TrackMeNot

In the wake of AOL’s publication of search data, and the New York Times article demonstrating how easy it is to figure out who did the searching, we have TrackMeNot:

TrackMeNot runs in Firefox as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and MSN. It hides users’ actual search trails in a cloud of indistinguishable ‘ghost’ queries, making it difficult, if not impossible, to aggregate such data into accurate or identifying user profiles. TrackMeNot integrates into the Firefox ‘Tools’ menu and includes a variety of user-configurable options.

Let’s count the ways this doesn’t work.

One, it doesn’t hide your searches. If the government wants to know who’s been searching on “al Qaeda recruitment centers,” it won’t matter that you’ve made ten thousand other searches as well—you’ll be targeted.

Two, it’s too easy to spot. There are only 1,673 search terms in the program’s dictionary. Here, as a random example, are the program’s “G” words:

gag, gagged, gagging, gags, gas, gaseous, gases, gassed, gasses, gassing, gen, generate, generated, generates, generating, gens, gig, gigs, gillion, gillions, glass, glasses, glitch, glitched, glitches, glitching, glob, globed, globing, globs, glue, glues, gnarlier, gnarliest, gnarly, gobble, gobbled, gobbles, gobbling, golden, goldener, goldenest, gonk, gonked, gonking, gonks, gonzo, gopher, gophers, gorp, gorps, gotcha, gotchas, gribble, gribbles, grind, grinding, grinds, grok, grokked, grokking, groks, ground, grovel, groveled, groveling, grovelled, grovelling, grovels, grue, grues, grunge, grunges, gun, gunned, gunning, guns, guru, gurus

The program’s authors claim that this list is temporary, and that there will eventually be a TrackMeNot server with an ever-changing word list. Of course, that list can be monitored by any analysis program—as could any queries to that server.

In any case, every twelve seconds—exactly—the program picks a random pair of words and sends it to either AOL, Yahoo, MSN, or Google. My guess is that your searches contain more than two words, you don’t send them out in precise twelve-second intervals, and you favor one search engine over the others.

Three, some of the program’s searches are worse than yours. The dictionary includes:

HIV, atomic, bomb, bible, bibles, bombing, bombs, boxes, choke, choked, chokes, choking, chain, crackers, empire, evil, erotics, erotices, fingers, knobs, kicking, harier, hamster, hairs, legal, letterbomb, letterbombs, mailbomb, mailbombing, mailbombs, rapes, raping, rape, raper, rapist, virgin, warez, warezes, whack, whacked, whacker, whacking, whackers, whacks, pistols

Does anyone reall think that searches on “erotic rape,” “mailbombing bibles,” and “choking virgins” will make their legitimate searches less noteworthy?

And four, it wastes a whole lot of bandwidth. A query every twelve seconds translates into 2,400 queries a day, assuming an eight-hour workday. A typical Google response is about 25K, so we’re talking 60 megabytes of additional traffic daily. Imagine if everyone in the company used it.

I suppose this kind of thing would stop someone who has a paper printout of your searches and is looking through them manually, but it’s not going to hamper computer analysis very much. Or anyone who isn’t lazy. But it wouldn’t be hard for a computer profiling program to ignore these searches.

As one commentator put it:

Imagine a cop pulls you over for speeding. As he approaches, you realize you left your wallet at home. Without your driver’s license, you could be in a lot of trouble. When he approaches, you roll down your window and shout. “Hello Officer! I don’t have insurance on this vehicle! This car is stolen! I have weed in my glovebox! I don’t have my driver’s license! I just hit an old lady minutes ago! I’ve been running stop lights all morning! I have a dead body in my trunk! This car doesn’t pass the emissions tests! I’m not allowed to drive because I am under house arrest! My gas tank runs on the blood of children!” You stop to catch a breath, confident you have supplied so much information to the cop that you can’t possibly be caught for not having your license now.

Yes, data mining is a signal-to-noise problem. But artificial noise like this isn’t going to help much. If I were going to improve on this idea, I would make the plugin watch the user’s search patterns. I would make it send queries only to the search engines the user does, only when he is actually online doing things. I would randomize the timing. (There’s a comment to that effect in the code, so presumably this will be fixed in a later version of the program.) And I would make it monitor the web pages the user looks at, and send queries based on keywords it finds on those pages. And I would make it send queries in the form the user tends to use, whether it be single words, pairs of words, or whatever.

But honestly, I don’t know that I would use it even then. The way serious people protect their web-searching privacy is through anonymization. Use Tor for serious web anonymization. Or Black Box Search for simple anonymous searching (here’s a Greasemonkey extension that does that automatically.) And set your browser to delete search engine cookies regularly.

Tags: , , , , , , ,

Posted on August 23, 2006 at 6:53 AM88 Comments

Comments

Grant Gould August 23, 2006 7:13 AM

One approach that occurs to me is to have the “extra” queries be actual queries from other users. This would spread out incriminating queries over many users, bumping up the false-positive rate of any data-mining — as you’ve said, it’s the false-positive rate that is limiting in data-mining analyses.

In addition, there’s no reason to randomize the timing — the plugin could just fire off a large burst of queries every time the user fires one, as timing analysis is unlikely to help much in picking out the real query unless the user is typo-fixing, and that would be detectable under any amount of noise.

(Also — is it reasonable to criticise the bandwidth use of fake-query methods, then recommed TOR which moves many times as many bits per query?)

Of course the best answer of all would be for someone to put together a web search business that doesn’t track its users or store their queries, or does so only in some sort of third-party-controlled out-of-jurisdiction drop-safe. But that doesn’t seem to fit anyone’s business models at the moment.

silent bob August 23, 2006 7:32 AM

Maybe for the next version of the program they could add more exotic terms there, so all those al quaida recruitment centers, how to make explosives home from shampoo and hair gel, naked pictures of underage goats …. 😀

Mike Sherwood August 23, 2006 7:48 AM

It seems like it would be much easier to just have sites for those people who don’t want to be tracked that aggregates all of their queries. With a user base of more than 1, such a site would offer plausable deniability. It would be possible to determine that the site searched for “glass gopher”, but it would break the link between the user and the search history. In effect, you could show that a user of the site ran that query, but that’s no more interesting that google knowing that someone ran a query. The data value comes in tying that back to an individual, which is the part that could easily be broken.

Ewan Gunn August 23, 2006 8:12 AM

Of course, if they do implement the idea of monitoring and searching on words found in the websites we ourselves look at, everyone looking at your blog is likely in trouble, especially the marvellous catalogue of words even in this entry!

grin

Also Mike – that’s a brilliant idea. So simple, which is what the security and privacy field needs.

Bruce Schneier August 23, 2006 8:20 AM

“Of course, if they do implement the idea of monitoring and searching on words found in the websites we ourselves look at, everyone looking at your blog is likely in trouble, especially the marvellous catalogue of words even in this entry!”

And the Crypto-Gram version of this essay will trip many spam checkers.

