Can the search engines tell who you are?

2-1-2009 Global:

It is still difficult for search engines to exactly pinpoint your identity as a user, but by using various techniques they can learn a lot about you. Should you be worried about your privacy? Ixquick thinks so, and is no longer recording your IP address.

Using IP addresses (the code that identifies your Internet connection) and cookies (small files that are saved on your computer) the search engines can at least partly determine that you are the same person that visited them yesterday.

That is: Unless you tell them, they won’t know your name, and given that most Internet Service Providers will give you a new IP address every time you log in, search engines cannot say exactly where you live.

Still, they know enough about your location and search and surfing habits to build a profile of your interests, and that profile can — for instance — be used to improve search results and target ads.

Moreover, they can use IP data to stop spammers trying to get high search engine rankings by unsavory means.

The three levels of identification

At the lowest level, the search engines can use the geographic location of your IP address to serve you — for instance — local ads. At the highest level they can use voluntary log-ins (like when logging on to Google services) to deliver ads and search results targeting your particular interests.

There are three levels of identification:

Identification through log-in where you have an account with personal information (unless you lie to them, of course, which is a real option)

Identification through cookies (with no personal information)

Identification through IP address (with no personal information unless you are your own Internet service provider) Ixquick takes a stand for privacy

The metasearch engine Ixquick has made a point of being the most privacy aware search tool in the business. This week Ixquick argued that:

“While you are searching the Internet, these engines register the time of your searches, the terms you used, the sites you visited and your IP address. In many cases this IP address makes it possible to trace the computer, and in turn the household, that carried out the search.”

Again, note that the search engines cannot identify your household directly unless you are using a fixed IP address (if you don’t know what we are talking about, you are unlikely to have a fixed address). They will, on the other hand, be able to identify your Internet service provider and where that server is located.

Combining data

Combineing the types of data mentioned in the quote above with other types of information, a clever researcher may be able to learn quite a bit about you.

Given that search engines store this information, researchers (being that the search engine staff, government employees or hackers) can potentailly combine various types of information in order to track you down, which is why the EU Commission has tried so hard to get the search engines to delete the IP data as early as possible.

Indeed, the major search engines have reduced their so called data retention times to between three and 18 months.

The devil is in the details

Previously Ixquick deleted the privacy details of its users within 48 hours. This week, however, Ixquick decided to stop recording IP addresses alltogether.

Ixquick says that the technical need to store IP addresses for 48 hours — blocking automated use of Ixquick’s servers — has been overcome by recent technological developments.

Ixquick CEO Robert Beens says this about Google, Yahoo! and Live Search:

”With privacy the devil is in the details. These engines use logins and unique ID cookies that are automatically placed on your computer when you search. Both techniques can ‘glue’ your searches together far beyond the officially claimed retention periods. That’s why Ixquick doesn’t use either of these methods.”

A peek inside your mind

Is Ixquick trying to gain a competitive advantage by playing on your fears of surveillance? Of course they are, and they are pretty good at it.

Should you be worried enough about your privacy to move over from Google to Ixquick? That depends.

If your search and surfing habits need to be kept secret (i.e. if you are working for a human right’s campaign within the borders of a dictatorship or your career will take a nosedive if someone found about your interests in antique erotic paintings) it is better to be safe than sorry.

The hard part is to ascertain the risk involved in profiling based on connecting seemingly innocent information.

To give an example: What if your insurance company hire a detective to determine whether you knew about your a genetic defect in your family making it more likely for you to get cancer? You haven’t told them this, and now that you are ill, they are trying to stop the payments.

Is this a likely scenario? Well, the main argument against this happening is that it would be a PR disaster for the search engine company in question. Google, for instance, knows this, and does everything they can to keep the data safe. They will never voluntarily give this kind of data to an insurance company.

To err is human

However, to err is human, and sooner or later someone will make a mistake.

In 2006, for instance, AOL made 20 million web queries from 650,000 AOL users public. The data was anonymized for researchers, but experts soon found ways of using that data to identify persons.

Are the Feds watching you?

Then there is the questions of governments demanding access to data.

We have no idea of how much information US Homeland Security can ask for post 9/11, and you could argue that it doesn’t matter much unless you are a terrorist.

But are you certain that you would be comfortable with a US government agent looking through your search history?

Risk against risk

As so often in life, this is a matter of weighing one risk against another.

We drive cars even if we know driving is one of the most dangerous activities around. We also use Google because the risk of having your life exposed is small compared to the usefulness of the tool. Still, it is good to know about the risk, isn’t it?

Here is a presentation we made for the EU Commission at the IPTS workshop on the socio-economic challenges of search in Seville, Spain, last fall. It sums up some of the most important web surfing privacy issues. ..News Source..