Are Google, MSN, and Yahoo! watching your company’s
research? Yes.

Do governments have access to a lot of these records? Yes.

Does this concern you? If you said no, then you probably aren’t paying attention.


It’s been a quiet week on the security front, which offers a
good opportunity to explore some security best practices. One data security
issue users rarely think about is search security—in other words, when you
search for something on the Web, who knows about it?

Several mainstream search engines have been in the news
lately concerning their censorship and data retention practices. However, hot
search engine doesn’t bow to censors or collect detailed information
on searches.

Considering all of the concern that encryption and lost data
are getting these days, it simply amazes me how little thought companies give
to who might be looking at the research they’re doing on the Internet. Most
search engines keep vast databases about every contact with users. Anyone who
gains access to these files can learn a great deal about individuals,
companies, and any research they’re doing. That includes research on
competitors, new product ideas, pricing, and other confidential topics.

Although Google recently put up a fight to
keep search records from the federal government
, some other search engines
quickly yielded vast amounts of data. In fact, many search engines assist
repressive governments in locating dissidents, so they must be tracking the
origin and content of searches. However, there’s one free search engine that collects
only minimal information—and it goes by the strange name of Clusty the Clustering Engine. is so advanced
that Vivisimo, the company behind the technology, has a contract to organize all public access to U.S. government
information through the Web site—a job so big that the company took
on Microsoft as a subcontractor. But, while impressive, there’s a far more
important security reason why you should familiarize yourself with this search

While Clusty servers have to record some information and
obviously must log the initial query to perform a search, they do not log which search results a user follows.
Many people don’t realize that after the initial search, most search engines
also pass follow-up selections through their servers before sending along a
request to the source.

For example, if you search for poison on Google, it records all of your selections.
doesn’t do that—so there’s no record of whether you’re reading about poison ivy
or arsenic.

What that means is that if’s owners get a
subpoena for search records, they actually have no detailed records to turn
over—the ultimate in secure research. (Of course, clicking one of the few
sponsored links will obviously record that information, which is how they bill

Those of you in countries that require Google and other
sites to censor search results—or who do business with people in such countries—should
note’s statement on censorship: “Neither nor censors search results. That is, neither site removes from its
output, in an ad-hoc manner, politically-oriented search results that would
otherwise appear and that would be objectionable to governments or would be
unlawful in unelected, non-democratic regimes.”

In contrast, consider Google’s announcement in January that
it would censor
content on its Chinese Web sites
to meet Chinese government requirements. In
addition, reports have also surfaced that Google and Yahoo have helped China jail
and removed e-mail and blog services from Chinese sites. According
to The Register, Microsoft has blocked
searches on such dangerous words as democracy
and freedom
from the Chinese MSN

The most insidious thing about censorship is that the governments
that force it on companies might also forbid those companies from telling the
affected users about such practices. And in my opinion, if there’s anything
worse than censorship, it’s secret censorship.

If you’ve never tried, I think it will amaze you
how quickly you can find the information you want. Instead of providing results
based on popularity, sorts them both for relevance and places them
into categories.

For example, if you search for Americans with Disabilities Act, Clusty indexes results so you can
go directly to Employment, Rights, Technical Assistance, or whichever category
you’re interested in. By the way, Clusty offers both Internet Explorer and
Firefox toolbars.

So, take some time and explore, and don’t miss
the search engine’s special features. Particularly, check out Clusty Jobs, which
lets you sort jobs by title and location.
You can even search by keyword and
ZIP code. Whether you’re looking for a job or you’re an employer trying to
gauge the employment market, this feature can provide a wealth of information.

Final word

My final word this time is a disclaimer: I personally know
the founders of—they are all from Carnegie Mellon University in
nearby Pittsburgh. However, I should also point out that I am a certified
Google Answers researcher and that I have no financial connection with

Of course, is completely free for users, so I
feel comfortable recommending this great search site with its very impressive
user-friendly technology to all my readers. Personally, this is the only place
I would conduct sensitive research, and I recommend it to all of my clients. And
I’m not its only fan: Time magazine
listed as one of the top 50
Coolest Web sites of 2005

Also watch for …

Miss a column?

Check out the IT Locksmith Archive,
and catch up on the most recent editions of John McCormick’s column.

Want to stay on top of
the latest security updates? Automatically
sign up for our free IT Locksmith newsletter
, delivered each Tuesday!

John McCormick is a
security consultant and well-known author in the field of IT, with more than
17,000 published articles. He has written the IT Locksmith column for
TechRepublic for more than four years.