Smoke, mirrors and Google's privacy policies
- — 16 September, 2008 09:24
Hi, my name's Cringely, and I am powerless over my Google addiction. ("Hi, Cringely.")
If there actually were a 12-step group called Googler's Anonymous, I think millions of us would join -- as long as it wasn't run by Google.
Last week, with the grace and solemnity of a god descending to earth to bestow favor upon us puny humans, Google announced changes to its data retention policy: Starting next year the search giant would now only hold onto all of your search data and your IP address for 9 months instead of 18 months. And thus the bowing and scraping in the mainstream press began: All hail mighty Google, lord of all data.
Except that Surveillance State blogger Chris Soghoian looked a little more closely at what Google actually plans to do, and asked them to elaborate a bit. Here's what they told him:
After nine months, we will change some of the bits in the IP address in the logs; after 18 months we remove the last eight bits in the IP address and change the cookie information. We're still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy.... It is difficult to guarantee complete anonymization [sic], but we believe these changes will make it very unlikely users could be identified.... We hope to be able to add the 9-month anonymization process to our existing 18-month process by early 2009, or even earlier.
As Soghoian points out, even after Google changes "some of the bits" (ie, one or two numbers at the end), reconnecting the dots between the unique ID Google's tracking cookie drops on your machine and your full IP address is trivial. The announcement was designed to make headlines and appease regulators while doing nothing to release Google's stranglehold on your data.
Their solution? Kill your cookies. The Register's Cade Metz quoted an anonymous Google spokesperson (how's that for irony?), who said:
"We have focused on IP addresses, because we recognize that users cannot control IP addresses in logs. On the other hand, users can control their cookies.....When a user clears cookies, s/he will effectively break any link between the cleared cookie and our raw IP logs once those logs hit the 9-month anonymization point. Moreover, we are still continuing to focus on ways to help users exert better controls over their cookies."
Of course, clearing your cookies means losing all your log in information or selectively parsing the cookies you want and the cookies you don't want -- either option is a total pain. The private browsing modes of the latest generation of browsers may help slightly (though IE8's apparently leaks like a sieve), but only after Google has had its way with your data for more than a year.
Maybe it really is time to start a Googler's Anonymous group. Or for Google to make amends for its half-hearted attempts at protecting customer privacy.
Do you care if Google knows where you searched last summer?