Google and Privacy

Daniel Solove on Google and privacy:

A New York Times editorial observes:
At a North Carolina strangulation-murder trial this month, prosecutors announced an unusual piece of evidence: Google searches allegedly done by the defendant that included the words "neck" and "snap." The data were taken from the defendant's computer, prosecutors say. But it might have come directly from Google, which -- unbeknownst to many users -- keeps records of every search on its site, in ways that can be traced back to individuals.

This is an interesting fact -- Google keeps records of every search in a way that can be traceable to individuals. The op-ed goes on to say:

Google has been aggressive about collecting information about its users' activities online. It stores their search data, possibly forever, and puts "cookies" on their computers that make it possible to track those searches in a personally identifiable way -- cookies that do not expire until 2038. Its e-mail system, Gmail, scans the content of e-mail messages so relevant ads can be posted. Google's written privacy policy reserves the right to pool what it learns about users from their searches with what it learns from their e-mail messages, though Google says it won't do so. . . .

The government can gain access to Google's data storehouse simply by presenting a valid warrant or subpoena. . . .

This is an important point. No matter what Google's privacy policy says, the fact that it maintains information about people's search activity enables the government to gather that data, often with a mere subpoena, which provides virtually no protection to privacy -- and sometimes without even a subpoena.

Solove goes on to argue that if companies like Google want to collect people's data (even if people are willing to supply it), the least they can do is fight for greater protections against government access to that data. While this won't address all the problems, it would be a step forward to see companies like Google use their power to foster meaningful legislative change.

EDITED TO ADD (12/3): Here's an op ed from The Boston Globe on the same topic.

Posted on November 30, 2005 at 3:08 PM • 60 Comments

Comments

aetiusNovember 30, 2005 3:59 PM

Meh, I think this is an attempt to stir up trouble for Google. Want to search anonymously? Clear your cookies and hit the site again, or just block them. IP-address logging is suspect anyway, because IP can be spoofed. As for gmail, *they have all your email on their system*. How else, besides a cookie, are they going to keep track of your preferences? It's not surprising that a subpoena should be issued to get access to that information, just like any other web mail provider, or any ISP. In fact, a subpoena would be an example of our legal system working as it should.

Note from the article that in the legal case, the search information was NOT obtained from Google, but rather obtained from the browser cache on the suspect's computer system -- tying it much more directly to the suspect. As companies go, Google seems to be right on target with privacy and personal information protection - they have a specific and reasonable privacy policy and a privacy contact that actually works. What else does Daniel Solove suggest they do? Lobby Congress to make subpoenas harder to issue?

What is the trade-off here? Does anyone know of a Google privacy breach? I know of a few issues they've had with foreign governments modifying or blocking search results, and a couple of legal issues with searches and cached information.

Davi OttenheimerNovember 30, 2005 4:00 PM

This is the same quandry that some companies ran into when they started amassing cutomer relationship management data. Now people say the people who amassed the data (e.g. giant retailers) are the credit system's most vulnerable point.

With that being said, what's the incentive for Google to practice good privacy for others? Where's the liability to Google? This also brings to mind companies like Cyveillance who have been paid by the US government to turnover records on people's data gleaned from repositories left exposed on the network, such as the Google cache. So you end up with several levels of abstraction -- information wants to be free -- but who/what will define fair use for individuals?

Incidentally companies like Yahoo! and eBay have set some interesting precedents in this area, which has already significantly altered the way investigations are handled.

Also, scroogle might have an approach that privacy activists would be happier about:

www.scroogle.org

Fred F.November 30, 2005 4:06 PM

Poison the database. Use a program to generate random searches using a dictionary and then you have plausible deniability, in particular if a lot of people do that. Maybe make that part of the browser itself. It sounds like something Firefox could implement.

Shawn LauriatNovember 30, 2005 4:10 PM

Unfortunately for individuals, google didn't come up with this and quite a few other companies do the same thing.

I keep my browser relatively clean, but I still have dozens of cookies show up that don't expire for years in order to track my browsing habits (which I delete as soon as I notice).

For instance, in Firefox' preferences, go to the Privacy pane, click "Cookies" and then "View Cookies." You'll probably see a whole lot of domains you've never heard of, let alone visited, including the well-known ad.doubleclick.net, which probably doesn't expire for years to come. Instead of tracking search terms, most of the ad-related ones get detected across multiple sites, allowing the companies to build up a large profile on users based on the sites they visit.

