Just discovered a breach of security with google
 

This might be something that's known generally but I just came by this today.

How it happened; My son asked me if I have been surfing with his Nexus 7 lately, as it was suggesting words on google search window that I did actually search for earlier this morning.

However, I had been using my laptop to do that, not the tablet !!

Speculation; as both devices are in the same WLAN, which is NATted to outside world, google is storing my IP address and as a shortcut showing the previous queries to any host accessing google afterwards using he same apparent IP address

Now this is really bad behaviour, as there is no guarantee that a particular IP address belongs to any given device after some time has passed, it might well be given to somebody on completely different town, even different country.

Re: Just discovered a breach of security with google
 

Huh, even with different Google Accounts?

I've been noticing the same on my home network (modem hasn't lost power in a year, so my home IP is pretty much static)

Probably a way to try to target the interests of individuals [in a certain area where x is trending, for example].

On my end, I've noticed that sites I frequently visit rank higher even for my neighbors' (same ISP).

Re: Just discovered a breach of security with google
 

Yes, completely different google accounts (in fact I was not even logged in google on the laptop), different OS (Ubuntu vs. JellyBean) and different browsers to boot :mad:

It's good I don't have a habit of googling for stuff unsuitable for children but still... Think about the cases where that happens :eek:

Re: Just discovered a breach of security with google
 

Hahaha, mate what do you mean by this????

:rolleyes::rolleyes::rolleyes:

Don't answer, i'm just kidding you!!!!! :D

Re: Just discovered a breach of security with google
 

Why are u suprised??? Did you really think google is your friend? :eek:

Re: Just discovered a breach of security with google
 

Of course not, dont't be silly. They are there to make money from me. Usually there is a tradeoff, they get stuff from me and I get something in return.

What I thought is that they would be more careful, as this is nothing to do with friendliness.

Being such global hoarder of data they should consider carefully what to leak outside, as that will damage their reputation.

Re: Just discovered a breach of security with google
 

Huh, who even considers googling when logged in? ;) Never ever ...

Time for DuckDuckGo ?

I did not know that. And I can hardly believe, as I am sure almost all private people have an ISP where IP changes all 24 hours (or any period, but not static). And this would not make sense, or? As the same IP may be given to anybody else. Of course they are doing log-in logging and cookie stuff. But IP related ???
Nevertheless this would be only explanation ... :(

Re: Just discovered a breach of security with google
 

Why care ****ing NSA is seeing everything anyway...

Re: Just discovered a breach of security with google
 

Try https://startpage.com/
Duckduck doesn't give the same search results as google and to be ohnest they are not so good for me. Startpage gives the same results as google but without privacy problems.

Re: Just discovered a breach of security with google
 

you didnt knew that??? Even they provide user centric reasults all the time which is disgusting i mean google keeps some sort of record of users searches and provide you with stuff that you want to see and spoof out the ones that are very much relevant because goo thinks that you are less prone to click on them not click on them) i didnt knew that but when i used bing i was annoyed that it gave much diffrent results but relavent and useful to the topic.:) so i use bing when i think its spoffing too much and very much i get the results i was looking for

Re: Just discovered a breach of security with google
 

Tell me something new about GoOgle .....
im dropping GoOgle like a rock..

maybe this could help https://www.startmail.com/

Re: Just discovered a breach of security with google
 

Actually I often prefer DDG-results over google-results. Google tends to leave keywords out of the search seemingly at random when it can't find "enough" results on all keywords.

Either way, DDG has a killer-feature: bang-notations. Put !g in your query, and your search is redirected to google. Put !w in there, and you'll find yourself on the wikipedia page. If you are wary of google, like me, use !sp and you get startpage using google as engine. There are many more.

It's a pity that it takes something like this to show people that all that convenience has a severe downside, and it's troublesome that people give up their privacy and identity so easily to an advertising company like the goog. (and facebook and twitter and ...)

