Please support our Tech Talk advertiser:
Featured Entry 
Sep 8th, 2006, 10:02 am
This is, I would suggest, perhaps the biggest privacy issue of the day. I have lost count of the number of press releases, leads, emails and telephone calls that have come my way this year regarding how search engines treat the data you enter when performing a search. Be it the act of serving up contextual advertising, through to archiving of search strings (and requests for access to those archives from law enforcement agencies) and even ‘accidental’ publishing of research databases such as the recent AOL debacle. Although there is some merit in the argument that if you are not searching for anything illegal then you have nothing to worry about, there is much more merit in the ‘what has it got to do with anyone else’ one.
A couple of press releases have recently spurred my interest in the debate, because they offer potential solutions to the problem rather than just endless debate. First up was the missive from the people behind Ixquick. A metasearch engine that has announced, as from July in fact, it will permanently delete all personal search details gleaned about users from the log files. This is actually rather a neat solution because you still get to search some of the most popular engines, including Yahoo!, MSN, Ask Jeeves and Wikipedia (although not Google) but without any of the inherent privacy risks you might otherwise encounter. Whereas search engines routinely register everything from a date and timestamp of your search, keywords used, sites visited from results and even your IP address (making it quite easy to associate the search with the computer or household performing it), and because any such archive of data is hugely interesting to the bad guys and the government, it is always going to be vulnerable. Ixquick adopts a rather sensible approach of if the data is not stored, users privacy can’t be breached. By deleting both users' IP addresses and 'unique user IDs' from its own logs, and promising never to release any such information to the engines it is searching, Ixquick hopes to ensure complete end user privacy.
Meanwhile, the Electronic Frontier Foundation (EFF) has published a set of guidelines entitled How To Keep Your Search History Private which should help whichever engine you use:
The first, personally identifying information, or PII as it is increasingly referred to in IT security circles, can often be hard to follow because many end users don’t fully appreciate what is or isn’t covered, so here’s my quick and dirty guide.
Of course, you should bear in mind that even the data that isn’t considered to be PII alone can become such when multiple pieces are joined together. You only have to think of any good detective drama to understand how and why this works.
Finally, if you don’t think that it matters who knows what you search for, consider this extract pieced together by looking for the search strings from just a single user ID within the mistakenly published AOL search database. Then tell me if you’d really want your family, work colleagues or the church, by the looks of it, to know that this was you:
A couple of press releases have recently spurred my interest in the debate, because they offer potential solutions to the problem rather than just endless debate. First up was the missive from the people behind Ixquick. A metasearch engine that has announced, as from July in fact, it will permanently delete all personal search details gleaned about users from the log files. This is actually rather a neat solution because you still get to search some of the most popular engines, including Yahoo!, MSN, Ask Jeeves and Wikipedia (although not Google) but without any of the inherent privacy risks you might otherwise encounter. Whereas search engines routinely register everything from a date and timestamp of your search, keywords used, sites visited from results and even your IP address (making it quite easy to associate the search with the computer or household performing it), and because any such archive of data is hugely interesting to the bad guys and the government, it is always going to be vulnerable. Ixquick adopts a rather sensible approach of if the data is not stored, users privacy can’t be breached. By deleting both users' IP addresses and 'unique user IDs' from its own logs, and promising never to release any such information to the engines it is searching, Ixquick hopes to ensure complete end user privacy.
Meanwhile, the Electronic Frontier Foundation (EFF) has published a set of guidelines entitled How To Keep Your Search History Private which should help whichever engine you use:
- Don't put personally-identifying information in your searches
- Don't use a search engine operated by your ISP
- Don't log in to a search engine account
- Don't accept cookies from your search engine
- Use a separate browser or browser profile for search and for other activities
- Use an anonymizing proxy, or proxy network, to prevent search engines learning your IP address
The first, personally identifying information, or PII as it is increasingly referred to in IT security circles, can often be hard to follow because many end users don’t fully appreciate what is or isn’t covered, so here’s my quick and dirty guide.
- Full name is not PII if both are common, but is if either is uncommon.
- Country, State, City are not PII, but your street address is.
- Age, Gender, Race are not PII but a social security or other identifying number is.
- Your salary, job description, workplace are not PII, but your telephone number and email address always are.
- The make of car you drive isn’t PII, but the registration number and your driver’s license number are.
- Your bank name is not PII, your credit card number is.
Of course, you should bear in mind that even the data that isn’t considered to be PII alone can become such when multiple pieces are joined together. You only have to think of any good detective drama to understand how and why this works.
Finally, if you don’t think that it matters who knows what you search for, consider this extract pieced together by looking for the search strings from just a single user ID within the mistakenly published AOL search database. Then tell me if you’d really want your family, work colleagues or the church, by the looks of it, to know that this was you:
- bank robber hide-outs
- male sissy panty stories
- big bosom mothers
- sissy nightgown training
- tight laced girdles
- baptist church directory
- old curvy women
- independent baptist church directory
- baptist college directory
- adult diaper parties
- husbands that are sissy
- very large bosoms
- how to make gun silencers
This blog entry was written by Davey Winder, staff writer aka happygeek. It has received 2,440 views, 0 comments, and 24 linkbacks. 1 voter has rated this entry 5 out of 5 stars. It was promoted to featured status Sep 8th, 2006.
•
•
•
•
advertising advice antivirus apple botnet browser business crime daniweb data development dns email encryption exploit facebook firefox forensic google government hacker hacking help internet iphone linux malware marketing mcafee microsoft mobile news phishing privacy report research search security spam spyware terrorism trojan uk virus vista web windows worm yahoo youtube
All Recent Tags Post Comment
•
•
•
•
Only community members can start a blog or comment on blog entries. You must register or log in to contribute.
•
•
•
•
•
•
•
•
DaniWeb Tech Talk Marketplace
Related Blog Entries
- Google gives users an insight into search (1 Day Ago)
- Apple fixes iPhone 2.0.1 software to break Pwnage tool (2 Days Ago)
- An Eventful Week for Apple, iPhone (4 Days Ago)
- Faster Firewire, Faster! (5 Days Ago)
- Amazon sells 240,000 Kindles (5 Days Ago)
- Parents have no idea what kids are doing online - shock horror (6 Days Ago)
- The "Mojave Experiment" - My "Microsoft Experience" (7 Days Ago)
- HD Moore gets owned (8 Days Ago)
- Google and Cuil search giants go head to head in DaniWeb testing (10 Days Ago)
- Crystal Ball Sunday #9: Intelligent Control (11 Days Ago)
Related Forum Threads
- best ways to advertise a forum (Growing an Online Community)
- iterator based search algorithm help (C++)
- AdWords - driving up PPC cost? (Promotion and Marketing Plans)
- Code Snippet Size (DaniWeb Community Feedback)
- Subfolder Search Loop (Visual Basic 4 / 5 / 6)
- How long is too long? (Promotion and Marketing Plans)
- Anyone tried webaccelerator.google.com? (Search Engine Optimization)
- I need help with a basic issus i am sure all of you know ! (Computer Science and Software Design)
- I need help with a basic issus i am sure all of you know ! (Web Browsers)
