Feeds

New service hamstrings Google data hoarding

All your searches aren't belong to us

Secure remote control for conventional and virtual desktops

Alarmed by the vast amount of personal information Google collects from its users, a hacker has unveiled an anonymization service that prevents the internet giant from tracking searches and websites visited by a specific individual.

Dubbed GoogleSharing, the anonymizing proxy service is designed exclusively for communications with Google. It mixes together requests from many different users so the search engine's data collectors are unable to tell where they originate.

"Google thrives where privacy does not," GoogleSharing creator Moxie Marlinspike wrote in announcing the service. "If you're like most internet users, Google knows more about you than you might be comfortable with."

This is often the case even when users aren't logged in to a given Google account. In addition to every search query an individual has ever made, other personal details open to snooping include what search results and news articles are clicked on, every destination ever looked up on Google Maps and thanks to Google Analytics, many website visits that didn't involve a Google search. Those using Gmail also divulge the content of every email ever sent and received.

GoogleSharing is designed to hamstring Google's data hoarding ways for all its services that don't require a login. Using it is as simple as installing this Firefox plugin, which redirects Google-bound traffic to a proxy. There, requests are stripped of all identifying information and replaced with the details of a different GoogleSharing user. The Google response is then proxied back to the user. By sharing the identities of many different people, the requests become much harder for Google to correlate and analyze.

"The result is that you can transparently use Google search, images, maps, products, news, etc... without Google being able to track you by IP address, cookie, or any other identifying HTTP headers," Marlinspike explained. And only your Google traffic is redirected. Everything else from your browser goes directly to its destination."

The service was unveiled on Tuesday, a day after Microsoft said its competing Bing search engine would cut the amount of time it tracks user searches to just six months. Google, by contrast, holds on to searches for nine months, and even then changes only parts of the data collected while leaving the all-important cookie data alone. Last month, Google CEO Eric Schmidt said if you'd prefer your most intimate or work sensitive net activity not be tracked and retained, "maybe you shouldn't be doing it in the first place."

Marlinspike, a hacker who has identified weaknesses in the widely used SSL protocol, readily concedes that anonymizers such as Tor are more appropriate for people who want to conceal their online activities from a wide variety of actors. But those services can often be extremely slow. For those concerned only about Google, GoogleSharing makes more sense.

Marlinspike has also released the source code used by the proxy so it can be examined or used to create alternative services by others.

Of course, it's impossible for people to connect to Gmail, Google Calendar, and other services that require a login without identifying themselves, so GoogleSharing doesn't work in those situations. In such cases, the Firefox plugin simply forwards request directly to Google. Other Google services that can't be anonymized include Chat, Checkout, Sites, Docs, Photos, Reader, or Health.

Marlinspike has pledged that GoogleSharing will log absolutely nothing. All requests sent to the proxy - and all responses returned - are automatically encrypted using HTTPS, although traffic passing between the proxy and Google is often sent in the clear because Google, like most other websites, still doesn't provide universal SSL support. ®

New hybrid storage solutions

More from The Register

next story
Google recommends pronounceable passwords
Super Chrome goes into battle with Mr Mxyzptlk
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
Snowden, Dotcom, throw bombs into NZ election campaign
Claim of tapped undersea cable refuted by Kiwi PM as Kim claims extradition plot
Reddit wipes clean leaked celeb nudie pics, tells users to zip it
Now we've had all THAT TRAFFIC, we 'deplore' this theft
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
TorrentLocker unpicked: Crypto coding shocker defeats extortionists
Lousy XOR opens door into which victims can shove a foot
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.