Re: Just discovered a breach of security with google
 

This seems fishy. I know for a fact that google doesn't allow others to use their search engine for free (even google custom search has an API call limit nowadays) and that was one of the reasons scroogle.org was shut down. Also I know that using the google logo if you are not Google is prohibited (http://www.google.com/permissions/using-the-logo.html).

So either google knows it and tolerates it (why should it?) or it is run by them to create a false sense of privacy.

this makes no sense, there are IP addresses used by thousands of people like in universities or companies.
the only explanation is a cookie of a google service (can also be YouTube, Picasa or whatever) left in your browser.
check your cookies! and i recommend to delete them quite often...

edit: example to make it clear, maybe your son logged in to YouTube on your laptop and closed the tab without logging out, so when you are searching, for google its him, because his cookie is left in your browser.

Re: Just discovered a breach of security with google
 

That seems not possible. As I said, 2 different machines, a laptop and a tablet.
I never touched the tablet, and still google suggested search results based on my earlier searches with the laptop.

Now if you can imagine how a cookie got to the tablet from my laptop, i'd realy like to know :D

Re: Just discovered a breach of security with google
 

Off-topic: Filter Bubble
DuckDuckGo
Ixquick powering StartPage
Best wishes.

Re: Just discovered a breach of security with google
 

Have to agree with Fuzzillogic - ddg with the bangs is a beast once you learn the ones you commonly use. For instance, I can search lots of sites directly and use it to access all my favourite sites from typing very little. I also like the fact they try and get you an ssl connection wherever possible.

Re: Just discovered a breach of security with google
 

The only question NOT ASKED in this thread is the following:

Were you using Chrome or Firefox in sync mode? I experience this result ONLY after I got my Firefox browser synced all over my computers, the cookies gets synced between the pc's and so you get that result.

And how is that EVEN A SECURITY BREACH?

Also, why the hell are you hiding from, why DDG, I use BING on my phone and Google on my pc's and tablets, and I love it how they analyze all my activity and makes my searches even more relevant.

Are you somehow 12 and hope your mommies don't find out about your little porn secrets?

Also, for a really good hideout, just use TOR Project and you are GOLD!

Re: Just discovered a breach of security with google
 

Well, that's not, what i meant. Please read my edit in post #14, i explained it in more detail. In short: your son forgot to log out of a google service on your laptop.

Please don't get me wrong, i'm no fan of google. I just don't think it's ok, from a thing that only happened once and only happened to you to come to that conclusion without making any further test.

You can do the following 2 tests (with different search-terms of course):

1. if you still have all your cookies, use another IP address ( for example by VPN) and try the same.
If it still happens, it has nothing to do with IP, it's cookie based

2. use a browser with absolutely no cookies and try the same (now with the same IP like your son again).
If it still happens, you seem to be right.

And also the question to all others: can anyone reproduce the behaviour described in the first post?

Re: Just discovered a breach of security with google
 

Agreed. Not only that but Google filter bubbles search results, so if fw190 is getting the same search results with Start Page as with Google as he has claimed, then it would imply that he is still being tracked and therefore no advantage to using Start Page over Google.

Re: Just discovered a breach of security with google
 

Basically startpage submits search data to google but without any identifiable information in it. So google still gets searches made etc but without knowing who did so... Whether this is tolerable by them I don't know but its certainly more preferable to using Google.

I get results in different orders when using both search engines. For example searching for "blazink" on startpage gives me first links to restaurants in the US with that name and then Flickr results while google does the opposite presumably due to me being far away from the US...

