Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Will Anonymize IP Logs Faster

Posted by timothy on from the time-to-make-a-baby dept.

An anonymous reader writes "The BBC reports on some changes to the data retention policy at Google in response to pressure from European authorities, but also included in the article is information about why Google claims they need to retain non-anonymised data for so long. Improving services, sure, but preventing fraud? Aiding 'valid legal orders'?" Reader s0ckratees points to some commentary on the change at Google's official blog. The upshot: IP addresses in Google's logs will be anonymized after nine months, rather than 18 as previously.

73 of 97 comments (clear)

  1. Scrape it by smittyoneeach · · Score: 2, Funny

    Scrape the log
    To sparkling shine
    So the chin
    Hairless, divine
    Burma Shave

    --
    Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
  2. So if you live in china by HungryHobo · · Score: 3, Interesting

    And the government wants to know who's been searching for things they don't approve of they have to ask google for the logs every 9 months rather than every 18 months.

    1. Re:So if you live in china by Anonymous Coward · · Score: 4, Insightful

      You may not like that Google keeps data, but they have an almost perfect record for keeping it private from others. Or did you not see the fuss they raised over YouTube data, and how even after being ordered to turn over their data, they still fought to reach a compromise that protected user privacy?

      As for China, there's a reason Google keeps literally zero servers on Chinese soil. Even data for Chinese nationals is kept out of China, specifically so Google won't have to turn it over.

      Short of not keeping data at all, there is pretty much nothing more they can do to protect privacy. But that's never enough for SlashDot...

    2. Re:So if you live in china by Adoxographer · · Score: 1

      Like any other company, google will roll over if the price is right or the US government is turning the screws.

    3. Re:So if you live in china by yuna49 · · Score: 5, Insightful

      China is the least of my concerns. How about the Justice Department or the Department of Homeland Security?

      The Europeans might be pressuring Google to reduce its retention periods, but I suspect that Google heard the opposite point-of-view from the government here in the USA.

      Frankly I think that none of Google's logs should carry identifying information. If they need to track IPs for some reason, put them in a separate database table that's unconnected to the contents of the search strings. Keeping this information much beyond a week or two seems unreasonable to me.

    4. Re:So if you live in china by TheVelvetFlamebait · · Score: 1

      Truly, a human rights victory for the ages! Like that place ... uh ... what's it called? Something "square". I think it might be in India. Google's not coming up with anything.

      --
      You know, there is a difference between trolling and pointing out the flaws in your reasoning. Just saying.
    5. Re:So if you live in china by zoogies · · Score: 2, Funny

      Whew! Good thing I'm in America.

    6. Re:So if you live in china by Gerzel · · Score: 1

      That order was from the US government and they were turning the screws, perhaps not that hard but they were turning.

      Now I don't think google is the great force of good, but it so far is at least neutral which is more than can be said for most companies its size and scope.

    7. Re:So if you live in china by rtb61 · · Score: 2, Insightful
      Do you realise how pointless it is anonymising IP adresses after 18 months or even 9 months, via simple data base associations they can link access to a particular individual and no longer need the IP adress for longer term analysis. Based upon those records and intervening IP adress records any new access can be tied to existing database and the individual user.

      In fact google clearly state they are only anonymising the users IP address and do not talk about any other long term user records. Even their privacy statement to the EU whilst it does state it is not 'necessary' for a user to divulge their identity when doing searches does not clearly state that those searches are tied to the use based upon past records via data mining their massive data bases. For google to indentify the user once the they have cookies in place and the data gathering scripts running all over the web, the IP address whilst convenient is hardly necessary. Of course their reasons for using private data are so broad they could mean virtually anything.

      Providing our services to users, including the display of customized content and advertising

      Auditing, research and analysis in order to maintain, protect and improve our services;

      Ensuring the technical functioning of our network; and

      Developing new services.

      If google want to be truly genuine about respecting a persons desire for privacy why don't they contact every person they have records on to ask them whether they would like those records cleared and no further data to be stored against them, at least once a year or even perhaps based upon their own public statement every nine months or, was is it all just a bit of love and trust google viral marketing.

