The smart paranoid's guide to using Google - Part 3

Risk 2: Tracking cookies
Google uses cookies to store your log-in status for its various services, so, for instance, you don't have to log into Google Calendar when you're already logged into Gmail. But that means that you're leaving a trail of log-ins that can be accessed both from Google's servers and from your hard disk.


Also, the Google-owned ad service Doubleclick uses cookies to track visitors as they move among sites, and that information, combined with your Google login, can identify exactly what sites you visited.


Defcon 2
Blocking third-party cookies in Safari.Use your browser's security or privacy settings to reject third-party cookies -- that is, cookies that originate from sources other than the site you're on.

Blocking all cookies can be problematic if you want specific sites to remember your log-in info or preferences. Blocking third-party cookies, on the other hand, won't inconvenience you on most sites but will take your privacy up a notch.


Note that blocking new third-party cookies won't actually get rid of the ones that are already on your system. So to be thorough, you can use your browser's security/privacy settings to either delete all of your current cookies at once -- which means you'll have to re-enter log-in information or preferences at certain sites (but only once) -- or look through your cookies file and manually delete those that aren't from sites whose cookies you want to keep.


However, some services -- notably Doubleclick -- have been able to install cookies even with third-party cookies blocked. You can opt out of Doubleclick's cookies by, ironically, installing an opt-out cookie. But if you clear your cookies file at any time, you might also delete the opt-out cookie. Google provides tools and instructions for making your opt-out preferences permanent in Firefox, Internet Explorer, Chrome and Safari.


Another option is to take advantage of your browser's "private browsing" feature. The most recent versions of Firefox, Safari, IE, Opera and Chrome all offer private browsing sessions -- sometimes called "InPrivate" or "incognito" browsing -- that purge cookies and passwords when you close the browser, and also erase your Web history and browser cache.

The only challenge is remembering to select private browsing before you begin a sensitive search.


Defcon 1
Block scripts and ads entirely. Use an ad blocker such as AdSweep for Firefox, Opera and Chrome or AdblockIE for IE8 to prevent sites from serving ads, including Doubleclick's.


Many ads (including Google AdWords) use JavaScript to load. Blocking scripting in addition to ads is the belt-and-suspenders way of keeping ads from loading and third-party tracking cookies from finding their way onto your system. You can turn off JavaScript and other scripting using your browser's security settings, or use the NoScript extension if you use Firefox.


This will make a huge number of sites unusable, but it will make it much more difficult to track your online behavior. Note that you can add exceptions for sites you trust using the "Trusted Sites" list in IE8 (on the Security tab under Internet Options) or by clicking the NoScript toolbar icon and selecting "Allow" for sites you wish to accept scripting from to restore functionality.

To be continued......