How Do I Keep My Privacy While Using Google? 533
Posted
by
Soulskill
from the encrypt-your-search-terms dept.
from the encrypt-your-search-terms dept.
hubert.lepicki writes "I use Google all the time. I keep two GMail tabs open when I'm online (one is private, another is a corporate account), I use Google search, and recently I switched to the Chromium browser. Google's services are fast, easy to use and usually reliable. At the same time, I know Google is tracking everything I do; I can see it in search results or their ads on web pages, which tend to match my interests. After the recent post by Mozilla's community director suggesting Bing has a better privacy policy (a response to questionable comments from Google CEO Eric Schmidt), I started to... 'google' ways of keeping my private data safe while browsing and using Google services. The results weren't very helpful, so I ask you, Slashdotters: how do I stay anonymous to Google while using their services?"
Why not... (Score:2, Informative)
Tor? (Score:5, Informative)
Why not use Tor for search queries? Your gmail is obviously a different story, because using Tor wouldn't make much difference for Google. So set Opera or Chrome to use Tor, and you're set for that part.
Re:Ideas (Score:3, Informative)
Re:Tor? (Score:5, Informative)
Or use OperaTor: http://archetwist.com/en/opera/operator [archetwist.com]
Re:Ideas (Score:5, Informative)
Open two different browsers, say Chrome and Firefox. Use one to log in to your email, but nothing else. In the other, never log in to Google services. It certainly doesn't solve the whole problem, but it is trivially easy and has no serious drawbacks.
Same IP address at the same time...
Re: You're forgetting the most important thing (Score:2, Informative)
IMPORTANT: You have to disable cookies on google to make sure that they can't build a history of all your searches. Otherwise you can be easily pinpointed if you ever search for your own name or that of someone close to you. Preferably also use a dynamic IP address.
Re:Ideas (Score:1, Informative)
There is *NOTHING* wrong with Firefox.
Firefox is a great program, but there are many things wrong with it.
My pet peeve is when you have 5 windows open, with 5 different web pages, all firefox windows will freeze if your DNS server takes a while to respond to a query. I can understand how one window with one webpage with the slow DNS query should pause (since firefox can't do much to display a webpage if it's waiting for the DNS server), but why all of them?
Re:Dear Slashdot (Score:4, Informative)
It's funny you should mention Jeeves, since the site formerly known as Ask Jeeves [ask.com] actually has better options for privacy (see the "AskEraser" feature in the upper right).
Re:TrackMeNot (Score:5, Informative)
"If you browse with ads, however, prepare for some really bizarre ones."
No problem. I Googled "blocking Google Ads" then set Firefox accordingly. :)
http://www.lancelhoff.com/blocking-google-adsense-ads/ [lancelhoff.com]
Handy Firefox Plugins (Score:4, Informative)
Re:Ideas (Score:3, Informative)
It's a build of Chrome without all the privacy-infringing "features."
Your only real choice: Don't use Google Products (Score:2, Informative)
This makes it really clear.
The Google Toilet Service:
http://www.youtube.com/watch?v=hrontojPWEE [youtube.com]
If you want privacy don't use services or purchase anything on the Internet.
Never buy anything online.
Never use a service that requires that you get an account.
Even then use anonymizing techniques or services like Tor for those few sites that you do visit via random WiFi connections you find by driving randomly around after purging all the cookies in the browser you are using.
But while you are doing that make sure that you always pay for everything in cash.
Do not use a library card.
Avoid all areas that use video surveillance.
Do not get healthcare or have a medical record.
You really don't have any privacy anywhere anymore. If the info is on a network connected computer somewhere, there is someone you have not authorized that can get access to it and copy it. There may be laws against that, but they won't be enforced... because its way too much effort.
Before networked computers held info of all kinds there was the illusion of privacy, but even then it didn't exist. It was just harder to get at the data.
The internet is a public forum. The only privacy that exists is what you set up with other parties BEFORE you use the Internet.
Re:If you asked me... (Score:3, Informative)
For those really interested in privacy, maintaining a benign online personality is important.
The absence of one could raise questions, while you can use innocent patterns to suggest innocence.
The moral is that smart people should not MIX their personalities and communication traffic.
