Collaboration

GoogleSharing: A way to prevent tracking by Google

A security expert is taking on Google. His innovative Firefox add-on prevents Google from tracking your whereabouts on the Internet.

A security expert is taking on Google. His innovative Firefox add-on prevents Google from tracking your whereabouts on the Internet.

---------------------------------------------------------------------------------------------------------

Any security pundit worth their salt knows about Moxie Marlinspike. You may remember Marlinspike getting a lot of attention during the 2009 BlackHat convention, where he explained a new SSL attack vector.

Matter of privacy

Recently, Marlinspike turned his attention to a different subject. It seems he did not like what Eric Schmidt, CEO of Google said in an interview:

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

For more details about the interview, refer to Chad Perrin's post: Google: Being evil. For whatever reason, Schmidt felt like bringing the privacy issue to the forefront. To those not familiar, it's all about what information Google captures, retains, and how they control it. To start, here is a partial list of information Google stockpiles, if you use their services:

  • Directions to places that you query Google Maps for.
  • Using Analytics, Google receives/retains information on visited Web sites.
  • Gmail membership allows Google to retain the content of sent and received e-mail messages.
  • Enabling My Location, enables Google to track your position real-time.
  • If Public DNS is used, Google can retain your DNS lookups.

I realize many people are not apprehensive about Google retaining all this information. Still, others are concerned. Especially with Google's "trust me" attitude. Remember what Eric Schmidt said during this Charlie Rose interview. Either way, it's important to know what's going on and what can be done about it if so desired.

GoogleSharing

GoogleSharing is Marlinspike's answer. It could be construed as yet another anonymizing proxy service, but that's not quite true. Proxies like Tor provide strong anonymity for all Internet communication. But, they are not the best option in this situation, because:

  • A proxy will hide the user's IP address, but not anonymize personal information in HTTP headers.
  • Proxy applications are bandwidth hogs, slow enough to frustrate users into not using them.

GoogleSharing's only purpose is to anonymize personal information, preventing Google from tracking movement on the Internet. Bandwidth is not an issue either, since GoogleSharing only deals with traffic being sent to Google.

Overview

GoogleSharing intermingles Google user requests. Doing so complicates making any association between the query and the requester's personal information. The GoogleSharing Web site explains what the service accomplishes:

  • Provide a system that will prevent Google from collecting information about you from services which don't require a login.

  • Make this system completely transparent to the user. No special websites, no change to your work flow.

  • Leave your non-Google traffic completely untouched, un-redirected, and unaffected.
How it works

The GoogleSharing proxy creates several generic identities, all official in the eyes of Google as they have been issued a cookie. These identities will act as surrogates for users making queries of Google. For this to happen, the user must install the GoogleSharing add-on in Firefox. Just a FYI, for now Firefox 3.6 breaks this add-on along with several other security add-ons.

Once the add-on is installed, you will notice text in the lower right corner of the browser: Google Sharing Enabled (green letters). Tap the text once and it changes to Google Sharing Disabled (red letters).

If enabled, the add-on intercepts Google requests, redirecting them to the GoogleSharing proxy. The proxy removes all identifying information, replacing it with the surrogate identity. The request is then forwarded to Google.

The intermixing of identities comes into play, when the user makes another Google query. A completely different surrogate identity is used, with the previous identity being given to a different user.

Drawbacks

GoogleSharing does not work for services that require a log in. Gmail, Checkout, and Chat are examples of such applications. More importantly, using GoogleSharing requires trusting Marlinspike and his application. That's a decision you will have to make.

There is another option. Marlinspike has made the GoogleSharing software available for download. That way, you can create your own proxy. The GoogleSharing Web site has a FAQ page explaining how.

Update (26 Jan 2010)

I had a chance to exchange e-mail messages with Moxie Marlinspike about GoogleSharing. He has been following the comments and is concerned about the matter of trust. To his credit, he is already working on methods to improve the situation. I will let him explain:

"It seems like the biggest concern people have is the concentration of data at the default GoogleSharing proxy.  Since there are no cookies involved, and since we don't have any obvious financial incentive to collect data of that caliber, I didn't think people would be as concerned about it as they have been.  So right now the next stage of development is focusing on the ability to have the add-on distribute requests across a set of proxy servers, instead of just having to select one.

Then I hope to get a few different groups of people with strong reputations in this area to run proxies that will be in the default configuration of the add-on.  That way nothing ends up in one place, people are dealing with names they already trust, and there are better availability guarantees in case something goes offline.  This could also be a step in the direction of something that begins to approximate P2P."

I would like to thank Moxie for taking the time to answer one of the concerns expressed by the TechRepublic members.

Final thoughts

Marlinspike mentioned that normal Google queries do not use HTTPS, where as traffic redirected to the GoogleSharing proxy does. I've checked packets destined for Google with GoogleSharing enabled and disabled and that part is working.

