Interesting People mailing list archives
Google's new feature creates another user privacy problem
From: David Farber <dave () farber net>
Date: Sun, 12 Jun 2005 14:52:07 -0400
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: June 12, 2005 1:06:48 PM EDT To: dave () farber net Cc: lauren () vortex com Subject: Google's new feature creates another user privacy problem Dave, Most Google users are probably unaware that a new Google "feature" is not only distorting Web server statistics, but is creating a potentially serious user privacy problem. Apparently about a month ago, Google started triggering "prefetch" page data for the top listings in search results. This behavior is reportedly currently limited to users on Mozilla-based browsers (Mozilla, Netscape, Firefox, etc. -- Firefox is my browser of choice). The goal of this procedure is to allow users of those browsers to see the top link results faster, since they'd already be cached locally. But there are big downsides to this process. One obvious problem is that it can distort Web server statistics, by creating "hits" from users who never actually chose to visit the sites in question, but were prefetched when their search listed those sites at the top of results. For some sites, this may be a mere annoyance, for others it could be a significant problem that could affect their revenue patterns. This also has the side-effect of creating a sudden artificial boost in Mozilla-based browser usage statistics. A much more serious issue is that the prefetching causes users to actually access sites without ever having touched the associated links -- and this includes the receiving of cookies. You can see this behavior yourself (if you use a Mozilla-based browser and have cookie notification turned on) by simply doing a Google search for the keyword "soundbite". Note that even though you have not touched the current top link ("www.soundbite.com") you will receive a cookie attempt from their site when the search results are displayed. This means that your IP address and other typical connection data have *already* been dropped into that site's logs, even though you never chose to access that site, and you may now already be holding cookies from them as well. Now, this isn't a big deal in the particular case of soundbite.com. But imagine if an innocent search returned results where the top-listed site contained information you'd never want to be associated with nor access in any way (child porn, browser exploit sucker-bait sites, illicit files -- you name it). Keep in mind that such sites will often use various techniques specifically to boost their rankings in search results. What to do? If you use the affected browsers, adding the line: user_pref("network.prefetch-next",false); to the: prefs.js file in the browser profile directory should stop this behavior -- some Mozilla-based browsers may also have other ways to disable prefetching. Of course, since prefetching is turned on by default, most users (who won't even be aware of this privacy problem) won't know to turn it off. Bottom line: Creating a situation where users are "automatically" accessing search-result sites without their having taken explicit actions to do so is very bad policy. This problem is not the fault of Google alone -- the prefetching mechanism has been present in Mozilla-based browsers for quite some time. However, when the planet's major search engine begins to routinely use this technique in the manner that Google has done, it at the very least suggests that they did not fully think through the potentially serious anti-privacy ramifications of their actions, when applied on the vast scale of their user base. This unfortunately has become typical of various Google features and policies. --Lauren-- Lauren Weinstein lauren () pfir org or lauren () vortex com or lauren () eepi org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, EEPI - Electronic Entertainment Policy Initiative - http://www.eepi.org Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com ------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- Google's new feature creates another user privacy problem David Farber (Jun 12)