Re: Just discovered a breach of security with google
 

I think that maybe startpage is puting some money into google pocket for using their search engine for their needs. If fast all people use google where I live and I run an internet news site I have to see where my posts land at google in my country. Few days ago I told my friends why I left facebook (the company page is left for obvious reasons) and moved to startpage they all made bigg eyes and thought I had gone bannanas. Hell they even made phone calls what is wrong. DuckDuckGo doesn't show me what my reder is seeing. Also for personal use it is not as good for me because even if I filter the serach to my language or made it preferable I get tons of links in English which is ok sometimes but still... I like to read in my own and not English here English there all day :)

Re: Just discovered a breach of security with google
 

Google solution: tell all your friends and family to log in their Google account so they see only personalized search history and don't receive the general , per IP search history we will send anyway.

My solution: block locally running Google predictive scripts, use the 90's version of this search engine, or better use a Google proxy like Startpage.com , block all other unnecessary Google services in your browser by Noscript, block all possible Google tracking servers on your personal firewall and router firewall.

You don't need Google, Google needs us. Let them pay for what we give them or at least don't hand it to them for free.

Make websites shift their focus to ranking in Duckduckgo or IXQuick

Re: Just discovered a breach of security with google
 

First, I have full right to hide my own private activities from anybody and everybody. I don't want CIA digging through my web-activity just because most of Internet traffic goes, one way or another, through their country. Using SSL when you can is good, but not quite enough. One of my actions is security through obscurity; multi-tasking, using several websites and webbrowsers for the same purpose, using one website and one browser for several purposes at once; generating an excessive amount of information, defragmented into small pieces which can be put together in many different ways, like a mosaic, using multiple layers which do not make sense separately, while finding connections between them, similar to control points of photograph-stitcher, is mind-boggling for any outsider (unless he has direct 24-7 access to my screen, but hopefully, they are not that determined to break into my computer).
Second, I am an adult, not a child, even though I sometimes wish I could have returned to the past, 50-100 years earlier. Also, I expect that everybody has kept secrets from parents, at one stage or another, if only to surprise them with a gift for a celebration - there is no shame in keeping secrets, in having privacy. And there are much more interesting things to do than break laws just for the sake of rule-breaking.
TOR project is good, but I am too lazy to join in. To be a true TOR user, you have to make effort to not use different identities during one session, to not give away any personal information about yourself. My principle of overloading the observer with seemingly unconnected bit and pieces seems to be quite opposite to Tor's anonymity.
Best wishes.
_________________
Per aspera ad astra...

Re: Just discovered a breach of security with google
 

Wiki, I understand your point of view, but look at it this way, you can use whatever, SSL, DDG, TOR, and if CIA or whatever other organizations like this want to track you, they can! Is it surprising that even now some TOR (which is supposed to be the most secure internet browsing) exit points can be detected and traced back to you? If normal people can do that, think about since when the CIA can d that.

The second point of view I would like you to think about is this: Ok, you have the right to hide every personal information you want, and you hide it maybe from some of your friends (who can maybe use that against you), from your family (which can spoil a surprise), from your girlfriend (which can show her that you were cheating - i'm joking of course). So in addition, you hide info from the circle of friends around you. Now, CIA gets all that data, and a unknown agent from USA reads it, he don't know you, you have no relation with him/her, so why even bother caring that an unknown person can see what you are using your internet for. You are not a corrupt politician, you are not part of the mafia, you are nothing to be a headline for the CIA to track you in particular, you are just a user, one user out of several millions that get trough those CIA filters... So WHY EVEN CARE?

