used for security and tracking purposes.
It is often described as a required parameter that is generated by Google.
While it has a structure that looks like a Unix timestamp (in microseconds), altering its value often results in a redirect notice, suggesting it functions as a validation token rather than just a simple time reference.
In the context of the URL parameters used for redirecting and tracking clicks, the ust parameter helps ensure the link is legitimate and hasn’t been tampered with. It’s part of a mechanism that also includes other parameters like usg (a different hash) and the destination url.”
und weiter
oli: “what kind of uuid is this AOvVaw2sc2ixm97UmG8BMoTisw-I”
Gemini: “The string AOvVaw2sc2ixm97UmG8BMoTisw-I is not a standard UUID (Universally Unique Identifier) as defined by RFC 4122. Standard UUIDs have a specific format, typically looking like xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx (with M and N indicating the version and variant, respectively, and consisting only of hexadecimal characters and hyphens).
Instead, this string is most likely a Base64-encoded, URL-safe version of a 128-bit or 256-bit unique identifier commonly used by Google services for things like:
- Internal IDs or Keys: Used for identifying specific resources, accounts, or sessions within Google’s distributed systems.
- Encrypted or Hashed IDs: It could be a unique value (like a standard UUID) that has been hashed or encrypted and then encoded using Base64.
Base64 Encoding: The use of uppercase and lowercase letters, numbers, and the hyphens (-) and underscores (_) (though only a hyphen is visible here) is characteristic of URL-safe Base64 encoding, which replaces the standard Base64 characters + and / (which are problematic in URLs) with - and _.
🔑 Why it’s Not a Standard UUID
A standard version 4 UUID, for example, is 36 characters long (32 hex characters plus 4 hyphens) and uses only hexadecimal characters (0-9, a-f). Standard UUID v4 Example: 91ff8c0a−8c72−4f8d−b1b0−e85957d40c16
The provided string AOvVaw2sc2ixm97UmG8BMoTisw-I is 28 characters long and contains non-hexadecimal characters like ‘A’, ‘O’, ‘V’, ‘W’, ’s’, ‘i’, ‘x’, ’m’, ‘U’, ‘G’, ‘B’, ‘T’, ‘I’.
In summary, it’s a proprietary unique identifier format utilized by large-scale systems like Google’s, optimized for compact representation in URLs.”
und zum Schluss noch:
Oli: “what stores google under this hash AOvVaw2sc2ixm97UmG8BMoTisw-I”
Gemini: “Google does not publicly disclose the specific information stored under proprietary internal identifiers like AOvVaw2sc2ixm97UmG8BMoTisw-I.
However, based on its format and use in Google’s systems, the unique ID likely points to a specific internal resource or record within a Google service, such as:
- A specific user account or session ID: Used to tie an action back to a particular user or a browser session, potentially hashed or encrypted for privacy.
- A service entity or object: This could be an ID for a file in Google Drive, a video on YouTube, a specific ad campaign, or a resource in Google Cloud.
- A system-generated token: Used for security, validation, or cross-service communication (like an OAuth token or a state token).”