      --
      Chaos - everything, everywhere, everywhen
    8. Re:So if you live in china by Wowsers · · Score: 2, Insightful

      The Europeans might be pressuring Google to reduce its retention periods, but I suspect that Google heard the opposite point-of-view from the government here in the USA.

      Interesting the Europeans want Google to not keep logs on people, the complete opposite of the European Union who have no problem on keeping logs of people for ever longer time to see if they are a threat (to them getting voted out). The oppression loving UK government is interested in unlimited retention time of data.

      http://news.bbc.co.uk/2/hi/europe/4527840.stm

      The European Parliament has approved rules forcing telephone companies to retain call and internet records for use in anti-terror investigations. Records will be kept for up to two years under the new measures.

      --
      Take Nobody's Word For It.
    9. Re:So if you live in china by magus_melchior · · Score: 1

      It has to do with the accumulation of a lot of wealth by Google, and the fact that Google's business is optimized by collecting data about the users using its free services. It also has to do with the fact that no security system is impregnable, especially if it's connected to the internet as closely as Google is.

      Some conspiracy theorists think that this means Google cannot possibly collect user data in a responsible way that does not breach privacy, or that there is no guarantee that Google will not release the data to partner companies in return for more advertising dollars. I'm willing to hold off on judgment unless there was a verifiable pattern of abuse by Google, but most here don't want to wait until Google "shows its true evil colors". Any perceived intrusion into privacy, even if it is opt-in, is unacceptable to many a libertarian here.

      --
      "We are Microsoft. You shall be assimilated. Competition is futile."
    10. Re:So if you live in china by natedubbya · · Score: 1

      The Europeans might be pressuring Google to reduce its retention periods, but I suspect that Google heard the opposite point-of-view from the government here in the USA.

      I also suspect they heard the opposite view in Ireland. It's fun to make flippant statements isn't it? Check out the actual news from Europe and you may find that the grass isn't greener over there.

    11. Re:So if you live in china by Idiomatick · · Score: 1

      The EU isn't very fond of Ireland, basically they are shit disturbers...

    12. Re:So if you live in china by amRadioHed · · Score: 1

      You get actual news in Europe!?

      Yeah, that was fun.

      --
      We hope your rules and wisdom choke you / Now we are one in everlasting peace
  3. Why the question. by jellomizer · · Score: 1

    but preventing fraud? Aiding 'valid legal orders'?

    While I would say IP addresses shouldn't be the only method for these protection they do help.

    Wow every site within 123.45.67.x seems to have a virus and malware on it. Oh a new site was scanned its address is in 123.45.67.x lets not publish right away lets put it threw full check. Or say 98.76.54.* always had clean site that were legit. A new site was found Well lets put it threw the quick checks and post it and queue it for full scan for later.

    Yes knowing the IP Address and keeping track of it for months even years can be handy. The more data you have the better decision you can make.

    --
    If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    1. Re:Why the question. by Inda · · Score: 1

      Give him a break, he's probably only six years old.

      --
      This post contains benzene, nitrosamines, formaldehyde and hydrogen cyanide.
    2. Re:Why the question. by jellomizer · · Score: 1

      Except for the fact that my account is 10 years old... I am just a bad speller deal with it.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    3. Re:Why the question. by ianare · · Score: 1

      Web sites are, by their very nature, indexed by IP address. No one is suggesting anonomyzing web sites.

      What is being anonymysed are the IP addreses of people that do a google search.

    4. Re:Why the question. by Khuffie · · Score: 1

      Deal with it? Perhaps, after someone pointed out your mistake, you can in the future learn from it, instead of telling us to 'deal with it'. That wasn't a bad spelling or a random typo: you used a completely different word...twice. It made it difficult to read your post.

