Questioning Google's Privacy Reform

JagsLive makes note of a story questioning whether Google's recent commitment to anonymize IP logs faster is really as good as it sounds. We discussed their announcement a few days ago. CNet's Chris Soghoian takes a closer look: "While the company hasn't said how it de-identifies the cookies, it has revealed in public statements that its IP anonymization technique consists of chopping off the last 8 bits of a user's IP address. As an example, an IP address of a home user could be 173.192.103.121. After 18 months, Google chops this down to 173.192.103.XXX. Since each octet (the numbers between each period of an IP) can contain values from 1-255, Google's anonymization technique allows a user, at most, to hide among 254 other computers. ... Google has now revealed that it will change "some" of the bits of the IP address after 9 months, but less than the eight bits that it masks after the full 18 months. Thus, instead of Google's customers being able to hide among 254 other Internet users, perhaps they'll be able to hide among 64, or 127 other possible IP addresses. By itself, this is a laughable level of anonymity. However, it gets worse."

Re:Well

[RedK]

Except yours wasn't even a dotted decimal IP, having more than 8 bits in the 2nd and 3rd fields, and lacking a 4th field completely. A proper example would've simply used the reserved address space (anything over 240.0.0.0/4) in which there is no assignments at all. 242.242.242.242 would have been a proper example.