Google's new web accelerator doubles as proxy — NOT

Reader polymorf says:

Google has just released their own web accelerator. Coming from a third world country, it has at least doubled my web browsing speed. Basically, it works by proxying all traffic, except personal/dynamic stuff, through their servers. The undocumented benefit is that, by using their accelerator service, they are unintentionally offering users an anonymous proxy. Looking through my http logs, instead of seeing my home address (In Grenada, West Indies), I see google address space

(undef.net 64.233.173.74 – –
[04/May/2005:20:05:06 -0700] "GET /favicon.ico HTTP/1.1"
200 870 "http://undef.net/~ss7/"
"Mozilla/4.0
(compatible; MSIE 6.0; Windows NT 5.1; en) Opera 8.0" )

Not only has google expidited my web browsing, but additionally given me anonymous proxying, which usually slowed down beosing by orders of magnitude.

Link.

It should be made clear, however, that the service is not an anonymizer. My colleague Cory Doctorow astutely observes:

But of course you're not anonymous to Google, which knows about your search history (if you've got cookies on), your email address (if you register for Groups, etc), your friends (if you use Orkut), your email (if you use gmail), and even has your credit card (if you use AdWords or Answers). Anonymity from everyone except Google is nice, but it's not really anonymity, given how easy it would be to subpoena information from them (everyone knows where Google is), and given how much info this allows Google to collect and correlate on you.

This is an amazing service, without a doubt — I'll use it for lightweight proxy-evasion, etc, but caveat surfer. It would be great to see Google setting up a Tor node with similar resources to this, though, and enabling some more robust anonymity.

Update Debunked. BB reader Nik says the service provides zero anonymizing benefits at all.

BB recently had a story about GWA and how it acts as a quasi anonymizer because the source address shown to the visited server is one from Google. Note that this is totally wrong since Google still passes on the clients IP address to the server via the X-HTTP-FORWARDED-FOR header which the server can easily see. More about this on my weblog: link.

I have written a test script that is linked from my post that extracts your originating IP (simple stuff). The only true anonymous proxies are those that do not pass this header on (which is a tweak in most proxy servers), do no caching what-so-ever, do not log your requests and last but not least strip out any JS/ActiveX/Java/Flash that could run on your client and send back your true IP (*catch my breath*).