×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

GoogleSharing, Now With No Trust Required

Soulskill posted more than 3 years ago | from the nobody-will-know-about-your-boring-searches dept.

Privacy 152

An anonymous reader writes "GoogleSharing, the popular Google anonymizing service created by well known privacy advocate and security researcher Moxie Marlinspike, has released a major new version today. The biggest change is leveraging Google's SSL search option to provide an anonymizing service which doesn't require you to trust either Google or GoogleSharing. This means that anyone who wishes to opt out of Google's data collection practices can now do so without having to trust the operator of the anonymizing service."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

152 comments

Suddenly, it doesn't feel like '1984' anymore! (1)

PatPending (953482) | more than 3 years ago | (#33789864)

A great day for liberty!

Re:Suddenly, it doesn't feel like '1984' anymore! (5, Insightful)

shoehornjob (1632387) | more than 3 years ago | (#33789980)

A great day for liberty!

That is of course until someone in washington decides it's a security risk because terrorists could use it to plan their attacks. You know that will happen.

Re:Suddenly, it doesn't feel like '1984' anymore! (4, Insightful)

spazdor (902907) | more than 3 years ago | (#33790000)

The worst part is, they're right. As it turns out, the exact same kinds of privacy we want for the right reasons, the bad guys want for the wrong reasons.

Re:Suddenly, it doesn't feel like '1984' anymore! (3, Interesting)

h4rr4r (612664) | more than 3 years ago | (#33790066)

I would think the same privacy they want for the right reasons you want for the right reasons. To be able to have privacy.

Re:Suddenly, it doesn't feel like '1984' anymore! (0)

Anonymous Coward | more than 3 years ago | (#33791680)

To be able to have piracy.

FTFY

Re:Suddenly, it doesn't feel like '1984' anymore! (0, Troll)

shoehornjob (1632387) | more than 3 years ago | (#33790332)

The worst part is, they're right. As it turns out, the exact same kinds of privacy we want for the right reasons, the bad guys want for the wrong reasons.

So we as a nation have to decide what freedoms we are willing to sacrifice for our safety. We are having a hard time walking that line between freedom and oppression and I expect it will take a long time before things get back to normal. I'm happy that my daughter is too young to understand what's going on in the world. I guess ignorance is bliss but once you become aware of reality it's hard to go back to ignorance again.

Re:Suddenly, it doesn't feel like '1984' anymore! (4, Insightful)

dynamo (6127) | more than 3 years ago | (#33790426)

We already decided as a nation, over 200 years ago. I'm not having a hard time walking the line between freedom and oppression, nor is anyone else who is not in a position to lose power if freedom wins. Ben Franklin was right.

Re:Suddenly, it doesn't feel like '1984' anymore! (1)

toastar (573882) | more than 3 years ago | (#33790982)

Ah the ever quotable Ben Franklin, While I agree with your sentiment other people have other views:

"The constitution is not a suicide pact"
Robert H. Jackson
-Supreme court justice

Re:Suddenly, it doesn't feel like '1984' anymore! (0)

Anonymous Coward | more than 3 years ago | (#33791868)

"The constitution is not a suicide pact"
Robert H. Jackson
-Supreme court justice

"Sticking feathers up your butt does not make you a chicken."
-Tyler Durden, American Folk Hero

Re:Suddenly, it doesn't feel like '1984' anymore! (1)

crhylove (205956) | more than 3 years ago | (#33791854)

Ben Franklin was right about a LOT of things, like Electricity. As was Thomas Jefferson about a great many things. They don't teach these fundamentals in schools now because corporations have decided it is against their better interest.

All this IP law is totally disgusting. That's another thing Ben Franklin was right about.

Re:Suddenly, it doesn't feel like '1984' anymore! (1)

KlaymenDK (713149) | more than 3 years ago | (#33792066)

I'm happy that my daughter is too young to understand what's going on in the world. I guess ignorance is bliss but once you become aware of reality it's hard to go back to ignorance again.