Jim August 23, 2006 8:26 AM

People up to no good just hide their sites from search bot spyders. A good way to avoid detection, is to avoid search engines. The search of search results doesn’t seem like a good way to gather intelligence. Somebody searched for shoe bomb, so what. Shoe Bomb could be a punk band, a blog or whatever. If you are plotting an attack, you could just pass a URI to others in your group or use an email account that everybody in the group has a password for. The message sits in an archive. The email never gets sent, it can be read by anybody with the password and knowledge of the location. Spread the message across multiple email accounts, so no single mailbox contains all the information. Each mailbox looks harmless. A URI could be hidden in four email accounts, each with different passwords. You put the URI together to find the site. It’s nearly impossible to find the site without a lot of information. Then the site could be password protected and the evil plan could be spread across multiple sites, each password protected. Analysis of search data is a waste of time. It’s like watching everybody and you are watching nobody in the process. At least it must be entertaining to be able to get paid to search searches and see all the idiotic search terms. Good luck finding criminals this way.

Dennis Doughty August 23, 2006 8:29 AM

I wonder how many people who use services such as GMail also believe they are improving their anonymity by regularly deleting their cookies? The truth is, you can delete all the cookies you want, but as soon as you check your email you’ve got a new cookie that can easily be correlated with your old one. You have to also opt out of those incredibly useful free services unless you are careful to log out of them, then delete your cookies, then change your IP address, and only then perform your search.

Jim August 23, 2006 8:39 AM

I guess the point of tracking people is to find customers as well. Here’s the secret. Have a good product or service.

t3knomanser August 23, 2006 8:46 AM

Search Spamming seems to be a horrible idea- for you, for the search engine, and in terms of security.

A simple, integrated proxy would make more sense for everyone, minus the spam searches.

1234567890 August 23, 2006 8:48 AM

I don’t get the fuss about getting profiled by the enigines, and then install such extention too spam the hand that feeds you. And really… don’t think Google won’t filter it out and block you about it, beacuse there is a limit of queries one can perform without an API key.

BTW:
If someone is interested in a cryptohash
extention i build for FireFox:

https://addons.mozilla.org/firefox/3208/

Keep it up.

Sencer August 23, 2006 9:05 AM

http://foxyproxy.mozdev.org/ + tor+privoxy are IMHO the best way. Foxyproxy selects from different proxies based on the request-urls.

I have mine setup to send all search queries via tor+privoxy, this strips all sent/received cookies and uses a different IP every other minute or so.

All my regular surfing, including the use of “normal” google/yahoo services I do without proxies, so they always have my “real” IP which is different than all the one used for searches.

All it took was a 3-minute installation (with ubuntu at least) and adding a few rules.

Bruce Schneier August 23, 2006 9:07 AM

“I wonder how many people who use services such as GMail also believe they are improving their anonymity by regularly deleting their cookies? The truth is, you can delete all the cookies you want, but as soon as you check your email you’ve got a new cookie that can easily be correlated with your old one. You have to also opt out of those incredibly useful free services unless you are careful to log out of them, then delete your cookies, then change your IP address, and only then perform your search.”

Good point. This is one of the reasons I do not use GMail. The fact that they save all my e-mail — and I have no protections against them doing whatever they want with it — is another.

Jim August 23, 2006 9:10 AM

Good points by Dennis. I’d add, spread your functions across multiple sites. There are tons of free services, so using multiple sites isn’t an expense. You can store information securely by breaking it up and putting it in different places. Keep it safe from Google. I’ve seen passwords on Google using complex search methods. I don’t know how effective this is, I just see possibilites. Google is powerful, so I could imagine it being used to crack security and unlock passwords. Use Google with care and figure all your security could be cracked and you wouldn’t know about it. It’s not Googles fault that people use it for evil. The don’t be evil bit is marketing fudge. Google can and is being used for evil, so don’t put all your eggs in one crate.

TimH August 23, 2006 9:13 AM

When Schneier proves that a certain security technique won’t work… is that what’s known as a Bruce Force attack?

cw August 23, 2006 9:17 AM

I only use gmail for maintaining the prolific already-public email lists I belong to.

If I did have direct personal concerns with my search terms being subject to scrutiny I wouldn’t use anything like it.

Regarding this firefox extension, it seems like it is effectively doing a distributed denial of service attack on search servers. If I were one of the services included, I’d fire off some cease and desist mails. If it was widely adopted it would eat up a lot of bandwidth and cpu resources.

Jim August 23, 2006 9:30 AM

Marketing trumps security. Users pay attention to ads and ignore security. Companies have large marketing departments and small security departments. I worked retail. 200 sales clerks and a dozen security people in one store. God knows how many shoplifters were roaming the aisles. Maybe 50, 150 during the busy holiday shopping season. The security people are always out numbered. They can prevent, but a certain percentage of goods are lost to theft. It’s all caught on camera and recorded. AOL is in the same boat. Data is going to be lost or stolen. Plus competition is going to exploit the AOL situation to try to gain new users. I think AOL is in big trouble and it might get worse. Handing our Secure Edition CD’s seems to be great security marketing. How secure are they? The one I saw was made in Hong Kong. I wasn’t impressed myself.

Sencer August 23, 2006 9:41 AM

Dennis, Bruce, Jim: Actually with Foxyproxy+tor+privoxy as I described abve you can keep using the free services and still have your searches totally anonymous.

And as Greg comments: I would not use any single Proxy, because it only shifts the trust you have to have invest one place to another. I Plus: I know Google will have a large problem, if they decide to do unlawful things with the data, and there’s lots of people eager to uncover such a thing ( the “told-you-so” crowd). But who is “blackboxsearch” and who would care if they did unlawful things? Same thing for the many lists of open proxies available on the net. It my be fine, if you only intend to ue it to spam your neighbours guestbook or annoy some forum moderator. But i wouldn’t trust it on a regular basis. There is a reason why projects like TOR, I2P, JAP are being worked on.

Steve August 23, 2006 9:47 AM

@Stuart Langridge:

You said “Grant: spreading out incriminating queries over many users potentially means that all of the many users get arrested. That’s not necessarily a defence.”

It’s the “I am Spartacus” defence. If there are enough people involved, and if there’s no way for the enemy (Romans, advertisers, law enforcement: take your pick) to figure out who they’re really after, then it works. So, if one million people somehow made their search patters indistinguishable, then search logs would cease to provide any useful information about any one of them.

No government could (or would want to) arrest one million people just because at least one of them is dodgy. Criminalising the software would “solve” the problem (in the same way that governments occasionally try to ban or subvert encryption, not because the majority of use is harmful but because some tiny proportion of it is), but would take time and face resistance.

In this case getting enough people is not implausible, but as Bruce suggests above, preventing a skilled data analyst from removing the noise is extremely difficult. More difficult, in fact, than genuinely anonymising your searches. So the whole question is pretty academic.

quincunx August 23, 2006 9:53 AM

“it won’t matter that you’ve made ten thousand other searches as well — you’ll be targeted.”

Wouldn’t that also be considered intentional spamming of the query service?

@ Jim

“Plus competition is going to exploit the AOL situation to try to gain new users. I think AOL is in big trouble and it might get worse.”

Precisely! Let their mistakes effect their business negatively.

