On TechRepublic: Why Android beats iPhone
BNET Business Network:
BNET
TechRepublic
ZDNet

September 11th, 2008

Google's 9 month log anonymization a farce?

Posted by Garett Rogers @ 7:33 pm

Categories: Google, Privacy

Tags: Google Inc., IP, IP Address, Cookie, Garett Rogers

Google has said that it is now “anonymizing” their log files after just 9 months instead of the previous 18 — that sounds great to people concerned about their privacy and take things at face value (I’m pretty sure not many people fit into both of those categories). Chris Soghoian definitely isn’t. He saw something in Google’s announcement that he wanted clarification on, and he got an interesting response.

After nine months, we will change some of the bits in the IP address in the logs; after 18 months we remove the last eight bits in the IP address and change the cookie information. We’re still developing the precise technical methods and approach to this, but we believe these changes will be a significant addition to protecting user privacy…. It is difficult to guarantee complete anonymization, but we believe these changes will make it very unlikely users could be identified…. We hope to be able to add the 9-month anonymization process to our existing 18-month process by early 2009, or even earlier.

The problem, according to Chris, is that without anonymized cookie data, scrubbed IP addresses are useless. Google said in their reply to Chris that cookies will remain in tact for the full 18 months, making the 9 month scrubbing a useless publicity stunt.

When you search on Google today, they record the IP address of your computer (ie. 24.72.52.65) and place a unique “cookie” (a very random sequence of characters that only you get) on your computer. Google can then read the cookie for up to 18 months and match it up to you in their records.

What used to happen
After 18 months, Google would take your IP address, and remove the numbers after the last decimal — in our case, making it 24.72.52.xxx. Thankfully, Google then also forgets the cookie information that it can use to identify you.

Now what happens
After 9 months, Google will take your IP address, and remove only some of the numbers after the decimal — in our case, something like 24.72.52.6xx. Unfortunately, Google continues to remember your cookie information and therefore can still identify you.

The good news is that Google hasn’t yet implemented the new anonymization process (they’ve got 9 months), so there’s still a chance to make it better if we raise enough awareness. What do you think of Google’s new rules?

Garett RogersGarett Rogers is employed as a programmer for iQmetrix, which specializes in retail management software for the wireless industry. See his full profile and disclosure of his industry affiliations.


Email Garett Rogers

Subscribe to Googling Google via Email alerts or RSS.

  • Talkback
  • Most Recent of 32 Talkback(s)
RE: Google's 9 month log anonymization a farce?
Has this anything to do with YouTubes sudden change of clip links? (Read the rest)
Posted by: marc_90292@... Posted on: 09/17/08 You are currently: a Guest | | Terms of Use
Remember that Google is not doing this...  Roque Mocan | 09/11/08
What, nine bits per "octet"?  axisiiad@... | 09/11/08
RE: Google's 9 month log anonymization a farce?  the-anti-google-baloney | 09/12/08
If you're comfortable with Google's policies...  Henrik Moller | 09/12/08
Me thinks you bought Google at $650.00. nt  JustAnAboveAverageJoe | 09/12/08
Google Is Evil. Thats it Pure and Simple! NT  JustAnAboveAverageJoe | 09/12/08
I wonder which is financing  GuidingLight | 09/12/08
Cookies can be cleared and Most of ISPs use dynamic IP address.  Dealing | 09/12/08
Dynamic IP? Rubbish  topsecret@... | 09/13/08
So? Just prevent Google's domain from putting cookies on your system.  wolf_z | 09/12/08
Well that was going to be my question...  JT82 | 09/12/08
Cookies  Hans Schmidt | 09/12/08
.6xx  jmavity | 09/12/08
haha, yeah  Garett | 09/12/08
"Change some"  jmavity | 09/12/08
Unique browser ID - gotcha  topsecret@... | 09/13/08
.6xx  srobtjones@... | 09/12/08
Google as a facilitator for misuse by others  terry flores | 09/12/08
What about the Omnibar?  Li1t | 09/12/08
Do you really think Google's going to let you use their browser...  hasta la Vista, bah-bie | 09/13/08
9 seconds is too long,  Johnny Vegas | 09/12/08
Users can easily clear their browsers of cookies  mhenriday | 09/12/08
Screw Google  HollywoodDog | 09/12/08
For a technical site, not many people are smart enough  DanLM | 09/12/08
Smart enough? How about you?  tgilbert@... | 09/14/08
You're right, cookies are nothing :\ nt  T1Oracle | 09/13/08
Unique browser ID - gotcha!  topsecret@... | 09/13/08
CUIL does not track users - HA-HA!  linuxoid | 09/14/08
Deleted  tgilbert@... | 09/14/08
RE: Google's 9 month log anonymization a farce?  movermike | 09/14/08
Google is positively hostile against privacy.  kraterz | 09/14/08
RE: Google's 9 month log anonymization a farce?  marc_90292@... | 09/17/08

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Essential Topics Click Here

advertisement

Recent Entries

advertisement

Archives

Favorite Links

ZDNet Blogs

White Papers, Webcasts, and Downloads

SmartPlanet

  • Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
  • More from IBM
  • Innovate your business' process model, play against the market, compete against others on our scoreboards and WIN! Try INNOV8 2.0: A BPM Simulator
  • Enabling Real-World Business Transformation through IBM Service Management Read the EMA Analyst Report
Click Here