> Google Privacy Enhancer performs random searches at
  > random intervals while you are (optionally) logged into
  > your Google account. This "fuzzes" your search history,
  > making it difficult for Google [..] to gather
  > information about you.

I am reminded of the classic MIT AI koan:

  > In the days when Sussman was a novice, Minsky once came
  >   to him as he sat hacking at the PDP-6.
  > "What are you doing?", asked Minsky.
  > "I am training a randomly wired neural net to play
  >   Tic-Tac-Toe" Sussman replied.
  > "Why is the net wired randomly?", asked Minsky.
  > "I do not want it to have any preconceptions of how
  >   to play", Sussman said.
  > Minsky then shut his eyes.
  > "Why do you close your eyes?", Sussman asked his teacher.
  > "So that the room will be empty."
  > At that moment, Sussman was enlightened.

If you generate random searches, then all you're doing is causing the derived profile contain inaccurate data. You'll still see Adsense ads and Amazon recommendations, but now they'll be timeshares in somalia or horse dildoes instead of anything you might be interested in.

If you trust the search provider to not lie, then a better option is to use their history opt-out (e.g. Google's is at https://history.google.com/history/). If you don't trust them, use Tor with either Incognito Mode (for Chrome and Chromium) or Private Browsing (for Firefox). The OP's link provides a false sense of security, which is worse than no security.

  > making it difficult for [..] other parties --
  > such as anyone monitoring your web traffic over the
  > wire -- to gather information about you

Google uses https, so if some third party has access to your search traffic then they've already solved a much more difficult problem than filtering out fake searches.

I agree with everything you said, but I don't think the OP's link provides a false sense of security. This is a direct quote from the link:

> This doesn't guarantee privacy or anonymity, but it should frustrate the efforts of those who would like to follow you, analyze you, and sell to you on the web.

Also, this is not a tool for everyone who wants to stay private on the web. Only tech savvy people know what GitHub is and how to use a .py file and those people are already aware of what companies out there do to track you and how to stop them and which way is efficient or not.

It doesn't, though. There is no adversary who is capable of recording search traffic but is unable to categorize searches as automated/manual with high confidence. The script defends against a category of attacker that does not exist. If you walked away from reading that page thinking installing that script improves your security profile or obscures your search history, then it has given you a false sense of security.

Right, I'm not disagreeing with you. Google can certainly find out what you've actually searched for, which makes this tool useless. But that wasn't my point. This is not a website that you go to and tells you that if you click this one big red button, it'll trick Google into thinking you've searched for things you didn't actually care about. This is a python script. People who are capable of using this tool are tech savvy people who know what Google does to track you and what ways are efficient or not to stop them from doing so. And those people are probably not naive enough to think that using this tool alone would help your privacy. But just in case they are, the author left that note I quoted in my previous comment.

> better option is to use their history opt-out

I found that Google Now recommends me stuff based on what I have searched before even though I have search history turned off.

Information (noise) inundation is a very old tactic. TrackMeNot has been around since 2006 and does the same thing, over multiple search engines, and with various customizations: https://addons.mozilla.org/en-US/firefox/addon/trackmenot/

There's probably much older tools that do the same thing, as well.

Worth noting is that Schneier is critical of the efficacy of this approach: https://www.schneier.com/blog/archives/2006/08/trackmenot_1....

Thanks for the Schneier article! That's exactly the kind of feedback I was hoping to get from people on HN. He brings up some great points.

Reminds me of a similar tactic I implemented while coding a Pinterest spam bot during my old blackhat freelance days. Had to make it browse randomly, click on pins, repin with random comments like "Wow, this looks great|interesting|fun!", even click through to the actual sites. Then, repins/likes/shares seemed totally legitimate.

Charming.

i still believe, that most of tumblr users are spam bots, talking to each other.

This was my weekend hack project. I'd be interested in hearing what people think.

As a novice to this kind of programming, I enjoyed looking at the code. Thanks!

Isn't just turning off search history (google.com/history) sufficient? or just searching in an incognito tab? Also this might mess heuristics and you'll get worse results.

Well, it depends how paranoid you are. Sites could still store history even if they say they don't. Like how people realized Facebook wasn't truly deleting your account when you asked for it.

But you make a good point about making search results worse. That's a real risk. It's the classic convenience vs. security/privacy trade off.

I see no mention of Google Sharing, which is interesting, cuz I have been using that for two or more years now. Just do not use the default googlesharing.net. The link says it is gone, but in fact is now corporately owned for what I imagine what the original intent was trying to prevent.

https://addons.mozilla.org/en-US/firefox/addon/googlesharing...

It was originally a Moxie project, I would love if he said why he stopped pushing it. Maybe it is a drop in the bucket.

http://www.thoughtcrime.org/software.html

Google deff pays more attention to not just what you search for, but also what you click on. A search (without an infobox thing) that is abandoned indicates to google you're not really that interested in that action...

the idea behind it is generally an awesome one. the problem is that google will recognize the terms, the searches without a click on a result,... and it´s any easy one to identify such simple "smoke bombs" for google. Thousands of robots are searching for things on google(e.g. all ranking monitoring tools). I guess, but that is for sure just a guess, that google will be able to filter automated tools. If you make random clicks and maybe add your random wordlist... could be helpfull.

My program does click on results on a random basis. It doesn't just search.

Any chance you could add interactive login and detect the use of 2FA?

Also, did you think about offering this as a service, using servers around the world to confuse Google even more? :-)

Those are some good thoughts. Interactive login probably wouldn't be tough. 2FA is beyond my skills, though.

Interesting idea on using worldwide servers! You could likely rig something like that with Sauce Labs or other cloud-based Selenium testing services.

Reminds me of the Firefox addon, TrackMeNot, that does this. I stopped using it at some point over the years when it was causing some problem, but it was interesting.

Love the concept and have been thinking there needs to be something out there for mobile devices for some time so quick, make an android app!

could be fun if you wantd Google (or whomever) to build a profile on you and replace the dictionary words with targeted kwds :)

Or you could attack someone's wordlist and have them flagged as a terrorist/pedophile...

Or just use DuckDuckGo ...

Exactly. Also use an email client for handling email, while using the browser with cookies self-destroyed[1] and google not whitelisted.

[1] http://www.technorms.com/26262/auto-delete-cookies-firefox-s...