“Marketing trumps security. Users pay attention to ads and ignore security.”

If you have nothing to sell (or lose) , you have nothing to secure.

“I worked retail. 200 sales clerks and a dozen security people in one store. ”

Now imagine how the opposite situation would work. Who wants to shop with dozens of security guys in every aisle!

“God knows how many shoplifters were roaming the aisles.”

God doesn’t know, but the company probably knows the amount of shrink from theft. If the cost of theft is less than hiring another guard, then be assured that one will not be hired. Makes perfect sense.

derf August 23, 2006 10:18 AM

ixquick supposedly deletes all search log data. Problem is…do you trust press releases and marketing hype these days?

The Firefox add-on doesn’t even give you plausible deniability. To do that, the timing would need to be random, it would need to use random numbers of terms, and all of your real search terms would need to be included in the plug-in’s default database.

Jim August 23, 2006 10:26 AM

In retail you also have to deal with sales people who steal. This can be merchandise, cash or credit card data, which is easy to steal. I’ve seen it get to the point where the security people were stealing the stuff they were paid to protect. I worked an airline job and the theft ranged from bottled water to time. Stealing time was easy. Leave early at 8 and some other employee clocks you out later at 11. Employees develop all kinds of way to get around security and these are just unsophisticated working stiffs. AOL has removed the data. It’s been mirrored, so AOL might as well of just left it there. At least that way you could explore the crime scene and investigate. I’m sure the cover your ass crowd at AOL thought deletion was best. Destroy all the records and emails, it never happened. AOL employees cleaned everything up, but it’s still a mess. That’s how conspiracy works. You try to delete the emails and communications, but the damage is done and you’re like Enron 2.0, because the public doesn’t trust you. You can’t delete the public, all you can do is serve it. AOL is screaming, we’ve changed. It’s falling on deaf ears. People are waiting to hear how loud the thud is when AOL hits the bottom. I think AOL is headed for Breakupville.

Jim August 23, 2006 11:31 AM

AOL should have a nice breakup value, to be positive about it. Weblogs Inc. could be sold, AIM auctioned and a chunk here, a piece there and you are talking real money. As a whole AOL is like humpty dumpty, only digital. They keep patching AOL up to keep it going just like Windows and something new breaks. The online business model seems to favor smaller companies that are specialists. Weblogs Inc. was doing fine as Weblogs Inc.. AOL swallows it and blows a data fart and craps all over its users.

Time for a shower. Good luck and good night.

another_bruce August 23, 2006 12:39 PM

“and four, it wastes a whole lot of bandwidth…”
there’s an upside to that you didn’t mention. think of all the additional servers and routers sun and cisco will be able to sell. maybe a combination of fake search queries and encouraging more spamming can revive the moribund tech market.

pseudomonas August 23, 2006 12:42 PM

Black Box proxy has problems – it puts your search terms in the page URL and then gets you to request images directly from google.com – requests coming from your IP address with the search terms in the Referer: header. Might be OK if you trust Google not to log that information, but it’s a bit dodgy for a proxy.

Anonymous Coward August 23, 2006 1:42 PM

Keep in mind that some search engines don’t log their searches…

http://clusty.com/

But logging your traffic TO the search site…well…Knoppix and TOR can help you there.

David Dyer-Bennet August 23, 2006 2:03 PM

Having “bad” keywords in the fake search list is of benefit to others, and if the fake search is widely adopted, not harmful to you. It creates noise in precisely the right places, where the bad guys will be looking.

Clearly there are too many regularities to the search pattern. It needs randomizations and such. However, it should not be entirely based on your searches; it has to introduce lots of stuff you’re not really interested in.

And, again, the benefits come from lots and lots of people running this, not to you from just you running this.

Eric August 23, 2006 2:08 PM

Bruce,

Thank you for the great analysis on TrackMeNot.

I want to make you aware of a service that is similar to TrackMeNot that addresses most of the concerns you raise.

LostintheCrowd.orgwas launched in response to AOLs data release as a proof of concept in hopes of getting people to think more about their privacy online.

LostintheCrowd.org allows users to register their search engine tracking cookies with the service. LostintheCrowd.org then performs random searches on the user’s behalf.

Unlike TrackMeNot, the searches are not performed at set intervals, the search terms are not based on random two word choices but instead are made to mirror real life searches, and the searches do not take up user’s bandwidth or processing time.

Great efforts were taken to ensure the searches performed would pass for real user searches.

The concerns you raise above were taken into consideration during the design and development of the lost in the crowd service.

The overall goal any of us should take from AOLs release is to find ways we can better protect ourselves.

Erik N August 23, 2006 2:26 PM

@Bruce:

“And I would make it monitor the web pages the user looks at, and send queries based on keywords it finds on those pages.”

Isn’t this what you exactly don’t want? Searching terms on pages you actually visit of interest is submitting additional personal info for profiling.

Rather you want the program to watch your browsing habbits and NOT search terms appearing on pages you visit frequently – unless these are common words, such as: “how do I make liquid bombs in airplane lavatories”.

Also, you might want the program to not query words that may cause trouble such as “bombs” – replace these by something else, so the query would then be: “how do I make liquid cowards in airplane lavatories”…

Marc A. Pelletier August 23, 2006 4:09 PM

A point that people seem to forget is that I don’t think the point of TrackMeNot is to hide the searches you made, but to give you plausible deniability.

“I didn’t search for this, must have been TrackMeNot that did it!”

It may not be much better at that, but at least it’s a more realistic objective.

anon August 23, 2006 4:45 PM

TrackMeNot – new version 0.3.0 posted at: http://mrl.nyu.edu/~dhowe/trackmenot/

Features:
– User-configurable query lists (see TMN->Options)
– Randomized query-lengths (1-6 words per query)
– Larger word list with ‘actual’ search terms
– Improved scheduling randomization
– Interface improvements

Thomas August 23, 2006 6:07 PM

@Bruce,
“””Good point. This is one of the reasons I do not use GMail. The fact that they save all my e-mail — and I have no protections against them doing whatever they want with it — is another.”””

With various data retention acts (see “Ten Worst Privacy Debacles of All Time”), and a typical ISP’s contract entiteling them to do whatever they want with your traffic, how does your current email differ (in privacy terms) from GMail?

Punhead August 23, 2006 6:26 PM

@TimH
“When Schneier proves that a certain security technique won’t work… is that what’s known as a Bruce Force attack?”

Not sure, but if creating such proofs were among Bruce’s strongest skills, they’d be Bruce Forte attacks.

ticktock August 23, 2006 6:32 PM

Instead of randomizing the times for fake queries, synchronize real queries to the fake-query timer. So if a new fake query occurs every 12 secs, and the user has a real query, then the next query sent will be a real one not a fake one. Max latency is 12 secs.

Also, I think it’d be better to use the AOL data to create the word-lists, and also to create the number-of-word query patterns, at least until the program learns the patterns for your own queries. Adaptable heuristics.

elegie August 23, 2006 10:57 PM

For some protection, it might be useful to avoid the built-in search interface for an online service. Using an external browser and a third-party search engine might well reduce the chance of search queries being associated with a specific user over time. With a built-in search interface, it is easy to record the precise query and the identity of the user. If IP addresses are dynamically reassigned, knowing the IP address that is associated with a query URL is of less significance. When using a separate search engine with an ISP company, there is less likely to be problems if one of the companies does something wrong.

