Feeds

New service hamstrings Google data hoarding

All your searches aren't belong to us

Beginner's guide to SSL certificates

Alarmed by the vast amount of personal information Google collects from its users, a hacker has unveiled an anonymization service that prevents the internet giant from tracking searches and websites visited by a specific individual.

Dubbed GoogleSharing, the anonymizing proxy service is designed exclusively for communications with Google. It mixes together requests from many different users so the search engine's data collectors are unable to tell where they originate.

"Google thrives where privacy does not," GoogleSharing creator Moxie Marlinspike wrote in announcing the service. "If you're like most internet users, Google knows more about you than you might be comfortable with."

This is often the case even when users aren't logged in to a given Google account. In addition to every search query an individual has ever made, other personal details open to snooping include what search results and news articles are clicked on, every destination ever looked up on Google Maps and thanks to Google Analytics, many website visits that didn't involve a Google search. Those using Gmail also divulge the content of every email ever sent and received.

GoogleSharing is designed to hamstring Google's data hoarding ways for all its services that don't require a login. Using it is as simple as installing this Firefox plugin, which redirects Google-bound traffic to a proxy. There, requests are stripped of all identifying information and replaced with the details of a different GoogleSharing user. The Google response is then proxied back to the user. By sharing the identities of many different people, the requests become much harder for Google to correlate and analyze.

"The result is that you can transparently use Google search, images, maps, products, news, etc... without Google being able to track you by IP address, cookie, or any other identifying HTTP headers," Marlinspike explained. And only your Google traffic is redirected. Everything else from your browser goes directly to its destination."

The service was unveiled on Tuesday, a day after Microsoft said its competing Bing search engine would cut the amount of time it tracks user searches to just six months. Google, by contrast, holds on to searches for nine months, and even then changes only parts of the data collected while leaving the all-important cookie data alone. Last month, Google CEO Eric Schmidt said if you'd prefer your most intimate or work sensitive net activity not be tracked and retained, "maybe you shouldn't be doing it in the first place."

Marlinspike, a hacker who has identified weaknesses in the widely used SSL protocol, readily concedes that anonymizers such as Tor are more appropriate for people who want to conceal their online activities from a wide variety of actors. But those services can often be extremely slow. For those concerned only about Google, GoogleSharing makes more sense.

Marlinspike has also released the source code used by the proxy so it can be examined or used to create alternative services by others.

Of course, it's impossible for people to connect to Gmail, Google Calendar, and other services that require a login without identifying themselves, so GoogleSharing doesn't work in those situations. In such cases, the Firefox plugin simply forwards request directly to Google. Other Google services that can't be anonymized include Chat, Checkout, Sites, Docs, Photos, Reader, or Health.

Marlinspike has pledged that GoogleSharing will log absolutely nothing. All requests sent to the proxy - and all responses returned - are automatically encrypted using HTTPS, although traffic passing between the proxy and Google is often sent in the clear because Google, like most other websites, still doesn't provide universal SSL support. ®

Remote control for virtualized desktops

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Meet OneRNG: a fully-open entropy generator for a paranoid age
Kiwis to seek random investors for crowd-funded randomiser
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Reducing the cost and complexity of web vulnerability management
How using vulnerability assessments to identify exploitable weaknesses and take corrective action can reduce the risk of hackers finding your site and attacking it.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.