Sort of along the lines of supermarkets tracking your purchases with discount cards, except you didn't sign up for this one, and they track everything they can (as opposed to just one site).

As a side note, the CustomizeGoogle extension for Firefox (http://www.customizegoogle.com/) allows you to specifically block the cookies Google uses to track you.

RogerNovember 30, 2005 4:29 PM

I am puzzled why people keep hitting on Google for this. My personal conspiracy theory is that their rivals generate these stories to reduce their popularity. The fact is, ALL the search engines and almost all the webmail providers do much the same thing privacy wise, and Google's policy on this is the _least_ offensive.

Yes, it can be a worry that search engines potentially collect all your queries, so search from behind a proxy, and reject search engine cookies.

Unlike some search engines, most Google services work fine with Google cookies blocked, except you obviously can't set preferences. The main exceptions are Gmail and posting from Google Groups, which require logins. If you have Firefox with it's reasonably fine grained cookie control, you can reject Google cookies until you login, enable cookies for the login, then clear and block it again when you log out. Takes about 5 clicks.

Of course at least as important is blocking all the tracking network cookies. Plus there's almost never a reason to put up with 2038 cookies; I have Firefox set to delete all cookies when I close the browser, and that's never caused me any problems.

Oh, if your browser doesn't allow you to easily do simple stuff like this with cookies:
http://www.mozilla.com/

DaedalaNovember 30, 2005 4:37 PM

I think I need more evidence than the New York Times editorial that the search info came from Google, and not the browser as the court documents say. It's bad to lie in court documents; it can make you lose your case, and honestly why would the prosecutors lie for Google?

DaedalaNovember 30, 2005 4:39 PM

I think I need more evidence than the New York Times editorial that the search info came from Google, and not the browser as the court documents say. It's bad to lie in court documents; it can make you lose your case, and honestly why would the prosecutors lie for Google?

Or that the search information actually could have come from google.

ArachnidNovember 30, 2005 4:50 PM

@Aetius: No, IP addresses can't be spoofed for TCP connections. They can for individual packets, but since a connection requires a two-way handshake, you can't spoof the source address unless you're on the path between the supposed source and the destination. You can disguise your IP with proxies or anonymization services, but you can't make a request from someone else's IP.

Bruce SchneierNovember 30, 2005 5:17 PM

"Want to search anonymously? Clear your cookies and hit the site again, or just block them."

I do that. I can't use Google Desktop Search because of it.

Delores QuadeNovember 30, 2005 5:22 PM

_slightly_ off topic but I'll try:

Does anyone know why a nicely locked down PC would be getting an FTP connection from:

Search results for: 83.112.101.6

OrgName: RIPE Network Coordination Centre
OrgID: RIPE
Address: P.O. Box 10096
City: Amsterdam
StateProv:
PostalCode: 1001EB
Country: NL

ReferralServer: whois://whois.ripe.net:43

NetRange: 83.0.0.0 - 83.255.255.255
CIDR: 83.0.0.0/8
NetName: 83-RIPE
NetHandle: NET-83-0-0-0-1
Parent:
NetType: Allocated to RIPE NCC
NameServer: NS-PRI.RIPE.NET
NameServer: SEC1.APNIC.NET
NameServer: SEC3.APNIC.NET
NameServer: SUNIC.SUNET.SE
NameServer: TINNIE.ARIN.NET
NameServer: NS3.NIC.FR
Comment: These addresses have been further assigned to users in
Comment: the RIPE NCC region. Contact information can be found in
Comment: the RIPE database at http://www.ripe.net/whois
Comment:
RegDate: 2003-11-17
Updated: 2004-03-16

dquade@gmail.com or dquade@hotmail.com

Thanks.

dq.

Mike Smith-LonerganNovember 30, 2005 5:25 PM

I had a quick peek at my browser cookie cache, and found the following cookies (URL : expiry date):
- google.ca: 2038/01/17
- google.com: 2069/12/31
- google.de: 2038/01/17
- groups.google.com: 2023/12/31
- groups-beta.google.com: 2023/12/31
- www.google.com: 2023/12/31
- www.googleadservices.com (x3): 2005/12/29

Not to mention tons of cached pages that originate via http://pagead2.googlesyndication.com, and plenty of 35 byte GIF files that originate from http://www.google-analytics.com...

