O'Reilly logo

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Googling Security: How Much Does Google Know About You?

Book Description

What Does Google Know about You? And Who Are They Telling?

When you use Google’s “free” services, you pay, big time–with personal information about yourself. Google is making a fortune on what it knows about you…and you may be shocked by just how much Google does know. Googling Security is the first book to reveal how Google’s vast information stockpiles could be used against you or your business–and what you can do to protect yourself.

Unlike other books on Google hacking, this book covers information you disclose when using all of Google’s top applications, not just what savvy users can retrieve via Google’s search results. West Point computer science professor Greg Conti reveals the privacy implications of Gmail, Google Maps, Google Talk, Google Groups, Google Alerts, Google’s new mobile applications, and more. Drawing on his own advanced security research, Conti shows how Google’s databases can be used by others with bad intent, even if Google succeeds in its pledge of “don’t be evil.”

  • Uncover the trail of informational “bread crumbs” you leave when you use Google search

  • How Gmail could be used to track your personal network of friends, family, and acquaintances

  • How Google’s map and location tools could disclose the locations of your home, employer, family and friends, travel plans, and intentions

  • How the information stockpiles of Google and other online companies may be spilled, lost, taken, shared, or subpoenaed and later used for identity theft or even blackmail

  • How the Google AdSense and DoubleClick advertising services could track you around the Web

  • How to systematically reduce the personal information you expose or give away

  • This book is a wake-up call and a “how-to” self-defense manual: an indispensable resource for everyone, from private citizens to security professionals, who relies on Google.

