Anonymizing Google's Cookie www.iMilly.com
If you use Google, and you accept its cookie, you should give some thought to the implications, both good and potentially bad : this page tries to help you do that, together with an easy way to anonymize it without missing out on its benefits.
First the good. It's useful to you. It's how Google saves your preferences (such as language, filtering, number of results per page, etc). If, like me, you want fifty results per page (not just ten), in English only (not in languages I can't read), unfiltered for adult content (I'm not a child), then you need the Google cookie.
Now the potentially bad. You use Google a lot, right? If someone was peering over your shoulder, watching every Google search you made; making a note of what you looked for; what you found; and sometimes where you visited from the results; (and maybe every email you sent and received); and did so for years and years: they'd grow to know quite a bit about you, eh? Well, that's what the cookie allows Google to do, forever, if you don't take simple precautions. You can read more on all that below, if you like.
Here are a couple of simple, hassle-free precautions.
- Use this simple GoogleAnon bookmarklet to anonymize your Google cookie.
Right-Click Here : GoogleAnon v2 - and save as a favorite or bookmark (or drag it to your Links/Personal bar).
When you click it your Google GUID will be displayed (it's the 16 digit number after PREF=ID= ), and you will be prompted to reset the GUID to all zeroes, making you effectively anonymous to Google. Then you'll be redirected to the appropriate page to set or reset your search preferences (such as language, filtering, number of results, etc).
- Flush your cookies frequently, or every so often. Here's how for IE, Opera, Mozilla, Firefox, or use a cookie manager.
- Read the EFF's Six Tips to Protect Your Online Search Privacy
- Got any tips and tricks for using the GoogleAnon bookmarklet?
- So you're a Google-hating, cookie-hating, conspiracy nut then?
- What are cookies, and why are they both good and bad?
- Why does the Google cookie have a GUID anyway?
- What about Gmail?
- So are Google building a terrible, privacy-threatening marketing / profiling / spying database?
- Aren't Google the good guys?
- Will anonymizing the cookie block my access to Google Account services like Gmail, etc?
- But what if I want Google to remember everything I search?
- How good is the privacy afforded by this GoogleAnon bookmarklet?
- You must be a Google insider, or really clever?
- Could I use a Greasemonkey User Script to anonymize my Google cookie instead?
- Update March 07: Google announce changes to server logs retention, and July 2007 to cookie expiry dates. Yes, you still need GoogleAnon.
- Update March 08: Google are (temporarily?) blocking access to GoogleAnon'd cookies. Affected users should consider the alternatives listed below.
Got any tips and tricks for using the GoogleAnon bookmarklet?
- Which browsers?
It should work for almost all browsers, and at least IE4+, Opera, AOL, Netscape, Mozilla and Firefox.
(Opera users must Ctrl+click (or drag'n'drop) it, if you choose to turn off "reuse existing page").
- When and where to use?
Click it while still viewing a Google search page (either the main Google.com site or any of the country domains like Google.ca or Google.co.uk) : it won't work while viewing non-Google sites. Upon zeroing the cookie GUID, GoogleAnon tries to redirect you to a Google preferences page (typically www.google.com/preferences ) so that you can set or reset your prefs (or not, it's up to you). But while most Google services/domains have such a /preferences page (e.g. Images, Froogle, Local, Maps, Alerts, Catalogs, Directory, Reader, Scholar, SMS), some don't (e.g. News, Groups, Answers, Blogsearch, Labs, Mobile, Print, Gmail), and some of those may be different for country localisations (112 of them and counting), and some may change tomorrow or next month/year, and there are new services arriving all the time (e.g. Base) and/or coming out of the Labs. Keeping up with every possibility would be ... er, impossible, so while GoogleAnon tries its best to find the appropriate prefs page, it's sound practice to start from a web search page rather than one of the others. If you see a prefs error page, you can just click 'back' in the browser and/or navigate to your usual Google prefs page yourself.
- Browser settings?
- Repeat how often?
Click it again whenever you flush your cookies and thus get a new one from Google. You shouldn't need to do it more often (it's intended as a set-and-forget tool), but you can click it at anytime if you want to check you're still anonymized (i.e. that the GUID is zeroed) - then just click "Cancel" (not "OK") if you do see the 16 zeroes.
- Other cookie tools?
(Right-click and save as a favorite or bookmark (or drag to your Links/Personal bar)).
You can use these bookmarklets to see ShowCookie or delete ZapCookie any cookie set by any site you're currently viewing.
Or here's a combined one, with more prompts and feedback: ZapCookie+
And here's a very basic HelloWorld one, just to 'sanity check' browser/security settings, etc (try left-clicking it here, and/or saving it as a bookmark using right-click and/or drag'n'drop). More at Squarefree.
- November 2006: Special Edition killed by Google ;).
- March 2006: Special Edition released.
A temporary version which can be used to display Google's current experimental results format display, as reported by Philipp Lenssen via Digg (and loads of other places).
- October 2005: v2 released.
Google introduced a checksum function, which overwrites the zeroes under many circumstances. They've always done this for some of their cookies, as this analysis of Google Print's cookie describes, but the main search cookie had been immune until very recently. Google's servers compare the GUID (and some of the other cookie components) to the checksum (the s:= value) and, if they find something incompatible, overwrite the GUID. So, from Oct 05, if you still use GoogleAnon v1 it will obtain a new GUID from the Google server; but will not zero it. So Upgrade to v2 by right-click/saving the GoogleAnon button above; then use it; set your prefs; and forget :).