Fugh.

Delores QuadeNovember 30, 2005 5:26 PM

@aetius

Previous post should have included "they do a good enough job of that themselves!"

dq.

Thierry M.November 30, 2005 5:37 PM

"Want to search anonymously? Clear your cookies and hit the site again, or just block them." I do that too, using Firefox. However, there is something strange. I surf from Belgium. Google knows that at least two languages are spoken in Belgium: French and Dutch. When I type www.google.com in Firefox, after having suppressed all cookies, I am redirected to www.google.be (it probably guesses my correct location from my IP address) and get a screen in French. If I do that with Lynx instead, I get the screen in Dutch. I can select the french version, accept the cookie, and the next time I get it in french. If I refuse the cookie, I get it in Dutch again. My conclusion is: the default language for a Belgian address is Dutch and there is a "preferred language" cookie set by Google which does not disappear when you clear cookies in Firefox. Another explanation is that it has a way to guess that I am using a French version of Firefox, but is this possible?

Jason HuggettNovember 30, 2005 5:41 PM

@Bruce

I think that page goes on to say that if you are using Google Toolbar or Desktop that it's a lot harder to keep anon but it doesn't go into detail on how to do it, if at all possible.

Basically from my understanding is all the google cookie does is track your GUID that is assigned to that computer. Now if you use that computer to sign into say Gmail, now that GUID has a name attached to it. And so the tracking database on you begins. I believe the article is incorrect in stating that the search information was obtained from the computer itself. Just the GUID which Google could use to look up the data.

Again, unless the person was using Toolbar or Desktop search.

Pat CahalanNovember 30, 2005 5:47 PM

Just run a perl/vbs/python/etc script on your machine that checks for cookies that expire after, say, whatever today's date is and deletes them.

SteveNovember 30, 2005 6:00 PM

Simply either block cookies from Google or set your browser to flush cookies at the end of each session.

The worst that happens is that you have to reset preferences every time you use Google.

gregNovember 30, 2005 6:07 PM

Well i have a gmail account. But because of there privacy stament, i will not use google talk. I use Jabber.

I must admit that google is getting a bit big for comfort. Sure thay are well behaved now.... but what about 10 years time?

I use google a lot and i clear my cookies at least twice a week. But i would assume they have enough info on me to get a pretty good "online profile".

But then i know *exactly* what that profile is based on.

Anonymous http anyone.

DavidNovember 30, 2005 6:34 PM

> Another explanation is that it has a way to guess that I am using a French version of Firefox, but is this possible?

Sure. Firefox allows you to set your preferred languages, and it sends that information on every request you make. Google.be honors the preferred language (if it's French, anyway).

Use the Live HTTP Headers extension to Firefox to see exactly what's happening.

MozNovember 30, 2005 6:54 PM

With Firefox you have the option of deleting all cookies every time you shut down the browser. You can add exceptions to this for sites you want to keep. I also use a big hosts file full of ad entries, as well as the firefox AdBlock plugin. Think if it as web accelleration... the fastest download is one that never happens.

JeffNovember 30, 2005 8:04 PM

The easiest way for the police to get the information about his googling is to look at the history in his browser. The URL of a search has the search terms in it.

Does it seem logical that the police in a strangulation case would say, "Look, let's call Google and have them do a search dump on this guy"? No, they searched his computer as part of a home search, which would be somewhat routine, read his email and looked at his browser history and cache, noticed the words neck and snap were search terms in google links. Then realized they had found a clue.

If you want to keep your searches confidential, clear your browser history and cache afterwards.

JilaraNovember 30, 2005 8:48 PM

Privacy, on the Internet? It is to laugh. In the Olden Days, I'm sure various government acronyms ran everything through their own filters. Now, in a target-rich environment, the huge amount of traffic creates its own smoke cloud, as it were. I don't doubt that every transaction ever made on ebay is logged somewhere, and I don't doubt that every search on whatever engine gets logged somewhere. The whole point is whether anyone cares, or if it's just random noise for various bots to play with. And eventually, those databases are going to become unmanagable just by sheer data volume. At which point it will all become useless.