Ignorance is bliss, regardless of age.
Just last year I explained all this Internet privacy concern to my father. I don't think he liked what he learned. Sometimes I really do wish I were just another one of the happy-go-lucky sheeple, because, given the state of the world, "being aware" is just so damn depressing.

There's this choice ... "if you had to choose, would you rather be smart or happy?" After having given that some thought, I'm convinced smarts has a negative impact on happiness. :-(

Re:Suddenly, it doesn't feel like '1984' anymore! (4, Insightful)

MyFirstNameIsPaul (1552283) | more than 3 years ago | (#33790432)

Oh, please. Just go wardriving with a vanilla install of ubuntu using a laptop you picked up on craigslist and a wifi card you found in a trash can and you're safe. As usual, these kinds of government activities only infringe on the innocent and do nothing to inhibit the criminals.

Re:Suddenly, it doesn't feel like '1984' anymore! (0)

Anonymous Coward | more than 3 years ago | (#33791086)

the bad guys want for the wrong reasons.

Incidentally, does this mean it is safe to browse for child porn again?

I am only asking because I'm...er...writing a research paper on the continuing menace of child porn.

Re:Suddenly, it doesn't feel like '1984' anymore! (1)

Afforess (1310263) | more than 3 years ago | (#33790120)

Now Google knows that people using the GoogleSharing Proxy are paranoid. Great, more information for the archives!

Re:Suddenly, it doesn't feel like '1984' anymore! (1)

Chaonici (1913646) | more than 3 years ago | (#33790142)

They also have no idea who those people are, so that information in their archives is worthless.

I'm probably earning a "whoosh" here, tho.

Re:Suddenly, it doesn't feel like '1984' anymore! (3, Informative)

Afforess (1310263) | more than 3 years ago | (#33790178)

Oh come on, it can't be that hard to match up spelling and search habits up with people, given enough data. In Google's case, they have lots. Lots and lots. Even if you use the proxy, you're going to visit an external machine sometime, at which case Google will have 2 key points of comparison, and Bam.

Re:Suddenly, it doesn't feel like '1984' anymore! (2, Interesting)

Cylix (55374) | more than 3 years ago | (#33790330)

Grammar and spelling as a virtual fingerprint...

I don't believe anything could go wrong at all.

In any event, I am afraid it is time to unveil your true identity using the grammar and spelling footprint technique. I say to you Mr. Abraham Lincoln... how does it feel to be unmasked by your own musings!

Re:Suddenly, it doesn't feel like '1984' anymore! (5, Funny)

geminidomino (614729) | more than 3 years ago | (#33790928)

Oh gods... as one of the three people on the internet that knows the difference between "lose" and "loose," they'll have no problem tracking me down!!!

Re:Suddenly, it doesn't feel like '1984' anymore! (0)

Anonymous Coward | more than 3 years ago | (#33791626)

Well, that explains why google hasn't been helpful; it doesn't get it that lots of girls are chasing me. I really don't need any more. "lose women how-to" is giving better results. Thanks!

Re:Suddenly, it doesn't feel like '1984' anymore! (1)

definate (876684) | more than 3 years ago | (#33791914)

Come on, don't loose your temper over this, you just need to lose your pants a little and relax. Everybody knows the difference between lose and loose, it's really obvious. One has 2 o's in it, but they both mean the same thing... really.

Re:Suddenly, it doesn't feel like '1984' anymore! (1)

insufflate10mg (1711356) | more than 3 years ago | (#33790422)

I don't believe any of that. If I don't make spelling errors (type carefully) they cannot determine that. They also cannot determine identities via search info, too many combinations that too many people would share.

do you know how instant search works? (3, Interesting)

way2trivial (601132) | more than 3 years ago | (#33790472)

they pass each keystroke in real time to the servers.

go ahead, type carefully..

they'll see each letter as typed and "fingerprint" you that way
the typing speed and corrected mispellings even without you hitting 'search'

Re:do you know how instant search works? (0)

Anonymous Coward | more than 3 years ago | (#33790562)

Easy enough to get around - just type it all out in another window (text editor would be easiest), proof it carefully, then copy/paste.