- March 2004: v1 released.
- So you're a Google-hating, cookie-hating, conspiracy nut then?
No, I like Google (well, I liked them more before they sold their soul for Yuan as Amnesty International describe), use it all the time and have a bunch of Google-related bookmarklets here. I allowed the Google cookie to hang around long before this anonymizing tweak came to light, and I allow all first-party session-only cookies as a matter of course (and any permanent cookies that offer some functional advantage to me). I see no point in letting in third-party cookies (i.e. advertisers' cookies, almost always) though. I have a Gmail account (though I don't use it for my mainstream email, not least because some of my non-Gmail correspondents prefer not to have 'their' emails stored and scanned by Google). But absent some strong incentive, I'd rather be largely anonymous to Google for the time being.
- What are cookies, and why are they both good and bad?
In short, a cookie is a small file containing textual information, stored on a user's hard disk by a web site server, allowing the web site to later retrieve it. Too short? Okay, better explanations here and here. Most good cookies store users' preferences and logon information, etc. Most bad cookies enable advertisers and profilers to track users' surfing, without their knowledge or (informed) consent.
- Why does the Google cookie have a GUID anyway?
One possible answer was demonstrated by the limited public testing of the current Google pages design, when those with a particular GUID saw and used the design before everyone else: so Google can customise their sites and/or results for different groups of users (design guinea pigs in this case). As one Google employee puts it :-
... we're always trying experiments for new features. Testing new features with a very small random sample of users is a good way to try out new ideas, see how users react, and get an idea of whether it's useful.
Perhaps to personalise search results in the future. Maybe for restricting access to things such as Google Print. Maybe to build a marketing profile too, perhaps tomorrow if not today; perhaps under different or public ownership, if not under its present ownership. Who knows what the future may bring?
Of course, a GUID isn't personally identifiable information in itself, and you don't generally tell Google your name, address or telephone number. But it's a key, and it links your PC (or your user profile) to everything you search at Google, for as long as you keep the same cookie. If Google one day decide to target adverts to you, based on your search interests for the past, say, five years, they don't need to know your name and address. Though if they one day join forces with, say, Doubleclick and their databases, and/or combine their Gmail and web search profiles, they probably will know far more than your name and address. If the Government one day visits your PC, makes a note of your GUID, and asks Google to provide chapter and verse on your searches (and maybe your email correspondence) for the last five years - Google will be willing, and probably able, to tell them. Or perhaps Google's database will one day leak like so many others.
Update: April 2007: Well, it looks like Google will 'join forces' with Doubleclick, by buying it lock, stock and databases for $3.1bn. To be clear, everything about Google's announcement of this takeover refers to targeted adverts, which means that Google/Doubleclick will try to track everywhere you go on the Web (not just their own Google/Gmail/Blogger/Picassa/YouTube/Docs & Spreadsheets/etc/etc sites, not just their partner sites like AOL and MySpace, not just the millions of other sites serving AdSense, but the majority of all sites serving adverts) and will try to track everything you do. And not just what you click, like on/from search pages and by clicking text ads, but also what you see, because Doubleclick's 'display' ads feed you cookies regardless. Is that a price you're happy with, merely in order to see adverts which aim specifically at you, rather than just as at every passer-by? If not, continue to block and/or frequently flush 3rd party advert/tracking cookies (you're doing that already, right?), and ...
.... use the GoogleAnon bookmarklet to anonymize that cookie and go about your business, largely anonymous to Google. Why not do that ... just in case?
- What about Gmail?
Gmail is the Google (mainly) web-based email service. Typically for Google, there are lots of good things about it, especially in comparison with the crummy offerings by Hotmail and Yahoo etc : no fees; lots of storage space; no popups; only text adverts and then only alongside the web page display; Google-powered search and topic-threading; and more.
There are significant privacy considerations with keeping all your email correspondence in one place, online, whether it be with Google or Hotmail or Yahoo or anyone. But Google's Gmail service has additional issues because the text adverts will be related to content of the emails being viewed, including emails by people who are not themselves Gmail subscribers (and who haven't had the opportunity to agree or not to the Gmail terms and contractual protections); because of the extended storage facilitated by the 1GB+ allowance; because of the potential to link all that email correspondence with your ordinary web searching, either to personalise search results, or to further refine the targeting of Google and/or Gmail adverts, or both (about which Google say "It might be really useful for us to know that information [...] I'd hate to rule anything like that out."); and because of the same issues discussed below in respect of Google's search engine services.
Brad Templeton, Chairman of the Board of the EFF, discusses the issues well here. Mark Rasch, columnist and former head of the US Justice Department's computer crime unit, tackles the common misconception that non-human scanning is not privacy invasive here and Google responds in depth here.
What Google don't currently offer is any choice about the nature and extent of such potential profiling: if you want the benefits of saved preferences, you have to accept what Google may do with your cookie GUID, in practice today and potentially in the future. Unless you take your own precautions: use the GoogleAnon bookmarklet to anonymize your Google cookie and thus divorce your web searching 'profile' from your Gmail 'profile' - become largely anonymous to Google without losing your Gmail access or login information.