Re: Just discovered a breach of security with google
 

Well, first, CIA-and-other-spies are not omnipotent. Or they would have cracked down on WikiLeaks and Anonymous, already. Though, I have to admit that tracking a person is much easier than stopping a person from travelling, or from exchanging information with another person.
I am a hopeless optimist. I know that it is impossible to stop them from tracking me - if they want to spend time and energy tracking me - but I am not going to make it easy for them.
Because I want to cause such a massive headache for whoever wishes to track me that they will give up on their attempts to track all Internet users. You want to know my name, my location, my hobby, my opinion on a particular topic, my dream?.. Do not track me, do not stalk me, just ask me - it will be easier. I may not answer you at once, I will ask why you want to know this, but it will still require much less effort from you than attempting to track me. I hope CIA will get it through their thick skulls, with time. If a human googles for home-made explosives, it doesn't make him a terrorist or a pyromaniac. If a human doesn't google for home-made explosives, it doesn't prove that he isn't knowledgeable enough to make explosives at home. If I discuss explosives excessively, it doesn't mean that I know, or intend to know, anything about them. Attempting to ascertain anything about a person by tracking their Internet activity is a waste of time, and I would have liked to see a 'game' where one team uses Internet and another attempts to track them, and observe how the first team tricks the second team into quite false conclusions.
Best wishes. By the way, do you remember the 'recent' news about Google giving some-information-about-users to government, on government's requests? If everybody used startpage.com instead of google.com, Google would have had no information to give to the government. Right?

Re: Just discovered a breach of security with google
 

Do you happen to have curtains in your house? If so, why do you care that strangers can look inside and see all the activities you're doing in there? You're not a corrupt politician, you are not part of the mafia, ..

Well, I for one just don't want anybody to peak inside.

Furthermore, you don't know how the data collected about you online will be distributed, processed (correlated, passed through models etc.) and used, whether that might be in the present or in the future. I am simply not comfortable with people tracking & profiling me, you will never know what might come out of it, when and by who. It's pretty scary how easily you can discover or generate new, interesting data from a big pile of seemingly non-interesting data. And remember: storage and computing power is cheap these days.

So don't just give out a free pass to track you when you got "nothing to hide", especially to strangers. Not knowing what one will do with your seemingly non-interesting data should be enough reason to not give it away. That's at least why I care.

Re: Just discovered a breach of security with google
 

Theox,

I can't believe your statements, coming from a Romanian. I spent a couple of months there, late ninetees, and I still remember people telling me of how afraid they had been, not only of the government or their police or intelligence agencies, but also of each other, as many remembered being reported to the government by their fellow villagers, for little "crimes" as not reporting a sleep-over at somebody else's house in a different village.

What would you advise this man?
http://www.youtube.com/watch?v=6wXkI4t7nuc

Re: Just discovered a breach of security with google
 

Well the funny thing is that I don't really have curtains, when I designed how I want the place where I live to look like I designed it as clean as possible. Personally, in my opinion, curtains are so ... not so modern. And yes, trust me, I don't care if people peek inside my house, they SEE WHAT? ME NAKED OR WHAT? That's what I do inside my home, eat, sleep, take a bath and maybe watch a movie, what's so special about that?

Because that was just after the fall of the communism. People were still terrified about what happened during that period. It's over 20 years now since the fall of the communism, I ain't afraid of nothing.

P.S. Don't forget, even if you don't let Google or whatever track you, and you do the best you can to hide, remember this: YOUR ISP IS WATCHING!

Re: Just discovered a breach of security with google
 

I do not sync my browsers, and how could this be possible since I use the laptop, and my son uses the Nexus, and neither have touched the other machines?

Read back to my original posting, Google revealed information on my queries to another person's machine. How is that NOT a sequrity breach?

Now I never talked about startpage or DDG, that was other people.

All the opposite, I was worried that children might get something not suitable for their eyes if somebody else (not specifically even of same household) has made queries that resulti onto such links.

Just read back what I posted in the first place, please.

Re: Just discovered a breach of security with google
 

this is going intresting :D surely cia nsa will have a look at this thread :D

Re: Just discovered a breach of security with google
 

Still you should check if somehow your son didn't use the sync option or you are sharing somehow the same account. On routers all your computers get an internal IP inside the router but the outside IP is the same for all of them. Maybe google detects that the other machine didn't have the updated cookie (with your search queries) and downloaded when the other computer connected to the network.

Also is your son using his own Google account (for Google Play for example) or is he using your account (maybe to BUY apps or stuff like that)?

