UPDATE: February 11, 2010
Recent research by the EFF has shown that your browser alone, during it’s negotiation with the web sites you visit, voluntarily give up enough unique information to possibily uniquely identify you. Your browser hands over traditionally unique information such as:
- "the exact fonts installed on your machine"
EXAMPLE: SWMacro, Marlett, Arial, Arabic Transparent, Arial Baltic, Arial CE, Arial CYR, Arial Greek, Arial TUR, Batang, BatangChe, Gungsuh, GungsuhChe, Courier New, Courier New Baltic, Courier New CE, Courier New CYR, Courier New Greek, Courier New TUR, DaunPenh, … [+150 more installed font]
- "the user agent string of your browser, it’s version, operating system, etc."
EXAMPLE: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.2; MS-RTC LM 8; Zune 4.0; OfficeLiveConnector.1.4)
(This one is really interesting because people on less common machines – SUCH AS MACINTOSHES – are much easier to identify because of their relative infrequency)
- "the details of each browser plug in loaded & their exact versions"
EXAMPLE: Java 1,6,0,16; Flash 10,0,42,34; WindowsMediaplayer 12,0,7600,16415; Silverlight 3,0,50106,0
- "the workstation’s screen resolution"
…etc. etc. etc. All these elements combine to make a very unique identifier that can be uniquely traced to you machine. And this information is transmitted in the clear to every single web site you visit.
For more information, visit:
- EFF online tool reveals ‘fingerprint’ browsers leave on the Web
- Panopticlick: Test your browser to see how unique it is based on the information it will share with sites it visits
UPDATE: December 29, 2008
Well, there you have it folks. Apparently, it took awhile but the world seems to have figured out that having one company with EVERYONE’S information is a colossally stupid idea.
- Google No Longer Among Top 20 Most Trusted Companies For Privacy
ORIGINAL POST: August 11, 2007
Sites like Google track you by placing a unique serialized cookie on your machine.
Deleting Google cookies prevents Google from associating you from your searches.
Deleting all cookies really keeps Google from tracking you by eliminating any Google affiliate cookies from tracking your search & surfing habits.
Even better yet:
Simply don’t use Google… right? How can they track you if you don’t go to Google.com?
Oh, au contraire. Here’s a few of the ways that Google manages to track you… with or without you visiting Google.com… with or without a Google cookie.
GOOGLE AFFLIATE NETWORK
Even if you never go to Google.com, your behavior is probably being monitored. Remember that every Google affliate (folks using Google AdSense – those banners & context sensitive ads that show up on people’s web pages) is receiving payment for you simply visiting their page and essentially allowing your visit & interest to be indexed into the Google ‘brain’.
The fact is that the more information Google has associated with your cookie, the more they can tell about you. A giant profile or ‘virtual folder’ is being built about you and even if you never enter your real name, mailing address, or email while being tracked, a general profile is being created on you individually – this is how advertisement targeting is done.
And this is the nefarious nature of all of this: With people signing up for Google AdSense to receive their ‘bounty’, it’s becoming virtually impossible to dodge Google’s tracking engine.
1) Block that cookie. And selectively clear your cookie cache.
2) Change your hosts file to block google-analytics.com
- Use Internet Explorer’s cookie blocking/privacy facility to proactively block all first party cookies from Google.com. Go to Tools-Internet Options-"Privacy" tab and click the Sites button. Then set up a rule that Always blocks cookies from anything associated with the google.com domain.
- Block Google Analytics. Google Analytics is nefarious because it’s a true first party cookie that exists on people’s web sites that track you back to Google Analytics so even if you’re blocking Google cookies, this 1st party cookie from myhomegrownweb.com still allows Google to track you through redirection. To stop this, you have to change your HOSTS file. Add the following line to your Windows hosts file
- If you’re at all interested in protecting your privacy, it’s absolutely imperative that you nuke tracking cookies early and often. Use CCleaner from http://www.ccleaner.com to clear out your cookie cache on every boot of your system. Consider Advanced Tracks Eraser as well from http://www.benutec.com/products/trackseraser/ which can clear your cache at timed intervals.