Re:Suddenly, it doesn't feel like '1984' anymore! (3, Interesting)

AHuxley (892839) | more than 3 years ago | (#33790440)

Yes its all about the plain text and your use of unique data eg a name on yahoo, facebook, MSN, an email ect.
That will all get noted and linked back to a friend of a friend of a friend who has been flagged as a person of interest.
http://webcache.googleusercontent.com/search?q=cache:5jex52BhXYEJ:wikileaks.org/wiki/EU_social_network_spy_system_brief,_INDECT_Work_Package_4,_2009+INDECT+Work+Package+4&cd=1&hl=en&ct=clnk [googleusercontent.com] as
http://wikileaks.org/wiki/EU_social_network_spy_system_brief,_INDECT_Work_Package_4,_2009 [wikileaks.org] seems to be down. The NSA/GCHQ ect dont care where/how the text comes from, public/private/mirrored ect, just keep it in flowing in a usable form. Add in voice chat too :)

Re:Suddenly, it doesn't feel like '1984' anymore! (2, Interesting)

digitalchinky (650880) | more than 3 years ago | (#33790680)

My understanding, other than encrypting the search terms, nothing much else has changed - sure this prevents GoogleSharing from knowing what kind of porn I like (not that I care), but as the article says, they still get the IP addresses. What does this mean for the truly paranoid? GoogleSharing and Google could easily exchange a bit of motivational cash, maybe the NSA has a box jammed on the incoming side of GoogleSharing to siphon off the IP addresses, with another in Google itself to get the actual search terms. What is Moxie Marlinspike getting from all this? Warm fuzzy feelings don't keep the lights on and food on the table.

There is still man-in-the-middle attack (2, Interesting)

microbee (682094) | more than 3 years ago | (#33789880)

Isn't there?

Re:There is still man-in-the-middle attack (2, Informative)

Anonymous Coward | more than 3 years ago | (#33789956)

The content is SSL protected, so not unless the GoogleSharing proxy operator has an SSL exploit.

Re:There is still man-in-the-middle attack (1)

microbee (682094) | more than 3 years ago | (#33790140)

Unless GoogleSharing is playing the attack.

Re:There is still man-in-the-middle attack (0)

Anonymous Coward | more than 3 years ago | (#33790276)

The content is SSL protected all the way to Google, GoogleSharing would have to break SSL's security in order to intercept that traffic.

Re:There is still man-in-the-middle attack (1)

microbee (682094) | more than 3 years ago | (#33790416)

If the traffic goes through GoogleSharing, then it is the man in middle who can obtain knowledge of the session keys easily, and therefore can see all traffic.

Re:There is still man-in-the-middle attack (2, Insightful)

Sir_Lewk (967686) | more than 3 years ago | (#33790496)

You don't know how SSL works do you?

Actually, I'm not really sure why I phrased that as a question. You don't. To get started, look up public key cryptography.

Re:There is still man-in-the-middle attack (0)

Anonymous Coward | more than 3 years ago | (#33791024)

I don't trust crypto that depends on mathematics not advancing.

Re:There is still man-in-the-middle attack (1)

Sir_Lewk (967686) | more than 3 years ago | (#33791338)

It is sure as hell better than the alternative, which is nothing. The only provably secure crypto are OTPs, and that won't get you a secure key exchange on an insecure network.

All other ciphers are liable to fall to future discoveries.

Re:There is still man-in-the-middle attack (0)

Anonymous Coward | more than 3 years ago | (#33791686)

I don't understand the mindset that so many people have that we should throw out the only provably secure crypto because of key exchange difficulty. Come on! It's something to think about and work on. No reason to give up.