Of course, new and/or inexperienced users are likely to favor the built-in search interface for their ISP. It is familiar in terms of branding and it is convenient.

Incidentally, users of the Mozilla Firefox browser can disable the sending of referer headers. For more information, see http://kb.mozillazine.org/Network.http.sendRefererHeader

ebenezer goode August 24, 2006 12:19 AM

“It seems like it would be much easier to just have sites for those people who don’t want to be tracked that aggregates all of their queries. With a user base of more than 1, such a site would offer plausable deniability.”

As well as the encrypting tunnel proxy sites, there is at least one site dedicated to exactly what you propose, for exactly this purpose: http://scroogle.org

To the people including bruce who ciriticize trackmenot because it searches for things other than ‘kittens’ and ‘daisies’, I think the idea behind these things is not that a single install protects a single user, but that if a lot of people use it, it becomes unreasonable to investigate people based on their search queries, since large numbers of people are performing queries which are ‘just as bad’.

Coming up with a statistical filter that weeds out tools such as this is one thing, proving to a judge that your filter works accurately and he should grant a warrant based on the fact that some moron searched for ‘dirty cheese’ three days before a food poisoning outbreak is another.

Of course, the accurate criticism which applies is simply, do you think the cops give a shit whether you really are a bad person? Of course not, they just want to make arrests. It’s why they became police. Give them a break.

0987654321 August 24, 2006 12:29 AM

@1234567890 “I don’t get the fuss about getting profiled by the enigines”

So .. uh, I guess 1234567890 is your real name. Or is it your phone number. Or address. Perhaps I can google you on that string?

What is the difference between a monolothic business with a defined profit motive, a bottom line, and a bunch of shareholders at the helm having your intimates, and you sharing them with us nice trustworthy friends of Bruce’s?

I think you need to rethink your opinion, since you are clearly confused or deceiving us.

0987654321 August 24, 2006 12:32 AM

doh! OK, i clicked your name, and it shows a real name on the page …

Well, my point I think is still valid. I doubt you post your real details on everything you do, and if you do online and offline, and if you do, you either live a very risky life, or a very boring one, I’m not sure which. But google knows.

ebenezer goode August 24, 2006 12:39 AM

the problem with aggregation sites like scroogle are that .. we have to trust the aggregator, so the trusted party is just shifted, and perhaps the amount of information they can each aggregate is reduced, if there are more than one of these.

AT&T interestingly enough, apart from helping NSA to snoop recently on most/all americans, had published a useful tool that in theory would solve this problem. However they never published the full source iirc or perhaps the license was just restrictive, and the tool, an aggregating anonymising proxy, was in any event removed from their site some years ago.

See http://www.landfield.com/isn/mail-archive/1998/Mar/0033.html for a sketch of how it worked.

archived site:

http://web.archive.org/web/20000815055120/www.research.att.com/projects/crowds/

And, yes, all the posts above, including the one at the top by ‘bruce’ were by me. NSA can verify this. But they will never know if it’s because I, being Bruce Schnier, hacked their snooper to make it look that way. 😛

361962203 August 24, 2006 1:26 AM

“God doesn’t know, but the company probably knows the amount of shrink from theft.”

The company being exactly whom? And how does he/she know the person who did the audit did not fudge the books? And the people making the items did not make more of them than they said? And somehow got the materials at below cost (I wonder how?!)? etc etc

Watch catch22 if you want to know how the real world works. Security is fine in theory, in real life, like God, it doesn’t exist. It’s an abstraction, an ideal. Get over it and enjoy what you do have, don’t fret away your life worrying about what you could use. And then you will find you make clearer decisions about security matters as well, because your brain is working mroe efficiently. Stress is a killer, not just binary 1/0 death-style killing, but incremental eating away of our joy and our ability.

And re: anonymisers to defeat totalitarian states, of course, they can always take you in for obstructing the police in their duty, or whatever the equivalent crime is in your jurisdiction. Try disproving that one, even in “the west”, or any of a hundred thousand made-up charges that are kept on the books so that police in “western democracies” all have arbitrary power of arrest. And when you resist, see if they are not violent and animal-like, just like the ones we are told about in Iraq and Afghanistan. Enjoy what you have and understand that most of you joy comes about through some irational happenstance, not through endless juggling of security parameters and respecifying of jargon. Lipservice to authority is the best thing that was ever invented. All heil the king!

People are the same everywhere. They’re not that bad. And they’re not that good. Better take sensible precautions, but don’t go overboard, and don’t waste time on something if it doesn’t work, and above all, don’t piss people off who are all set to exact retribution. Stress is the killer, it’s also the aggravator.

And something like this trackmenot will get better with refinements based on feedback. Yum.

Jojo August 24, 2006 2:26 AM

“I didn’t search for this, must have been TrackMeNot that did it!”

It may not be much better at that, but at least it’s a more realistic objective.

And it doesn’t matter one bit when TPTB break down your front door, take your computer(s) and incarcerate you w/o charges for years while they “investigate”.

Jojo August 24, 2006 2:30 AM

“And set your browser to delete search engine cookies regularly”

What exactly does this do? I doubt that Google, AOL, etc. keeps more than a few searches in your cookies. Most of what you searched for is stored on their system linked to your IP addr. Why do you think Google is building a 3 football field data center in Oregon? A proxy connection is the only good way to protect yourself.

And if too many people start doing this, watch for some laws to be passed making it illegal to use a proxy in the good ‘ol USA.

1234567890 August 24, 2006 3:44 AM

@0987654321 who said:

So .. uh, I guess 1234567890 is your real name. Or is it your phone number. Or address. Perhaps I can google you on that string?

-> Why the fuss about a few digits?
they might have a higher meaning to you then for me.

What is the difference between a monolothic business with a defined profit motive, a bottom line, and a bunch of shareholders at the helm having your intimates, and you sharing them with us nice trustworthy friends of Bruce’s? I think you need to rethink your opinion, since you are clearly confused or deceiving us.

-> You seem to know much of me, well i’m not one of them. What i amde was a firefox extention, made in my sparetime. If you don’t like it dont use it. But don’t confuse yourself my friend.

-> What’s up your ass anyway?

1234567890 August 24, 2006 3:48 AM

And:

doh! OK, i clicked your name, and it shows a real name on the page …

-> it does, because i’m the author 🙂

Well, my point I think is still valid.

-> That you have a serious problem and in need of some counseling?

I doubt you post your real details on everything you do, and if you do online and offline, and if you do, you either live a very risky life, or a very boring one, I’m not sure which.

-> i do.

But google knows.

-> No she doesn’t.

Ichinin August 24, 2006 4:10 AM

Does it actually BROWSE the search results?

If not, it is pretty easy to separate the noise from the real searches and the program is a waste of resources.

