'Google even knows what you're thinking'
Summary: Privacy advocate Moxie Marlinspike used the spotlight of the SOURCE conference here to call attention to Google's data harvesting practices, warning that the search engine giant can mine information to figure out even what Web surfers are thinking about.
BOSTON -- Privacy advocate Moxie Marlinspike used the spotlight of the SOURCE conference here to call attention to Google's data harvesting practices, warning that the search engine giant can mine information to figure out even what Web surfers are thinking about.
During a presentation that discussed the changing threats to privacy, Marlinspike likened Google's data collection to the Pentagon's Total Information Awareness program and lamented that fact that it's near impossible to avoid Google's tentacles without "opting out of the social narrative."
"They have an awful lot of data. They record everything. They have your IP address, your search requests, the contents of every e-mail you've ever sent or received. They know the news you read, the places you go. They're even collecting real-time GPS location and DNS look-ups," Marlinspike said.
"They know who you friends are, where you live, where you work, where you are spending your free time. They know about your health, your love life, your political leanings. They even know what you are thinking about," Marlinspike added, warning that the company has found a way to control the terms of the privacy debate by offering what he described as fake anonymization. 
He pointed out that the Google tool that gives users control of their privacy settings only shows some of the information that are most obviously connected to a Web user. "It requires that you have an account, be logged in while using the services and maintain a persistent cookie. It's a brilliant move on their part."
Convinced that he can't opt out of using Google's ever-present services, Marlinspike created an anti-snooping tool to sidestep the company's data collection tentacles.
The tool, called GoogleSharing, is a Firefox add-on that mixes the requests of many different users together, such that Google is not capable of telling what is coming from whom. 
GoogleSharing aims to do a few very specific things:
- Provide a system that will prevent Google from collecting information about you from services which don't require a login.
- Make this system completely transparent to the user. No special websites, no change to yo ur work flow.
- Leave your non-Google traffic completely untouched, unredirected, and unaffected.
The GoogleSharing system consists of a custom proxy and a Firefox Add-on. He said the proxy works by generating a pool of GoogleSharing "identities," each of which contains a cookie issued by Google and an arbitrary User-Agent for one of several popular browsers.
The Firefox Addon watches for requests to Google services from your browser, and when enabled will transparently redirect all of them (except for things like Gmail) to a GoogleSharing proxy. There your request is stripped of all identifying information and replaced with the information from a GoogleSharing identity.
This "GoogleShared" request is then forwarded on to Google, and the response is proxied back to you. Your next request will get a different identity, and the one you were using before will be assigned to someone else. By "sharing" these identities, all of our traffic gets mixed together and is very difficult to analyze.
Marlinspike said the GoogleSharing proxy even constantly injects false but plausible search requests through all the identities.
The result is that you can transparently use Google search, images, maps, products, news, etc... without Google being able to track you by IP address, Cookie, or any other identifying HTTP headers. And only your Google traffic is redirected. Everything else from your browser goes directly to its destination.
Marlinspike is also building a privacy tool to secure voice calls and SMS messages on mobile phones. That tool, called Whisper Systems, will offer secure dialing via Phil Zimmermann's ZRTP protocol and an Off-The-Record derived system to secure the privacy of text messages.
The mobile tools, which is being built for Android, will be available in a few weeks from Marlinspike's ThoughtCrime.org website.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Say no more..
RE: 'Google even knows what you're thinking'
<a href="http://www.kecioyun.com/">oyun</a>
RE: 'Google even knows what you're thinking'
Good write up!
Gordon Green
gordon@weboptium.com
Weboptium LLC
It will be interesting to see what said....
you on the web anymore.
*shrugs*
Tailored, how?
Nice
So wait a minute....
another entity that you don't know much about that could
very well collect and use the data themselves? And not
only that they give the proxy away so others can fool you
into doing the same thing and collect your data as well?
Brilliant idea....smh
Exactly
Maybe we need the add-on to create a steady stream of fake requests to Google based on random text from pages linked from pages linked from pages you visit.
While they will still know you IP address it wont be worth squat.
Also, don't use only Gmail.
storm14k, I agree with you on this.
--Ram--
RE: 'Google even knows what you're thinking'
Of course, the more that you use google applications as the single source of all info about you, the more of that information they do have.
So create several email accounts, on different services, and silo your usage so that all info about, say, your kids is handled through email service A, while anything relating to work is handled through behind a company firewall, and anything relating to your sweater knitting hobby is handled through service c.
Make certain that you sign out of your accounts, and delete your cookies at the end of a session, and that's provided at least a bit of isolation for you.
Of course if you think that is more trouble than privacy is worth to you, then just keep everything in one place. That's just like keeping everything important in your home... as long as there's no flood/fire/earthquake/other natural disaster, you feel relatively safe. If however your home is robbed, and some of your stuff is stolen, then you begin to think about storing it in safe deposit boxes, storage units, etc. ...
RE: 'Google even knows what you're thinking'
Given all that Google, Microsoft, and other data and information gathering instrumentalities know about my online behavior, I still don't think they really know everything there is to know about me. I'm not buying this paranoia.
Well, I actually thought TIA was a great idea . . .
All the data that was to be collected was neither priviledged nor the result of monitoring activities in which the person being monitored had the legally described -- and restricted -- "expectation of privacy."
There are a lot of "civil libertarians" who prefer their own interpretation of the Constitution and its amendments to their true meanings. For example, "freedom of association" means just that; you are free to associate. It does not mean that you are entitled to keep that association secret. If I (or a government agency) want to roam through the parking lot adjacent to a KKK meeting hall and take down license plates, that does not violate your right; you have no expectation of privacy when you parked in a publicly visible location.
I could go on, but you get my drift.
you could go on, but...
4 years ago someone attempted to send me an email, but misspelled the domain name. it ended up in my gmail account. at that point i began to notice the degree to which goog keeps track of internet users: as much as it does internet content.
btw, before holding yourself out as black's law dictionary or equivalent, you may wish to review:
http://www.answers.com/topic/freedom-of-association
the constitution doesn't create freedom of association, it is premised on it.
As we have to log in just to reply to this post!
on us but who would you trust with that info in
the cloud. Twitter whose every tweet is
recorded in our national archives? Facebook,
who is subject to viruses, spam or worse.
At least I know Google tries to safeguard my
stuff. They try to hold governments accountable
for invasions of privacy (within the law). They
don't sell my info to other companies that
would likely misuse it. They stand up to China.
And to be honest, what do they do with that
info? They make EVERYTHING more relevant to
your personal interests. Very useful! As far as
I see it, Google has as much interest in
safeguarding my info as I do. They mess up
once...and all their business would be gone in
seconds. Look at Buzz and the stir that
created. That was just their most used
contacts...imagine if that had been something
more. I think they learned that lesson, don't
you?
Sucker...nt
Might as well add this page'
RE: 'Google even knows what you're thinking'
"Here's my theory on that. While I was institutionalized, my brain was studied exhaustively in the guise of mental health.I was interrogated, x-rayed, studied thoroughly. Then, everything about me was entered into a computer where they created a model of my mind
Then, using the computer model, they generated every thought I could possibly have in the next, say ten years, which they then filtered through a probability matrix to determine everything I was going to do in that period.
So you see, she knew I was going to lead the Army of the Twelve Monkeys into the pages of history before it ever even occurred to me. She knows everything I'm ever going to do before I know it myself. How about that?"
Give your data to an even less trustful organization
Uh . . maybe the Googlesharing add-on is a trojan?
RE: 'Google even knows what you're thinking'