Use a VPN or Your Google Searches Are Public

no privacy

Privacy is at risk more than ever before. Our research and development team recently stumbled onto something which puts the AOL search debacle to shame. The discovery we’ll describe should serve as a serious and urgent warning. If Google searches are not conducted through a VPN or Tor, you are running the risk that those searches are made public and linked to your IP address.

It’s well known that many companies track netizens across the web. Such tracking has become an enormous internet industry, resulting in massive amounts of personal data being mined and then sold or used in retargeting. In general, most people have been unconcerned with this tracking, as it has been kept very low key and, thus, out of view from most of society.

However, we’ve just discovered something which serves as living proof that our privacy is in serious jeopardy. At least one website has been identified which makes your search traffic publicly available to the internet in its entirety, including Google’s web crawlers. This is not some rogue company, but instead, a website tracking service which is used in a wide variety of internet sectors.

DISCLAIMER: We will not name or link the website as we truly believe doing so will potentially damage the lives of many people. We will, however, provide screenshots to exemplify the harm that can be caused.

This particular website tracks URLs, referring URLs, and Google search queries for each site on which it is enabled. Then, it creates pages which list each of the search queries or referrers along with the visitor’s IP address. Google then indexes these pages, making it simple for anyone to search for an IP and connect it to a specific website visit or a search query.

Shown below is an example of some of the privacy violations this has caused. Most people will agree that, while some of these searches are harmless, some were definitely conducted with the expectation of privacy. While viewing this image, imagine you did a google search of your IP address, and these records appeared. Then, imagine someone else did a google search of your IP address. As Lil Flip said, “Game over.”

These searches were compiled from various pages on the unnamed website. Identifiable information has been blanked out to protect the privacy of the searchers.

These searches were compiled from various pages on the unnamed website. Identifiable information has been blanked out to protect the privacy of the searchers.

Search engine queries and referring URLs are listed. This can be used to show what you were looking for or what sites you visited.

A common misconception is that the solution is to attack or attempt to shut down the tracking site in question. However, this is only one site. There could be many more that operate the same way, operating under many different jurisdictions. Furthermore, there are countless other tracking sites that have the exact same data but have not made it public. But just because it isn’t public today, doesn’t mean it won’t be public tomorrow. Hackers could break in and release the data, or it could be sold en masse to other companies whose motives are unknown.

Shutting down one site does not protect anyone. Even using your browser’s private or incognito mode will not hide your IP.  The only way to protect yourself is to be truly private by making your IP address invisible to these tracking sites in the first place. So next time you Google, please, use a VPN.

  • krisonymous

    wtf googl?

  • http://coryg89.github.io/ Cory Gross

    Seems lame that I should have to use a VPN just in order for my searches and IP address to not be compiled in a list like this… If I was doing something illegal then yes I could see the need, however, I find it extremely irrating that I should have to buy into a VPN service in order to simply do ‘embarrassing searches’

  • Christian Jensen

    What would be interesting is the “how” of this leak. Is it a toolbar? Is it the ISP? We know the source is the keyboard and the destination is this site but what is in between to allow the information get there?

    • http://twitter.com/rud0lf77 rud0lf77

      Referrer-URLs.

      • Zell Faze

        Yeah, nothing new to see here really.

        VPN won’t stop those from showing up. It just will stop them from being associated with you.

        Easier solution would be use DuckDuckGo or Ixquick instead of Google.

        Nevertheless I suggest using a VPN for all browsing, not just private browsing.

  • GetFoxed

    So what? Maybe you were suppose to see?

  • http://twitter.com/MLNY Mike Lewis

    The article is incorrect that the specific tracking company can reveal your “search history in its entirety.” It can only track the searches you perform in which you click a link to a site that has opted to include this company’s tracking code.

    Every webmaster is able to see the search queries and IPs that led to the pages within his own site. The issue with the service you mention is that the webmasters are part of a network which shares your results (only the ones that end up with you hitting their sites!) with the world. So let’s discuss how to avoid this, and help ensure that your search will likely remain only visible to you, Google, and the site you’re visiting.

    There may be no way to know in advance which links you should avoid in Google results — that is, which pages will contain this tracking network code. Your best bet for a basic level of security is to install a browser plugin that stops this type of tracking code from working. Search for “DoNotTrackMe” or “Ghostery” and install the version of either plugin that is appropriate for your browser.

    You can also choose to go the extra mile and instead of clicking a link on a Google search, copy the listed address of the result (the green text under the link) and then paste it into a new window or tab. Going directly to the address will prevent the site owner from seeing the page you came from, including your search term, if you were coming from Google or another search engine.

