There is no doubt about it; this has definitely been Google’s Privacy Week. Relevant news:
The infamous Privacy International’s report (it basically says that Google sucks in privacy, far more than Microsoft)
Privacy International’s open letter to Google
Danny Sullivan defending Google
Matt Cutts defending his employer
Google’s official response (PDF letter)
Google Video flaw exposes user credentials
It’s only human nature to defend ourselves (and those close to us) when we are under public scrutiny. I am not surprised to see Matt or Danny stand behind Google on this matter. I do think it is far more wise and beneficial to look into criticism and determine for ourselves what we can do to remedy it. I am glad to see that Google took this approach on their official response:
After considering the Working Party’s concerns, we are announcing a new policy: to anonymize our search server logs after 18 months, rather than the previously-established period of 18 to 24 months. We believe that we can still address our legitimate interests in security, innovation and anti-fraud efforts with this shorter period … We are considering the Working Party’s concerns regarding cookie expiration periods, and we are exploring ways to redesign cookies and to reduce their expiration without artificially forcing users to re-enter basic preferences such as language preference. We plan to make an announcement about privacy improvements for our cookies in the coming months.
You can take any side you want. But, I feel that none of the people covering this topic has addressed two critical issues:
1) How do you opt-out of data collection by Google or other search engines at will?
2) And, do you want to wait 18 months for your data to be anonymized?
My answer is no. You can anonymize your data with Squid, configured as an anonymous proxy, and using the FoxyProxy Firefox extension. This solution assumes that you have access to a Linux box, where you can install Squid (if it’s not already installed), and you can make the relevant changes to the proxy’s configuration. If you don’t have such access, there is a Windows port or you might search for a good anonymous proxy service. I don’t use any and can’t point you to anyone in particular.
What is an anonymous proxy?
A proxy is basically a server software that intercepts all your traffic before it reaches its destination. Proxies usually do something with your traffic. They can filter it, modify it, block it, cache it, etc. Depending on the Internet Protocol they serve (HTTP, SMTP, etc.) and the protocol used to access them (SOCKS5, HTTP, etc.), there are different types of proxies,. Your web browser comes with all you need to access proxy servers. If you use a proxy server, the IP address of your proxy is the one that is going to show up on the referrer’s logs of sites you visit. That is unless their scripts read the HTTP server variable: HTTP_X_FORWARDED_FOR. This variable contains the list of proxies you used to get to the current server. Typical proxies pass this information along.
An anonymous proxy server is a proxy server that does not pass HTTP_X_FORWARDED_FOR, and removes all identifiable information from the user, — including requests. JavaScript makes it really difficult to be completely anonymous, so it is often a good idea to turn it off is you don’t need it. Squid is an open source proxy server. You can find the installation instructions here. To make it an anonymous proxy, add the following lines to your squid.conf file, and restart the server:
forwarded_for off
anonymize_headers allow Allow Authorization Cache-Control
anonymize_headers allow Content-Encoding Content-Length
anonymize_headers allow Content-Type Date Expires Host anonymize_headers allow If-Modified-Since Last-Modified anonymize_headers allow Location Pragma Accept Charset anonymize_headers allow Accept-Encoding Accept-Language anonymize_headers allow Content-Language Mime-Version anonymize_headers allow Retry-After Title Connection anonymize_headers allow Proxy-Connection
fake_user_agent Mosaic/0.1 (CP/M; 8-bit)
Now that you have done the hardest part and you have an anonymous proxy server, you need to setup your client to take advantage of this. Since, I use Firefox as my browser, I will use this to illustrate my point.
Why use a FoxyProxy extension, if I can simply setup my own anonymous proxy?
You might only want to enable the proxy while you are using Google and other search engines, and not when you are browsing elsewhere. FoxyProxy is very handy for this. Do the following to use it:
- Install FoxyProxy
- Add your anonymous proxy via the Add New Proxy button. (Squid port is usually 3128)
- On the patterns tab for your proxy, define one wildcard pattern for each search engine. ie.: *.google.com
Now you can surf the web with absolutely certainty that Google, and other search engines will not be able to link your searches to you. For maximum protection, do not login to any Google service while the proxy is on. You might also want to install a few more anonymizing proxies a
nd add them to your FoxyProxy configuration.
Proxy Templates » Blog Archive » Proxy Servers
June 17, 2007 at 2:35 am
[...] Protecting your privacy from Google with Squid and FoxyProxy If you use a proxy server, the IP address of your proxy is the one that is going to show up on the referrer logs of sites you visit. That is unless their scripts read the HTTP server variable HTTP_X_FORWARDED_FOR. … [...]
The never ending SERPs hijacking problem: Is there a definite solution? † Hamlet Batista dot Com
July 3, 2007 at 7:48 pm
[...] A cgi proxy is a type of proxy server that is accessible via URLs. Anonymizer.com is a well known example. Normal proxy servers are configured on your browser advanced options. I explained proxy servers briefly on another post. [...]
Jack
May 1, 2010 at 5:03 am
I am newish to the proxy institution and have enjoyed this article as it gave me some useful information. I wanted to be sure how a proxy worked before I risked using one. Great site!