Why does Google +1 record my mouse movements?
JavascriptPrivacyMousemoveGoogle Plus-OneData ProtectionJavascript Problem Overview
This is only on pages with a Google +1 box on my website:
It seems to be firing off an event on every mouse move. Anyone know what it is doing? I searched on Google (perhaps I should try Bing for once on this one!) but no one seems to have written about it. Is it recording information about my visitors browsing habits? Is it some sort of CAPTCHA to detect human like behviour?
Example URL, press F12 in chrome, go to timeline and press record, then move your mouse around this page (it plus ones this question, don't worry):
For what it's worth (I can see this is going to be a popular question), I don't think there is anything sinister behind it, it might even be a useless artifact/bug, but if it is doing some sort of tracking, well, it seems a little deceptive to me.
Google +1 privacy policy
http://www.google.com/intl/en/privacy/plusone/
> Google +1 Button Privacy Policy > > June 28, 2011 > > The Google Privacy Policy describes how we treat personal information > when you use Google’s products and services, including information > provided when you use the Google +1 button. In addition, the following > describes our additional privacy practices specific to your use of the > +1 button. > > Information we collect and how it is shared > > The Google +1 button is a way for you to share information publicly > with the world. The Google +1 button helps you and others receive > personalized content from Google and our partners. The fact that you > +1’d something will be recorded by Google, along with information about the page you were viewing when you clicked on the +1 button. > Your +1’s may appear to others as an annotation with your profile name > and photo in Google services (such as in search results or on your > Google Profile) or elsewhere on websites and ads on the Internet. > > We will record information about your +1 activity in order to provide > you and other users with a better experience on Google services. > > In order to use the Google +1 button, you need to have a public Google > Profile visible to the world, which at a minimum includes the name you > chose for the profile. That name will be used across Google services > and in some cases it may replace another name you’ve used when sharing > content under your Google Account. We may display your Google Profile > identity to people who have your email address or other identifying > information. > > Use of the collected information > > In addition to the above-described uses, the information you provide > to us is used subject to our main Google Privacy Policy. > > We may share aggregate statistics related to users’ +1 activity with > the public, our users, and partners, such as publishers, advertisers, > or connected sites. For example, we may tell a publisher that “10% of > the people who +1’d this page are in Tacoma, Washington.” > > Your choices > > You may view the list of items you have +1’d on the +1 tab on your > Profile. You can remove individual items from that list. > > You may opt out of seeing +1 recommendations on third-party websites > (including on ads on third-party sites) from people you know. > > We will store data (such as your recent +1’s) locally in your browser. > You may be able to access and clear this information in your browser > settings. > > More information > > Google adheres to the U.S. Safe Harbor privacy principles. For more > information about the Safe Harbor framework or our registration, see > the Department of Commerce’s website.
Javascript Solutions
Solution 1 - Javascript
It appears to be seeding a random number generator with your mouse movements.
The mouse move handler itself does something along the lines of the following:
var b = ((event.X << 16) + event.Y) * (new Date().getTime() % 1000000);
c = c * b % d;
if (previousMouseMoveHandler) previousMouseMoveHandler.call(arguments);
d is (screen.width * screen.width + screen.height) * 1000000, and c is a variable that starts out as 1.
All of this is wrapped in the scope of an anonymous function, which itself is immediately evaluated to return a function that is assigned to a property named "random". That returned function looks something like this:
var b = c;
b += parseInt(hash.substr(0,20), 16);
hash = MD5(hash);
return b / (d + Math.pow(16, 20));
hash, BTW, is a variable that starts out as the MD5 hash of the page's cookies, location, the new Date().getTime(), and Math.random().
(Note, of course, that Google may change the script returned at any time and hence invalidate this analysis)
Solution 2 - Javascript
The actual code that is being executed is derived from the Shindig code found here:
A secure random number is needed to ensure that the secure postMessage channel created here cannot be compromised by scripts on the page to execute arbitrary actions.
Here's an article that explains why using Math.random() is bad:
Solution 3 - Javascript
If you can get your script loaded first, you could hook addEventListener and log everyone who is setting addEventListener and see who's doing it and then, by looking at the relevant code, see what they're doing.
