Reconstructing Users' Web Histories From Personalized Search Results

An anonymous reader sends along this excerpt from MIT's Technology Review: "Personalization is a key part of Internet search, providing more relevant results and gaining loyal customers in the process. But new research highlights the privacy risks that this kind of personalization can bring. A team of European researchers, working with a researcher from the University of California, Irvine, found that they were able to hijack Google's personalized search suggestions to reconstruct users' Web search histories (PDF). Google has plugged most of the holes identified in the research, but the researchers say that other personalized services are likely to have similar vulnerabilities."

Reconstructing?

[General Wesc]

The attack described on the first page of TFA didn't involve any 'reconstruction'. They were able to access the web histories by stealing cookies and using them to access the web histories Google provides. In the second page they talk about using the cookies to view a users' Google Suggest results.

Still, this is relatively unsurprising. If you snoop on my non-https transmissions, yeah, you can get a lot of information that I consider private. It would be nice if everything were https (the EFF has been pushing for all GWS to use https for a while now), but it's not news to me that it's not. The most novel thing here is that because they could access/reconstruct web history by getting my cookies, they didn't need to be watching me when I did my searches--getting my cookie now is as good as sniffing my packets when I was doing criminal activity yesterday.

Re:

[maxume]

Cookie white-listing seems saner and saner.

Re:

[carp3_noct3m]

Totally agreed. One of the first things I do when I do a new install (for me personally) is to make sure in FF that either I have cookies turned off or to have FF ask me everytime. its just like noscript, where yes, it can get annoying for a while, but then once your whitelist is fairly complete it is very worth it. Or you can just always start FF in a private browsing session too.

Re:

[Simetrical]

Cookie white-listing seems saner and saner.

Um, do you understand the attack at all? The attackers intercepted your cookies from Google, using a standard man-in-the-middle attack, and used them to access your account. Cookie whitelisting is useless here: the only cookies are legitimate ones from Google, and if you deny those, you can't log in (as with any cookie-based authentication).

Re:

[maxume]

Yes, exactly. If you are rejecting the cookies, you aren't logged in, and your search history is tracked less. I don't consider the personalization a feature, so I prefer not to be logged in.

(I do this in a somewhat hilarious fashion, I log into Google to use gmail, and then I delete the cookies for google.com (but not for mail.google.com). Paranoia, I am doing it wrong.)

Re:

[wdavies]

+1 mod this to 5 and then re-edit the article & title please. This is not the same as the work identifying people from their movie ratings for example.

Re:

[Simon80]

If you had read the paper you would see that Google asks for a reauth when an attempt is made to access the web history, so instead they choose the most frequent prefixes that are used in searches, and use them to ask google for search suggestions. Reconstruct is a perfectly suitable word to describe this process.

Re:

[wdavies]

The title of the original paper is: Private Information Disclosure from Web Searches.

They found a security vulnerability, and retrieved the information using probable prefixes. The reason I dislike the title is because it sounds a lot like the SIGIR 06 paper

http://video.google.com/videoplay?docid=6474169875352273382# [google.com]

where they actually did reconstruction using publicly available information combined with
collaborative filtering like technology against anonymized data.

This article isn't a bad one, and intere

Re:

[General Wesc]

You want me to read the summary, the article, and the paper? I already went way beyond my duties as a Slashdot commenter. :-)

Bullshit

[Jah-Wren Ryel]

"Personalization is a key part of Internet search

No thank you. All I need is for my searches to be even more limited by what somebody else thinks.
Keep the spam to a minimum and leave this 'personalization' waste-of-time out of it.

DO NOT WANT

[iYk6]

I was going to come here to post DO NOT WANT! But you beat me to it. So instead, I will post a message saying that I was going to post a message saying DO NOT WANT! Done.

Personalized search is a terrible idea, and can only lead to bad results if it doesn't work, or insulation from variety of it does work. I can't believe anybody would want it.

I assume I am safe with cookies and/or javascript turned off. Without javascript, Google never knows what I clicked on.

Re:

[clang_jangle]

I assume I am safe with cookies and/or javascript turned off. Without javascript, Google never knows what I clicked on.

Google analytics is everywhere. The good news is it's trivial to block it using privoxy. Then you can use any browser you want.

Re:

[maxwell demon]

In my experience that's normally only true for the "extra" links it provides (i.e. if directly below the main link, there's links to specific subjects on that site). For example, if you search for Wikipedia, the first hit is the Wikipedia main page, which is a direct link, and below there are links to specific subject areas, which are Google redirection links.

BTW, it shouldn't be too hard to turn them into real links through a Greasemonkey script.

Re:

[General Wesc]

...or insulation from variety of it does work. I can't believe anybody would want it.

If my goal was variety, I'd be using Stumble Upon. I use GWS to find what I'm looking for. This is typically something very specific. There are also domains I'm focused on a whole lot more than the aggregate person, and those I'm much less interested in. When I search for a song title or a line from a song, I never, never, never want a link to a video site that 1. isn't YouTube or 2. doesn't use Flash. Translation: I want

Actually - yes

[Snaller]

You do what it - what you don't want - or what you fear is that someone else will abuse the knowledge (which I think is legitimate )

But personalized means better results for YOU - not worse.

Re:

[Jah-Wren Ryel]

But personalized means better results for YOU - not worse.

No it doesn't. It means results that better conform to what someone else thinks I want and has overly simplified into a set of basic heuristics.

If it really meant better results for me, that would require an actual ME to make the evaluation of each potential result.

Re:

[Jah-Wren Ryel]

All web search is based on a set of heuristics trying to guess what you want. Personalized search simply means that the heuristics are more adaptive.

