Google states its mission as to organize the world’s information and make it universally accessible and useful. Behind the stated mission there is also an unstated business goal – to gather many types of information about its users’ online activities. Google and most of the other search engines (Yahoo, Bing, Ask, AOL Search, AltaVista, Fast, Gigablast, and Netscape Search) retain search data and metadata regarding searches to log your browsing habits and build a profile of who you are and how you live your life.
You should be aware that search engines:
- record your private information
- store your private information
- share your private information.
What data is retained and stored by the search engines:
Google uses deeply linked cookies that auto renew every two years. Each of these cookies has a globally unique identifier (GUID) and can store search queries every time you search the web. Google does not delete any information from these cookies. Therefore, if a list of search terms is given, Google can produce a list of people who searched for that term, which is identified either by IP address or Google cookie value. If an IP address or Google cookie value is given, Google can also produce a list of the terms searched by the user of that IP address or cookie value.
Types of information retained:
- Log information – When you access Google services, their servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol (IP) address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
- Location data – Google offers location-enabled services, such as Google Maps for mobile. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).
- Services such as Google Toolbar and Google Web Accelerator send the uniform resource locators (URLs) of web pages that you request to Google. When you use these services, Google will receive and store the URL sent by the web sites you visit, including any personal information inserted into those URLs by the web site operator. For example, when you submit information to a web page (such as a user login ID or registration information), the operator of that web site may embed that information – including personal information – into its URL (typically, after a question mark (?) in the URL). When the URL is transmitted to Google, servers automatically store the URL, including any personal information that has been embedded after the question mark. Google does not exercise any control over these web sites or whether they embed personal information into URLs.
What you can do to protect your information
Good news! Some things are still in your control:
- Delete Google cookies when you close your browser or use an application like CCleaner that supports the cleaning of temporary internet files and cookies and other potentially unwanted files left by certain programs. Download it free: http://www.piriform.com/ccleaner/.
- Do not use the same company as your search engine that you use for your email e.g. Google Search, Gmail instead use Google Search and Yahoo Email or MSN Email.
- Do not use any of these search engines companies if at all possible. Have an email account that is not associated with any of them. There are several search engines that do not track your activities:
- No personally identifiable information is required by Yippy (http://clusty.com/). This means Yippy never seeks any information related to your name, telephone number, address, or even your email address unless you request a Yippy Service where that information is required. Yippy is intended to be an anonymous service.
- Proxify (https://proxify.us/) is a web-based anonymous proxy service which allows anyone to surf the Web privately and securely. Through Proxify, you can use websites but they cannot uniquely identify or track you. Proxify hides your IP address and our encrypted connection prevents monitoring of your network traffic.
Courtesy of Hakin9 IT Security Magazine.
Last Modified: October 15, 2010