Re:There is still man-in-the-middle attack (1)

Sir_Lewk (967686) | more than 3 years ago | (#33791774)

It's not just because key exchange is difficult... secure key exchange with a OTP is impossible unless both parties already have the same pad.

But hey, lets consider that it's possible to exchange a 256bit AES key provably securely with a OTP with somebody you don't have prior arrangements with. What are you going to do next, use AES? All your provable security is for naught if you do that!

Do you know what size OTP you need to transmit a 1 MB OTP? 1 MB.

Due to the very well established and mathematically defined limitations of OTPs, there are only a handful of real world scenarios where they are useful. If you need a high security and low bandwidth connection with somebody, know ahead of time how much data you'll reasonably have to push through, and know for a fact that you can safety exchange keys (won't need the security until later), then a OTP can work.

Basically, any situation that you ever hear about OTPs being used historically (cold war spy shit), is realistically pretty much the only sort of situation where it will ever make any sense.

Re:There is still man-in-the-middle attack (1)

microbee (682094) | more than 3 years ago | (#33791148)

This is really laughable.

I suggest you understand what is man-in-the-middle-attack [wikipedia.org] first.

Re:There is still man-in-the-middle attack (1)

Sir_Lewk (967686) | more than 3 years ago | (#33791318)

What do you think the entire purpose of SSL is? Educate yourself: [wikipedia.org]

The Diffie-Hellman key exchange method allows two parties that have no prior knowledge of each other to jointly establish a shared secret key over an insecure communications channel.

You can't man-in-the-middle shit if you can't break RSA, or don't have google's private key. Read up on this shit before you make yourself look even more of a fool. Ignorance is forgiveable but actively avoiding the truth is not.

Re:There is still man-in-the-middle attack (0)

Anonymous Coward | more than 3 years ago | (#33792056)

why don't you read up on how a proxy works? GoogleSharing can read the persons query. If they can change the cookies, there is no reason they can't also see the query or in fact, change the search results before sending them back (add some of their own ads!). I'm not suggesting they are doing this, but you still have to trust GoogleSharing.

Re:There is still man-in-the-middle attack (1)

pitchpipe (708843) | more than 3 years ago | (#33791294)

FTFA:

The result is that Google knows what is being searched for, but doesn't know where the requests are coming from. The GoogleSharing proxy can tell where requests are coming from, but can't tell what the content of the requests is.

It's like Heisenberg's Uncertainty Principle for the internet!

Re:There is still man-in-the-middle attack (1)

Minwee (522556) | more than 3 years ago | (#33790386)

Don't worry, I'm sure that I can trust goggleshar1ng.com. They have an SSL certificate and a little banner on the site which says they are 100% hacker-free.

Re:There is still man-in-the-middle attack (1)

Dumnezeu (1673634) | more than 3 years ago | (#33791908)

The man-in-the-middle is there, but he can't do anything, because of the way SSL works. There is not man-in-the-middle attack. Very good question though!

Really? (0, Troll)

toastar (573882) | more than 3 years ago | (#33789884)

You want me to trust a corporation like google? If I wanted to search truly Anonymously I'd use Tor First

Re:No, not Really? (5, Informative)

snowraver1 (1052510) | more than 3 years ago | (#33789912)

Let me refer you to the second sentence of the summary:

"The biggest change is leveraging Google's SSL search option to provide an anonymizing service which doesn't require you to trust either Google or GoogleSharing."

Kids today...

Re:No, not Really? (1)

TheDarkNose (1613701) | more than 3 years ago | (#33790078)

The funniest thing about the second part of your comment is that your ID has more digits. HA HA HA!!! Well... not really.

Re:No, not Really? (5, Funny)

interkin3tic (1469267) | more than 3 years ago | (#33790110)

Let me refer you to the second sentence of the summary:

Look old man, if it was important, it would be in the FIRST sentence because that's how we kids do it these days even if it means run on sentences and now I'll get off of your lawn.

