Cases Where Search Terms or Personal Information Remain in URLs
What you searched for or entered does not remain only in the page body.
Depending on the web service, search terms, place names, names, email addresses, reservation numbers, inquiry IDs, and similar values may be included in the URL.
If you share that URL as-is, you may hand the other person information that was not written in the body text.
For anonymity, search terms and personal information left in URLs are easy to miss.
This article organizes what kinds of URLs are likely to contain search terms or personal information, and what to look at before sharing.
How Search Terms Remain in URLs
In search services and site search, search terms may enter the URL as a query string.
For example, an explanatory URL might look like this.
sample.test/search?q=privacy
Here, q=privacy indicates the search term.
If you share this kind of URL, the other person learns what you were searching for.
Search terms can show a person's interests, investigation targets, worries, place of residence, affiliation, illness, legal consultation, workplace trouble, and similar matters.
Search terms relate to anonymity because they show what the person was investigating.
Situations Where Personal Information Remains in URLs
In addition to search terms, values close to personal information can also enter URLs.
Situation
Information that may remain in the URL
Caution
Site search
Name, place name, workplace name, school name
What was searched for is visible
Map service
Address, station name, facility name
Routine places or destinations are visible
Reservation site
Reservation number, date, number of people
Can be linked to planned activity
Inquiry page
Email, name, inquiry ID
May be close to a direct identifier
Translation service
Part of the entered text
Content or investigation target may be visible
Not every service puts personal information into URLs.
However, if you do not check before sharing, you will not know whether it is there.
Personal Information in URLs Is Not Obvious
Personal information in URLs is less obvious than body text.
Because it is buried inside a long URL, even the person sharing it may not notice.
Information
Why it is easy to miss
Effect on anonymity
Search term
Appears in the latter part of the URL
Reveals interest or investigation target
Place name
Appears as a parameter value
Reveals routine places or destinations
Email
Mixed into autofill or sharing links
Becomes a direct identifier
Number
Related to reservations or orders
Can be linked to activity history
Name
Remains as a search target or form value
Indicates the person or related people
When posting anonymously, deleting names from the body text is meaningless if a name remains in the URL.
Check body text, images, files, and URLs as a set.
Order for Checking Before Sharing
Check whether search terms or personal information remain in a URL in the following order.
Order
What to check
Reason
1
Look after ?
Search terms and input values are likely to enter there
2
Look for q, query, search
Search terms often remain
3
Look for name, email, user
See whether direct identifiers are included
4
Look for location, address, place
Check place names and routine places
5
Look for order, ticket, reservation
Avoid reservation or application information
If a found value is not necessary for sharing, delete it.
If deleting it changes the page, consider whether you need to share that URL.
For URLs that contain personal information, it is safer to look for a separate sharing URL than to format and use the original.
When Sharing Search Result URLs
When sharing a search result URL, the search term itself may be the purpose.
For example, this can happen when you want someone to look at "these search results."
Even in that case, check whether values other than the search term remain.
Depending on the search service, values related to region, language, advertising, session, and usage environment may be attached in addition to the search term.
Also, if the search term shows the person's interests or investigation target, it is safer to share only the URL of the page you want to show, rather than the search result URL.
Situations Requiring Particular Caution for Anonymity
In the following cases, search terms or personal information inside URLs become strong clues.
You are investigating information related to a workplace or school
You are searching for a region, station, hospital, store, administrative procedure, or similar item
You are searching for a real name or old handle
You are looking for materials related to whistleblowing or reporting
You are searching for the names of family members or related people
Even if these search terms do not identify the person by themselves, when connected with post content or time, they become strong material for correlation.
Judgment When You Find Personal Information
If you find personal information or search terms inside a URL, do not simply delete them and finish.
Separate information that can be deleted from information that should not have been shared in the first place.
Information found
Judgment
Reason
Search term
Delete it if needed, or share only the page you want to show
Shows interest or investigation target
Place name
Consider whether it is necessary for the sharing purpose
Shows routine places or destinations
Name
As a rule, do not share
Close to the person or related people
Email address
Do not share
Becomes a direct identifier
Reservation number or order number
Do not share
Close to behavior history or application information
When personal information remains inside a URL, that URL is often not for publication.
Look for an official public page or a sharing link that does not contain personal information.
When unsure, break the URL down until you can read it aloud.
If it contains search terms, place names, names, or numbers you do not want to show to someone else, do not share that URL as-is.
Search Traces Remain Outside URLs Too
Even if you remove search terms from the URL, the search behavior itself does not completely disappear.
If you are logged in to a search service, search history may connect to the account.
History remains in the browser. On workplace or school devices, device management and network management records may be involved.
For anonymity, check not only the URL, but also which environment you searched in.
Place
Information that may remain
Search service
Search terms, time, login state
Browser
History, , input suggestions
Device
Clipboard, screenshots, notifications
Network
Destination, time, traffic volume
Posting destination
Shared URL, posting time, account information
Removing information inside the URL is important.
However, it is only one part of overall search behavior risk.
Summary
URLs can retain search terms and personal information.
Special caution is needed with URLs from search results, maps, reservations, inquiries, translation, and site search.
Even if you do not write a name in the body text, if a name, place name, email, search term, or reservation number remains after ? in the URL, anonymity becomes weaker.
Before sharing, check q, query, search, name, email, location, address, token, and similar values.
If an unknown value remains, do not treat it as safe. Look for another sharing URL or delay sharing.
A URL may seem outside the post body, but in practice it is part of the published information.
Related tools
OSINT directory
OSINT Framework
An external resource related to this article. Open it only when it fits your situation and threat model.
Why it is listed: It can help with the article topic, but it is outside Anonymity Sense and should be checked before use.