Privacy Watch: How Much Does Google Know About You?

Want to know what's going on in someone's mind? Look at the words they enter in their favorite search engine. Fortunately, that information is private, right? Maybe not.

If you use Google, for instance, and are not blocking cookies, the search engine likely has placed a cookie on your system that won't expire until 2038. That cookie lets Google track what you searched for, when you conducted the search, and which results you clicked. The cookie doesn't identify you by name, but it does identify you by your system's information and IP address.

This is what the U.S. government was after when it subpoenaed Google for search records of millions of random users to establish the need for a federal online pornography law. The company was fighting the subpoena as this article went to press, but AOL, MSN, and Yahoo have already given the government at least some of the kinds of data it wants.

The case highlights the sensitivity of search records in general, and Google's in particular. The company's position at the top of the search engine food chain means that its archives could contain years of detailed logs on what millions of users search for and where they surf. (Google has not said how long it keeps such records and didn't respond to our requests for information on the subject.)

Fortunately, there are well-established ways to rid your PC of tracking cookies, either using your browser or one of many third-party antispyware and system cleanup utilities. For detailed instructions on cleansing private information from your browser, see this month's Internet Tips.

But ending the privacy threat that cookies pose requires action by Web sites as well as by individuals. As storage gets cheaper, system administrators at commercial sites tend to log everything and keep the data as long as possible, broadening the window for misuse. At last December's Usenix Large Installation System Administration conference, an Electronic Frontier Foundation attorney recommended that administrators keep only the logs they need, and destroy the rest.

If Google truly wishes to live up to its corporate motto--"Don't Be Evil"--the company should be selective about the logs that it keeps, and should chuck everything else.

Andrew Brandt

Andrew Brandt is a senior associate editor for PC World. E-mail him at privacywatch@pcworld.com.

Subscribe to the Security Watch Newsletter

Comments