Slashdot Mirror

← Back to Stories (view on slashdot.org)

How Do I Keep My Privacy While Using Google?

Posted by Soulskill on from the encrypt-your-search-terms dept.

hubert.lepicki writes "I use Google all the time. I keep two GMail tabs open when I'm online (one is private, another is a corporate account), I use Google search, and recently I switched to the Chromium browser. Google's services are fast, easy to use and usually reliable. At the same time, I know Google is tracking everything I do; I can see it in search results or their ads on web pages, which tend to match my interests. After the recent post by Mozilla's community director suggesting Bing has a better privacy policy (a response to questionable comments from Google CEO Eric Schmidt), I started to... 'google' ways of keeping my private data safe while browsing and using Google services. The results weren't very helpful, so I ask you, Slashdotters: how do I stay anonymous to Google while using their services?"

13 of 533 comments (clear)

  1. Ideas by ilovegeorgebush · · Score: 4, Interesting

    TrackMeNot for Firefox is useful for masking your real search engine queries with randomised search terms. That's a start. Not sure if there's a Chrome equivalent. Is Chrome that much of a necessity? Firefox does the job (though it freezes far too often for me). Otherwise, why not exercise some self-constraint and try products from Yahoo, or even host your own? (First post? :P)

    --
    ilovegeorgebush
    1. Re:Ideas by Anonymous Coward · · Score: 5, Interesting

      This is like a steer asking, "how can I keep getting this free food and board without being taken to the slaughter house later?"

      To Google, you are the product. They are selling advertising. More specifically, they are selling your attention to marketers. Giving you privacy is contradictory to the entire purpose of their existence. They give you nice, fast, free stuff to keep you hooked in to their services and to keep collecting more data so that they can sell more advertising.

      There is no privacy using Google services. There never will be. They will keep encroaching into your private info as far as you let them.

    2. Re:Ideas by quickgold192 · · Score: 5, Interesting

      Yes, I've thought about this problem and I've also read about TrackMeNot. Unfortunatly, TrackMeNot has some serious flaws:

      1. It randomizes search terms instead of following believable search patterns. Example 'search stream': Shoes, virus protection, Hannah Montana, flamethrower "do it yourself", Hawaii, spark plugs, military surplus, speaker system, Exhaust Flame Thrower Kits... It's pretty easy to see what's real and what's fake.
      2. People tend to use search engines in bursts. When I last used TrackMeNot it sent off search queries at regular intervals. The decoy queries would be easy to filter out.
      3. Nobody would really be willing to let queries like "donkey sex" or "how to kill the president" get fired off by the software. For true privacy, those would be the most important terms to make the list, so that if someone really *did* search for those, he could just say that it was the software making automatic requests.

      I had an idea to fix this:
      1. The software would have to monitor your search engine usage and match your searching bursts and searching frequency. Those things can't be hardwired into the software or else algorithms would so some fingerprint-matching on your search queries.
      The next part is a little fuzzy:
      2a. For every 'search burst' you make, the software can ananomously post the search terms to a central server that other clients read and use as decoys. The problem is filtering out truly private data such as address and names.
      2b. If not that, maybe the software can just go loose on the web and look up possible related search terms to search for.

      Of course, I'm thinking beyond simple privacy against advertisers. More like legal protection.

    3. Re:Ideas by rm999 · · Score: 4, Interesting

      Careful with TrackMeNot - I used it for awhile, and Google started blocking my real searches, returning an error screen that indicated my searches may not be legitimate. They clearly know when you are using it (who sends in dozens of searches every hour of the day?), and may consider it a violation of their TOS. I don't know about you guys, but if they decided to shut down my account it would be pretty devastating - I backup a lot of information and important e-mails only on gmail.

  2. TrackMeNot by the+linux+geek · · Score: 4, Interesting

    Look up the TrackMeNot Firefox extension. It spams Google and the other search engines with randomly generated but plausible search queries, so there's no real way that any of these companies can build a profile on you. If you browse with ads, however, prepare for some really bizarre ones.

  3. You Don't by phantomcircuit · · Score: 4, Interesting

    If you are logged into gmail you cannot possibly retain your privacy.

    Short of deleting all google cookies and changing your ip after using gmail you cannot retain your privacy.

  4. Its the cost of admission... by SuperCharlie · · Score: 3, Interesting

    Nothing is free and if you use their services, your privacy, at least in part, is the cost. If the price is too high, go somewhere else.

  5. I get cross gmail account ads by stimpleton · · Score: 5, Interesting

    I work for a company that supplies a specific unique service(Laboratory Service). I use a work gmail account for testing/backup. My personal email is not gmail. To my surprise after using gmail I starting getting spam to my personal account to do with Lab stuff. And some ads in gmail clearly are oriented to my personal stuff. As far as I know I have never crossed the two and strickly keep personal matters out of Gmail.

    As with a comment above, "if you have nothing to hide", I don't have anything to hide. But it is somewhat unsettling.

    --

    In post Patriot Act America, the library books scan you.
  6. Re:Tor? by Gothmolly · · Score: 4, Interesting

    Except for the fact that most Tor nodes are trojaned DoD machines, with all sorts of data->disk logging features. Or not. But how could you tell?

    --
    I want to delete my account but Slashdot doesn't allow it.
  7. Re:You don't by LockeOnLogic · · Score: 5, Interesting

    There was an old russian KGB adage which went something like "everyone has committed a crime, it's about who we decide to prosecute".

  8. Re:Ideas NOT IP -- proxy servers by redelm · · Score: 4, Interesting

    Tracking HTTP by IP is extremely unreliable for Google and everyone else -- many corporations and other firewalled institutions run big proxy servers and funnel all their requests from that machine.

