Google pulls one over on privacy advocates

Google's shift on data retention that got it high marks from the EU and other privacy advocates doesn't hold water, says former Googler Chris Soghoian. Instead of halving the time it keeps personally identifiable search information from 18 to 9 months, Google is making cosmetic changes to the way it anonymizes the data that hardly serve to ensure user privacy, he says.

Google's announcement of the policy change was "light on details," Soghoian says, so he pestered the company for more information. And what he got was this:

"After nine months, we will change some of the bits in the IP address in the logs; after 18 months we remove the last eight bits in the IP address and change the cookie information. We're still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy.... It is difficult to guarantee complete anonymization, but we believe these changes will make it very unlikely users could be identified.... We hope to be able to add the 9-month anonymization process to our existing 18-month process by early 2009, or even earlier."

Since the 9-month policy doesn't require anonymization of the cookie information, matching up a partial IP address with the unique cookie really isn't all that hard. As Soghoian says:

"The simple truth is that any IP anonymization technique, no matter how strong or weak, is simply a waste of time, if cookie values are not also anonymized."

So Google was able to lower the regulatory pressure and get a pat on the back for its respect for privacy, all while just waving around a bunch of technospeak that really makes no difference in the end. With Google and privacy, it seems to take one step forward, but two steps back.

• Security
• cookie
• data retention
• Google
• IP address
• privacy