StinkyNovember 30, 2005 10:26 PM

When using the excellent Google mail service, I use GnuPG with Windows Privacy Tray (WinPT) which lets you use hotkeys to encrypt/decrypt the clipboard.

Alternatively, send gpg encrypted data as binary attachments.

Filias CupioNovember 30, 2005 10:29 PM

@Thierry M:
It sounds like you have different preferred language settings on the two browsers, and that Google falls back on this setting if there is no cookie telling it otherwise.

To see/set language preference in Firefox (and presumably Mozilla/Netscape): Edit->Preferences->General->Languages. Just for fun, I have Latin as my first prefered language, and Google respects this. I also have a bookmark to take me to http://www.google.com/intl/xx-bork/.

So it seems Google chooses a language based on one of:
1) URL direct to a given language (xx-bork example above)
2) Cookie
3) Browser language preference
4) Country of origin, guessed from IP address
probably in that order, but I haven't experimented rigerously.

On cookies: I have Firefox set to "ask me". For each new site, I then choose from accept fully, accept for session, reject. I accept fully only a few sites which I want to remember me between sessions, and accept for session sites such as online shops which reasonably need cookies to work. Sometimes I have to clear the browser's preferences for a site so I can reset it, if my first choice turns out to have been too restrictive. For ads, I block flash, and if an image is too annoying I right-click and block images from that site - so I still see polite image ads.

jammitNovember 30, 2005 10:59 PM

I guess I'll have to stop googling for "alien conspiracy" and "tinfoil hats". It isn't google. Other searech engines (Yahoo and MSN search come to mind) leave a lot more junk than google does. Sure, google is tracking All search engines and even regular web sites do some data retention. The big fear is that google is so big it's an accident waiting to happen. I would like to address the fact this was from his computers cache of search items. Nothing surprising there. It's pretty much the same as hitting *69 on a perps phone to see who he called last.

JojoDecember 1, 2005 12:50 AM

You forget that Google is a BUSINESS and data is valuable. Either the raw data or conclusions drawn from the data can be sold. So there is no way that Google (or any commercial service) will ever delete data that they think has economic value.

PGPuserDecember 1, 2005 8:15 AM

I thought encrypting my mail was enough while using Gmail, until I found out this:

suppose I feel safe because I encrypt my mail with PGP, and I do it when using Gmail too. Then I write my message, double check it to be sure it's ok, and finally encrypt it (selecting all the text in the form, copying it to the clipboard and using the "Clipboard -> Encrypt" feature for example). Well, now I feel reasonably safe!
Unfortunately while I was writing and checking my clear text message, Gmail automatically saved the draft (which it does every few minutes), sending the clear text over the net. I just checked it sniffing my own traffic. Other web mail services like Yahoo and Hotmail seem to request an explicit "Save draft" command from the user before transmitting it.

dave sDecember 1, 2005 9:04 AM

Why is this a problem? This guy killed his wife, and the police got good evidence of his planning. He gets sent up, other guys are maybe deterred from doing stuff like it.

Privacy is gone. Now, stop doing stuff you will be ashamed of.

aetiusDecember 1, 2005 9:48 AM

I've read through all the google-watch site and I still don't get it. Everything is "they could do this" or "nothing is stopping them from doing this". Those things apply to every web mail provider, and every search engine. I just don't see why Google is being singled out, other than them being the most prominent and most effective search engine.

@Davi: I would say that Google's liability is their reputation. The niche they've built for themselves is entirely based on two things: the effectiveness and simplicity of their search engine, and their reputation. If they lose their reputation, they lose everything. So far, they seem to be on the right track -- keeping their reputation intact by being a good corporate citizen. I guess we'll see if that lasts under the pressure of profits.

CloudmanDecember 1, 2005 1:14 PM

Well...follow the money trail. How much of Google's startup costs were paid by government agencies? How many of their executives were empolyees of government security agencies? Keyhole, the acquisition that became Google Maps, was funded by who? It makes you begin to think.

BTW. If your going to use PGP with Gmail...write your message first in a secure notepad then paste the encrypted lot to Gmail.

Ed T.December 1, 2005 1:19 PM

{quote}No matter what Google's privacy policy says, the fact that it maintains information about people's search activity enables the government to gather that data, often with a mere subpoena, which provides virtually no protection to privacy{/quote}

Sooo, I guess this means that Google obeys the law. So does probably every ISP -- you get served with a lawful order (subpoena, search warrant, other court order) to cough up data, you cough it up. IANAL, but it appears to me that Google isn't doing anything wrong.

