Technology Review (04/21/10) Naone, Erica
In a test of Google’s privacy protections, European researchers were able to hijack Google’s personalized search suggestions to reconstruct users’ Web search histories. “The goal of this project was to show that personalized services are very dangerous in terms of privacy because they can leak information,” says Claude Casteluccia, a senior research assistant at the French National Institute for Research in Computer Science and Control. The researchers obtained personal information by taking advantage of the fact that Google uses two protocols–https and http–for dealing with search queries, a design they say can inadvertently reveal information. The researchers were able to obtain users’ Web history by intercepting cookies. “The main lesson of the attack is that companies should use https as much as possible,” Casteluccia says. Google responded to the researchers by changing its Web history so that it always uses encrypted communications.
View Full Article