[LINK] Google Sharing

Roger Clarke Roger.Clarke at xamax.com.au
Thu Jan 21 16:07:25 AEDT 2010


At 14:58 +1100 21/1/10, Stephen Wilson wrote:
>But ... isn't Googlesharing now the custodian of all my searches? 
>Sure they've released source code, but who says the code reflects 
>what they're really doing?  If we have doubts about Google, aren't 
>the doubts doubled for a smaller lesser known startup?  If 
>Googlesharing succeeds, how are they going to manage their 
>inevitable server farm?  Full circle, here we come!

Watch it!  Here come the sceptics!

My reactions off-list were:
>Would you know whether it was working or not?
>Would you know if it was a trojan?
>It may be able to be countered by Google if they detect lots of 
>quick-fire traffic from one source, which they can determine to be a 
>proxy-server.
>It may drive Google towards making more and more of their services 
>available only to logged-in-clients earlier than they otherwise 
>would've.

OTOH:
>>  Marlinspike has also released the source code used by the proxy so 
>>it can be examined or used to create alternative services by others.

And *that's* a feature of considerable importance in the scheme of things.

Note too that there's a fair bit of history, and hence understanding, 
surrounding proxy-servers.  Is *any* data retained longer than the 
time required to complete the response to the original requester?

[The original 'anonymous remailer' wasn't.  The logs 
cross-referencing inbound ID and outbound ID were retained long 
enough to be acquired (by the Finnish Police, without needing a 
warrant). ]

________________________________________________________________________


>Roger Clarke wrote:
>>  New service hamstrings Google data hoarding
>>  Dan Goodin
>>  The Register
>>  19 January 2010
>>  http://www.theregister.co.uk/2010/01/19/google_anonymizer_unveiled/
>>
>>  Alarmed by the vast amount of personal information Google collects 
>>from its users, a hacker has unveiled an anonymization service that 
>>prevents the internet giant from tracking searches and websites 
>>visited by a specific individual.
>>
>>  Dubbed GoogleSharing, the anonymizing proxy service is designed 
>>exclusively for communications with Google. It mixes together 
>>requests from many different users so the search engine's data 
>>collectors are unable to tell where they originate.
>>
>>  Home: http://www.googlesharing.net/
>>
>>  "Google thrives where privacy does not," GoogleSharing creator 
>>Moxie Marlinspike wrote in announcing the service. "If you're like 
>>most internet users, Google knows more about you than you might be 
>>comfortable with."
>>
>>  This is often the case even when users aren't logged in to a given 
>>Google account. In addition to every search query an individual has 
>>ever made, other personal details open to snooping include what 
>>search results and news articles are clicked on, every destination 
>>ever looked up on Google Maps and thanks to Google Analytics, many 
>>website visits that didn't involve a Google search. Those using 
>>Gmail also divulge the content of every email ever sent and 
>>received.
>>
>>  GoogleSharing is designed to hamstring Google's data hoarding ways 
>>for all its services that don't require a login. Using it is as 
>>simple as installing this Firefox plugin, which redirects 
>>Google-bound traffic to a proxy. There, requests are stripped of 
>>all identifying information and replaced with the details of a 
>>different GoogleSharing user. The Google response is then proxied 
>>back to the user. By sharing the identities of many different 
>>people, the requests become much harder for Google to correlate and 
>>analyze.
>>
>>  Plugin: https://addons.mozilla.org/en-US/firefox/addon/60333/
>>
>>  "The result is that you can transparently use Google search, 
>>images, maps, products, news, etc... without Google being able to 
>>track you by IP address, cookie, or any other identifying HTTP 
>>headers," Marlinspike explained. And only your Google traffic is 
>>redirected. Everything else from your browser goes directly to its 
>>destination."
>>
>>  The service was unveiled on Tuesday, a day after Microsoft said 
>>its competing Bing search engine would cut the amount of time it 
>>tracks user searches to just six months. Google, by contrast, holds 
>>on to searches for nine months, and even then changes only parts of 
>>the data collected while leaving the all-important cookie data 
>>alone. Last month, Google CEO Eric Schmidt said if you'd prefer 
>>your most intimate or work sensitive net activity not be tracked 
>>and retained, "maybe you shouldn't be doing it in the first place."
>>
>>  Marlinspike, a hacker who has identified weaknesses in the widely 
>>used SSL protocol, readily concedes that anonymizers such as Tor 
>>are more appropriate for people who want to conceal their online 
>>activities from a wide variety of actors. But those services can 
>>often be extremely slow. For those concerned only about Google, 
>>GoogleSharing makes more sense.
>>
>>  Marlinspike has also released the source code used by the proxy so 
>>it can be examined or used to create alternative services by others.
>>
>>  Of course, it's impossible for people to connect to Gmail, Google 
>>Calendar, and other services that require a login without 
>>identifying themselves, so GoogleSharing doesn't work in those 
>>situations. In such cases, the Firefox plugin simply forwards 
>>request directly to Google. Other Google services that can't be 
>>anonymized include Chat, Checkout, Sites, Docs, Photos, Reader, or 
>>Health.
>>
>>  Marlinspike has pledged that GoogleSharing will log absolutely 
>>nothing. All requests sent to the proxy - and all responses 
>>returned - are automatically encrypted using HTTPS, although 
>>traffic passing between the proxy and Google is often sent in the 
>>clear because Google, like most other websites, still doesn't 
>>provide universal SSL support.
>>
>>
>
>_______________________________________________
>To unsubscribe from the privacy  list visit:
>http://lists.efa.org.au/cgi-bin/mailman/listinfo/privacy#subscribers

-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University



More information about the Link mailing list