Informed consent information page

What is the purpose of this document?

This tool is part of research being conducted at the University of Illinois at Chicago. As we are collecting information regarding your use of this tool, this research falls under the purview of the Institutional Review Board, an entity which verifies that the risk of participating in research, even if minimal, is well managed and in line with potential gains. This page outlines information about what data we will collect from you, how that data will be used, and your rights as a research subject.

Do I have to consent to being a research subject to use this tool?

No. This project consists of two related but separate components. The first component consists of tools meant to help users improve their security posture and educate them about risks associated with online storage. These tools are offered as a free service to Internet users without any requirement to participate in research. The second component collects aggregate statistical information regarding use of these tools along with survey responses regarding users understanding/use of these tools. This latter part qualifies as research on human subjects, and thus is subject to human subjects oversight.

If you do not consent to collection of non-personal data regarding your use of this tool, you may opt out of participation at any time. All functionality will still exist. We encourage users to consent to our use of this information, as it has been fully anonymized and helps us improve the accuracy of the tool.

What are you asking me to do?

To participate in this study, we will (1) ask for access to your gmail account, allowing us to run our tool. We will then present to you a list of private informations that we have found. If you choose to use the account redaction tool, we will let you choose which information you wish to ``redact'' from your permanent email storage. This process will modify the stored mail message on Google's servers, guaranteeing that a malicious user can no longer access this information.

What information are you collecting?

We are collecting aggregate statistical information regarding people's re-use of passwords, their desire for passwords and other private information to be redacted from their cloud-based email storage, and the frequency with which these types of information occur in cloud-based email storage. Most importantly, we do NOT store your name, your email address, or any of your private information. All recorded information is associated with an anonymous identifier which we cannot link back to your account name or other private information. For each subject that agrees to participate in the redaction tool research, we will record whether that subject chooses to redact a given password, and whether that password was the same across multiple accounts. For account theft audit subjects, we will record the hypothetical value of their account to attackers, how many accounts we found that are associated with this email account, and how many sites they have signed up for which have insecure password storage practices.

Importantly, we will NOT record what the password was, simply that it was the same password. We will also record whether the subject expresses interest in changing their password at other sites by clicking on links to other websites that we provide. If we offer you the opportunity to remove other types of personal information (e.g. past addresses, telephone numbers, etc.), we will record how often these identifiers occur and the fact that they were removed but not the information itself. Finally, in an effort to improve our tool's accuracy and investigate the frequency of private information being emailed to end users, we will record a copy of the redacted emails with ALL personal information redacted.

How much access will you have to my Gmail account?

To conduct our study, we will request that you grant our application access to your gmail account. We will use a technology called OAuth which enables us to access one specific part of your Google account (gmail) without access to other information including your password and other Google products like Google Calendar or Google+. We necessarily need you to grant our service access to the contents of your gmail account, but no UIC personnel will EVER be able to view your email messages; due to our design, only Prof. Kanich will have the ability to override this setting. Our server will only have access to your account while you are actively using the service. After you log out, we will disable all access capability. OAuth also allows you to verify that we no longer have access to your account. You can read more about how Google allows third parties to access your account, and how you can manage this access here:

What are the risks and/or benefits of using this tool?

As with any online service, there is a malicious user can “take over” the service in question without your knowledge; although unlikely, a breach of our service would allow that user full access to the email accounts of anyone actively using our service at that moment. As detailed above, you can limit or remove our access to your account at any time. We follow security best practices and any questions about our security procedures can be directed to Prof. Kanich.

End users who participate in this research will have a better idea of which email senders are sending emails with plaintext passwords, and what passwords might have been exposed insecurely. By redacting these emails, you ensure that this private data is completely inaccessible and thus secured.

Who can participate in this study?

Any person who is not currently incarcerated, is 18 years or older, and has a gmail account can participate in this study. By agreeing to participate in this study, you attest that you are not incarcerated and are at least 18 years old. If you do not have a gmail account, you can sign up for one at While our tool does not currently function with other free email accounts, we are looking into supporting other services in the future.

What if I have questions about this study?

If you have any questions about this study, please email Professor Chris Kanich at, telephone number (312) 955-0950. You can also contact the Office for the Protection of Research Subjects at or (312) 996-1711. The protocol number is \#2012-0774.