    5. Re:Why the question. by jellomizer · · Score: 1

      Yes, Deal with it. Oh my God! a guy made a misspelling on a message board, actually it was just the wrong word. As spell checkers sometimes switch the words around. It is a problem that I have, Yes I have Dyslexia, and it is a constant battle taking me hours to write up a one page homework assignment for class, or half a day for a simple document for work. I am not going to spend 25 minutes witting a post, on Slashdot to make sure it is perfect. If it is difficult to read it means your mind is to closed to easily translate written language. As the concept of correct spelling is just over a hundred years old. Through vs. Threw are very similar words phonetically especially with an American accent.
      Correcting a Bad speller on a post they cannot change is not helpful, only condescending. Will it stop me from doing it again. No. as the nature of my disability makes it difficult to make the connection between the right one and the wrong one. Within a day which one is right and wrong will fade away and the problem will occur again.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    6. Re:Why the question. by Khuffie · · Score: 1

      Kk, iF 5P3llIN' i5'N7 IMPoR74n7 I K4N 74lk LIK3 7hi5 4Nd Joo wouLD'n7 H4V3 4nY difFIcUl7Y uNd3r574ndin' M3h, righ7? 4F73R 4LL, 73H kONC3p7 oF koRr3C7 5p3LLIn' I5 jU57 oV3r 4 100 Y34r5 OLD, 5O JOO 5hOuld 83 kk R34DIn' 7HI5.

    7. Re:Why the question. by ribuck · · Score: 1

      I am not going to spend 25 minutes witting a post

      If only everyone here spent even 5 minutes witting their posts, the quality of humor here would be much improved.

      --
      Paid Q&A/Research
    8. Re:Why the question. by n3tcat · · Score: 1

      Wow every Arab country seems to hate us and throw planes at us. Oh a new male was seen in an airport. His ethnicity is Arabic lets not let him board the plane right away lets put it threw(sic) full check. Or say whitey always had clean papers that were legit. A new white boy was found Well lets put him threw(sic) the quick checks and let him board and queue it for full scan for later.

      Fixed that for you. Hope you see the lunacy of your statement now.

    9. Re:Why the question. by jellomizer · · Score: 1

      The difference between occasional misspelling and wrong words vs. adding characters that do not have a Phonic meaning to them. You method is intentionally trying to officiate your message, A wrong word but attempted to by phonically correct (At least similar to the accent of the writer) isn't trying to officiate the message. 7337 speech or Elite speech was designed particularly as a method of making reading difficult as it required (Just so some internet geeks could feel good about themselfs when they write a message other people go what?!), this is more akin to bad handwriting vs. Bad spelling.
      "Ok, if spellin isnt important i kan talk like this and you wouldn't have any difficulty understanding meh, right? After all the koncept of korrect spelling is just over 4 100 years old, so you should be ok readin' this."
      So after I cleaned up the "handwriting" there are still a lot of misspellings but it is readable. After deleeted (hah!) your message it was actually easy to read.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
    10. Re:Why the question. by Khuffie · · Score: 1

      Sorry, I don't know your accent when I try to read something, nor should I to be able to comprehend it. Spelling is still important. For example, it took me a couple of reads to understand the line "A wrong word but attempted to by phonically correct" (that by was supposed to be 'be'). When you're reading a sentence and see a completely different word than what the word is supposed to be, it does throw people off the mark when trying to comprehend what you wrote, because they try to put the incorrect word in context and it fails to make sense. The misspellings after you cleaned up the l33t speak were introduced by the l33t speak generator I used online; my brain would start hurting if I tried to type like that. If you note, I didn't correct your spelling. I merely had an issue with you saying 'I have bad spelling. Deal with it.' Had you mentioned you're dyslexic then, I wouldn't have said anything.

    11. Re:Why the question. by jellomizer · · Score: 1

      Your argument has flaws in it.
      Checking IP Address is less like profiling an individual but the location. Even before 9/11 there has always been more security from people entering from plane in a different country. A plain from UK would be treated differently then a Plane from Switzerland (even if all the passengers are White Americans).
      While they will all be security checked. There are fast tracks open for known friendly location vs. Neutral Locations.

      If it is known that a Netblock owner is lax about the content that it gives, then it will attract unsavory people, vs. a netblock owners who are very careful. Why bog servers down for mostly trusted locations a quick check to make sure there is no spy-ware installed, or a fast check to see if links are not any trouble pages.
      Vs. from a site that tends to have trouble so there will be the spyware check then follow the links 3 levels down to insure it doesn't bring to spy-ware, or put a hold on it for a day to see if is the same page tomorrow.