-EdT.

loyal_citizenDecember 1, 2005 1:53 PM

@Dave S

Nice troll.

I suppose that you live in a greenhouse so that everyone walking down your street can watch you? No? Then stop doing stuff you will be ashamed of!

Koray CanDecember 1, 2005 3:17 PM

@ aetius:

People are worried more about Google because Google have proved themselves more capable at data mining. You could draw more personal profiles (Google are popular) and more accurately (Google are better) from their data.
Most people don't know (including MS who didn't think Google would be this good at it) what can be gathered, found and related.
Google already knows who I am, where I live and where I drive to (via google maps), probably who I work for, when I typically sign on, when I typically go to bed, what kind of things I buy (via froogle), what my financial situation is (by the searches containing debt consolidation, offshore accounts, new cars, insurance, etc.), and they know similar things about people who are related to me, etc.
The more you think about it, the more accurate your profile becomes provided that Google are capable of drawing it.

SteveDecember 1, 2005 3:50 PM

Even if you don't accept google's cookies, what is to stop the government from correlating your IP address and time it was issued from your ISP to your IP address, search terms, search time recorded in Googles databases?

I'm curious, because that seems very possible to do if it was important enough, cookies aside.

RonKDecember 1, 2005 4:32 PM

@Thierry M. , Filias Cupio

Another possibility of how Google might discover that you're using a French language version of Firefox is from the "user agent" string which is sent as part of the HTTP headers.

I'm certain there's at least one extension which would let you change the user agent string to whatever you want, but doing so can break website compatibility.

NickDecember 1, 2005 7:46 PM

I've often wondered about this in the case of the Australian journalist who was captured by terrorists in Iraq. When he claimed that he sympathised with them, and was not a pro-US media lackey, they simply googled his name and after reading the hits they agreed and let him go.

Surely this mans name wasn't a common search query, particularly from the middle east, before this story broke. How hard would it have been to check the google logs and determine where the IP came from? Even in Iraq (or was it Afghanistan?), surely IP's are traceable somehow.

StinkyDecember 1, 2005 8:09 PM

"Unfortunately while I was writing and checking my clear text message, Gmail automatically saved the draft (which it does every few minutes), sending the clear text over the net."

@PGPuser

I use the clipboard editor for composition, or a text editor for larger messages and just copy->encrypt clipboard->paste.

WinPT makes it very easy and no cleartext down the pipe. If you're really concerned, just use a regular pop mail client with encryption.

FWIW, I'm not that bothered by Google's email policy anyway. Just remember to crypt the private stuff.

winsnomoreDecember 1, 2005 8:15 PM

Google IPO filing was full of great stuff including that the company "will do no evil"

I guess now we know why they wrote that line :-))

RogerDecember 1, 2005 11:39 PM

@winsnomore:
To be precise, "Don't be evil" is their official motto and also the sixth pillar of their ten point corporate philosophy (which dates from the founding of the company, not the IPO).
http://www.google.com/corporate/tenthings.html

In this day and age one is inclined to be quite cynical about this sort of thing. But when most companies' ethics guides consists of dozens of pages of dense, unreadable legalese, an ethics guide that consists of 3 short paragraphs sounds to me like one that is actually meant to be followed.

Delores QuadeDecember 2, 2005 8:12 AM

@ HKA5xuTx

"Google's monopoly, algorithms, and privacy policies"

OH MY!

dq.

Davi OttenheimerDecember 2, 2005 7:23 PM

I just thought I'd mention FireFox's announcement of their 1.5 release, which includes a "Clear Private Data feature". Anyone had a chance to thoroughly test it yet?

Davi OttenheimerDecember 2, 2005 10:34 PM

Oh, and an interesting Google privacy exploit is posted here:

http://www.hacker.co.il/security/ie/...

"To demonstrate what this vulnerability is capable of, I cooked up a little demonstration that exploits Google Desktop Search (GDS) to search and fetch private user information from a remote web site."