- N.B. Gmail accounts are also accessible by POP3 retrieval by your local email client (e.g. Outlook Express, Outlook, Thunderbird, etc), eventually by IMAP too, and also by Atom/RSS, and with the Gmail Notifier. All such accesses will normally include your IP address, and will be logged by Google. Whilst it seems very unlikely that Google would then normally take specific steps to correlate those POP3 (etc) IP address logs with anything else (other than automated security safeguards), it would be quite possible for them (in the future, or under order of the authorities, say) to correlate them with searching IP address logs, even if the user's Google cookie was anonymised, or didn't even exist. That's unlikely to be of great concern to you unless you are also going to the trouble of masking/renewing your IP address for searching. But if so, some possible workarounds include not using such local client-based tools to access Gmail; using a remote/online POP3 collection service and/or Atom/RSS aggregation service (you'd then have to trust them, but they won't know your searching history too); and general IP-masking arrangements.
- So are Google deliberately building a terrible, privacy-threatening marketing / profiling / spying database?
No, probably not ... at least not yet. Nothing that Google does right now (search results and adverts, mostly) needs them to track and profile every cookie GUID and/or user's IP address. And they're doing spectacularly well at what they do, both in terms of customer satisfaction and making billions of dollars. I believe they use the cookie GUID for innocuous, useful and non-privacy invasive purposes, and probably have no firm plans to change. But ... it's very likely indeed that all that information is retained indefinitely (like most search engines). So that your GUID could be data-mined and linked to every search you've made, and every Google link you've clicked. And the possibility of doing more profiling with that GUID is clearly in the minds of Google's management : "It might be really useful for us to know that information [...] I'd hate to rule anything like that out" and "Google is likely to require its users to begin providing personal information to use some of its products and services, said CEO Eric Schmidt. [...] Having more personal information would enable Google to offer more useful improvements, Schmidt said. He didn't provide a timetable or specify which services might require registration".
And also from Schmidt: "We want to be able to store everybody's information all the time."
Want to hear what's possible, from the horse's mouth? John Battelle asked Google directly :-
1) "Given a list of search terms, can Google produce a list of people who searched for that term, identified by IP address and/or Google cookie value?"
2) "Given an IP address or Google cookie value, can Google produce a list of the terms searched by the user of that IP address or cookie value?"
I put these to Google. To its credit, it rapidly replied that the answer in both cases is "yes." Just FYI..
If something bad happens with that information in the future (some intrusive marketing/profiling scheme, or Government monitoring, or recipients of leaks or misappropriations, for example) it'll be too late for you to do something about it then. Why not do something now?
John Battelle describes it as the Database of Intentions :-
The Database of Intentions is simply this: The aggregate results of every search ever entered, every result list ever tendered, and every path taken as a result. It lives in many places, but three or four places in particular hold a massive amount of this data (ie MSN, Google, and Yahoo). This information represents, in aggregate form, a place holder for the intentions of humankind - a massive database of desires, needs, wants, and likes that can be discovered, subpoenaed, archived, tracked, and exploited to all sorts of ends. Such a beast has never before existed in the history of culture, but is almost guaranteed to grow exponentially from this day forward. This artefact can tell us extraordinary things about who we are and what we want as a culture. And it has the potential to be abused in equally extraordinary fashion.
And is concerned that :-
One might argue that while the PATRIOT Act is scary, in times of war citizens must always be willing to balance civil liberties with national security. Most of us might be willing to agree to such a framework in a presearch world, but the implications of such broad government authority are chilling given the world in which we now live is a world where our every digital track, once lost in the blowing dust of a presearch world, can now be tagged, recorded, and held in the amber of a perpetual index.
He also says :-
As we move our data to the servers at Amazon.com, Hotmail.com, Yahoo.com, and Gmail.com, we are making an implicit bargain, one that the public at large is either entirely content with, or, more likely, one that most have not taken much to heart.
That bargain is this: we trust you to not do evil things with our information. We trust that you will keep it secure, free from unlawful government or private search and seizure, and under our control at all times. We understand that you might use our data in aggregate to provide us better and more useful services, but we trust that you will not identify individuals personally through our data, nor use our personal data in a manner that would violate our own sense of privacy and freedom.
That’s a pretty large helping of trust we’re asking companies to ladle onto their corporate plate. And I’m not sure either we or they are entirely sure what to do with the implications of such a transfer. Just thinking about these implications makes a reasonable person’s head hurt.
It sure does. Try using GoogleAnon and an aspirin for a little pain relief, while you wrestle with the wider implications ;)
Niall Kennedy (ex-)of MS Windows Live calls it Google's "total information awareness potential" :-
Google is gathering as much information as possible about our online activities [...] future products might include data gathering and targeting as a primary business goal [...]. Google is already well on its way to building an information awareness network on its own sites as well as the sites of hundreds of thousands of willing webmasters and millions of desktop clients. What is the current state of Google's information network? [...] track and analyze every web search query, news request, and television or video browsing. Google Alerts [...] Every e-mail sent, received, or drafted in Gmail or every instant message or voice conversation delivered through Google Talk [...] Social networking services such as Orkut [...] Google Analytics and AdSense tracks your movement on every site with the service enabled, creating a behavioural profile. [...] Google Toolbar picks up every site you visit [...] an Internet service provider blanketing entire cities with free wireless access [...] route all your traffic through Google Secure Access [...] Google Desktop will index all of your files and connect to the central database once you connect to the grid [...].
All that is missing right now is all these different data collection tools talking to each other to create one large profile per user. [...] Google has the ability to silently deploy cross pollination of its advertising platforms across a multitude of services whenever it would like to flip the switch.
Scientia est potentia. Knowledge is power.
And Lauren Weinstein put it like this :-
Google has created a growing information repository of a sort that CIA and NSA (and the old KGB) would probably envy and covet in no uncertain terms -- and Google's data is virtually without outside oversight or regulation.
