digg

Facebook Connect Join Digg About

Google To Anonymize Search Records After 18 Months

consumerist.com has been taking a lot of heat in the past few days over its privacy policies. Today the search giant decreased the amount of time that it ties users search records to their IP to 18 months in response to a letter from the Working Party, a group of national officials that advises the European Union on privacy policy. From the Official Google Blog

Who dugg this? Made popular Jun 12, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

50 Comments

show profanity settings
expand all
  • EntropyMan, on 11/08/2007, -2/+35"Google To Anonymize Search Records After 18 Months"

    How about after 18 microseconds? Google isn't really the worst offender on privacy, but I'm hoping they can set the best example. They should develop ways of serving us that are purely opt-in and privacy conscious across the board.
  • resta6, on 01/12/2009, -2/+2618 months? That is way too long
  • inactive, on 10/11/2007, -1/+16We've already seen from the leaked AOL data that even without IP addresses it's possible to identify people from a string of searches. Anonymization had better remove ALL data that can tie two or more searches to one individual.
  • coheedcollapse, on 10/11/2007, -2/+13How does this measure up to other search engines? I have no idea what others do, but 18 months seems like a long time.
  • understudy, on 11/08/2007, -0/+11

    18 months!? That's a REALLY long time. Why can't it be anonymous almost instantaneously?

    _

  • EntropyMan, on 10/11/2007, -0/+10"There are governemt regulations that force them to hold it for a while."

    Do you know which? I recall something like that for ISPs, but Google fended off the government when they tried to get search records.
  • swrostmore, on 10/11/2007, -2/+12what is the answer?
  • D3koy, on 10/11/2007, -6/+15If Google is making my searches more efficient and effective I have no problem with them having my search records

    If I searched for kiddie porn of course I would probably have a different opinion
  • borninda818, on 10/11/2007, -2/+11yeah but it's slower...a proxy is not the answer
  • magic6435, on 10/11/2007, -2/+1018 months are you freaking kidding me!!!!! how about never keeping them in the first place thank you very much!
  • BrandNewJesus, on 10/11/2007, -1/+9And what "normal" person is going to go through a proxy?

    And isn't Google using these records to influence the advertisements you see?
  • swrostmore, on 10/11/2007, -2/+8Its anonymized instantly if you search through a proxy.
    http://www.proxz.com/
  • EntropyMan, on 10/11/2007, -1/+6"what is the answer?"

    It's a hard question. There are a few services that need to know who we are (e.g., AdSense). But most of them could be done with an anonymous ID to link the various accounts together without fetching any of our personal info. Even that ID is not secure if the number stays the same and be discovered. But it 's a step up. And there may be ways of using one-way hashes to validate an ID that looks randomized to anyone without the proper algorithm.

    Basically, what I'd want them to do is put up a sort of firewall between our named account info and the rest of their services, such that the bare minimum information is extractable to anyone trying to get it, and if they're really smart, there's no trace at all beyond the current session.
  • inactive, on 10/11/2007, -0/+5cdnyny, I realise it doesn't protect me completely, far from it, but anything that makes it a bit more difficult for some unscrupulous company or government department to track me is a good thing!
    What it does do is to 'reset' any profiling about my search/browsing habits (done by guys like google).
  • inadvertence, on 10/11/2007, -0/+4@flashman
    You beat me to it. I keep reminding people about this. Google claim that they will anonymize the search data, but if you read their FAQ carefully, they only promise to replace the IP address by some other identifier:
    """
    What does it mean to anonymize the logs?
    We will change some of the bits in the IP address in the logs as well as change the cookie information. We're still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy.
    """
    http://64.233.179.110/blog_resources/google_log_retention_policy_faq.pdf
    I wouldn't exactly call this "anonymizing" the search data. The AOL incident showed us that the IP address is irrelevant. It is still possible to identify you if your searches are still grouped together by some unique id.
  • inactive, on 10/11/2007, -2/+6They 'fended off the govt' when it was clear that the feds were just going on a fishing trip to see what they could find, rather than issuing specific requests for data on individual users (a bit like how the telcos rolled over for the feds a little while ago).
    However, once a fortnight-month I leave my modem off overnight so I get assigned a different IP address, just to be sure :)
    I don't want any bugger spying on me, even though I haven't done anything wrong. I just don't want to be spied on period!
  • cptshamrock, on 10/11/2007, -0/+3original google blog post: http://googleblog.blogspot.com/2007/06/how-long-should-google-remember.html
  • inactive, on 10/11/2007, -0/+3Too little too late.