Matan Gillon, the author, notes:

"In order to exploit GDS an attacker must first have a valid key to access the GDS web server. As I mentioned earlier, the key appears in a link on Google's web sites so naturally, this is where the key can be grabbed by the attacker using the CSSXSS attack. Due to Google's design, grabbing the "Desktop" link isn't possible on most of their search sites. However, after some trial and error I discovered the link can be returned using this attack on the Google News site, news.google.com, by injecting curly braces into a query. Then it's only a simple matter of extracting the key using a regular expression and doing a CSS import on the URL of the local web server with the chosen query. I also add a "{" character to the query so the results will be visible in the "cssText" property after CSS parsing. This character is ignored by the search engine and doesn't change the results."

AlJanuary 18, 2006 1:54 PM

My computer was attacked by hackers. Their IP addresses are: 211.234.113.235 - 221.1.204.240 - 202.217.255.149 - 202.79.217.5 - 204.16.208.67 - 216.187.252.241 - 92.122.103.43 - 209.86.97.167 - 209.86.99.233 What can be done about it?

StephenJanuary 20, 2006 3:55 PM

Worried about cookies should invest in a firewall security program like McAfee which prompts you when a site attempts to log a cookie on your computer, you then can accept the cookie or you can reject the cookie and be on your way and surf all day. Like wise a window washer program should be installed on your computer such as Webroot Window Washer, any cookie are washed, bleached at various bleach setting of your choice (3 passes DOD, 7 passes NSA and 35 passes Gutman this info is unretrivable once bleached), washes on start up and shut down of browsers

AnonymousJanuary 25, 2006 1:43 PM

IF YOU'RE SO CONCERNED ABOUT IT CREATE A LINUX BOX WITH A GOOD OPENSOURCE FIREWALL AND VIRUSCAN AND ALL POSSIBLE SECURITY PATCHES COMBINED WITH USING MULTIPLE PROXY SERVERS YOU'RE UNTOUCHABLE

AnonymousJanuary 25, 2006 1:46 PM

1 MORE THING A LOT OF WEBSITES REQIRE COOKIES TO BE ACTIVATED TO VIEW THE PAGE COOKIES WILL ONLY TELL SO MUCH ABOUT THE COMPUTER IF THEY GET THE IP ADDRESS BIG DEAL IP'S CAN BE SPOOFED NOW IF THEY GET A HOLD OF THE REAL MAC ADDRESS OF THE COMPUTER YOU'RE USING WATCH OUT

WANNABEHACKEDJanuary 25, 2006 2:00 PM

OK FELLOW SURFERS ARE YOU THAT CONCERNED ABOUT COOKIES DAMN THAT SHOULD BE THE LEAST OF YOUR WORRIES FIRST OFF IF THE ONLY THING YOU USE THE COMPUTER FOR IS SURFING THE WEB EMAIL AND CHATTING THEN YOUR BEST BET WOULD BE TO CREATE A LINUX BOX JUST GOTO DISTROWATCH.COM AND DOWNLOAD A FREE LINUX DISTRO ON TOP OF THAT GET A GOOD OPENSOURCE FIREWALL ALONG WITH AN OPENSOURCE VIRUSSCANER (CLAMWIN IS A GOOD ONE) AND IF THAT STILL ISN'T ENOUGH THERE'S PLENTY OF PROXY SERVERS OUT THERE WHICH IF YOU WANT YOU CAN CONNECT TO MULTIPLE PROXIES BUT THAT'S NOT REALLY WORTH THE TROUBLE AFTERALL YOU'LL HAVE A LINUX BOX AND FINALLY TO ALL THE NEWBIES WHO THINK POSTING IP ADDRESSES LOGGED BY A FIREWALL FROM ATTACKERS UM HELLO IT'S CALLED IP SPOOFING YOU THINK A HACKER SMART ENOUGH TO UNDERSTAND HOW TO FIND WAYS TO EXPLOIT POTENTIAL SYSTEMS IS GOING TO BE DUMB ENOUGH TO LET YOU HAVE THE REAL IP ADDRESS OF THIER MACHINE I LAUGH AT THE MERE THOUGHT AND AS FOR COOKIES A LOT OF SITES REQUIRE THEM TO BE ACTIVATED IN ORDER TO VIEW THIER CONTENT WHETHER U ALLOW THEM OR NOT WON'T MATTER MUCH MOST SITES HAVE LOGS MADE THROUGH SQL'S FOR RECORDING THE TRAFFIC FOR THAT SITE JUST DELETE THE COOKIES FROM YOUR BROWSER AFTER EACH TIME YOU'RE DONE BROWSING

plumsauceMarch 18, 2006 2:41 AM

How apropos that this thread is relatively fresh. I arrived here looking for info on guid's in user agent strings. An old bugaboo of mine.