      There is no point for heavy scanning netblocks that have good data. Lets say search on Microsoft MSDN, Like or Hate Microsoft the point is the data will not hurt you or your computer (for a standard configuration) And Micosoft is careful to not have dangerous content on that site... However MSNBC or more add driven sites may have a more lax content. Linking to a dangerous site is more hazardous so a more carfull check may take place.

      The Diffence between a good site and a bad site may be between 1 second to 10 minutes (assuming they don't put a hold on a request) But if you can get those 1 seconds out faster then you could double your output of safe data.

      --
      If something is so important that you feel the need to post it on the internet... It probably isn't that important.
  4. Re:9 Months by Anonymous Coward · · Score: 1, Informative

    YouTube == Google So yes.

  5. Improving services, sure, but preventing fraud? by Richard_at_work · · Score: 4, Insightful

    Improving services, sure, but preventing fraud?

    Sure - AdWord fraud. Scrubbing logs quicker means less leeway for click fraud to be discovered.

    1. Re:Improving services, sure, but preventing fraud? by Adoxographer · · Score: 1

      Has anyone ever heard a convincing reason why the data is needed for even this long? I don't mean nebulous claims about "improving" the service for the "customer", but actual 2+2=4 reasons.

    2. Re:Improving services, sure, but preventing fraud? by Richard_at_work · · Score: 1

      I don't think Google *needs* a reason - they are scrubbing it out of good will more than anything.

    3. Re:Improving services, sure, but preventing fraud? by KrugalSausage · · Score: 1

      [citation needed]

  6. Re:Just out of interest by maxume · · Score: 1

    Throw away the salt.

    You still have the "Netflix problem", but that was related to the users publicly disclosing large amounts of information on a different site, which probably wouldn't come into play here.

    --
    Nerd rage is the funniest rage.
  7. Google handing data over... by topham · · Score: 1

    Google is handing data over to a few 3 letter agencies. BIG SHOCK! OH NO! NSA Reads my email!

    Seriously, I put google not handing over such data at somewhere between 0 and -1.

    1. Re:Google handing data over... by clone53421 · · Score: 1

      Are we talking 32-bit signed integers? Because if so, there's a lot of room between 00000000000000000000000000000000 and 11111111111111111111111111111111.

      --
      Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  8. Comment removed by account_deleted · · Score: 1

    Comment removed based on user account deletion

  9. Re:Is Google singular or plural? by dattaway · · Score: 1

    The summary reads "...Google claim they need to retain..." The use of *claim* rather than *claims* suggests that Google is being viewed as something other than a single entity.Am I missing something or was that just a typo?

    I'm sure their partners will retain the good stuff.

  10. Why not after DHCP lease expires... by GuyverDH · · Score: 1

    Figure out a pseudo average for a DHCP lease... say 72hours, and make anonymous after that?

    --
    Who is general failure, and why is he reading my hard drive?
  11. 9 months are too long by AtomicJake · · Score: 3, Informative

    Actually, the IP should not be stored at all. Google might want to analyze the IPs to analyze and prevent attacks on its servers and additionally to get location information for its ad services. But there is no need to store it for a longer period -- unless you want to start massive data mining projects, which is exactly what is feared most from a privacy point of view.

    So, any good news would be that the IP is not stored at all (except very temporarily).

    1. Re:9 months are too long by Kong+the+Medium · · Score: 1

      -- unless you want to start massive data mining projects, which is exactly what is feared most from a privacy point of view.

      Aehmm, I don't know, how you would describe the inner processes of a search engine, but in my book massive data mining is involved. So you got at least one motive to store massive distributed data, like say, the IP and search terms from 75% of Internets population: Testinput, ZeitGeistmaterial or localized ads and/or search results. Sorry, but storing data is a result of computing data and entering data.

      Remember: It's not the information that hurts, it's the way you use and react to it.

