Google – PrivaSecTech Wed, 13 Nov 2019 18:34:17 +0000 en-US hourly 1 Change your default search engine Sat, 10 Nov 2012 23:40:23 +0000 Continue reading Change your default search engine]]> Most of us use a search engine such as Google or Yahoo daily without taking much time to consider the inherent privacy implications.  If you have some time, I recommend you review the privacy policy of startpage and DuckDuckGo as they’re easy to understand and informative about the risks of using search engines, and then for contrast check out Google’s privacy policy. If you’re like me and make your online privacy a priority, the information found in these privacy policies will lead you to want to cease using Google and choose between startpage from ixquick, and DuckDuckGo for your online search needs.  Neither of them collect or share your personal information (this is not the case with Google).

While you can use either these pages for search, I recommend you choose one to be your new default search engine once you have a preference. Make sure you choose the https:// (secure) option and not the http:// version!

If you’ve done this correctly, now you can securely and privately search using the URL bar of your browser.

If you know of any other privacy-forward search engines, let me know!

]]> 1
ixquick, an alternative, privacy forward, search option Tue, 13 Mar 2012 18:08:54 +0000 Continue reading ixquick, an alternative, privacy forward, search option]]> I mentioned a few months ago for those wanting to leave Google search to give DuckDuckGo a try. There’s another alternative as well, called ixquick. Give it a try as well, and see which one you like the best. You can follow the DuckDuckGo post to make ixquick your default search engine as well.

Google now offering secure search Sat, 22 Oct 2011 01:28:48 +0000 Continue reading Google now offering secure search]]> It’s not often we’ve given Google credit for privacy or security steps, but this week is one of them. Following the steps by Facebook and Twitter we announced back in May, five months later, Google has just announced they are now offering SSL searches! Mind you this is a more significant step than that of Facebook or Twitter, as those involved in SEO/optimization will quickly realize that search keyword data is no longer provided to you as the web manager (They’ll provide you the top 1000 through their webmaster tools). And while optimization folks won’t be pleased, on behalf of the privacy and security community, I would like to give credit where credit is due, thanks Google!

Tech tip: Both and work now, update all of your Google bookmarks, so others between you and Google can’t quietly see what you’re searching anymore!

Duck Duck Go Fri, 22 Jul 2011 18:23:07 +0000 Continue reading Duck Duck Go]]> You’re likelty using Google as your default search engine; and they’re undoubtably good at search. The challenge to me is what are they doing with the information they receive, and that is what this article is about. In the last year I’ve started using DuckDuckGo as my search engine of choice. The main reason is their excellent privacy policy. You can read their one line of “DuckDuckGo does not collect or share personal information” which is something that Google, Bing, or no other search engine I’m aware of offers, and I suggest you read through their entire policy which explains why this is important.

For the techies reading this, check out these enhanced techy search queries, and for the rest of you, check out their general enhanced goodies not to mention their handy bang! shortcuts, like “!define privacy“.

In Chrome, if you right click in the URL bar and choose “Edit search engines”, you can make DuckDuckGo your default, which is what I’ve done.

In Firefox 6, you can choose “Manage search engines” from the google search logo pulldown beside the URL bar and add DuckDuckGo.

Congratulations, your searches are no longer being collected, leaked and shared by your search engine!




Where does Google’s censorship end? Thu, 27 Jan 2011 01:01:34 +0000 Continue reading Where does Google’s censorship end?]]> It’s been well reported on Google’s kowtowing to the Chinese government in regards to censorship. This was based on the requests of a foreign government. However that was recently changed.

More recently, I’ve discovered that Google censors specific domain names from using its hosted Google apps service. In the example below, a combination of letters in the domain name spell a swear word, like PenIsland:

Just when I start to wonder how many other things they filter, it is discovered today they’ve decided to start filtering based on requests from the American private sector movie and music industry! As reported today by Torrentfreak, they’ve even gone as far as forbidding keywords such as “uTorrent”, which is completely legal software used to download things using peer two peer networks. If you’ve ever downloaded Ubuntu GNU/Linux for example, you likely used this impressive technology. The implications of such a simple filter are staggering, it has the ability to kill a company, as well as a network protocol.

While Google had often been thought of as being open and free, even though they had the potential to filter out content, domains, software, and network protocols, the fact that they’ve now demonstrated their ability to filter each one of these means it’s time for us to hope for some competition.

What does Google’s Street View know about you? Wed, 08 Sep 2010 20:47:31 +0000 Continue reading What does Google’s Street View know about you?]]> There is a lot of attention on Google right now due to the fact that Google had cars driving around the world, collecting photographic data so that it could add this information to its Google Maps database. This means they can most likely now publish what the front of your house looks like on a given day, without your consent.

