Many users spend a great deal of time interacting with others over global communications networks such as the Internet. In doing so, users can engage in many interactions that indicate their personal interests, especially when conducting searches. Furthermore, users' online behavior can allow others to personally identify them by analyzing server side records, without users' consent or knowledge. This can create privacy concerns, which can be amplified when an ad network syndicating advertisements across a plethora of websites collects data about users from all affiliate sites, and can extract personal identifiable information and other information that users of these sites would not want revealed. Further yet, this information can be combined with search information to uncover users' specific interests and intent along with their online behavior patterns.
Some browsers have addressed users' privacy concerns by including optional privacy browsing modes. Among other things, these modes typically prevent cookies from being stored on client machines. However, this prevents users from benefiting from the convenient features that cookies can provide, such as persistence and automatic login to websites. In addition, such modes do not conceal some user information, such as a user's IP address, from ad networks, search engines, and other services.
Some server-side services have provided cookie-based opt-outs. In such schemes, an opt-out cookie is stored on a user's client machine, indicating that the user does not wish to be tracked by the server-side service. However, such cookies can be inadvertently deleted when a user deletes other browsing cookies. In addition, the user is still not in control of the server-side service's actions, and the server side service still has a motive to track the user to obtain the user's information. Moreover, the lack of tracking can prevent the user from benefiting from targeted information that a server-side service could provide to the user.
Some server-side services do periodic server side cleansing or expiration of server logs. However, the users do not control the cleansing and expiration, and the server-side services still keep the user's information until it is deleted according to a cleansing or expiration scheme. In addition, such expiration and cleansing can diminish the server-side service's ability to use targeting to provide useful information to the user.