Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mining Browsing History With Google Cookie Data

Posted by Soulskill on from the is-it-the-90s-again dept.

mikejuk writes "Recent research reveals details on how Google's SID cookie can be used to discover what websites a user has visited. In principle, the cookie is a low security risk because it doesn't allow acess to any data without authentication — thus it is sometimes transmitted in the clear and easy to intercept. With a little help from Google Search History and the 'Visited Pages' filter, researchers were able to list up to 80% of the pages visited by volunteer victims. Throw into the mix the 'social' filter and you can discover a lot more."

3 of 40 comments (clear)

  1. Re:Google by MichaelKristopeit355 · · Score: 3, Insightful

    Google shouldn't even try to do datamining...

    i'm sure the web will just index itself.

  2. Re:Interesting by Dahamma · · Score: 3, Insightful

    The SID is just Google's "session ID", it doesn't contain browsing data itself. They were just hijacking the session id and using it in Google searches, then looking at the results to try to determine a user's search history based on what Google sent back.

    Stealing someone's session cookie and then using it to get information about the victim? This is *definitely* nothing new, and I'm sure there are tons of other sites vulnerable to the same attack...

  3. Re:Compare what? by LordLimecat · · Score: 3, Interesting

    Yes, they totally crack down on opensource and lead the way with EEE....

    Except for when theyre hosting FOSS projects on google code.

    And contributing massive amounts to them (HTML5 standards, WebM, Chromium, Android, Wave {which was a completely open protocol}).

    And donating massive amounts of money to Mozilla foundation.

    But other than that, yea, linux geeks unite against the monster that is Google.