Google retains user information, doing something about it is a personal choice. It appears Moxie Marlinspike is offering an alternative to complete trust in Google. What do you think?

About

Information is my field...Writing is my passion...Coupling the two is my mission.

125 comments
toshiraw20
toshiraw20

title="Learn Stock Trading">Learn Stock Trading This is a great inspiring article. I am pretty much pleased with your good work. You put really helpful information. Keep it up.

Michael Kassner
Michael Kassner

"Google may have threatened to leave China in order to keep us all from concluding that "the cloud" can't be secured. But isn't that precisely what we should conclude based on the fact that Google chose to leave China? Why didn't Google just fix the flaw and keep its mouth shut? If it thought it could protect its data and yours, wouldn't it have just done so? In other words, the whole Google-in-China situation boils down to this: Google may have realized that it can't guarantee the security of its secrets -- or yours. " http://www.computerworld.com/s/article/9150038/Dark_clouds_gather_over_online_security?taxonomyId=0&pageNumber=1

Ocie3
Ocie3

With regard to the issues addressed by "GoogleSharing", I've been reviewing Scroogle. It seems to me that Scroogle accomplishes the goals that Moxie Marlinspike apparently wants to achieve with his approach. Scroogle is not a proxying service, but the search string that the user enters into the Scroogle interface is sent to Google by Scroogle. So, Google does not set any cookies on the user's computer and does not know the user's IP address. They only know that the search query came from Scroogle so they return the results to Scroogle, which displays them for the user. Scroogle also has an SSL interface. Since using it increases Scroogle's costs (they are a non-profit organization), they prefer it to be used only by people who have an insecure WiFi connection ([i]e.g.[/i], in a public place), or whose employer (or spouse) is snooping on whatever they do when the computer that they are using is connected to the Internet. Scroogle parses the results returned by Google to eliminate ads and redundant entries. The user can specify that they only want to see results for sites that use their language, so Scroogle removes any that don't do so from the results. Sometimes it appears that Scroogle lists a result before or after another result, but doing a Google search with the same string returns those two results in a different order. OTOH, doing two consecutive Google searches with exactly the same search string does not always produce exactly the same search results, including a different order for them. Scroogle home page: http://www.scroogle.org/ Scroogle Scraper (search interface): http://www.scroogle.org/cgi-bin/scraper.htm How using SSL protects your privacy: https://ssl.scroogle.org/sslnote.html Scroogle's "About" link displays a page showing their board of directors and their technical advisers. If memory serves, some of them are reputable security researchers, and some others are white-hat hackers. Scroogle also has an interesting short story titled "Scroogled" by Cory Doctorow; the link is on the Scraper page. :-)

Ocie3
Ocie3

Michael, since you quoted only the beginning phrase of the first sentence in what Eric Schmidt said, it seems fair to make known his remarks that followed it during the (in)famous interview with CNBC: "He said: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place, but if you really need that kind of privacy, the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities.'" (quotation from John Dvorak's Second Opinion, "Eric Schmidt, Google and Privacy", published Dec. 11, 2009, see: http://www.marketwatch.com/story/eric-schmidt-google-and-privacy-2009-12-11). Considering the complete quotation above, what Mr. Schmidt said is true. It does not appear, to me, to be a declaration of Google policy and procedure by choice [i]per se[/i], but a frank reminder that Google is obliged to obey the law. As long as the current version of the Patriot Act is in effect, it would be best to beware of what you say and do on the Internet, especially about U.S. foreign and domestic policy. Be that as it may, I suppose that Moxie Marlinspike (among many others, such as the Electronic Frontier Foundation), has chosen to consider Mr. Schmidt's remarks in regard to "privacy", not in regard to "national security". Certainly, it is understandable that the words with which Mr. Schmidt began his remarks have raised questions, whether he meant to say or imply that Google does not respect personal privacy. Does Google invade people's privacy as a matter of policy and practice? The question is whether to believe the following statements from http://www.google.com/privacy_ads.html: "[i].... To protect your privacy, we follow three principles when we serve ads: * [b]Transparency[/b] - We provide detailed information about our advertising policies and practices. * [b]Choice[/b] - We offer innovative ways to view, manage and opt out of advertising cookies. * [b]No personally identifying information[/b] - We don't collect or serve ads based on personally identifying information without your permission." (italicization added)[/i] Personally, I don't know whether those assertions are true, and I don't intend to analyze them now. But I must say that if the third statement is correct, then I, at least, have never given Google permission to collect PII about me. Accordingly, when I queried Google about it, during the discussion that followed your article about the Privacy Choice web site, Google's response was that they did not have any PII about me. And I do not have any proof that Google's response was either erroneous or deceitful.

greg
greg

This worked for about a day on the Google Adwords login if I disabled it first. Then it completely fried being able to get into Google Adwords with Firefox. Not sure if Google saw this and somehow has blocked it or what. Since I manage about ten companies Adwords accounts this is not a practical addition at the moment. I'm going to remove it and see if I can get Firefox to work again.