Re:Ideas (Score:3, Informative)
http://www.scroogle.org/cgi-bin/scraper.htm [scroogle.org]
Good stuff.
Re:You don't (Score:3, Informative)
It's not pedantic. You have something to hide: the fact that you made certain queries about porn, crypto cracking and theory. The point is that there is nothing wrong with wanting to hide that.
Re:clusty; whitelisting cookies (Score:2, Informative)
I recently started whitelisting cookies, and I am currently trying out the Cookie Monster addon for Firefox:
https://addons.mozilla.org/en-US/firefox/addon/4703 [mozilla.org]
The biggest addition to what you suggest is that there is a 'temporarily allow cookies' interface, which makes it pretty easy to ban all cookies and selectively enable cookies for a domain for only the current browser session when something doesn't work.
Re:You don't (Score:4, Informative)
are you prepared to move out into the jungle and live outside civilization? I assume no, since you're sitting in front of a computer? then you're going to have to compromise.
Ah yes, my favorite recurring Slashdot fallacy [wikipedia.org]. I'll put it this way:
<sarcasm>Right, because we all know that you must either voluntarily submit to having your every last move logged and recorded, or, live in the jungle as a hermit and give up all civilization and all technology. Yup, no middle ground anywhere.</sarcasm>
Look, just because Google wants me to load their redirection links and accept their cookies and execute their JS doesn't mean that my browser must do those things. To the degree that obtaining my private data requires my participation, I choose not to participate. The only Google service I ever use is their search engine, so for me a reasonable level of privacy is quite easy to achieve. I wonder what you thought you were telling me that was non-trivial, as I can't find anything.
Now, can you guys maybe study argumentation and a little logic so you can stop committing these easily-refuted fallacies? It would make your contributions much more interesting and meaningful. Although, the bright side is that people like you have given me a great deal of practice at exposing and rejecting such erroneous techniques.
Re:Ideas (Score:5, Informative)
Is just what IP tracking is for. You can have all the IM and browsers you want, over time the database logs 'you' and your friends once a set of "dictionary" words are tripped.
Every search and IM is now "Signals intelligence" to the gov and marketing to the
Or you can sell the 'data' to the gov too while running a marketing front
Re:Ideas (Score:5, Informative)
They do have extra info - flash cookies. I can safely bet 99% of you never remember to clear them, and for example Gmail/Google's services explicitly uses them to match IP changes (or use of proxies) with a single computer.
Funny thing is their ToS "Google may store cookies" probably covers flash cookies too, even if everybody would think they wouldn't use such tactics. And who said Google is not evil?
more Scroogle (Score:3, Informative)
Search engine plug-in for Firefox:
https://addons.mozilla.org/en-US/firefox/addon/12506 [mozilla.org]
Easy as pie in 3 firefox extensions (Score:3, Informative)
Then configure CookieSafe to "Deny Cookies Globally" (you can easily make exceptions for some sites). BetterPrivacy and TrackMeNot come with suitable defaults.
With this set-up, no cookies will be created. DOM Storage (super-cookies) and flash cookies will be wiped whenever you close your browser. And you will gently spam Google and other search engines with random searches, just in case they do tracking by IP addresses.
You may also want to throw in:
Re:Ideas (Score:5, Informative)
Blocking Flash should be the default for anyone concerned about privacy, anyway. And with the BetterPrivacy Firefox add-on can in addition clear your Flash cookies between browser sessions, so even for things like YouTube where you absolutely need Flash the tracking ability is at least reduced (of course you'll have to regularly close the browser for it to be effective).
Re:Dear Slashdot (Score:1, Informative)
If you've read/seen any 'Jeeves and Wooster', you'll know that a number of stories directly involved "The Book"... a compendium of secrets which each butler contributes to about their masters.
So, no, a RAIB won't help.
Re:Ideas NOT IP -- proxy servers (Score:4, Informative)
Some people won't believe you (and it's argued in the replies also), but yes any sort of identification by IP is pretty much useless, and it has been for years. It wasn't so bad for geolocating, but even then it ran into serious problems. Even Google, the behemoth datamining company, would sometimes send me off to google.ca, even though I was happily sitting in the US.
