Slashdot Mirror
GoogleSharing, Now With No Trust Required
An anonymous reader writes "GoogleSharing, the popular Google anonymizing service created by well known privacy advocate and security researcher Moxie Marlinspike, has released a major new version today. The biggest change is leveraging Google's SSL search option to provide an anonymizing service which doesn't require you to trust either Google or GoogleSharing. This means that anyone who wishes to opt out of Google's data collection practices can now do so without having to trust the operator of the anonymizing service."
Isn't there?
Let me refer you to the second sentence of the summary:
"The biggest change is leveraging Google's SSL search option to provide an anonymizing service which doesn't require you to trust either Google or GoogleSharing."
Kids today...
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
A great day for liberty!
That is of course until someone in washington decides it's a security risk because terrorists could use it to plan their attacks. You know that will happen.
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
I do all my browsing in Google Chrome and don't want Google to know about me when I use my Gmail, Google Voice, Google Transit, Google Maps, or just plain Google. The fact that it's only supported in firefox doesn't help out people like me.
The worst part is, they're right. As it turns out, the exact same kinds of privacy we want for the right reasons, the bad guys want for the wrong reasons.
DRM: Terminator crops for your mind!
Somebody mod this guy up. I need more points.
"We are just a war away from Amerikastan. When god vs god the undoing of man." Dave Mustaine
I would think the same privacy they want for the right reasons you want for the right reasons. To be able to have privacy.
From GoogleSharing's FAQ:
Why not use Anonymizer or any other anonymizing proxy service?
General purpose anonymizing proxies are designed for something else.
1. Most will mask your IP address, but not the identifying information in your HTTP headers. Google will still know who you are based on your Cookies, User Agent, etc...
2. If the proxy does attempt to anonymize HTTP headers, they will do it by completely stripping cookies from your request. Google does not like this, and will tag you as a SPAM bot (how convient for them to do), which will force you to type in a CAPTCHA every time you issue a Google search, and will prevent you from issuing Maps requests at all.
3. These types of proxies can be slow. It's not necessary to proxy all of your internet traffic if you're just trying to protect yourself from Google. Since GoogleSharing only proxies Google traffic, our bandwidth needs are much lower and thus our performance is much greater.
Let me refer you to the second sentence of the summary:
Look old man, if it was important, it would be in the FIRST sentence because that's how we kids do it these days even if it means run on sentences and now I'll get off of your lawn.
Oh come on, it can't be that hard to match up spelling and search habits up with people, given enough data. In Google's case, they have lots. Lots and lots. Even if you use the proxy, you're going to visit an external machine sometime, at which case Google will have 2 key points of comparison, and Bam.
If our elected representatives no longer represent us, do we still live in a Democracy?
Bro, more than 140 characters? Gimmie a minute, I need to check like three other services.
Man who leaps off cliff jumps to conclusion.
Let me refer you to the second sentence of the summary:
"The biggest change is leveraging Google's SSL search option to provide an anonymizing service which doesn't require you to trust either Google or GoogleSharing."
Wow.
You are right. That says I don't have trust google or googlesharing. ... assuming I trust the entity that makes that claim.
Oh. The entity making the claim that I don't need to trust GoogleSharing is GoogleSharing. Neat.
So if I don't trust googlesharing, why would my distrust be satisfied by the fact that they claim I don't need to trust them? That makes about as much sense as a fly asking the spider if he can take a nap on the web... the spider said he wasn't hungry... I guess there's nothing to worry about. :facepalm
Now, if you had instead referred me to the googlesharing FAQ:
http://googlesharing.net/faq.html#faq6
"If you're still worried, remember that the GoogleSharing addon and proxy code is publicly available. So it's possible for you to run a GoogleSharing proxy yourself, or to find someone who you do trust."
That's at least a step in the right direction. I can inspect and run the software on a server I do trust.*
And if I use the GoogleSharing servers, than I do still need to trust GoogleSharing to be running the software they claim to be running. I expect they are worthy of that trust but you still have to trust them unless you are running your own server after inspecting the source.*
** And you will need to find a bunch of people who trust YOU using your server for you to derive any privacy benefit from running your own server. Bit of a catch-22 there.
Welcome to Slashdot, where people are too lazy to read the summaries, never mind the articles, and restating a sentence from the summary gets modded +5 Informative.
Grammar and spelling as a virtual fingerprint...
I don't believe anything could go wrong at all.
In any event, I am afraid it is time to unveil your true identity using the grammar and spelling footprint technique. I say to you Mr. Abraham Lincoln... how does it feel to be unmasked by your own musings!
