.

door image
 

 

Search Engine Privacy Tips

 

People often view search engines as benign blank boxes to which they can pose any question they want and not suffer any consequences. Unfortunately, this is not the case. Search engines large and small typically keep logs of users' search terms, with some search engines going further and matching those terms to your computer address, your name, and other items, depending on how much information you have shared with the search engine.

Before you type your search terms into a search engine box or register for extra services at a search engine, please be aware of the potential consequences. Searches can come back to haunt you, especially if they are problematic and can be tied directly to you in some way. Here are some tips to help you enhance your Web searching privacy ranging from high protection steps to simple steps you can start to take right away, on your very next visit to a search engine.

 

Segregate your web searching from other activities

 

Search engine terms can be combined with a lot of other information now. A major case in point here is Google. In January 2012, Google announced that it was going to be combining data across all of its services. What this means to you is that if you use Google's search engine, and you have a Gmail account, and you use Google +, and you use YouTube, then all of the information streams that used to be separate will now be combined and shared across Google's business units. That's a lot of information about you in one place, and to protect your privacy, it's best to split your digital activities up so all of your digital eggs are not just in one basket.

If, for example, you like to use Google for a search engine, you can continue. But don't keep your email, search, video, and social networking all in one big happy family -- use other companies, too. If you use Facebook for your primary social network, then choose a different search engine, we like Startpage.com or Scroogle.org. There are many ways of configuring this -- the important thing is choose the services you like, and then make sure you are splitting things up between companies. Don't give all of your online life to one company. That's just too much data in one company's hands. That way, when someone comes knocking on a search engine's door for your data, they only get some of your search terms, not everything else.

For more on this, see for example, the Google transparency report that reveals requests for user's data. From January to June 2001, Google fully or partially complied with 5,950 data requests for 11,057 users, and this was just for the US. Google keeps a map of all the requests across the globe. Make no mistake: your search engine terms and other data can be requested. Mix it up and don't put all of your digital eggs in one company's basket.


Watch what you search for

 

Avoid using terms that include your full legal name attached to any information that you don't want associated with it. For example, searching for your full name and your full Social Security number (or ID card number) within one query is not optimal. If you have conducted this search, then your name and your SSN will appear together in the search string, and may be stored for a long time by the search engine.

For example, if you search for " Jane Doe 123-45-6789" at Google, the search string will look like this:

http://www.google.com/search?hl=en&q=Jane+Doe+123-45-6789&btnG=Google+Search

Jane Doe's name and SSN are both in the search string, so this is a search that you won't want to be conducting because it leaves behind too much information about you.

Many individuals conduct this kind of search in order to make sure that their name and SSN does not appear somewhere on the Web. It is actually a good idea to look for this information, and people have discovered security breaches using this kind of search. But it is better to conduct this search with just your name and only the last 4 digits of your SSN. This abbreviated search will retrieve the same information, and in the process you will keep your information safer.

So, before you search, think. Other people may someday see those search terms. In 2006, AOL released about 20 million search queries of over 500,000 of its users. [1] Those queries were put on the web. Reporters for the New York Times were able to identify a user from the search queries; others have also been able to identify users. [2] In 2005, the U.S. Department of Justice subpoenaed Google, Yahoo, MSN, and AOL for tens of millions of users' search queries. Google successfully fought the request, and was able to limit its disclosure, but it is unknown how much data other companies may have turned over. [3]

Special note about passwords and user names:

Do not type passwords or user names into search engines. If there is a security breach that allows your data to be released to others, these passwords and user names can potentially be used to identify you, or even potentially cause some mischief. If you have already typed your favorite passwords or user names into a search engine, it is a good idea to change your passwords and user names.

 

Consider using an anonymizing tool or a proxy

 

The simplest way to disassociate yourself from your search terms is to use an anonymizing tool. There are free services available that allow you to use the Web without revealing your computer address, and there are also pay services. If you have a particularly sensitive search term you want to type in, or if you simply want to ensure that your searches are not attached to your computer's Internet address, you may want to consider using one of these services.

You may not realize it, but your computer discloses a lot of information as you traverse the Web. To see your computer or IP address and the kind of information your computer is disclosing, visit IP ID at http://ipid.shat.net. Your computer's address is just a series of numbers, but those numbers can be tied to you through a series of steps. Do you remember the RIAA lawsuits over music filesharing? The RIAA first found users' IP or computer address, then went to Internet Service Providers to find out what specific customer that address belonged to. These same steps can be applied to searches you conduct at search engines, unless you take steps to mask your computer's address.

 

 

  • TOR Onion Router and Privoxy

    http://tor.eff.org

    http://www.privoxy.org/

    TOR is a free tool you can install on your computer that, when used in combination with a tool called Privoxy, helps to mask your computer's address, among other things. It does take some technical know-how to install and maintain TOR and Privoxy, but it is not impossible for novice computer users to use. TOR can potentially make your Web surfing slow at times. However, TOR and Privoxy are a good tool set and are well worth considering. These two tools should be used together.

 

  • Anonymouse.org is an ad-based service. It is free, but there are ads. http://anonymouse.org/

    Anonymouse is available in English and in German.

