BOSTON — Privacy advocate Moxie Marlinspike used the spotlight of the SOURCE conference here to call attention to Google’s data harvesting practices, warning that the search engine giant can mine information to figure out even what Web surfers are thinking about.
During a presentation that discussed the changing threats to privacy, Marlinspike likened Google’s data collection to the Pentagon’s Total Information Awareness program and lamented that fact that it’s near impossible to avoid Google’s tentacles without “opting out of the social narrative.”
“They have an awful lot of data. They record everything. They have your IP address, your search requests, the contents of every e-mail you’ve ever sent or received. They know the news you read, the places you go. They’re even collecting real-time GPS location and DNS look-ups,” Marlinspike said.
“They know who you friends are, where you live, where you work, where you are spending your free time. They know about your health, your love life, your political leanings. They even know what you are thinking about,” Marlinspike added, warning that the company has found a way to control the terms of the privacy debate by offering what he described as fake anonymization.
He pointed out that the Google tool that gives users control of their privacy settings only shows some of the information that are most obviously connected to a Web user. “It requires that you have an account, be logged in while using the services and maintain a persistent cookie. It’s a brilliant move on their part.”
Convinced that he can’t opt out of using Google’s ever-present services, Marlinspike created an anti-snooping tool to sidestep the company’s data collection tentacles.
The tool, called GoogleSharing, is a Firefox add-on that mixes the requests of many different users together, such that Google is not capable of telling what is coming from whom.
GoogleSharing aims to do a few very specific things:
- Provide a system that will prevent Google from collecting information about you from services which don’t require a login.
- Make this system completely transparent to the user. No special websites, no change to your work flow.
- Leave your non-Google traffic completely untouched, unredirected, and unaffected.
The GoogleSharing system consists of a custom proxy and a Firefox Add-on. He said the proxy works by generating a pool of GoogleSharing “identities,” each of which contains a cookie issued by Google and an arbitrary User-Agent for one of several popular browsers. The Firefox Addon watches for requests to Google services from your browser, and when enabled will transparently redirect all of them (except for things like Gmail) to a GoogleSharing proxy. There your request is stripped of all identifying information and replaced with the information from a GoogleSharing identity.
This “GoogleShared” request is then forwarded on to Google, and the response is proxied back to you. Your next request will get a different identity, and the one you were using before will be assigned to someone else. By “sharing” these identities, all of our traffic gets mixed together and is very difficult to analyze.
Marlinspike said the GoogleSharing proxy even constantly injects false but plausible search requests through all the identities.
The result is that you can transparently use Google search, images, maps, products, news, etc… without Google being able to track you by IP address, Cookie, or any other identifying HTTP headers. And only your Google traffic is redirected. Everything else from your browser goes directly to its destination.
Marlinspike is also building a privacy tool to secure voice calls and SMS messages on mobile phones. That tool, called Whisper Systems, will offer secure dialing via Phil Zimmermann’s ZRTP protocol and an Off-The-Record derived system to secure the privacy of text messages.
The mobile tools, which is being built for Android, will be available in a few weeks from Marlinspike’s ThoughtCrime.org website.