IBM, Microsoft, Google, Verizon

Peeking Into Users' Web History

Researchers hijack Google's personalized search suggestions to reconstruct users' search histories.

April 21, 2010

Technology Review - Personalization is a key part of Internet search, providing more relevant results and gaining loyal customers in the process. But new research highlights the privacy risks that this kind of personalization can bring. A team of European researchers found that they were able to hijack Google's personalized search suggestions to reconstruct users' Web search histories.

Google has plugged most of the holes identified in the research, but the researchers say that other personalized services are likely to have similar vulnerabilities.

"The goal of this project was to show that personalized services are very dangerous in terms of privacy because they can leak information," says Claude Castelluccia, a senior research scientist at the French National Institute for Research in Computer Science and Control, who was involved with the work. The work will be presented this summer at the Privacy Enhancing Technologies Symposium in Berlin, Germany.

The researchers got hold of personal information by taking advantage of the fact that Google uses two different protocols to communicate with its users' browsers. Google protects sensitive information, such as passwords, by using a protocol called "https" that encrypts the data as it's communicated. Other times, when dealing with search queries for example, Google uses the ordinary "http" protocol, which sends information back and forth in the clear. The researchers say this mixed design can inadvertently reveal information.

Google offers a variety of Web services, including Gmail, Google Docs, and Google Calendar. A less well-known service is Google Web History, which records searches made by a user while she is signed in to her Google Account. At the time the researchers were investigating it, Web History was also the source of personalized suggestions that Google offered users on its search page.

The researchers were able to get access to users' Web History by intercepting cookies--files stored on a person's computer that hold useful bits of information such as authentication credentials or the contents of a shopping cart. For many services, such as Gmail, this information is encrypted before it is sent. At the time, Web History sent its cookies in the clear. By eavesdropping on an unsecured network, such as a public Wi-Fi hotspot, an attacker can intercept Web cookies. The researchers determined that intercepted Web History cookies could provide access to that user's Web History account.

The researchers also found another way to reconstruct users' search history. Another cookie--the one that authenticates a user to Google's search service--is also sent in the clear. By capturing this cookie and impersonating the user in communications with the search service, they were able to run algorithms that quickly reconstructed large portions of a user's Web search history.

Castelluccia says companies should recognize that they need to use secure channels whenever a user's personal information is being transmitted.

"The main lesson of the attack is that companies should use https as much as possible," he says, adding, "Of course, https has a cost--it means Google has to use more servers, energy, and all that."

Google responded to the researchers by changing its Web History so that it does always use encrypted communications. The company also temporarily suspended its search suggestion service. And suggestions for Google Maps, which the researchers were also able to access, are now encrypted, too.

Alma Whitten, software engineer for Google's Security and Privacy arm, said in a statement that Google increased its use of https in response to the researchers.

"Google has been and continues to be an industry leader in providing support for encryption in our services, which is designed to address precisely the issues that all major websites face when transmitting information over http to users connecting via an unsecured network channel," she said.

"Google was very reactive and very responsible," Castelluccia says. However, he notes that search suggestions are still being provided via mobile phones and are still vulnerable. The researchers are keeping track of which services are vulnerable on a website devoted to the project.

Ben Adida, a fellow at Harvard University's Center for Research on Computation and Society, says that intercepting unencrypted traffic is "trivial" today, and "the consequences can be surprisingly privacy-invasive." He adds:

"This work is nice because it concisely shows how half-measures often provide little protection: there is a growing need to move all sensitive services to [https]."

However, Adida warns that encryption won't solve all privacy problems.

"We are slowly entrusting more of our data to large companies that then risk becoming targets of large-scale attacks," he says. "It's important to continuously secure these services, but it's equally important to realize the inherent risk we run by giving this data to third parties in the first place."

Microsoft's New Platform: Politics

April 19, 2010

readwriteweb - Today at the Politics Online Conference, Microsoft unveiled a new crowdsourcing system hosted on Microsoft Azure, Microsoft Town Hall.

TownHall is advertised as "software that allows you to easily create a destination for folks to voice opinions, identify problems, offer solutions and come together around common interests and concerns."

TownHall focuses on "rich engagement" in the political sphere, aimed at candidates and politicians as well as political interest groups. It allows for the creation of a social media-rich site that runs across platforms and provides methods for gathering information as well as expressing opinions, by furnishing architecture where visitors can make queries, vote on issues, posit and respond, and create community conversation.

TownHall is currently available only for the PC. In the coming months, Microsoft intends to provide TownHall clients for the iPhone, the iPad, Google Android and Windows Phone 7.
The software for TownHall can be downloaded free of charge. Users pay to host their site on Windows Azure, Microsoft's cloud computing program.

TownHall is just a part of a new Microsoft Initiative called Campaign Ready.

The power of social media - the electronic version of listening to what the voters say - started with Howard Dean's abortive bid for the White House in 2004 and came to full fruition with Barack Obama's successful one. Subsequent to his election, Obama has shepherded through a series of open government initiatives, which require federal government agencies to seek transparent avenues toward public engagement.