 

You can read more about proxy servers and find lists of anonymous proxies at http://www.anonymitychecker.com. If you would like to try one of the anonymous proxies on the anonymitychecker list, please be aware of one caution: do not use a proxy found on this list (or any other list) to send a password or to conduct online banking. While an anonymous proxy can shield your computer's address from search engines, unless you are sure of the source of the proxy server, then don't trust the proxy with passwords or sensitive financial data.

One search engine we have found that to date keeps minimal logs is Ixquick.com. Ixquick.com deletes IP addresses after 48 hours, and is also the first search engine to be awarded the European Privacy Seal (EuroPriSe).

 

General Tips for Using Search Engines

 

These following tips are small steps that will not completely protect you from all search engine privacy issues, but they can potentially help you make incremental improvements. If you find the idea of using a proxy or an anonymizing service to be too much, then start with one or more of these tips.

 

  • Do not accept search engine cookies. If you already have some on your computer, delete them. Cookies can be used to correlate a variety of information. If you do use cookies, delete them from time to time and start fresh. Once a month is a good starting point. Once a week is even better.

 

  • Do not sign up for email at the same search engine where you regularly search. If you do so, then your email address can potentially be tied to your search terms. Whether or not a search engine does this is usually disclosed in the search engine's privacy policy. See our first tip on segregating services.

 

  • Mix it up. Use a variety of search engines.

 

  • Again, watch what you search for. To reiterate, avoid using terms that include your full name attached to any information that you don't want associated with it. In general, unless you are using a highly reliable and proven anonymous proxy, don't type in anything that you would be embarrassed about later.

 

  • Do you get your news from a search engine? The news articles even video you click on may potentially be correlated to the search terms you look for at that same search engine, especially if you have been using one main computer and have been accepting cookies and not deleting them. This kind of correlation is all the more reason to use a wide variety of search engines, especially if you do not typically use anonymizing tools like Tor. You can read your news on one search engine, have your email on another, and use a handful of other separate search engines for Web research. It is not a perfect or a complete solution, but it is a start.

 

  • Varying the physical location you search from can be helpful if it is done correctly. For example, you may do some of your searching from an office, some from school, and some from home. If you vary what computers you search from and also vary the search engines you use, it makes it more difficult for one search engine to develop a complete profile of all your searching habits. The exception: if you regularly sign in to a search engine's personalized accounts (like email) from these different locations, that can act to tie all the different locations together.

 

  • If you surf using a cable modem, or a static (unchanging) Internet connection, ask your service provider to give you a new IP address. It may cost a few dollars to make the change, but changing IP addresses every once in a while can be helpful for people who primarily surf the Web from one computer in one location over a long period of time. If you have kids at home who have used the same computer for a couple of years using the same static Internet connection, this is a great tip to implement if feasible.

 

  • Be aware that your online purchases can be correlated to your search activity at some search engines. Sometimes the relationship is not obvious, so be careful of this by reading privacy policies.  For example, if you purchase books at Amazon.com, think about using the generic version of the A9.com search engine (Amazon owns the A9 search engine). If you use the generic search site, Amazon.com will not tie the Amazon cookie (or your purchases) to your A9 search activities. (The generic address is http://generic.a9.com/. )

 

Conclusion

 

It is challenging to achieve 100 percent privacy 100 percent of the time when using search engines due to the large amount of information the search engines collect. It's better to think in terms of reaching achievable, sustainable privacy goals.

Instead of trying to remain anonymous on a search engine 100 percent of the time, aim for staying anonymous some or most of the time. You may not have time one morning to surf anonymously through TOR or Anonymizer. When that happens, aim to use a variety of search engines with cookies turned off so that at least you aren't creating an unbroken trail at one search engine. In short, find the balance that works for you, but at least work to add privacy in to your search routine in some way.

And finally, this tipsheet has not considered your personal computing hygiene. You should regularly reset and clear your Web browser history, and remove search engine searches that are stored in the browser. You can find the tools do accomplish this in the menu of your Web browser.  In the Safari menu, you can choose "Reset Safari," which will specifically clear cookies and Google search entries stored in your local machine. In Firefox preferences, you can click a button to "Clear all information stored while browsing."

As you browse the Web and conduct searches, keep in mind that those search terms are not merely floating into nothingness. In reality, they are being stored somewhere, and may be stored for a long time. Also, when possible, use an HTTPS connection, or secure connection, when you are using the web just as a general matter, if possible. Working to prevent privacy problems in the here and now is preferable to trying to clean up privacy problems after the fact.

 

Endnotes

[1] Saul Hansell, "AOL Removes Search Data on Vast Group of Web Users," New York Times, August 8, 2006.

[2] Michael Barbaro and Tom Zeller Jr.,  "A Face Is Exposed for AOL Searcher No. 4417749," New York Times, August 9, 2006.

[3] Katie Hafner and Matt Richtel, "U.S. Is Pressing Google for Data on Searches," New York Times, January 20, 2006.

Publication history:

Author: Pam Dixon

Updated February 2012, March 2011, July 14 2008, July 8 2008, January 4, 2008, August 17, 2006; January 31, 2006. Posted January 20, 2006.