Slashdot Mirror
Defeating Google's Perpetual Search Logging
heretic108 writes "Google's policy of storing everyone's search histories forever is causing concern amongst many, especially since Google stores a cookie on everyone's PC expiring in 2038. But at least one user is fighting back. His short and simple guide tells you how to set up any decent web browser so that it routes Google requests through an anonymous proxy, while sending everything else direct to the net for full-speed surfing. Follow these steps and get Google's nose out of your business once and for all."
but still accepts cookies from Google, even if it just for the session.
Besides, not one word about JavaScript......
Use MSN Search instead! Ha!
52 52'23" W 47 32'07" N
If you are going to the trouble of setting up a proxy, why not use it for all of your web traffic? I mean, there are websites out there that collect just as much information as Google does, why do you want them collecting information about you?
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
Protect Your Privacy from Google
Abstract
A simple HOWTO for stopping Google from logging your search history.
The Problem
While Google.com is a brilliant search site, and while its proprieters claim to abide by their 'do no evil' motto, there is one practice that threatens to expose you to much evil down the track.
Google places a cookie on every user's computer, timed to expire in 2038. With this cookie, they can track you and log your entire search history. In fact, Google has recently indicated that they won't be deleting people's search histories.
While this cookie may not directly identify you by name, an analysis of your search history over time can definitely help an attacker (or abusive government authority) to identify you personally.
Many people fight back by setting up an anonymous proxy for all their web surfing, but this can slow down their accesses terribly. Such slowness sooner or later drives most people to revert to direct non-anonymous internet access.
A Solution
In summary, the solution is to clear all long-lasting cookies, set your browser to not keep cookies between restarts, and divert all google requests out through an anonymous proxy.
This will protect your privacy as far as google is concerned, but allow you to enjoy full-speed browsing with other sites.
Follow these simple steps:
Get access to an anonymous web proxy. A common favourite is the Tor network
Be using Mozilla Firefox.
Install the FoxyProxy extension for Firefox
Within FoxyProxy configuration, add an entry for your anonymous proxy. Within this proxy, add 2 whitelist wildcard rules, with the patterns:
http://.google.com/*
http://google.com/
Clear out all your browser cookies
Set Firefox so that it only keeps cookies till you close Firefox (Edit/Preferences/Privacy/Cookies)
If there are any other sites that may be unduly logging your activity, and don't have a refular log deletion policy, add some entries for these sites into your anonymous proxy matchlist in FoxyProxy.
With these measures in place, all your regular web requests will go out directly to the internet, while all requests for *.google.com will go via the Tor anonymity network. Also, since your cookies are getting deleted every time you close/restart Firefox, then Google will no longer be able to build a history of your web surfing.
I appreciate that for some amongst us, this is like closing the barn door after the horse has bolted. But at least we can arrest the extent of the privacy violation which Google is perpetrating.
Conclusion
The searches you send out to Google are your business. You have the right to prevent Google from accumulating a perpetual history of your web searching. Use that right.
The site seems to be slow. Anyone got a link to the google cache?
This guy's the limit!
So what you're saying is that if I allow Google to store a cookie on my computer to track the history of all searches I make, they'll... track the history of all searches I make?
Heavens to betsy! This is big! How is it no one ever noticed this "cookie" thing before this Slashdot article?
I wonder if any other websites are doing this as well.
If you log into gmail then won't your search be linked anyway? (since mail.google.com would be proxied)
In the end, the simplest is to stop using google if you feel your privacy is compromised and try to find a company with a better policy.
I tend to trust google enough to keep my search history, so what that they know you search for killing your wife or drowning barbie dolls, let them assess all they want, because you cannot be found guilty of thinking about a crime.
liqbase
Use Customize Google:
Customize Google For Internet Explorer
Customize Google For FireFox
Both will anonymize your google cookie, click tracking and much more.
Both are free open source projects.
Omgili - Find out what people are saying.
I wrote a while back about concern's with Google's Desktop search, as it relates to HIPAA regulations, but never thought much about my own right to privacy when using Google's searches. I guess there could be a future version of a Joe McCarthy witch hunt, where the government could supoena Google and force them to release search data.
I bookmarked his site and will implement the methods at my workplace, since Google's responce was less than satisfactory, IMHO. It was along the line of "no patient information would EVER leave our servers!"
Yeah...right
"Let us raise a standard to which the wise and honest can repair" - George Washington
Clusty has an excellent privacy policy. I'm going to try using them for a while and see if the results are comparable in quality to google's.
And before anyone says that you don't need to worry if you aren't doing anything illegal, try reading up on the history of the FBI. They had a massive file on Einstein, who, e.g., belonged to "communist front" organizations like the the American Crusade to End Lynching. Check out the Wikipedia article on COINTELPRO, especially the part about the murder of civil rights activist Viola Liuzzo (by a carload of Klansman with an FBI agent riding along), and the FBI's subsequent smear campaign against Liuzzo.
Find free books.
No it doesn't. It tells you how to set it up with Firefox and only Firefox via the FoxyProxy extension. That's a far cry from what you're claiming; no instructions for Safari or Opera.
Place the above in a text file, and set it as the automatic proxy config file for your web browser (for Firefox users, Preferences>General>Connection Settings).
The matching string *http://*.google.*" should be used instead of http://.google.com/* as a foreign proxy will cause Google to redirect you to its respected cctld.
Cookies are the easy part. The hard part is that they log the IPs/hostnames and can link your searches to you without any cookies. Now, one IP != one user, especially in a NAT office/school environment, but can be quite accurate for home users.
