Evading the Google Eye

Continued from page 1

One can deal with cookies from within a Web browser relatively easily. Most browsers offer a setting under the "preferences" or "options" menu items to control which cookies it will accept, or whether it should ask your permission before accepting them. In addition, most browsers allow you to delete cookies. Camino and Apple's Safari have reset functions that erase all cookies, while the latest version of Firefox includes a similar function, "Clear all private data." Doing this will obscure your past tracks, although it may require you to log in again for your Web-based e-mail and any member-only discussion boards.

More telling, and more difficult to mask, is your IP address. Every computer on the Internet has an IP address, much like every phone has a number. You can see what your computer's address is by visiting http://www.showmyip.com; and others can see this address, too. Google and other search engines note the IP address of each user, which can then be used to locate which Internet service provider (ISP) the user is on. Theoretically, a private company or government can then request the user's personal information from the ISP. This method could be used to locate a blogger in Iran, or to track an employee who has leaked records of a company's polluting habits.

What is worrisome for many about the recent standoff between Google and the U.S. Department of Justice is not what the government is currently asking for, but what it could ask for in the future. The current DoJ request would not reveal user identities; but if Google or its competitors were compelled to release the IP addresses associated with their search records, each user's habits could be tied to a name. (Google's policy is to release such information only when the company has a "good faith belief" that the request is valid. For more on Google's privacy policies, see http://www.google.com/privacypolicy.html.)

EFF's Palmer notes that there are ways to travel online while masking one's IP address. The EFF itself funded a piece of software, called Tor, for a year, after it was initially funded by the Office of Naval Research. (Currently, Tor is not funded, although its original programmers are seeking donors and volunteer programmers to help upgrade the system.)

Users install the Tor client on their computers, and the client communicates with a dedicated Tor server picked at random. (There are currently about 300 Tor servers worldwide, often called "onion servers" because they work together in layers.) The first server randomly picks another, which picks another; the data sent are encrypted at each step, and each server knows only of the one immediately connected to it.

However, according to the EFF, Tor protects mainly the transfer of data. Someone could still sniff out your identity by tracking down information related to your IP address, or through clues sent out through hypertext transfer protocol (HTTP), the very protocol that enables Web browsing.