Free Republic
Browse · Search
Topics · Post Article

Skip to comments.

Firefox add-on disrupts Google data collection
ComputerWorld UK ^ | 19 April 2010 | Jeremy Kirk

Posted on 04/19/2010 1:16:59 PM PDT by ShadowAce

A computer security researcher has launched a project designed to provide people greater privacy when using Google, as the company expands the scope of data its collects about its users.



The project, called GoogleSharing, is a Firefox add-on that uses an anonymous proxy service that gives Google false information when someone uses services that don't require an account, such as its search, news, and images services, said Moxie Marlinspike , a security consultant and penetration tester with the Institute of Disruptive Studies.

Google collects a vast amount of information about its users, said Marlinspike, who gave a presentation at last week's Black Hat conference. The company collects IP (Internet protocol) addresses, search requests, browser type and more.

Google as well as other major search companies have taken steps to allay concerns over data collection, such as anonymizing parts of IP addresses held in their records after certain periods of time. But Google dictates how it anonymizes information that could potentially be collated later to profile a user, Marlinspike said.

With IP addresses, for example, Google anonymizes the last octet of the address after nine months, Marlinspike said. Some privacy advocates argue that does not go far enough. Google also uses cookies, or data files stored by a browser, to associate search queries with a particular installation of a browser on a given computer.

"The main problem is that they [Google] have a lot of data," Marlinspike said. "They do record everything. Forever. In many ways, the information they have probably paints a more complete picture of you than even your best friend would know."

So Marlinspike built GoogleSharing, an add-on for Firefox. When it is enabled, GoogleSharing detects when someone is using a Google service that doesn't need a login.

If it's a search request, for example, GoogleSharing then strips the request of its cookie. The search request is encrypted and sent to a customized proxy server.

"You get SSL [secure sockets layer] protection on your local area network for Google services that normally don't provide https:// access," Marlinspike said.

The proxy server then assigns a different yet valid Google cookie to the request and washes the requests of its original HTTP headers. The request is then sent to Google, Marlinspike said. Google returns the answer to the proxy server, which is then passed on to the client.


There are other anonymising services that provide a greater degree of privacy protection such as The Onion Router (TOR), Marlinspike said. TOR should be used for high-value searches, he said.

But TOR is "painfully slow," Marlinspike said. Since TOR also strips out HTTP headers, Google may treat the request as an attempt to abuse its services, displaying a CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) that a person must solve and respond to before it will deliver search results. That can disrupt a person's productivity.

GoogleSharing is fast, transparent and doesn't interrupt someone's workflow, Marlinspike said.

With GoogleSharing,"what you're trying to protect are your searches ... that are only valuable in aggregate that paint a really big picture of who you are," Marlinspike said.

Anyone can run a GoogleSharing proxy server. Although those running one of those proxies would have access to the same information Google would have received, "those that are running a GoogleSharing proxy server are in a much worse position than Google to make use of that information," Marlinspike said.

If enough people run GoogleSharing proxies, queries could be distributed among all of the proxies, further diluting the information pool. The add-on can also be configured to use a specific proxy, he said.

"Your intent in using Google is not actually to share information with them," Marlinspike said. "When you're using Google you're not actually trying to give them your personal information. You're just trying to make use of the services."

Google did not have an immediate comment, although the company explains on its privacy pages that it keeps search engine data such as queries in order to improve the service and for the security of its systems.

Google introduced a dashboard in November 2009 that lets users see and manage some of the data that the company holds. But users must have an account to access that panel, and it doesn't show other information the company may have collected.

TOPICS: Business/Economy; Computers/Internet
KEYWORDS: firefox; google; malware; search
Navigation: use the links below to view more comments.
first 1-2021 next last

1 posted on 04/19/2010 1:16:59 PM PDT by ShadowAce
[ Post Reply | Private Reply | View Replies]

To: rdb3; Calvinist_Dark_Lord; GodGunsandGuts; CyberCowboy777; Salo; Bobsat; JosephW; ...

2 posted on 04/19/2010 1:17:16 PM PDT by ShadowAce (Linux -- The Ultimate Windows Service Pack)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce


3 posted on 04/19/2010 1:18:55 PM PDT by Paladin2
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Normally I despise Microsoft, but when Google started acting like they owned the market I switched to Bing.

Works good, too.

4 posted on 04/19/2010 1:20:12 PM PDT by Oberon (Big Brutha Be Watchin'.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce

So we just have to trust the proxy operators and the add-on developers more than we trust Google, right?