Put this in place before the Google code loads:
var oldListener = document.addEventListener;
document.addEventListener = function(type, listener, capture) {
if (type == "mousedown" || type == "mouseup" || type == "mousemove") {
console.log("type=" + type + " listener=" + listener.toString().slice(0, 80));
}
return (oldListener.apply(this, arguments));
}
To see what was listening to window.onmousemove, you'd have to do it afterwards because it's just a variable assignment, not a function that you can intercept. So sometimes after the initialization code of the page runs, you would do this to log what was hooked up to it:
if (window.onmousemove) {
console.log(window.onmousemove.toString().slice(0,80));
}
Solution 4 - Javascript
In the uncluttered code as of Jul 22, you'll notice the onmousemove is part of the Gb.random class:
Gb.random = function () {
function a(a) {
var b = Jb();
b.update(a);
return b.ib()
}
var b = la.random(),
c = 1,
d = (screen[za] * screen[za] + screen[J]) * 1E6,
e = i.onmousemove || Db();
i.onmousemove = function (a) {
if (i.event) a = i.event;
var b = a.screenX + a.clientX << 16;
b += a.screenY + a.clientY;
b *= (new Date)[Ta]() % 1E6;
c = c * b % d;
return e[G](i, ka[x][Aa][G](arguments))
};
var f = a(k.cookie + "|" + k[B] + "|" + (new Date)[Ta]() + "|" + b);
return function () {
var b = c;
b += ia(f[cb](0, 20), 16);
f = a(f);
return b / (d + la.pow(16, 20))
}
}();
It's multiplying sum of x and y by 2^16 using bitshift, then adding some other dimensions and multiplying all this by time in milliseconds mod 1000000. This definitely looks like a randomizing algorithm.
I'm not sure why the page would need something like this, perhaps it's using a cookie, preventing automated +1 clicking? When you click the "+1" the login screen that pops up appears to have a random number appended as the hash, the url ends with "&hl=en-US#RANDOMNUMBER"
Solution 5 - Javascript
I bet you its "In-Page Analytics" Beta. Making a cursor and click heat-map.
Solution 6 - Javascript
I think that the paper by Guo and Agichtein from CHI 2010 http://www.mathcs.emory.edu/~qguo3/wip287-guo11.pdf can provide further ideas on why Google is doing that.
Apparently mouse movements is a rough proxy for eye movement and allows people to approximate eye tracking results.
Solution 7 - Javascript
They probably use it to measure how quickly users move from one UI item to another, how often clicks miss etc.
I normally have a deeply cynical view of invasive features but I don't think this is a privacy risk. It's shocking because it's so unusually fine-grained, but it's not very revealing. Does your mouse movement encode bank details? Porn?
Google and the like have plenty of high-quality data to track you with. Mouse coordinates have very limited application.
To go off-topic a bit:
To an extent, the more data you collect about people the more problems you have. I hear (from Schneier and the like) that intelligence agencies are suffering from the huge numbers of false positives triggered by their ever-accelerating data aquisition -- the signal-to-noise ratio is abysmal. I find this somewhat amusing.
Solution 8 - Javascript
It's impossible to tell for certain, what Google does with this mouse movement data. As you can see yourself, it's not returning loads and loads of information back to the server, therefore, nothing to worry about.
The first is probably a generic event handler. Reason why I think that is if you read the source, you can see that on the line before there is throw Error("Invalid listener argument"); and next or one after the next there's throw Error("Invalid event type"). Since the fired line is in between these two (event related) exceptions, I'm pretty sure that it's some kind of an event handler. Using debugger, it doesn't do anything really (doesn't jump to some other function) so it seems that it's there for future implementation.
The second function is identical to the first one. Since it's gTalk's I suppose it updates your status (away, online etc).
The third seems to be content updater or something similar, since you can see strings like cacheTimeout etc scattered around it.
My 2 cents.
Solution 9 - Javascript
this is really beyond from far fetched, but here it goes anyway ...
it revolves around the type of trajectory & curvature of a mousemovement from a start point towards different attractors take i.e. 2 items/links on a page.
http://sciencestage.com/v/26698/dynamics-and-embodiment-in-language-comprehension.html
in short, if you put two competing links/buttons and analyze the trajectory towards one of those links, you can deduce a pattern or how you reached the decision to click only 1 of those links (see vid around 13:00)