A reader asked me:
Does Google keep logs of searches correlated with IP address or other personally identifiable information for users who have not logged in?
I knew it kept parts of this data, but was not sure. So I pinged Google PR, which checked in for me (thanks!). The response was to quote Google's privacy FAQ:
Like most Web sites, our servers automatically record the page requests made when users visit our sites. These "server logs" typically include your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.
In other words, yes, Google does record this data. But, does it KEEP that data, I asked? The answer:
Yes, we do.
It's simple to stop this, of course, just set your browser to not accept cookies. But if you do, you lose out on the services that cookies enable. I for one keep my cookies intact. But know that yes, your data is kept by Google and yes, your searches can be correlated to IP data.
I typed in google anonymiser and got this:
Google uses a cookie to save your personal settings such as what language you want documents in, how many result you like displayed on the page and what level of filtering on content you think appropriate. This cookie allows Google to recognise you each time you come back.
Google is therefore able to keep a record of every request its users make, and over the years admits to having built up a formidable database of typical user behaviour of its search engine, including their likely names if they' ve googled themselves (and who hasn't?).
Whether or not they have something to hide, a lot of people are concerned about handing over their search habits. The Google Anonymiser can be used to reset the part of the Google cookie that identifies you to a string of zeroes. At http://www.imilly.com/google-cookie.htm you can save a "bookmarklet" that you can click each time you visit Google to reset your cookie. After you've done so, you can enter your search term and Google won' t know anything about who' s making the request.
http://editor.actrix.co.nz/byarticle/0612anonymous.html
For me it's like Spybot--grow enough brain and you can keep yourself to yourself...the price is the growth of the brain.
I also found this among the foremost anonymiser links:
Thursday, 15 March 2007, 14:27 GMT Privacy bodies have welcomed Google's decision to anonymise personal data it receives from users' web searches.
The firm previously held information about searches for an indefinite period but will now anonymise it after 18 to 24 months.
"This is an extremely positive development," said Ari Schwartz, deputy director of the Center for Democracy and Technology, a US-based watchdog.
"It's the type of thing we have been advocating for a number of years."
However, governments could still force Google to hold onto data or hand it over to authorities.
"By anonymising our server logs after 18 to 24 months, we think we're striking the right balance between two goals: continuing to improve Google's services for you, while providing more transparency and certainty about our retention practices," a statement from the search giant said.
It's a step forward, but I would like to see them anonymising data in a much shorter period Richard Clayton, Cambridge University
It added: "Unless we're legally required to retain log data for longer, we will anonymise our server logs after a limited period of time."
Peter Fleischer, Google's privacy counsel for Europe, said the decision has been taken after consulting with privacy bodies in the US and Europe.
He said: "We believe that privacy is one of the cornerstones of trust. We will be retroactively going back into our log database and anonymising all the information there."
http://news.bbc.co.uk/1/hi/technology/6453137.stm
And the point of Google is that hardly anyone is smart enough to use an anonymiser.
And even if you do, all of your email etc is still held in the database.
Would anyone be happy with a government collecting this information?
Does the fact that it's a corporation and not a MI5 make it okay?
That's why I'm asking. Are any ET users bothered, or is it the price we pay for using the internet?
I'm concerned (in a humorous way) because I keep coming across google in the most unlikely places, but it never asks me for money, and it never shoves an ad in my face (though there are discrete ads in the results of my search--which I ignore.)
I don't really understand that. Google is a librarian, bringing the user what they ask for--and lots more. There's nothing complicated about using the google anonymiser--you just click a button. Most people (I think) don't know why they should, or that they could, or...and this is my worry of an evening as my brain sinks towards slackness...the powerful tool I use to stop the other powerful tool is, in fact, an even more powerful tool...indeed, the bright folks have me by the short and curlies--but google seems to give me (working) stuff for free and it has all the info. necessary (access to the info, I mean0 for me to become one of the bright folks...
...and it can make billions of dollars selling advertising to those who don't want to or can't....which is evil, no?
I dunno. Why is it evil? You offer a person the best product at the best price (it's free!), but they don't trust you and so they go with the advertised product (advertised by you, duh!), and you make billions of dollars. Is that evil? Don't fight forces, use them R. Buckminster Fuller.
Google has successfully created a happy smiley brand for itself, and it may be everything it appears to be.
But who knows what happens to the info? Google's record in practice is one of expediency rather than principles.
It's not as evil as Microsoft, which is just plain dysfunctional as a company, and always has been.
But is it enough to say 'Okay, it's happy and smiley, therefore I'm going to trust it with all of my personal information'?
In practice it collects far more information than any spyware program does. Does the fact that it's charming and friendly about it make that any less of an intrusion?
I am NOT going to trust google with all of my personal information.
Who CAN I trust? And if I can trust no-one, how do I still get access to the internet (apart from logging on at public site computers)?
I mean: is this a problem with google or with the internet? Don't fight forces, use them R. Buckminster Fuller.
Google and ISPs can harvest information much more easily, and they can do it passively.
What's evil here is that underlying model is the standard corporate one of farming customers. Google users get no access to the information collected about them. They don't get a chance to opt out, make the collection selective, or make it anonymous. Instead Google is collecting more and more detail - first with search records, then with email, then with spreadsheets and presentations, journey plans, GPS tracks from mobiles...
It's a model for a perfect online panopticon, created by stealthy stages, and easily co-opted by any government.
ISPs collecting email and web search records are both more and less evil - more evil because the only possible use for such information is authoritarian, and less evil because they're being forced to do it by governments rather than leveraging it commercially.
Google could easily anomymise the information itself. It would be trivial to do it. It doesn't need to keep the information because it could pick out core patterns immediately.
So why are those records being kept at all?
And if we wanted an alternative, I suspect it wouldn't be too hard to open source it, and build a completely anonymous search engine using an open grid and encrypted traffic transfer.
Personally I assume everything I do online is visible. Since none of what I do online is all that exciting, Google can have my search patterns for now.
But if an open alternative existed and was any good at all, I'd be happy to use it.
Would anyone be happy with a government collecting this information? Does the fact that it's a corporation and not a MI5 make it okay?
No and no.
And when the EU Directive 2006/24/EC, on "the retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC" is fully implemented, your data will be stored by corporations (ISPs) and availble to the government.
For our danish readers: Denmark has implemented the directive (and more), so your surfing habits, email and such communications wil be stored and availble for police at short notice (ISPs are required to uphold round the clock access to the data for the police). Happy surfing!
<catching up on ET while munching>
But ask away and I will try to answer...