Techeads Anonymous
Techeads Anonymous

Michael, I believe Google is wrong about the privacy issues and needs to re-address their 'Big Brother' privacy policy. It is ironic that Google changes it's tune with China.

Deadly Ernest
Deadly Ernest

overlooking is - what the collected information could be used for, legally, and extra-legally. OK, let's say it takes a court order to get info out of the system legally, what's to stop the FBI, CIA, or Homeland Security from sneaking an operative inside the Google system, or even bribing a Google tech to get them copies of data or run special routines over the data already collected? The answer is - nothing. I got no worries about what I knowingly do on-line, in fact, I'm one of the few people I know who actually use their real name and details on the forums etc they belong to - just look how many posts here are done by people using nicknames that have no bearing on their real name, while mine is a nickname I've had since Primary School and does include my real first name and my profile has my full name. However, some of what I do check on the Internet is sure to send huge alarms ringing over at the NSA and Homeland Security, why you may ask, well, in my spare time I write fiction stories a good example is the story Rough Diamond, available at a couple of web site, for a few dollars at Lulu or for free at StoriesOnLine (which handles sex stories as well and is listed as such - so don't try to hit it from work): http://www.lulu.com/content/paperback-book/rough-diamond/6308662 http://storiesonline.net/story/59645 This is one of several action stories I've written and I did a hell of a lot of research for it, on things like weapons, places and buildings in the US, how to avoid security at some places, how to set up ambushes - and the story includes gun battles and the like. Another story I wrote called Zombie (http://www.dpdotcom.com/zombie.htm) actually does deal with terrorism and terrorist at the start - I was surprised recently to find out the Australian National library have bought a copy. They have it cross filed under terrorism because the request to purchase came from an Australian Terrorist Intelligence unit that was investigating the story and me for some reason - I don't know and haven't asked them why. I simply open the story with a character fighting the Taliban in Afghanistan while in the Australian Army. I've several other action stories publish and as many again part written - each involved a lot of research. Heck, the main one I'm working on now is set in Frederick, Maryland and involves a couple of trips to Washington and I checked out certain government rules on security at some government buildings and airports, to see I got things right about the airports, research on some commercial planes (ended up using an Airbus A318 in the story, along with a C5 Galaxy) various US military organisations, laws on guns, certain criminal organisations, etc -- all this stuff is sure to be tracked as the web sites are in the US and I'm outside it, so NSA must be seeing the traffic and some must be triggering their alert system, as is the many posts on forum boards discussing various aspects when I seek some specialist advice. Now, because I go to a lot of work to see Google doesn't track most of what I look at, most of this information on my Internet browsing is splintered and not cross linked, BUT, if I did allow Google-Analytics to link it all up and it ended up in the one data base, then that information would be available and I could find myself covered in US and Australian security agency people trying to find out if I worked for a terrorist organisation, simply because I'm looking at the same type of information that sets off their alarms. This would upset me, and also waste many man hours of people who are busy looking at me instead of real terrorists. And all this could happen because someone has a look at the data Google has collected on me without my approval, and mostly without my knowledge. In a way, I'm protected from being overly checked out by the US security agencies as I'm not in the US, but I'd be surprised if I didn't get an intense screening if I visited. The Aussie agencies will probably check the existing ASIO file on me and just drop any US enquiries aside as I've been through several security evaluations due to past employments with the Australian government departments where I needed high level security clearances - thus, my ASIO file is already very thick.

Michael Kassner
Michael Kassner

I would like to thank Moxie for answering member questions.

detours
detours

I understand the privacy concerns. We should always be aware of who has our data and what they are doing with it. But also I see a problem with using an add-on that blocks Google tracking while continuing to use Google services. It seems like 'theft of service'. Follow my thinking on this ... 1. Google services are expensive to run. There are real costs in research, development, equipment and manpower to run the indexing, caching, searching and other services that we enjoy so much. 2. Those expenses are financed by advertising. 3. The ads sell because Google can target them. 4. Accurate targeting is possible through tracking actual web usage. Basically, Google services are paid for by user participation in their tracking program. So isn't using their services while circumventing their advertising process (including tracking) basically theft of service? I figure, if the cost of using Google is too high (web tracking and targeted ads) ... don't use Google. But don't steal their service, either. Anyway, if I thought they were using my information inappropriately, I definitely wouldn't trust this add-on to protect me.

