Feeds

Google to anonymize user data

It's about time

High performance access to file storage

Google is to discard some of the information it stores about user search requests in an effort to address concerns by privacy watchdogs and defend itself against government demands for data.

The search giant will scrub personal information from cookies and remove some of the bits in IP addresses after that information has been stored for a set period of time, probably 18 to 24 months, a Google official wrote in a company blog. It expects to roll out the new policy by the end of the year.

Until now, Google has kept information that can link specific searches to individual users indefinitely, potentially providing a trove of data to prosecutors or rogue employees with the proper credentials. Google will continue to log and store user activity but will anonymize it after a period of time. Google said the plan would be altered if laws governing the retention of data required it.

The change is sure to be welcomed by privacy advocates, who have been aghast at the permeability of the walls containing search data that can easily identify those who make the requests. Last year, AOL touched off a firestorm when it published 19m search queries made by more than 650,000 users. AOL had taken steps to anonymize the data, but some searches contained intimate information that allowed readers to identify the requesters. AOL had revealed the data as part of a research project.

Prior to that, the US Department of Justice, working on a case involving child pornography, issued subpoenas demanding several search engines surrender huge amounts of information related to searches. While Yahoo!, MSN and AOL largely caved, Google fought the demand, arguing it would violate user privacy. (The search king, perhaps more transparently, also objected on the grounds that the disclosure would reveal proprietary algorithms.) Google lost part of its bid, and now wisely believes a better tack to take is to discard some of the vast amounts of information it collects.

Google said its decision to continue hoarding identifying information for as long as two years was an attempt to strike harmony among conflicting goals of personalizing its services, safeguarding user privacy, and complying with data retention laws throughout the world. ®

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.