Google is changing its data retention practices to make it harder to identify the specific computers used in searches.
Google's servers log information every time someone conducts a Web search, keeping data such as the keywords used, the Internet Protocol address or unique number assigned to that person's computer, and information from Web cookies, which are small bits of data exchanged between a server and a Web browser each time the browser accesses the server. Cookies are used to authenticate the user and maintain information such as the user's site preferences.
Currently, Google maintains the search data logs indefinitely. Under the new policy announced on Wednesday, which Google expects to have fully implemented by the end of the year, the company will anonymize the final eight bits of the IP address and the cookie data after somewhere between 18 months and 24 months, unless legally required to retain the data for longer. The information on specific searches will remain indefinitely, but it will be much harder to tie the searches to specific individuals or computers.
"Logs anonymization does not guarantee that the government will not be able to identify a specific computer or user, but it does add another layer of privacy protection to our users' data," the company said.
The policy change will apply to future Web search data as well as archived logs and all copies of the data stored on other servers, Google said. Users will be able to opt out of the practice and request that their search data be maintained indefinitely.
Privacy advocates in general said Google's policy change is a step in the right direction but not nearly enough to really protect Web searchers from overzealous law enforcers. Keeping the search histories could enable investigators and governments to get to all sorts of personal information about people, they argue.
"I don't think the Google proposal is adequate. This period is too long and it's not in fact data destruction, it's more data de-identification, and that should be happening in 18 to 24 hours, not months," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "I'm not persuaded that this isn't still a ticking time bomb for Google's search engine."
Richard M. Smith, an Internet security and privacy consultant at Boston Software Forensics, said Google should never be archiving the IP address and cookies on servers. "Google should not be in the spy business," he said. "By logging IP addresses and search strings they are running the largest intelligence operation in the world."
Anonymizing the last eight bits of the IP address effectively would enable investigators to narrow the IP address down to 256 possible computers or users. That would be similar to obscuring the last digit in someone's street address.
"Google should not be in the spy business. By logging IP addresses and search strings they are running the largest intelligence operation in the world."
--Richard M. Smith, consultant, Boston Software Forensics
"For most average consumers that is pretty much anonymous," because many people connect to the Internet through large companies that dynamically assign IP addresses, making it even harder to determine exactly which person conducted a search, said Ari Schwartz, deputy director for the Center for Democracy and Technology. "It is a risk, but it is better than what we have today."
Kevin Bankston, staff attorney at the Electronic Frontier Foundation, said he would like to see Google scrub the entire IP address within six months, but praised Google for making this "positive first step."
"We hope other online service providers will heed this example and work to minimize the amount of data they keep about their customers," Bankston said.
Yahoo and Microsoft have declined to disclose their exact data retention policies with respect to Web searches. AOL saves personally-identifiable search data for up to 30 days in a way that's visible to the user and uses an encryption hashing technique to obscure it thereafter, said AOL spokesman Andrew Weinstein.
"We do not keep any IP addresses in our search database, and we de-identify any associated account information through an encryption algorithm," he said. "We have also made a business decision not to keep any unique identifiers (i.e. the hashed user ID) for longer than 13 months. ..."That said, it still might contain information of a personal nature, as the data released last year clearly did."
I dont think you can call that "adding protections".
Anyway the search logging thing was solved the first go around by <a class="jive-link-external" href="http://www.blackboxsearch.com" target="_newWindow">http://www.blackboxsearch.com</a>
Also for a full proxy <a class="jive-link-external" href="http://www.mysecureisp.com" target="_newWindow">http://www.mysecureisp.com</a> is easy to use.
Instead of "anonymizing" part of the data, they need to throw it away altogether. As no _financial_ business is being conducted by these web searches, they are not required by law to retain any of it. If they believe that keeping data on logs helps them optimize their searching, they can do this with ALL identifying information removed from the get-go.
I agree...there is -NO- business-need for capturing the information in the first place. And if the last 6 years of this Constitution-shredding administration is any indication, if data exists, they want it. It doesn't matter if they need it or not; it doesn't matter if the Bill of Rights says they need a court-order to get it--(they've already proven that is a sham with the recent disclosures about the abuses of the so-called Patriot-Act); they will want it... "just because"...
I'm not willing to sacrifice my Constitutional protections because "weird ol' Uncle Fred down the street might be looking at kiddie-porn sites". That's not enough...
Google (and the other search-engine companies) should stop collection the information altogether...and it should take 18-24 hours...not months.
The iPhone maker says that the mobile industry lacks "consistent adherence to Frand principles" and wants the European Telecommunications Standards Institute to step in.
An Internet troll who posts allegedly hateful and racist remarks on Facebook's RIP sites, seems blase about his activities when he is intercepted by a BBC reporter.
California State Teachers' Retirement System, the largest teachers' retirement fund in the U.S., says the social network should add women to its board of directors.
After large numbers of longtime 'Burners' failed to get tickets during the event's recent selection process, many claimed organizers had failed to adopt a sensible system. Now, those organizers are trying to calm community anger.
Fabrication is moving to the nanoscale, aided by a super-hard tip 10,000 times smaller than a pencil point that could be used for microscopic biosensors and optical probes.
Greenpeace tries to cast some light on the energy sources behind data centers and commend IT companies that advance clean energy and efficiency through tech. Facebook and Apple aren't quite there yet, it says.
Anyway the search logging thing was solved the first go around by <a class="jive-link-external" href="http://www.blackboxsearch.com" target="_newWindow">http://www.blackboxsearch.com</a>
Also for a full proxy <a class="jive-link-external" href="http://www.mysecureisp.com" target="_newWindow">http://www.mysecureisp.com</a>
is easy to use.
I'm not willing to sacrifice my Constitutional protections because "weird ol' Uncle Fred down the street might be looking at kiddie-porn sites". That's not enough...
Google (and the other search-engine companies) should stop collection the information altogether...and it should take 18-24 hours...not months.
**** the government for telling us there is a war on terror.
**** the government for telling us 9/11 wasn't an inside job.
yes 9/11 may not be an inside job but it was pretty f***ing convenient excuse for whats going on in the world right now.
google should never be a proxy tool for our corrupt government.
<a class="jive-link-external" href="http://groups.google.com/group/n3td3v" target="_newWindow">http://groups.google.com/group/n3td3v</a>