Can people really tell what I search for over the Internet? You may be
searching from the privacy of your home, but when it comes to just about
anything online, theres no guarantee of privacy.
Your Internet service provider may know about the controversial group you
just researched. Your search engine may know about the divorce youre
contemplating. And if youre surfing from work, your boss may know about the
disease you just looked up.
Some advice from Lauren Weinstein, a veteran computer scientist and privacy
advocate: "Assume that everything you put into those search engines is being
saved and might be handed out to somebody, someday, perhaps linked to your
identity."
All of the major search engines, which sometimes keep data for months or even
years, acknowledge that they will hand over records when served with a court
order, search warrant or subpoena, although Google Inc. earlier this year
successfully fought to limit the scope of a Justice Department request.
Short of demanding that companies erase all data immediately or that Congress
strengthen privacy laws, consumers cant be assured of any privacy, Weinstein
said.
But Peter Eckersley, staff technologist with the Electronic Frontier
Foundation, said there are measures consumers can take to reduce the risks:
Be careful what you type in. Avoid putting in personal information such as
your name or credit card number. If you truly want to know whats being said
about you online, do a "vanity search" for your name from a different computer
so its not tied to your other searches.
Dont use the search engine provided by your Internet service provider,
because searches then can be potentially tied to customer records.
If you use e-mail or other services that require logging in, use a search
engine from a different company or use a different browser to avoid data
linkage. For instance, if you use Microsoft Corp.s Hotmail, be careful when
searching through the companys MSN search.
Configure your browser to block data files called "cookies," or when thats
not possible, periodically clear existing cookies from your browser. Cookies
often have a unique identifier that can link your searches from one session to
the next.
Even if consumers take all of those steps, searches can still be tied to a
computers numeric Internet Protocol, or IP, address, which can be traced back
to you with a service providers cooperation. Thats less of a worry for dial-up
users, because the address changes every time. High-speed users may need to
reset their modems now and then, assuming they hadnt been assigned a permanent,
or static, IP address.
The ultimate protection, Eckersley said, is to use anonymizer services such
as Tor, whose development was partly funded by the EFF. With the free service,
traffic gets routed through a number of computers, and no single one knows fully
the path a packet of data takes. The search engine would only record the last
computer relaying the information, not the users real computer.
Using anonymizers, however, can slow down performance, and youre trusting
that the system works as promised.
It may be possible with some poorly configured anonymizers for
law-enforcement authorities to simply go to their operators with a subpoena,
said Ari Schwartz, deputy director with the Center for Democracy and Technology.
Although they arent supposed to retain data, they can be asked to store
information on a particular customer from a given point forward, he said.
For those reasons, Weinstein shuns anonymizers completely.
"All those things you do are chipping away at the edges of the problem, and
the problem is still there glaring at us," he said. "That information is being
collected, and the IP numbers are there with varying degrees of ease for
tracking down."