    If, in the above case, the address in a search result is too long and Google does not display it in full, right-click and copy Google’s blue link to the site, paste it somewhere, delete everything up to and including the “url=” , delete everything after the first ampersand following “url=”, and convert it to plain text using a URL decoder: Search for blooberry url encoding, find the one at blooberry dot com, click the second radio button — “URL Safe Encoding”, paste the newly edited address in the text box, and click the button. The URL is converted. Copy the new URL, and paste it into a new browser window or tab.

    Yes, this is not a guarantee of privacy, but it does avoid most vulnerabilities of the sort mentioned in this article. You can go further and read about how to avoid tracking cookies, and also read about the steps mentioned in this article for additional security measures.

  • http://twitter.com/marczak Edward Marczak

    This is a pretty mis-informed article. Yes, all searches becoming public would be bad. However, neither Google, Yahoo! or Bing publish or sell this information. Google goes so far to use https by default.

    You’re looking at a group of webmasters that have decided to share their referrer logs.

    Your headline is linkbait, and the article is misleading and lacking in facts.

  • ToM

    Referer mechanisms have always been there. So where’s the beef there?

  • ToM

    Now I remember what the beef was. You want to sell your service..

  • Alejandro Amo

    I just threw a big WTF!
    how is that possible!?

  • John Smith

    what about using duckduckgo or ixquick?

  • CIAsuckDick

    Who cares. Everyone looks at ducked up shut online. It’s not like just because you Google some thing you herpies or HIV or wanna fuck 14yr old boys in underware. Besides goog is invented by the CIA. They know everything you do. Life sucks get over it. You don’t want the CIA to know what you do? Don’t use the internet. Why do you think they made it? Why do you think Schmitt now works for the government? Coincidence? Lol fuck…. You want change start killing ceos that fuck with our civil rights. Snipe the CEO of Monsanto. Snipe the CEOs of the tracking companies that are contaminated lands and destroying lives. Take back what is yours or lay down on your belly and get fucked in the ass, because that is what capitalism is.

  • CIAsuckDick

    Ducked *fucked
    Shut*shit
    Tracking*fracking
    Oh and the CIA made auto spell to ruin my life. Suck my wiener CIA, FBI, congress, senate, Obama, Google, bing, yahoo, etc.

  • sortfn

    15 points on the troll-meter, not bad.

  • robot_makes_music

    You can use browser extensions like Ghostery and AdBlock to help prevent tracking, and HTTPS Everywhere to help prevent local tracking (they can see the site you visit but not any of the specific urls, unless they’re doing a SSL MITM attack on you, in which case you have bigger fish to fry).

  • Pingback: Use a VPN or Your Google Searches Are Public | Privacy Online News | Nice to know | Scoop.it

  • http://oskarhane.com/ Oskar Hane

    I really like your VPN service, it’s fast and reliable.

    But this was a yellow post.
    Search Wikipedia for Yellow Journalism, read about yourselves, and be ashamed and never do this again.

    Step up please.

  • Oliver Salzburg

    Man, we’re really lucky that you went out of your way to dig out a VPN provider and link it right into this scary article. Thanks!

  • http://twitter.com/freehackgirl freehackgirl

    I know my vpn hides my IP,and my location, I check it with mr.AJohn page, wether even some anon pages.

  • Skeptic

    How are we to believe that what you are saying is true if you don’t tell us the website? I haven’t seen any other reports on it, and I can’t find a company that claims to offer this service. Your excuse that you think lives would be damaged by your disclosure isn’t believable.

  • http://www.facebook.com/new1day Thomas Prosser

    VPN can really hide my search?

  • Nick_Lopez_Loya

    Have you never read the articles where a company didn’t hire or fired someone for something they saw in your “friends only” Facebook profile? Anything on the internet is for sale, specially if the product is free. Facebook, Google, Yahoo, MSN, Twitter,

  • nigger

    typical idiot news for dumbasses that don’t even know how to use a fucking computer much at all in the first place, white trash consumer american dumbasses

  • Serra Mesa Bill

    QUESTION: Am I being safe or Paranoid?
    Insofar as privacy issues, Don’ know it I read it or my instincts, but I have never trusted saving or storing my search history. I believed I turn off the safe history option under Tools option on Mozilla’s Browser page. I learned today Google saves your search history regardless of your settings in the Mozilla Tool Bar. When I signed into Google and check my search history it covered months of my search history. I was able to delete it and had the option to turn of Google Search history.

    So my question is does it make a difference if you Save your search history and is your privacy at greater risk either way?

  • Serra Mesa Bill

    does me having PIA stop tracking links selected