

Show HN: Google Privacy Enhancer – "smoke bombs" your search history - RelaxTheresTime
https://github.com/aaronshaver/GooglePrivacyEnhancer

======
jmillikin

      > Google Privacy Enhancer performs random searches at
      > random intervals while you are (optionally) logged into
      > your Google account. This "fuzzes" your search history,
      > making it difficult for Google [..] to gather
      > information about you.
    

I am reminded of the classic MIT AI koan:

    
    
      > In the days when Sussman was a novice, Minsky once came
      >   to him as he sat hacking at the PDP-6.
      > "What are you doing?", asked Minsky.
      > "I am training a randomly wired neural net to play
      >   Tic-Tac-Toe" Sussman replied.
      > "Why is the net wired randomly?", asked Minsky.
      > "I do not want it to have any preconceptions of how
      >   to play", Sussman said.
      > Minsky then shut his eyes.
      > "Why do you close your eyes?", Sussman asked his teacher.
      > "So that the room will be empty."
      > At that moment, Sussman was enlightened.
    

If you generate random searches, then all you're doing is causing the derived
profile contain inaccurate data. You'll still see Adsense ads and Amazon
recommendations, but now they'll be timeshares in somalia or horse dildoes
instead of anything you might be interested in.

If you trust the search provider to not lie, then a better option is to use
their history opt-out (e.g. Google's is at
[https://history.google.com/history/](https://history.google.com/history/)).
If you don't trust them, use Tor with either Incognito Mode (for Chrome and
Chromium) or Private Browsing (for Firefox). The OP's link provides a false
sense of security, which is worse than no security.

    
    
      > making it difficult for [..] other parties --
      > such as anyone monitoring your web traffic over the
      > wire -- to gather information about you
    

Google uses https, so if some third party has access to your search traffic
then they've already solved a much more difficult problem than filtering out
fake searches.

~~~
dombili
I agree with everything you said, but I don't think the OP's link provides a
false sense of security. This is a direct quote from the link:

> _This doesn 't guarantee privacy or anonymity_, but it should frustrate the
> efforts of those who would like to follow you, analyze you, and sell to you
> on the web.

Also, this is not a tool for everyone who wants to stay private on the web.
Only tech savvy people know what GitHub is and how to use a .py file and those
people are already aware of what companies out there do to track you and how
to stop them and which way is efficient or not.

~~~
jmillikin
It doesn't, though. There is no adversary who is capable of recording search
traffic but is unable to categorize searches as automated/manual with high
confidence. The script defends against a category of attacker that does not
exist. If you walked away from reading that page thinking installing that
script improves your security profile or obscures your search history, then it
has given you a false sense of security.

~~~
dombili
Right, I'm not disagreeing with you. Google can certainly find out what you've
actually searched for, which makes this tool useless. But that wasn't my
point. This is not a website that you go to and tells you that if you click
this one big red button, it'll trick Google into thinking you've searched for
things you didn't actually care about. This is a python script. People who are
capable of using this tool are tech savvy people who know what Google does to
track you and what ways are efficient or not to stop them from doing so. And
those people are probably not naive enough to think that using this tool alone
would help your privacy. But just in case they are, the author left that note
I quoted in my previous comment.

------
notduncansmith
Reminds me of a similar tactic I implemented while coding a Pinterest spam bot
during my old blackhat freelance days. Had to make it browse randomly, click
on pins, repin with random comments like "Wow, this looks
great|interesting|fun!", even click through to the actual sites. Then,
repins/likes/shares seemed totally legitimate.

~~~
devb
Charming.

~~~
axx
i still believe, that most of tumblr users are spam bots, talking to each
other.

------
RelaxTheresTime
This was my weekend hack project. I'd be interested in hearing what people
think.

~~~
analog31
As a novice to this kind of programming, I enjoyed looking at the code.
Thanks!

------
dbjones
Isn't just turning off search history (google.com/history) sufficient? or just
searching in an incognito tab? Also this might mess heuristics and you'll get
worse results.

~~~
RelaxTheresTime
Well, it depends how paranoid you are. Sites could still store history even if
they say they don't. Like how people realized Facebook wasn't truly deleting
your account when you asked for it.

But you make a good point about making search results worse. That's a real
risk. It's the classic convenience vs. security/privacy trade off.

------
616c
I see no mention of Google Sharing, which is interesting, cuz I have been
using that for two or more years now. Just do not use the default
googlesharing.net. The link says it is gone, but in fact is now corporately
owned for what I imagine what the original intent was trying to prevent.

[https://addons.mozilla.org/en-
US/firefox/addon/googlesharing...](https://addons.mozilla.org/en-
US/firefox/addon/googlesharing/reviews/500575/)

It was originally a Moxie project, I would love if he said why he stopped
pushing it. Maybe it is a drop in the bucket.

[http://www.thoughtcrime.org/software.html](http://www.thoughtcrime.org/software.html)

------
arb99
Google deff pays more attention to not just what you search for, but also what
you click on. A search (without an infobox thing) that is abandoned indicates
to google you're not really that interested in that action...

------
vezzy-fnord
Information (noise) inundation is a very old tactic. TrackMeNot has been
around since 2006 and does the same thing, over multiple search engines, and
with various customizations: [https://addons.mozilla.org/en-
US/firefox/addon/trackmenot/](https://addons.mozilla.org/en-
US/firefox/addon/trackmenot/)

There's probably much older tools that do the same thing, as well.

Worth noting is that Schneier is critical of the efficacy of this approach:
[https://www.schneier.com/blog/archives/2006/08/trackmenot_1....](https://www.schneier.com/blog/archives/2006/08/trackmenot_1.html)

~~~
RelaxTheresTime
Thanks for the Schneier article! That's exactly the kind of feedback I was
hoping to get from people on HN. He brings up some great points.

------
mobiplayer
Any chance you could add interactive login and detect the use of 2FA?

Also, did you think about offering this as a service, using servers around the
world to confuse Google even more? :-)

~~~
RelaxTheresTime
Those are some good thoughts. Interactive login probably wouldn't be tough.
2FA is beyond my skills, though.

Interesting idea on using worldwide servers! You could likely rig something
like that with Sauce Labs or other cloud-based Selenium testing services.

------
wusatiuk
the idea behind it is generally an awesome one. the problem is that google
will recognize the terms, the searches without a click on a result,... and
it´s any easy one to identify such simple "smoke bombs" for google. Thousands
of robots are searching for things on google(e.g. all ranking monitoring
tools). I guess, but that is for sure just a guess, that google will be able
to filter automated tools. If you make random clicks and maybe add your random
wordlist... could be helpfull.

~~~
RelaxTheresTime
My program does click on results on a random basis. It doesn't just search.

------
blueskin_
Reminds me of the Firefox addon, TrackMeNot, that does this. I stopped using
it at some point over the years when it was causing some problem, but it was
interesting.

------
chayesfss
Love the concept and have been thinking there needs to be something out there
for mobile devices for some time so quick, make an android app!

------
BorisMelnik
could be fun if you _wantd_ Google (or whomever) to build a profile on you and
replace the dictionary words with targeted kwds :)

~~~
w00kie
Or you could attack someone's wordlist and have them flagged as a
terrorist/pedophile...

------
ozh
Or just use DuckDuckGo ...

~~~
simgidacav
Exactly. Also use an email client for handling email, while using the browser
with cookies self-destroyed[1] and google _not_ whitelisted.

[1] [http://www.technorms.com/26262/auto-delete-cookies-
firefox-s...](http://www.technorms.com/26262/auto-delete-cookies-firefox-
selfdestruct-cookies)

