The smart paranoid's guide to using Google

Here are down-and-dirty details on how to maintain your privacy while using Google's myriad services.

Google privacy icon

Google is nearly everyone's best friend. But have you ever stopped to think about just how much Google knows about you?

Do you realize that Google may have recorded and stored every single search term you have ever punched into its search box? Chances are some of those searches could be soberingly damaging to your reputation. What about Gmail? Have you ever sent any sensitive e-mails? How about business information stored in Google Docs?

Unless you sat out the last decade offline, you've likely been building a pretty thorough profile of yourself on Google Inc.'s servers. Depending on which of the dozens of Google services you use, data about your habits, interests, activities, schedule, professional pursuits, stock portfolio and medical history could be sitting somewhere on Google's servers -- along with records of the trip routes you've mapped, the Web sites you've visited and much more.

The good news is that Google anonymizes its server logs by removing the last three digits from the IP addresses associated with searches after nine months and by deleting the associated cookies after 18 months, which makes it very difficult to link you to searches that are more than 18 months old.

That's still a pretty big window into your life, though. What if any or all of that data ever became public? An attacker could conceivably get access to your information on Google by hacking directly into its servers, or by hacking into your individual account.

"There is a huge amount of stuff on Google," says Gartner Research VP Jay Heiser, "and it would be naive to believe that all that information wasn't of huge interest to a wide variety of people."

What's more, the large number of services Google offers means there are multiple ways of accessing data. "Each service brings its own unique risks," says Heiser. "There's potential for a minor vulnerability in one to add up to a more significant vulnerability when combined with something else."

And criminals aren't the only ones who could potentially access your Google records. Should the government (or attorneys from a legal suit you're involved with) come calling, all it takes is a simple subpoena and Google is forced to turn over your information, as outlined in Google's Privacy Policy.

Bottom line? Big Brother knows a whole lot more than you probably thought. But you don't have to avoid Google to keep yourself reasonably safe. You just need to take steps to prevent potentially dangerous information from being stored on Google's servers in the first place, and to protect the integrity of your account.

By taking some basic -- and not-so-basic -- precautions, you can minimize your exposure to bad guys, wherever and whoever they are. Read on to learn about things you can do to minimize the security risks involved in using Google, whether for search or for one of its myriad other online services.

For good measure, we've included two levels of advice on how you can protect yourself:

  • "Defcon 2" (good security) tips are things you can do with the tools already at your disposal to keep yourself safe against typical attacks -- but not against a determined attacker.
  • "Defcon 1" (best security) tips -- a.k.a. "the celebrity solution" (steps to take if you have, or intend to have, a highly visible public profile) -- offer far more security but are far less practical and often require using third-party tools.

In the end, only you can determine what trade-offs between security and convenience make sense for you.

1 2 3 4 5 Page
FREE Computerworld Insider Guide: Five IT certifications that won’t break you
Join the discussion
Be the first to comment on this article. Our Commenting Policies