Re:No, not Really? (5, Interesting)

vux984 (928602) | more than 3 years ago | (#33790200)

Let me refer you to the second sentence of the summary:

"The biggest change is leveraging Google's SSL search option to provide an anonymizing service which doesn't require you to trust either Google or GoogleSharing."

Wow.

You are right. That says I don't have trust google or googlesharing. ... assuming I trust the entity that makes that claim.

Oh. The entity making the claim that I don't need to trust GoogleSharing is GoogleSharing. Neat.

So if I don't trust googlesharing, why would my distrust be satisfied by the fact that they claim I don't need to trust them? That makes about as much sense as a fly asking the spider if he can take a nap on the web... the spider said he wasn't hungry... I guess there's nothing to worry about. :facepalm

Now, if you had instead referred me to the googlesharing FAQ:

http://googlesharing.net/faq.html#faq6 [googlesharing.net]

"If you're still worried, remember that the GoogleSharing addon and proxy code is publicly available. So it's possible for you to run a GoogleSharing proxy yourself, or to find someone who you do trust."

That's at least a step in the right direction. I can inspect and run the software on a server I do trust.*

And if I use the GoogleSharing servers, than I do still need to trust GoogleSharing to be running the software they claim to be running. I expect they are worthy of that trust but you still have to trust them unless you are running your own server after inspecting the source.*

** And you will need to find a bunch of people who trust YOU using your server for you to derive any privacy benefit from running your own server. Bit of a catch-22 there.

Re:No, not Really? (2, Informative)

Sir_Lewk (967686) | more than 3 years ago | (#33790548)

And if I use the GoogleSharing servers, than I do still need to trust GoogleSharing to be running the software they claim to be running.

No you don't, that's the difference between this version and the previous version. (I know, I know, RTFS is for wimps...) Unless their servers are using a previously unknown SSL exploit* then all you need to do is make sure the cert is correct. That's the thing with SSL, you only need to trust the CA. For the same reason that you don't have to trust your ISP (and every shady goon working there) you don't need to trust googlesharing (now).

*Hmm... well this is Marlinspike...

Re:No, not Really? (0)

Anonymous Coward | more than 3 years ago | (#33790574)

And if I use the GoogleSharing servers, than I do still need to trust GoogleSharing to be running the software they claim to be running. I expect they are worthy of that trust but you still have to trust them unless you are running your own server after inspecting the source.*

No you don't. All you have to trust is that SSL works the way it's supposed to work. Then if the certificate verifies properly, you know you have an encrypted connection through GoogleSharing that GoogleSharing can't read, because that's what SSL is for. I mean sure, they could be in cahoots with Google and then you would be screwed, but that's unavoidable.

Re:No, not Really? (2, Insightful)

maxwell demon (590494) | more than 3 years ago | (#33790654)

Well, you also have to trust the Firefox extension (or read and understand the code, and trust your ability to find issues if there are any).

Re:No, not Really? (0)

Anonymous Coward | more than 3 years ago | (#33791894)

What are they supposed to do besides release the code? Send you a Christmas card?

Re:No, not Really? (3, Funny)

nuckfuts (690967) | more than 3 years ago | (#33790216)

Welcome to Slashdot, where people are too lazy to read the summaries, never mind the articles, and restating a sentence from the summary gets modded +5 Informative.

Re:No, not Really? (3, Insightful)

Sir_Lewk (967686) | more than 3 years ago | (#33790584)

for that matter: Welcome to Slashdot, where people think scepticism is a good replacement for education and intelligence.

It seems like half the commenter here may have at least RTFS, but simply don't know what SSL is.

Re:Really? (0)

Anonymous Coward | more than 3 years ago | (#33790370)

You're fucking retarded.

Why not just not have a Google account? (1)

John Hasler (414242) | more than 3 years ago | (#33789942)

Google search and news work fine without one.

Re:Why not just not have a Google account? (1)

spazdor (902907) | more than 3 years ago | (#33790008)

Don't think that just because you haven't got an account, they haven't got an "account" on you.

