Search Engine Privacy Explained

Kesch writes "Zdnet has a posted a FAQ describing the storage of personal information done by the search engines of AOL, MSN, Yahoo, and, of course, Google. They describe what information is stored, how it is stored, what laws protect it (none), how you can attempt to protect your privacy, and what Congress is doing with regards to the issue."

Nothing new

[Anonymous Coward]

They had this back in 1984: Memory holes.

If you recall, all information placed in memory holes was supposedly destroyed, but it turned out that the government actually retained every item, and they came in handy for interrogation sessions.

can you say irony?

[MellowTigger]

ZDnet uses url redirection in the links in its story. You know... the story that mentions url redirection as an unsafe practice.

Scope and Semantics

[Quirk]

Q: Let's say the Bush administration wanted to obtain a list of the names or Internet addresses of anyone who typed "how to grow marijuana" or "how to cheat on income taxes" into Google. Could that be done? Probably. If the Electronic Communications Privacy Act does not apply, all that's required is a subpoena from a prosecutor, and no prior approval from a judge is necessary. One Harvard law professor calls the subpoena power "akin to a blank check."

"The threshold rule is relevance," says Paul Ohm, the University of Colorado law professor. "Relevance has been quite broadly construed. As long as you can show that something's relevant to a case or criminal investigation, I think the litigant would have a pretty good argument."

The suggestion that relevance has been broadly construed is disturbing. The erosion of civil liberties needn't necessarily follow from the enactment of bad laws, but can, just as easily, follow from too broad an interpretation of existing laws and practices.

If the judiciary restrict the interpretation of terms like relevance to as narrow a meaning as possible there is less room for abuse, but in the present environment it's likely judges, not only in America, but in the west generally, will allow broad definitions of such terms to the detriment of civil liberties.

But wait! There's more!

[Anonymous Coward]

There's still no mention of Macromedia Flash. Flash applets are very popular on most pages nowadays. They are used for ads, interactive demos, forms and more. But, people don;t seem to realize that they are also highly effective for storing information that can and is used for tracking purposes on your computer.

Have a look at
~/macromedia/Macromedia/Flash\ Player/macromedia.com/support/flashplayer/sys

or on Windows

C:\Documents and Settings\%UserName%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

Did you know that all of that was there? Do you know what's stored in all those files? Did you know that those files are accessible by any flash applet that runs on your system and that the flash applet can and does report back to its creator?

Then of course there are the problems due to Java script. Google has one for their analytics service that's all over the web tracking everyone. It's called Urchin and it's even in this page. Just look at the source for this page and search for "urchin.js".

People don't realize that they are totally OWNED!

Re:opt out...

[Anonymous Coward]

Better yet, you could search on behalf of other, anonymous users. At least it would be a useful use of bandwidth.

Re:Just before anyone jumps down this fellows thro

[smoker2]

In the case of Google, trying to access google.com will usually force you to google.co.uk if it detects your IPs geographical origin as being in the UK.

No, not here it doesn't. You have to specifically enter google.co.uk as the address, unless they are using URL masking - which is possible as the first few results are always uk based. However, I have a gmail account so they already know where I'm located (presumably) and the first results are always paid for ad-spots anyway.

But having said that, what matters is where the end-user is located not where the page is generated (see French anti-nazi censorship story).

Re:Anyone entering dodge search terms

[Ph33r th3 g(O)at]

Right--I don't remember who said it, but someone referred to Google's search history data as a "database of intentions." It was sometime around then that I started anonymizing my access to the Internet to the extent practical. I don't want the (example) fact that I was curious about eco-terrorism to make me a suspect in a fur-vandalism case or worse sometime down the road.

Re:The GoogleWatch Guy

[Everyman]

Google Watch also runs Scroogle.org, a proxy that scrapes Google and/or Yahoo. One reply to the post says that I'm still a nut. But while I may or may not be a nut, this reply from an Anonymous Coward is wrong about the cookie. You don't need a globally-unique ID in a cookie to save the user's preferences. That is NOT the primary purpose of the cookie, but rather a convenient cover story for Google. The purpose of the cookie is so that you have a unique ID to tie together the activity of a single person who uses different IP addresses over time.

In fact, you don't even need a cookie to save preferences. All you need is a specially-crafted URL that you save as a bookmark.

Assuming that you delete your cookie constantly, or use a browser that lets you define your search engine cookie as a session cookie despite the expiration date, then the question becomes, "How do I change my IP address, which tends to be a bit too sticky for my tastes now that I'm on broadband?"

Broadband providers have different policies in different parts of the world, or even different parts of the U.S. But as someone who recently has been a Timer Warner Cable broadband subscriber, and switched to SBC/Yahoo DSL broadband, it seems to me that the key to getting a fresh IP address -- at least in San Antonio, Texas where I'm located, is to show a different network interface card MAC address to your provider.

I have two computers, and when I switch my Ethernet connection to the other computer, both the cable provider and the DSL provider tended to give me a new IP address. You have to power down the the modem and the computer while the switch is made, or else one or both might remember the old IP address and cause it to get reassigned. Before powering down your computer, clear your old IP address in that window that shows your network connection, so thatn when it powers back up it looks for a new address instead of telling the modem what address it used to have.

Yes, your service provider probably has a list of all the IP addresses you ever used, and when you used them. But it's one step more complex for the bad guys to pull together a list like this from your service provider. Without this extra step, the information from Google won't be complete.

Of course, you can use Scroogle.org for your searches and not even worry about this stuff.

Re:Take note

[Anonymous Coward]

Google actually goes a step further and also records the User-Agent string of the browser. According to MSN (on news.com.com) they don't assign IDs to people per se, that is across an extended period of time you will get assigned temporary IDs but they won't end up aggregated under one permanent ID like Google does.

As weird as it sounds, AOL and MSN might be the least invasive ones of the big four.

Support sites that protect your privacy

[mike2006]

Support sites that protect your privacy and limit government access to it. Pretty simple statement but not easy to do even with the variety of competing search engines. For example for Newslookup.com I can tell you that your search results tracking, logs and personally indentifiable information is regularly purged. There are other search engines that also make this claim however many sites use a 3rd party to display Ads. With every page display the Ad serving company will have logged the referring link from the page which includes your search term.

There are just so many levels at which you can be tracked and your private data can become public. In most cases I am against government regulation but I believe companies should be required to purge personally identifiable information along with tighter restrictions and penalities should private information be revealed.

It is likely the reverse will happen and perhaps that is an opportunity for competition where a cookie free news search engine with third party Ad serving such as Newslookup.com will benefit :)