In 2008, Google said there’s no such thing as complete privacy. You’re being tracked all over the web by their AdSense ads, by sites that use Google Analytics and – probably the most important – their search engine. But Google Search isn’t the only search engine that tracks your behavior. Concerned about your privacy? In this article, we’ll show you how you can get rid of click tracking in search engines.

The secret redirect

Google

google tracking-2.png

Whenever you click a link in Google Search, your click is redirected through a secret URL. If the site you’re going to is http://www.cybernetnews.com/, Google will do a secret redirect through a URL that looks similar to http://www.google.com/url?url=http://www.cybernetnews.com/. In some cases, you can reveal the secret redirect by right-clicking on a linked search result. If that doesn’t work, your last resort is an HTTP sniffer.

There are several Firefox add-ons that claim to get rid of Google Search’s click tracking. CustomizeGoogle is one of them. Among other tweaks, it promises to remove click tracking and disable Google Analytics cookies. If you just want the anti-tracking feature without the bells and whistles, there’s a Greasemonkey script you can download called Google Tracking B-Gone. To use Greasemonkey scripts, you need to install the Greasemonkey add-on for Firefox. Also, if you use an international version of Google such as google.co.uk, you have to change the script’s URL range from http://*.google.com/* to http://*.google.*/* to ensure that the script is allowed to operate on your local Google site.

Yahoo

yahoo tracking-1.png

Unlike Google’s redirect, the one Yahoo uses is always easy to find. Right-click on a link and look at your status bar to reveal an intimidating garglemesh of strange characters originating from rds.yahoo.com. You can get rid of that by installing this Greasemonkey script. However, my HTTP sniffer revealed that Yahoo does some additional click tracking from a URL that starts with http://search.yahoo.com/ra/click?. To disable this, add http://search.yahoo.com/ra/click?* as a filter to Adblock Plus.

Bing

bing tracking.png

Bing seems to have a very subtle click tracking mechanism. The only fishy thing Bing does is call some URL’s that start with http://www.bing.com/fd/ls/ whenever you click a search result. Again, Adblock Plus can help you deal with this if you add http://www.bing.com/fd/ls/* to its filter list. Turning off JavaScript on bing.com seems to help too.

Shutting off the HTTP referrer

Although the tips listed above can help you stop search engines from tracking your clicks, it does not keep websites from gathering information about your web search. This is done through the HTTP referrer. Any page on the web can retrieve information on how you stumbled upon it, i.e. which URL referred to their web page.

The referrer is also known to be used by site owners to retrieve information about the search engine you used and what your search query was. On rare occasions, some sites alter themselves if you found them through web search. For example, I’ve seen sites display “Welcome, Googler!”-esque messages and even sites that highlight your Google search terms on the page you landed on. Although this rather creepy practice is not widespread, it just shows how much a site really knows about you.

Fortunately, you can disable the sending of the HTTP referrer to the websites you visit. While it is possible to disable the HTTP referrer entirely in Firefox’s about:config, this can break certain functionality on some sites. There’s a Firefox add-on called RefControl that does away with this issue by allowing you to add exceptions for sites that need the referrer.

Other browsers

It is possible to use the Google Tracking B-Gone and Yahoo Click-Tracking Disabler scripts in other browsers. So if you’re really serious about extending your tinfoil hat protection to other browsers, you can check out these resources:

To disable the HTTP referrer, follow these instructions:

Since I’ve only tested this with Firefox, I cannot guarantee that the content from these resources is accurate.

There Are 43 Comments

  1. Google only adds that URL if you have the Web History feature enabled in your settings, which is designed to track your clicks for your own future reference.

    You are making scripts and workarounds for features you have enabled.

    • Not true. I used a clean Firefox install in this article so I wasn’t logged in to Google’s services.

      After your comment, I also tried searching Google while logged in with Web History disabled. The tracking URL still appeared in my HTTP sniffer.

    • check out wooglethis
      it is the best Ive seen
      for stoping google

    • Nice misunderstanding there. Either you are thick, or a fanboy.

      If you use Google’s stuff as Google want you to use it (see the default settings on the two browser-groups this advertising company fund), you will be subject to data-rape. For shit like Web History to work you have to take their cookies, and then they can track you without the use of tracking URLs.

      The tracking URLs are for people who have signalled it is none of Google’s business what the user is doing by rejecting Google’s cookies, but the profit motive means Google disrespects those human beings and data-rapes anyway.

  2. While I was a longtime, faithful user of CustomizeGoogle[customizegoogle.com] it hasn’t been updated almost a year (to the day).

    Instead, I’ve found a project that has taken over where it left off, called OptimizeGoogle [optimizegoogle.sourceforge.net] It does everything that CustomizeGoogle did, but has been updated to reflect changes in Google. I would hope and imagine that it will only improve from here.

  3. Wow it’s working man, i installed Greasemonkey add on and it is working fine… thanks

  4. Not a single mention of No-Script? WTF kind of n00b are you?

    • There’s a good reason I didn’t mention NoScript. While using NoScript to disable Google’s JavaScripts seems to work fine, it has some very annoying side effects. For example, Google Reader and possibly even Gmail will stop functioning if you use NoScript on google.com.