  9. Here's what I do... by Jah-Wren+Ryel · · Score: 5, Interesting

    1) Use different browser profiles for different web applications.

    If you start firefox with these options: -no-remote -ProfileManager it will allow you to run multiple copies simultaneously, each with a separate profile (different set of cookies, different set of plugins, different skins, different bookmarks, different histories, etc).

    I create a specific profile for each major web app - I have one for IMDB, one for google searches, one for google mail, one for google voice, etc. And one for generic browsing.

    Each profile has a couple of add-ons:
    Adblock Plus - general catch-all to block things like doubleclick and the million other trackers
    CookieSafe Lite - for fine-grained control of what sites can set cookies
    NoScript - for fine-grained control of what sites can use javascript and flash
    Redirect Cleaner - for removing those "bounce links" that a lot of sites use to track you when you follow a URL off their site, with the cleaner you go directly to the destination URL
    RefControl - for clearing out or rewriting the referrer URL - prevents sites from knowing where you came from when you clicked a URL to their site, sometimes helpful in accessing poorly 'restricted' content
    Targetted Advertising Cookie Opt-Out - sets special cookies that sites may choose to obey to say "don't profile me" since these TACOs are not unique-per-user, I figure it can't hurt although it probably doesn't do anything
    User Agent Switcher - Lets your browser identify itself as a different browser - this is very important
    Ghostery - Informational Only - tells you what tracking sites may be tracking you on any given page (does not block them, and you get false alarms on sites where NoScript blocks javascript, but it is still good for situational awareness)
    Better Privacy - Blocks new stealth "super cookies" in Flash and DOM Storage Objects. VERY IMPORTANT

    Using the above plugins, I do the following in each profile:
    1) Set NoScript to only allow javascript from the one website the profile is intended for - and block flash as much as possible regardless due to cross-profile flash cookies
    2) Set CookieSafe that same way and then only for per-session cookies
    3) Block and/or auto-delete Flash and DOM Storage cookies with Better Privacy - note flash cookies tend to be shared across all profiles because they go in a folder under "Documents & Settings" on MS Windows and ~/.macromedia/ on Linux. I am still looking at ways to force each profile to use a different directory for flash cookies - until then, block flash as much as possible and auto-delete cookies frequently
    4) Set the User Agent to be different in each profile - this gives the appearance of multiple users behind a firewall which is key
    5) Load a different theme or skin for each profile to make it easy to visually distinguish between windows so you don't accidentally start browsing the web from your gmail window or vice-versa

    All that is a little bit of a pain to set up, an hour or two total. But once in place, I think it is a reasonable compromise for reducing the risk of having your personally identifiable information gleaned in services like Google Mail from being automatically cross-referenced with your browsing habits. I am considering taking it a step further with FoxyProxy configurations to use

    --
    When information is power, privacy is freedom.
  10. Re:You don't by TikiTDO · · Score: 3, Interesting

    Actually, no. There really is little to no middle ground in this. The internet, by its nature, is an open platform. When you are on the internet, you are going to be leaving traces, unless you go to extreme measures not to; be those traces on google computers, or in the logs of hotgoatsex.com. Of course you probably could figure out a way to use some complex series of multi-level encrypted proxies, bouncing around the world before getting to what you want, but to be honest, that's the type behavior and time investment I would expect from either a real tin-foil-hat freak, or a bot-net owner. (Tor does not count, for technical reasons that have been mentioned numerous times already)

    You say that the only Google service you use is their engine. That must mean that you block every single ad tracking cookie, all the Google APIs, Google Analytics, and the loads of useful services they offer. Services, I would like to remind you, are used in more and more sites, because they give site owners important data. All this, because of a view that you, and specifically you are interesting enough to follow. Of course I do not know anything about you, but I find it quite unlikely that you show up as anything more than a tiny blip on the radar, unless you make a habit of talking about making bombs, killing presidents, or other stupid stuff such as that.

    Granted, perhaps you really do take all these steps. However, let's be frank. If the government wanted to learn something about you, they would just go to your friendly neighborhood telecom oligopoly. The ISPs, after all, have long proven themselves more than ready to give out whatever data they have, for pennies per request. They already have the ready made infrastructure to track every single byte you, or anyone, send out. Google, on the other hand, does have their little "do no evil" mantra that they try to follow as much as a huge corporation can. As such, they are much more likely to demand a full warrant before sharing what they know. After all, this knowledge is their lifeblood, it would pay to keep it as secret as they can.

    Regarding the idea of the slashdot fallacy that you keep pushing around, perhaps I could bring up such novel concepts as a Metaphor, Sarcasm, and even Exaggeration. I believe those might be pertinent to the example at hand. I'm sure you can figure out that no one REALLY thinks you need to pack your bags, and move to South America. Instead, they are trying to convey the idea that by going this far out of your way to ensure what illusion of privacy you chose to maintain (Which, considering you chose to post on a message board on the internet really is not that much), you are likely missing out on some of the features that make the internet the amazingly useful tool that it is. You could almost say that you are "living in the jungle." So, yes, you could continue practicing exposing the sarcastic musings of the slashdot population, but I would argue that if this is what you were after, your time may be better spent on a debater's forum. I'm sure you could even find a few that do not use anything google yet.

    Now please, don't take this as an argument for why you should use google. If you have concerns, then it is entirely within your right to try to ensure your privacy as much as you can. Instead, I am trying to illustrate that this illusion of privacy that you maintain is most likely just that, an illusion. At most, you are ensuring that one of the myriad of third parties that potentially has access to your info has a bit less than they would otherwise. Of course, I may be wrong, and you really might be an internet ninja. In that case, congratulations, you have successfully hidden data that no one would really care about anyway. Unfortunately, in doing so you probably raised some flags somewhere, and may now be significantly higher on the "to track" list than many others.