What you call 'adaptive' I call insular and misdirected. The presumption that what someone searched for yesterday, or even half an hour ago should narrow their search results for a new search is just about universally false for anyone more inquisitive than an airhead. And if what I searched for 1 minute ago ought to affect the results of the next search I type - I'll add the necessary keywords to the new search myself.

Obvious EU centrism

[Beretta Vexe]

>>A team of European researchers, working with a researcher from the University of California, Irvine,

Dear /.

Europe isn't a country. The Inria isn't a European research institution, it's only a French institution.

Best regards

Re:

[icebraining]

And French people aren't European as well?

Besides, if you had RTFA, you'd see that two are French, but there's also Emiliano De Cristofaro, and Italian from the UCI (University of Palermo), Italy. So describing them as French would be wrong.

Re:

[Beretta Vexe]

>>And French people aren't European as well?

Who said they are French ? You don't need to be french or european to work in the inria.

If I follow your logic mention the University of Irvine is unnecessary since all researchers are European.
If the article refers to the research facility they works for, it's wrong too because the INRIA isn't European.

 

Re:

[slashdotmsiriv]

what are you talking about? INRIA is in France, and France is in the EU. Even more,
INRIA is largely funded by the EU

Re:

[DNS-and-BIND]

Well, for a place that's not a country, the EU sure behaves like one. Got a flag, currency, legitimately elected leaders, the whole deal. Taking pride in one's nation is bad. You'd think a European would know that the graveyards in Europe are filled with firm believers in nationalism.

Re:

[maxwell demon]

The UN also has a flag and leaders, and you wouldn't call it a country.
The EU doesn't even have an official hymn (although Beethoven's "Ode an die Freude" is played whereever a hymn would be, making it an inofficial hymn).
The Euro is not currently a currency of all EU members (especially the UK has the option to keep out even if they meet the conditions for entry; others are not yet in just because they don't meet the conditions).
There's also not really an EU government. Most EU institutions are just people

Re:

[Jah-Wren Ryel]

>>A team of European researchers, working with a researcher from the University of California, Irvine,

Europe isn't a country. The Inria isn't a European research institution, it's only a French institution.

I can't tell if you are trolling or if you really did fail basic set theory.

Re:

[Beretta Vexe]

I can't tell if you are trolling or if you really did fail basic set theory.

I'm just trolling, it's just funny that the only research institution name in the topic is the University of California, when the only researcher form this university started this study in the INRIA ( where he worked before moving to Irvine ).

It's a minor case of US monopolization ;-)

Re:

[myowntrueself]

It's a minor case of US monopolization ;-)

A bit like how many US news outlets would *insist* on referring to the ISS as "The NASA Space Station Project".

If the Yanks could build a space station in a higher orbit (they can't cos the shuttle can't go very high) they'd piss on the ISS, I am sure.

Re:

[freedumb2000]

News just in: World citizens did something!

Trackmenot

[MrMr]

Reconstruct that
https://addons.mozilla.org/en-US/firefox/addon/3173 [mozilla.org]

Re:

[maxume]

It still has the flaw that you have to trust them not to make it appear that you are doing things you would never want associated with you.

Of course, trust is largely a social problem, so it isn't surprising that throwing technology at it doesn't help much.

Pointless

[Quiet_Desperation]

[1] What's the point of past searches when most of the time I do a search it's to find out something new?

[2] It never works.

Netflix has years of my rental history and algorithms devoted specifically to movies, have held contests to develop a better algorithm and yet their recommendation system is full of fail. It's always notifying me about films you'd have to tie me down to watch, forcing my eyelids open like Malcom McDowell in that scene from Clockwork Orange.

Amazon is the same way, although they are mayb

Re:

[bipbop]

Occasionally this is helpful for me. "Oh, there's a new book by such-and-such? Didn't know."

Re:

[Quiet_Desperation]

Yeah, that's the few extra molecules I mentioned, but I tend to track authors I like anyway. I get more use looking at *other* people's lists that happen to have something I read on them.

Nicely played

[ksandom]

Foreword: We would really like to acknowledge Google’s positive attitude toward our report and results. Google has been very responsive to our findings and is taking actions to fix them. We are very pleased about it.

I think its great when the people discovering the problem, and the people being alerted about the problem behave so well to each other. (They sent the paper to google a month before releasing the final thing.)

Re:

[shoehornjob]

I think its great when the people discovering the problem, and the people being alerted about the problem behave so well to each other. (They sent the paper to google a month before releasing the final thing.)

That only works for Google. You know damn well if they sent that data to Microsoft they would have denied it for several months only to fix it when an exploit was released in the wild.That's how the Redmond spin works

Re:

[ksandom]

That only works for Google. You know damn well if they sent that data to Microsoft they would have denied it for several months only to fix it when an exploit was released in the wild.That's how the Redmond spin works

Not to mention legal gun fire as well. But there are positive examples out there like this, and I think it's really good to encourage this.

I'm cool with having a web history

[OrwellianLurker]

I just want to have access to it and control over it. If I want to stop using Google's services, I should be able to delete my web history and they should be able to remove all of it in a reasonable time frame. My problem is that the Feds are almost certainly able to access Google's information on us, and so are other entities that Google might share their data with. If I knew that only Google would get my information, that I could control it, and that it would only be used to target advertisements to me, I

Re:

[OrwellianLurker]

I agree that your data being used for any purpose should be opt-in, and its sale or transfer to a third party should also be opt-in. I don't really see how you can complain that they use your data for targeted advertising when you use their services. If you are on sites using their services, you are indirectly using their services.