Feeds

New service hamstrings Google data hoarding

All your searches aren't belong to us

The Essential Guide to IT Transformation

Alarmed by the vast amount of personal information Google collects from its users, a hacker has unveiled an anonymization service that prevents the internet giant from tracking searches and websites visited by a specific individual.

Dubbed GoogleSharing, the anonymizing proxy service is designed exclusively for communications with Google. It mixes together requests from many different users so the search engine's data collectors are unable to tell where they originate.

"Google thrives where privacy does not," GoogleSharing creator Moxie Marlinspike wrote in announcing the service. "If you're like most internet users, Google knows more about you than you might be comfortable with."

This is often the case even when users aren't logged in to a given Google account. In addition to every search query an individual has ever made, other personal details open to snooping include what search results and news articles are clicked on, every destination ever looked up on Google Maps and thanks to Google Analytics, many website visits that didn't involve a Google search. Those using Gmail also divulge the content of every email ever sent and received.

GoogleSharing is designed to hamstring Google's data hoarding ways for all its services that don't require a login. Using it is as simple as installing this Firefox plugin, which redirects Google-bound traffic to a proxy. There, requests are stripped of all identifying information and replaced with the details of a different GoogleSharing user. The Google response is then proxied back to the user. By sharing the identities of many different people, the requests become much harder for Google to correlate and analyze.

"The result is that you can transparently use Google search, images, maps, products, news, etc... without Google being able to track you by IP address, cookie, or any other identifying HTTP headers," Marlinspike explained. And only your Google traffic is redirected. Everything else from your browser goes directly to its destination."

The service was unveiled on Tuesday, a day after Microsoft said its competing Bing search engine would cut the amount of time it tracks user searches to just six months. Google, by contrast, holds on to searches for nine months, and even then changes only parts of the data collected while leaving the all-important cookie data alone. Last month, Google CEO Eric Schmidt said if you'd prefer your most intimate or work sensitive net activity not be tracked and retained, "maybe you shouldn't be doing it in the first place."

Marlinspike, a hacker who has identified weaknesses in the widely used SSL protocol, readily concedes that anonymizers such as Tor are more appropriate for people who want to conceal their online activities from a wide variety of actors. But those services can often be extremely slow. For those concerned only about Google, GoogleSharing makes more sense.

Marlinspike has also released the source code used by the proxy so it can be examined or used to create alternative services by others.

Of course, it's impossible for people to connect to Gmail, Google Calendar, and other services that require a login without identifying themselves, so GoogleSharing doesn't work in those situations. In such cases, the Firefox plugin simply forwards request directly to Google. Other Google services that can't be anonymized include Chat, Checkout, Sites, Docs, Photos, Reader, or Health.

Marlinspike has pledged that GoogleSharing will log absolutely nothing. All requests sent to the proxy - and all responses returned - are automatically encrypted using HTTPS, although traffic passing between the proxy and Google is often sent in the clear because Google, like most other websites, still doesn't provide universal SSL support. ®

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Brit celebs' homes VANISH from Google's Street View
Tony Blair's digs now a Tone-y Blur
UK's emergency data slurp: IT giants panicked over 'legal uncertainty'
PM says rushed-through DRIP law will 'plug holes' in existing legislation
Doctor Who season eight scripts leak online
BBC asks fans to EXTERMINATE copies before they materialise
Snowden leaks latest: NSA, FBI g-men spied on Muslim-American chiefs
US Navy veteran? Lawmaker? Academic? You're all POTENTIAL TERRORISTS
Computing student jailed after failing to hand over crypto keys
Sledgehammer once again used to crack a nut
That 'wiped' Android phone you bought is stuffed with NAKED SELFIES – possibly
Infosec bods sound alarm after copping eyefuls of nudie pics
Russian MP fears US Secret Service cuffed his son for Snowden swap
Seleznev Jnr is 'prolific trafficker in stolen credit card data', it is alleged
Adobe Flash: The most INSECURE program on a UK user's PC
XML a weak spot, but nothing's as dire as Adobe player
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
The Power of One eBook: Top reasons to choose HP BladeSystem
Only the Power of One delivers leading infrastructure convergence, availability and scalability with federation, and agility through data center automation.
Securing Web Applications Made Simple and Scalable
Learn how automated security testing can provide a simple and scalable way to protect your web applications.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.