Slashdot Mirror
How Do I Keep My Privacy While Using Google?
hubert.lepicki writes "I use Google all the time. I keep two GMail tabs open when I'm online (one is private, another is a corporate account), I use Google search, and recently I switched to the Chromium browser. Google's services are fast, easy to use and usually reliable. At the same time, I know Google is tracking everything I do; I can see it in search results or their ads on web pages, which tend to match my interests. After the recent post by Mozilla's community director suggesting Bing has a better privacy policy (a response to questionable comments from Google CEO Eric Schmidt), I started to... 'google' ways of keeping my private data safe while browsing and using Google services. The results weren't very helpful, so I ask you, Slashdotters: how do I stay anonymous to Google while using their services?"
TrackMeNot for Firefox is useful for masking your real search engine queries with randomised search terms. That's a start. Not sure if there's a Chrome equivalent. Is Chrome that much of a necessity? Firefox does the job (though it freezes far too often for me). Otherwise, why not exercise some self-constraint and try products from Yahoo, or even host your own? (First post? :P)
ilovegeorgebush
If you asked me I would say resistance is futile unless you are ready to commit illegal actions.
You could always use anonymous services like scroogle fro searching but if I was a intelligence gathering organization, I would run such "anonymous services" myself so there is a risk that you might be followed even more by using such services.
Hacking into 10 machines and forwarding your connections through all of them might be a solution that will get you into trouble but that can be an efficient way to stay anonymous. But then again, intelligence gathering organizations might set up honey pots that you will end up using and you will bring even more attention to yourself this way.
So anyway:
> how do I stay anonymous to Google while using their services
is a really hard to answer question: There might be solutions for anonymous services like searching but for gmail and all other services that require you to log in, I would say forget it.
Intelligence gathering organizations have come to fully realize the potential of the Internet to track people, in contrast to the situation in the early 90s. Maybe Google CEO knows all about this and that he was just saying; you will be tracked anyway so you may as well be tracked by us ! He kind of screwed up on this because he is now stuck, unable to further explain his point of view, he would have to admit that Google, Bing and many other track you for business and marketing reasons but that they also "share" information with security oriented intelligence gathering organizations.
So in the end, I would choose who I want to be tracked by for marketing purposes and forget about not being tracked for other purposes unless you want to risk getting into trouble. You may be safer just acting as a normal day to day user thus making the amount of traffic play into your advantage in order to stay anonymous.
Everything I write is lies, read between the lines.
Look up the TrackMeNot Firefox extension. It spams Google and the other search engines with randomly generated but plausible search queries, so there's no real way that any of these companies can build a profile on you. If you browse with ads, however, prepare for some really bizarre ones.
Why not use Tor for search queries? Your gmail is obviously a different story, because using Tor wouldn't make much difference for Google. So set Opera or Chrome to use Tor, and you're set for that part.
Seriously.. despite all the controversy it has stirred up.. if you don't have anything to hide.. who cares
It's not that black and white.. but chances are unless you have some very disturbing fetish.. chances are "the stuff you don't want your boss to know" is fairly similar to 10 million other people.. to the point where you are just a tiny blip in a stats bucket. Your just search #234521 for "sex with staplers".
They arn't publishing your search history in the newspaper .. they are using it to increment a counter that you might be interested in office supply ads.
If you are really paranoid though.. use adblock.. route everything through tor.. disable cookies.. and be sure to encrypt your hard-drive with a 20 gazillion bit cypher.
If you are logged into gmail you cannot possibly retain your privacy.
Short of deleting all google cookies and changing your ip after using gmail you cannot retain your privacy.
# cat > /etc/hosts ...
> google.com 127.0.0.1
> doubleclick.net 127.0.0.1
> youtube.com 127.0.0.1
> google-analytics.com 127.0.0.1
> #
> EOF
Thanks to 9/11 there arent anywhere on the world you can expect any privacy. Not online, not offline, not your medical records, your purchases, your bills or anything else thats in electronic form are private.
Weather you use Bing, Hotmail, Gmail, Google doesnt matter the least bit since ALL of them logs everything and have to keep it and release it at any governments whim. The differences between them are highly superficial and has zero importance in reality. The terms of service from the different vendors are worth about, not a damn thing. They have to log everything and have to release whatever a court or intelligence agency wants released.
If you dont want it read and scrutinized, dont put it online. Period.
