frequently asked questions
How do I install TrackMeNot?
Click the 'Install TrackMeNot' link and then click 'Allow' or 'Install' in the dialog for your browser.
To adjust TMN's display, enable/disable specific features, view the query log, or adjust other options, click the TMN icon and select 'Options' in the menu.
How do I upgrade to the current version of TrackMeNot?
The browser's extension manager should alert you when TrackMeNot is updated, and prompt you to install the upgrade. If you've disabled this function or want to do a manual upgrade, simply follow the install instructions above.
Can I control the rate at which TMN sends queries?
Yes. Go to 'TrackMeNot->Options' and select an average frequency.
Can I choose the search engines that TMN queries?
Yes. Go to 'TrackMeNot->Search-Engines' and select one or more search-engines to query.
Can I control the search terms that TMN uses?
Yes, but not directly. TMN currently uses RSS feeds to generate its initial set of queries. This listed can be edited, in the options panel ('TrackMeNot->Options->RSS Feeds'), by typing or pasting in new (comma-delimited) entries to the list, then pushing the 'validate' button.
Isn't it easy for search companies (or 3rd-parties) to filter out TMN queries?
The answer here is not straightforward; even with dynamically evolving query sets and burst-mode timing, there are data-mining and machine-learning techniques which may well be able to filter TMN queries based on data patterns obtained from actual users. However, with the combination of randomized scheduling and query lengths, inclusion of changing terms from RSS feeds, and evolving query sets, we believe the difficulty for 3rd-parties is significantly increased.
Can TMN effectively hide my identity?
To the extent that a third-party tries to identify you through searches alone, TMN can potentially make this more difficult. Much depends on the search query terms included. If third-parties are using other means to identify you, e.g. through IP address, browser fingerprinting, or information from your ISP, TMN will be of little use.
Isn't it a good thing that search companies keep track of my search history?
In a perfect world, where search companies and other 3rd-parties could be trusted, such histories would serve all of us well and promise greater functionality to both companies and individual searchers. However, as long as search companies and other trackers unilaterally develop and pursue policies that don't take seriously the interests of individuals, society, and standing political and social values, individuals will have to make a choice between convenience and privacy.
Why is TMN so concerned with keeping control in the hands of individual users; as opposed to other strategies which use 3rd party servers/proxies?
The larger intention of TMN is to challenge the current practice of search companies, and other 3rd-parties, of unilaterally setting policies on the collection and use of personal information. We think users should have a say; we think search companies should listen. To level the playing field, we have sought to create a mechanism that places some degree of control back in the hands of users.
Won't software like this make it harder for the government to catch real criminals (or terrorists) who might be using the web for nefarious purposes?
We are unaware of any instances in which the analysis of search queries has helped law enforcement or security agencies deter or prosecute criminals or terrorists. Constitutional principles, however, place limits on what the government can and cannot do in such investigations. A targeted search on a particular individual's online activities (once probable cause has been demonstrated) is unlikely to be affected. TMN may, however, make unconstitutional 'fishing expeditions' more difficult, which is consistent with the values of a free society.
Will widespread deployment of TMN eventually 'clog' the search engines it queries?
TMN no doubt places some additional load on search engines (though TMN requests are tiny compared with other types of web-traffic -- e.g. images, animations, music, video, etc.). How much and how serious the impact will depend on the number of users and their use patterns. Our intention (and expectation) with TMN is that its effect on search engines will be minimal. Further, universal deployment of TMN is not a goal of the project. Rather, we hope to offer a level of protection to individuals who may feel threatened by the practices of search engines, and to afford such users a small voice in the emerging debate on such practices.
Does TMN ever simulate click-throughs on links that come up from "fake" searches?
Yes, TMN selectively "clicks-through" on links returned from its simulated searches.
What kind of guarantees can TMN make regarding privacy protection?
We can make no hard guarantees without further evaluation measures; however, we believe that search companies may need to go to considerable trouble to separate user-generated from TMN-generated searches. Further, any such filtering efforts are likely to contain some number of false positives.
If one of the search engines were to come up with a new technical mechanism that could defeat TMN, how would you even know?
There have been changes to which we have been able to respond, but there may be current or future mechanisms of which we are unaware and hence not able to respond to.
How random is TMN's random timing mechanism. Isn't it likely that a search engine (using the massive amount of user data they've already collected) could distinguish any randomomized mechanism from real user search behavior?
With sufficient time and resources, search companies could likely detect a majority of TMN searches with some certainty. We are continuously improving TMNs timing mechanism to mimic, more closely, real usage patterns. One example of this is 'burst mode' which schedules TMN queries primarily when users are actually searching, thus avoiding 'patterns' in TMN's randomness.
How is this different than a (Distributed) Denial of Service attack or spamware?
In providing a way for individual users to assert their privacy rights in web-search, we believe TMN is a legitimate use of network and computing resources. Although we understand that critics may use such rhetoric to cast doubt on our efforts and intentions, we are confident that by all common understandings, TMN is neither DDoSware nor spamware. Here are definitions from Wikipedia.
"a denial-of-service attack (DoS attack) is an attempt to make a computer resource unavailable to its intended users. Typically the targets are high-profile web servers, and the attack attempts to make the hosted web pages unavailable on the Internet." (Wikipedia, March 29 2007)
"Spamming is the abuse of electronic messaging systems to send unsolicited bulk messages, which are generally undesired." (Wikipedia, March 29 2007)
"Spamdexing is any of various methods to manipulate the relevancy or prominence of resources indexed by a search engine, usually in a manner inconsistent with the purpose of the indexing system." (Wikipedia, March 29 2007)
How have the search engine companies responded to this project?
I read Bruce Schneier's review that said TrackMeNot doesn't work; is he right?
