Reconstructing Users' Web Histories From Personalized Search Results - Slashdot

Slashdot

Reconstructing Users' Web Histories From Personalized Search Results 44

Posted by Soulskill on Sunday April 25 2010, @10:16AM
from the we-know-it's-not-your-roommate dept.

An anonymous reader sends along this excerpt from MIT's Technology Review: "Personalization is a key part of Internet search, providing more relevant results and gaining loyal customers in the process. But new research highlights the privacy risks that this kind of personalization can bring. A team of European researchers, working with a researcher from the University of California, Irvine, found that they were able to hijack Google's personalized search suggestions to reconstruct users' Web search histories (PDF). Google has plugged most of the holes identified in the research, but the researchers say that other personalized services are likely to have similar vulnerabilities."

This discussion has been archived. No new comments can be posted.

Reconstructing Users' Web Histories From Personalized Search Results

Search 44 Comments Log In/Create an Account

Comments Filter:

Reconstructing? (Score:5, Informative)

by General Wesc (59919) writes: <slashdot@wescnet.cjb.net> on Sunday April 25 2010, @10:16AM (#31974112) Homepage Journal

The attack described on the first page of TFA didn't involve any 'reconstruction'. They were able to access the web histories by stealing cookies and using them to access the web histories Google provides. In the second page they talk about using the cookies to view a users' Google Suggest results.
Still, this is relatively unsurprising. If you snoop on my non-https transmissions, yeah, you can get a lot of information that I consider private. It would be nice if everything were https (the EFF has been pushing for all GWS to use https for a while now), but it's not news to me that it's not. The most novel thing here is that because they could access/reconstruct web history by getting my cookies, they didn't need to be watching me when I did my searches--getting my cookie now is as good as sniffing my packets when I was doing criminal activity yesterday.

Share
twitter facebook
Trackmenot (Score:2, Informative)

by MrMr (219533) writes: on Sunday April 25 2010, @11:05AM (#31974570)

Reconstruct that
https://addons.mozilla.org/en-US/firefox/addon/3173 [mozilla.org]

Share
twitter facebook
Re:Reconstructing? (Score:3, Informative)

by wdavies (163941) writes: on Sunday April 25 2010, @11:17AM (#31974656) Homepage

+1 mod this to 5 and then re-edit the article & title please. This is not the same as the work identifying people from their movie ratings for example.

Parent Share
twitter facebook
Nicely played (Score:5, Informative)

by ksandom (718283) writes: on Sunday April 25 2010, @12:00PM (#31975074) Homepage

Foreword: We would really like to acknowledge Google’s positive attitude toward our report and results. Google has been very responsive to our findings and is taking actions to fix them. We are very pleased about it.
I think its great when the people discovering the problem, and the people being alerted about the problem behave so well to each other. (They sent the paper to google a month before releasing the final thing.)

Share
twitter facebook
Re:Reconstructing? (Score:3, Informative)

by Simon80 (874052) writes: on Sunday April 25 2010, @12:01PM (#31975092)

If you had read the paper you would see that Google asks for a reauth when an attempt is made to access the web history, so instead they choose the most frequent prefixes that are used in searches, and use them to ask google for search suggestions. Reconstruct is a perfectly suitable word to describe this process.

Parent Share
twitter facebook
Re:DO NOT WANT (Score:2, Informative)

by maxwell demon (590494) writes: on Sunday April 25 2010, @12:53PM (#31975664) Journal

In my experience that's normally only true for the "extra" links it provides (i.e. if directly below the main link, there's links to specific subjects on that site). For example, if you search for Wikipedia, the first hit is the Wikipedia main page, which is a direct link, and below there are links to specific subject areas, which are Google redirection links.
BTW, it shouldn't be too hard to turn them into real links through a Greasemonkey script.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

301 commentsIran Plans To Unplug the Internet, Launch Its Own 'Clean' Alternative
230 commentsNY Times: Microsoft Tried To Unload Bing On Facebook
170 commentsGoogle Shutting Out Rivals, Claims Russian Search Engine Yandex
159 commentsLarry Page Issues Public Update On Google Changes
146 commentsMicrosoft Patent Hints At Search Results Tailored To User's Mood, Intelligence

Space is to place as eternity is to time. -- Joseph Joubert