Reconstructing Users' Web Histories From Personalized Search Results 44
An anonymous reader sends along this excerpt from MIT's Technology Review:
"Personalization is a key part of Internet search, providing more relevant results and gaining loyal customers in the process. But new research highlights the privacy risks that this kind of personalization can bring. A team of European researchers, working with a researcher from the University of California, Irvine, found that they were able to hijack Google's personalized search suggestions to reconstruct users' Web search histories (PDF). Google has plugged most of the holes identified in the research, but the researchers say that other personalized services are likely to have similar vulnerabilities."
Reconstructing? (Score:5, Informative)
The attack described on the first page of TFA didn't involve any 'reconstruction'. They were able to access the web histories by stealing cookies and using them to access the web histories Google provides. In the second page they talk about using the cookies to view a users' Google Suggest results.
Still, this is relatively unsurprising. If you snoop on my non-https transmissions, yeah, you can get a lot of information that I consider private. It would be nice if everything were https (the EFF has been pushing for all GWS to use https for a while now), but it's not news to me that it's not. The most novel thing here is that because they could access/reconstruct web history by getting my cookies, they didn't need to be watching me when I did my searches--getting my cookie now is as good as sniffing my packets when I was doing criminal activity yesterday.
Trackmenot (Score:2, Informative)
https://addons.mozilla.org/en-US/firefox/addon/3173 [mozilla.org]
Re:Reconstructing? (Score:3, Informative)
+1 mod this to 5 and then re-edit the article & title please. This is not the same as the work identifying people from their movie ratings for example.
Nicely played (Score:5, Informative)
Foreword: We would really like to acknowledge Google’s positive attitude toward our report and results. Google has been very responsive to our findings and is taking actions to fix them. We are very pleased about it.
I think its great when the people discovering the problem, and the people being alerted about the problem behave so well to each other. (They sent the paper to google a month before releasing the final thing.)
Re:Reconstructing? (Score:3, Informative)
Re:DO NOT WANT (Score:2, Informative)
In my experience that's normally only true for the "extra" links it provides (i.e. if directly below the main link, there's links to specific subjects on that site). For example, if you search for Wikipedia, the first hit is the Wikipedia main page, which is a direct link, and below there are links to specific subject areas, which are Google redirection links.
BTW, it shouldn't be too hard to turn them into real links through a Greasemonkey script.