Broadband Tech > Security > Security > How to stop Google from spying on me?

reply to ctrip

Re: How to stop Google from spying on me?

I'm not sure you guys are testing properly -- it's quite possible that IE is caching DNS longer than the Fireweasel is -- try your tests by IP address only if you intend to have verifiable results (of course even this is variable since many many servers are behind a given Google IP address). It's also possible that a Layer 7 switch at the Google side is maintaining persistent relationships between IE sessions and given Google servers (presumably ones that are not currently tracking-enabled).

It's probably been mentioned, but of course Mozilla has a (rather unfortunate) financial relationship with Google. They track all hits via the built-in Google search. It's actually discouraged me from using a useful feature!

-- B
--
In a realm outside causality and function

Maybe Google found a better way to track IE users, but I checked IE's history with a 3rd party utility and I see no redirect link after doing the "donut" test. The tracking redirect link is definitely showing up in Opera's history.

I don't see it when using firefox/IE/Opera when searching for donut either right now.

Redirects do appear for me for all 3 browsers when I use other search terms, I noticed this effect a while ago, when checking the ranking of my site.

I remember reading the SEO forums, and no one managed to figure out how google was deciding who and when to send redirects.

My (pure) guess is that they limit it simply because (a) the extra hits are a drain on their resources and (b) they get more than enough statistical sampling from the links they do pseudo-randomly track.

And from an end-user perspective I think it's best to simply assume that Google is always returning tracking links. Either that, or use one of the workarounds discussed above, or just copy and past the URL text if you're feeling tinfoilhattish.

It's really too bad -- one of them many things I admired about Google was that its search results were clean, unlike so many of its competitors. But that went bye-bye a long time ago, along with a lot of other situational ethics sandbags.

-- B

P.S. Note to the alarmists: I'm not saying Google results are tainted -- they're not AT ALL. Ads are still delineated... unlike most everybody else.
--
In a realm outside causality and function

reply to MxxCon
This was posted in the thread that I linked to earlier:

Fruit & Veg

Member

Joined: 06 Feb 2004
Posts: 3

And this is what I see IE6;
Quote:
a href=htp://www.webpronews.com/ onmousedown="returnclk(1,this)"

It is working in Internet Explorer 6 (IE) as shown by "return clk(1,this)"

It would not make much sense to have this type of tracking if it did not work with the one web browser that 80 to 85 percent of the web surfing public uses, imho.:)

reply to MxxCon
This is weekend and I have some time to look at the way how Google works and I have new info. While Google does not do redirection - it uses different method in order to spy on users running IE.

Every time user makes click on a link - Javascript function "clk" adds new "Image" to the Google page resulting in a packet sent to Google site that contains all the tracking info, including from what page the link was called, which particular link was called, destination address and some unique ID (you know what they are designed for). That request is resulting in error 204 (No Content) from the Google web server (of cause they do not have that "Image" for you and it was not the purpose of such request at all), but nobody actually see it. Then link is running and browser makes direct call to destination site.

Again, in case with IE there is no redirection used to track your points of interests, but rather different way to achieve the same result.

So far to avoid running Javascript function "clk" I may suggest:
1. Put Google into pool of Restricted sites - it will turn off Javascript for Google.
2. Use one tiny add-in that I found here. Its name is Mouse Rescue and it adds button on toolbar that allow restore default actions for mouse (very useful if a site that disables right click menu). When Google page is open just press that button and it removes "clk" function from running.
3. I guess that Proxomitron may help here as well (never tried it though)

My point for Google is - business is business and privacy is a privacy... Now Google is my first site that come into Restricted zone.
--
Keep it simple, it'll become complex by itself...

Proxomitron can make quick work of that (and more). :)

[Patterns]
Name = "Kill Google Click Tracking"
Active = TRUE
Multi = TRUE
URL = "[^/]++google.com/"
Bounds = "<a\s*>"
Limit = 256
Match = "\0\son(click|mousedown)=$AV((return|)*)\1"
Replace = "\0\1"

Yes, this filter is working well. hpguru - thank you
--
Keep it simple, it'll become complex by itself...

reply to purelander
Thank you for the link, I pasted the script below, into the folder pointed to in Opera under tools, preferences, javascript options (the button on the lower right side not the check boxes on the left) then labeled the file nomiddleman.user.js. It worked like a charm. I was getting the redirected URL's from google, and am no longer seeing them. I had no idea this feature was even available. Thank You thank you THANK YOU, my affection for Opera now borders on love. I am a bit puzzled by the exclude list, web archive makes sense, of the others perhaps someone with a better security understanding could help out a bit.