Re:Why not just not have a Google account? (1)

John Hasler (414242) | more than 3 years ago | (#33790366)

That would be a silly waste of their resources.

Re:Why not just not have a Google account? (0)

Anonymous Coward | more than 3 years ago | (#33790628)

Uh, no.

Even assuming they do near the minimum retention they could(they do more), they'd at least have your current "session" info flagged to your IP/cookie/whatever else they track with nowdays.

The only real questions are how long a session lasts, when they throw out that info(if ever), and how prone they are to "combine" that auto generated account to a single user's account.(User made or another automatic one)

Re:Why not just not have a Google account? (2, Insightful)

spazdor (902907) | more than 3 years ago | (#33790704)

I'm certain there are statistical techniques that can be used to tie separate unique, "unrelated" sessions back together when they come from the same user. Some websites expose their account usernames to Google, which can provide near-sure matches.

Certain users habitually use Google to get to their favourite sites because it's literally quicker than typing a URL, and many of those probably use the same abbreviations for those sites each time. My ex-girlfriend used to get to Facebook by typing "face" into Google and clicking "I'm feeling lucky." I bet combining 4 or 5 separate browsing idiosyncrasies like that is enough to uniquely identify many users.

Re:Why not just not have a Google account? (3, Insightful)

spazdor (902907) | more than 3 years ago | (#33790678)

You do know what Google's business model is, right?

Re:Why not just not have a Google account? (1)

Chaonici (1913646) | more than 3 years ago | (#33790014)

I imagine you're still tracked by your IP address, by cookies, and/or any other methods I don't know about.

Re:Why not just not have a Google account? (1)

John Hasler (414242) | more than 3 years ago | (#33790336)

> I imagine you're still tracked by your IP address...

Dynamic. They might be able to tie clusters of my searches together that way. So what?

> ...by cookies...

No cookies, no scripts.

> ...and/or any other methods I don't know about.

Which would be just as likely to work through this thing. Browser fingerprinting would be one such. It would let them tie all of my searches together. So what?

Re:Why not just not have a Google account? (0)

Anonymous Coward | more than 3 years ago | (#33790036)

They still track you by cookie and IP address.

Dosnt Support Google Chrome (2, Funny)

Anonymous Coward | more than 3 years ago | (#33789992)

I do all my browsing in Google Chrome and don't want Google to know about me when I use my Gmail, Google Voice, Google Transit, Google Maps, or just plain Google. The fact that it's only supported in firefox doesn't help out people like me.

Re:Dosnt Support Google Chrome (1, Informative)

Chaonici (1913646) | more than 3 years ago | (#33790122)

> and don't want Google to know about me when I use my Gmail, Google Voice, Google Transit, Google Maps, or just plain Google
If it requires you to be logged in (such as Gmail), GoogleSharing doesn't help you. This is intended for Google services that can track you without an account, such as search.

Re:Dosnt Support Google Chrome (1, Informative)

Anonymous Coward | more than 3 years ago | (#33790152)

Is this sarcasm? By virtue of using personalized login-required services like Gmail and Voice, you cannot hide information about you.

Chrome users can install these two Google extensions for further privacy:

Disclaimer: These two extensions rely on you trusting Google. Neither of them achieve what TFA intends to do.

Is it really secure? (0, Flamebait)

digitit (1915208) | more than 3 years ago | (#33790024)

Why exactly is this being evanglized? Does nobody notice that you're installing a Firefox extension? A Firefox extension? From AMO? Which had at least two viruses just in the last year?

Re:Is it really secure? (0)

Anonymous Coward | more than 3 years ago | (#33790132)

It's open source, previous versions have been available for review for almost six months now, and is driven by Moxie and the Institute For Disruptive Studies, who are reputable people in the security industry.

Not a Rhetorical Question (0, Troll)

Colonel Korn (1258968) | more than 3 years ago | (#33790032)

How is this different from the SSL version of Scroogle search, which has been around for at least a year?

https://addons.mozilla.org/en-US/firefox/addon/12506/ [mozilla.org]

Honestly, I'm too lazy to read TFA tonight, but if there's a benefit to GoogleSharing, what is it?

