Generally, a search engine will keep a record of a user about the websites he ever went and the past searches he had submitted to improve its performance. Similar to a spy tracking and tracing the footpath, a search engine will inevitably violate user's privacy as the record will reveal the user's personal information or the institution he works for. To protect user's privacy, Castellà-Roca et al. proposed a protocol called Useless User Profile (UUP), in which it provided a distorted user profile for a web search engine such that the web search engine cannot generate a real profile of a certain individual. One of the significant advantages lies on that their protocol requires no change in the server side and the server is not required to collaborate with the user. However, to claim security guarantee of new image cryptosystems is meaningful only when the cryptanalysis is taken into consideration. The UUP protocol was claimed to be secure; however, a potential collusion attack is pointed out. In order to benefit the advantages and contribution of Castellà-Roca et al.'s scheme, this paper redesigns a security-improved version by simple modification to remove the possible security concern. Precisely, to correct the shortcoming, the authors suggest the user's query be encrypted firstly by means of the server's public key and then each answer also be encrypted by a session key.