Christoph Zurnieden August 24, 2006 8:40 AM

This poor little tool doesn’t reach it’s aspired goal to anonymize search
queries. That can’t be reached fully, it can come very close by using some
more real obfuscators like ‘tor’ or war-driving through inner city, swinging
from one randomly choosen open access point to the other using every single one
only for some seconds. Beware: the latter is illegal in certain jurisdiction,
but that’s valid for the former too, of course. But TrackMeNot can reach an
other goal: put a lot of noise into the databases of the companies well known
for poor data security (I’m tempted to add: “aka all publicly traded
companies”, but that would be unfair. Hopefully). When–not if, when!–these
databases get public the chance for a blackmailer to extort the male teacher
because of his searching for “dating young blonde boys” is a bit lower. Yes,
I’ve read Cicero too: “semper aliquid haeret”; the exageration was used to show
that it isn’t always a question of life or death. It is several orders of
magnitude smaller in most of the cases (e.g. looking for “jobs at
$COMPETITOR”) but can still cost money and even ruin lives nevertheless.
But I don’t think that a simple browser plugin will suffice, it’s a lot of work.
Especially the word list is way to small. The average language has about
100,000 words. That doesn’t include special (technical, medical and so on)
terms, dialects, idioms and accents. The special terms alone can double that
number quite easily.
It neither generates typos[1]–homines sumus!–nor includes
different spellings (e.g. AEBEIE) and I won’t even mention the fun you’ll
get with transliterations. It doesn’t “refresh” names (there’s
always a “celebrity” du jour).
I use a wordfile with some three million entries to check automatically
generated passwords and that thing is over 28MiB large! I can use
a bloomfilter to handle that mess easily and secure but you can’t do that here.
Now imagine the necessary overhead for Javascript and you’ll see that you have
to localize the app. It will be still around 1-2 MiB, probably more in memory.
The computing is neglectable in the times of cheap multi-GHz processors, but
the localization and sampling of new names and terms will most probably have to
be done by hand, a simple parsing of news.google.com won’t do it[2].
Apropos Google: I don’t think that a company with an income mainly based on
offering space for advertising is very enthusiastic about automated searching if
noone, especially no human is interrested in the result. It can be seen as
a DDoS if TrackMeNot get’s a larger userbase.
So, TrackMeNot can’t even reach the lower fruits.

CZ

[1] There’s always a perl script, no exception here 😉
http://search.cpan.org/~itub/Lingua-TypoGenerator-0.01/ (for an english
keyboard)
I’ve ported these lines to javascript (for a german keyboard) in the
unlikely case someone needs it.
[2] yes, it can be done. Not perfect but it’s possible. But in Javascript? I
guess there are a lot of funnier ways to waste processor cycles 😉

Jungsonn August 24, 2006 10:39 AM

Right.

storage of ‘words’ seems a little weird, one can generate words with a simple algorithm, who cares if it makes sense, if you’re planning to waste their bandwidth anyway. 🙂

But i wonder about the possible memory leaks within that extention, if it is open all the time querying search engines, that would mean a slower browser. So i don’t see the advantage.

Frederik August 24, 2006 10:04 PM

“And set your browser to delete search engine cookies regularly.”

Or set your browser to specifically not accept Google cookies at all. For Mac OS X Safari, e.g. using PithHelmet. Of course, they still have your IP address…

Stefan Wagner August 24, 2006 10:32 PM

1) ticktock mentioned to delay your requests to the 12 sec intervals.
Another idea would be, to generate the intervals by your interval-patterns.

Not too easy, but of course normal users don’t query google at random intervals.
Sometimes I make an atomic search, more often it’s multiple steps of widening, narrowing and switching keywords.
Adepting very different search-patterns, including very dumb ones like trying ‘alice bob’ after ‘bob alice’ …

2) Interesting to see, whether – if at all – to use harmless patterns, or harmful ones.

My first idea was using harmless words too.
But of course a pin is better covered in a pinstack than an haystack.

3) Remembering the NSA inspecting or logging every traffic, you don’t need google to leach information.
Of course other organisations than the NSA might be interested in the information.

4) Instead of a keywordlist from the vendor, you could use a personal dictionary extension as often found with spellcheckers and thesaurus. Thesaurus-access is needed although, or better something more sophisticated because after searching for ‘sony screen’ I might try ‘sony monitor’, ‘sony display’, ‘graphics sony’ and so on.

5) Do I need it? Would I use google preparing a serious malignance? From my regular account?
But I guess, an investigation of regular, harmless searches might sometimes raise attention of a filter from the quality of TrackMeNot.

6) People using such a tool might be suspicious, while their searches aren’t.

tor-a-bore-a August 25, 2006 12:24 AM

It seems to me that the imagined purpose for this tool is not to fool anyone actively surveilling your last mile, but rather:

1) To introduce “plausible deniability” – the computer did it, not me.

2) To deal with the possibility of search data being released; insert noise.

It isn’t perfect on either count, but the analogy that commentator used, that of telling a police officer that you’re breaking the law in N ways – shows he doesn’t quite grasp it either. For ordinary, law-abiding people, with some minor tweaks this extension could deal effectively with both goals above. Someone actually up to no good might not want to use it because it might draw attention to them.

@Mike Sherwood:

What you’re describing is an open proxy, and the Internet has a lot of them. Even if it didn’t log accesses, it could, and if you used one over and over again then the authorities could wiretap it and connect inbound to outbound queries.

And, don’t you think tor might have some of the same drawbacks? I mean, suppose someone searches for a villanous term, and its last hop through tor is your system, how would that differ from trackmenot sending the same query from your browser?

Do you think that there’s anything you could do about your ISP saving your emails? That you would have any control over them? They almost certainly log the sender/receiver, time and size in their mail logs. If you use their proxy they’re almost certainly logging every query. If you don’t use their proxy, they could record outbound HTTP requests anyway.

If everyone were using postcards, and someone suggested using an envelope, I can see similar arguments against the envelope. It might draw attention to you. However, if everyone uses and envelope… the game’s a bit different isn’t it?

Vance August 25, 2006 9:28 PM

@Steve

It’s been a while since I’ve seen the movie but as I recall, the “I am Spartacus” defense resulted in the Romans deciding to crucify everybody. Perhaps not a good example to follow…

Roger August 28, 2006 3:15 AM

@Jojo:

Most of what you searched for is stored on their system linked to your IP addr.

Um, no. Linking queries to IP addresses is a bad idea for several reasons. Firstly, around half the individual PCs around the world are behind a web proxy or NAT proxy already, so it wouldn’t work. And even if the machine isn’t behind a proxy, there may still be more than one person using the PC, so it fails to map queries to identities.

Secondly, well over half the world’s home computers are still on dial-up, which means they get a different address every time they connect. Thirdly, many people (perhaps most) connect from more than one machine (e.g. home, work, mobile device) and consequently from different addresses.

For all these reasons, queries are actually aggregated by session IDs, which are kept in your cookie.

I doubt that Google, AOL, etc. keeps more than a few searches in your cookies.

