Tuesday, January 31, 2006

Evading the Google Eye

The tug-of-war between the Department of Justice and Google has made us aware of the traces we leave on the Internet. But there are ways to cover one's tracks.

By Daniel Turner

In 2000, Sun Microsystems CEO Scott McNealy famously said about life on the Internet, "You already have zero privacy -- get over it."

"That was very annoying," says Chris Palmer, chief technologist at the Electronic Frontier Foundation (EFF), a San Francisco-based organization that advocates for online free speech and civil liberties issues. Palmer emphasizes that while most users can live happily without anonymity, for some people it's crucial -- such as those who criticize repressive regimes, blow the whistle on bosses, or discuss sensitive personal issues.

Fortunately, there are many ways -- from reconfiguring browser preferences to using emerging Web technologies -- to mask one's identity online. "It's all about how great your need is and how much work you're willing to do," Palmer says.

The issue of online anonymity has come into high relief in recent weeks. Microsoft, AOL, and Yahoo quickly complied with a request from the U.S. Department of Justice to turn over search records, which the DoJ wants to use in court to demonstrate how easy it is for minors to access online pornography. Google, so far, is resisting the request, winning plaudits from online privacy advocates.

But even though the records that the DoJ wants would not contain information linking searches to specific people, the controversy has caused average Internet users to ask themselves the reasonable question: Did the search engine really notice when I browsed that website? You know, that one.

For the vast majority of users, the answer is a qualified yes. Generally, online services use two methods to identify users: cookies and Internet Protocol (IP) addresses. Cookies can track what you do online, while IP addresses can reveal where -- and who -- you are.

Cookies are snippets of nonexecutable code, more like a watermark or a token than an application, handed to the browser by a website or an advertisement within the site. The browser stores the cookies and can send them back to remote servers. Cookies can be used for logging in users, or tracking what sites you browse; for example, the online ad company DoubleClick uses cookies served by its ads on various sites to track which ads you click on. The company then builds a user profile so it can target ads that an individual user might want to see. For example, if you browse gaming sites, DoubleClick may serve up an ad for a Sony PlayStation Portable rather than a subscription to Martha Stewart Living.