CFG.Search

(That's "Cookie-Free Google Search")

So you want to search on Google without sending those - evil? - cookies, and hopefully not ever have to deal with situations like this one? (Other links to that story here, here and here - or simply search Google for "User 4417749")

Then, if you use the Firefox browser, we have a Firefox extension that might help you out a bit.

Table of contents

What is a cookie
What kind of cookies does Google use?
So what's the big deal
What's the problem if I disable Google cookies
So what do you have for me
What else can CFG.Search do?
After doing a CFG.Search, Firefox says that cookies were sent
Some caveats
What if bad people use this extension to hide themselves
Conclusion
Download
Support CFG.Search
About the author

What is a cookie

If you don't know what a cookie is, start by reading this or this.

<< Back to the top

What kind of cookies does Google use?

In a very broad way, Google mainly uses three kinds of cookies:

A cookie that is set the first time you do a Google search and then sent to Google for every new search you do. The cookie is supposedly used only to keep track of your search preferences, but it also sets a unique ID, that apparently serves no purpose but that many peole believe it is likely tied up to any future searches you do from your browser. We'll later refer to this cookie as the GUID cookie.
There's been a big deal of controversy around this cookies, and there are countless theories about why this cookie is being set/sent. Whether Google is using it or not, it is true that it could easily be used to group whatever searches you do under a unique ID.
Cookies to identify you to some of the services offered by Google that require identification, such as GMail, adWords, adSense, etc. These cookies can - and in some cases certainly do - identify you as an individual, linked to additional personal information such as your name, phone number, address or whatever other information you submitted to Google when you registered to one of such services.
Cookies that keep track of a few other things.

<< Back to the top

So what's the big deal

The deal, big or otherwise, is that whenever you do a search in Google, unless you've completely disabled cookies when accessing Google web sites, Google can keep track of what you've been searching for.

So if you don't want Google to associate what you search to your Google account, or you simply, don't want them to be grouped as "user XYZ searches", the best thing you could do is to disable cookies associated to all of Google's domains.

<< Back to the top

What's the problem if I disable Google cookies

Well, if you often use other Google services, whenever you want/need to access them, you have to re-login.

Also, if you've set some search preferences, by not allowing Google cookies, you're left with the default preferences.

That means that if you're checking your GMail mail, and then wish to do a Google search, you'd need to go to your browser preferences, delete and disable cookies for the Google domains, do your search, and when you're done, relogin to your GMail account - and be careful not to do a new Google search without repeating the process!

Would anyone actually go through that trouble for every search they do?

<< Back to the top

So what do you have for me

We have a simple Firefox extension (sorry, no IE, Opera, Safari etc. plugin at this moment) that adds a small toolbar from where you can do Google searches without sending any cookie whatsoever to the Google server. Yet, your Google cookies (assuming there's any) will still be in your browser, so you can continue using GMail or whatever Google services you use.

You can see here a screenshot of the browser with the toolbar installed, right after having searched for the term "cookie":

Note the "Sign in" link on the top-right corner. Despite I was logged into my GMail account, after using the CFG.Search box Google didn't get any cookie from me and so rather than showing a "Sign off" button, it invited me to "Sign in". Yet, I could then go back to my GMail account and continue checking my email.

Also note that as mentioned earlier, Google saves and uses other cookies not used to identify the user. Those cookies are also not sent when using the toolbar's search box.

Basically, using the CFG.Search toolbar, no cookie is sent to Google whatsoever at the moment of executing the search.

Not only that, but because when you search Google using CFG.Search no cookie is being sent, Google thinks you really don't have any cookie set and tries to add/set a new GUID cookie, resetting in fact any previous GUID cookie you might have had. And for every CFG.Search you do, Google will try to reset the GUID cookie with a new one, making it a bit harder to group your searches around that ID should you later accidentally do a search directly from Google instead of from CFG.Search.

<< Back to the top

What else can CFG.Search do?