Google has become the smiling 800-pound gorilla of the Internet. They've done this with the help of a somewhat fanatical following who just can't imagine that someday Google might do (or be *compelled* to do) something nasty with all that data they have salted away.
What makes this all the more difficult is that their services are so good, and that there is no reason to suspect at this point that Google has evil intentions. But rosy motives don't provide immunity from what has repeatedly been revealed to be Google's naive world view (particularly toward privacy and some would argue copyright issues) and the ways in which their vast machine could someday become an instrument of genuine repression despite Google's best intentions today.
Something to think about, at least..
Unfortunately, inevitably, the database is preceding the legal and social framework to govern it and to tie its privacy implications to our informed consent. Until that day comes (if it ever does), just use the GoogleAnon bookmarklet to anonymize that cookie and go about your business, largely anonymous to Google. Why not do that ... just in case?
Then there's the security implications: today Google seem unlikely to sell or leak or give away their databases in bulk, as many others have done. Tomorrow, or in ten years time (including data collected today), who can say? And Google are far from a paragon of good security and/or safe coding: there have been many instances of security holes in Google products and services, which enabled the potential theft or leakage of our private information. If there's a pattern to such breaches, it's that Google often release products/services first, and worry about properly securing them later.
And that's before we talk about outright stupidity or unthinking negligence or tunnel vision or leaks or misappropriations of that data. What some (human, fallible) people at AOL did today (see "AOL Proudly Releases Massive Amounts of Private Data"), some (human, fallible) people at Google (or Google's successors in title) might do tomorrow. Do you want so many of your eggs in one basket? Why not anonymize them a little?
- Aren't Google the good guys?
Mostly they are, yes. To an amazing degree, I think, bearing in mind the power and influence they've accumulated. They seem to suck far less than any company of comparable status. But ... they aren't saints, and there are a number of things Google do which appear to me to be less than ideal, and/or which warrant a watchful eye :-
- Google use never-expiring cookies (well, until 2036 or 2038, that date being the maximum they can store, a quirk of old Unix systems). Presumably because it's easier than refreshing them periodically, but they don't explain why. They don't really obtain informed consent when users opt for them. It's a minor issue, unless linked to a cookie GUID, which enables a lasting profile to be built and maintained. But ...
- ... they do include a GUID, which isn't needed to save each users preferences, and don't explain why (in anything other than the vaguest terms). They don't really obtain informed consent when users opt for them.
- For those who use either cookies or the Toolbar or Deskbar, Google record at least a GUID, IP, date, time and search terms. The result is potentially one of the best profiling databases in existence. It appears Google don't abuse it at the moment, and may hardly use it beyond improving the search results they deliver. But Google aren't just a search engine, they are a huge Internet advertising broker, with annual sales of billions of dollars. Ethics (or respect for individuals' privacy) and advertising rarely co-exist well. And Google are a library, of sorts: de facto the world's virtual library.
What about in the future (now that Google has gone public, and has to consider short term market pressures)? If MSN and/or Yahoo/Overture (kings of the pay-for-placement subversion of search engine results) buy them out (yikes)?
What about when the US Government decides it needs unfettered access to that database in the interests of Homeland Security (if it doesn't already)? Or some other authority, or some third party involved in litigation?
Google doesn't have a data retention policy, it simply appears to store everything it records, forever. (See dubious updates here).
Compare and contrast that stance with the American Library Association, which, horrified by the ramifications of the USA PATRIOT Act, and following the widespread shredding of member records by individual libraries (records of who checked out which books, made which Internet searches: you know - like Google), adopted a resolution which, amongst other precautions, urges all libraries to implement data non-retention policies. Here are some extracts :-
WHEREAS, Libraries are a critical force for promoting the free flow and unimpeded distribution of knowledge and information for individuals, institutions, and communities; and [...]
WHEREAS, Privacy is essential to the exercise of free speech, free thought, and free association; and, in a library, the subject of users' interests should not be examined or scrutinized by others; and [...]
WHEREAS, The USA PATRIOT Act and other recently enacted laws, regulations, and guidelines increase the likelihood that the activities of library users, including their use of computers to browse the Web or access e-mail, may be under government surveillance without their knowledge or consent; now, therefore, be it [...]
RESOLVED, That the American Library Association considers sections of the USA PATRIOT Act are a present danger to the constitutional rights and privacy rights of library users and urges the United States Congress to:
And from An Interpretation of the Library Bill of Rights :-
In a library (physical or virtual), the right to privacy is the right to open inquiry without having the subject of one’s interest examined or scrutinized by others. Confidentiality exists when a library is in possession of personally identifiable information about users and keeps that information private on their behalf. [...]
[...] All users have a right to be free from any unreasonable intrusion into or surveillance of their lawful library use.
Users have the right to be informed what policies and procedures govern the amount and retention of personally identifiable information, why that information is necessary for the library, and what the user can do to maintain his or her privacy. [...]
Existing ALA Policy asserts, in part, that: “The government’s interest in library use reflects a dangerous and fallacious equation of what a person reads with what that person believes or how that person is likely to behave. Such a presumption can and does threaten the freedom of access to information.” Policy Concerning Confidentiality of Personally Identifiable Information about Library Users
If the American Library Association cares about your privacy in that way, shouldn't Google? Shouldn't you? You could just use the GoogleAnon bookmarklet to anonymize that cookie and go about your business, largely anonymous to Google. Why not do that ... just in case?
