Privacy and Search Engines

Google states its mission as to organize the world’s information and make it universally accessible and useful. Behind the stated mission there is also an unstated business goal – to gather many types of information about its users’ online activities. Google and most of the other search engines (Yahoo, Bing, Ask, AOL Search, AltaVista, Fast, Gigablast, and Netscape Search) retain search data and metadata regarding searches to log your browsing habits and build a profile of who you are and how you live your life.

You should be aware that search engines:

  • record your private information
  • store your private information
  • share your private information.

Can they do it without your permission? Yes, anytime you use one these search engines you give them consent to retain your personal data. Read through the terms of service and privacy policy for each of the search engine services you are using. Understand how they process your personal information before your give them your consent to store, share and pass your information to the third parties. Google’s Privacy Policy describes how they treat personal information when you use Google’s products and services: (http://www.google.com/privacypolicy.html)

What data is retained and stored by the search engines:
Google uses deeply linked cookies that auto renew every two years. Each of these cookies has a globally unique identifier (GUID) and can store search queries every time you search the web. Google does not delete any information from these cookies. Therefore, if a list of search terms is given, Google can produce a list of people who searched for that term, which is identified either by IP address or Google cookie value. If an IP address or Google cookie value is given, Google can also produce a list of the terms searched by the user of that IP address or cookie value.

Types of information retained:

  • Log information – When you access Google services, their servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol (IP) address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
  • Location data – Google offers location-enabled services, such as Google Maps for mobile. If you use those services, Google may receive information about your actual location (such as GPS signals sent by a mobile device) or information that can be used to approximate a location (such as a cell ID).
  • Services such as Google Toolbar and Google Web Accelerator send the uniform resource locators (URLs) of web pages that you request to Google. When you use these services, Google will receive and store the URL sent by the web sites you visit, including any personal information inserted into those URLs by the web site operator. For example, when you submit information to a web page (such as a user login ID or registration information), the operator of that web site may embed that information – including personal information – into its URL (typically, after a question mark (?) in the URL). When the URL is transmitted to Google, servers automatically store the URL, including any personal information that has been embedded after the question mark. Google does not exercise any control over these web sites or whether they embed personal information into URLs.

What you can do to protect your information

Good news! Some things are still in your control:

  1. Delete Google cookies when you close your browser or use an application like CCleaner that supports the cleaning of temporary internet files and cookies and other potentially unwanted files left by certain programs. Download it free: http://www.piriform.com/ccleaner/.
  2. Use the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript to indicate that information about the website visit should not be sent to Google Analytics. If you want to opt out, download and install the add-on for your current web browser. This add-on is available for Internet Explorer (versions 7 and 8), Google Chrome (4.x and higher), and Mozilla Firefox (3.5 and higher): http://tools.google.com/dlpage/gaoptout/.
  3. Do not use the same company as your search engine that you use for your email e.g. Google Search, Gmail instead use Google Search and Yahoo Email or MSN Email.
  4. Do not use any of these search engines companies if at all possible. Have an email account that is not associated with any of them. There are several search engines that do not track your activities:
    • Ixquick (http://www.ixquick.com/) also known as Startpage (www.startpage.com) search engine – focuses on delivering great search results with the best possible privacy. Ixquick/Startpage has the industry’s leading Privacy Policy: No recording of users’ IP addresses. No identifying cookies. No collection of personal data. No sharing personal data with third parties. Offers secure encrypted connections and a free proxy service that allows anonymous browsing of websites.
    • No personally identifiable information is required by Yippy (http://clusty.com/). This means Yippy never seeks any information related to your name, telephone number, address, or even your email address unless you request a Yippy Service where that information is required. Yippy is intended to be an anonymous service.
    • Proxify (https://proxify.us/) is a web-based anonymous proxy service which allows anyone to surf the Web privately and securely. Through Proxify, you can use websites but they cannot uniquely identify or track you. Proxify hides your IP address and our encrypted connection prevents monitoring of your network traffic.

Courtesy of Hakin9 IT Security Magazine.