Disconnect Search, Built By Ex-Google And Ex-NSA Engineers, Lets You Use Google, Bing And Yahoo Without Tracking

Started as a side project by then-Googler Brian Kennish back in 2010 to cut out ad tracking during a person’s Facebook browsing session, Disconnect has gone on to raise funding (twice), to work on multiple browsers and sites, and create apps for specific users (e.g., kids), and take on more engineers, including two more from Google and one from the NSA. With its apps now used by 1 million people every week, Disconnect is now tackling the most popular way that people discover content online today: search engines. Today, the company is launching Disconnect Search, an extension for Chrome and Firefox browsers that lets users searching on Google, Bing and Yahoo, as well as Blekko and DuckDuckGo, remain private while doing so.

The extension works both on the search portals’ main sites, as well as through a browser’s omnibox (in the case of Firefox) or browser bar (in the case of Chrome). (The “search from everywhere” feature is still in beta.) Disconnect says that it has applied for patents to protect the proprietary way in which it does this.

Casey Oppenheim, the former consumer rights attorney who is the co-founder of Disconnect with Kennish, points out that search engines, partly by virtue of being a portal to everything else, are often some of the most invasive when it comes to a user’s privacy. “Your searches are anything but private,” he noted in a statement. “Search engines, and even websites and Internet service providers, can save your searches and connect them to your real name through your user accounts.” Indeed, if you’ve been logged in to your Gmail or another Google service and then visited Google.com, you’ll know exactly how this works.

Somewhat more alarmingly, this happens even when you’re not logged in to another service, notes Patrick Jackson, the ex-NSA engineer who is now CTO of Disconnect (he also was behind the neat kids app Disconnect launched in August). “Even if you never log in to an account, search engines and many websites typically save your searches and connect them to an IP address, which can allow companies to uniquely identify your computer.” A technique, I guess, an NSA engineer would be all too familiar with.

Disconnect Search works along four channels, the company says, with some of the method taking a hat tip from VPN tunnelling services that mask your IP address:

— Search queries are routed through Disconnect’s servers, “which makes the queries look like they’re coming from Disconnect instead of a specific user’s computer,” the company says.

—  As a result, search engines are prevented (blocked) from passing keywords to the sites that are visited from search results pages.

— All queries are encrypted, which prevents ISPs from seeing them.

— And on top of this, Disconnect doesn’t log any keywords, personal information, or IP addresses after it routes your query to its own servers.

The results do not come through in any noticeably different way to users. They remain “native” to the search engine in question, just as users can engage on the sites in the same way that they already do. The two searches I did when testing out the product, one using the Disconnect Search filter and one not, more or less produced a similar set of results. There is a very slight delay in delivering those results via Disconnect Search.

(Chrome, with Disconnect Search)
Disconnect Google Chrome

(Safari, without)
non-disconnect safari

As with Disconnect’s other products, the idea longer term will be to build out specific paid services that offer users additional features; and I wouldn’t be surprised if we see the company also move into specific solutions that might work with organizations that have their users sit behind firewalls that today may prevent those users from accessing the full Internet for reasons for security and privacy protection (this is, for example, the case with some networks in government organizations).

But for now, Disconnect Search, as an unpaid service. remains a strong example of why it’s not always the case that if you are taking a free service, you by default become the product.

Note/Update: Just to be clear, while Disconnect can help with user privacy around areas like ad tracking by search engines or other companies, this doesn’t necessarily mean Disconnect can be thought of as a total privacy barrier against other forces like the government, as pointed out in the comments below.

I put the issue to Oppenheim and he explains it like this: “Based on recent revelations, people shouldn’t assume that Disconnect or any other organization can prevent the government from accessing your search queries. Disconnect Search focuses instead on preventing companies from accessing your searches.” So a help, but until the Feds change their policies, not a total block.