AlaskaIT
AlaskaIT

GoogleSharing is exciting, to say the least. Like any new software, I am interested to learn if it has been independently tested for unintended consequences. If it has been tested, can anyone point me to results?

bryan.gibbs5
bryan.gibbs5

I think Marlinspike's concept is great but have security concerns so look forward to when he has "to have the add-on distribute requests across a set of proxy servers, instead of just having to select one"

Witchfinder
Witchfinder

... but I don't think it'll stop me using scroogle.org

emenau
emenau

what about msn/hotmail/live, yahoo, facecrook etc. they are just as bad right? best would be a law that forbids every one of them to invade privacy.

sshead
sshead

In the age where everyone is at everyone else information why not give users ways to control their noise on the web? If Google blocks Moxie he'll find another way and I'll bet it will be infinitely better than the last. It's not about cat and mouse I think, it's about freedom for the receipt of information, and I believe that users should have that choice. Whether they are tech savvy enough to play the game or not is another question. As always there are two sides to the coin. In the security world I want to obfuscate as much data as possible without harming the business, and I want to safeguard the business from users mistakes - different basket, different story!

Deadly Ernest
Deadly Ernest

fire against these intrusive services. Do something like get a whole swag of people together and everyone get on-line with fake IDs and make no effort to block Google data collection, then go visit just about everything you can. Let them get the garbage data, then attack the advertisers who pay Google by doing things to have specific ads displayed on your system. Push the display of ads up enough, and the people have to pay Google larger sums of money, as they pay per ad displayed. Once the companies see their costs of ads via Google triple or quintuple, but no related increase in sales, they'll start thinking Google is a poor advertising medium and stop using them. Get enough companies hit, and you eventually cause long term revenue loses for Google as advertisers go away after seeing no increased benefit for the extra costs involved.

JCitizen
JCitizen

but because I never really thought they could, it actually gives them some credibility to admit temporary defeat. I've never thought the cloud was bullet proof. But it is probably safer than me trying to ride shotgun on the perimeter 24/7. With this admission, I actually feel Google may get serious about intellectual property(theirs); and now maybe they will realize their customers absolutely need it too - if the US market is to survive.

JCitizen
JCitizen

I asked pigit; how do we know they are really doing what you are saying? Seems like they've been around a while; but I'm just naturally skeptical about the internet. However I will not take the fine Google CEO's advice and just,"not do it"!

Zwort
Zwort

Thanks. I'm on the verge of making firefox my default browser, though I'll miss drag and drop.

Michael Kassner
Michael Kassner

My point is broader than that. I am not a fan of self-regulation when it comes to retaining information about me.

Deadly Ernest
Deadly Ernest

with the position Google is taking on this - and that is They are NOT differentiating between searches done by people IN the USA, or non USA citizens around the world conducting searches. They are keeping this information on ALL people who do searches on their search engines. And they do this regardless of what the laws are in the other countries the people are doing the searches from. In some cases their keeping the information is in breach of that country's privacy laws. If compliance with the Patriot Act was the only concern, they could easily identify the source of the enquiry as being internal to the US or external, and only record or track those that are US internal or from US Embassies and Consulates. However, the truth is they also use this information to send targeted ads to the people making the enquiries, and to get paid for sending such ads, so they track and keep the information on everyone. Much of the targeting MUST be done by using the IP address of the sender. I say this as I use one ISP at home, and another when away in Wagga, and the ads I get vary. First, my main system doesn't see any ads at all due to my blocking arrangements, but I sometimes have reason to use my laptop to access the Internet - since I usually use this off-line and in Linux, I've not gone to any trouble to set up the Window XP to block ads as it's not often on the Internet, so when I do go on the Internet with it in XP, I get to see ads. I live in rural New South Wales, Australia - about half way between Sydney and Melbourne and a couple of hours drive from the east coast. My home Internet ISP is based in Western Australia, about three days drive west of where I live. When I do get ads through my home ISP, I get ads for services and special in Perth Western Australia, which is where the main gateway for the ISP is. When I go on-line while in Wagga, I use an ISP that's based in Melbourne, and gee, all the ads on there are for services in Melbourne. Sometimes I use another ISP that's Sydney based, and the ads received through them are all for Sydney services. And all these accesses are from the same small area in rural New South Wales. The only differences with that when I use a particular ISP the enquiries go out through their gateway and their IP address, and that's is used to decide what ads to send back. Interestingly, sometimes I've access to an Internet service that uses a VPN to the US, this is mainly to search their web site, but sometimes I need to do a search for something on their web site, and they have that done via Google some how. When I do such searches, the results come back with ads for the US city their web server is in. Which always makes me laugh, as I'm NOT likely to duck down the road to get today's special.

