By Eva Galperin
Electronic Frontier Foundation
[UPDATE 2/22/2012] It is important to note that disabling Web History in your Google account will not prevent Google from gathering and storing this information and using it for internal purposes. More information at the end of this post.
Here’s how you can do that:
1. Sign into your Google account.
2. Go to https://www.google.com/history
3. Click “remove all Web History.”
4. Click “ok.”
Note that removing your Web History also pauses it. Web History will remain off until you enable it again.
[UPDATE 2/22/2012]: Note that disabling Web History in your Google account will not prevent Google from gathering and storing this information and using it for internal purposes. It also does not change the fact that any information gathered and stored by Google could be sought by law enforcement.
With Web History enabled, Google will keep these records indefinitely; with it disabled, they will be partially anonymized after 18 months, and certain kinds of uses, including sending you customized search results, will be prevented. If you want to do more to reduce the records Google keeps, the advice in EFF’s Six Tips to Protect Your Search Privacy white paper remains relevant.
If you have several Google accounts, you will need to do this for each of them.
Extracts of EFF’s Six Tips to Protect Your Search Privacy:
1. Don’t put personally identifying information in your search terms (easy)
Don’t search for your name, address, credit card number, social security number, or other personal information. These kinds of searches can create a roadmap that leads right to your doorstep. They could also expose you to identity theft and other privacy invasions.
If you want to do a “vanity search” for your own name5 (and who isn’t a little vain these days?), be sure to follow the rest of our tips or do your search on a different computer than the one you usually use for searching.
2. Don’t use your ISP’s search engine (easy)
Because your ISP knows who you are, it will be able to link your identity to your searches. It will also be able to link all your individual search queries into a single search history. So, if you are a Comcast broadband subscriber, for instance, you should avoid using http://search.comcast.net. Similarly, if you’re an AOL member, do not use http://search.aol.com or the search box in AOL’s client software.
3. Don’t login to your search engine or related tools (intermediate)
Search engines sometimes give you the opportunity to create a personal account and login. In addition, many engines are affiliated with other services — Google with Gmail and Google Chat; MSN with Hotmail and MSN Messenger; A9 with Amazon, and so on. When you log into the search engine or one of those other services, your searches can be linked to each other and to your personal account.
So, if you have accounts with services like Google GMail or Hotmail, do not search through the corresponding search engine (Google or MSN Search, respectively), especially not while logged in.
If you must use the same company’s search engine and webmail (or other service), it will be significantly harder to protect your search privacy. You will need to do one of the following:
- Install two different web browsers to separate your search activities from your other accounts with the search provider. For example, use Mozilla Firefox for searching through Yahoo!, and Internet Explorer for Yahoo! Mail and other Yahoo! service accounts.6 You must also follow Tip 6 for at least one of the two browsers.7
- For Google and its services, you can use the Mozilla Firefox web browser and the CustomizeGoogle plugin software. Go to http://www.customizegoogle.com/ and click “Install.” Restart Firefox and then select “CustomizeGoogle Options” from the “Tools” menu. Click on the “Privacy” tab and turn on “Anonymize the Google cookie UID.” You must remember to quit your browser after using GMail and before using the Google search engine.8 In addition, be sure not to select the “remember me on this computer” option when you log into a Google service.
If you are using a browser other than Firefox, you can use the GoogleAnon bookmarklet, which you can obtain at http://www.imilly.com/google-cookie.htm. You will need to quit your browser every time you finish with a Google service. Unfortunately, we currently do not know of similar plugins for other search providers.9
4. Block “cookies” from your search engine (intermediate)
If you’ve gone through the steps above, your search history should no longer have personally identifying information all over it. However, your search engine can still link your searches together using cookies and IP addresses.10 Tip 4 will prevent tracking through cookies, while Tips 5-6 will prevent IP-based tracking. It’s best to follow Tips 3-6 together — there is less benefit in preventing your searches from being linked together in one way if they can be linked in another.