5 posted on 04/19/2010 1:22:18 PM PDT by TChris ("Hello", the politician lied.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Oberon

Me too, much better except for people searches..Ha Ha.

6 posted on 04/19/2010 1:23:18 PM PDT by Shady (The Fairness Doctrine is ANYTHING but fair!!!!)
[ Post Reply | Private Reply | To 4 | View Replies]

To: ShadowAce

Does this also do this IP change on YouTube and Google-Syndication actions?

7 posted on 04/19/2010 1:23:26 PM PDT by ConservativeMind (Hypocrisy: "Animal rightists" who eat meat & pen up pets while accusing hog farmers of cruelty.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: ShadowAce
Al Gore says "Ignore this. Keep using Google. I'm not selling as many Carbon Credits anymore, so I need the additional income! Thanks for YOUR support!"

8 posted on 04/19/2010 1:23:54 PM PDT by scoobysnak71 (I'm light skinned with no negro dialect. Could you milk me?)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Paladin2

There are many Firefox ADD ONS that do the same thing.



9 posted on 04/19/2010 1:25:45 PM PDT by UCANSEE2 (The Last Boy Scout)
[ Post Reply | Private Reply | To 3 | View Replies]

Gets mixed reviews here.

I'm using StartPage, and it works pretty well while masking your IP.

10 posted on 04/19/2010 1:27:15 PM PDT by Rio (Don't make me come over there....)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Paladin2

Ghostery rocks.

11 posted on 04/19/2010 1:30:07 PM PDT by Bloody Sam Roberts (An armed man is a citizen. An unarmed man is a subject.)
[ Post Reply | Private Reply | To 3 | View Replies]


Are any of these for ie?

12 posted on 04/19/2010 1:35:27 PM PDT by counterpunch (The Emperor has no Cloture)
[ Post Reply | Private Reply | To 9 | View Replies]

13 posted on 04/19/2010 1:36:16 PM PDT by Crimson Elephant
[ Post Reply | Private Reply | To 11 | View Replies]

To: ShadowAce


14 posted on 04/19/2010 1:50:28 PM PDT by JoSixChip (It's time to embrace the madness! The sooner we default the sooner we can reorganize.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: JoSixChip

bump for later

15 posted on 04/19/2010 1:53:51 PM PDT by VA_Gentleman ("Poor Al Gore. Global warming completely debunked via the very internet you invented." -Jon Stewart)
[ Post Reply | Private Reply | To 14 | View Replies]

To: ShadowAce

Groowe toolbar with Scroogle plugin + TrackMeNot extension.

Never have a problem with Google tracking anything.

TrackMeNot is sending bogus random querries to Google every 30 seconds. No way they could detect me inside all that static.

Scroogle scrubs referrers off google searches.

16 posted on 04/19/2010 1:54:11 PM PDT by Calvinist_Dark_Lord ((I have come here to kick @$$ and chew bubblegum...and I'm all outta bubblegum! ~Roddy Piper))
[ Post Reply | Private Reply | To 1 | View Replies]

To: VA_Gentleman

bump for later

17 posted on 04/19/2010 3:01:09 PM PDT by GOPJ ( //
[ Post Reply | Private Reply | To 15 | View Replies]

To: counterpunch
Are any of these for ie?

No. Just Firefox.

18 posted on 04/19/2010 3:52:58 PM PDT by UCANSEE2 (The Last Boy Scout)
[ Post Reply | Private Reply | To 12 | View Replies]

To: Crimson Elephant

Agreed. scroogle.

19 posted on 04/19/2010 6:06:49 PM PDT by SgtHooper
[ Post Reply | Private Reply | To 13 | View Replies]

To: TChris

I’ve been using an experimental firefox add-on to get around the man in the middle attacks...

The homepage for the project and the Firefox add-on


Perspectives is a new approach to help clients securely identify Internet servers in order to avoid “man-in-the-middle” attacks. Perspectives is simple and cheap compared to existing approaches because it automatically builds a robust database of network identities using lightweight network probing by “network notaries” located in multiple vantage points across the Internet.

20 posted on 04/20/2010 9:19:36 AM PDT by JerseyHighlander
[ Post Reply | Private Reply | To 5 | View Replies]

Navigation: use the links below to view more comments.
first 1-2021 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794 is powered by software copyright 2000-2008 John Robinson