They *CAN* use that information to associate you to a group of users. Some people have mentioned NAT on residential connections. Residential lines sometimes show up at small business sites, so even with some regex matching, it wouldn't identify if it's a single user house, or a 10+ user business. Then again, they can guess based on browser usage.
A long time ago, at a company I worked for, we tried to use IP's as part (not all) of the user identification. It's all fine and dandy, until you find out that some places (namely AOL) are obnoxious about their proxies, and some users have multiple lines. One of my original problem was the users with multiple dialup accounts. They'd get annoyed at the speed with one, and switch.
Even a user with a whole collection of dialup and broadband accounts won't be protected if they're searching for "bad" things. The IP is still identifiable to someone. If the feds start subpoenaing records, it won't matter which line you were on, they're still your line. If you're at work and doing it, don't believe for a second that your employer won't be compelled to hand over every machine in the place if necessary. And, no, stealing a WiFi connection from your neighbor isn't enough to protect you. If you've done something bad enough, and the feds show up, they'll figure out soon enough that grandma wasn't really looking for bomb making materials online, and they'll figure out who the rogue user is attached to her access point.
The larger your organization is, the less likely you'll know they're on to you before there's a nice man with handcuffs and a badge standing at your cube saying "We need to talk. Come with us."
So, the question then becomes, how much are you worried about what you're searching for online, and should you really be doing it? The IP may not be any good for positive identification, but it leads them down the trail right to you.
Re:You don't (Score:3, Informative)
You can probably stay somewhat anonymous. As in: they know what you do, but not that it's YOU that's doing just that.
It's like my Octopus card [wikipedia.org] used for public transport. The Octopus company knows exactly for what rides that card is used - where and when I get on or off the train, where and when I board a bus, the boats I take, the occasional newspaper or other purchase I make with it. And they keep those records for seven years.
However what they do not know is that it's me. There is no name linked to the card. I bought it with cash, always update it with cash, basically leaving no trace that it is me.
The same I'm sure you can do with Google's services. Create an account, use fake information (or very limited real information, not enough to track it to you, if you have a general name like "john doe" you're set), and Google may know everything about that account, but can not link it to the real you.
To me that's more than enough for Google (or Octopus) to know. For Google's ads I actually don't mind them, and have clicked on them quite often, especially when searching for some commercial product or service. E.g. I want to buy a hard disk, then I'd click on ads offering hard disks. If Google personalises that to my account to show sellers local to me and not e.g. USA based sellers, then that would make me happy. And the advertiser as well as a USA seller of such a generic product will not make a sale to me, I rather buy something from a local store. Some personalisation to my preferences is quite OK, linking it to physical me is less so. There is no reason for that imho. Especially not for a foreign company based in a country that starts to scare me more and more when it comes to basic privacy and human rights. If ever I try to cross the US border I don't want to be questioned about Google searches that I did, for example!
Re:Ideas NOT IP -- proxy servers (Score:1, Informative)
whoosh?
Re:Ideas (Score:4, Informative)
Congratulations, you just ran whois on a porn site instead of scroogle.org. Thanks for offering your authoritative opinion.
Scroogle.org, which is the actual search-engine proxy in question, has been operated by Daniel Brandt [counterpunch.org] for the last 6 years or so.
Re:Ideas (Score:2, Informative)
scroogle.com and scroogle.org don't appear to be affiliated, the former being porn-related, the latter being the search proxy.
Domain Name:SCROOGLE.ORG
Created On:24-Apr-2003 02:46:15 UTC
Registrant Name:Daniel Brandt
Registrant Organization:Public Information Research
Registrant City:San Antonio
Registrant State/Province:Texas
Re:Ideas (Score:4, Informative)
(of course you'll have to regularly close the browser for it to be effective).
FYI, the Better Privacy plugin can delete flash cookies based on age so you do not have to restart the browser to get the benefit - I have mine set to delete any that are over 1 hour old.
Re:Not exactly what you want, but (Score:2, Informative)
Good one.
All kidding aside, the two lines:
doubleclick.net 127.0.0.1
google-analytics.com 127.0.0.1
are good to have in your hosts file