    "don't be evil" was temporary.
  • Brss45, on 10/11/2007, -1/+4Tell me about it!

    I just realized that I've been working at my dead-end job for that long. I can't believe that I'll have worked in such a hell hole for 3 years by the time this is finalized.
  • GenericNumber1, on 10/11/2007, -0/+2@understudy:

    They attempted to (or at least the author of their blog attempted to) explain their reasons for choosing this duration...
    http://googleblog.blogspot.com/2007/06/how-long-should-google-remember.html

    An informative excerpt from that blog post would be...
    * to improve [google's] search algorithms for the benefit of users
    * to defend [google's] systems from malicious access and exploitation attempts
    * to maintain the integrity of [google's] systems by fighting click fraud and web spam
    * to protect [google's] users from threats like spam and phishing
    * to respond to valid legal orders from law enforcement as they investigate and prosecute serious crimes like child exploitation; and
    * to comply with data retention legal obligations.
  • ClassicQ, on 10/11/2007, -1/+3The answer is to use Scroogle Scraper - http://www.scroogle.org/scraper.html - no cookies | no search-term records | access log deleted within 48 hours. And when using an open WIFI spot - https://ssl.scroogle.org/

  • rouslan, on 10/11/2007, -0/+2How about deleting records rather than just purging the IPs?
  • tomarocco, on 10/11/2007, -0/+2Oh, they do. They're just never gonna tell you they do. And being the sheep you are you will believe them.
  • EntropyMan, on 10/11/2007, -0/+1@ThatsUnpossible, it seems like there are two separable functions here. For security, they definitely need to validate my Google ID to ensure someone else can't make requests in my name. But there's no reason the validation server needs to store any other info (search history, etc..) coming along with the validation request. If they do want to store my search history, once I'm validated, they can store that in a separate server that does so anonymously, for example, using a per-session random ID. What I don't see is the reason why those two functions would ever need to be cross referenced.

    @zybch, if you want to be safe, you'll need to use a proxy, or Tor especially. Right now, I know of no better way. The only real downside is that it's slow. But there's a Tor button you can get for Firefox that lets you turn it on and off instantly, depending on what you're doing at the moment.
  • ThatsUnpossible, on 10/11/2007, -0/+1How about being unable to go back and figure out who just hacked into Google? Sorry, that'll never happen.

    Though it would be funny to see Google user's accounts breached in a situation where they were unable to prevent it due to them not logging any access to their sites. Be careful what you wish for.
  • ThatsUnpossible, on 10/11/2007, -0/+1No, they are not using their server logs to affect the ads you see. They are using the search keywords you enter, the location of your IP address in the world, and the context of the page you're on if its ads embedded in a regular page.
  • memoBug, on 10/11/2007, -0/+1What, then you'd want your searches to be ineffective?
  • jono10, on 10/11/2007, -1/+2correct, they can delete it after 5 seconds and look great, if they give it to the Man after 4 seconds.
  • ClassicQ, on 10/11/2007, -0/+1That's fair. An alternate to using Scroogle would be using tor [ http://tor.eff.org/ ] along with Firefox and the CustomizeGoogle extension [ http://www.customizegoogle.com/ ]. CustomizeGoogle isn't a necessity, but it is a nice little package; it cleans up Google quite well, and provides some privacy features - although it isn't difficult to achieve the same privacy through proper cookie management/filtering.

    The Vadalia Package [ http://vidalia-project.net/ ] is nice to simplify installing tor, it bundles tor, privoxy and the Vidalia front end GUI using QT.

    I choose to almost always browse using tor, except for a few sites because I value my privacy and I don't wish anyone to know my business/interest; especially my ISP, regardless of the fact I'm boring and mundane. ;-) I'm pretty rare in the fact that I also sign and encrypt my emails - It's nice to be different.

  • xmilky, on 10/11/2007, -0/+1I've tried hard to use Scroogle for the last four weeks. Good idea, but in its current implementation, is a non-solution.

    It looks too dull to get comfortable with and doesn't return back all infos from the Google result pages (e.g., "235.000 hits" and "did you mean 'digg sucks'?!"). It doesn't pass along HTTP content negotiation headers, and so returns fewer relevant results anyhow. Doesn't quite cut it for me.
  • crapbox, on 10/11/2007, -0/+1I'm a bit worried about using gmail. Has anyone left gmail and hosted their own mailbox?
  • geekitechture, on 10/11/2007, -0/+1@andyrob60:

    Why would you want anyone to post random searches? I hate Google but do you know what that does to their bandwidth, and in return, to the environment that must feed and power that monster?

