Consumer Privacy Advocates Seek Search Engine Solution

Article ImageNo one knows more about us—our ailments, significant others, favorite music, what we’re thinking about buying, and how much we spend—than our search engines. However, this is stuff we probably wouldn’t choose to share with a multimillion dollar web company. Every major search engine in the world, however, retains every search query ever typed into its field, and privacy advocates are calling for search engines to change their ways.

Virtually all search engines gather information about how searchers query, what they click, and where they wind up. This personal information (i.e., IP addresses, cookies, session IDs) is stored alongside queries for anywhere between 90 days and forever.
"I think most users simply don’t realize the amount of personal information they provide," says John M. Simpson, a consumer policy advocate with the nonprofit group Consumer Watchdog. While most of the data is used for behavioral targeting or performance improvement, it can also be accessed by legal authorities with a subpoena. In 2006, AOL accidentally released search query information for 500,000 users. Police have used search engine queries against defendants in hacking and murder cases (based on queries such as "how to commit murder" and "undetectable poisons").

During a Q&A session with Google CEO Eric Schmidt at a New America Foundation speech in Washington, D.C., Simpson asked the "king" of consumer search engines what the company was planning to do about privacy concerns repeatedly expressed by Consumer Watchdog. Schmidt responded that he was "sympathetic" to security concerns, but he remained noncommittal about future privacy measures.

Google seems to be taking a backseat and waiting to see how successful other search engines’ solutions turn out before taking action. Currently, all search information is stored on Google’s servers for 9 months. After it expires, Google deletes the final eight digits of the user’s IP address and hides cookies and session IDs.

Google’s not the only company taking a wait-and-see approach: Microsoft has said it would consider making changes if its competitors did. Microsoft’s Live Search feature currently keeps search logs for 18 months before fully deleting IP addresses and other identifying information.

So who’s blazing the way? Search solution providers and Yahoo! have both recently thrown down the gauntlet by stepping up search privacy protections in very different ways.’s AskEraser tool debuted in December 2007. When activated, the AskEraser "erases" personal information, such as user and session ID cookies, search queries, and IP addresses, usually within hours. The AskEraser works on any search field.

Yahoo!’s approach to search anonymity is more subtle. Rather than giving users opt-out power, Yahoo! has committed to a complex anonymization process that continues collecting query data while disassociating specific users from requests. After 90 days in Yahoo!’s cache, the final octet of every IP address is deleted, the Yahoo! ID and cookie information are one-way secret hashed (a process that condenses and scrambles file data), and search queries are filtered to remove any personally identifiable information (such as a social security number).

According to Anne Toth, Yahoo!’s VP of privacy policy, "We are dramatically increasing the scope of data covered under our anonymization process. In addition to search log files, our new policy applies to ad views, ad clicks, page views, and page clicks for all our products and services on a global basis, which encompasses all our log file systems. … We structured our policy to ensure that Yahoo! continues to utilize data to create cutting-edge technology, product innovation, and advertising solutions, while strengthening consumer privacy protection."

Simpson isn’t so sure that Yahoo!’s protections are enough. "[It’s] a step in the right direction, but it doesn’t go far enough," says Simpson. "In the best of all worlds, the default mode would be to not share information with Google’s servers. Users would have the option to do so if they wished. Failing that, a prominent button on the homepage that said, ‘Make me anonymous,’ and that did
so, would work."

While he praised and Yahoo! for taking steps, Simpson believes all eyes are on Google. With 63% of all U.S. search traffic flowing through Google, Simpson hopes they’ll be the next search engine to take steps toward more secure search. "We are working to get them to change their policies so that the rest of the industry will follow suit," he says. "They have the opportunity to live up to their ‘Don’t be evil’ motto and set the gold standard for privacy for the entire internet."