Friday, November 30, 2007

Protect your web searches

private1.jpg

"My goodness, it's my whole personal life," she said. "I had no idea somebody was looking over my shoulder." -Thelma Arnold, AOL Searcher No. 4417749


AOL's recent "doh!" release of more than 500K user search records has prompted many people to examine their search methods. While no one approach is absolutely foolproof, using a combination of common sense searching strategies will make it harder for engines (or anyone else) to put together a detailed profile of you. Keep reading today's feature for a few ways to protect yourself from search engines.


AOL: shock and awe


searchresults.png

The biggest problem with AOL's search records release is not what the individual queries revealed (although some of them were pretty disturbing); it was the fact that any search could be tied to one unique user ID. Looking at someone's individual searches is not necessarily invasive - however, tie all those searches to one unique user ID and we've got a problem. For example:


User 7777155 searched for 1974 Silverado truck parts, Sportsline, and Yahoo fantasy baseball. Sounds like a nice guy, eh? Maybe - he also searched for "free MILF hunter password", "you knw when your a mexican when" jokes, and something called "assparade."


Or how about these: individual users searched for "suspended lisence due to child support" along with "chapter 1 of reaching your potential", "the incredibles by pixar" and "cheap liquor" (?), or "battlefield 2 torrent", "fake doctor note", "custom gold grills", and "ice cream shoes" (sounds like this person's got a full day of non-stop fun planned).


A savvy data miner could use this data - which does include personal information such as SSN's, phone numbers, names, addresses, etc. - and go crazy: targeted spam, identity theft, the possibilities are endless.


Big Brother is watching


Here are a few things your search engine knows about you:



  • If you've logged into services-Gmail, Yahoo Mail, etc.-they've got your user name and passwords at the very least. For example: if you've taken advantage of Google's integrated stable of services, you've pretty much given over the keys to the privacy kingdom, so to speak. I am NOT advocating that everyone quit Google, just giving you a heads-up.

  • All your IP addresses are belong to us. Your IP address coughs up quite a bit of relevant info, such as your ISP, city, state, region, and more.

  • Cookies, yum! Your individual searches and repeat visits to the same site can be tied together by cookies.


In addition, all search engines keep at least some of your searches for an undetermined period of time...that means that your search for the NKOTB back in the day might come up again. What's a searcher to do? Actually, there's quite a bit you can do to make your searches more private-note that I didn't say "completely private", because no one method is foolproof. However, if you mix up these tips you stand a much better chance of keeping your search records to yourself.


Keep it secret, keep it safe


Tweak your browser. This is the first and easiest step that any privacy-conscious surfer should take to increase security. There's quite a few ways that you can configure your browser to be more private.


gandalf.png

Proxy: Using a proxy - think of it as a search prophylactic - is a great way to hide your tracks. Here are a few good ones:



A word of caution: do NOT use a proxy for online banking or to send sensitive information. Your computer's address might be shielded from search engines, but if you're not absolutely sure of the source of the proxy, you shouldn't trust it with your info.


Ixquick and Generic A9: In light of the recent AOL troubles, Ixquick is promoting itself as the privacy lover's search engine; in fact, from June 27 onwards, "Ixquick will permanently delete all personal search details gleaned from its users from the log files."


You can also search without logged search details over at Generic A9.com, an Amazon-owned search engine. When you search in "generic" mode, none of your personal information is recorded.


cookie.png

Cookies. Cookies are small pieces of identifying data that websites use to track your visits and your unique preferences. In order to be more private on the web, you're going to want to either use a cookie manager extension or program, or, just dump your cookies once a week.


CookieCuller for Firefox is a modified version of Firefox's built-in Cookie Manager. You can also try Junkbuster, Burnt Cookies, or Cookie Cruncher. I also highly suggest Lost in the Crowd, a service that "automatically and over time places a number of random queries through the search engines you use from your actual tracking cookie."


Don't feel like downloading anything? No problem - just set a reminder for yourself to clean out your cookies about once a week. You don't want to completely turn your cookies off, because then you can't take advantage of personalized services,local searches get messy, search results become less relevant, and shopping searches aren't as convenient. Disable your cookies selectively, depending on the nature of the website.


Tor: Tor, a service from the Electronic Frontier Foundation, is "a toolset for a wide range of organizations and people that want to improve their safety and security on the Internet." The EFF are search privacy nuts (in a very good way), so Tor is the security tool of choice for many privacy-conscious people.


Mix your services. Try to vary your service providers on the web; for instance, get your mail at Yahoo, search with Ask, use Google Calendar for time management, etc. If you allow just one provider to service all your needs, you're giving them a free lunch as far as privacy is concerned - for instance, if your email is provided by the same search engine that you search with, your emails and search queries can be used together to find out more about you (read your particular search engine's privacy policy to see if this is the case).


Privacy extensions. Here's a quick round-up of good search engine privacy extensions:



  • TrackMeNot: for Firefox; basically creates a bunch of search "noise" so that your real searches are obfuscated.

  • BlackBox Greasemonkey extension: an extension that reroutes your searches at Google, Yahoo, or MSN through BlackBoxSearch, a secure proxy. Hat tip to the always educational Google Tutor for this one.

  • SwitchProxy: "Switch between multiple standard and anonymous proxy configurations quickly and easily with the SwitchProxy Tool for Firefox, Mozilla and Thunderbird."


donotenter.png

Fake it. Create a disposable email address with Dodgeit, Pookmail, or even Hotmail. Avoid identifying registrations with Bugmenot or the Fake Name Generator. Go nuts with the mega-privacy list over at the Electronic Privacy Information Center. In short, there are many options available to you.


Personal computer health. In addition, there's always the standard cleaning out your cache, temp. Internet files, history, disabling auto-complete, etc. This is a pretty basic way to keep your search tracks at least semi-covered.


There's no perfect solution


None of these tips will keep you anonymous from a search engine 100%. The best way to keep your information private would be to get off the webernets completely, but as that's not an option for most of us, the second best is to use a combo of security methods to cover as much of your virtual booty as possible. What are your best search privacy tips? Just comment and share them :)

Labels: , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Related Articles by Labels

Bookmark this

Did my post help you? Help others too by just taking a minute to bookmark this in any bookmark you use