The Anonymous Google Cookie


After the AOL incident, people are concerned again about their online privacy. While Google wasn't involved in the incident, one can't stop wondering what if Google leaked precious records from their database.

Until creating the Google Accounts, the search engine used to rely on an infamous cookie that expires in 2038 ("the end of the world as far as UNIX computers are concerned", as described here). The cookie contains an unique ID useful to identify users between sessions and to save user's preferences. If you delete the cookie, Google recreates it and assigns you a new ID. Despite that, the cookie connected with the (static) IP and other information from Google Toolbar or Google Desktop are a good way to uniquely identify users.

Here's a quote from Google's Privacy FAQ:

Like most Web sites, our servers automatically record the page requests made when users visit our sites. These "server logs" typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

Here is an example of a typical log entry where the search is for "cars", followed by a breakdown of its parts:

123.45.67.89 - 25/Mar/2003 10:15:32 - http://www.google.com/search?q=cars - Firefox 1.0.7; Windows NT 5.1 - 740674ce2123e969

* 123.45.67.89 is the Internet Protocol address assigned to the user by the user's ISP; depending on the user's service, a different address may be assigned to the user by their service provider each time they connect to the Internet;
* 25/Mar/2003 10:15:32 is the date and time of the query;
* http://www.google.com/search?q=cars is the requested URL, including the search query;
* Firefox 1.0.7; Windows NT 5.1 is the browser and operating system being used; and
* 740674ce2123a969 is the unique cookie ID assigned to this particular computer the first time it visited Google. (Cookies can be deleted by users. If the user has deleted the cookie from the computer since the last time s/he visited Google, then it will be the unique cookie ID assigned to the user the next time s/he visits Google from that particular computer).

While many people say it's a good idea to use proxies, TOR, or to not use Google anymore to protect your privacy, this site has a more interesting idea: let's change our ID to a value that has an added benefit of allowing us to see one of Google's design experiments (it's from March, but it hasn't been released).

If you drag this bookmarklet [ Anonymize me ] to your toolbar or if add it to your bookmarks, go to google.com, click on it, click OK and then save the preferences. You'll have the same ID as many other people.

Of course, being logged in your Google Account will make this cookie not very useful. A funny tip: after changing the cookie, go to Google Groups (without being logged in) and look at the recently visited groups. You'll have a surprise.