Feeds

New service hamstrings Google data hoarding

All your searches aren't belong to us

Build a business case: developing custom apps

Alarmed by the vast amount of personal information Google collects from its users, a hacker has unveiled an anonymization service that prevents the internet giant from tracking searches and websites visited by a specific individual.

Dubbed GoogleSharing, the anonymizing proxy service is designed exclusively for communications with Google. It mixes together requests from many different users so the search engine's data collectors are unable to tell where they originate.

"Google thrives where privacy does not," GoogleSharing creator Moxie Marlinspike wrote in announcing the service. "If you're like most internet users, Google knows more about you than you might be comfortable with."

This is often the case even when users aren't logged in to a given Google account. In addition to every search query an individual has ever made, other personal details open to snooping include what search results and news articles are clicked on, every destination ever looked up on Google Maps and thanks to Google Analytics, many website visits that didn't involve a Google search. Those using Gmail also divulge the content of every email ever sent and received.

GoogleSharing is designed to hamstring Google's data hoarding ways for all its services that don't require a login. Using it is as simple as installing this Firefox plugin, which redirects Google-bound traffic to a proxy. There, requests are stripped of all identifying information and replaced with the details of a different GoogleSharing user. The Google response is then proxied back to the user. By sharing the identities of many different people, the requests become much harder for Google to correlate and analyze.

"The result is that you can transparently use Google search, images, maps, products, news, etc... without Google being able to track you by IP address, cookie, or any other identifying HTTP headers," Marlinspike explained. And only your Google traffic is redirected. Everything else from your browser goes directly to its destination."

The service was unveiled on Tuesday, a day after Microsoft said its competing Bing search engine would cut the amount of time it tracks user searches to just six months. Google, by contrast, holds on to searches for nine months, and even then changes only parts of the data collected while leaving the all-important cookie data alone. Last month, Google CEO Eric Schmidt said if you'd prefer your most intimate or work sensitive net activity not be tracked and retained, "maybe you shouldn't be doing it in the first place."

Marlinspike, a hacker who has identified weaknesses in the widely used SSL protocol, readily concedes that anonymizers such as Tor are more appropriate for people who want to conceal their online activities from a wide variety of actors. But those services can often be extremely slow. For those concerned only about Google, GoogleSharing makes more sense.

Marlinspike has also released the source code used by the proxy so it can be examined or used to create alternative services by others.

Of course, it's impossible for people to connect to Gmail, Google Calendar, and other services that require a login without identifying themselves, so GoogleSharing doesn't work in those situations. In such cases, the Firefox plugin simply forwards request directly to Google. Other Google services that can't be anonymized include Chat, Checkout, Sites, Docs, Photos, Reader, or Health.

Marlinspike has pledged that GoogleSharing will log absolutely nothing. All requests sent to the proxy - and all responses returned - are automatically encrypted using HTTPS, although traffic passing between the proxy and Google is often sent in the clear because Google, like most other websites, still doesn't provide universal SSL support. ®

Next gen security for virtualised datacentres

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
Think crypto hides you from spooks on Facebook? THINK AGAIN
Traffic fingerprints reveal all, say boffins
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Scale data protection with your virtual environment
To scale at the rate of virtualization growth, data protection solutions need to adopt new capabilities and simplify current features.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?