HTTP/1.1 400
I use my butler Jeeves for everything. He arranges my travel, does my bills, and picks up anything I need from the store. He is fast, courteous and usually reliable. At the same time I know that he is aware of everything I do; I can see it in the way he can often provide suggestions which tend to match my interests. Do to some misplaced comments of his, I am now suspicious that he may not respect my privacy. How do I remain anonymous from my butler while still having him provide all the personal services that I am accustomed to?
No one will pay any attention.
It's NOT me! It's the meds! I'm on 1000mg of Fukitol.
Justs Google it....oops!
It seems to me you have two options. 1) Accept the trade off of having Google uses your information for targeted advertising in exchange for their service. 2) Stop using Google's services.
Use Bing instead of Google search. Switch to Hotmail, Yahoo Mail or use an email client. Use Bing's maps instead of Google Maps. etc. I don't think any of these options really ensure your privacy any better than using Google does but if your fear is of Google specifically (sort of irrational IMO) then these are options.
Personally I don't mind the first option because honestly I'm not that interesting. I don't do anything with Google services that would be very interesting to anyone at Google or an intelligence service. There seems to be very little risk for a decent reward.
Nothing is free and if you use their services, your privacy, at least in part, is the cost. If the price is too high, go somewhere else.
But you didn't! This is not about whether people are interesting or not. This is about privacy, which seems to be devalued in the public's opinion. 1984 was a cautionary tale, not a guidebook.
My, my. Slashdot sure has changed.
If you let it slide that a company tracks everything you do, that then becomes the norm, and you no longer have any privacy anywhere. The opportunities for exploitation of this data are too numerous to list. You don't know whether or not Google is selling your data to unscrupulous persons, and with a CEO who says only wrongdoers have something to worry about when it comes to privacy, chances are that advertisers know all about you at this point.
Let me get this straight. It's okay for a company to index all your information so that advertisers know everything you do, but it's "scary" when a credit card company does a good thing and uses info on your driver's license as a security confirmation over the phone? Are you for real?
I work for a company that supplies a specific unique service(Laboratory Service). I use a work gmail account for testing/backup. My personal email is not gmail. To my surprise after using gmail I starting getting spam to my personal account to do with Lab stuff. And some ads in gmail clearly are oriented to my personal stuff. As far as I know I have never crossed the two and strickly keep personal matters out of Gmail.
As with a comment above, "if you have nothing to hide", I don't have anything to hide. But it is somewhat unsettling.
In post Patriot Act America, the library books scan you.
Here are some addons I use in Firefox that might be of use for some: CookieSafe, permanently ban google in specific from setting cookies (for example): https://addons.mozilla.org/en-US/firefox/addon/2497 Ghostery, See who's tracking your web browsing and block them automaticly. (trackers like google analytics, quantcast, etc) https://addons.mozilla.org/en-US/firefox/addon/9609 Torbutton,Provides a button to securely and easily enable or disable the browser's use of Tor. It is currently the only addon that will safely manage your Tor browsing to prevent IP address leakage, cookie leakage, and general privacy attacks. https://addons.mozilla.org/en-US/firefox/addon/2275
What *does* freak me out is how my credit card company can ask me to confirm my height and weight when I talk to them on the phone, and when I ask them how the f**k they found out how much I weigh, they tell me that by law they're allowed to download all the information from the Department of Transit and so they know everything that's on my drivers license. THAT's the kind of stuff that I find extremely scary, and that's the kind of thing you can't do anything at all to prevent other than living in a shack in the mountains somewhere.
But the sum of all your purchases, searches, emails ect... becomes a very accurate picture of who you are (or your behavior anyway). Google may not have nefarious intentions, but the profile now exists in a form which is not even promised to be private.
Given the experience you had with the data sharing between corporations and government, I'm surprised you don't see the potential negatives. A profile of your whole life and lives of all those around you is just a subpoena away. Maybe less than that.
The real issue is a generational one --- the younger generation doesn't have the expectation of privacy that the elder ones did.
I'm 25, and I don't have anything "secret", really. I'm about as political as you can be, and I think there is a damned good chance (as those things go) that I'll be on the "list" of my own government in the future. The thing is, I don't see that there is any way to prevent being on that list without changing who I am, so I'm okay with that.
Learn about Photography Basics.
Tracking HTTP by IP is extremely unreliable for Google and everyone else -- many corporations and other firewalled institutions run big proxy servers and funnel all their requests from that machine.
1) Use different browser profiles for different web applications.
If you start firefox with these options: -no-remote -ProfileManager it will allow you to run multiple copies simultaneously, each with a separate profile (different set of cookies, different set of plugins, different skins, different bookmarks, different histories, etc).
