Personalization is a key part of Internet search, providing more relevant results and gaining loyal customers in the process. But new research highlights the privacy risks that this kind of personalization can bring. A team of European researchers found that they were able to hijack Google's personalized search suggestions to reconstruct users' Web search histories.
Google has plugged most of the holes identified in the research, but the researchers say that other personalized services are likely to have similar vulnerabilities. "The goal of this project was to show that personalized services are very dangerous in terms of privacy because they can leak information," says Claude Castelluccia, a senior research scientist at the French National Institute for Research in Computer Science and Control, who was involved with the work. The work will be presented this summer at the Privacy Enhancing Technologies Symposium in Berlin, Germany.
The researchers got hold of personal information by taking advantage of the fact that Google uses two different protocols to communicate with its users' browsers. Google protects sensitive information, such as passwords, by using a protocol called "https" that encrypts the data as it's communicated. Other times, when dealing with search queries for example, Google uses the ordinary "http" protocol, which sends information back and forth in the clear. The researchers say this mixed design can inadvertently reveal information.
To read the full, original article click on this link: Technology Review: Peeking Into Users' Web History
Author: Erica
Naone