- The Google Toolbar. These are minor points, I think, but, for example, it auto-updates without informing the user, or seeking any other permission (other than the original take-it-or-leave-it EULA, though the information is available elsewhere, if you already know to hunt it out). For a long time it has included the structure for a distributed computing module, needing nothing more than flipping a reg key to activate. The user has to agree, and press a button, to activate it - but we don't get asked, or even told, whether we want that functionality included from the outset. Not even within the original EULA. (Check to see if you have a C:\Program Files\GoogleDCC folder? That's only related to the distributed computing module: are you surprised to see it?). It's uncomfortably close to what KaZaA did: the difference being mainly the perceived (and thus far deserved) 'goodness' of Google vs. KaZaA. They built it in, why shouldn't they say it's built in? Maybe there's something else built in, ready and waiting these days too, who knows? (They finally dropped the distributed computing module with v.3).
- The PageRank and other search algorithms system effectively dominates great swathes of, maybe most, internet traffic. It's completely unaccountable to the sites it lists and to the public it serves. It's great that it's not in thrall to advertisers or to overt political will. But all that social/commercial/political power in the hands of a single, unaccountable commercial company? Hmm. Calls for more than blind faith in past/present good behaviour, I think.
- Their censorship policies regarding their very cool AdWords system are less than ideal too. AdWords can be, and are, a vehicle for free speech too - made so because Google make them so accessible and affordable to so many people and organisations. People can and do use them to promote ideas, as well as products. Given those circumstances, I wish Google were more careful about denying access, and about how they wield control of that access to effect modification or censorship of web site content. Rather more careful than they appear to be, at least until persistently challenged, perhaps. The extracts below are meant to be tasters, not balanced representation of the whole story (for which you'll need, at least, to read the linked pages) ...
"We will allow analytical arguments to run advertisements, however, these arguments must not be emotional arguments. They must show both sides of the argument even if they support one side more heavily. Please edit your ad text and site accordingly." [Link]
"If you think the creep of invisible censorship won't affect you, think again. The private control of so many of the tools of communication has made insidious forms of censorship commonplace. Just this week Google took exception to me expressing my personal opinion about a news event and suspended my ad campaign on their site." [Link]
"The world according to Google: If you don't have something nice to say, don't say anything at all. This is the tyranny of the unimaginative. And it should make the weblogging world nervous. Expressing a personal opinion on a personal site about a well-publicized news event or public figure can be grounds for rejection from Google's advertising programs." [Link]
"I still think Google's policy of not allowing political advocacy ads is misguided, impossible to administer with any kind of fairness, and a scary step toward restricting the free marketplace of ideas. I hope they will consider revisiting it soon. But in the meantime, it's important -- even for me -- not to forget that Google is the only major search engine which hasn't completely sold out to corporate interests." [Link]
- It's not as if they are exactly stalwarts against external censorship or influence either. Sure they say they (and generally do) only rank what's there, not judge. But under pressure they make some wobbly decisions about pulling content. Most especially in the localised versions - google.de and google.fr users are denied access to sites which most US users would defend as entitled to their free speech. Sometimes Google don't list them as blocked, nor notify anyone, least of all users. They just disappear them from the Google radar.
And Google actively collaborate with China over their wholesale censorship of parts of the web. As Philipp Lenssen 's biting commentary observes ...
"Google now works together with the Chinese government in censoring the web for Chinese users. [...] Yes, Google argues their decision is the lesser of two evils... yes, China is taking off fast, and Google wants a piece of the huge market... and yes, there won’t be more Google results when Google is banned completely itself. So, Google, if everything is shiny and happy in the Googleplex, please hand over the list of banned words or sites for every country. It’s a gray zone for sure, so we need transparency. Put that list on a public server in the US, where freedom of speech prevails. And please, offer every other country in the world never-mind its economic size or internet market share an easy way to ban their own things too in Google. Now that you’ve set the moral precedent, that would only be fair, and algorithmically balanced, wouldn’t it? It would prove that you’re not changing your morals depending on the size of a market, and it would allow every dictator, every repressive regime, and every government restricting human rights to work with you. Your market share would be growing even more, and by your argument, you’d be making positive contributions at the same time." [Link]
- As a US company, they don't have much choice but to bend over for the DMCA, I suppose. But what happens when the US Government pressures them to do something even more unpalatable. Publicised examples of Google caving under pressure outnumber then standing up to it (except when their commercial interests are at stake) ...
"Be careful what you put in that Google search. The government may now spy on web surfing of innocent Americans, including terms entered into search engines, by merely telling a judge anywhere in the U.S. that the spying could lead to information that is "relevant" to an ongoing criminal investigation. The person spied on does not have to be the target of the investigation. This application must be granted and the government is not obligated to report to the court or tell the person spied upon what it has done." [Link]
Perhaps Google (unlike some other search engines, reportedly) will be willing and able to stand up to some pressures, sometimes (perhaps for self-serving reasons) ...
The [Government] asked a federal judge to order Google Inc. to turn over a broad range of material from its closely guarded databases. [...] The government contends it needs the Google data to determine how often pornography shows up in online searches.
In court papers filed in U.S. District Court in San Jose, Justice Department lawyers revealed that Google has refused to comply with a subpoena issued last year for the records, which include a request for one million random Web addresses and records of all Google searches from any one-week period.