Thanks - Now, onto stopping mouse movement tracking!

Script pasted below ---- from - »s95249689.onlinehome.us/nomiddleman.user.js if anyone sees an obvious security risk or problem with this, please DO let me know

// No Middle Man
// version 0.5
// 06.05.2005
// albertb at gmail dot com
//
// Changelog:
// 0.1 Initial version
// 0.2 Added unescape
// 0.3 Ignore javascript links (contributed by superchaes at gmail dot com)
// 0.4 Unescape before looking for http: (contributed by www.arantius.com)
// 0.5 Cleanup and integration of some contributed code
// 0.6 Handle chained redirections and those missing the http part
// 0.7 Improved Yahoo support, quick fix for GeoURL
//
//
// ==UserScript==
// @name NoMiddleMan
// @namespace »0x539.blogspot.com/
// @description Rewrites URLs to remove redirection scripts
// @include *
// @exclude »del.icio.us/*
// @exclude »*bloglines.com/*
// @exclude »web.archive.org/*
// @exclude »*wists.com/*
// ==/UserScript==

(function() {
for (var i=0; i 0) {
url = link.href.substring(start);

// check whether the real url is a parameter
qindex = link.href.indexOf('?');
if (qindex > -1 && qindex -1) {
url = url.substring(0, end);
}
}
// handle Yahoo's chained redirections
var temp = url;
url = unescape(url);
while (temp != url) {
temp = url;
url = unescape(url);
}
// and we're done
link.href = url.replace(/&/g, '&');
}
}
})();
--
"People demand freedom of speech as a compensation for the freedom of thought which they seldom use."

reply to MrDNS

said by ZDNet/CNET :

---

The international watchdog organization said recently translated court papers revealed that Yahoo Holdings in Hong Kong provided Chinese investigators with detailed information that helped them link Shi's personal e-mail account and a specific message containing the "state secret" to the IP address of his computer.

---

If you have Gmail, or a Google ID for its newsgroup service, that ID is linked to your IP. It is very easy to track you down from that information, and especially to log all your searches, newgroup postings, and in the case of Gmail, all your contacts.

Sometimes I get the suspicion that Google is really Carnivore (the internet part of Echelon), initially funded by the NSA, Google itself being an independent front company run as any ordinary privately-held corporation. But, when necessary, I think they have a backdoor for US intelligence agencies to come in any time.

Think about it, Google is indexing and cross-linking just about anything that's on the internet that isn't password protected. Once it links your IP to an email address, it is easy to cross reference that to much more sensitive data. Something as simple as one of your friends calling you by your real name in an email or a forum.

I honestly no longer trust Google, notbecause of suspicions alone, but because of the behavior Google has already demonstrated. You might want to think back to how Google behaved when CNET exposed some of their spying practices.

You had a nice conspiracy going there right up until the end -- but CNET was cold-shouldered by Google not for "their" (Google's) spying practices, but simply for showing how ordinary Google searches can yield so much information (about Google's CEO in this case)...

-- B
--
In a realm outside causality and function

reply to Brano
If you do not use a proxy script filter (i.e. the tiny, tiny mighty Proxo, WebWasher...), this is a great example of why the NoScript extension (as pointed out by Brano ) and it's Global Blacklisting approach is great.

One might also consider deleting NoScript's out-of-the-box "permanent" Whitelisting of Googlesyndication by deleting it from the "noscript.permanent" Value string in about:config.

As Brano , hp3 , and others have reported, when running filters such as NoScript and Proxo, much of these types of issues do not exist, unless you want them to .

»www.noscript.net/whats
»addons.mozilla.org/extensions/mo···0&id=722
--
How to Secure (and Keep Secure) My (New) Computer(s): A Layered Approach

Actually I'm still getting the same links like this

with or without javascript

»www.google.com/url?sa=U&start=1&···site.com

These links don't need javascript to work do they?