They don’t keep ANY queries in your cookies; they keep session IDs [1]. Whenever a machine connects to the query engine without a current session ID, a random session ID is generated and handed out in the form of a cookie. This ID number is then used to link all subsequent queries from the same user. If the user logs in (e.g. to get personalised settings, to access Gmail, or to access Google Groups), the login ID can then be used to link session IDs from multiple browsing sessions, and possibly also to a real world ID.

If you accept and never delete search engine cookies, this works whether you are behind a proxy or not because the cookie is sent to them as part of your query. If you don’t accept cookies, then:
a) you can do normal queries just fine, but can’t use personalised services like Gmail; and
b) if you’re ultraparanoid, note that queries which refuse cookies are unusual, and thus actually tend to stand out from the crowd…

Thus the best way to do this is to accept your 1st party cookies [2] like a good citizen, but delete them before logging in to a personalised session (e.g. Gmail), delete them again after logging out but before resuming browsing, and from time to time between. If you are behind a proxy and do this, there is no practical way for the search engine to link sets of queries from different sessions, nor to link any of them to your login ID. It may be theoretically possible with header fingerprinting, timing analysis etc. but it would be very difficult and just not worth the effort (they are an advertising distributor, not a spy agency).

If you aren’t behind a proxy and they definitely know this to be the case then it would be relatively easy to approximately link the sessions (by assuming the next query from the same IP is the same user), but since there is no easy way to tell that the query wasn’t proxied, it once again won’t be worth their bother so I strongly doubt they would attempt to do so.

Thus my policy is simply to accept Google cookies but delete them often, especially before and after all logged-in sessions. In Firefox this is trivial (Ctrl + Shift + Del). A proxy is an additional assurance but not essential.

  1. To be precise, a Google cookie holds a randomised 64 bit session ID, two Unix timestamps, and a mysterious 96 bit value believed to be a checksum. It is perfectly possible to load someone else’s cookie (if they send it to you, or you somehow steal it) to see what their session looks like; beta testers sometimes do this to demonstrate new features to their friends. AOL and Yahoo both give more cookies, and the contents of their cookies are much more opaque; but they are still too short to store actual queries.
  2. Third party cookies — i.e. cookies sent from a server which hosts some of the content (banner ads) on the page but not the page itself — should always be refused. To do this in Firfox, check the “for the originating site only” box in Options–>Privacy–>Cookies.

Roger August 28, 2006 3:36 AM

I wrote:

to accept Google cookies but delete them often, …. In Firefox this is trivial (Ctrl + Shift + Del).

I should qualify that. This will only delete cookies if the “cookies” option is set under the “Clear Private Data” tool. By default, it isn’t checked. You can change this under Options–>Privacy–>Settings

Also, note that this deletes all your cookies, plus anything else you have selected as being “private data”.

Noam Eppel August 30, 2006 12:35 PM

Hi Bruce,

Regarding your comments about TrackMeNot:

Some of the problems you identified with TrackMeNot is that there are a limited number of search terms and that it conducts an automatic search every 12 seconds. Both these issues makes it easier for a monitoring system to separate the signal from the noise.

You made some recommendations to improve the program: “If I were going to improve on this idea, I would make the plugin watch the user’s search patterns. I would make it send queries only to the search engines the user does, only when he is actually online doing things. I would randomize the timing. (There’s a comment to that effect in the code, so presumably this will be fixed in a later version of the program.) And I would make it monitor the web pages the user looks at, and send queries based on keywords it finds on those pages. And I would make it send queries in the form the user tends to use, whether it be single words, pairs of words, or whatever.”

I understand the reasoning behind your recommendations – you want to make the automated TrackMeNot search terms more similar to the individual’s search patterns so that it is harder to identify the signal from the noise. However, in trying to make the search terms more realistic, I think you lost sight of the purpose of the program.

You wrote, “And I would make it monitor the web pages the user looks at, and send queries based on keywords it finds on those pages.” This would certainly make the searches more realistic. However, if the user of the program is attempting to conceal his search terms and the sites which he visits, then having TrackMeNot monitor which sites the user visits and then generating search terms from those sites would just generate more evidence of the activity the user wishes to conceal.

For example, if a user is using the internet to search for information on how to build a bomb, TrackMeNot would be generating search terms from the bomb-making sites the user visits. This would tend to produce search terms such as “uranium-235 or plutonium-239”, “harvest magnesium oxide”, “purified aspirin in sulfuric”, etc.

Certainly, TrackMeNot should not generate search terms based on the sites
the user visits.

Keep up the great work Bruce!!

Regards,

Noam

“The ultimate measure of a man is not where he stands in moments of
comfort and convenience, but where he stands at times of challenge and
controversy.”

http://www.securityabsurdity.com

Chris Chasteen August 31, 2006 12:49 AM

One solution to the word list problem is to use Wikipedia to grab random subjects to search on (to hit ‘random’ a few times: “List of Istanbulites”, “Bookfinder4u”, “Cavia”, “Ethanol fermentation”, “Salisbury National Cemetery”). While that doesn’t address the other problems, it ought to be much better than trying to provide a dictionary.

It makes the bandwith problem much worse tho, not to mention being a burden on the poor wikipedia servers :/

I suppose you could just grab whatever URL http://en.wikipedia.org/wiki/Special:Random returns…

-c

Chris Chasteen August 31, 2006 1:29 AM

Now that I think about it, better way would be to inject random searches (again at random: “Turn It on Again: The Hits”. “Davis Kamoga”, “Gridiron football”, “Paul of Narbonne”) into the stream when you’re doing google, msn, et. al. searches. I’d pick that every-12-seconds traffic pretty damn quick, if I was looking at usage paterns. If I was a detective looking at google searches, I don’t know what I would come up with.

-c

Mark F. August 31, 2006 6:01 PM

TrackMeNot will do exactly the job it’s designed to do. The point is not to keep people from finding out what you’re searching for (you can use a proxy for that). The point is to send the search engines a message that keeping logs is pissing people off and they should stop doing it. TrackMeNot is an excellent idea.

mario September 1, 2006 2:10 PM

A larger dictionary will mostly mitigate the risk of conspicuous search log entries, and algorithms randomizing real personal query terms into it will even further. But of course no matter how clueful the algorithm, the search log pollution can only reduce the symptoms (a program and later a police officer looking through it) not heal the underlying problem (that logs are created at all).

But it’s important to remember that ISPs are much worse a problem than search engines, because without elaborate proxy tricks they track where we really went. So I’d say TrackMeNot & Co. can really be just a first step.

But btw, give this a look:
http://freshmeat.net/p/crapsearch

Mrok September 1, 2006 5:13 PM

TrackMeNot search for incoherent phrases, such as “food+gas”.
Also, not quite sure about this, it searches at fixed time intervals.
Then, you can guess what a user searched by eliminating incoherent searches or removing searches done at those specific intervals.

Check out NoProfile at http://noprofile.no-ip.org
It searches for random but coherent phrases on the subject you want at random intervals. It works with any browser and you can fake http headers.

Unfortunately the database is too small, user contributions welcomed.

Tal9 September 1, 2006 10:54 PM

http://www.blackboxsearch.com

I saw a post that said black box has problems because your search term is in the url.

Thats silly. You cant search a search engine without sending it a URL.