CFG.Search - which by the way does not mean "Config Search" or anything like that but comes from Cookie-Free Google Search - offers a bit more (not a lot) than a cookie-free Google search box:

First, you can also do cookie-free searches on Yahoo! (only web searches so far) and Amazon.
For Google, you can do a web search, image search, video search, news search or groups search (more may be added in future updates).
If you don't usually search from www.google.com, but say, www.google.com.ar, you can select what Google domain you'd like to use - out of all available Google domains - and set that domain as your default
Same for the locale (language). If you'd rather set the locale to Spanish, French, Cambodian, Chinese or Esperanto, you can set it from the Options dialog.

Note that some sites may not have all of the image/video/etc. sub-sites implemented. For instance, if you select google.gm as your default site and do a video search, you will get a "video.google.gm domain not found". If you run into that error, we suggest you go back to the default google.com. Similarly, not all locales will work on all sub-sites, although in this case you don't get an error but Google will default to English automatically.
Also note that the site and locale options only apply to Google searches, not Yahoo! or Amazon.
The toolbar has two Prev/Next Page buttons, so you can very easily navigate to the previous or next results page, cookie-free of course. Regardless of the cookie issue, I have found this to be particularly useful while searching for images - if you have a screen big enough to show all thumbnails of a results page, you don't have to scroll down to go to click on the next page link (in fact if you use CFG.Search, you shouldn't), and browsing from one page to another becomes much easier.
The search box is flexible, so you can enlarge it or shorten it as you like.

By the way, just to make it clear, CFG.Search has no Spyware or Adware of any type and does not save anything in your computer (except your site and locale preferences) or anywhere else. Zero, zip, nada! What would be the point of adding Spyware to a produt supposed to add privacy to your searches anyway?

The only thing that CFG.Search has, somewhat a bit out of the loop, is that the Amazon search contains an affiliate link in it (ours) but the search itself is "cookie free". There are no affiliate links of any type for Google or Yahoo! searches.

<< Back to the top

After doing a CFG.Search, Firefox says that cookies were sent

So, that's what Firefox says, huh? :-)

Ok, here's the thing. When you pull out the "Page Info" for your CFG.Search results page, or when you use virtually any of the addons and extensions that claim they'll display what cookies were sent, what these tools really do is: a) Check the domain you just visited. b) Go to where all your cookies are stored and see which ones would match the rule that'd make the browser send them to that server. c) Show you those cookies - whether they were sent or not.

That is, neither the Page Info nor any of these extensions were actually "sniffing" to see whether cookies were really sent. They asume - and rightfully so - that those cookies were sent because that's what the browser is supposed to do. Righfully so, until now, that is.

If you really really want to see with your own eyes that cookies are not sent when you use CFG.Search, and the "Sign in" clue mentioned up here didn't convince you, you could download a TCP/IP sniffer - preferably one than can display the captured packets in ASCII mode, so you can read what's being sent - and see for yourself.

<< Back to the top

Some caveats

The world isn't perfect, neither is this extension. Some things you should know beforehand:

If, after doing a search, you decide to go to the second (or third, or fourth) page of results by clicking on the results page, then you're on your own. You're clicking on a link from Google, and no longer searching from the toolbar, so whatever cookies would normally be sent to Google, will be sent.
You can get away with that by using the << and >> buttons in the toolbar:
With or without cookies, Google most likely does keep track of IP and timestamp for every search. In some cases that might be enough for Google to figure out who you are. Google would need to take a different approach in order to associate those searches to you, but this extension does not fake or hide your IP, so do keep that in mind.
If you've previosuly set certain search preferences (such as "display results only from pages in English" or "display 50 results per page"), the toolbar doesn't know a thing, and since cookies are not sent, neither does Google. We will likely try to work around that in a future version.
This one is important >> Video and image searches may occasionally send cookies to Google. That's not because CFG.Search sent the cookies when you did the search (we've made clear that it does not), but because some of the video or image thumbnails that are displayed, generate a HTTP call to Google (to request displaying the images) and cookies are sent through that call.
The good part of this is that those requests do not get associated to the search term itself but to the retrieval of the thumbnails, and that's a good thing. The bad part of it is that those requests go along with a "Referer" field - and that referer is often the URL that contains your search term.
Video searches get a bit trickier, because in addition to the thumbnails, we've noticed that most video searches rather than displaying a single page with the results, they also open a framed page at the very top (usually with the URL http://video.google.com/accountheader?url=etc... ), and when that secondary call is made, cookies are also sent, and in fact, that little frame is used to show your login info, so despite you did a cookie-free search, you'll see your login info (if you were logged in to, say, GMail) right up there. We've only seen this kind of behaviour for Video searches.
Despite this inconvenience (that we have only seen when doing video and image searches), you're still avoiding sending cookies attached to the original search URL, so we believe that it is safe to say that, unless Google is really investigating you and trying to "get you" (something we believe Google has not done so far, at least not to the knowledge of the public), your video/image searches will not end up associated to you as an individual. In addition to that, every new search you do using CFG.Search resets your GUID cookie, so despite these secondary calls send your cookies to Google, they'll be getting a different GUID value for every new search - or even every page from the same search results - you make.
This extension has been tested on Firefox 1.5.0.* browsers. We do not know whether it works on previous versions, and cannot be sure that it will work on future versions, although if it doesn't of course we will try to release working versions of the extension in the future.

