Web Surfers Forced to Choose Security or Anonymity

I found an interesting news piece on a Google service that helps protect Internet surfers from malicious sites. Google Safe, is supposed to help protect you from malware by letting you know when you're about to enter a dangerous site. But at the same time it records your IP address and leaves a cookie behind.

Because of that cookie, it knows when you're using an anonymous proxy and when you're not, and can tell you are coming from different IP addresses.

In essence it's gathering data about browsing activities that users are trying to keep secret, a researcher told attendees at the Black Hat security conference last week in Las Vegas.

PC World explains it this way:

Google Safe, a database service that warns Internet users when they are about to enter infected pages, marks browsers so the users can be identified even if they proxy all their traffic through another IP address, says Robert Hansen, CEO of Internet security firm SecTheory. "It's a privacy-security tradeoff," Hansen says.

Firefox and Chrome browsers are both susceptible to the problem, he says. Others may be as well, but Hansen hasn't tested them.

Browsers routinely connect to Google Safe as often as 30 times per hour to download updated lists of sites Google has found to be dangerous. When users attempt to connect to these sites, the browsers display a warning that they are potentially unsafe so users can avoid them.

These same users might also want to mask their Internet activity by directing their traffic through proxy sites, but Google gathers data that reveals the actual machine, Hansen says.

When browsers connect to Google Safe, the service leaves a cookie in the browser. If a user subsequently turns on an anonymizing proxy, Google will have a record of that cookie resolving to two different IP addresses – its actual address and the proxy address, Hansen says.

So the user will expect to thwart anyone trying to find out where their traffic comes from, but Google's logs would associate the proxy address with the user, he says. "Google knows you have two IP addresses associated with that cookie," he says. "They can correlate it, but the question is, are they doing it?"

To remain anonymous, users can turn off the auto-update feature in their browser that gathers fresh unsafe URLs from Google Safe, but that is a bad idea, too. "It protects you from malware and phishing sites. It's really important to the public. That's why it exists in the first place," Hansen says.'

The Chrome browser gathers more identifying information – a hash of the machine ID and of the user ID, he says. That means proxied traffic can be traced to not only a particular IP address but also an individual machine at that address. Investigators would have to enter the machine ID and user ID into the browser, have the browser hash it, and match the results with the hashes logged with Google Safe to identify a suspect machine, he says.

How far back an individual's Internet activity could be tracked depends on how long Google Safe maintains its logs, he says.

Just another reminder, there's not much you can do today in true privacy, even if you decide to use an anonymous proxy.