Cloudsweeper is a research project being conducted by Peter Snyder and Chris Kanich at the University of Illinois at Chicago. We provide tools to help users understand and control their risks online while also conducting research to better understand those risks at a systemic level. At this site, you can both use these tools as well as participate in the research project. Please see our FAQ for more info.

Account theft audit

Securing your email account is incredibly important. What are the chances that sensitive information are stored in the email account you use every day? If you were to lose your phone, leave your computer logged in, or have your account hacked, the possible harm might extend far further than you expect.

Our account theft audit tool can help you get a handle on just how much a cybercriminal could access were they to take over your email account. This tool will scan your account and give you a visualization of how many of your accounts hackers could take over if they got access to your email account. The list might surprise you!

Cleartext password audit

Passwords are the primary authentication mechanism in use on the web. Your email account, social networking account, online banking account, and no doubt several others all rely on a password to allow you access. Combined with the fact that people tend to re-use passwords, emails like this become a severe security risk:

Your new blog has been successfully set up.



You can log in with the following information:

Username: chrisk

Password: hunter3



As part of an academic study that investigates the intersection between security and long-term cloud-based data storage, we have developed a tool to help users identify and redact private information. By using this tool, you can preserve the useful but non-sensitive text of an email like that pictured above while removing the private information. After using our tool, the same email will still be in your archive, but will have been modified to appear like the one below. We'll give you a code to print and store in a safe place just in case you need to recover that information in the future.

Your new blog has been successfully set up.



You can log in with the following information:

Username: chrisk

Password: [wImYDaM5DBJZqgLrSYekjQ== ZmwDVbzid7+7LQ6R3uDj+xPnDt1nuxEFDJTxhKPh5T0=]

This process protects you as a user in the case of an attacker who gains access to your account, an attacker who can eavesdrop on your Internet session while reading email, or even someone who borrows your laptop while you aren’t looking and starts digging around.

Using these tools should take between three and 30 minutes. The tool will request access to your email account, and then present to you what we think are private pieces of information that you might not want to keep around in your email account (like the example above). We will then allow you to either encrypt or permanently remove all plaintext passwords stored in your account, making it more safe in the event of an account compromise. We are collecting non-personal data about some peoples' use of this tool as part of our research project. You may be asked to participate in this study. If you consent to participate in the study, we will only collect non-personal information about the amount and type of information found and redacted, and NEVER keep any of your personally identifiable information.