tssci security

More on Google Analytics: Now with Stolen Search Queries!

In my earlier article on Using Google Analytics to Subvert Privacy, I demonstrated how dangerous free tools could be to match privacy information to web clicks.

But now that Google has updated their Analytics service to support internal search queries, you can now link user privacy information to search data, as well. Now everyone can be as famous as AOL, get reported to the FTC, and get your own stalk your users website. Although, unlike AOL, you can't fire 2,000 people in one day.

A month ago, I helped run a conference called Lulzcon in downtown Chicago. I met Virgil Griffith there, who spoke about a famous application he wrote called WikiScanner. We discussed some of the privacy issues around these sorts of tools, and I think this applies back to the original arguments about Google Analytics.

Marcin wrote back in mid-August about safer browsing, but that's only the beginning. RIA/RCP's are about to explode, and you can bet that Google, Microsoft, Yahoo, eBay - and all the major players will be utilizing this technology. As we've seen with Java and Flash applets - access to the local network stack can be devastating to both your privacy and intranet/home security when accessing the Internet. This isn't meant to scare you, it's meant to warn you how to think differently and react to what will likely be the new attack paths of 2008. I also hope that the "big browsers" will start to react to these growing problems.

You've probably heard a lot of push-back from Google about privacy issues. They aren't really doing a lot about it other than keeping their applications up to high quality and security standards. They have played down click fraud. They have played down blackhat SEO, while gaming PageRank seems to be still very popular. I even ran across a very interesting website called Google Rankings.

If you want to learn more about Google Analytics, I highly recommend this article, and their blog/website, LunaMetrics (including a new article on Analytics for Site Search). There is also more information at EpikOne and TheMilk, and you can read more about general information on analytics by joining the Web Analytics Yahoo Group.

Posted by dre on Wednesday, October 17, 2007 in Conferences, News, People, Privacy, Security and Tech.

blog comments powered by Disqus
blog comments powered by Disqus