    There's many alternatives much better at anonymizing data:

    *use a proxy
    *use CustomizeGoogle for Firefox, which anonymizes your cookie and some other tracks
    *use http://scroogle.org, which is a proxy connection to Google
    *follow Scroogle's steps to create an untrackable search interface for Google
    *or simply use another search engine that does not rely on Google for results.

    Even AOL, blast them--I can't stand them either--now claims they toss all search records after three months. But AOL uses Google for results, so it's not clear if Google keeps data on the AOL searches or not.

    The idea of sending out auto-generated randomized queries is bizarre. Surely a computer program could be written powerful enough to sort for suspect queries if someone wanted to badly enough (someone=government/law enforcement/etc?). Use common sense.
  • magic6435, on 10/11/2007, -0/+1i would rather some kid have my info than the government or other corporations....er wait they are one in the same!
  • sk545, on 10/11/2007, -1/+1well, its a start. Better than nothing, i suppose.
  • cyssero, on 04/18/2009, -3/+3andyrobo60, good idea in theory, but Google are pretty smart. That's why you get those pages now and again that claim you may be a robot and have you type in a CAPTCHA. Google would probably just analyse the program and block it anyway, they have some clever algorithms.

    Personally, I think they should anonymize records a lot sooner. I don't care if they keep the records for all eternity, I don't see why they need our IP addresses for a year and a half.
  • Jammerdelray, on 10/11/2007, -1/+1should be more like 3 months
  • zxcv12, on 10/11/2007, -1/+1A couple friends wrote something like that a while ago. It was difficult to tell if it was really doing anything. Most of the ads you get on google are triggered by only your most recent search (unlike Amazon). While google certainly has the data to start sending more ads based on your overall browsing and searching habits, they don't seem to be doing much of that at this point.
  • smackhero, on 10/11/2007, -2/+2i hope this doesn't affect personalized searches. the whole point of Google Web History is to track your search patterns and the sites you visit to personalize your searches and return better results. as long as they aren't selling the information or turn it over to the government i don't really care. i think privacy groups should be protesting ISPs that turn over user information to the government rather than harassing Google, who has a pretty good record in terms of protecting their user's privacy.
  • GabrielDunn, on 10/11/2007, -0/+0They want to keep making money. The more they know about you, the more they make. Be thankful they don't have files on you in permanent record.
  • supra22, on 10/11/2007, -0/+0Anonymized search history is nearly as bad as having IP addresses attached to search history.

    That's because Anonymized data is just attaching a UNIQUE identifier to the search instead of the IP address.

    What one really wants is ANONYMOUS data. That is, no UNIQUE identifier with past search terms - just the terms themselves and no way to correlate between them. That way, if someone searches for their own name, credit card number, address, email etc. it cannot be linked to other searches.
  • TylerLavite, on 10/11/2007, -2/+1i saw this 4 times today on digg....
  • pineapple421, on 10/11/2007, -1/+0This is a clever public relations ploy, but it doesn't change the fact that Google is a privacy time bomb.
  • andyrobo60, on 10/11/2007, -7/+5If people are upset about google keeping records of searches, then they just need to make something that searches google every 2 seconds for random crap. Pass the program around and have tons of people use it. Even google cant save the searches of everyone for 18months if 1million people are searching google every 2 seconds 24 houres a day. Google must have a limit to the number of searches that they can save.
  • swrostmore, on 10/11/2007, -3/+1What "normal" person uses a proxy? A normal person that doesn't enjoy their privacy being invaded, possibly?
  • ThatsUnpossible, on 10/11/2007, -4/+2Ignore the government aspect of this for a second... Google wants to retain the records for a period of time for several reasons: security chief among them. The information is to valuable to be immediately discarded. I think 18 months is reasonable.
  • webcure, on 10/11/2007, -10/+6This issue is going to be an important one to keep close tabs on.
  • inactive, on 10/11/2007, -8/+2They should make the information public so people don't search for non-christian phrases and evil pornography im writing to e schmidt
  • geekee, on 10/11/2007, -8/+2"what is the answer?"

    Use a different search engine that doesn't do this, or if you can't find one, boycott them all.
  • HPCELarry, on 10/11/2007, -8/+0The difficulty is that records are vital to tracking down drug dealers, terrorists, and other illegal activities. While people have some right to privacy, they don't have a right to illegal activities, or a right to hide them.
  • Daniel591992, on 10/11/2007, -15/+2There are governemt regulations that force them to hold it for a while.

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.