      --
      ... whenever a text is transmitted, variation occurs. This is because human beings are careless, fallible, and occasiona
    2. Re:9 months are too long by AtomicJake · · Score: 1

      -- unless you want to start massive data mining projects, which is exactly what is feared most from a privacy point of view.

      Aehmm, I don't know, how you would describe the inner processes of a search engine, but in my book massive data mining is involved.

      Agreed, but you do not need to store persistently for months the IP address of the requester. You can store the tags with the requests (such as location info, AS range of the IP). For more personalized computations you can use cookies -- at least with cookies the requester has some sort of control over his information.

      Apparently, Google does not require the IP info after 9 months. So, what do they do with the IP address during those 9 months? Why can't they do it more or less immediately and then just store the results of the operations?

      Remember: It's not the information that hurts, it's the way you use and react to it.

      True and false at the same moment. If you do not store massive amount of data, you cannot misuse it (or anybody else, if you leak it). Privacy means that you store only the data that you really need and only as long as you need it.

    3. Re:9 months are too long by skeeto · · Score: 1

      9 months are too long

      I am sure many women, especially mothers, agree.

  12. Re:Is Google singular or plural? by torstenvl · · Score: 1

    British English, dude. At some registers, collectives are viewed as plural, not singular.

    Search BBC stories for "Microsoft are" and such. (Whether that somewhat informal register should be used in BBC pieces is another topic entirely...)

  13. Re:9 Months by lysergic.acid · · Score: 4, Insightful

    considering the amount of data Google processes on a regular basis, a 9 Month backlog isn't that unreasonable.

    i'm more concerned about Google not handing my data over to 3rd parties or governments than their retaining records of my searches. as long as they're willing to stand up for the rights of users, they can hold my search data for as long as they need to improve search results, reduce spam, and develop personalized search features.

  14. Google anonymizing in China/India by ilovesymbian · · Score: 2, Informative

    What difference does it make to reduce this 18 months to 9 months log retention period?

    Will Google anonymize logs in other countries too?

    How about Google China? It respectfully hands over logs to the authorities on demand anytime. Same with Google India.

    --
    slashdot rocks
  15. Re:Just out of interest by sakdoctor · · Score: 4, Insightful

    Salting goes without saying -1 uninsightful

    I'm talking about the fact that it's 2008, and that search space could be exhaustively searched in a matter of hours on a desktop machine.

    As the poster below me points out, "throw away the salt" is an answer, but it means the logs can only be compared to other logs in the time frame that you were using that salt.

    Maybe IPv6 will make anonymized logs more feasible because of the 2^128 search space.

  16. I've just done it. by caluml · · Score: 3, Funny
    It's OK - I just did it.

    peon@google ~ $ /bin/su -
    Password:
    google ~ # psql searchlogs scooby -W
    Password:
    Welcome to psql 8.0.15, the PostgreSQL interactive terminal.

    Type: \copyright for distribution terms
    \h for help with SQL commands
    \? for help with psql commands
    \g or terminate with semicolon to execute query
    \q to quit

    searchlogs=> DELETE FROM searchlogs WHERE ts < NOW() - INTERVAL '9 months';
    DELETE 551719812875516
    searchlogs=> \q
    google ~ # logout
    peon@google ~ $ logout

    --
    Get your own free personal location tracker
  17. Re:Just out of interest by PReDiToR · · Score: 1

    How do you Anonymize IP logs?

    By using Scroogle.

    Note to mods:
    I got my karma for this post here, don't mod me up again for the same information <grin>.

    --

    Do not meddle in the affairs of geeks for they are subtle and quick to anger
  18. Google Web History goes back to April 2005 here by shellac · · Score: 1

    It appears this 18 months, or 9 months as it is now, does not apply to Google Web History when you are logged into your google account. My Web History log goes back to April 2005.

    I for one am glad they are not deleting the Web History log at 9 months. It is nice to be able to peruse through my searches done years ago.

    1. Re:Google Web History goes back to April 2005 here by geminidomino · · Score: 1

      I for one am glad they are not deleting the Web History log at 9 months. It is nice to be able to peruse through my searches done years ago.