JCitizen
JCitizen

since 1974, and I have had many businesses, and hobbies that bring me unwanted attention. I get along with government agents, they seem a very competent lot; but that doesn't mean I shouldn't have a basic distrust of government. However I am even more worried about nut cases, I'm sure you probably have run into your share of them, with your career as a publisher. There is always a few individuals who aren't taking their medicine who can be very dangerous, and those folks don't mix with me. I avoid contact with such fools at all costs, especially since they are hard to explain to the BATF. Therefor privacy is a great concern of mine, to say the least!! Lately my concern has been corporate and government economic espionage, as I have contacts that need protection for their intellectual rights, and I take those rights very seriously.

Ocie3
Ocie3

interesting answers. FWIW, I have used Scroogle recently for several searches, but I am not sure as to what, exactly, that they "scrape" from my queries. I have compared Scroogle results with the results of the same query to Google.com, and they do not always contain the same web sites. That is, Scroogle omits some that Google returns, but does not list any that Google doesn't list, so in that regard it is apparent that Scroogle does use Google's search engine. (Often the order in which the web sites are listed is a bit different but that usually does not matter.) I suppose that I can find Moxie's Firefox extension by using the name "Google Sharing"?

JCitizen
JCitizen

on personally identifiable information, and then also don't go far enough to protect it. They may change course in the future; especially after a constitutional backlash against government snooping. When they prove they have my welfare in mind as much as theirs, I may feel differently.

Deadly Ernest
Deadly Ernest

difference between using the Google search engine and the use Google makes of Google-Analytics and Googleadservices on other web sites - and that's where it really hits some of us with extra costs. You got to Tom's Trash web site only to find he uses Google-Analytics third party cookies to track your activities on his site, and this results in a whole lot of communications between your system and the GA server. Stop the third party cookie and block all GA traffic, and that don't happen. This is the biggest area of concern I see with the Google tracking.

Michael Kassner
Michael Kassner

Your query is just being replaced by a GoogleSharing query. Nothing is being blocked, Google still gets a hit count and information. It is just not yours.

JCitizen
JCitizen

as user reviews over there can point out many problems along the way with new software. You'd be surprised how enlightening the users can be in testing software. Their reviews can sometimes have surprisingly technical detail. Something like this is worth testing immediately in the lab; but I'd still wait at least 3 months before considering deployment.

moxie0
moxie0

GS went through a month of beta testing with a smaller group of users. It's been public for about a week without too much trouble. Right now the biggest set of problems people have are using GS with other normal HTTP proxy setups, which isn't supported yet.

Michael Kassner
Michael Kassner

It's pretty new. I will ask if that is in the works.

Ocie3
Ocie3

because someone, somewhere will probably attack the proxy servers. :-(

Michael Kassner
Michael Kassner

I was not aware of Scroogle.org. Appreciate the information.

Zwort
Zwort

As you will know the UK govt has flooded the country with new laws and new offences, to the point where there is not only an information overload (who reads up all of the new statutes that apply to them?), but also where minds become entangled, simply because these crazy legislators are the legal equivalent of bad coders. I've been online for nearly 20 years and was very impressed with remarks I read on Usenet about governments not being allowed to interfere with online. It's impractical, I know, but I'd like to see the online population somehow being more empowered at the expense of govt interference. How many ISPs give good anti spyware, anti trojan, anti rootkit advice? Not many recommend good security software, and not many have good a security forum. If these things were done, and if people intercommunicated, yes, perhaps we could make it pay more to leave us unbothered.

Michael Kassner
Michael Kassner

I was not aware of Ghostery being able to block. But, it's been awhile since I researched it. It does indeed block the entries on their blacklist.

Michael Kassner
Michael Kassner

Your comments are well-thought out. Thank you for expressing them.

Harry.Hiles
Harry.Hiles

It's really a matter of whether you want to see ads or not. Ads are easily blocked in FF with add-ons. But if you don't mind the ads, shouldn't they be for products/services that you're actually interested in? Making advertising relevant to the individual isn't evil.

Deadly Ernest
Deadly Ernest

can do in Microsoft Internet Explorer that you can't do in Fire Fox - except be more vulnerable to a virus.

Ocie3
Ocie3

but it seems that we do not have much choice, unless and until Congress enacts some Privacy laws that take the Internet into account. Many businesses and other organizations emphatically declare that they never sell or share any data about their customers with anyone else. Whether their ISP has the same policy is another matter, and if we find their web site by using Google Search, then Google knows something, even if it is not PII.