    Preface xiii

    Acknowledgments xix

    About the Author xxi

    Chapter 1: Googling 1

    Chapter 2: Information Flows and Leakage 31

    Chapter 3: Footprints, Fingerprints, and Connections 59

    Chapter 4: Search 97

    Chapter 5: Communications 139

    Chapter 6: Mapping, Directions, and Imagery 177

    Chapter 7: Advertising and Embedded Content 205

    Chapter 8: Googlebot 239

    Chapter 9: Countermeasures 259

    Chapter 10: Conclusions and a Look to the Future 299

    Index 317

    Table of Contents

    1. Copyright
      1. Dedication
    2. Preface
      1. Who Should Read This Book
      2. Why Google?
      3. A Map of the Book
      4. Endnotes
    3. Acknowledgments
    4. About the Author
    5. 1. Googling
      1. The Digital Big Bang
      2. Google: The Nation-State
      3. Just Google It
        1. Information Disclosure: A Closer Look
      4. Risks
        1. Information Disclosure Scenarios
        2. Trend Away from the Desktop
        3. Data Retention and Permanence
        4. Trust
      5. Information Is a Slippery Thing
        1. Deliberate Sharing with Third Parties
        2. Accident
        3. Malware and Software Vulnerabilities
        4. Targeted Attack
        5. Legal Compulsion
      6. It’s Just Business
        1. Google Addiction and Dependence
      7. Summary
      8. Endnotes
    6. 2. Information Flows and Leakage
      1. A Matter of Trust
      2. Information Flows and Leakage on a PC
        1. Networks
        2. Peripherals
        3. EM Radiation
        4. Sound
        5. Power Lines
        6. Humans and the Things They Carry
      3. Data Communication on the Network
        1. Information Flows and Leaks on the Internet
        2. Google versus an ISP
      4. Summary
      5. Endnotes
    7. 3. Footprints, Fingerprints, and Connections
      1. Basic Web Interaction and Data Retention
      2. The Trail You Leave Behind
        1. Web Server Logs
        2. IP Addresses
        3. Browser Header Fields
        4. Cookies
        5. HTTP Referer Data
      3. Semantic Disclosures
        1. Registered User Accounts
        2. Web Site Navigation
          1. Inter–Web Site Navigation
          2. Intra–Web Site Navigation
      4. Uniqueness and Behavioral Targeting
        1. Behavioral Targeting
        2. Uniqueness
      5. Connections
      6. Summary
      7. Endnotes
    8. 4. Search
      1. What’s in a Query?
      2. Over Half a Million Search Engines
      3. The Many Faces of Search
        1. Search Box and Related Applications
        2. Advanced Search Operators and Google Hacking
        3. Other Search Vectors
          1. Google Alerts
          2. Google API
          3. Site-Based Search
          4. Desktop Search
          5. Enterprise Search
      4. Risks
        1. Driving Traffic
        2. Finding Incorrect Things (or the Perils of SEO)
        3. Finding Malicious Things
        4. The Search Queries of Others
        5. (Self) Censorship
      5. Fingerprinting
      6. Summary
      7. Endnotes
    9. 5. Communications
      1. E-mail
      2. Voice, Video, and Instant Messaging
      3. Groups
      4. Mobile
        1. Text Messaging
        2. Mobile and Location-Based Search
      5. Risks
        1. Dependency
        2. Traffic Analysis
        3. Archiving of Messages
        4. Eavesdropping, Filtering, and Alteration
        5. Language Translation Disclosures
        6. Convergence
        7. Emergent Social Networks
        8. Computer Analysis of Communications
      6. Summary
      7. Endnotes
    10. 6. Mapping, Directions, and Imagery
      1. Information Disclosure
        1. Basic Interaction Revelations
        2. All the Risks of Search, Now with Locations, Too
        3. Privacy-Degrading Personalization
        4. Linking User Classes via Geographic Relationships
        5. All Roads Lead to Rome
        6. Tracking Your Movements via Mashups
      2. Content Is a Threat, Too
        1. Basic Imagery Analysis
        2. If Something Is Sensitive, Just Obscure it
        3. Accuracy and Deceit
        4. Street-Level View
      3. Summary
      4. Endnotes
    11. 7. Advertising and Embedded Content
      1. Cross-Site Tracking
      2. Advertising
        1. AdSense
        2. AdWords
        3. Google DoubleClick
      3. Advertising Risks
        1. Malicious Ad Serving
        2. Malicious Interfaces
        3. Hostile Networks
        4. Affiliate Services
        5. Facebook Beacon
      4. Other Cross-Site Risks
        1. Google Analytics
        2. Chat Back
        3. You Tube Videos
        4. Search on Your Web Page
        5. Friend Connect
        6. Embedded Maps
      5. Summary
      6. Endnotes
    12. 8. Googlebot
      1. How Googlebot Works
        1. Googlebot’s Footprints
        2. robots.txt
      2. Risks of Googlebot and Its Cousins
        1. Spoofing Googlebot
        2. Placing Sensitive Information on the Web
        3. Google Hacking
        4. Evil Bots
      3. Summary
      4. Endnotes
    13. 9. Countermeasures
      1. Patching Users
        1. Raised Awareness
        2. Know What You Are Disclosing
        3. Usable Security
      2. Technical Protection
        1. Controlling Cookies
        2. Diffusing or Eliminating your Disclosures
          1. Content Filtering
          2. Self-Monitoring
          3. Search Term Chaffing
        3. Encryption
        4. Protect Your Network Address
          1. Anonymizing Proxies
          2. Tor
          3. Employ a NAT Firewall
          4. Alternate Surfing Locations
        5. Avoid Using Registered Accounts
        6. Minimizing Data Retention on Your Computer
      3. Policy Protection
        1. Do-Not-Track Lists
          1. Individual and Organization Policies on Web-Based Information Disclosure
          2. The Policies of Online Companies
        2. Petition Law and Policy Makers
        3. Support Privacy Organizations
        4. Data Generation, Retention, and Anonymization
          1. Reduce or Eliminate Data Generation
          2. Reduce or Eliminate Data Retention
          3. Pay for Privacy
          4. Data Anonymization
      4. Summary
      5. Endnotes
    14. 10. Conclusions and a Look to the Future
      1. Foundation and Google
      2. The Global Battle for the Network Continues
      3. Google Is Dead, Long Live Google
        1. Gunning for Google
        2. Power Struggles Continue
        3. Mergers, Acquisitions, and the Death of Google
      4. New Vectors and New Users
        1. Web Applications
        2. Sensors and RFID
        3. Web 2.0
      5. Parting Thoughts
      6. Endnotes