      The Greasemonkey scripts do what NoScript could have done, without the side effects.

    • Because if he had drawn attention to scripting then it people might ask about the scripting on this site.

      If you want to do your computing on corporate machines, and let businesses manage your data for you (haha, mooch through, and lose, in reality) then of course you need javascript. The whole notion of computing on computers that are not the user’s is the unstates part of Web2.0 hype, but for the users they are not always a good idea.

      Therefore JS is rarely actually needed, as I think users should choose to use the web mostly to deliver information, not to deliver applications.

  5. What about No-Script?

  6. Sorry, my post had disappeared

  7. Who is this Pieter? I was thinking, wasn’t Ryan not overly concerned with anonymous tech usage monitoring.

    • A couple of years ago, I was invited by Ryan to write for CyberNet whenever I came up with something I wanted to write about. My contributions were limited to a few articles a year but recently I started coming up with more ideas. None of my articles appear on the site without Ryan’s seal of approval.

  8. Oh, that’s cool

  9. Primary Work at Home

    This is a very helpful article. Thanks for sharing this.

  10. Paranoid much? Unless you’re doing something shady or you are a conspiracy theorist you have nothing to fear.

    Google isn’t spying on you or stealing your identity, people. The data collected is used for all kinds of completely harmless (and useful) purposes – Google History, ranking, web trends (all of the web, not just you), etc.

    Disabling referrer can cause all sorts of strange and annoying problems as well. A lot of sites use referrals to get stuff done and without them simply won’t work or won’t get you what you expected. In addition, a lot of affiliate networks use that information to pay people and to bill their clients.

    • Authority deference much? ;)

      It’s not just about whether they are watching or not.

      Computer defenses are constantly being infiltrated and circumvented in a never ending game of leap frog. And not all governments would shy away from abusing tracking technologies.

      Knowing what the exposures are is half the battle — having good tools to deal with them is the other.

      Besides, do you really want *your* tracking data to be collected and sold among interested parties? Including governments? (yours isn’t the only one to worry about)

      [eff.org]

      G

    • The thing that got me the other day was that I did a google search for Prinny (my gf’s favorite prinny/disgaea shirt died). Later, I went to a coding website that apparently used google ads. All the banner ads were filled with prinnies. This was awesome but also terrifying. I don’t want random websites showing information about searches I performed earlier in the day. Seriously uncool.

    • thats what hitler said to the people of germany as well, i think stalin said as much, as well as gadafi, etc etc etc

  11. Thank you for the excellent article! This has been very helpful. I followed all your suggestions (regarding the Google hack, though, people who want to be protected from both Google link-tracking and Google Analytics but don’t need the extra features in CustomizeGoogle or OptimizeGoogle could do what I’ve gone: block Google Analytics in the Firefox add-on NoScript ([addons.mozilla.org]) and then add the Greasemonkey Google Tracking B-Gone script you suggested in the article. I think that should work).

    • I should also mention that I have google.com allowed in No Script, so my functionality on Google is not impaired.

  12. [scroogle.org] is a google scraper int crumble the cookie and proxie your ip address. also in shttp and search window option.

  13. I simply use an addon in Firefox ‘Ghost’ its an amazing addon and shows all the tracking. So simple to use

    • Wow… even with cookie, script and web beacon filters in place, the amount of tracking this add-on found was enormous. I might write about it someday soon. Thanks for the tip, Tony!

  14. annoyed with google

    You could manually copy the url, and delete the front and the back of the url. For example, after google the tracking stuff the url for [cybernetnews.com] becomes:

    [google.com]

    If you delete everything before www, everything after .com, and replace %2f with / in notepad, that will also do the trick, through a bit time consuming…

  15. annoyed with google

    You could manually copy the url, and delete the front and the back of the url. For example, after google adds the tracking stuff the url for “[cybernetnews.com]” becomes:

    “[google.com]

    If you delete everything before www, everything after .com, and replace %2f with / in notepad, that will also do the trick, through a bit time consuming…

  16. Dresandreal Sprinklehorn

    I use the Redirect Cleaner and CustomizeGoogle Addons for Firefox

  17. Dresandreal Sprinklehorn

    I forgot you have to turn these off to Login to Yahoo Accounts

  18. To disable the HTTP referrer in chrome/chromium:

    chrome.exe –no-referrers

  19. Great solution for paranoid idiots. This info only helps you in the long run, since this data is useful for companies to offer you the most targeted content possible and not waste money on referrers or keywords that are not profitable. It’s called relevance. Who gives a crap about revealing this data anyway. You accomplish nothing, but wasting your time. Should I not know what you typed in to find my site or where you came from. Oooh i came from Google big secret. Or maybe Google is using this data and giving it to the government. Oooh exciting possibility for conspiracy theory morons.

    • @levi
      In regards to this being a waste, I have to say I disagree. Before I disabled these targeted ads, I saw tons of relevant ads throughout the Google network. That was a HUGE waste of time. There were all these distractions that were very tempting. All the ads were things I cared about, so they were hard to ignore. Now that I have disabled these (mostly using abine.com and googlesharing.net) the ads tend to be irrelevant, and therefore easy to ignore. I save a ton of time because I don’t click on the ads. Instead I stay focused on my task.

