Google Toolbar raises privacy concerns
More privacy woes for Google as its Toolbar doesn't seem to shut off when it's told to.
A privacy flaw in Google Toolbar was highlighted by a researcher this week, who claimed that the add-on for Internet Explorer and Firefox continued tracking users even after it had been disabled.
Harvard assistant professor and spyware researcher Benjamin Edelman discovered the flaw last week. After opting out, the application continues to transmit browsing history back to Google servers, he said on his blog.
"Although I had asked that the Google Toolbar be disable[d] ... for this window' and although the Google Toolbar disappeared from view, my network monitor revealed that Google Toolbar continued to transmit my browsing to its toolbarqueries.google.com server," said Edelman, who serves as co-council in unrelated litigation against Google and has been a consultant for some of Google's competitors.
While the flaw raises privacy concerns, it only happens in very specific situations.
First, the user must have activated the enhanced options features which include Sidewiki and PageRank.
The Google Toolbar welcome window reads: "For enhanced Toolbar features to work, Toolbar has to tell us what site you're visiting by sending Google the URL."
Edelman argued this description falls short. "For one, Enhanced Features transmits not just sites' but specific full URLs, including directories, filenames, URL parameters, and search keywords," he said.
Second, the glitch is only found when users "disable Google Toolbar only for this window," Edelman said. Google acknowledged the problem, but emphasised the conditions that must be in place.
"To be clear, this is only an issue until a user restarts the browser and it only affects the currently open tabs for a small number of users," a Google spokesperson said in an emailed statement.
Edelman disagreed. "The entire purpose of this option is to take effect immediately," he said. "Indeed, it would be nonsense for this option to take effect only upon a browser restart."
Since the report was released earlier this week, Google has updated its Toolbar. A fix that does not require a browser restart is available from www.google.com/toolbar.
Managing security risk and compliance in a challenging landscape
How key technology partners grow with your organisationDownload now
Evaluate your order-to-cash process
15 recommended metrics to benchmark your O2C operationsDownload now
AI 360: Hold, fold, or double down?
How AI can benefit your businessDownload now
Getting started with Azure Red Hat OpenShift
A developer’s guide to improving application building and deployment capabilitiesDownload now