[Google] opposes releasing the information on a variety of grounds, saying it would violate the privacy rights of its users and reveal company trade secrets, according to court documents. Nicole Wong, an associate general counsel for Google, said the company will fight the government's effort ``vigorously.'' ``Google is not a party to this lawsuit, and the demand for the information is overreaching,'' Wong said. [...] The government indicated that other, unspecified search engines have agreed to release the information, but not Google. [...] [Link]
But if Google loses that "vigorous" fight? Or if the next subpoena is less "overreaching", in (only) Google's opinion? Maybe that has already happened, perhaps many times? Honestly, I'd be amazed if it hadn't. How about you? And how about this type of misappropriation? :-
The Electronic Frontier Foundation (EFF) is calling for Congress to hold aggressive hearings on the FBI's domestic intelligence authority after the release of a Justice Department report showing the Bureau abusing its power to collect telephone, Internet, financial, credit, and other personal records about Americans without judicial approval. [...]
In the report, the Justice Department's inspector general identifies four dozen instances in which demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations. The report also found that the Bureau lied to Congress about its use of the letters. [...]
Today's report follows the inspector general's findings last year that the Bureau had disclosed more than 100 instances of possible intelligence misconduct to the Intelligence Oversight Board in the preceding two years, a number of which were "significant." [...]
- Google Video uses a propriety media player, and propriety Digital Rights Management (DRM) system, and compulsory auto-update system, which not only suck in their own right, but because of their market power and leadership have "the potential to drastically re-shape the contours of copyright law, turning a few entertainment companies' wishful thinking about the way that copyright would work if they were running the show into de facto laws". Cory Doctorow puts it this way :-
Some examples of user-rights that Google Video DRM takes away: Under US copyright law, once you buy a video, you acquire a number of rights to it, including the right to re-sell it, loan it to a friend, donate it to your kid's school and so on. But with Google Video DRM, none of this is possible: your video is locked to your account and player. Educators, archivists, academics, parodists and others have the right to excerpt, copy, archive and use any video in their work, under the US doctrine of fair use. However, Google's DRM tool stops them from doing this, and Google's video can't be played on anyone else's tool. [...]
Google DRM player can be "revoked" -- field updated without user permission or intervention. [...] Where auto-update prevails, the possibility for abuse is dramatic [...] Google DRM auto-updating raises the possibility [...] to "update" the software in a way that changes what few rights Google does give you when you buy your movies from them. [...] With Google DRM, auto-update means that it's never really yours. Third parties always have the possibility of taking away the rights you bought, after you bought them. [...]
[...] After all, if you buy or download a tool that lets you enjoy your lawfully acquired movies in a lawful way, what business does Google have in reaching into your computer to take that away from you? [Link]
- Will anonymizing the cookie block my access to Google Account services like Gmail, Google Answers, Google Web APIs, Google Groups posting, My Search History?
No! Google Account services require you to register, and offer to store your login information within your permanent cookie, thus linking your GUID to your account information. But it doesn't need the GUID, and your login information will still work even if you use the GoogleAnon bookmarklet to set the GUID to all zeroes and become largely anonymous [i]. So using the GoogleAnon bookmarklet to anonymize your Google cookie will divorce your web searching 'profile' from your Google account 'profile'[ii], without losing your Google account access or login information. Remember too, that you can have as many different Google accounts as you like, so even if you like having access to some or all of those services, you can still discombobulate your uber-profile.
- Sometimes you'll need a non-anonymized GUID if you check the "Remember me on this computer" box when you logon. If you check that setting, for some services the Google server will use a checksum to reset your zeroes to something unique (you should try with and without, to see if the modest functionality enhancements are worth it for you).
- A note about session cookies: when you log into Gmail (or many other Google Account services) a bunch of session cookies will be set, to help maintain your 'state' while using those services. Ideally, when logging out, those session cookies should be deleted by the Google server, but often some are not (those unrelated to the security of the account, typically) because they will be deleted by the browser when it closes anyway.
Whilst those session cookie 'tokens' won't be unique, they are still sent to Google as part of the normal cookie 'handshake', and could be backtraced from the Google server logs to show that, say, the same user who logged out of a Gmail account ten minutes ago, is now conducting a search for [something private]. It's very unlikely that Google is actually correlating post-logout session cookie tokens for any reason, because it would be such arbitrary and ephemeral data - but it is theoretically possible.
Since those (same-browser-session, but post-Account-logout) searches will likely also carry the same IP address as the logged out Gmail user, that's unlikely to be of great concern to you unless you are also going to the trouble of masking/renewing your IP address. But if you wish, you could make sure you flush the session cookies immediately after logging out of Gmail or other Account services. The easiest way to do that is to close and reopen your browser. Alternatively, Opera and Firefox (not IE) have easy settings to get access to and delete session cookies. Or use the ZapCookie bookmarklet immediately after logging out, to immediately delete all Google cookies, then click GoogleAnon again, and reset your prefs (if any).
But it is possible for some services to be slightly affected. For example, in the new style Google Groups, you may see a list of "Recently visited" groups on the left hand pane. Normally they'd be the groups that you had visited, but if you've anonymized your Google cookie, they may be groups visited by other people using the same zeroed cookie ID number.
Or if you browse a book at Google Print, and if someone else has been browsing the same book in the last 24 hours (quite a coincidence), you might find that the content viewing limits have already been reached, or will be reached sooner than otherwise, and you might have to wait 24 hours to read some more. You can read Greg Duffy's interesting analysis and hacking of the Google Print cookie system for more details of this wrinkle. Note also that using the GoogleAnon bookmarklet will attract a reset of the date of the cookie next time it is read by Google, (because the checksum will be incorrect: so the server will generate a new date and checksum). Your anonymous ID will not be overwritten, but if you've used GoogleAnon and visited Google within the last 24 hours, the 'Search within this book' feature may be missing, even if another zeroed cookie user hasn't browsed the same book (but you'll still be able to browse pages/snippets yourself, until you reach the normal content viewing limits).
