Search Privacy: An Issue?, Part 1

Some scary statements have been made about the privacy of search requests. You may have heard Google was nominated for a Big Brother Award award. You may also have read Google knows everything you ever searched for. Should you be afraid? Is it time to boycott Google, as blogger Gavin Sheridan called for?

Relax. Yes, there are privacy issues when you do a search at Google. These are concerns at other search engines, too. Fear that you, personally, will be tracked isn’t realistic for the vast majority of users.

What exactly does Google know about you when you come to search? You needn’t be worried — for the moment. Next week, we’ll continue the privacy discussion with a look at Yahoo and search engine privacy policies.

Fact or Fiction?

No wonder people worry about search privacy after reading statements like these:

Google builds up a detailed profile of your search terms over many years. Google probably knew when you last thought you were pregnant, what diseases your children have had, and who your divorce lawyer is. –BBC technology commentator Bill Thompson, February 21, 2003

I don’t like that its cookies expire 35 years from now, and that it records all my searches, including the embarrassing ones. –Technology writer and blogger Chris Gulker, March 7, 2003

Reality: Google doesn’t know who you are as an individual. Its use of cookies, hardly unique, doesn’t give it a magical ability to see your face and know your name through your monitor.

All Google knows is specific browser software, on a particular computer, made a request. A cookie gives it the ability to potentially see all requests made by that browser over time. Google doesn’t know who was at the browser when the request made.

When I search at Google, this is how it identifies me: 740674ce2123e969.

No name, no address, no phone number. If someone else is at my computer, Google can’t tell someone new is searching.

What Does Google Record?

Here’s how that unique cookie number is given to you and why it tells Google nothing about who you are.

Assume you’ve never been to Google before. You visit the site and search for “cars.” What’s recorded?

As stated in its privacy policy, Google records the time you visited, your Internet address, and your browser type in a log file. It’s standard practice for Web servers to keep track of this information.

Here’s a simplified example of how a search for “cars” might appear in Google’s logs:

inktomi1-lng.server.ntl.com – 25/Mar/2003 10:15:32 – http://www.google.com/search?q=cars – MSIE 6.0; Windows NT 5.1 – 740674ce2123e969

When broken down:

• inktomi1-lng.server.ntl.com — my Internet address, resolved to a domain name
• 25/Mar/2003 10:15:32 — date and time I searched
• http://www.google.com/search?q=cars — my search request, containing the word “cars” in it
• MSIE 6.0; Windows NT 5.1 — the browser and operating system I used, MS Internet Explorer 6 on Windows XP
• 740674ce2123e969 — my unique cookie ID, assigned to my browser the first time I visited

My Internet Address

If Google wants to know who I am, the most important element is my IP address. That address says nothing about me as Danny Sullivan. NTL is a large UK Internet access provider. The IP address represents the NTL computer serving my requests. (Inktomi is mentioned probably as a remnant from when it provided Internet caching services to ISPs.)

NTL could look at its records and know I connected to the Web. It doesn’t pass my name to Google. All Google knows is an NTL user visited.

Is it true a person’s IP address might be tied to him more personally? For example, you work at a company where everyone’s computer is given a unique name. Your IP address could be: danny.sullivan.searchenginewatch.com

Such situations are rare. They don’t guarantee you, personally, use that computer. Still, it’s a good reason for sys admins not to link IP addresses to personal data.

What About the Cookie?

Why would Google want to know who you are? Some people set preferences, such as seeing more than 10 pages at a time or English-only results. It’s helpful for Google to know how often unique users return and how they behave when searching.

Google can’t depend just on your IP address to know if it’s seen you before. If I go offline for a few hours and reconnect, my NTL address may be different. If I have trouble connecting to NTL, I may switch to my AOL account. I’m the same person, but with three IP addresses. In each case, to Google I’m a different person.

A cookie solves this, which is why so many sites use them. With a cookie, no matter what ISP I use, Google knows it’s seen my browser before. Then, anytime my browser talks to Google, it sends along my unique ID, so Google remembers who I am — at least, to the degree I’m a unique browser on a particular computer.

Google still doesn’t know my identity. If my wife searches at my computer, Google has no idea the age and gender of the searcher suddenly changed. It still sees the same cookie.

My laptop has a different ID. To Google, it’s a different “person.” Netscape Navigator and Internet Explorer on the same computer get different cookies. If I switch browsers, I’m a different person to Google.

The Big Brother Nomination

From the above, it’s possible for Google to know all the searches a particular browser made. That’s a far cry from a personal profile of what a named individual searched for.

How did we get from Google’s anonymous cookies to some people believing at any moment Google can order up your personal search history? This mainly emerged from Google’s nomination by the Google Watch Web site for Privacy International’s 2003 U.S. Big Brother Awards.

I don’t feel any of the accusations hold up against Google as an abuser of privacy. Privacy International did not select Google as a finalist. Nevertheless, some take the nomination as a sign of wrongdoing, although anyone could nominate any company for the award. Some misunderstood the accusations and mistakenly assume Google has their personally identifiable profiles.

So How Do You Know It’s Me Personally?

“Personally identifiable information” — an important phrase to understand. It’s means some company has information that honestly and truly lets them know, to some degree, who you personally are.

Say you’re a Yahoo member. You filled out a form giving your name, address, age and other data. Assuming you didn’t lie, Yahoo really does know who you are when you’re logged in. Unlike Google, Yahoo has personally identifiable information.

Because Yahoo knows who you are, it has the capability to know what you’ve searched for in the past while logged in. The same is true for any search site where users can create personal accounts.

Given this, concern about anonymous cookies from Google as a privacy threat is misplaced. Any search site with a registration scheme represents more serious concerns.

Next week, Yahoo’s search privacy issues and a comparison of Google’s and Yahoo’s privacy policies.