Google's 9 month log anonymization a farce?
Google has said that it is now "anonymizing" their log files after just 9 months instead of the previous 18 -- that sounds great to people concerned about their privacy and take things at face value (I'm pretty sure not many people fit into both of those categories). Chris Soghoian definitely isn't. He saw something in Google's announcement that he wanted clarification on, and he got an interesting response.
After nine months, we will change some of the bits in the IP address in the logs; after 18 months we remove the last eight bits in the IP address and change the cookie information. We're still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy.... It is difficult to guarantee complete anonymization, but we believe these changes will make it very unlikely users could be identified.... We hope to be able to add the 9-month anonymization process to our existing 18-month process by early 2009, or even earlier.
The problem, according to Chris, is that without anonymized cookie data, scrubbed IP addresses are useless. Google said in their reply to Chris that cookies will remain in tact for the full 18 months, making the 9 month scrubbing a useless publicity stunt.
When you search on Google today, they record the IP address of your computer (ie. 24.72.52.65) and place a unique "cookie" (a very random sequence of characters that only you get) on your computer. Google can then read the cookie for up to 18 months and match it up to you in their records.
What used to happen After 18 months, Google would take your IP address, and remove the numbers after the last decimal -- in our case, making it 24.72.52.xxx. Thankfully, Google then also forgets the cookie information that it can use to identify you.
Now what happens After 9 months, Google will take your IP address, and remove only some of the numbers after the decimal -- in our case, something like 24.72.52.6xx. Unfortunately, Google continues to remember your cookie information and therefore can still identify you.
The good news is that Google hasn't yet implemented the new anonymization process (they've got 9 months), so there's still a chance to make it better if we raise enough awareness. What do you think of Google's new rules?