Also note that while Google promise not to associate your Google Print reading habits "with personally identifiable information about you, such as your name or address", they don't promise not to associate it with any profile they've built up with your GUID, and perhaps other means, which aren't "personally identifiable" but may still be unwelcome to you (now, or one day).
- But what if I want Google to remember everything I search?
Or you might also like to use Patriot Search :)
- How good is the privacy or anonymity afforded by this GoogleAnon Bookmarklet?
Pretty good, only. It'll remove the GUID from cookie, and therefore from any information Google collects as you interact with it. For many people that will be enough to completely avoid the possibility of Google building up a cohesive profile about 'them'. But if you use the Google Toolbar or Deskbar or My Search History or any of their Account services, you may be allowing the possibility of a more cohesive profile. And your IP address, especially a permanent one, can be personally identifying under some circumstances. If you really want to be anonymous, you'll need to work much harder. The EFF's Six Tips to Protect Your Online Search Privacy is a great place to start.
- You must be a Google insider, or really clever?
Neither, alas. I heard about using a cookie GUID to latch on to a Google design limited release[i] from Jesse Ruderman's terrific site/blog, and slightly adapted this Bookmarklet to suit this anonymizing tweak. I have some basic Bookmarklets here, but Jesse Ruderman really knows about Bookmarklets and much more. Thanks Jesse (for this one, and others I use every day). And thanks also to Sam Schinke for the regex tweak to encompass the Google country-specific domains too, and for much help in coping with the server check in v2.
[i] As it was then: now it's the design everyone sees. By the way, if you're nostalgic about Google's previous design (you know, the one with the blue and white tabs; when Froogle and Local and News hadn't yet escaped from the Labs; before they enhanced/broke (according to taste) Google Groups),
you can have it back! Just go to Preferences and from Interface Language select "Bork, bork bork!" from the pulldown list. Update: sorry, Google have now plugged that little human quirk :( . Ah yes, Bork ... well, retro design comes at a small usability price for anyone not a Swedish chef ;). And no, Elmer Fudd, Klingon or Pig Latin won't do the same trick.
- Could I use a Greasemonkey User Script to anonymize my Google cookie instead?
Of course, User Scripts can do anything, whilst making you a cuppa at the same time. Ed Heil wrote a GreaseMonkey User Script and added it to the central Script Directory, amongst lots of other Google and other scripts. And CustomizeGoogle have one amongst many user-selectable components within their combined script. Please note that both work in slightly different ways to the bookmarklet, and to each other: so read the accompanying documentation and discussions to see how they'll suit you. Both are designed for Firefox, so you'll need to test for yourself whether they work as User Scripts for Opera or User Scripts for Internet Explorer. But take care, GreaseMonkey User Scripts can be dangerous too!
- In March 2007, as a direct result of the number of GoogleAnon users appearing as zeroes in their logs (okay, just kidding about that bit ;), Google announced their intention to anonymize some of their server logs after a (yet-to-be-decided) retention period of 18-24 months, at some point in the future ("hope to be able to do this by the end of 2007"), by changing "some of the bits in the IP address in the logs as well as change the cookie information", er, "unless legally required to retain the data for longer". More information in their FAQ [PDF], though it's a masterpiece of vagueness.
Does that (future, intended) change render GoogleAnon unnecessary? No, certainly not. Retaining unique cookie GUIDs even for 'only' 18-24 months (or longer if required by law, or by mistake or leak) may or may not be useful for Google and/or the authorities (and/or recipients of leaks or misappropriations of that data), but it certainly isn't useful for you. Why not use GoogleAnon to reduce some of that retention period to zero? (But remember that GoogleAnon can only tackle the cookie GUID, not your IP address nor Google Account Services).
In July 2007 Google, in a duplicitous piece of sleight-of-hand, announced their decision to "start issuing our users cookies that will be set to auto-expire after 2 years while auto-renewing the cookies of active users during this time period". So if you visit Google more frequently than every two years (er, that's just about everyone), your cookie will still remain forever. And, after continuing public and EU pressure, announced in September 2008 that it intended reducing the retention period for certain cookie data to 9 months. But as Chris Soghoian at CNET dissected :-
Google has now revealed that it will change "some" of the bits of the IP address after 9 months, but less than the eight bits that it masks after the full 18 months. Thus, instead of Google's customers being able to hide among 254 other Internet users, perhaps they'll be able to hide among 64, or 127 other possible IP addresses.
By itself, this is a laughable level of anonymity. However, it gets worse.
First, remember that Google will not delete or anonymize user cookies from the logs when it slightly smudges IP addresses after nine months. Second, remember that as long as you use a Google Web property at least once every two years, the company will maintain a unique identifiable cookie value within your Web browser. [...]
The simple truth is that any IP anonymization technique, no matter how strong or weak, is simply a waste of time, if cookie values are not also anonymized.
Unfortunately, Google is relying on the fact that the mainstream media (I'm looking at you New York Times and Washington Post) are clueless on these issues, as well as seemingly most of the technology press. Google's new anonymization policy is totally worthless, and the company deserves to be called out for its deception.
