The only problem is that Google's announcement was just a ploy to deflect criticism and its web search archives will still contain data identifying individuals' online search activity for at least 18 months.
Because Google's initial announcement was rather vague and tentative as well as very light on implementation details, a Cnet reporter contacted Google requesting more information. As he put it, Google's reply was 'extremely interesting'.
In an email response, Google said: "After nine months, we will change some of the bits in the IP address in the logs; after 18 months we remove the last eight bits in the IP address and change the cookie information.
"It is difficult to guarantee complete anonymisation, but we believe these changes will make it very unlikely users could be identified."
Doesn't sound positively reassuring, does it?
Looking into how Google 'anonymises' users' web search records reveals that its claims are nothing more than a sham, and that it retains enough data to track users for years.
When a wibbler uses Google to search the web, it stores their unique Internet Protocol (IP) network address, the search words they entered, and their unique 'cookie' identifier. (A 'cookie' is a record sent by a website and stored by the user's web browser. The cookie identifies it and may retain additional information between a user's visits to that website.)
Google's current policy is that it 'anonymises' users' IP addresses and cookies within its archived logfiles after 18 months have elapsed.
However, Google's method for supposedly 'anonymising' users' IP addresses is simply to clear the last eight bits of each address, according to information it has revealed publicly.
Since an IPv4 network address consists of only four bytes, 32 bits, deleting the low-order (rightmost) eight bits doesn't remove much information. The address-block belonging to the user's Internet Service Provider (ISP) is certainly still identified by the data retained.
Google has never said how it supposedly 'anonymises' the cookie identifiers it retains, so it's at least possible that Google merely says it scrubs cookie identifiers, but really doesn't.
Now, Google's clarification of its recent announcement states that it will change 'some' -- but by implication less than eight -- IP address bits that it retains after only nine months. It says that it will still strip the last eight bits off the IP addresses it retains after 18 months.
But Google has not said anything about anonymising the cookie identifiers it retains in its logs after nine months have elapsed.
Changing a few bits in users' IP addresses means nothing if Google doesn't also clear or non-reversibly encrypt its users' cookie identifiers at the same time to render their search records truly anonymous.
The cookies Google presents to web browsers reportedly persist for two years, and their expiration dates are reportedly updated every time a user visits a website run by Google.
What Google plans on doing means that it will still be able to track its users' web search histories longer than nine months. And if, as one might be forgiven for suspecting, Google never clears users' cookie identifiers, then it can track them forever.
Without clearing its users' cookie identifiers, Google's widely praised, supposed 'reform' of its individually identifying data retention practices is meaningless, and no true reform.
The European Commission, other citizen privacy advocates and the traditional press that applauded Google's so-called 'reform' of its data retention and privacy policies ought to withdraw their praise as premature and unwarranted, and haul Google in for questions.
'Don't be evil', indeed.
Opinion: Google's privacy reform is a hoax
By Egan Orion on Sep 15, 2008 6:30AM