Defeating Google's Perpetual Search Logging 251
heretic108 writes "Google's policy of storing everyone's search histories forever is causing concern amongst many, especially since Google stores a cookie on everyone's PC expiring in 2038. But at least one user is fighting back. His short and simple guide tells you how to set up any decent web browser so that it routes Google requests through an anonymous proxy, while sending everything else direct to the net for full-speed surfing. Follow these steps and get Google's nose out of your business once and for all."
Text before slashdotting (Score:5, Informative)
Abstract
A simple HOWTO for stopping Google from logging your search history.
The Problem
While Google.com is a brilliant search site, and while its proprieters claim to abide by their 'do no evil' motto, there is one practice that threatens to expose you to much evil down the track.
Google places a cookie on every user's computer, timed to expire in 2038. With this cookie, they can track you and log your entire search history. In fact, Google has recently indicated that they won't be deleting people's search histories.
While this cookie may not directly identify you by name, an analysis of your search history over time can definitely help an attacker (or abusive government authority) to identify you personally.
Many people fight back by setting up an anonymous proxy for all their web surfing, but this can slow down their accesses terribly. Such slowness sooner or later drives most people to revert to direct non-anonymous internet access.
A Solution
In summary, the solution is to clear all long-lasting cookies, set your browser to not keep cookies between restarts, and divert all google requests out through an anonymous proxy.
This will protect your privacy as far as google is concerned, but allow you to enjoy full-speed browsing with other sites.
Follow these simple steps:
Get access to an anonymous web proxy. A common favourite is the Tor network
Be using Mozilla Firefox.
Install the FoxyProxy extension for Firefox
Within FoxyProxy configuration, add an entry for your anonymous proxy. Within this proxy, add 2 whitelist wildcard rules, with the patterns:
http://.google.com/* [google.com]
http://google.com/ [google.com]
Clear out all your browser cookies
Set Firefox so that it only keeps cookies till you close Firefox (Edit/Preferences/Privacy/Cookies)
If there are any other sites that may be unduly logging your activity, and don't have a refular log deletion policy, add some entries for these sites into your anonymous proxy matchlist in FoxyProxy.
With these measures in place, all your regular web requests will go out directly to the internet, while all requests for *.google.com will go via the Tor anonymity network. Also, since your cookies are getting deleted every time you close/restart Firefox, then Google will no longer be able to build a history of your web surfing.
I appreciate that for some amongst us, this is like closing the barn door after the horse has bolted. But at least we can arrest the extent of the privacy violation which Google is perpetrating.
Conclusion
The searches you send out to Google are your business. You have the right to prevent Google from accumulating a perpetual history of your web searching. Use that right.
RTFS: "for full-speed surfing" (Score:5, Informative)
clusty (Score:5, Informative)
Clusty [clusty.com] has an excellent privacy policy. I'm going to try using them for a while and see if the results are comparable in quality to google's.
And before anyone says that you don't need to worry if you aren't doing anything illegal, try reading up on the history of the FBI. They had a massive file on Einstein, who, e.g., belonged to "communist front" organizations like the the American Crusade to End Lynching. Check out the Wikipedia article on COINTELPRO [wikipedia.org], especially the part about the murder of civil rights activist Viola Liuzzo (by a carload of Klansman with an FBI agent riding along), and the FBI's subsequent smear campaign against Liuzzo.
No need for a Firefox extention (Score:5, Informative)
Place the above in a text file, and set it as the automatic proxy config file for your web browser (for Firefox users, Preferences>General>Connection Settings).
The matching string *http://*.google.*" should be used instead of http://.google.com/* [google.com] as a foreign proxy will cause Google to redirect you to its respected cctld.
Re:Easier ways to do it (Score:3, Informative)
Re:Pffff... (Score:5, Informative)
He's absolutely right. Do you honestly beleive that other search engines do not save the searches you type into THEIR server? What just happened with AOL? At least Google is honest about it and made it publicly known that everything is saved, thus giving you the option to not use them if you don't like that.
They're providing a free servivce to you, if you don't want them to know what you're searching for, don't use the service. Or waste time setting up proxies and whatnot. But as has been mentioned, you better proxy everyone, because every web service you use probably saves some information about you.
Personally, I have too many other important things in my life to worry about other than the fact that google saved that search for "hentai porn" last week.
Re:gmail? (Score:2, Informative)
Re:Can't help but ask... (Score:3, Informative)
Re:Hilarious guide, using Tor.... (Score:5, Informative)
That, and who thinks they are fooling anyone by doing this? If you have a Google account for other services like Gmail, then you must allow Google to set a cookie, and you are still identifying yourself. You're also giving up the ability to customize your searches (safesearch, number of results, languages, etc).