- Google are (sporadically?) blocking access for some GoogleAnon cookies. Are you seeing this page ...
"We're sorry ... but your query looks similar to automated requests from a computer virus or spyware application. To protect our users, we can't process your request right now"
... or one like it? In March 2008 Google started treating GoogleAnon'd cookies (i.e. with all zero GUIDs) as suspicious, and began blocking access with that '403 Forbidden' page. It's not yet clear whether this is a temporary or sporadic block. (It may either be related, or coincidental, to a tightening of Google's anti-'funny business' filters as a result of a widespread SEO 'gaming' of search engines using iFrames on XSS-vulnerable sites). I'm afraid there's no way around that block while keeping a GoogleAnon'd (all-zeroed) cookie, if it's happening for you.
From early September 2008 the zeroed PREF=ID= GUID no longer seemed to trigger the block, for many people. But ... Google added two(!) new GUIDs in their cookies: NID=14=[129 characters] and SNID=14=[58-60 characters]. It's not yet clear what these are for, or represent (nor whether they're part of Google's preparations for deceptively shorter cookie lives).. But they are unique, persistent across sessions, and currently dated to expire (like the whole cookie) in 24 months time. And therefore just as much as a GUID as the PREF=ID= number. For the moment, these seem to be resistant to one-off tampering/anonymisation :( .
Alternatives fall into two types: automatic or manual.
Automatic solutions ...
... require a script to alter the Google cookie on each page load, so that every page receives a cookie with different GUID.
Browser proxies like Proxomitron have filters available to anonymise the Google cookie, and much more.
For browser-specific tools, there are many such scripts/extensions available, including different versions of CustomizeGoogle (which includes a form of cookie anonymisation amongst many other options) for Internet Explorer, Opera or Firefox.
Manual solutions ...
... include flushing or zapping your cookies frequently; or setting your browser to flush Google's cookies on closure.
For a way to retain your preferences (such as language, filtering, number of results per page, etc) without keeping or allowing any Google cookie, consider using these techniques :-
Browser search fields
- Do a Google search (from a Google page, or a browser search field or toolbar, etc) for
- Click the Preferences link beside the search box; set them how you wish; and click the Save Preferences button
- When Google then auto-redirects you to the previous search page, click the Advanced Search link beside the search box.
- Now create a Browser Search by right-clicking in the first search box on that Advanced Search page, and :-
Opera users : Select "Create search". (You can subsequently edit the search URL, if you like, using Preferences/Search/Edit )
IE7 users : can do the same after just a few more steps, by following the "Create Your Own" instructions here , using a suitable search URL as described in the Bookmarklet section below , e.g.
Firefox users : can create a Bookmark Keyword by right-clicking and selecting "Add a Keyword for this Search". Or a proper Search Bar entry by first installing the Add to Search Bar add-on (or similar) and then right-clicking and selecting "Add to Search Bar...". Or by first installing the Web Search Pro add-on (or similar), and using its "Add a private engine" setting to add a suitable search URL as described in the Bookmarklet section below , e.g.
Or consider editing or creating your inbuilt plugin, or one from Mycroft.
Now all searches made using that browser Search field (or using a Bookmark Keyword) will include all your prefs as part of the URL. A little messy (if messy URLs happen to bother you), but effective. You can do the same for other Google searches (like Images, News, Maps, etc). Don't forget to block or flush the Google cookies too.
If you use Google search Bookmarklets (such as my examples) rather than a web page or browser/toolbar search field, you can edit the bookmarklet code to include your preferences too.
First install a Google search Bookmarklet as detailed here; then follow items i., ii. and iii. shown immediately above; then copy the page's URL from your browser address bar. It might be something like this (though your own will be different depending on your browser, language, location, choices made, etc) :-
Now edit (by right-click/Properties in most browsers) your Bookmarklet's code (visible in the field called Location or Address or URL). A typical Google Bookmarklet's code might look like this (I've highlighted the relevant parts in red) :-
Edit your Bookmarklet (by pasting the highlighted section from your copied advanced search URL before the
q, then typing an extra
q) so that it now looks something like :-
" + escape(q).replace(/ /g, "+"); void 0
Then save the edited Bookmarklet. Now all searches made using that Bookmarklet will include all your prefs as part of the URL. A little messy (if messy URLs happen to bother you), but effective. You can do the same for other Google searches (like Images, News, Maps, etc). Don't forget to block or flush the Google cookies too. If you want to get creative with the search parameters, then a pretty good list is maintained here.
Here are two 'before and after' Bookmarklets for ease of references :-
Google Web Search
Searches the Web using Google.
Searches the Web using Google
(with some Preferences set).
You can try them first from here if you like: just left-click the links and and enter search word(s) in the dialog box that pops up. See how the resultant Google pages and URLs are different? To save them, right-click (or drag and drop) and add it to your Favorites or Bookmarks (or Links or Personal Bar or Taskbar Toolbar or ... ). Fuller instructions and problem-solving here.
Bookmarks / Favorites
Or you could also just create a (non-Bookmarklet) Favorite or Bookmark for your preferred Google pages, e.g. if you have Google as your browser's Start Page, or just as links on your Links or Personal Bar. First, follow items i., ii. and iii. shown immediately above to create a URL containing your preferences, then append an extra trailing
%20which tricks Google into keeping the preferences in the URL for bookmarks/favorites. For example :-
You can change
webhpfor (the main Google Home Page) :-
Any subsequent searches made in the search boxes will now also keep the preferences. Of course you can also change the country domains, Google service, etc.