Anyways, about three hours ago I posted a page that compares incoming user agent strings against known adware/malware signatures included in the strings. Nothing as grand as Mr. Schneier might be capable of, but it might be useful for others. It can be found at:

http://clickbench.com/htm/warn.htm

The "grand" is in no way meant to be saucy, as I am a great admirer of his work.

sathishSeptember 22, 2006 7:30 AM

dear sir,
hai sir,i can't install window washer again after my expiry date,even i removed from add or remove programs in my computer.but i can't reinstall again it say your expiry over buy full version.can u tell me what can i do for that to reinstall window washer for my comp...

thankyou
yours faithfully,
sathish

broomstickJanuary 22, 2007 3:32 PM

If I take someone's mail out of her mailbox, open and read it, then it's a felony and I can go to jail. Google does the same thing: if someone e-mails me about a condo in Orlando, I find Google ads about real estate companies in Florida on the side. If I get a confirmation for the purchase of computer memory, I'll see ads about memory chip vendors. It's definitely a very smart privacy breach, and I don't care that it is a program which does it. Programs are just tools used by companies, and companies are people.

Super RatJuly 30, 2009 5:54 AM

I agree, download latest firefox (3.5.1 at time of writing)

Then go to add ons (just gooogle firefox add ons) and download:
NoScript (superb and you can block google analytics with it, as well as anything else)
Bad Privacy (deletes all those super cookies and flash lso’s that doing a normal delete all and cleaning out ya temp files won’t get rid off, nor will even a dedicated program like cc cleaner etc as good as that is, so it’s essential in my own opinion)
Ad Block Plus (fantastic lil program)

And others that are good but in no means security related are:
Dictionary (your own language of choice of course)

Tab Mix Plus (for some reason, Mozillas addon page does not have compatitble version with the latest firefox :S wierd, but below is a link to the addonn authors page which goes to a dev link which is totally 100% compatible :)
http://tmp.garyr.net/tab_mix_plus-dev-build.xpi

Colourful tabs (pretty much self explanatory lol)
https://addons.mozilla.org/en-US/firefox/downloads/latest/1368/addon-1368-latest.xpi?src=addondetail

Hope that helps, adios
Super Rat

PS: actually stop using google is another opinion (also entirely mine lol)
I myself now very happily use Bing http://www.bing.com
I find there page fresher and nicer to use, its easier to say lol, and most importantly results are easily on a par if not far better IMO, especially image search IMO (please note we do not need a load of google lovers telling me im wrong, i have gone to the trouble of explaining this in my OWWWWWN opinion, after years of using google and months of happily using Bing.

Be daring, use something different and see for yourself!
Doesn't have to be Bing that was an example, many others out there…

Also if you use firefox and you want an add on to add Bing as the default search engine in the in built search engine, please go to

https://addons.mozilla.org/en-US/firefox/downloads/latest/10434/addon-10434-latest.xml?src=addondetail

AND BING DOESN’T TRACK YOU LIKE GOOGLE DO – lol yet…
But the point is they don’t at present where as the evil google blatantly do!

АnonymousJuly 30, 2009 7:08 AM

@Super Rat:
Re: Bing -- you have got to be kidding me. Are you a Microsoft employee? Bing is just Microsoft "Live Search" rebranded to remove the icky stigma of Microsoft, and boy, just as they launch their new advertising campaign, here we have a little unsolicited endorsement, hmmm?

"AND BING DOESN’T TRACK YOU LIKE GOOGLE DO – lol yet"
Bullshit. Bing sets persistent cookies, and the privacy policy states that these WILL be used to aggregate personal information.
The only thing their privacy policy promises is that won't on-sell the collected data to third parties UNLESS they are contracting to provide a service to Microsoft. This is much the same as Google's promise.

Hey Nony MouseJuly 30, 2009 8:52 AM

@ Super Rat,

"Be daring, use something different and see for yourself!"

Bing Bong...

For whom the bell tolls...

A few tests show Bing is slow to update it's self on new pages compared to the more established search engines...

It might be a tads faster to search but if it's not current...

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..