Cookies are small chunks of information that websites can put on your computer when you visit them. Among other things, cookies enable websites to link all of your visits and activities at the site. Since cookies are stored on your computer, they can let sites track you even when you are using different Internet connections in different locations. But when you use a different computer, your cookies don’t come with you.11
Use the following steps to allow only “session cookies,” and remember to quit your browser at least once a day but ideally after each visit to your search provider’s site. We recommend that you use Mozilla Firefox and apply these settings:
- From the “Tools” menu, select “Options”
- Click on “Privacy”
- Select the “Cookies” tab
- Set “Keep Cookies” to “until I close Firefox” 12
- Click on “Exceptions,” type in the domains of all of your search sites, and choose “Block” for all of them
If you use Microsoft Internet Explorer to surf the web:
- From the Internet Explorer “Tools” menu, select “Internet Options”
- Click on the “Privacy” tab and then press the “Advanced” button
- Click on “Override automatic cookie handling”
- Set both “first party” and “third party” cookies to “Block”
- Select “Always allow session cookies”
5. Vary your IP address (intermediate)
When you connect to the Internet, your ISP assigns your computer an “IP address” (for instance, EFF’s web server’s IP address is 220.127.116.11). Search providers — and other services you interact with online — can see your IP address and use that number to link together all of your searches. IP addresses are particularly sensitive because they can be directly linked to your ISP account via your ISP’s logs. Unlike cookies, your IP address does not follow your computer wherever it goes; for instance, if you use your laptop at work through AT&T, it will have a different IP address than when you use it at home through Comcast.
If your ISP gives you a changing, “dynamic” IP address,13 or you surf from an office computer that is behind the same firewall as lots of other computers, then this concern is diminished. However, if you have a dynamic IP address on a broadband connection, you will need to turn your modem off regularly to make the address change. The best way to do this is to turn your modem off when you finish with your computer for the day, and leave it off overnight.
On the other hand, if you have an unchanging, “static” IP address, you will certainly need to use anonymizing software to keep your address private; see Tip 6.
6. Use web proxies and anonymizing software like Tor (advanced)
To hide your IP address from the web sites you visit or the other computers you communicate with on the Internet, you can use other computers as proxies for your own — you send your communication to the proxy; the proxy sends it to the intended recipient; and the intended recipient responds to the proxy. Finally, the proxy relays the response back to your computer. All of this sounds complicated, and it can be, but luckily there are tools available that can do this for you fairly seamlessly.
Tor (http://www.torproject.org) is a software product that encrypts then sends your Internet traffic through a series of randomly selected computers, thus obscuring the source and route of your requests. It allows you to communicate with another computer on the Internet without that computer, the computers in the middle, or eavesdroppers knowing where or who you are. Tor is not perfect, but it would take a sophisticated surveillance effort to thwart its protections.14
You also need to make sure that your messages themselves don’t reveal who you are. Privoxy (http://www.privoxy.org) helps with this, because it strips out hidden identifying information from the messages you send to web sites. Privoxy also has the nice side benefit of blocking most advertisements and can be configured to manage cookies. (Privoxy comes bundled with Tor downloads.)
You can also use web proxies like Anonymizer’s (http://www.anonymizer.com) Anonymous Surfing. This option is more user-friendly but possibly a less effective method of anonymizing your browsing. Anonymizer routes your web surfing traffic through their own proxy server and hides your IP address from whatever web sites you visit. However, Anonymizer itself could in principle have access to your original IP address and be able to link it to the web site you visited; therefore, that service is only as secure as Anonymizer’s proxy facilities and data retention practices. While there is no reason to believe that Anonymizer looks at or reveals your information to others (we know the people currently running Anonymizer and they are good folks), there is little opportunity to verify their practices in these regards.
Using Tor and Privoxy is more secure because one untrustworthy proxy won’t compromise your search privacy. On the other hand, web proxies like Anonymizer are slightly easier to use at present.
Tor and Privoxy downloads and instructions can be found here: http://www.torproject.org/download.html.en
If you’ve implemented all six tips, congratulations — you’re now ready to search the Web safely. These steps don’t provide bulletproof protection, but they do create a strong shield against the most common and likely means of invading your privacy via your search history.