Eclectic paper: SEcure GOogle DOCumentS

Two days from an important Google announcement, privacy awareness is steadily increasing in the media. The old mantra that "despotic governments might use your data in unexpected way" sounds more real than last week, and recent movies ring different bells in our heads.

That event has prodded me to (finally!) blog about yet another eclectic paper of mine, co-authored with my old friend Gabriele D'Angelo, and which I'm going to present at the forthcoming ACM SAC conference. The paper is titled Content Cloaking: Preserving Privacy with Google Docs and other Web Applications and poses (again) a rather simple question: why should you trust Google to faithfully store your Google Docs data? What if roles in the recent Google-vs-China issue were inverted?

The proposed solution (Content Cloaking) then simply implements transparent encryption and decryption in the payload which is sent back and forth between your browser and the Docs backend. Trying to access your Docs data without a decryption layer and the needed key will then just show garbage, for both humans and Google harvesters. Of course you lose something, like full text search which is performed server-side by Google, but at least you're back in charge again: it is you who decides to which extent trading-off your privacy with offered services.

A proof-of-concept implementation is provided (and of course is free software!) as an extension for the Firefox browser, but is now out of date wrt Firefox mainline and was not really production ready anyhow (let's say it was master-thesis-implementation-quality ...). Still we, the authors, stand behind the idea even if we don't have the energy to maintain a production-quality implementation.

So, Dear LazyWeb, If you are interested in the topic and you've development cycles to spare, please drop me a mail and I'll be happy to point you to all needed details to resurrect the implementation (or create one from scratch, which should be pretty easy and quick if you're familiar with extension development).