Feeds

New service hamstrings Google data hoarding

All your searches aren't belong to us

Beginner's guide to SSL certificates

Alarmed by the vast amount of personal information Google collects from its users, a hacker has unveiled an anonymization service that prevents the internet giant from tracking searches and websites visited by a specific individual.

Dubbed GoogleSharing, the anonymizing proxy service is designed exclusively for communications with Google. It mixes together requests from many different users so the search engine's data collectors are unable to tell where they originate.

"Google thrives where privacy does not," GoogleSharing creator Moxie Marlinspike wrote in announcing the service. "If you're like most internet users, Google knows more about you than you might be comfortable with."

This is often the case even when users aren't logged in to a given Google account. In addition to every search query an individual has ever made, other personal details open to snooping include what search results and news articles are clicked on, every destination ever looked up on Google Maps and thanks to Google Analytics, many website visits that didn't involve a Google search. Those using Gmail also divulge the content of every email ever sent and received.

GoogleSharing is designed to hamstring Google's data hoarding ways for all its services that don't require a login. Using it is as simple as installing this Firefox plugin, which redirects Google-bound traffic to a proxy. There, requests are stripped of all identifying information and replaced with the details of a different GoogleSharing user. The Google response is then proxied back to the user. By sharing the identities of many different people, the requests become much harder for Google to correlate and analyze.

"The result is that you can transparently use Google search, images, maps, products, news, etc... without Google being able to track you by IP address, cookie, or any other identifying HTTP headers," Marlinspike explained. And only your Google traffic is redirected. Everything else from your browser goes directly to its destination."

The service was unveiled on Tuesday, a day after Microsoft said its competing Bing search engine would cut the amount of time it tracks user searches to just six months. Google, by contrast, holds on to searches for nine months, and even then changes only parts of the data collected while leaving the all-important cookie data alone. Last month, Google CEO Eric Schmidt said if you'd prefer your most intimate or work sensitive net activity not be tracked and retained, "maybe you shouldn't be doing it in the first place."

Marlinspike, a hacker who has identified weaknesses in the widely used SSL protocol, readily concedes that anonymizers such as Tor are more appropriate for people who want to conceal their online activities from a wide variety of actors. But those services can often be extremely slow. For those concerned only about Google, GoogleSharing makes more sense.

Marlinspike has also released the source code used by the proxy so it can be examined or used to create alternative services by others.

Of course, it's impossible for people to connect to Gmail, Google Calendar, and other services that require a login without identifying themselves, so GoogleSharing doesn't work in those situations. In such cases, the Firefox plugin simply forwards request directly to Google. Other Google services that can't be anonymized include Chat, Checkout, Sites, Docs, Photos, Reader, or Health.

Marlinspike has pledged that GoogleSharing will log absolutely nothing. All requests sent to the proxy - and all responses returned - are automatically encrypted using HTTPS, although traffic passing between the proxy and Google is often sent in the clear because Google, like most other websites, still doesn't provide universal SSL support. ®

Protecting users from Firesheep and other Sidejacking attacks with SSL

More from The Register

next story
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
China hacked US Army transport orgs TWENTY TIMES in ONE YEAR
FBI et al knew of nine hacks - but didn't tell TRANSCOM
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Protecting users from Firesheep and other Sidejacking attacks with SSL
Discussing the vulnerabilities inherent in Wi-Fi networks, and how using TLS/SSL for your entire site will assure security.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.