Web Surfers Forced To Choose Security Or Anonymity

[Peaches]

Web Surfers Forced to Choose Security or Anonymity

Tim Greene, Network World

Sunday, August 02, 2009 10:22 AM PDT

A Google service that helps protect Internet surfers from malicious sites also gathers data about browsing activities that users are trying to keep secret, a researcher told attendees at the Black Hat security conference last week in Las Vegas.

Take our quiz on Black Hat's most notorious incidents

Google Safe, a database service that warns Internet users when they are about to enter infected pages, marks browsers so the users can be identified even if they proxy all their traffic through another IP address, says Robert Hansen, CEO of Internet security firm SecTheory. "It's a privacy-security tradeoff," Hansen says.

Firefox and Chrome browsers are both susceptible to the problem, he says. Others may be as well, but Hansen hasn't tested them. (See "How to Plug Security Holes in Your Browser.")

Browsers routinely connect to Google Safe as often as 30 times per hour to download updated lists of sites Google has found to be dangerous. When users attempt to connect to these sites, the browsers display a warning that they are potentially unsafe so users can avoid them.

These same users might also want to mask their Internet activity by directing their traffic through proxy sites, but Google gathers data that reveals the actual machine, Hansen says.

When browsers connect to Google Safe, the service leaves a cookie in the browser. If a user subsequently turns on an anonymizing proxy, Google will have a record of that cookie resolving to two different IP addresses – its actual address and the proxy address, Hansen says.

full article pcworld - http://www.pcworld.com/businesscenter/arti..._anonymity.html