      We Agree.

      --Your Friendly Neighborhood TLA

  19. Anyone else read this as... by bitfarmer · · Score: 1

    ...'George Will Anonymizes IP Logs Faster'?

    I gotta loosen my bow tie a bit and get back to work.

    --
    Eagles may soar, but weasels don't get sucked into jet engines.
  20. Re:Is Google singular or plural? by Anonymous+Brave+Guy · · Score: 1

    Yes, I was treating Google as a collective noun, and yes, I'm British.

    (I submitted the article. Amusingly, I appear to have anonymised myself while doing so...)

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  21. Re:Too little too late by Lyrael · · Score: 1

    And just what evil have they done with this data, exactly?

  22. Re:Just out of interest by geminidomino · · Score: 2, Funny

    I'm hypertensive, you insensitive clod.

  23. Google need's it's own country? by blahplusplus · · Score: 1

    I always thought Google should buy Sealand or some other country and move it's operations there outside of United states laws, it would do a lot of good if we had a country that didn't have such crap... abuses of new countries laws or lack of laws non-withstanding

    1. Re:Google need's it's own country? by Lennie · · Score: 1

      Well it's "up for graps" at a 750000 British pounds.

      --
      New things are always on the horizon
  24. anonymizing search history is not possible by pulse2600 · · Score: 1

    Even if IP addresses are removed or changed, search history is still not anonymous unless the records of search results get shuffled together. As long as all the search terms and results from one address are kept together in one record or otherwise tied to a unique identifier of any kind, your search habits and results can still be traced back to you. Anonymous search data is a myth.

  25. Woo! by Vertana · · Score: 1

    Now I only have to escape 9 months after I blow up a school! And then they'll never know I searched google to make the bomb. Thanks Google!

    --
    "The best way to accelerate a Macintosh is at 9.8m/sec^2" -Marcus Dolengo
  26. Re:Just out of interest by HungryHobo · · Score: 2, Insightful

    So I generate a table with 2^32 IP addresses and their MD5 with themselves as the salt, it doesn't enlarge the search space in this situation and I can then easily do a binary search to find what the origional IP was.

  27. Re:Just out of interest by asserted · · Score: 1

    use new encryption key every day. throw away the key that is 9month+1day old. problem solved.

  28. Re:Clusty by jsalbre · · Score: 2, Informative

    Their privacy policy specifically says that they DO keep logs of your IP and search queries.

    --
    Jeremy http://alucinari.net
  29. do the anonymizing yourself by cats-paw · · Score: 2, Informative

    Tor isn't great for high bandwidth connections, but I think it's just perfect to make sure all of those do-gooder large corporations don't get a choice about anonymizing IP addresses.

    http://www.torproject.org/

    --
    Absolute statements are never true
  30. Re:9 Months by Bender0x7D1 · · Score: 2, Insightful

    considering the amount of data Google processes on a regular basis, a 9 Month backlog isn't that unreasonable.

    Sure it is. Why? Because they are collecting data continuously and if it takes a long time to process what they've collected, more data is backlogged, and it keeps spiraling out of control. In fact, if it takes more than 24 hours to process 1 day of data, the backlog will increase without limit. The proper thing to do is to apply proper anonymization to the information immediately so you don't have to worry about it. There are plenty of methods that allow you to anonymize important information while retaining enough data for analysis. Here's one paper [Warning: PDF] on the subject.

    --
    Reading code is like reading the dictionary - you have to read half of it before you can go back and understand it.
  31. What about Chrome? by DigitAl56K · · Score: 1

    I'd like to know if they also commit to anonymizing the client ID that is associated with every Chrome installation and the associated history tied to your account. After all, what's the point of anonymizing the IP data if your Chrome installation is tracking everything anyway? The same company would hold all the same information.

  32. Re:Just out of interest by sakdoctor · · Score: 1

    I should have been way more specific here.

    What I'm saying is that IP (v4) addresses are uniquely problematic for being pseudonymized from the perspective of a web master, because of the tiny search space.
    You wouldn't choose a 10 digit only password would you?

    Say the threat model here is you are running a website and you get subpoenaed.

