GoogleSharing, Now With No Trust Required

An anonymous reader writes "GoogleSharing, the popular Google anonymizing service created by well known privacy advocate and security researcher Moxie Marlinspike, has released a major new version today. The biggest change is leveraging Google's SSL search option to provide an anonymizing service which doesn't require you to trust either Google or GoogleSharing. This means that anyone who wishes to opt out of Google's data collection practices can now do so without having to trust the operator of the anonymizing service."

Re:No, not Really?

[snowraver1]

Let me refer you to the second sentence of the summary:

"The biggest change is leveraging Google's SSL search option to provide an anonymizing service which doesn't require you to trust either Google or GoogleSharing."

Kids today...

Re:There is still man-in-the-middle attack

The content is SSL protected, so not unless the GoogleSharing proxy operator has an SSL exploit.

Re:No, not Really?

[shoehornjob]

Somebody mod this guy up. I need more points.

Re:Not a Rhetorical Question

[Chaonici]

From GoogleSharing's FAQ:

Why not use Anonymizer or any other anonymizing proxy service?

General purpose anonymizing proxies are designed for something else.

      1. Most will mask your IP address, but not the identifying information in your HTTP headers. Google will still know who you are based on your Cookies, User Agent, etc...
      2. If the proxy does attempt to anonymize HTTP headers, they will do it by completely stripping cookies from your request. Google does not like this, and will tag you as a SPAM bot (how convient for them to do), which will force you to type in a CAPTCHA every time you issue a Google search, and will prevent you from issuing Maps requests at all.
      3. These types of proxies can be slow. It's not necessary to proxy all of your internet traffic if you're just trying to protect yourself from Google. Since GoogleSharing only proxies Google traffic, our bandwidth needs are much lower and thus our performance is much greater.

Re:Dosnt Support Google Chrome

[Chaonici]

> and don't want Google to know about me when I use my Gmail, Google Voice, Google Transit, Google Maps, or just plain Google
If it requires you to be logged in (such as Gmail), GoogleSharing doesn't help you. This is intended for Google services that can track you without an account, such as search.

Re:Dosnt Support Google Chrome

Is this sarcasm? By virtue of using personalized login-required services like Gmail and Voice, you cannot hide information about you.

Chrome users can install these two Google extensions for further privacy:

• Google Analytics Opt-out Add-on (by Google)
• Google SSL Web Search beta (by Google)

Disclaimer: These two extensions rely on you trusting Google. Neither of them achieve what TFA intends to do.

Re:Suddenly, it doesn't feel like '1984' anymore!

[Afforess]

Oh come on, it can't be that hard to match up spelling and search habits up with people, given enough data. In Google's case, they have lots. Lots and lots. Even if you use the proxy, you're going to visit an external machine sometime, at which case Google will have 2 key points of comparison, and Bam.

My favorite part

[MyFirstNameIsPaul]

googlesharing.net uses no javascript. Hurray!

Re:No, not Really?

[Sir_Lewk]

And if I use the GoogleSharing servers, than I do still need to trust GoogleSharing to be running the software they claim to be running.

No you don't, that's the difference between this version and the previous version. (I know, I know, RTFS is for wimps...) Unless their servers are using a previously unknown SSL exploit* then all you need to do is make sure the cert is correct. That's the thing with SSL, you only need to trust the CA. For the same reason that you don't have to trust your ISP (and every shady goon working there) you don't need to trust googlesharing (now).

*Hmm... well this is Marlinspike...