No. First, his comments targetted the initial alpha release of TMN which is significantly different from the current version. Second, he misconstrues the goals of TMN.
I would love to use TrackMeNot; why doesn't it work with browser X?
As an open-source, academic research project, our resources are limited. However we would be happy to collaborate with those interested in developing TMN for other browsers.
I would love to use TrackMeNot in my language; is it supported?
We have been working extensively to make TMN easily translatable into more languages. There are currently versions in Danish, German, French, Croatian, Dutch, Portuguese and Chinese. We would be happy to collaborate with anyone wishing to extend TMN to their language!
There are several projects that claim to protect privacy in web search (e.g., Tor, Anonymizer, etc.) Which is most effective? Should I use TMN instead of these others?
The use of TMN does not preclude the use of any of these other technologies and the highest degree of protection will likely be obtained with some combination of approaches; i.e., Tor, TMN and manual cookie-management.
Google sends me to a 'sorry' page and tells me that it suspects my machine of being infected with spyware or a virus, and even prompts me for a captcha when I try to search. Did the search engine detect TrackMeNot?
This is not a response to TMN in particular. However, some search engines have begun to block (and/or request CAPTCHAs) from IP addresses that issue a high number of queries. If you experience this behavior, we recommend that you configure TrackMeNot with a lower query rate (10 queries per hour appears to work well) and enable 'burst-mode.' This not only alleviates the strain on search engines that TMN might be causing, and allows you to avoid the CAPTCHAs, but also better mimics real human activity.
What is the difference between 'stealth' and 'tab' modes?
Stealth mode issues TMN queries in the background of your browser (via XHR requests) at the given average rate you select. You will not see these queries being made unless you click the "Show logs" button in the options. In tab-mode, queries are run in a dedicated browser tab that can be inspected by users. Generally-speaking, we recommend tab-mode as it exactly mimics the format of user-initiated queries, however some users may find the extra tab to be distracting, and may thus prefer to use stealth mode.
What is 'burst mode'?
Burst mode sends out batches of queries searches to a specific engine when the user is actively searching on that engine. This mode helps to further reduce the patterns that may form when TMN is working so that search engines do not pick up on TMN's query timing.
How does the query set 'evolve' over time?
See "Dynamic Queries" below.
How do I add a new search engine?
To add a search engine, go to the website of the search engine you want add.
Then search "TrackMeNot" in the search box.
When the search is loaded, copy the link that in your browser.
Then go back to the TrackMeNot option's page find the "Search Engines" section.
Click the "+" icon
And, paste in the URL you have copied from your preferred search engine and TMN will validate it.
What does 'keywords monitored by DHS' mean?
The U.S. Department of Homeland Security (DHS) released (see article here) a list phrases they track as potential signs of criminal or terrorist activity against the U.S. For that reason, TMN uses this list as terms for TMN to avoid. You have the option to change this setting if you prefer.
What if I don't want certain words to ever be searched? What is TMN's 'blacklist' ?
The blacklist is a user-provided list of words that will never be searched by TMN.
To add to the blacklist, simply add a comma separating every word or phrase you want in the list.
Can you explain the various options/features that TMN provides?
TMN's employs a dynamic query mechanism which 'evolves' each client (uniquely) over time, parsing the results of its searches for 'logical' future query terms with which to replace those already used.
Note: since the query list is continually evolving according to TMN algorithms, changes made by hand-editing this file will be overwritten.
TMN now 'clicks-through' on some percentage of its searches by selecting and navigating to links received in the search result to further simulate user behavior.
TMN parses RSS feeds in two cases: a) to generate some portion of its initial query set and, b) to occasionally make substitutions in this list with new RSS data. While a default set of RSS feeds is provided (for each supported language), TMN users can edit and/or add new feeds in the options panel. To do so, change the text in the RSS text field (in the options panel), then click the 'Validate' button. To revert back to the default set of feeds, click the 'Use Defaults' button in the options panel.
This button allows the user to view the current state of TMN's evolving query-list (see below for description).
TMN offers 3 modes for logging: 1) 'disabled' - no logs are written, 2) 'normal' (no options checked) - logs are kept for each session and then deleted when the browser is closed, and 3) 'persistent' - each session is appended to the log which remains indefinately (Note: although TMN logs are not large, the user might want to occasionally clear them (via te 'Clear Log' button when using this mode).
The 'Show Log' button allows the user to view a snapshot of TMN's log state (refreshing the browser window will keep this view current); The 'Clear Log' button, will (as expected) clear and re-initialize TMN's log.
TMN offers 3 modes for logging: 1) 'disabled' - no logs are written, 2) 'normal' (no options checked) - logs are kept for each session and then deleted when the browser is closed, and 3) 'persistent' - each session is appended to the log which remains indefinately (Note: although TMN logs are not large, the user is responsible for occasionally clearing them in this mode).
These checkboxes control TMN's status bar -- if 'Show Queries' is unchecked, TMN queries are not displayed as they are sent; if 'Show Status' is unchecked, no messages are displayed in the status bar at all.
Rather than sending queries only at randomized intervals, TMN (in burst-mode) recognizes when the user performs a search, then sends a 'burst' of queries over the next few moments to simulate actual user behavior. As of version 0.6.x, burst-mode further mimics user behavior by selecting longer queries and permuting them to form a number of smaller "thematic" queries.
TMN recognizes when a 'real' search is being performed by a user and acts on this information in a variety of ways (see below).
Dynamic URLs/Header Matching
TMN now keeps track of where (for each search engine) you've last searched and uses that URL to send its queries (for example, if you start using the Google toolbar rather than Google's webpage, TMN will update itself to do the same). Similarly, TMN stores the header information your browser is sending out (browser type, version, OS, etc.) and mimics these in its own queries.