<< Back to the top

What if bad people use this extension to hide themselves

This is where this FAQ becomes boring. First, we don't think there is such thing as complete and aboslute anonymity. Second, we don't hink that search engines were designed to spy on people - good or bad. Third, nobody forced Google or any other search engine to set these cookies, and if they've done it, we don't think it was mainly to catch bad guys. Fourth, well, why don't we take it to the search engines for indexing "bad" content, or to the hosting companies that host those contents and so on. And if none of these things convince you, then read again the first point, and then, the last paragraph in the next section.

Conclusions

I must say we're not particularly paranoid about a search engine, be it Google or any other site, trying to track down every search we do.

On the other hand, we see nothing wrong in limiting the information we pass on to these sites, if we so desire not to give more information than what's really necessary. However, the current "methods" to limit that information (not accepting any cookies whatsoever from these sites, etc) are too annoying to be considered a feasible option. And that's what encouraged us to develop CFG.Search. Well, that and the fun of developing a Firefox extension.

Having said that, CFG.Search doesn't give you 100% privacy when you search, mainly because it does not anonymize your IP address, but it allows you to search Google knowing that other than the IP and timestamp (something it is sent to every server of every web page you ever visit, anyway), nothing else is sent to Google. Well, nothing else except the search term you're searching for, of course (plus some general info that is always sent on HTTP calls, such as the browser you're using and other irrelevant stuff).

<< Back to the top

Download

Sounds good? Then please download and install CFG.Search from the Firefox Add-ons site. (waiting for extension approval for over a week - don't look for it there yet. In the meantime you can get it here)

Oh, and if you got here right away without reading anything else, that's cool, but please do not report a bug or malfunction unless you've read this FAQ.

<< Back to the top

Support CFG.Search

If you find CFG.Search useful and would like to support it by making a small donation, we gladly accept them through PayPal.

Of course, you are under no obligation. CFG.Search will always remain FREE and will never have ads, spyware, etc.

If you would like more information on how to send a donation with PayPal, or would like to make an instant donation right now, please click on the "PayPal Donate" graphic below:

Clicking on the PayPal button does not commit you to making a donation - you can still change your mind after clicking on the button.
If you are unable to support CFG.Search but still find it useful, you may just want to tell your friends about CFG.Search.

<< Back to the top

About the author

This is not a highly complicated extension that deserves a lot of recognition, but for the curious mind, you can visit my profile page in ZoomGroups/eGrupos for a detailed profile (name, photo, etc). Note you may find some text in Spanish in that page - that's not you hallucinating, it's perfectly normal :-) Oh and yes, that picture of me was taken at Google's HQ in Mountain View :-)

And if for whatever reason you'd like to contact me, you can do so here but you'd first need an account in ZoomGroups. If you just want to leave a public comment, you can do it at the CFG.Search blog.

CFG.Search is a Firefox extension created by AR Networks

Also, check out:

ZoomClouds (tag clouds for your blog)
ZoomGroups (your digital life, online),
ZoomBlog (advanced blogging platform)
ZoomBlast (what are your favorite videos?)
Copyright © 1999-2006 AR Networks, All Rights Reserved