Re:Not a Rhetorical Question (5, Informative)

Chaonici (1913646) | more than 3 years ago | (#33790092)

From GoogleSharing's FAQ:

Why not use Anonymizer or any other anonymizing proxy service?

General purpose anonymizing proxies are designed for something else.

      1. Most will mask your IP address, but not the identifying information in your HTTP headers. Google will still know who you are based on your Cookies, User Agent, etc...
      2. If the proxy does attempt to anonymize HTTP headers, they will do it by completely stripping cookies from your request. Google does not like this, and will tag you as a SPAM bot (how convient for them to do), which will force you to type in a CAPTCHA every time you issue a Google search, and will prevent you from issuing Maps requests at all.
      3. These types of proxies can be slow. It's not necessary to proxy all of your internet traffic if you're just trying to protect yourself from Google. Since GoogleSharing only proxies Google traffic, our bandwidth needs are much lower and thus our performance is much greater.

Re:Not a Rhetorical Question (0)

Anonymous Coward | more than 3 years ago | (#33790240)

GoogleSharing is completely transparent and doesn't require you to change your workflow at all. Also, Scroogle doesn't work for things like maps, images, products, groups, etc... but most importantly, Scroogle can see your search traffic while GoogleSharing can not.

Re:Not a Rhetorical Question (1)

icebraining (1313345) | more than 3 years ago | (#33790316)

To refine this post's sibling, Scroogle sets an SSL between you and them, not you and Google, like GoogleSharing does (GS just anonymizes the encrypted connection).

Hyped/exaggerated summary (0)

Anonymous Coward | more than 3 years ago | (#33790040)

Popular anonymizing service. Well-known privacy advocate. Please. That's enough to make me distrust your extension more than I already distrust Google.

Fail (0)

Anonymous Coward | more than 3 years ago | (#33790060)

Just downloaded it and tried it.. It said that the proxy was not accepting requests. Wait a little while before you go for this.

Trademark issues* (1)

Acetylane_Rain (1894120) | more than 3 years ago | (#33790230)

While I appreciate (the existence of) the service, methinks this is a trademark suit just begging to happen. I mean take a look at their logo [googlesharing.net] [png graphic]. It really looks like an official Google site. In this age of massive information sharing, I have my doubts about patents and copyrights in general.

However with patents, I'd give the trademark owner the benefit of the doubt (you're not necessarily evil if you sue for trademark infringement), unless your trademark happens to be a pure (uncombined) dictionary word (in English or whatever language) or a common or well-etablished proper name (e.g. Smith or Madonna). Thus, I'd throw out any lawsuits involving Apple(tm) or Oracle(tm) but not Facebook(tm), Microsoft(tm), Apple Computers(tm) or Apple Records(tm). Obvious parodies are another matter, so there might be room for site names like Googlevil.

[*] I'm using trademark in the general sense to refer to symbols or names that make up the business identity of a company.

Re:Trademark issues* (0)

Anonymous Coward | more than 3 years ago | (#33790314)

Google is probably way too smart to take any legal action over this (it'd be a big PR loss), but they've been slipping lately...

There's also "trademark fair use."

Anonymized HTTPS, really? (0)

Anonymous Coward | more than 3 years ago | (#33790286)

HTTP headers (e.g. User Agent) are encrypted with SSL on user's computer. How can GoogleSharing anonymize encrypted data?

Re:Anonymized HTTPS, really? (1)

AHuxley (892839) | more than 3 years ago | (#33790486)

Its hidden on your computer as the https, then sent up to google, google unpacks, NSA at some point has a look, google sends on as https.
To any non US state/federal/hacker your text https to google I think?

