Has the web just gotten even less anonymous?

According to this video (and this article), there are now services that can pinpoint exactly where a Google search is coming from, down to the exact address. While many of us have known that the search terms we enter in search engines aren’t exactly secret, there has always been the assumption (correctly?) that who is searching for something remains secret. Or at least wasn’t going to be shared with just anyone. Apparently, even that isn’t true anymore.

The ramifications are pretty significant. If you live in a house and not a big apartment building, your identity is pretty easy game with such a tool. Getting embarrassed by more or less targeted advertising (“We found from your searches that you are interested in naked teenagers wearing rabbit ears? Do WE have a deal for YOU!”) is almost the least worry (though if I got a call from the home business woman in the video clip, I’d be furious at having my privacy invaded, rather than show an interest in her stuff!) But there’s even worse possibilities – what if somebody finds our that you are looking for legal advice, or something similarly crucial to be kept private? Information about an illness, or depression for example?

At the moment, the searches seem to only allow tracking back from websites -> via search terms -> to the orignator of the query. But how long until the direction is reversible? Do we all have to become hackers and hide behind sophisticated software just to browse in peace?

  1. I know…it is totally scary.  A few years back when I would look up a lot of information on paganism/witchcraft/Wicca I was terrified someone might find out and harass me because they thought I was a devil worshiper…and that is my biggest concern, some nut coming after me because I happen to search for something that they find offensive.

  2. I’m trying to wrap my brain around this.

    What the service probably does is to correlate hits to member pages and referrers. If you click on the links provided by a Google search, the referrer log will include the search terms. This is really straightforward. Since their server logs also include the originating IP, they’re probably querying one or more GeoIP databases. Here’s an example that popped up in a Google search: Click on the link for the demo of your own IP and see how close they hit home.

    All of the above is really straightforward and the video probably oversold the service. Having said that, the marketing potential of doing this kind of log mining in combination with paid promotion is perhaps worth it.

    Even so, I would not take kindly to cold calls like the one in the video.

    If this kind of data mining concerns you, there are some remedies:

    – Cut&paste;rather than click on search results and the site you visit won’t know what search brought you there.

    – Use an onion router like TOR and GeoIP lookups are useless.

    Depending on your level of paranoia, there’s more to be done, but it’s a start.

  3. I don’t know about the personal data laws in the US, but a good british lawyer may be able to make a good case under the British Data Protection act- a data controller must ensure a third party does not access data about you with out legal authority.

  4. RefControl extension for Firefox is your friend.  It can at least strips your search terms from Google links.

    Thanks for that, I will look into it.

