ComputerWorld is carrying a long, detailed and very good feature story by Logan Kugler “The smart paranoid’s guide to using Google”
Every search term or anything you have put in Google’s search engine or any of its other services remains there for as much as a year and a half. It’s linked to your Gmail account if you’ve been logged in or your IP address if you haven’t. The data remains there, available to hackers who might find a vulnerability on one of Google’s servers, governments or attorneys with subpoenas.
“The good news,” Kugler writes, “is that Google anonymizes its server logs by removing the last three digits from the IP addresses associated with searches after nine months and by deleting the associated cookies after 18 months, which makes it very difficult to link you to searches that are more than 18 months old.”
Some practices to minimize your exposure:
— In order to stop the accumulation of data on your searches, log out of your Google account before you do a search.
— Turn off Google’s Web History: Settings | Google Account settings | Edit” (next to “My Products”) | “Remove Web History permanently.” If the option isn’t visible, that means you never activated Web History.
— If you’re not logged in to your Google account you can use a proxy service like Tor, Anonymizer or the PhZilla Firefox extension.
— Practice good Internet security behavior: Run anti-malware software on your system; don’t click on links in e-mail from strangers or those you know; pay attention to the URLs in links; don’t open attachments you aren’t expecting; avoid porn, illegal file-transfer and warez sites; don’t click on pop-ups (even to close them — instead, use the keystroke commands Alt-F4 on Windows machines or Command-W on Macs).
— Use browser security or privacy settings to reject third-party cookies (those that originate from sources other than the site you’re on.)
— Set your browser’s security and privacy settings to delete all of your current cookies at once or else manually delete those that you don’t you want to keep.
— Use your browser’s “private browsing” feature.
— Encrypt e-mail. Encryption is available in Outlook or Thunderbird clients, or you can use a product like PGP Corp.’s PGP Desktop Home
— Block scripts and ads with ad blockers such as AdSweep (Firefox, Opera and Chrome) or AdblockIE for Internet Explorer 8 to prevent sites from serving ads, including Doubleclick’s.
— Use a strong password (more than eight characters, upper and lower case, numbers and symbols) and change it about every month.
— Stop using Internet Explorer 6 (and its 24 unpatched vulnerabilities). Upgrade to IE8 or one of the other browsers like Firefox.
— Run your browser in a virtual environment so malware can’t access your hard drive.
I think the fact that the word “paranoid” was used in the title of the story is yet one more indication of how ambiguous we are to Internet security. There are hundreds of millions of people using the Internet across the planet and most of them EXPECT it to be safe. It really isn’t. The threats very technical, ever-evolving and hard for most of those people to understand.
The story is a good description of state-of-the-art security practices for everyday users and well worth reading.
Tom Kelchner