What does a search engine know about you and how can you protectd your identify?
Search engines have been helping us navigate the internet for decades. They are an integral cog in a well-oiled engine; a digital pivot upon which the internet turns. It could be argued that without search engines, the internet would not be as ubiquitous as it is today.
However, with every yin comes yang. The search engine not only searches the internet, it effectively searches us; search engines can easily act as a spyglass into our lives.
The privacy of search engines has been placed under the spotlight in recent years as the implications of privacy become better understood. New laws like the EU’s General Data Protection Regulation (GDPR) reflect the general feeling of the consumer that privacy must be sacrosanct.
The result is that companies are being taken to task over privacy violations. Google, for example, was recently fined 50 million euros under GDPR, in part, because of search engine privacy violations.
Where Good Search Engines Go Bad
Search engines are often our first entry point into the wider internet. It is where we, as human beings, often first engage with the digital. This interface point is important. It is used to connect the dots between us and the wider internet.
Our digital privacy begins at this interface. Privacy often gets mixed up with security. The two are connected but privacy goes beyond securing data. Privacy is about having agency and control over what happens to data; part of this agency is knowledge and management of our own Personally Identifiable Information (PII).
Connecting the Dots and PII
This PII is made up of many different identifiers. The obvious ones are name, address, and age. But others like IP address, device ID, and so on, can be used to identify us as individuals. And it is surprisingly easy to identify a person from snippets of data. Google, for example, aggregates data across all your Google accounts — to some extent privacy settings can help moderate this.
In a 2018 paper on what type of data Google collects, the researchers point out that ‘passive’ data is collected, i.e. without user intervention.
The paper did a “day in the life” scenario and found that Google collected more than two-thirds of information through passive means. One of the issues with Google Search is that it connects dots, i.e. accounts are connected, Android phone data, and so on.
When you connect to the digital realm, your data becomes much more than your name and address. Browser fingerprinting is where a search engine or other website collects various data such as browser details, active plugins, language, and so on.
These data are then used to track you across the internet – it is like the digital equivalent of breadcrumbs. In a survey by the Electronic Frontier Foundation, they found that only one browser in 286,777 shared a common fingerprint. Again, this helps to tie up the dots when you enter PII into a search engine, your privacy slipping out into the ether.
Profiling and digital trails
We all have a digital footprint and search engine data feeds into that. All of these data that we directly drop into search engines and that are aggregated from our devices and behavior can be utilized.
When we use a search engine, we often give away details of who we are. A paper by privacy guru, Omer Tene, discusses how unintentional search inputs reveal much about a person. Search terms can often show where a person lives, what gender they are, even extremely sensitive and personal details of a life.
A study by the University of Bangalore in India found that in 30% of online searches identifying information was generated which they could use to reveal a user profile.
Five ways to cover your search engine tracks
With all of these data swirling around is there anything a general user can do to retain their privacy rights? Below are five ways of improving privacy when using a search engine:
- Use a privacy-enhanced search engine – the easiest way to improve your search privacy is to use a privacy-enhanced search engine. Privado, is an example of one such search engine. It has been designed not to store search data, IP addresses or track you. A privacy-enhanced search engine is the best option, otherwise, you need to:
- Be careful when you search: You can improve privacy from day one by being cognizant of what data you enter into a search engine.
- Use the privacy options in your search engine: For example, in Google, you can set your search history to be deleted after 3-months (not ideal as it means it is still available during those months).
- Use a VPN BUT don’t connect to any accounts: A Virtual Private Network or VPN can be used to hide your internet use. However, login to an account like Google, then allows data correlation and the VPN becomes ineffective.
- Do not log in when using a search engine: In general, it is best to not log in to online accounts like Google when performing a search.
What does it all mean?
Privacy should not have to be given away just to allow us to find something online. Fortunately, privacy has become a hot topic because of serious violations from the like of Google. Because of this, legislation like GDPR and customer expectations on privacy, are forcing companies to reconsider how they handle data. Hopefully, this may help to reduce privacy violations. While we wait for big commerce to catch up to customer expectations, we can all take a proactive step in protecting ourselves by using the five ways above or better still, use a privacy respectful search engine like Privado.