Depending on how your cookie settings are set, the only thing Google will know is what you're searching for. If you're really that worried about it, just delete the Google cookie when you're finished for the day/week/month. If all you use is Search, then just blacklist google.com in your cookie settings. That, or you can send all your traffic through an anonymous third party who has no accountability. If you're concerned about absolute privacy with regards to Google, it seems unlikely you'd give the same information to some anonymous others.
Re:gmail? (Score:1, Informative)
The news here is not that web sites are storing cookies on your pc. We saw that movie in '99. The news is that Google can make a complete search history for a person/pc. Since they won't be deleting that data, it's going to be subpoena-able (is that a word?) forever. Meaning everytime you use Google search (or anything else Google, I think) on the same cookie, there's another data point in the system, and that much greater risk to your case when (not if) the data is used against you in court. And since everybody uses Google, everybody suffers this risk. We've already seen what happens with Yahoo! vs China. Hey Google, keeping search data forever is 'EVIL'! Google needs to implement a raw data deletion policy for our privacy.
Re:Can't help but ask... (Score:4, Informative)
There's absolutely no reason to use a plugin for that, Firefox can do this just by itself (as can SeaMonkey, and even Mozilla could do it already). You can either create a blacklist of domains that are only allowed to set session cookies (tools -> options -> privacy -> cookies -> exceptions -> "allow for session" (which downgrades all cookies to being valid for the session only), or a whitelist of domains that are allowed to set cookies ("allow"), while everything else will honor "keep cookies: until I close Firefox".)
(So to put it in other word, Exceptions override any other settings, so you can use it as both whitelist and blacklist, while general settings govern all other sites.)
Re:Hilarious guide, using Tor.... (Score:3, Informative)
It's true that if you don't accept a cookie from google.com, you can't login into Gmail. I've solved the issue by allowing google.com's cookie, but using google.ro for searching (with cookies turned off, you can block them for any domain you want both in IE and Firefox). So Google cannot associate my searches with my Gmail account. In fact, all my searches are only connected with my IP address, and this can be circumvented as described in TFA. Of course, when Google has all your mail, any search data is superfluous, so I only use Gmail for non-incriminating stuff.
The method for saving preferences (disabling safe search) comes from paranoid Daniel "tinfoil hat" Brandt [google-watch.org]. Basicaly, you need to append a few parameters like "safe=off" to your search page (home page, in my case).
Not quite so sufficient (Score:3, Informative)
Then keep one window available with the anonymous browser and use it when you want to be private. Keep others around when you want the speed of direct connection.
How to access your gMail -without- needing Cookies (Score:3, Informative)
provides access via eMail clients, eg, Eudora, OE, etc.
So, using a "real" eMail client, no cookies aer required.
QED
Re:non isp email you can use with a client (Score:2, Informative)
GMail is the only free web mail service that I know of that you can access through any email client.
ARTICLE IS INCORRECT (Score:2, Informative)
IMPORTANT
The settings in the article are wrong, and if you use them you are likely under the mistaken impression you're going through TOR when you're not.
The correct wildcard setting should be something like "*google.*/*" (this is conservative, meaning it'll catch some things that aren't from google.com, but at least the google addresses will all be TORed).
If you use the settings in the article, then not only will your browser directly access www.google.com, but if you happen to go through an international TOR outlet (like in Germany), which is quite likely, you'll be redirected by Google to "google.de" which your browser will access directly.
To summarize, do not use the settings in that article. You are not necessarily passing through TOR if you do.
Re:Hilarious guide, using Tor.... (Score:3, Informative)
Re:Cookie myth (Score:3, Informative)
Oh, but there's more. It's not just searches. Just today I noticed that Google is serving css and javascript from www.google.com for third-party sites such as blogs.
So in other words, they can track you across the web unless you foil this too. Prior to this, you could avoid being tracked from site to site by (a) controlling cookies (I never allow beyond-current-session cookies for any site, ever) and (b) black-holing advertising and tracking sites including pagead2.google.com and google analytics, etc.. But now it's either filter www.google.com too, and not have access to their main site; or leave it unfiltered and let Google map all your searches to your IP *plus* the fact that you visit site A, then site B etc. (maybe even what you do there, if they're using XmlHTTPRequest to the max).
So now the practical privacy protection is use the kind of solution the link in the story recommends (FF extension) or maybe searching via something like blackboxsearch [blackboxsearch.com] or scroogle [scroogle.org].
The better solution would be a way to selectively block third-party accessory files - JS, CSS, images ( blacklist/whitelist and 3rd party vs. current site). The Mozilla browsers have an option to disallow third-party images but it doesn't work. Users also need control over XmlHTTPRequest, including optional notification of when it is used, option to turn it off (it's supposed to be same-site-only but iframes are a big loophole).
Re:Pffff... (Score:2, Informative)
Google TOS: http://www.google.com/intl/en/terms_of_service.ht
Re:Hilarious guide, using Tor.... (Score:3, Informative)