To try it yourself, go to Google maps , look up your address, and then drag the yellow man on the map to your house. You should now see what your house looks like. By doing this, you’ve also now informed Google that — this is likely your house, attached to your IP address (uniquely identifying information about your internet connection).

The most popular part of this story is that they were sniffing wireless payloads while driving around the entire planet gathering this video data. What this means, is whatever you happened to be doing on the internet at the moment they drove by, Google now has that information. What could this actually mean? If your computer happened to be checking your email in the background while the Google car drove by your house, they likely now have your username and password for your email, as well as any emails your computer was retrieving at this time.

One of our major concerns also worth mentioning is that as a result of their packet sniffing Google now have a global database of SSIDs attached to MAC addresses. For the non techies reading this, the SSID is the identifier of your wireless network, whatever name you gave it “Ed’s house” for example, not a big deal, easily modified. MAC addresses on the other hand are unique, the addresses are assigned by the product manufacturer and identify the product you are using to access the internet. This is not easy to change for the average person.

Google now possesses a database of the unique identifiers of [how many?] computers around the world? Every law enforcement and intelligence agency’s wet dream. What does this mean to you? If myself as a techie spoofs (fakes) my MAC address to look like your unique MAC address, and I hack NASA, they could look in this database and see if they found that MAC address while driving around. If they find the MAC in their database, they know exactly where that computer was, at least at the time they drove by. What about the next time a whistle blower posts a video showing law agency abuse on public citizens? Is that event enough of an incentive for law agencies to seek out this information? This is an immense amount of information for them to have!

What is Google’s response to the media attention? It was an accident. They didn’t mean to packet sniff the entire world via the thousands of vehicles that drove millions of streets around the world.

A few steps you might want to take:

* Change the SSID in your wireless access point (AP)
* Learn how to spoof your MAC address on whatever operating system you use
* File a complaint with the appropriate body; in Canada this would be the appropriate privacy commissioner. As of writing this, I would suggest the federal privacy commissioner as she is working this issue currently.

Web server logs Tue, 12 Jan 2010 01:38:55 +0000 Continue reading Web server logs]]> If you’re looking at a web site in your web browser (Firefox, Internet Explorer etc), it is being served by a web server.
According to Netcraft over 50% of web servers now are using Apache. For logging, most people use the extended log file format. Here is how a standard log looks when someone goes to - - [11/Jan/2010:17:21:09 -0800] "GET / HTTP/1.1" 200 3245 "-" "Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20100106 Ubuntu/9.10 (karmic) Shiretoko/3.5.8pre"

What does all of this mean? The first number is the IP address. It’s the internet’s version of your home address.
Then, we have the time, and date of the request. Next, we have the request sent from the browser, the status of the request (was it successful?) and size of file transfer. After that we often get the web browser and operating system version.
This user was using Ubuntu Linux 9.10 and Firefox 3.5.8pre.
This information goes to every website you visit.

Your information was just logged:


There is a lot of information that can be gathered from these logs, both useful and malicious. One could write software that would only be delivered to visitors with a certain operating system, browser, or even people coming from a certain address.

Think about how much information Google must have on you. Every Google search you have ever done. Now think about Google Adwords. For every website (millions?) Google Adwords advertising suite is on, Google now get all of that information as well.
Then there are web servers that run Google analytics. You might not even know you’re going to a website that is providing your surfing habits to Google at no charge.
Just to put this into perspective, Google made 12 Billion dollars in 2008 with this information, it is valuable.

Not to pick on Google, think about the same concerns with Facebook. They log every transaction you’ve ever done, and will never delete it. What might they do with that information in the future? What would you do if you had the entire web surfing history of millions of people and/or their online social interactions?

We do keep web server logs here at PrivaSecTech. After one year we archive them, after two years we delete them.

If you use Firefox, you might be interested in User-Agent Switcher. It allows you to fake your browser and operating system. This is handy if you prefer to keep this information private, or if you go to a website that says “This website only works for this type of operating system or browser”, you can configure the User-Agent switcher to provide that information.
If you try it out, hit F5 to reload this page and try it out. Did the information logged about you above change at all?

The other information you may wish to hide is your IP address, but that is a little more difficult. For that you will want a proxy, a machine in the middle of you and the target website. Your ISP may offer a web proxy, ask them. You can also use an anonymizer web proxy like Tor. Just note that the more proxies you go through, the slower your web surfing experience.

]]> 0