How to protect your privacy from Google’s insatiable need to steal it



“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”
~Eric Schmidt, Google CEO

GoogleSharing is a special kind of anonymizing proxy service, designed for a very specific threat. It ultimately aims to provide a level of anonymity that will prevent Google from tracking your searches, movements, and what websites you visit. GoogleSharing is not a full proxy service designed to anonymize all your traffic, but rather something designed exclusively for your communication with Google. Our system is totally transparent, with no special “alternative” websites to visit. Your normal work flow should be exactly the same.

The Basic Problem

Google thrives where privacy does not. If you’re like most internet users, Google knows more about you than you might be comfortable with. Whether you were logged in to a Google account or not, they know everything you’ve ever searched for, what search results you clicked on, what news you read, and every place you’ve ever gotten directions to. Most of the time, thanks to things like Google Analytics, they even know which websites you visited that you didn’t reach through Google. If you use Gmail, they know the content of every email you’ve ever sent or received, whether you’ve deleted it or not.

They know who your friends are, where you live, where you work, and where you spend your free time. They know about your health, your love life, and your political leanings. These days they are even branching out into collecting your realtime GPS location and your DNS lookups. In short, not only do they know a lot about what you’re doing, they also have significant insight into what you’re thinking.

Where GoogleSharing Comes In

GoogleSharing is a system that mixes the requests of many different users together, such that Google is not capable of telling what is coming from whom. GoogleSharing aims to do a few very specific things:

  1. Provide a system that will prevent Google from collecting information about you from services which don’t require a login.
  2. Make this system completely transparent to the user. No special websites, no change to your work flow.
  3. Leave your non-Google traffic completely untouched, unredirected, and unaffected.

The GoogleSharing system consists of a custom proxy and a Firefox Addon. The proxy works by generating a pool of GoogleSharing “identities,” each of which contains a cookie issued by Google and an arbitrary User-Agent for one of several popular browsers. The Firefox Addon watches for requests to Google services from your browser, and when enabled will transparently redirect all of them (except for things like Gmail) to a GoogleSharing proxy. There your request is stripped of all identifying information and replaced with the information from a GoogleSharing identity.

This “GoogleShared” request is then forwarded on to Google, and the response is proxied back to you. Your next request will get a different identity, and the one you were using before will be assigned to someone else. By “sharing” these identities, all of our traffic gets mixed together and is very difficult to analyze.

The result is that you can transparently use Google search, images, maps, products, news, etc… without Google being able to track you by IP address, Cookie, or any other identifying HTTP headers. And only your Google traffic is redirected. Everything else from your browser goes directly to its destination.

GoogleSharing Privacy

With all of your Google traffic being redirected to GoogleSharing for anonymization, there is the risk that we could become the ones who monitor, record, and track users. While our privacy policy is that we do not record, monitor, or log any user traffic, and while all of the source code for the GoogleSharing addon and proxy are open source, it is no longer necessary to trust that we (or any other GoogleSharing proxy operator) is behaving appropriately.

With Google’s introduction of SSL support for search requests (encrypted.google.com), the GoogleSharing system now allows clients to checkout GoogleSharing identities and route encrypted traffic through GoogleSharing to Google. So while client requests are anonymized by GoogleSharing, the actual traffic that the GoogleSharing proxy sees is encrypted to Google, and hence can not be monitored.

The result is that Google knows what is being searched for, but doesn’t know where the requests are coming from. The GoogleSharing proxy can tell where requests are coming from, but can’t tell what the content of the requests is. And the user can avail themselves of Google services without having to trust either Google or GoogleSharing.

GoogleSharing Transport

For the services where Google has still failed to provide universal HTTPS support, we have. All requests to a GoogleSharing proxy are sent via HTTPS. These eventually have to be proxied out as HTTP from GoogleSharing to Google, but your traffic is encrypted on the first path.

Running A GoogleSharing Proxy

We’ve made the proxy code available so that anyone can run a GoogleSharing proxy instance in addition to the one that we’re running.

Full details here
~~

2 Comments

Why not just use http://scroogle.org/

It just strips off cookies so they can’t track you. I’ve been using it for years and it’s been great.

I use Scroogle too, but lazily end up using Google anyway. No excuse.

Follow

Get every new post delivered to your Inbox.

Join 4,534 other followers