Whether you trust Google or not, it's good to know something about how Google tracks you. What does Google do to remember your Preferences? When does Google record personal information like your name and your email address? And how far can you go to protect yourself without losing Google's services? We won't try to answer all of those questions thoroughly or in detail — after all, this is a guide to Google, not to computer security. We'll hit the highlights, though: enough information to help you understand what's going on inside your browser and on Google's servers.
Cookies vs. Accounts
Let's start with an overview of two main ways Google can keep track of you: by storing cookies on your web browser(s) and by asking you to sign up for a Google Account.
A Google Account is free of charge. The easiest way to get one is by visiting www.google.com/accounts. There you'll be asked for information like your email address and a password. Note: if you're planning to get a Gmail account, and you'd like to use your Gmail address as your primary email address, you should sign up with Gmail first. Then your Gmail address can automatically become the email address for your Google Account. In fact, signing up for Gmail gives you a Google Account automatically.
Once you have a Google Account, you can tell Google who you are by signing in to the account. You'll find a "Sign In" box at the top right-hand corner of many Google screens. You can also sign in from the home page of services like Gmail and Groups, as well as from the Accounts page shown above.
When you're done with your Google account, you can simply go on with your business. You can also close your browser. If you've checked the "Remember me on this computer" box (see the example above), Google will set a cookie in your browser so that, the next time you open your browser and go to a Google page, Google's server will sign you in automatically.
As we said, a cookie is a bit of data from a web server. (Think of "fortune cookies" you might get after a Chinese meal, with little bits of wisdom inside each one.) Each web browser keeps its own set of cookies. So, if you use several computers — or several different web browsers on the same computer — each of those browsers has a different set of cookies in its "cookie jar" (actually, in the computer's memory and/or disk).
So, for example, if you set your Google preferences on a particular browser, Google's web server can set a cookie in that browser to maintain your preferences on that browser. But if you go to another computer, those preferences you just set on the previous computer won't be set here because Google's server can't know that it's you on that other computer. (Google has no idea where you are in a room.)
Remember that, unless you have a Google Account and you sign in, Google can't track you as a person. It can only track what's happened on the particular browser you're using at the moment. (This is true of other web servers, too: not just Google's.)
You can remove the cookies from your browser by using cookie management programs or by using controls built into your browser itself. You can also prevent cookies from being set in the first place. Doing so can help to preserve your privacy, but you can also lose the advantages of cookies — such as being able to set preferences.
How Long Do Cookies Last?
Each cookie has a name and an expiration date. When a web server sends a cookie, it asks your browser to keep that particular cookie until a certain date and time. These dates can be:
As we'll see in a moment, Google uses a mixture of session cookies and longer-term cookies.
Most web browsers let you prevent a web server from setting cookies. Add-on software can also control cookies. The most sophisticated browsers, such as Mozilla, give you a lot of control over cookies.
Your browser probably has a way to remove some or all stored cookies. Doing that will stop most (but not all) tracking that a web server can do. But, of course, you'll lose the benefits of permanent cookies. For instance, if you have a Google Account, you'll probably have to sign in again before you use a personalized Google service like Gmail.
If you're concerned about privacy but also want the advantages of cookies, some browsers have a good compromise: treating some or all cookies as session cookies. That is, if a server asks to store a cookie until next year, your browser can store it as a session cookie instead.
We'll start by opening Firefox to a blank page and entering www.google.com as the URL. We've configured Firefox to ask before setting each cookie, and we've also just used its "Clear privacy data" command to erase all old cookies. As soon as we go to www.google.com, the server asks to set a cookie:
Notice that the server wants the cookie to expire in the year 2038 and that the cookie's name is PREF. (This may be where the server "remembers" our Google preferences.) We click the "Allow for Session" button, which tells Firefox to erase the cookie when we quit the browser. We could also have denied the cookie, though, to see what might happen next. It's likely that Google will work fine with almost all cookies denied — except the cookie(s) that keep your Google Account settings.
Later, after doing some searches, we decide to sign in. Clicking the "Sign in" button brings up another "Confirm setting cookie" dialog. This time, the server wants to modify a cookie that it set earlier named GoogleAccountsLocale_session. The cookie will expire at the end of the browser session. In this case, we agree. (We could also have chosen "Use my choice for all cookies from this site" if we didn't want to answer any more questions about www.google.com.)
After more searching, we open the Firefox Options dialog to look at the stored cookies. (That's the little right-hand window in the next screen shot.) Google has set several cookies by now: five for www.google.com, one for groups.google.com, and at least one more for images.google.com. Clicking on one of the cookies shows that it's the PREF cookie set two screen shots previous. You generally won't need to get to this level of detail — but it is possible to, say, remove the stored cookies from a server so that server can't "remember" you.
|[Home] [Intro] [Contents] [Print] [Favorites] [Query Input] [Understanding Results] [Special Tools] [Developing a Website] [Appendix]|
For Google tips, tricks, & how Google works, visit
Google Guide at classic.GoogleGuide.com.|
By Nancy Blachman and Jerry Peek who aren't Google employees. For permission to copy
& create derivative works, visit Google Guide's Creative Commons License webpage.