[LINK] Google Sharing
Roger Clarke
Roger.Clarke at xamax.com.au
Thu Jan 21 16:07:25 AEDT 2010
At 14:58 +1100 21/1/10, Stephen Wilson wrote:
>But ... isn't Googlesharing now the custodian of all my searches?
>Sure they've released source code, but who says the code reflects
>what they're really doing? If we have doubts about Google, aren't
>the doubts doubled for a smaller lesser known startup? If
>Googlesharing succeeds, how are they going to manage their
>inevitable server farm? Full circle, here we come!
Watch it! Here come the sceptics!
My reactions off-list were:
>Would you know whether it was working or not?
>Would you know if it was a trojan?
>It may be able to be countered by Google if they detect lots of
>quick-fire traffic from one source, which they can determine to be a
>proxy-server.
>It may drive Google towards making more and more of their services
>available only to logged-in-clients earlier than they otherwise
>would've.
OTOH:
>> Marlinspike has also released the source code used by the proxy so
>>it can be examined or used to create alternative services by others.
And *that's* a feature of considerable importance in the scheme of things.
Note too that there's a fair bit of history, and hence understanding,
surrounding proxy-servers. Is *any* data retained longer than the
time required to complete the response to the original requester?
[The original 'anonymous remailer' wasn't. The logs
cross-referencing inbound ID and outbound ID were retained long
enough to be acquired (by the Finnish Police, without needing a
warrant). ]
________________________________________________________________________
>Roger Clarke wrote:
>> New service hamstrings Google data hoarding
>> Dan Goodin
>> The Register
>> 19 January 2010
>> http://www.theregister.co.uk/2010/01/19/google_anonymizer_unveiled/
>>
>> Alarmed by the vast amount of personal information Google collects
>>from its users, a hacker has unveiled an anonymization service that
>>prevents the internet giant from tracking searches and websites
>>visited by a specific individual.
>>
>> Dubbed GoogleSharing, the anonymizing proxy service is designed
>>exclusively for communications with Google. It mixes together
>>requests from many different users so the search engine's data
>>collectors are unable to tell where they originate.
>>
>> Home: http://www.googlesharing.net/
>>
>> "Google thrives where privacy does not," GoogleSharing creator
>>Moxie Marlinspike wrote in announcing the service. "If you're like
>>most internet users, Google knows more about you than you might be
>>comfortable with."
>>
>> This is often the case even when users aren't logged in to a given
>>Google account. In addition to every search query an individual has
>>ever made, other personal details open to snooping include what
>>search results and news articles are clicked on, every destination
>>ever looked up on Google Maps and thanks to Google Analytics, many
>>website visits that didn't involve a Google search. Those using
>>Gmail also divulge the content of every email ever sent and
>>received.
>>
>> GoogleSharing is designed to hamstring Google's data hoarding ways
>>for all its services that don't require a login. Using it is as
>>simple as installing this Firefox plugin, which redirects
>>Google-bound traffic to a proxy. There, requests are stripped of
>>all identifying information and replaced with the details of a
>>different GoogleSharing user. The Google response is then proxied
>>back to the user. By sharing the identities of many different
>>people, the requests become much harder for Google to correlate and
>>analyze.
>>
>> Plugin: https://addons.mozilla.org/en-US/firefox/addon/60333/
>>
>> "The result is that you can transparently use Google search,
>>images, maps, products, news, etc... without Google being able to
>>track you by IP address, cookie, or any other identifying HTTP
>>headers," Marlinspike explained. And only your Google traffic is
>>redirected. Everything else from your browser goes directly to its
>>destination."
>>
>> The service was unveiled on Tuesday, a day after Microsoft said
>>its competing Bing search engine would cut the amount of time it
>>tracks user searches to just six months. Google, by contrast, holds
>>on to searches for nine months, and even then changes only parts of
>>the data collected while leaving the all-important cookie data
>>alone. Last month, Google CEO Eric Schmidt said if you'd prefer
>>your most intimate or work sensitive net activity not be tracked
>>and retained, "maybe you shouldn't be doing it in the first place."
>>
>> Marlinspike, a hacker who has identified weaknesses in the widely
>>used SSL protocol, readily concedes that anonymizers such as Tor
>>are more appropriate for people who want to conceal their online
>>activities from a wide variety of actors. But those services can
>>often be extremely slow. For those concerned only about Google,
>>GoogleSharing makes more sense.
>>
>> Marlinspike has also released the source code used by the proxy so
>>it can be examined or used to create alternative services by others.
>>
>> Of course, it's impossible for people to connect to Gmail, Google
>>Calendar, and other services that require a login without
>>identifying themselves, so GoogleSharing doesn't work in those
>>situations. In such cases, the Firefox plugin simply forwards
>>request directly to Google. Other Google services that can't be
>>anonymized include Chat, Checkout, Sites, Docs, Photos, Reader, or
>>Health.
>>
>> Marlinspike has pledged that GoogleSharing will log absolutely
>>nothing. All requests sent to the proxy - and all responses
>>returned - are automatically encrypted using HTTPS, although
>>traffic passing between the proxy and Google is often sent in the
>>clear because Google, like most other websites, still doesn't
>>provide universal SSL support.
>>
>>
>
>_______________________________________________
>To unsubscribe from the privacy list visit:
>http://lists.efa.org.au/cgi-bin/mailman/listinfo/privacy#subscribers
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list