    • Levi,

      You sure have a strong opinion and laid back attitude as far as privacy. Well that is also your opinion. But if you think people who are concerned with their privacy are the idiots, then you lack brainpower. I am going to believe that you feel this way because you are young and lack reasoning skills. I choose not to believe you are that foolish.

      Privacy is a serious consideration. I suppose you can’t find a job because you air all your personal information on Facebook. Let me guess, it’s harmless right? Yeah, that’s what I thought.

      Online privacy is a real concern, it’s not always the government you have to worry about. Its ad companies bombarding you with bull**** and then sending you a erectile dysfunction advertisement because you looked at porn. All while your girlfriend looks at your monitor and wonders what you were searching for. Hopefully I make my point.

  20. I’ve created Chrome and Safari extensions to block http referrer information. Get them from here: [blog.arpitnext.com]

  21. Besides blocking sites with my HOSTS file, I run ‘free internet window washer’, I have it setup so it will scramble and wipe my cache files every 15 minutes plus it rewrites the undeletable index.dat file on start up.
    Problem solved.

    Levi, hahahahaha, sheep.

  22. Two Firefox addons I use… mainly to block the invasive google monster.
    Ghostery… a totally awesome tracking block program thingy. Love it. ghosteryD0Tcom.

    Next up, RefControl. It lets you send any referrer info you want. So, I use http;// sorrynoreferrerinfoforyou_quitlookinginmywindow.younoseybiotch.I.win
    For the google tracking corporation, I have a custom one… whenyoufallitwillbealongwaytothebottomANDeverythingfalls_evenrome.bye
    Boooyaaaa.
    Some websites require true referrer information or the won’t function correctly at all. Its easy to setup individual sites to send your true referrer info to with refcontrol. stardrifterD0Torg
    Have fun with the refcontrol boys and girls :P

    P.S. Levi is probably a lowly ad spammer, sigh.

  23. folks i’m just the perfect example,of eaten live by Spam. The extent of which (passeivly) having to abandon a perfectly good G-address. Google offered an (implyed)swim faster to escape the .com “sharks”. I thank the author, and please do not be side tracked by anyone beating the conspersy drum ,just ask do they have a clue what “taklin BIRD’s” mission was over VetNam/southeast Asia?
    P.S. spell ck would be good… I still spell shot , with an I wrs

  24. anonymouse(orhoweverdafockuspellit)

    well maybee this, going through 20proxies, and completely removing and scripts will help…..buut all in all complete anonimity is impossible….sadly…..

  25. Correct me if I’m wrong, but ultimately the only way they can track you is by your MAC address. They wouldn’t bother tracking you by IP, since almost nobody has a static IP anymore. So it all boils down to some javascript code requesting your MAC address and your browser happily sending it. You can run scripts, adblockers, etc to stop your browser from sending it in all these different ways, but why not just change it every day? Easy to do in Windows & Linux. Then every day google tracks a new you, and ultimately can’t build a real database on you.

    • That would seem to be a good idea, but unfortunately things have moved along. Google can track you via a browser “fingerprint” developed out of a combination of things like the fonts queried and loaded in your OS. If enough unique differentiating details are gathered through the browser, then your computer is identified despite a change in MAC address. Ever notice that to view most websites now, javascript is running for GoogleAPIs and Ajax? These promise web authors pretty fonts for the web page displayed, generated by Google. In that process even websites not reached through Google apps or search still send the hit to Google to download the special font needed and thus identify the website and computer fingerprint. Many of these fonts are loaded from blog software templates by amateur website builders, unaware that they are loading Google scripts onto their website. They just picked a pretty template for WordPress for instance. I’ve actually seen Google scripts running on Shopping cart checkout pages where credit card info is requested! This is all just the tip of the Google iceburg. There’s “Google Keyboard” for Android, and “Google Health” which tracks a users steps through GPS. Bottom line ….. want to stop Google spying on everything and everyone — it isn’t in an application, or setting. It’s in legislation. There are laws to protect medical records financial records, and even trade secrets for corporations like Google. Time to protect the rest of us from these deceptive invasions, and our kids. By law.

  26. With google you can also just turn off java script then you just get the URL on the search result, the script only changes URL on click or on right click. With javascript off it never changes. Of course if you are stupid enough to still use internet explorer that becomes a painful process as it is buried under pages of crap in IE setup.

    It is annoying as hell lately, i try to download PDF docs etc from search results as my reader plugin always chokes, and when i right click i always get this crap now, which makes it impossible to download the file. Never used to.

    I have to do a search, turn off javascript, right click save as, then turn java on again. Painfullll.

  27. Google Diconnect <- [disconnect.me]
    Blocks twitter google and facebook… don't surf without it.

    Ghostery <- can't believe you missed this one. Again an essential add-on IMHO.

    noScript
    Adblock+
    Cookie Monster
    FacebookBlocker

  28. You can use something called duck duck go and its a type of search engine that doesn’t track [[duckduckgo.com]]

Leave Your Comment


Message is the only required field.
Emails are not published.