Feeds

Google to anonymize user data

It's about time

Internet Security Threat Report 2014

Google is to discard some of the information it stores about user search requests in an effort to address concerns by privacy watchdogs and defend itself against government demands for data.

The search giant will scrub personal information from cookies and remove some of the bits in IP addresses after that information has been stored for a set period of time, probably 18 to 24 months, a Google official wrote in a company blog. It expects to roll out the new policy by the end of the year.

Until now, Google has kept information that can link specific searches to individual users indefinitely, potentially providing a trove of data to prosecutors or rogue employees with the proper credentials. Google will continue to log and store user activity but will anonymize it after a period of time. Google said the plan would be altered if laws governing the retention of data required it.

The change is sure to be welcomed by privacy advocates, who have been aghast at the permeability of the walls containing search data that can easily identify those who make the requests. Last year, AOL touched off a firestorm when it published 19m search queries made by more than 650,000 users. AOL had taken steps to anonymize the data, but some searches contained intimate information that allowed readers to identify the requesters. AOL had revealed the data as part of a research project.

Prior to that, the US Department of Justice, working on a case involving child pornography, issued subpoenas demanding several search engines surrender huge amounts of information related to searches. While Yahoo!, MSN and AOL largely caved, Google fought the demand, arguing it would violate user privacy. (The search king, perhaps more transparently, also objected on the grounds that the disclosure would reveal proprietary algorithms.) Google lost part of its bid, and now wisely believes a better tack to take is to discard some of the vast amounts of information it collects.

Google said its decision to continue hoarding identifying information for as long as two years was an attempt to strike harmony among conflicting goals of personalizing its services, safeguarding user privacy, and complying with data retention laws throughout the world. ®

Intelligent flash storage arrays

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Shellshock over SMTP attacks mean you can now ignore your email
'But boss, the Internet Storm Centre says it's dangerous for me to reply to you'
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.