The point is the search came from the proxies IP address not YOURS!

And there was also a comment about images being requested from your browser? If your request is done through the proxy and you never visit google.com with your IP then how are you being tracked?

Koen Martens September 6, 2006 4:44 AM

The problem of profiling by search engines, or the usage of that data by governments (and not only in the view of this war-on-terror hype, but how about regimes where minorities based on sexual preference, faith or political ideals have to fear for their lives) can also be attacked from the other side: don’t use centralised services.

To this end, i’m currenlty starting up a project, getting some money, to develop a peer-to-peer search engine. Anyone interested in contributing (it will be an open project), check out http://www.open-search.net. It is all still quite preliminary, but slowly we’ve been securing funds to hire some people to spend some serious time on this.

Koen Martens September 6, 2006 4:48 AM

“And there was also a comment about images being requested from your browser? If your request is done through the proxy and you never visit google.com with your IP then how are you being tracked?”

You have to disable java and javascript too, possibly flash or any other plugin that executes code. It is pretty easy to bypass proxy settings through java.

Jungsonn September 11, 2006 6:46 AM

It still scares me, go ahead and use it if you like, i won’t.

As an extension developer myself imo i think it should be banned from Mozilla.

o.. wait:

“TrackMeNot” + “Terrorist” + “Profiling”

hopefully, some visitors will see this through Google while searching to ditch their trails.

Azag September 16, 2006 10:02 AM

Nice idea bad implementation. Though he author may have been well intentioned, it is still open to debate. Let let us assume he is sincere for now since this isn’t even my point and the tool in my opinion is still a failure as there are much better alternative out there. My real point is has anyone even taken into account the fact that this search engine spam method of TrackMeNot will surely screw up many peoples rankings! This is going to certainly start to have a real measurable impact on search results shifting about more an more as the number of people using the experimental widget go up. I personal am not some SEO or guy trying to make a buck on my site for Google PR or and search engine. This really has little effect on me since have not ads or anything to sell (not even donation beggar-ware button), so I have nothing to lose at all on that front. This still burns me up a bit since this could screw with many peoples livelihood, especially those with nice clean sites without nasty pop-ups, for those people and all gambling sites and spammers I hope they rot in hell. For the legit guys on the other hand this seems hardly fair. Just my thoughts about it. If I missed a post mentioning this previous I apologize in advance as I skimmed the comments but saw nothing in reference to this at all. I think for TrackMeNot’s author it should be back to the drawing board.

  • Azag

kevin November 1, 2006 11:53 PM

hi

i have been using trackmenot 4.5.4 for a few weeks now. seems to work fine as a spam tool.

i have no use for its supposed anti-profiling capabilties because i use the scroogle search plugin

http://mycroft.mozdev.org/download.html?name=scroogle&sherlock=yes&submitform=Search

unlike the author above i have no qualms about filling the google data centre with useless search requests. in fact running trackmenot is quite interesting to see the list of randomly generated word searches that it creates.

it would be nice to have such a tool that filled Gmail accounts with similar garbage. i know genuine spam emails comes close to fulfilling this desire but Google is probably getting better at filtering out these.

In this spirit of open minded spamming, here is my current list. l am happy that all the web spiders currently indexing this site have more to chew on.

movie memorabilia from,with several common peripherals,Local Deals Before,lifestyle brand that incorporates every aspect,Right Online Graduate School,Your Hamster Question,
Custom tribal dragon,Obsession Required Viewing,CHAT General Chat,backstreet boys,narrated,understands that successful case management,
Austrian documentarist Nikolaus Geyrhalter which looks,European Union have increased,commercial credit card,White House Briefing,Provides positive solutions,Implementing Quarantine Services with Microsoft Virtual,
products from furniture,Anonymous Home Page,Network Your home,have been conceived,summer programs abroad,Jewish Index with,
Read eBay Review,including Heresheis birth announcements,MailEnable provides robust,come into existence,growing storage needs with scalable PowerVault,host Keith Olbermann says Bush will,
Official Home Page,online game rental,Adobe Solution Partner Program,SAXOTECH Join Forces,conveniently located within walking distance,plus Full warranty,
Hosted with predictive dialer,PINK FRONT DOOR,upcoming Texas Chainsaw Massacre,Ferrari believe Michael Schumacher will,Reviewed Publication Authored,fence wall forming,
home page serving,massively successful Bakuretsu Hunter,ultimate broadband video channel,place where high,Find your favorite DVDs from,higher learning known,
Official Aerobic Striptease Strip Workout,your videos into your computer,estate cowgirl rutherford kilstein chronicle,gather information from hundreds,scary culinary adventure looking,transforming their business,
Learn Environmental Project Management,movies from every genre,Captain Jack Sparrow,Free Remote Computer,News service Agence France Presse,Alaska Appellate Courts,
language with programs that inspire,never been more important,leading professional association,best online photo management,Properties providing professional services,Cancels Qatar Trip,
Sills Cummis Epstein,most widely recognized regional dialect,Salt Lake City,time text headlines,patch leaves users locked,Oxford Home page,
Strictly Come Dancing,General Services Administration,providing quality timely,June Buying Guide,Pretty much everybody,online career training,
Produces solid wood,early stories were,other horror flicks Check,less than four months after,Small businesses often face,accredited Business courses offered,
Directional Control Valves,provide real professional lenticular production trainings,Eighth Systems Administration Conference,Live music reviews,compasses binoculars altimeters heightmeters pedometers,date cancer information from,
Sukkot celebration lends itself,were around during,Imagine Music Group,Scarlett Johansson posters,United States Court,World Series front pages from,
Folk Music Index,Interior Color Combos,free real estate,Hitler Consolidated Power,VIDEOS FILMOGRAPHY DISCOGRAPHY PHOTOS TALK,enormous turd that editorial page editor,
processing segment that uses Data Processing,easy online source,play free online,Also includes film reviews,Belper Town Football Club,World Trade Center,
takes over Nickelodeon,Listen Almost Anywhere,Massachusetts based documentary photographer,hotel commits itself,Fulbright Senior Specialists Program,Hong Kong shares close higher,
Find exactly what,location voiture Paris,lingering associations with,Work Zone Safety,State judge strikes down Arkansas,Degree From Online Colleges,
treat common chemo side effects,English Spanish Dictionary,Annual Rhody Bike,that sells Pennsylvania,Create your space,seeing this page,
Public service cooperatively provided,filters collected from,Visit Jeep life,This limited edition,compliant multiple virtual desktop window,junior United States,
Also offers many financial,having effective meetings,best comparison shopping information,more infectious than,Peoples State Bank,Whales have been seen,
Discuss this movie with other users,first board games,think they were,admits altering Beirut photo,Qualified orders over,Fishing Port Alberni,
little higher learning facility just down,juridically pinning them,prospect that this could,mountain bike tires,monitoring more posts,presents shopping with,
Positron Emission Tomography,Online Learning Modules,Tokyo shares outlook,most exciting trips,Neal defends against,which began with,
that they were,Business,Laure Edwige Djoukam,also tracked down,years merits special recognition,Enterprise Collaboration Platform,
mcse training course,advertising sales division,samples were bagged,ticket prices from BuySellTix,International,that mate preference evolves once selection,
their book fails,Homeland Security National,Keeping Tupac Amaru Shakur Alive Makaveli,Bush signed into,World Wide Colleges,mixed martial arts,
Dietary Supplements Nutrition,offers public classroom training,answers from real people,combined surface area,Work Like Elevator Buttons,Afghanistan probe into killings,
Launch present personalized Internet radio,Northwest Rural Public Power District,readers have given,Playboy Miss Teen,mona lisa,Attackers have found,
Webster Online Dictionary with audio pronunciations,politically forbidden relationship with,Forest Whitaker Voices AmericanDad Character,Distributing news headlines,Harsh Interrogation Techniques,Call Schemes from,
Super Columbine Massacre,Resource with free,Project Plans vary from simple,start your home,Erie Canal Cruises,does make clear,
Premier Travel Inns,core issues involved,line LISNs with country specific power,children supports West,Raise Money with Email,Normandale Japanese Garden,
evolved into much more,Class Clown Just,Offers educational courses,Michigan Home Builders,Some Engineering Aspects,Drew Barrymore Quiz,
excerpts from meditations given this,Reserve your rental,Announcements Frequently Asked Questions Does PHPlist,NOAA News Online,Wire Forms Manufacturer,Based External Exit Exam Systems,
School Lesson Plans,money while setting your,from specialized gifts,