- Consider trying G-Zapper from http://www.dummysoftware.com/gzapper.html. This will help identify any other cookie-based methods that Google uses to track users. For example, it blocks people from using Google Analytics.
IP ADDRESS MAPPING
The fact is that you’re being tracked regardless of whether you’re using a static IP address, you’re sitting behind a NAT, or your using an ISP/Cable Network provided DHCP-assigned IP address.
Huh? Damn right. Remember that subnets have a limited number of IP addresses and while you might be coming from an assigned IP address, if it’s DHCP, it’s likely leased and simply renewed everytime you visit. And even if you are assigned a different IP address when you turn on the ol’ PC, it’s coming from what is likely a 256 count address space meaning that all that needs to happen is associate your searches with range of addresses. Ultimately, reconciiling who you are based on 256 addresses is not that hard for computers to do.
- Go to https://ssl.scroogle.org for your Google searches. Scroogle is a middle tier anonymizer for all traffic that goes to Google. It randomly picks an IP address from a massive statistically irrelevant subnet of addresses and submits that to Google, then receives the results back and saves it without the advertising and all that to a file. The resultset is presented to you and the search logs and your results are deleted in 48 hours.
- To use Scroogle in your Internet Explorer 7.0 search bar, paste http://www.scroogle.org/cgi-bin/nbbw.cgi?Gw=TEST into the yellow box as described by http://www.microsoft.com/windows/ie/searchguide/en-en/default.mspx.
- Hint: You can delete most spam and blogs by adding -com to your search terms.
This is one that concerns me the most: Just simply by participating in a conversation with someone using Gmail, your name and discussion interests are getting catagorized, and tracked.
That’s right: Conversations that take place over Gmail are indexed and there’s no real way to prevent this from happening. Your conversation implicitly will get indexed and associated with the gmail user regardless of your authorization.
ANSWER: Filter all Gmail to the trash. Do not participate in any discussions with anyone using Gmail addresses.
Unfortunately, it would appear that the mere act of a Gmail user sending you an email indexes your email address. On the high side, not responding keeps them from verifying the validity of the your email address. On the down side, there’s no way to keep the sender from thinking you’re just blowing them off.
In case it wasn’t apparent, you can’t use Gmail without having a Google cookie installed on your system. There’s no reason for this functionally other than to make sure that Google can track your search activities – frankly, this should be reason enough alone to not use Gmail.
Tracking isn’t just dependent on your IP address or your Google cookie. When you visit Google.com or a page that’s a Google affiliate, you present your Operating System, your Browser type, and all kinds of interesting information to help the web site present a web experience suitable for your computer configuration. And that information classifies you, thus narrowing down who you are. This alone narrows you down to a very small part of the Google using population – even if you’re using Windows XP SP2 & Internet Explorer 6.02.
Now comes the tricky part: How to identify a person based on what they search for. Everyone’s search patterns are like a fingerprint: Your search patterns are unique and unlike that of anyone else’s. I’ve only read about this a couple times and this is part of the voodoo science I don’t completely understand. As I find more about this I’ll post it but right now, I’m not completely sure how to cloak this.
- How to Stop Google from recording your Search habits
- More On Google & Blocking Privacy Proxies
- Privacy Watch: How Much Does Google Know About You?
- Gmail is too creepy: 4 Reasons that Gmail is a serious privacy violation
- Protecting Your Search Privacy: A Flowchart To Tracks You Leave Behind
- How to foil Search Engine Snoops
- Online Privacy: How To Hide Your Google Search Trails
- Online Privacy: How to Hide Your Google Search Trails
Eight steps for keeping your search-engine data private
- Blocking Google Analytics cookies
Excellent blog Kurt!, Still not sure if I trust MS though?