Recently, AOL leaked 20 million search queries to the world (as covered in a NY Times article). It listed search queries alongside user numbers, which links search terms to individuals. Although no names are listed, it is often not difficult to determine (or at least narrow down) an individual’s identity, given their search history, as demonstrated in the above article.
The privacy ramifications here are extremely worrying. Web searching is something we all do, and for some of us, often reveals all kinds of intimate details about our lives. That this search history is recorded at all is, if I may say so, an abomination; but that this was carelessly leaked by AOL is very worrying. And yes, even Google record search queries (they’re just a little more careful with it).
The appeal to government and ‘law enforcement’ groups is obvious, which makes this even more dangerous. While Google resisted the Justice Department’s subpoena, the other search engine’s capitulated.
Particularly worrisome is the international nature of many of these search engines, with data centres located outside regions that are protected by various privacy laws. Only recently, Yahoo cooperated with the Chinese government in revealing the identity of a Chinese journalist who had distributed a warning from the Chinese government about the reporting on sensitive local issues; the journalist is now serving a 10 year prison sentence.
Yahoo was forced by the local laws to cooperate with the Chinese government. While one may assume that this only affects local users, it’s quite common for data to be mirrored at several sites, ensuring adequate redundancy should a site be compromised and its data lost. Thus, it’s quite possible that Australian and American search history is stored in regions where the Government has complete control over access to this data.
The Chinese incident is sinister enough, but this is probably just the beginning.
Consequently, the EFF (Electronic Frontier Foundation) have published an article with a few notes on how to maximise your privacy when using search engines.
Some points are:
- Don’t put personally-identifying information in your searches
- Don’t log in to a search engine account
- Don’t accept cookies from your search engine
They are worth reading through; in particular, there’s some directions for Firefox users on how to configure an extension to increase your anonymity with Google searches.
Even if you don’t follow those suggestions, I recommend regularly clearing out your Google cookies. These cookies provide Google and other search engines with a link between your search queries – an identifier that ties them together. By clearing these cookies out regularly, you sever the link between past queries and future queries. In particular, do this before embarking on a particularly sensitive search.
To remove cookies in Firefox:
- Bring up Firefox Preferences (on a Mac, click the ‘Firefox’ menu at the top left, then ‘Preferences’)
- Click the ‘Privacy’ icon
- Click the ‘Cookies’ tab
- Click ‘View Cookies’, bottom left
- Type ‘google’ in the search bar, and remove all related cookies by selecting them and clicking ‘Remove Cookies’
- Bring up Safari Preferences (‘Safari’ menu, ‘Preferences’)
- Click the ‘Security’ icon
- Click ‘Show Cookies’
- Scroll down to the Google cookies, select them, and press ‘Remove’
Alternatively, just delete all cookies, which probably can’t hurt.