Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo

 

Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Uncovering Search Histories
Personalized ­services on the Internet need high levels of security

Source: “Private Information Disclosure from Web Searches (The Case of Google Web History)”
Claude Castelluccia et al.
Proceedings of the 10th Privacy Enhancing Technologies Symposium, July 21-23, 2010, Berlin, Germany

Results: Researchers successfully reconstructed the Web search histories of specific Google users by stealing the users’ credentials and impersonating them. They were able to identify about 65 percent of what the users had been searching for, and they could tell whether a user had searched for a particular term.

Why it matters: Personalized Web services can help make searches and other tasks faster, but the new research suggests that they could also be used to collect information about search histories that people might prefer to keep private. A single search on a public Wi-Fi network would be enough to expose a person’s search history to a potential attacker. Although Google has made changes to prevent search histories from being discovered, the researchers say that other search engines are likely to have similar vulnerabilities. They recommend that Web applications encrypt all searches and credentials.

Methods: Google encrypts sensitive information such as passwords, but it doesn’t encrypt the authentication credentials that it uses to identify particular users of its search service. By intercepting these credentials, the researchers were able to impersonate a given user. Then they performed automated test searches in the user’s name and pieced together the Web search history from the personalized recommendations that Google provided.

Next steps: The researchers plan to analyze other search engines for similar leaks. They also continue to track the progress at fixing the problems they found.

1 comment. Share your thoughts »

Credit: Jeremy Maitin-Shepard and Pieter Abbeel

Tagged: Computing, Web

Reprints and Permissions | Send feedback to the editor

From the Archives

Close

Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me