Tuesday, October 03, 2006

Leaking intellectual property through web search

For a while now I've been amazed how easy is to leak valuable ideas to your competitors, by doing seemingly harmless web searches when researching the potential of your ideas.

Let's say you have an "awesome idea" on a "topic". So to research that, you type it in your favorite search engine. Most of those engines (Google, Yahoo, MSN) use a web form that handles submissions through an HTTP GET method. So after you submit your search, the URL of the page holding the results will contain your search terms, e.g. "http://www.google.com/search?

Now let's assume that the search results on that page point to some of your competitors' web sites, since they too may be doing some research on the same topic. If you're clicking on any of those links you're toast, because the request sent to their web site will have a referrer header like "Referer: http://www.google.com/search?

So a simple review of their web logs would show your awesome idea. Pretty cool, huh ?

The solution for this is simple, if the search engines were to use HTTP POST to handle form submissions. In that case the URL of the referring page won't contain any search items.

Technorati tags: , , , , , ,

No comments: