how to check search history

Illustration by Max Fleishman

How police can access your browser history

From search warrants to the Tor Browser, here's what you need to know about police accessing your internet history.


Andrew Couts


Posted on Aug 23, 2016   Updated on May 26, 2021, 5:11 am CDT

The kindest thing you can do for a person after they die—or even just sell you their used computer—is to delete their browser history so no one knows the secrets it holds.

From our politics to our health to our porn, where we go online says a whole lot about who we are and what we do when we think nobody else is looking. Most of the time, our travels on the web are innocent. But that doesn’t mean we’d all look like upstanding citizens if a stranger started combing through our browser histories.

The potential for authorities to gain access to people’s browser histories greatly increased in the United Kingdom, where the government recently passed the Investigatory Powers Bill, aka the Snooper’s Charter, which allows the collection of phone calls, texts, and browsing histories, even if the people targeted aren’t suspected of committing any crimes.

So what about in the United States: Can police see your browsing history and other things you do online? The short answer is, sometimes. Here’s a breakdown of how police can access your browser history and what steps you can do to help keep it secret.

Get a warrant

Under the Electronic Communications Privacy Act, police can access some of your internet data with a simple subpoena, which investigators can obtain without a judge’s approval. But a subpoena will only give police things like the IP addresses you used to access certain sites or online services and not much more than that. The next level of access is a ECPA court order, which gives police access to more information about your online activities but still doesn’t include things like browser histories, emails, or files. For that, police need a search warrant.

Police can obtain a search warrant for your browsing history “in any instance where the police affiant can convince a judge that there is probable cause to believe that the suspect’s browsing history contains evidence of a crime,” according to Stephanie Lacambra, a criminal defense staff attorney at the Electronic Frontier Foundation.

“I have seen judges authorize ‘cell dump’ warrants that include a suspect’s browsing history and account login and password information in attempted murder, possession of child pornography, and domestic violence cases,” Lacambra says, “but there is nothing stopping police from applying for warrants in drug cases or theft cases.”

Straight to the source

Unlike, say, your Google Search history (which we’ll touch on in a minute), police will most likely attempt to access your browsing history by pulling it from your machine, whether that’s a desktop computer or a smartphone.

To access what’s stored on your phone, police use mobile forensics software called Cellebrite, which can pull all types of data that you may not even know is lingering in the dark corners of your device’s memory. And similar tools exist for PCs as well, giving law enforcement some CSI: Cyber-level capabilities.

“The Cellebrite software allows police to directly download browsing history from a suspect’s cellphone,” says Lacambra. “There’s no need to go to a third-party internet service provider to get this information. With a desktop, the browsing history is often stored locally. There is negligible difference in the digital footprints left behind when web browsing via desktop or mobile device.”


Spying in real time

Sometimes, a search warrant simply isn’t good enough for the cops—they need to watch what you’re doing online in real time. To do this, police will install malware on a suspect’s computer that serves as a digital wiretap, giving them access to everything you do on the internet.

We’ve seen a variety of instances in which the FBI uses malware while investigating users on the dark net, which can be accessed through anonymity tools like Tor. In fact, at least one person who worked for the Tor Project, the nonprofit that develops Tor’s privacy technology, later designed malware for the FBI to use in investigations for things like child pornography rings.

If you happen to be targeted by police malware, you probably don’t even know about it, says Lacambra. It is possible, however, to figure out if you have law enforcement malware installed on your machine, and it’s even possible to remove at least some versions of this type of malware—if you have the right level of technical know-how.

does the government monitor internet searches
Screengrab via YouTube

“With a large degree of technical expertise, [a person] could use tools to disassemble it and determine what it’s doing, if they had a sample of the malware,” she says. “Alternatively, they could send it to a malware lab for disassembly. This is generally not within the ability of most users, though.”

Lacambra says it’s also possible to use something called a packet-sniffing tool to see if your computer is connecting with law enforcement-owned IP address. But again, this requires a high level of technical skill and the ability to pinpoint the data that will tell you if you’ve been targeted. Another option is to reinstall your operating system or to simply use a different computer to do, um, whatever it is you really don’t want anyone to find out about. “These techniques may or may not work, though, depending on how well engineered the law enforcement malware is,” Lacambra says.

Going through the side entrance

For something like Google Search history, police can also go straight to a company to gain access to your records. According to its most recent Transparency Report, Google received 12,523 criminal legal requests for user data in the U.S. in the last six months of 2015. Of those, 7,250 were subpoenas, 1,056 were court orders, and 3,716 were search warrants. Google says it honored the search warrant requests 85 percent of the time.

Google doesn’t go into detail about what it handed over to investigators, but it is theoretically possible that police gained access to these targets’ search histories, emails, documents, and more. Furthermore, Google of course isn’t the only company law enforcement can serve with a search warrant; your internet service provider (ISP) or email provider are also a wealth of information about your online life.

Lock it down

If you’re concerned about your browser history making its way into the hands of police (or even just a snooping roommate), there are things you can do to keep your internet activity more private.

The first, of course, is to use Incognito Mode on Google Chrome or Private Browsing Mode on Firefox, which will “ensure that traces of the sites you’ve visited are not stored locally,” says Lacambra. Another option is to use a tool that protects your privacy. Lacambra recommends Privacy Badger, a tool created by the EFF, which limits the number of tracking cookies that are installed on your computer while you surf the web, as do ad-blocking tools like uBlock Origin.

To really beef up your online privacy, however, you need to install the Tor Browser. Trusted by everyone from journalists and dissidents in countries that serve harsh penalties for subversive activities to criminals selling drugs on the dark net, the Tor Browser encrypts all of your internet traffic and bounces it around through different IP addresses before connecting to any website. This makes it extremely difficult for authorities to figure out what you’re doing online. Lacambra calls it the “best way to protect your privacy from your ISP or local authorities that are able to tap into your connection.”

“The engineers of the Tor Browser have done a lot of work to make sure that the bits of information browsers leak about users can not be linked back to users’ personal information or identity,” she adds.

Of course, the easiest way to reduce your anxiety about police accessing your browser history is to not break the law. But that’s not going to make your searches for “can police see my internet history” any less suspicious.

Share this article
*First Published: Aug 23, 2016, 5:00 am CDT