Please try to reproduce the problems and check each and every sync option. Better it would be to post some screenshots with the problem!

P.S. I never quoted your post, when I was discussing about DDG and stuff like that I was discussing with the rest of the users here.

If you want your son not to be exposed to stuff not intended for his eyes here is the best solution:

• Open up your router configuration and check which internal IP was given to him.
• Go to DHCP setting and add a custom rule for his ip to switch from dynamic to static (so he would always have this inside the network).
• Add custom rules with bad websites that you know he could visit, or you visited and you don't want him to visit.
• Set those custom rules only for that static IP and your kid is safe.

Re: Just discovered a breach of security with google
 

No, he never has used the machine, only I have user account on this laptop.

Also, I never use his Nexus, altough I have created a google account for him on it.

I will have to try to test this again.

Re: Just discovered a breach of security with google
 

So, i'm pretty sure, after the creation of the account, Google logged you in automatically, or you logged in to test the account and did not log out.

When your son starts Chrome on his Android device he is logged in by default.

I just want to make clear, that the reason why this happens is not based on IP, it's based on cookies. So when using services like Google or FB, never forget to log out, it can have really ugly side-effects.

And in general: setting the browser to delete all cookies, when closing is a good advice, i think.

Re: Just discovered a breach of security with google
 

Google/fb dont care if you are logged in or not, they read your cookies and connects you to your account anyway.

Re: Just discovered a breach of security with google
 

Google can very well distinguish between a "domestic" IP or a "school" or "business ip". Those RIPE-lists are public. They know you're connecting from a home.

THANK YOU! Thanks to this thinking I can browse the web without being tracked (well, by commercial entities at least) with ease!

Imagine if the majority would use privacy-enhancing software, would use decentralized social media, would use the likes of ddg, sp or ixquick, then the advertising industry undoubtedly would take much more / even more elusive and harder-to-filter measurements to track and spy on people. Now, all I have to do is install Ghostery.

So please, do continue! Continue disregarding the effectiveness of statistics, so your surprisingly and ever increasingly accurate profile can be sold off to the highest bidder! Continue to being influenced by marketeers which try to manipulate you in ever more clever ways! Continue to think those companies make you such a great offer which will practically costs them money but will improver your life! The more people which think like you, the less marketeers will "need" me, the less they will try to know me, the less they bother me.

Marketers might not get interested in you, but what about governments? Maybe in the sea of "nothing-to-hide's" you'll look like you have something to hide. And as those of us who value privacy get fewer and fewer it *will* be easy to be scrutinized more and more.

And it's impressive what interests or actions might be considered questionable.

I think I want to travel back to the 80's... I might even buy a walkman.


Edit: Btw, TheoX, how do you think communism stayed there so long?

Re: Just discovered a breach of security with google
 

It's not the point whether you have or do not have something to hide. The point is, governments tend to have an interest in their subjects that goes way beyond them being brave citizens, tax payers and consumers.

What is the point then, you may ask? Well, that point is: It's nobodies business what I do with my life, beit online or offline.

You want to share everything you do? Please, go ahead. But leave me out of having to watch your activities. And neither would I appreciate to become part of the surveillance pool of the authorities because people say "that they have nothing to hide" and there fore it's OK to spy on everyone...

Did you check the youtube link I posted?
http://www.youtube.com/watch?v=6wXkI4t7nuc

Re: Just discovered a breach of security with google
 

It should be noted that Startpage will not allow searching if you have a blank user agent:

As it has been shown that the user agent is a form of identifying information, one does wonder why a privacy oriented search engine requires it. Especially since they claim not to track it (and a bot could easily forge such information so it couldn't be used to stop automated queries).

However, it doesn't change the fact that that's certainly true.

Re: Just discovered a breach of security with google
 

Now this looks fishy and makes me think of duckduckgo.com but the serach doesn't give good results... and again I start moving in circles :)