Ocie3
Ocie3

empowers many Federal agencies and entities to use a document called a [i]National Security Letter[/i] to compel the person(s) and/or organization(s) to whom the letter is addressed to disclose, and perhaps to give actual access to, information and data that is specified in the letter. There is no judicial review of the use of NSL documents, and those who receive them are forbidden by law to disclose that fact and forbidden to disclose anything about the request, the information and data sought, etc. The use of a NSL does not distinguish between whether a person(s) or organization(s), about whom information and data is sought, is in the US and its possessions, or in a foreign country, or whether any targeted person is a citizen of the USA. Whether Google violates privacy laws in foreign countries by collecting the data that it does collect is essentially a matter between Google and the government of that country. From what little discussion that I have read about that, I recall that some people have claimed that some countries have passed stringent privacy laws only so that Google, and other firms like it, would have to pay bribes to corrupt officials in order to avoid prosecution. Whether Google or any other firm is paying such bribes is unknown. In any case, I rarely see any ads that appear to be based upon my geophysical location, whether that is determined by IP address. WhoIsByIP only divulges the owner of an IP address, which is usually either a university, a corporation (which might be an ISP), or a government entity. At best, that just narrows the possible location of the user of an IP address to a rather large area, at least in the region where I live. It might be somewhat more specific in an urban area where the concentration of users within a smaller area is greater.

Deadly Ernest
Deadly Ernest

Department, Mental Health Branch - my job was to run a small business and prepare mental health clients who have been in long term institutional care for return to living in the community and participating in the work force. We had a few who would sometimes forget or go off their meds, and those case were - well, let's just say VERY INTERESTING TIMES. In a few the police were involved, in most I was able to talk them through and get them to the real professionals back at the department. So I've got an idea of what you mean about what can happen. Also, I've been a cop, and worked both sides of the security counter in some places - it all makes for an interesting life, at times. I first came to the notice of ASIO at fifteen eyars of age - my Uncle spent a lot of time with us and he was in a government position that required what they call positive vetting. One day I recognised someone was listening in on our phone and investigated the matter, surprising their crew down the street and around the corner in their little hidey hole at the 'phone pit' - and that's where my ASIO file started as they wanted to know how I knew they were there. Since then, it's grown quite a bit, but I still get clearances as it's mostly good - and all good as far as security goes. I mentioned the story Rough Diamond, I think you might find it an enjoyable read, as it covers a bit of what can go wrong in a government agency - especially in the USA.

Deadly Ernest
Deadly Ernest

paying Google money to do this. If Google couldn't sell the results of the data, they wouldn't do it. So, instead of dealing with the symptoms, I want to hit the cause as well. But do it with the equivalent of a syn flood.

Deadly Ernest
Deadly Ernest

where you can opt in and set out what you want to receive - kind of like the TR page where you say what sort of blog posts you want emails for. I do use FF and various add-ons to block the ads etc. But since Google are going out of their way to make my life difficult, so they can make money by making me pay for extra downloads (we pay per MB down here), why can't I go about making their life difficult in return?

Michael Kassner
Michael Kassner

It's about data retention by Google. I mentioned a few times that it is a personal choice.

Zwort
Zwort

Yeah, I'm aware of the Maxthon design stuff, one reason for instructing it to use the Gecko engine. I've tried a few different packages including Opera, which I dumped when they had security problems. I also dumped Firefox for a while, for the same reason. I've tried quite a few. The drag and drop feature in Maxthon is easy, and Firefox's equivalent seems cumbersome to me. Using Maxthon I select text of interest, then drag and drop it on the pane, it opens the search in a new tab. Dragging it on to the Firefox search field opens the search in the same tab, which is of no use if I need both the search and the original document that I am reading. I don't have to go through the process of opening a new tab and then flicking to the original one, it just happens. Similarly, when I drag and drop a url, e.g. turnpike.com, it opens in a new pane without further instruction. No cumbersome process of opening a new pane, and then flicking back to the original. Holding CTRL and then dragging a URL causes the URL details to be saved in text format in the saves sub directory; doing the same when ordinary text is selected saves the text in a text file in the save sub directory. In each instance the file is named appropriately. The point for me is that these things enhance my research, as does the 'group' function, which I use to keep several important subjects easy to hand. In Maxthon I have all filters applied routinely, that means popups, activex and so on are blocked automatically. I use a variety of supplementary packages as well. I have 13 sub directories for browsers, and am not satisfied yet. The status here is up in the air at the moment, carcasses everywhere, and I may put together a Linux machine in the next few weeks; my main problem is with the oft stated need to do IP chains from the CLI. I have yet to read an answer to my question 'why'? that is not surrounded by fog.