Re:Anonymized HTTPS, really? (1)

maxwell demon (590494) | more than 3 years ago | (#33790552)

I think it basically acts as NAT router: It makes your browser send the encrypted data to GoogleSharing, then GoogleSharing just replaces the IP addresses so that the destination is Google and the source is GoogleSharing. For the return packets the IP addresses are changed the other way, so you get the packet back from GoogleSharing. All other functionality (like not sending any information from your cookies or manipulating User Agent) can be implemented locally at your browser by the extension.

Disclaimer: I didn't read the code (nor did I see any good description on the page), so this is basically how I think it works. Maybe I'm completely wrong (but I cannot think of another way how it could work).

Re:Anonymized HTTPS, really? (0)

Anonymous Coward | more than 3 years ago | (#33790730)

Yep. I had the same question as the GP.

Doesn't this mean that you could monitor my searches, though?

With the release of GoogleSharing 0.20, even the GoogleSharing proxy is not capable of monitoring your search queries. The addon pre-fetches the identity information from the GoogleSharing proxy, uses that to construct an anonymized request, and then routes an encrypted connection to Google through the GoogleSharing proxy. So while the traffic is routed through GoogleSharing, it is encrypted to Google and thus not visible to the GoogleSharing proxy.

The result is that Google knows what is being searched for, but doesn't know who issued the request. The GoogleSharing proxy can tell where requests are coming from, but can't tell anything about the content of the request. The only thing you have to trust is that the operator of the GoogleSharing proxy is not actively colluding with Google in order to determine the identities of GoogleSharing users.

If you're still worried, remember that the GoogleSharing addon and proxy code is publicly available. So it's possible for you to run a GoogleSharing proxy yourself, or to find someone who you do trust.

In this case I don't see any purpose in using the GoogleSharing proxy over a regular proxy. I trust a regular proxy more than their own (because their website is all FUD, plus the blatant advertising on Slashdot, and the out-of-context quote/lie by Schmidt). The extension itself can replace the cookies and user agent strings (even if it isn't doing it now).

Re:Anonymized HTTPS, really? (1)

AHuxley (892839) | more than 3 years ago | (#33790850)

regular proxy ? Who is gifting the world a service? A front company, data mining, hacker, researcher? For profit or fun?
Anyway you look at it even if the proxy on offer is 100% safe, who is next door?
As for the " out-of-context quote" and the google MAC map making efforts, long term cookies, telco tracking ect it all its a pattern.

Nagware? (0)

Anonymous Coward | more than 3 years ago | (#33790560)

Is there a version that doesn't nag for donations and doesn't show itself on the status bar? Can't be bothered with that junk.

My God Google is really starting to scare me (1)

GodfatherofSoul (174979) | more than 3 years ago | (#33790564)

I got an Android phone a month ago and that damned think does everything in its power to get you to enable "total information awareness" settings. Every time I use Google Maps I've got to proactively stop it from sharing my location information. Apps like this will be a blessing as soon as we see a more complete suite of pro-privacy variants come into being.

Re:My God Google is really starting to scare me (1)

KlaymenDK (713149) | more than 3 years ago | (#33792096)

Yeah well. I'm on the Android platform myself, but have a more resigned approach because at some point the whole exercise becomes absurd. But then, I'm not really the target audience: I just wanted a modern pda, not a googlephone; sadly pda's don't exist any more. And even more sadly, the OpenMoko and similar truly open initiatives failed to produce a device that's workable in practice (the OM is awesome, but not exactly stable or long-lived).

For the non-technical users (0)

Anonymous Coward | more than 3 years ago | (#33790762)

Can some one explain how is this any more secure? At some point, won't 'google' servers have to decrypt the encrypted search to know what to search for in the first place?

Anonymous Coward (0)

Anonymous Coward | more than 3 years ago | (#33791114)

will this work with Tor?

Yo Dawg! (1)

Nyder (754090) | more than 3 years ago | (#33791674)

Yo Dawg! I heard you anonymize the non-anonymous SSL, so now anonymous can opt-out and be an anonymize anonymous.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...