Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?

Submission + - Google Toolbar Always Reports Your URLs to Google

Anonymous writes: The Google Toolbar in Firefox is sending every URL I visit to Google, even though I'm not logged in to my Google account, even though I have a web history turned off for my account, and even though I have Safe Browsing/Enhanced Protection mode turned off (hidden away in Firefox's Tools > Options > Security > "Tell me if the site I'm visiting is suspected of forgery". I can see the URL transmitted to Google with the Live HTTP Headers Firefox plugin.

This is a Privacy and Security issue. The Google privacy policy clearly states in the first bullet that the Toolbar will not transmit URLs to Google unless I explicitly tell it to.

Information we collect

        * The Google Toolbar automatically sends only standard, limited information to Google, which may be retained in Google's server logs. It does not send any information about the web pages you visit ( e.g., the URL), unless you use Toolbar's advanced features or use Safe Browsing in Enhanced Protection mode. You do not need to provide any personal information in order to download and use the Google Toolbar.

I have explicitly turned off all of these features, but it still sends URLs.

Here's an example: if I visit a web site like http://wikipedia.org/ , and Live HTTP Headers shows (some info masked):

http://toolbarqueries.google.com/search?sourceid=n avclient-ff&features=Rank&client=navclient-auto-ff &googleip=O;;146&ch=...&q=info:http%3 A%2F%2Fwikipedia.org%2F

GET /search?sourceid=navclient-ff&features=Rank&client =navclient-auto-ff&googleip=O;;146&ch =...&q=info:http%3A%2F%2Fwikipedia.org%2F HTTP/1.1
Host: toolbarqueries.google.com
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv: Gecko/20070718 Fedora/ 1.fc7 Firefox/ pango-text GoogleToolbarFF 3.0.20070525
Accept: text/xml,application/xml,application/xhtml+xml,tex t/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q= 0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: __utma=...

HTTP/1.x 200 OK
Cache-Control: private
Content-Type: text/html; charset=ISO-8859-1
Server: GWS/2.1
Transfer-Encoding: chunked
Content-Encoding: gzip
Date: Mon, 06 Aug 2007 15:32:25 GMT

Clearly, a request was sent to Google with my URL and Google accepted the request, in clear violation of their Privacy Policy. Worse yet, it sends the url in the clear! So if there is any session or security information on the URL, it is there for the world and Google to see.

My Google Toolbar, as much as I used to love it, disappears today.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

Google Toolbar Always Reports Your URLs to Google

Comments Filter:

"There is no distinctly American criminal class except Congress." -- Mark Twain