I create a specific profile for each major web app - I have one for IMDB, one for google searches, one for google mail, one for google voice, etc. And one for generic browsing.
Each profile has a couple of add-ons:
Adblock Plus - general catch-all to block things like doubleclick and the million other trackers
CookieSafe Lite - for fine-grained control of what sites can set cookies
NoScript - for fine-grained control of what sites can use javascript and flash
Redirect Cleaner - for removing those "bounce links" that a lot of sites use to track you when you follow a URL off their site, with the cleaner you go directly to the destination URL
RefControl - for clearing out or rewriting the referrer URL - prevents sites from knowing where you came from when you clicked a URL to their site, sometimes helpful in accessing poorly 'restricted' content
Targetted Advertising Cookie Opt-Out - sets special cookies that sites may choose to obey to say "don't profile me" since these TACOs are not unique-per-user, I figure it can't hurt although it probably doesn't do anything
User Agent Switcher - Lets your browser identify itself as a different browser - this is very important
Ghostery - Informational Only - tells you what tracking sites may be tracking you on any given page (does not block them, and you get false alarms on sites where NoScript blocks javascript, but it is still good for situational awareness)
Better Privacy - Blocks new stealth "super cookies" in Flash and DOM Storage Objects. VERY IMPORTANT
Using the above plugins, I do the following in each profile:
1) Set NoScript to only allow javascript from the one website the profile is intended for - and block flash as much as possible regardless due to cross-profile flash cookies
2) Set CookieSafe that same way and then only for per-session cookies
3) Block and/or auto-delete Flash and DOM Storage cookies with Better Privacy - note flash cookies tend to be shared across all profiles because they go in a folder under "Documents & Settings" on MS Windows and ~/.macromedia/ on Linux. I am still looking at ways to force each profile to use a different directory for flash cookies - until then, block flash as much as possible and auto-delete cookies frequently
4) Set the User Agent to be different in each profile - this gives the appearance of multiple users behind a firewall which is key
5) Load a different theme or skin for each profile to make it easy to visually distinguish between windows so you don't accidentally start browsing the web from your gmail window or vice-versa
All that is a little bit of a pain to set up, an hour or two total. But once in place, I think it is a reasonable compromise for reducing the risk of having your personally identifiable information gleaned in services like Google Mail from being automatically cross-referenced with your browsing habits. I am considering taking it a step further with FoxyProxy configurations to use
When information is power, privacy is freedom.
Your ISP knows much, much more about you than Google does.
Some people won't believe you (and it's argued in the replies also), but yes any sort of identification by IP is pretty much useless, and it has been for years. It wasn't so bad for geolocating, but even then it ran into serious problems. Even Google, the behemoth datamining company, would sometimes send me off to google.ca, even though I was happily sitting in the US.
They *CAN* use that information to associate you to a group of users. Some people have mentioned NAT on residential connections. Residential lines sometimes show up at small business sites, so even with some regex matching, it wouldn't identify if it's a single user house, or a 10+ user business. Then again, they can guess based on browser usage.
A long time ago, at a company I worked for, we tried to use IP's as part (not all) of the user identification. It's all fine and dandy, until you find out that some places (namely AOL) are obnoxious about their proxies, and some users have multiple lines. One of my original problem was the users with multiple dialup accounts. They'd get annoyed at the speed with one, and switch.
Even a user with a whole collection of dialup and broadband accounts won't be protected if they're searching for "bad" things. The IP is still identifiable to someone. If the feds start subpoenaing records, it won't matter which line you were on, they're still your line. If you're at work and doing it, don't believe for a second that your employer won't be compelled to hand over every machine in the place if necessary. And, no, stealing a WiFi connection from your neighbor isn't enough to protect you. If you've done something bad enough, and the feds show up, they'll figure out soon enough that grandma wasn't really looking for bomb making materials online, and they'll figure out who the rogue user is attached to her access point.
The larger your organization is, the less likely you'll know they're on to you before there's a nice man with handcuffs and a badge standing at your cube saying "We need to talk. Come with us."
So, the question then becomes, how much are you worried about what you're searching for online, and should you really be doing it? The IP may not be any good for positive identification, but it leads them down the trail right to you.
Serious? Seriousness is well above my pay grade.
Thank god for IPv6 ?
I had no part in that, and I resent the accusation.
Religion is regarded by the common people as true, by the wise as false, and by rulers as useful.