Search Engine Privacy Tips
People often view search engines as benign blank boxes to which they can pose any question they want and not suffer any consequences. Unfortunately, this is not the case. Search engines large and small typically keep logs of users' search terms, with some search engines going further and matching those terms to your computer address, your name, and other items, depending on how much information you have shared with the search engine.
Before you type your search terms into a search engine box or register for extra services at a search engine, please be aware of the potential consequences. Searches can come back to haunt you, especially if they are problematic and can be tied directly to you in some way. Here are some tips to help you enhance your Web searching privacy ranging from high protection steps to simple steps you can start to take right away, on your very next visit to a search engine.
Segregate your web searching from other activities
Search engine terms can be combined with a lot of other information now. A major case in point here is Google. In January 2012, Google announced that it was going to be combining data across all of its services. What this means to you is that if you use Google's search engine, and you have a Gmail account, and you use Google +, and you use YouTube, then all of the information streams that used to be separate will now be combined and shared across Google's business units. That's a lot of information about you in one place, and to protect your privacy, it's best to split your digital activities up so all of your digital eggs are not just in one basket.
If, for example, you like to use Google for a search engine, you can continue. But don't keep your email, search, video, and social networking all in one big happy family -- use other companies, too. If you use Facebook for your primary social network, then choose a different search engine, we like Startpage.com or Scroogle.org. There are many ways of configuring this -- the important thing is choose the services you like, and then make sure you are splitting things up between companies. Don't give all of your online life to one company. That's just too much data in one company's hands. That way, when someone comes knocking on a search engine's door for your data, they only get some of your search terms, not everything else.
For more on this, see for example, the Google transparency report that reveals requests for user's data. From January to June 2001, Google fully or partially complied with 5,950 data requests for 11,057 users, and this was just for the US. Google keeps a map of all the requests across the globe. Make no mistake: your search engine terms and other data can be requested. Mix it up and don't put all of your digital eggs in one company's basket.
Watch what you search for
Avoid using terms that include your full legal name attached to any information that you don't want associated with it. For example, searching for your full name and your full Social Security number (or ID card number) within one query is not optimal. If you have conducted this search, then your name and your SSN will appear together in the search string, and may be stored for a long time by the search engine.
For example, if you search for " Jane Doe 123-45-6789" at Google, the search string will look like this:
Jane Doe's name and SSN are both in the search string, so this is a search that you won't want to be conducting because it leaves behind too much information about you.
Many individuals conduct this kind of search in order to make sure that their name and SSN does not appear somewhere on the Web. It is actually a good idea to look for this information, and people have discovered security breaches using this kind of search. But it is better to conduct this search with just your name and only the last 4 digits of your SSN. This abbreviated search will retrieve the same information, and in the process you will keep your information safer.
So, before you search, think. Other people may someday see those search terms. In 2006, AOL released about 20 million search queries of over 500,000 of its users.  Those queries were put on the web. Reporters for the New York Times were able to identify a user from the search queries; others have also been able to identify users.  In 2005, the U.S. Department of Justice subpoenaed Google, Yahoo, MSN, and AOL for tens of millions of users' search queries. Google successfully fought the request, and was able to limit its disclosure, but it is unknown how much data other companies may have turned over. 
Special note about passwords and user names:
Do not type passwords or user names into search engines. If there is a security breach that allows your data to be released to others, these passwords and user names can potentially be used to identify you, or even potentially cause some mischief. If you have already typed your favorite passwords or user names into a search engine, it is a good idea to change your passwords and user names.
Consider using an anonymizing tool or a proxy
The simplest way to disassociate yourself from your search terms is to use an anonymizing tool. There are free services available that allow you to use the Web without revealing your computer address, and there are also pay services. If you have a particularly sensitive search term you want to type in, or if you simply want to ensure that your searches are not attached to your computer's Internet address, you may want to consider using one of these services.
You may not realize it, but your computer discloses a lot of information as you traverse the Web. To see your computer or IP address and the kind of information your computer is disclosing, visit IP ID at http://ipid.shat.net. Your computer's address is just a series of numbers, but those numbers can be tied to you through a series of steps. Do you remember the RIAA lawsuits over music filesharing? The RIAA first found users' IP or computer address, then went to Internet Service Providers to find out what specific customer that address belonged to. These same steps can be applied to searches you conduct at search engines, unless you take steps to mask your computer's address.
You can read more about proxy servers and find lists of anonymous proxies at http://www.anonymitychecker.com. If you would like to try one of the anonymous proxies on the anonymitychecker list, please be aware of one caution: do not use a proxy found on this list (or any other list) to send a password or to conduct online banking. While an anonymous proxy can shield your computer's address from search engines, unless you are sure of the source of the proxy server, then don't trust the proxy with passwords or sensitive financial data.
One search engine we have found that to date keeps minimal logs is Ixquick.com. Ixquick.com deletes IP addresses after 48 hours, and is also the first search engine to be awarded the European Privacy Seal (EuroPriSe).
General Tips for Using Search Engines
These following tips are small steps that will not completely protect you from all search engine privacy issues, but they can potentially help you make incremental improvements. If you find the idea of using a proxy or an anonymizing service to be too much, then start with one or more of these tips.
It is challenging to achieve 100 percent privacy 100 percent of the time when using search engines due to the large amount of information the search engines collect. It's better to think in terms of reaching achievable, sustainable privacy goals.
Instead of trying to remain anonymous on a search engine 100 percent of the time, aim for staying anonymous some or most of the time. You may not have time one morning to surf anonymously through TOR or Anonymizer. When that happens, aim to use a variety of search engines with cookies turned off so that at least you aren't creating an unbroken trail at one search engine. In short, find the balance that works for you, but at least work to add privacy in to your search routine in some way.
And finally, this tipsheet has not considered your personal computing hygiene. You should regularly reset and clear your Web browser history, and remove search engine searches that are stored in the browser. You can find the tools do accomplish this in the menu of your Web browser. In the Safari menu, you can choose "Reset Safari," which will specifically clear cookies and Google search entries stored in your local machine. In Firefox preferences, you can click a button to "Clear all information stored while browsing."
As you browse the Web and conduct searches, keep in mind that those search terms are not merely floating into nothingness. In reality, they are being stored somewhere, and may be stored for a long time. Also, when possible, use an HTTPS connection, or secure connection, when you are using the web just as a general matter, if possible. Working to prevent privacy problems in the here and now is preferable to trying to clean up privacy problems after the fact.
 Saul Hansell, "AOL Removes Search Data on Vast Group of Web Users," New York Times, August 8, 2006.
 Michael Barbaro and Tom Zeller Jr., "A Face Is Exposed for AOL Searcher No. 4417749," New York Times, August 9, 2006.
 Katie Hafner and Matt Richtel, "U.S. Is Pressing Google for Data on Searches," New York Times, January 20, 2006.
Author: Pam Dixon
Updated February 2012, March 2011, July 14 2008, July 8 2008, January 4, 2008, August 17, 2006; January 31, 2006. Posted January 20, 2006.
|© WORLD PRIVACY FORUM | CONTACT | RESOURCES|