kevin November 7, 2006 1:03 AM

Hi again

The comment above was initially filtered out by this site’s anti spam protection. Correctly! I emailed this website to explain the purpose of posting this spam. Now my post has appeared. Thank you.

This word list counters the second and third reasons given in the initial thread on this list as to why trackmenot fails.

I happen to agree with the first and more important reason “it doesn’t hide your searches”. That’s why I suggest scroogle.

But trackmenot may yet have some effect on countering profiling and this extension’s existence is a good thing because search profiling should be more widely discussed, and this extension has created more debate than any other firefox extension.

glugglug November 11, 2006 12:55 PM

I have read in the Nov/Dec issue of Mother Jones about this very topic. It is quite freaky to say the least that Google is more interested in preserving profit than preserving privacy.

There are a couple remedies they suggested:

  1. Use another search engine….www.kartoo.com is a European search engine that adheres to EU privacy rules that prohibit search engines from stashing user data.
  2. Clear/delete your cookies when you are done browsing.
  3. Check out Anomynizer which issue the user a temporary IP address, thus making it difficult for the IP pack rats to trace you.
  4. Shutoff your DSL modem at night. If you’re not running anything on your computer at night then when you shutdown your computer unplug your modem. You will be assigned a new IP address (unless you have a permanent IP address) and thus tracking you is nearly impossible.

hope this helps…

rabi laberer November 12, 2006 1:57 AM

Entry about echelon jamming list as self extending search dictionary:
*** censored by schneier ***

pipin January 5, 2007 4:20 AM

TrackMeNot will do exactly the job it’s designed to do. The point is not to keep people from finding out what you’re searching for (you can use a proxy for that). The point is to send the search engines a message that keeping logs is pissing people off and they should stop doing it. TrackMeNot is an excellent idea.

molki August 2, 2007 7:49 PM

The program is a very good thing. Most part of personal profiles of the people are builded using IA programs according querys.

The analysis of this blog is unsatisfactory even infantile according the importance of this topic.

Surprising?.

I want suggest the authors some improvements:

  • Chose the language of Google search engine.
  • Random time for words.
  • Using the own list of words.

Actually, I’m rewriting the JS code to get some of them but it would be nice they can be implemented in the close future.

Keep the good work and ignore weak critics. You are pointing in the right direction !!!

Anonymous November 26, 2007 11:23 AM

And where do one find a search engine that do not place search words in the URL and that have a SSL certificate and do not keeps logs?

Anonymous September 19, 2008 6:12 PM

the firefox extension trackmenot (http://mrl.nyu.edu/~dhowe/TrackMeNot/) is an illegal browser extension according to section 5.3 of googles terms of service this section states that You agree not to access (or attempt to access) any of the Services by any means other than through the interface that is provided by Google, unless you have been specifically allowed to do so in a separate agreement with Google. You specifically agree not to access (or attempt to access) any of the Services through any automated means (including use of scripts or web crawlers) and shall ensure that you comply with the instructions set out in any robots.txt file present on the Services. so use of this extension is illegal and use may cause the google server to block further serch requests and send you to the page sorry.google.com. This is what it says: We’re sorry… … but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can’t process your request right now. We’ll restore your access as quickly as possible, so try again soon. In the meantime, if you suspect that your computer or network has been infected, you might want to run a virus checker or spyware remover to make sure that your systems are free of viruses and other spurious software.

who know, google may even start to launch lawsuits against people who use this claiming malicious intent to harm the browser

Sagan January 15, 2009 9:46 PM

A new upgraded version of TrackMeNot is now availble.

It’s use words from your choice of RSS-feeds to do queries on your choice of Internet search engines.

Anonymous analytic of your internets February 1, 2009 11:31 AM

Bandwidth problem affects not only users. These fake queries must be parsed by search engine, and that’s bad. If everyone will start using extension – google will be as good as dead.

Anonymous February 6, 2009 5:51 PM

Don’t be ridiculous: Google can make tons of money just fine while thousands of people use this add-on to protect their privacy.

I have been using this add-on every day for two years now, in order to make sure that no one can build a consistent profile about me. I refuse to let them. And in that time, Trackmenot has improved a great deal. Meanwhile Google search, Gmail and all the other Google services are working just fine; I have not been blocked or banned even once.

x February 5, 2014 5:46 PM

The analogy to being pulled over by a police officer is moronic, to say the least. Whoever made it probably felt very smug and smart, however, they are foolish.

The name of the extension is TrackMeNot. See that first word? It’s “TRACK”. It’s not “ARREST” or “INVESTIGATE”. This extension does not claim to protect you from the NSA or the FBI. It is intended to obfuscate your actual searches, from a privacy perspective. It is not intended to hide your searches so you can find information on carrying out illegal activities.

The extension is buggy and poorly designed, but the concept is sound. Schneier’s comments are disappointing, and the aforementioned commentator is an idiot.

Michele September 28, 2014 2:25 PM

This review is really outdated. Now instead of using a dictionary of terms, it pulls terms from RSS feeds that are constantly updating and changing. You get to pick the RSS feeds. I don’t use any that are news feeds precisely because I don’t want search terms associated with crimes. And now it searches in “burst mode” to mimic the way people actually search for things, which is a bunch of searches close together, not at intervals.

Yes, if you are searching for illegal things or searching for advice on how to become a terrorist, it’s not as if this makes it go away. No one ever said it did. The point is diluting your searches enough that someone can’t build a data profile of you and violate your privacy, like when AOL stupidly released its search data and some users were easily attached to their real names. I’ve search for my own name — it’d be easy to figure out I am me. But now with TrackMeNot, it should be a lot harder since I’ll have a lot of other search queries of people’s names.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.