Deadly Ernest
Deadly Ernest

although I usually open a link by using the 'right click' to open a menu and then select 'new tab' all while hovering over the link - this opens the link in a new tab while I stay in the page I'm on. If I just 'left click' the link it opens the page in a new tab and moves me to it. However, I just tried doing what you mention, opened a new tab by clicking on the 'new tab' icon, highlighted the web address (Turnpike.com in your post - which isn't a hot link but plain text) and dragged it over to the new tab. When I dropped it there, the tab treated it like a typed in URL and proceeded to open it and redirect it. Having confirmed the process works I killed the page in mid opening and closed that tab. I haven't yet found any drag and drop activity I used to do in Windows that doesn't also work in Linux or the Linux applications that do the same task - except the Terminal Console, which is the Command Line window. Even the old Ctrl C to copy and Ctrl V to paste works all through Linux GUI apps. I can only suggest you set up a system with SimplyMepis Linux and try it. You can check most of it out by getting a Live Disk and running it from the DVD / CD. BTW Maxton is based on the Internet Explorer 2 and aims to be compatible with it. According to wiki.

Zwort
Zwort

I don't use Internet exploder, and haven't used a MS app for years; Open Office as a supplement to SmartSuite, Turnpike emailer from Turnpike.com (try it; I have never used OE, though I've used Agent and a variety of others that I bought, but Turnpike always won out) and so on. I browse using Maxthon with the gecko engine. I can drag and drop a text selection (called a 'mouse gesture', the user drags and drops it on the open pane), and it is automatically run through my default search engine, opening in a fresh tab. The same applies to links. If I don't want a new tab, I can also drag a link that I know will open in a fresh tab, onto the 'parent' tab. Other stuff that Maxthon has is the 'groups' function. So, whilst I save links into my favourites, and these are categorised, I can have groups that involve a mixture of requirements related to a task, a day of week, and so on. I'd like to say that soon I will be using Linux in any case, but there are so many things that happen in MS platforms that I will be cautious. I think there will always be at least 1 Windows machine here, and possibly a Mac at some point. Oh. I feel so dirty now. Time for that post gymn shower.

Zwort
Zwort

Not that I want to sound anti social here but, given the proven track record of false positives (convictions) in (human therefore fallible) justice across the world, can you imagine how I feel about that, especially since a number of states in your country still kill people (often mistakenly) for a number of offences. This is shocking stuff, especially when I consider that I do not visit the states because of their capital punishment policy. Very disturbing.

Deadly Ernest
Deadly Ernest

outside of the USA. According to Google, they have servers around the world that perform the services for the people in that geographical area. Thus, any server located in, and supporting, Europe has no legal responsibility to support the Patriot Act. Ditto for servers based anywhere except the USA. Under Australian law, any information collected about a person may only be done so with their permission and it may only be used for the purpose for which it was collected. It must also be destroyed as soon as possible, unless other laws require it to be kept for a set period of time. Any personal information to be supplied to another party can only be done on the issue of an official court order AFTER the requesting organisation has proven to a court of law they have a real and pressing need to have that information for a lawful purpose. Now, under that law, a NSL is NOT enough to get any information from an Australian server, in fact it's unlawful for Google to copy any information to another server outside the Australia, if they gathered the information inside Australia. I'm aware some other countries have similar laws that are just as tight. Yet Google blithely gather the information and use it to target ads. Much of what they do in that manner is against Australian law, but they cannot be prosecuted until you can prove that the information was gathered on an Australian server, and when you ask them, they always claim your enquiry was sent to their main complex in the USA. Which makes one wonder why they maintain any servers in Australia - unless they lie about it. Even so, any info gathered about me on a USA server would be accessible via the Patriot Act, but the US agencies would have a damn hard time justifying a request or taking any actions against what I do here in Australia.

JCitizen
JCitizen

I'd consider interferring with someone's business that way, to be possibly criminal. However, it is our information, and obfuscation with the intent of discouraging bad business practice, is more how I would look at it. Even if it were criminal, the way our U.S. government has broken constitutional taboos; I would call it a justifiable protest demonstration. I would gladly do prison time for it, just like sit in trespassers in the'60s.

moxie0
moxie0

As GoogleSharing moves closer to P2P, you begin to see this effect. Suddenly there are searches coming from many different IP addresses, and it becomes difficult to know what is authentic and what is proxied.

JCitizen
JCitizen

Some sites I wouldn't want to disappear, but they could always make them a pay-site.

Deadly Ernest
Deadly Ernest

As ti the ads, they pay for someone else's business operation, that's all. Now as to Flash - it's poorly written proprietary code, Java is a bit better written. But both are heavily used by lazy idiots who know nothing about programming that use an applications to make web pages and web sites in a drag and drop application, and the only thing on their mind is 'does it look snazzy enough on their machine while they create it.' I've yet to here of anyone being hit with a drive-by virus when they visit a web page or site built in either html or html and perl.

JCitizen
JCitizen

or seem to. I get almost NO adds. Now as santee suggests, how are we going to pay for the internet? With no ads and such? My position on that is, maybe they need to quit using java and flash! Or at least police their servers better. Most of the malware is placed onto those machines without the knowledge or consent of the site operator, and/or ad server company. Perhaps I'm misunderstanding Mr. Santee?

