Private Information Disclosure from Web Searches

  • Claude Castelluccia
  • Emiliano De Cristofaro
  • Daniele Perito
Part of the Lecture Notes in Computer Science book series (LNCS, volume 6205)


As the amount of personal information stored at remote service providers increases, so does the danger of data theft. When connections to remote services are made in the clear and authenticated sessions are kept using HTTP cookies, intercepting private traffic becomes easy to achieve. In this paper, we focus on the world largest service provider – Google. First, with the exception of a few services only accessible over HTTPS (e.g., Gmail), we find that many Google services are vulnerable to simple session hijacking attacks. Next, we present the Historiographer, a novel attack that reconstructs the web search history of Google users – Google’s Web History – even though this service is supposedly protected from session hijacking by a stricter access control policy. The Historiographer uses a reconstruction technique inferring search history from the personalized suggestions fed by the Google search engine. We validate our technique through experiments conducted over real network traffic and discuss possible countermeasures. Our attacks are general and not only specific to Google, and highlight privacy concerns of mixed architectures mixing secure and insecure connections.


Search Query User Agent Search History Privacy Threat Network Trace 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Tor: anonymity online,
  2. 2.
    LiveJournal, (Retrieved February 2010)
  3. 3.
    Personalized search for everyone, (Retrieved February 2010)
  4. 4.
    Privoxy, (Retrieved February 2010)
  5. 5.
    Torbutton, (Retrieved February 2010)
  6. 6.
    Bing Autosuggest, (Retrieved March 2010)
  7. 7.
    User Agent Switcher firefox plugin, (Retrieved March 2010)
  8. 8.
    Acquisti, A., et al.: Ensuring adequate security in Google’s cloud based services (2009),
  9. 9.
    Whitten, A. (Google): HTTPS security for web application (2009),
  10. 10.
    Barbaro, M., Zeller, T.: A face is exposed for AOL searcher no. 4417749. New York Times 9, 2008 (2006)Google Scholar
  11. 11.
    Castelluccia, C., De, E., Perito, D.: The historiographer reloaded. Technical report, INRIA (May 2010)Google Scholar
  12. 12.
    Cellan-Jones, R.: Web creator rejects net tracking (2008),
  13. 13.
    Chen, S., Wang, R., Wang, X., Zhang, K.: Side-Channel Leaks in Web Applications: a Reality Today, a Challenge Tomorrow. In: IEEE Security and Privacy Symposium 2010 (2010)Google Scholar
  14. 14.
    Conti, G.: Googling considered harmful. In: Workshop on New Security Paradigms, pp. 76–85 (2006)Google Scholar
  15. 15.
    Conti, G.: Googling Security: How Much Does Google Know About You? Addison-Wesley, Reading (2009)Google Scholar
  16. 16.
    Conti, G., Sobiesk, E.: An honest man has nothing to fear: user perceptions on web-based information disclosure. In: SOUPS 2007, pp. 112–121 (2007)Google Scholar
  17. 17.
    Farkas, C., Jajodia, S.: The inference problem: a survey. ACM SIGKDD Explorations Newsletter 4(2), 6–11 (2002)CrossRefGoogle Scholar
  18. 18.
    Ginsberg, J., Mohebbi, M., Patel, R., Brammer, L., Smolinski, M., Brilliant, L.: Detecting influenza epidemics using search engine query data. Nature 457(7232), 1012–1014 (2008)CrossRefGoogle Scholar
  19. 19.
  20. 20.
    Howe, D., Nissenbaum, H.: TrackMeNot (2008),
  21. 21.
    Garrett, J.J.: Ajax: A New Approach to Web Applications (2005),
  22. 22.
    Kristol, D., Montulli, L.: RFC2109: HTTP State Management Mechanism. IETF (1997)Google Scholar
  23. 23.
    Kristol, D., Montulli, L.: RFC2965: HTTP State Management Mechanism. IETF (2000)Google Scholar
  24. 24.
    Perry, M.: CookieMonster: Cookie Hijacking (2008),
  25. 25.
    Robertson, J.: Internet Virus Frames Users For Child Porn (2009),
  26. 26.
    Schillace, S.: Default https access for Gmail, (Retrieved February 2010)

Copyright information

© Springer-Verlag Berlin Heidelberg 2010

Authors and Affiliations

  • Claude Castelluccia
    • 1
  • Emiliano De Cristofaro
    • 2
  • Daniele Perito
    • 1
  1. 1.INRIA Rhone-AlpesMontbonnotFrance
  2. 2.University of CaliforniaIrvine

Personalised recommendations