"You should always go to other people's funerals; otherwise, they won't come to yours." -- Yogi Berra
We already decided as a nation, over 200 years ago. I'm not having a hard time walking the line between freedom and oppression, nor is anyone else who is not in a position to lose power if freedom wins. Ben Franklin was right.
Oh, please. Just go wardriving with a vanilla install of ubuntu using a laptop you picked up on craigslist and a wifi card you found in a trash can and you're safe. As usual, these kinds of government activities only infringe on the innocent and do nothing to inhibit the criminals.
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
Yes its all about the plain text and your use of unique data eg a name on yahoo, facebook, MSN, an email ect. :)
That will all get noted and linked back to a friend of a friend of a friend who has been flagged as a person of interest.
http://webcache.googleusercontent.com/search?q=cache:5jex52BhXYEJ:wikileaks.org/wiki/EU_social_network_spy_system_brief,_INDECT_Work_Package_4,_2009+INDECT+Work+Package+4&cd=1&hl=en&ct=clnk as
http://wikileaks.org/wiki/EU_social_network_spy_system_brief,_INDECT_Work_Package_4,_2009 seems to be down. The NSA/GCHQ ect dont care where/how the text comes from, public/private/mirrored ect, just keep it in flowing in a usable form. Add in voice chat too
Domestic spying is now "Benign Information Gathering"
googlesharing.net uses no javascript. Hurray!
I once took an excursion to Reddit, and later HN. Unlimited up/down voting sucks when dealing with a hive-mind.
they pass each keystroke in real time to the servers.
go ahead, type carefully..
they'll see each letter as typed and "fingerprint" you that way
the typing speed and corrected mispellings even without you hitting 'search'
every day http://en.wikipedia.org/wiki/Special:Random
No you don't, that's the difference between this version and the previous version. (I know, I know, RTFS is for wimps...) Unless their servers are using a previously unknown SSL exploit* then all you need to do is make sure the cert is correct. That's the thing with SSL, you only need to trust the CA. For the same reason that you don't have to trust your ISP (and every shady goon working there) you don't need to trust googlesharing (now).
*Hmm... well this is Marlinspike...
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
for that matter: Welcome to Slashdot, where people think scepticism is a good replacement for education and intelligence.
It seems like half the commenter here may have at least RTFS, but simply don't know what SSL is.
"linux is just DOS with a UNIX like syntax" -- Galactic Dominator (944134)
Well, you also have to trust the Firefox extension (or read and understand the code, and trust your ability to find issues if there are any).
The Tao of math: The numbers you can count are not the real numbers.
You do know what Google's business model is, right?
DRM: Terminator crops for your mind!
My understanding, other than encrypting the search terms, nothing much else has changed - sure this prevents GoogleSharing from knowing what kind of porn I like (not that I care), but as the article says, they still get the IP addresses. What does this mean for the truly paranoid? GoogleSharing and Google could easily exchange a bit of motivational cash, maybe the NSA has a box jammed on the incoming side of GoogleSharing to siphon off the IP addresses, with another in Google itself to get the actual search terms. What is Moxie Marlinspike getting from all this? Warm fuzzy feelings don't keep the lights on and food on the table.
Google is your god? :-)
The Tao of math: The numbers you can count are not the real numbers.
I'm certain there are statistical techniques that can be used to tie separate unique, "unrelated" sessions back together when they come from the same user. Some websites expose their account usernames to Google, which can provide near-sure matches.
Certain users habitually use Google to get to their favourite sites because it's literally quicker than typing a URL, and many of those probably use the same abbreviations for those sites each time. My ex-girlfriend used to get to Facebook by typing "face" into Google and clicking "I'm feeling lucky." I bet combining 4 or 5 separate browsing idiosyncrasies like that is enough to uniquely identify many users.
DRM: Terminator crops for your mind!
Oh gods... as one of the three people on the internet that knows the difference between "lose" and "loose," they'll have no problem tracking me down!!!
Theirs some truth in they're. There going to find you.
It seems a lot of people use Google as a portal to their favourite sites. So if they are interested in buying some new shoes, or a holiday, they will return to Google each time and type in their query and then visit the preferred sites each time rather than, as you or I might, doing this once and thereafter visiting the sites direct/bookmarking said sites. I guess this is along the lines of what they mean. For instance, imagine some guy likes to slack off and browse for cheap DVDs on friday afternoons at work - if they can identify a regular pattern, and even perhaps tie it back to his GMail account, they can sell this info to a company who then fires off an email about their massive DVD sale at friday lunch time and can be almost certain he'll hit their site up first.