To be fair to G, it's your nose that is in their business ;)
So, instead of sending your search results to Google to be recorded, you're sending them to both Google and some unknown third-party?
Explain to me how giving some stranger all your search results will protect your privacy, Slashdot.
Which is really hard to do on 32-bit Linux. I'm not sure how windows handles this situation. However, just deleting the cookie would also work. I imagine you could easily make a firefox plugin that would destroy all cookies from either a whitelist or blacklist of domains every time you start/shutdown the browser.
Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
Correct, sort of. Perhaps I should have said that Google invades your privacy. Considering that, at least in the United States, the right to privacy only applys to your right to privacy from government entities (even that is a right bestowed by the SCOTUS rather than being spelled out in the Constitution), one really has no right to privacy from a private or even public company.
However, Google is an advertisement supported service and they still collect the search queries, even if they are annonomized. So, one could argue that unless Google wants to be able to later be able to analyze that data to find a specific individual, they should have no problem with the data being annonomized, since, in fact, they still get the same data, but in an annonomized form which cannot then be targeted back to a specific computer.
Setting his threshold to 5, Sparky eliminated most of the trolls on /.
and I did not speak out
because I was not a Jew.
Then they came for the Communists
and I did not speak out
because I was not a Communist.
Then they came for the trade unionists
and I did not speak out
because I was not a trade unionist.
Then they came for me
and there was no one left
to speak out for me.
- Pastor Martin Niemöller
The lesson? Speak out NOW, while someone else is being persecuted in violation of your Constitutional liberties. Eventually they always get around to coming after YOU.
In Germany, your neighbor typically turned you in because they didn't like you. Not because you were a Jew, a gay, or a commie.
Right now, today, someone you don't like - perhaps someone you don't even realize - can accuse you of being a terrorist - and at the very least there'll be a file on you. Good luck with flying after that... if you're lucky.
God, I hate apathetic people.....
--- Grow a pair, liberals... stop letting the Republicans bully you!
There is a real easy solution (for those who have a problem with Google's practices)
1) Use a different search engine: Google (and most businesses) I'm sure will not care what you say until a critical mass
of users using other search engines (or any other product) lose customers. Of course, since they have not changed their
business model or practices since their inception, I don't think that is really going to happen anytime soon.
2) Execute a technological workaround: However that has the drawback of if (and I say if) Google decides to become nasty,
they just ban you from their system, which they could legally do, since you are violating their company policy (which again forces
you to use another search engine, but this time not by choice).
3) Complain: Perhaps they may listen, perhaps they may not, but as a soverign business unless it affects their revenue stream
(which I don't think will happen, as they happen to be one of the best at execution of both their software and business practices)
I don't personally see their revenue slowing down anytime soon.
Last thing about this subject, it is true there is no such thing as a totally secure system, but Google does a pretty good job at what they
do, why hassle them when nothing has happened (not that it won't), but for now let Google run its ship, and just be happy with the service they
provide.
As one reader said earlier... you could use MSN Search.
Regards,
MBC1977,
(US Marine, College Student, and Good Guy!)
Regards,
MBC1977,
There's absolutely no reason to use a plugin for that, Firefox can do this just by itself (as can SeaMonkey, and even Mozilla could do it already). You can either create a blacklist of domains that are only allowed to set session cookies (tools -> options -> privacy -> cookies -> exceptions -> "allow for session" (which downgrades all cookies to being valid for the session only), or a whitelist of domains that are allowed to set cookies ("allow"), while everything else will honor "keep cookies: until I close Firefox".)
(So to put it in other word, Exceptions override any other settings, so you can use it as both whitelist and blacklist, while general settings govern all other sites.)
How about instead releasing a program that thoroughly pollutes the user's search history regularly with so many randomly generated search phrases that it becomes impossible to link anything back to your particular searches?
One useful feature of Mozilla is "profiles" You can create alternate user profiles, with their own set of passwords, cookies, history, and proxy. So set up one profile to use your anonymizing proxy and give it a distinctive theme, so that you can be clear about when you are doing anonymous surfing and when you are doing direct surfing.
Then keep one window available with the anonymous browser and use it when you want to be private. Keep others around when you want the speed of direct connection.
Has it been over a year since you last donated to the Electronic Frontier Foundation
gMail is about the only (non-ISP) web mail service that also
;-)
provides access via eMail clients, eg, Eudora, OE, etc.
So, using a "real" eMail client, no cookies aer required.
QED
'Deleting the cookie' does nothing to remove your stored search history crosslinked to your IP address
Having a dynamic IP does not help if you use your computer regularly to check email, log in to slashdot, or visit your unique collection of news sites: anything that can link your particular IP-of-the-day to your identity.
Obama likes poor people so much, he wants to make more of them.
Hotmail can only be used with Outloook Express, and to get POP access with Yahoo mail you have to pay.
GMail is the only free web mail service that I know of that you can access through any email client.
If I hadn't seen such riches, I could live with being poor.
I'm posting this in reply to an unrelated comment, because it seems important enough to have visible near the top. I don't know why this hasn't been mentioned by other comments.
IMPORTANT
The settings in the article are wrong, and if you use them you are likely under the mistaken impression you're going through TOR when you're not.
The correct wildcard setting should be something like "*google.*/*" (this is conservative, meaning it'll catch some things that aren't from google.com, but at least the google addresses will all be TORed).
If you use the settings in the article, then not only will your browser directly access www.google.com, but if you happen to go through an international TOR outlet (like in Germany), which is quite likely, you'll be redirected by Google to "google.de" which your browser will access directly.
To summarize, do not use the settings in that article. You are not necessarily passing through TOR if you do.