Short Bytes: Our innocent habit of copy-paste is reflected when we send the URLs of search pages as some reference to our friends. But, it comes with the risks of exposing your previous searches, if done carelessly. Read the post to know the risk involved and how to avoid it.
To my surprise, it’s possible that this could’ve revealed my previous searches to the receiver – and it’s something that’s horrifying.
Jeremy Rubin, the co-founder of the MIT Digital Currency Initiative, outlines a big blunder Google is committing and violating our privacy. On Medium, he explains how his friend sent him a link to a page of search results, and before he arrived at the intended page, he briefly saw another page of search results.
So, what’s actually happening here?
Okay, let’s ask me you to do some simple steps to reproduce the issue we are discussing here:
- Open Google Chrome or Firefox browser.
- In the address bar, search, for example “viralnews by fossbytes”.
- Now from the search page, search “fossbytes”.
- With the intention of sending this search page to a friend, or us, copy the URL at the top.
- Before pasting it somewhere, look at the copied URL closely, it has both the searches “some random search 1” and “fossbytes” in the URL query string.
Till now, you would have understood the risk we are trying to address. If you don’t read the entire search string before forwarding to your friends or family, you might embarrass yourself in front of them.
Jeremy also brought into the light a possible and generic phishing attack with an email asking for some specific results from a country “XYZ”.
In such situations, it’s very harmless and easy to blame the user, calling her responsible as she copied and pasted the URL carelessly. However, she didn’t expect that simple copy-paste and a simple URL would be unsafe to share. Jeremy continues, “…nor does it meet their real-world behavior of blindly copy-pasting URLs, especially for something like search results.”
He has disclosed this issue to Google and they have chosen to NOT fix it.
We expect Google to stop this automatic inclusion of prior search results as it’s a violation of a user’s privacy expectations.
Please double check the URLs before sending them to other people and tell the same to your friends and family.
Also read: fossBytes – Steps to Effective Security