Ocie3
Ocie3

Quote: "SpywareBlaster covers; it has a host-file also, I believe; hopefully you can run more than one host-file on a PC." No, you cannot have more than one file named HOST in the C:\Windows subdirectory where it is stored! However, you can append the contents of one file to another file and call the combined file HOST. I use a batch file that appends the contents of a .TXT file, in which I have some additional lines for web sites that might not be in the HOST file that I download from a Microsoft web site about once a month.

santeewelding
santeewelding

Employees and slaves to that which does not pay you for your time. Have you thought of that angle? Do you do this only because you can? What do we have to do? Originate or commission software that wipes all this shilt off the map? Or, go back to something else. What the else is, does not come ready to my mind, at the moment...

JCitizen
JCitizen

SpywareBlaster covers; it has a host-file also, I believe; hopefully you can run more than one host-file on a PC. Then there is MVPS (Internet Explorer) for Windows also.

Deadly Ernest
Deadly Ernest

doubleclick URLs listed in it, but I also added a couple of doubleclick URLs that were getting through as they were .com.au and the Adblock Plus list had only the .com entries. The basic ones are: www.doubleclick.com www.doubleclick.com.au ad.doubleclick.com ad.doubleclick.com.au ad.au.doubleclick.com doubleclick.com/ad/* and many more I just can't readily find in the list of a few thousand URLs. It's not always easy keeping up with them as they frequently change the URL about, to get around Ad Blocking software. One thing I do is - when I see an ad on a site, I 'right click' and open the 'view source' option. Then I closely examine the source code - looking for any code where it's calling something from another site or has anything that looks remotely like it may relate to ads. I then research such links or code, and if it turns out to be ad related, it gets included in a new Adblock Plus rule filter and sometimes in a FF cookie blocking instruction as well.

Ocie3
Ocie3

do you use for DoubleClick? I don't see them much on the Firefox NoScript dialog any more.

Ocie3
Ocie3

the "Opt Out" button, Firefox 3.5.7 opened a new tab, but the content was nil. The link for the button appears to be: http://optout.doubleclick.net/cgi-bin/optoutgoogle.pl but when I use that link: "Firefox can't establish a connection to the server at optout.doubleclick.net." So DoubleClick is implicitly the Google subsidiary that engages in behavioral tracking and targeted advertising. Something which everyone seems to be ignoring is the web-connected businesses that Google has purchased outright or otherwise controls. It is reasonable to assume that all of them are sharing PII with Google that they obtain in the course of contacts and transactions with customers and with business associates, etc. If memory serves, EBay and PayPal are Google subsidiaries. Do you know of others?

JCitizen
JCitizen

is that I don't feel I should be expected to trust them with too much information. Ads slow down my surfing and rob bandwidth, but if I had any money laying around to spend, I might want to see them. Also I feel one's enemies could misunderstand the meaning and purpose of sites that have been tracked and tragedy could strike for the hapless surfer who is not involved in any terrorist or illegal activity. This is why I am repulsed at CEO Schmidt's comments, because he doesn't know the half of it. Guilt by association can not be always an accurate gauge of the intent of the searcher. Also, with all the corporate espionage going on, and similar conflicts with the PRC over intellectual rights, I don't feel Google has any right knowing my business AT ALL! No free man should be expected to lie down, without of fight over sensitive information.

waldenasta
waldenasta

Don't minds the ads so much. I understand the need for them and can easily blck with adblock, and guard my privacy on firefox with the ghostery addon. But, i really hate been tracked all over the internet. I do feel like someone is uncomfortable leaning over my shoulder looking at everything I do and it's a creepy feeling. I use some greasemonkey scripts that helps with the privacy issues but will also give this a shot. Oh, for the days when you could get online and feel anonymous.

kmdennis
kmdennis

I pay for a wireless connection with Verizon and could not understand how my 5GB of data could be possibly used up? After calling Verizon to query what I had downloaded, I found out that those silly slimy monkeys running across the screen, or those home loans dancers and any other popups were using up my bandwidth when I left my internet connection overnight. I hate those ads. I agree that this should be an opt-in service where you can decide if you want aps on your page or not. For a long time I have been toying with the idea of building a site which replicates most other sites but removes the ads and popups and the users can chose if they want ads and make it fully customizable.

Zwort
Zwort

Ask.com have an eraser, which may or may not work. I have a now misplaced list of 'safer' search engines. Using this browser I can, using hotkey combinations, change the combination of proxy and search engine, though I have been very lazy of late.

Michael Kassner
Michael Kassner

But, they could anonymize it a lot sooner and it still would be effective for their needs.

Deadly Ernest
Deadly Ernest

run their ad service better - that's the sole reason for it.

Editor's Picks