Sunday, November 6, 2011

Bad Portents: the death of Google Desktop Search

I didn't see any coverage of the official death of Google Desktop Search (GDS) a couple months ago. While it may have gone quietly into that dark night, its passing troubles me. Back in the XP days, GDS was under active development and it had an absolutely killer set of features, its search was unsurpassed, and it handled all sort of various and sundry types of information.

Nothing has come even close to GDS since then (on windows at least - i can't speak for osx). Windows Search blows chunks, and all its alternatives are even worse. I have no idea what Google's calculation was on this one. Certainly they realized that windows search tools suck. Maybe they just didn't see profit in it (not like that's stopped them in the past)?

It's been a frustrating couple years as google has let GDS fester, has let its desperate user base senesce with a sense of bitterness, and finally called the time of death as September 2011. This funeral leaves me with no closure. I need desktop search. You need desktop search. We all need desktop search. Who's going to give it to us? Certainly not Microsoft. If not google, then who?

Tuesday, September 27, 2011

What is really needed for web privacy

I've blogged in the past about various tools that help keep your web-wanderings to yourself. Facebook has recently come under some scrutiny for not erasing some tracking cookies (https://nikcub.appspot.com/logging-out-of-facebook-is-not-enough), and while it's no surprise, it does remind us that the big brothers of the world are watching!

What we should be aware of is that, while such cookies make it more convenient for facebook to track you, they can do it without them! Browser fingerprinting is amazingly effect (see http://panopticlick.eff.org/), and when intelligently tied together with IP-address information, can give the big brothers an excellent idea of who it is that's pinging them and from where. That is to say, they probably know, to a disturbingly-large extent, where you've been online. If they haven't actually analyzed their logs to figure that out, they could! (Though the browser fingerprinting would require that they have more than just a typical web server log of your traffic).

CSFire and Adblock Plus with customized filters can do a great job of keeping our wanderings to ourselves (see http://albosure.blogspot.com/2011/02/block-facebook-ads-on-other-websites.html and http://albosure.blogspot.com/2010/04/plugging-privacy-leaks-with-csfire.html). But what is really needed in order to be invisible to the big brothers, but to still be able to see their content, is a selective-proxy tool that will suck down facebook, google, etc, content via proxies while on third-party sites, but plugs you in directly when you're actually browsing their sites. As it stands now, privacy requires a level of geekiness and paranoia such that only a few tenths of a percentage point of folks out there (probably even less than that) will actually go through the trouble of implementing what's necessary. We need a plugin (and some laws too). Anyone out there feel like developing it?

Thursday, February 24, 2011

Facebook is following you - here's how to stop them

I've written before about how to set up firefox to increase your privacy and security, and to keep corporate big brother from tracking your actions around the web. Now I want to step that up just a little bit.

With the previous setups I've mentioned, even if you see a facebook ad on some other website, facebook will have a difficult time knowing it's you, and knowing where the request came from. For example, let's say I visit lifehacker.com and I see a facebook ad. If I don't implement any security/privacy tools, I will send a cookie to facebook, and so facebook will know that I visit lifehacker (and which specific article I'm reading, and how often I visit, and at what times, etc - kinda scary, eh?). If, however, I implement the security precautions I lay out in my previous posts, I won't send facebook any cookies when I see their ad on lifehacker, and I won't send them a referrer string, so this makes it difficult for facebook to know just who it is that is viewing their ad.

Facebook still has at least one piece of information with which they could identify me - my IP address. (There are yet other ways they can still ID us: see EFF's Panopticlick and their paper for some awesome work on the subject). That is, as long as I'm viewing a facebook ad (and not using VPN or some proxy service such as TOR), facebook knows the IP address of the computer viewing their ad. If I'm behind a corporate firewall, with lots of other people viewing facebook and facebook ads, it will still be difficult for facebook to know who I am. If, however, I'm browsing from home or some other place where there aren't many folks viewing facebook with the same IP address, facebook has a much better chance of knowing that I'm viewing their ad, and perhaps from which site, even if I have all the other previously-mentioned privacy tools installed.

You might be asking yourself, "ok, so is there ANY way to be sure that facebook doesn't follow me around the web and build a more complete profile of me than perhaps even my best friends or spouse have?" The answer is yes, of course. If we completely block all requests to facebook when we're not on a facebook page, we'll never see the facebook ad in the first place, and facebook will never get a request from our browser when we're outside of facebook. Hence, they'll never know anything about us, except for what we explicitly tell them and do while on facebook.com itself. Here's how you do it:

First, install Ad-Block Plus in firefox or chrome if you haven't already. Go ahead and add the Easylist+Tracking filter while you're at it.

Second, click on the ad-block plus icon, then click preferences. Then click "Add Filter...", and add the following four lines, one by one
(props to Saudrapsmann and lifehacker):


||facebook.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

||facebook.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

||fbcdn.com^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net

||fbcdn.net^$domain=~facebook.com|~facebook.net|~fbcdn.com|~fbcdn.net


And that's it. For the techy interested, you can read about ad-block plus filter syntax here. In essence, the domain right after the "||" is saying which domains to block. The "domain=" option specifies which domains this rule should apply do (i.e. only apply this rule when viewing a webpage from these domains). The tilde (~) is a negation argument, and hence this rule gets applied on all pages *except* facebook.com/net/fbcdn.com/net.

It wouldn't be a horrible idea to do this for other big-brother companies such as google as well, as long as not seeing their content on other pages won't kill you.

In the future, what i'd really like to see are tools to allow such content to be delivered to the browser, but through a TOR-like proxy architecture. That way, the increasingly-interconnected web won't completely break, but our privacy will remain more-or-less intact.