The author discovered some concerning issues regarding YouTube’s handling of blocked users and Google Pixel Recorder’s leak of Gaia IDs. By blocking a user and examining the blocked list on Google’s website, the author found the obfuscated Gaia ID, which can lead to identifying the Google account. Additionally, the Pixel Recorder allowed leaking obfuscated Gaia IDs to emails through sharing recordings. By exploiting these vulnerabilities and manipulating recording titles, the author successfully avoided sending notification emails. The author reported these findings to the vendor, highlighting the severity and complexity of the issue, ultimately receiving a reward for the disclosure.
https://brutecat.com/articles/leaking-youtube-emails