Web Surfers Forced to Choose Security or Anonymity
A Google service that helps protect Internet surfers from malicious sites also gathers data about browsing activities that users are trying to keep secret, a researcher told attendees at the Black Hat security conference last week in Las Vegas.
Google Safe, a database service that warns Internet users when they are about to enter infected pages, marks browsers so the users can be identified even if they proxy all their traffic through another IP address, says Robert Hansen, CEO of Internet security firm SecTheory. "It's a privacy-security tradeoff," Hansen says.
Browsers routinely connect to Google Safe as often as 30 times per hour to download updated lists of sites Google has found to be dangerous. When users attempt to connect to these sites, the browsers display a warning that they are potentially unsafe so users can avoid them.
These same users might also want to mask their Internet activity by directing their traffic through proxy sites, but Google gathers data that reveals the actual machine, Hansen says.
When browsers connect to Google Safe, the service leaves a cookie in the browser. If a user subsequently turns on an anonymizing proxy, Google will have a record of that cookie resolving to two different IP addresses – its actual address and the proxy address, Hansen says.
So the user will expect to thwart anyone trying to find out where their traffic comes from, but Google's logs would associate the proxy address with the user, he says. "Google knows you have two IP addresses associated with that cookie," he says. "They can correlate it, but the question is, are they doing it?"
To remain anonymous, users can turn off the auto-update feature in their browser that gathers fresh unsafe URLs from Google Safe, but that is a bad idea, too. "It protects you from malware and phishing sites. It's really important to the public. That's why it exists in the first place," Hansen says.'
The Chrome browser gathers more identifying information – a hash of the machine ID and of the user ID, he says. That means proxied traffic can be traced to not only a particular IP address but also an individual machine at that address. Investigators would have to enter the machine ID and user ID into the browser, have the browser hash it, and match the results with the hashes logged with Google Safe to identify a suspect machine, he says.
How far back an individual's Internet activity could be tracked depends on how long Google Safe maintains its logs, he says.