We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Peeking Into Users' Web History

Researchers hijack Google’s personalized search suggestions to reconstruct users’ search histories.

Personalization is a key part of Internet search, providing more relevant results and gaining loyal customers in the process. But new research highlights the privacy risks that this kind of personalization can bring. A team of European researchers, working with a researcher from the University of California, Irvine, found that they were able to hijack Google’s personalized search suggestions to reconstruct users’ Web search histories.

Google has plugged most of the holes identified in the research, but the researchers say that other personalized services are likely to have similar vulnerabilities. “The goal of this project was to show that personalized services are very dangerous in terms of privacy because they can leak information,” says Claude Castelluccia, a senior research scientist at the French National Institute for Research in Computer Science and Control, who was involved with the work. The work will be presented this summer at the Privacy Enhancing Technologies Symposium in Berlin, Germany.

The researchers got hold of personal information by taking advantage of the fact that Google uses two different protocols to communicate with its users’ browsers. Google protects sensitive information, such as passwords, by using a protocol called “https” that encrypts the data as it’s communicated. Other times, when dealing with search queries for example, Google uses the ordinary “http” protocol, which sends information back and forth in the clear. The researchers say this mixed design can inadvertently reveal information.

Google offers a variety of Web services, including Gmail, Google Docs, and Google Calendar. A less well-known service is Google Web History, which records searches made by a user while she is signed in to her Google Account. At the time the researchers were investigating it, Web History was also the source of personalized suggestions that Google offered users on its search page.

The researchers were able to get access to users’ Web History by intercepting cookies–files stored on a person’s computer that hold useful bits of information such as authentication credentials or the contents of a shopping cart. For many services, such as Gmail, this information is encrypted before it is sent. At the time, Web History sent its cookies in the clear. By eavesdropping on an unsecured network, such as a public Wi-Fi hotspot, an attacker can intercept Web cookies. The researchers determined that intercepted Web History cookies could provide access to that user’s Web History account.

History repeating: Google’s Web History was used to create personalized search suggestions, such as those shown above, until researchers discovered that personal information could be captured by hijacking communications with users.

The researchers also found another way to reconstruct users’ search history. Another cookie–the one that authenticates a user to Google’s search service–is also sent in the clear. By capturing this cookie and impersonating the user in communications with the search service, they were able to run algorithms that quickly reconstructed large portions of a user’s Web search history.

Castelluccia says companies should recognize that they need to use secure channels whenever a user’s personal information is being transmitted. “The main lesson of the attack is that companies should use https as much as possible,” he says, adding, “Of course, https has a cost–it means Google has to use more servers, energy, and all that.”

Google responded to the researchers by changing its Web History so that it does always use encrypted communications. The company also temporarily suspended its search suggestion service. And suggestions for Google Maps, which the researchers were also able to access, are now encrypted, too.

Alma Whitten, software engineer for Google’s Security and Privacy arm, said in a statement that Google increased its use of https in response to the researchers. “Google has been and continues to be an industry leader in providing support for encryption in our services, which is designed to address precisely the issues that all major websites face when transmitting information over http to users connecting via an unsecured network channel,” she said.

“Google was very reactive and very responsible,” Castelluccia says. However, he notes that search suggestions are still being provided via mobile phones and are still vulnerable. The researchers are keeping track of which services are vulnerable on a website devoted to the project. (Update May 17, 2010: Google fixed the mobile issue described on April 28.)

Ben Adida, a fellow at Harvard University’s Center for Research on Computation and Society, says that intercepting unencrypted traffic is “trivial” today, and “the consequences can be surprisingly privacy-invasive.” He adds, “This work is nice because it concisely shows how half-measures often provide little protection: there is a growing need to move all sensitive services to [https].”

However, Adida warns that encryption won’t solve all privacy problems. “We are slowly entrusting more of our data to large companies that then risk becoming targets of large-scale attacks,” he says. “It’s important to continuously secure these services, but it’s equally important to realize the inherent risk we run by giving this data to third parties in the first place.”

Couldn't get to Cambridge? We brought EmTech MIT to you!

Watch session videos here
Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.