TrackMeNot Firefox Extension Obfuscates Your Search History

As concerns about the privacy of one’s search engine history steadily increase, various solutions have been offered to help avoid the wholesale surveillance and aggregation of one’s search queries. While most solutions rely on attempts to cloak one’s IP address, a new solution instead relies on obfuscation: TrackMeNot.

Developed by Daniel Howe and Helen Nissenbaum, TrackMeNot (TMN) is a Firefox extension (download here) that protects against search data profiling by issuing randomized queries to popular search-engines with fake data:

TrackMeNot runs in Firefox as a low-priority background process that periodically issues randomized search-queries to popular search engines, e.g., AOL, Yahoo!, Google, and MSN. It hides users’ actual search trails in a cloud of indistinguishable ‘ghost’ queries, making it difficult, if not impossible, to aggregate such data into accurate or identifying user profiles.

The extension’s log reveals some of the ‘ghost’ queries sent to the search engines:

[QUERY] engine=google | query=’followups heartbeat’ | 200 | Mon, 21 Aug 2006 19:46:20 GMT
[QUERY] engine=yahoo | query=’toasts deckles’ | 200 | Mon, 21 Aug 2006 19:46:23 GMT
[QUERY] engine=msn | query=’verbiages jaggies’ | 200 | Mon, 21 Aug 2006 19:46:32 GMT
[QUERY] engine=google | query=’copper wabbits’ | 200 | Mon, 21 Aug 2006 19:46:36 GMT
[QUERY] engine=aol | query=’abbrev syncs’ | 200 | Mon, 21 Aug 2006 19:46:45 GMT
[QUERY] engine=aol | query=’shebangs BLT’ | 200 | Mon, 21 Aug 2006 19:46:48 GMT
[QUERY] engine=google | query=’happily crayola’ | 200 | Mon, 21 Aug 2006 19:46:58 GMT
[QUERY] engine=google | query=’bounces blasted’ | 200 | Mon, 21 Aug 2006 19:47:01 GMT
[QUERY] engine=google | query=’daemons incantation’ | 200 | Mon, 21 Aug 2006 19:47:10 GMT
[QUERY] engine=aol | query=’demons gotchas’ | 200 | Mon, 21 Aug 2006 19:47:14 GMT
[QUERY] engine=google | query=’parsed slop’ | 200 | Mon, 21 Aug 2006 19:47:23 GMT
[QUERY] engine=yahoo | query=’grinds replicator’ | 200 | Mon, 21 Aug 2006 19:47:26 GMT
[QUERY] engine=msn | query=’leech stores’ | 200 | Mon, 21 Aug 2006 19:47:35 GMT
[QUERY] engine=google | query=’cookie boinking’ | 200 | Mon, 21 Aug 2006 19:47:39 GMT
[QUERY] engine=msn | query=’sidecar fudge’ | 200 | Mon, 21 Aug 2006 19:47:48 GMT
[QUERY] engine=aol | query=’ticks VAXes’ | 200 | Mon, 21 Aug 2006 19:47:51 GMT
[QUERY] engine=aol | query=’alt bits’ | 200 | Mon, 21 Aug 2006 19:48:00 GMT
[QUERY] engine=yahoo | query=’trapping paywares’ | 200 | Mon, 21 Aug 2006 19:48:04 GMT

A comment at BoingBoing notes that the size of the dictionary used by TMN is limited, and the two-word structure of the ghost queries (coupled with the fact that no clicked results are ever recorded) might make it easy for the techies at Google to filter the noise TMN is meant to introduce. Good points. In fact, the developers of TMN have been concerned with the limitations of the word list throughout the development of this tool (I know them both; in fact, Helen Nissenbaum is the chair of my dissertation committee). While the current word list allows for over 3 million different combinations, I’ve been told by the developers that “future versions will include a much larger (server-side) database of terms, dynamically queried by TMN during its operation.” That’s a good step towards making this important tool even more powerful.

(BTW, I was hoping Daniel Howe could demo TMN and present the underlying philosophy behind creating such a tool at the “Identity and Identification in a Networked World” symposium I’m co-organizing at NYU this fall. Unfortunately, other commitments will prevent Daniel’s attendance, but Helen Nissenbaum will be on hand to demo and discuss the tool in his absence.)

UPDATE: Bruce Scheier provides critical feedback here, and there is additional discussion at Google Blogoscoped and at Digg.

UPDATE 2: A new version of TrackMeNot has been released. New features include:

• User-configurable query lists (see TMN->Options)
• Randomized query-lengths (1-6 words per query)
• Larger word list with ‘actual’ search terms
• Better randomization of query scheduling
• Now compatible with Firefox 1.5 – 2.0
• Interface improvements

UPDATE 3: TrackMeNot was featured on American Public Media’s Future Tense radio show. You can listen to the segment, including an interview with co-creator Helen Nissenbaum, here (mp3).