    It would be great to be able to say, "OK here is a list of hashes of IP addresses, that's all I've got, have fun." ...but you can't do that for the reason I said above. If you then throw away the hash you can enjoy being held in civil contempt, and with the hash they could brute-force them all in trivial time.

  33. Good will? No. Enlightened self-interest? Maybe. by Anonymous+Brave+Guy · · Score: 1

    they are scrubbing it out of good will more than anything.

    Well, not really. The European advisory group was recommending a 6 month maximum, and Google were at 18. As Microsoft have learned, Europe is not shy about going after megacorps that think they are above its laws, and privacy and data protection issues are hot political topics in various EU countries right now, with a lot of media coverage of leaked data and rising public awareness of the dangers associated with such things.

    This was done out of "good will" for the same reasons that industries accept "voluntary" regulation schemes that appear not to be in their own best interests: because the alternative is to have compulsory regulation and legal sanctions applied, and that costs a heck of a lot more and in some cases threatens negligent company directors personally. At 18 months, the first big leak could have seen the political powers turn strongly against Google at a time when their continued strength in several fields is already in jeopardy. At 9 months instead of 6, it's more of a misdemeanour than a felony, as it were.

    --
    If you disagree, post your argument. (-1, Overrated) isn't your personal censorship tool for views you don't like.
  34. Re:9 Months by lysergic.acid · · Score: 4, Insightful

    first off, Google's processing capacity isn't static, it's constantly growing. just because it takes more than 24 hrs to process a certain set of data doesn't mean that the backlog will increase without limit. that isn't a logically sound argument.

    if you take that argument and reduce the time frame from 1 day to 1 hour->1 minute->1 millisecond... so on and so forth, you reach the conclusion that if Google is unable to instantaneously process/analyze every piece of data the exact moment it is received or created, then their backlog will increase without limit.

    sometimes data needs to accumulated before it can be processed. for instance, to observe search trends, or to compare e-mails for spam analysis, etc. sometimes logs need to be kept for extended periods of time--that's why they're called logs--or data is retained for repeat analysis.

    i don't know what exactly Google retains user data for or what kind of analysis they do, but it's understandable if some data needs to be retained in its original state for certain types of research or analysis. if they were going to release network measurement data to 3rd parties, as that paper you linked to discusses, then, yes, i would expect Google to follow their own anonymization guidelines. but like they've stated in their press release, it's all about finding a balance between protecting user privacy and improving the quality of their services.

    perhaps the best thing to do is to give users the option to have their search requests retained for improving personalized search results, and let them enable/disable this feature as it suits them. all other data will simply be processed for a set period of time and then expunged.

    if they're not releasing server logs to anyone, anonymization isn't really necessary. though i'm sure they allow users to access their services through anonymous proxies.

  35. Re:Too little too late by The+End+Of+Days · · Score: 1

    They are evil by their very nature - provided the definition of evil is watered down to Slashdot standards.

    Evil meaning: they make money.

  36. Re:Too little too late by Lyrael · · Score: 1

    Bastards! How DARE they make money?!

    I retract in full my previous statement in favour of the notion that anyone(thing?) with money is inherently evil.

  37. Eu's data r by freqmod · · Score: 1

    EU should not say anything unless they do something about "The retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC" which makes member countries pass laws that requires ISP's to save IP-adresses etc. for from 1/2 to 2 years.

  38. Re:9 Months by Dan541 · · Score: 1

    7 days is good enough, why keep logs anyway? it just opens the system to exploitation.

    --
    An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
  39. Re:Just out of interest by Dan541 · · Score: 1

    The same way /. Anonymizes email addresses.

    216.34.REVOME.THIS.181.45

    --
    An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"
  40. Re:9 Months by Idiomatick · · Score: 1

    You sir have never run a large site.

  41. Re:9 Months by Dan541 · · Score: 1

    depends on your definition.

    I assume you mean more than a single server, then no. I do keep server logs but can't recall the last time I ever looked at them.

    --
    An SQL query goes to a bar, walks up to a table and asks, "Mind if I join you?"