Questioning Google's Privacy Reform

← Back to Stories (view on slashdot.org)

Questioning Google's Privacy Reform

Posted by Soulskill on Sunday September 14, 2008 @05:35AM from the how-private-is-private? dept.

JagsLive makes note of a story questioning whether Google's recent commitment to anonymize IP logs faster is really as good as it sounds. We discussed their announcement a few days ago. CNet's Chris Soghoian takes a closer look: "While the company hasn't said how it de-identifies the cookies, it has revealed in public statements that its IP anonymization technique consists of chopping off the last 8 bits of a user's IP address. As an example, an IP address of a home user could be 173.192.103.121. After 18 months, Google chops this down to 173.192.103.XXX. Since each octet (the numbers between each period of an IP) can contain values from 1-255, Google's anonymization technique allows a user, at most, to hide among 254 other computers. ... Google has now revealed that it will change "some" of the bits of the IP address after 9 months, but less than the eight bits that it masks after the full 18 months. Thus, instead of Google's customers being able to hide among 254 other Internet users, perhaps they'll be able to hide among 64, or 127 other possible IP addresses. By itself, this is a laughable level of anonymity. However, it gets worse."

17 of 134 comments (clear)

Min score:

Reason:

Sort:

Well by mindstrm · 2008-09-14 05:40 · Score: 5, Insightful

Do all those whining about this anonymize their own server logs? Because I sure don't.... they are doing this to keep the mob away, that's it.
1. Re:Well by TubeSteak · 2008-09-14 06:26 · Score: 4, Insightful
  
  Do all those whining about this anonymize their own server logs? Because I sure don't.... they are doing this to keep the mob away, that's it.
  What do our server logs have to do with Google's?
  The principle may be the same, but the scale is so vastly different that the practical consequences cannot be plausibly compared to one another.
  Subpoenaing logs for IP 123.456.789 from Google is not the same as getting logs from icanhascheezburger.
  
  --
  [Fuck Beta]
  o0t!
2. Re:Well by lysergic.acid · 2008-09-14 06:35 · Score: 4, Insightful
  
  yea, also i don't think the author of this article understands statistics.
  if Google changes random bits in the IP address even before they remove the last byte at 18 months, that would already make guessing the original IP address near impossible since you don't know which bits were changed.
  if they only changed 1 bit in the entire address, then there would be 32 possibilities, but if they changed 1 bit in each octet, then there would be 4096 possibilities. if they changed 2 bits in each octet, there would be 61,4656 possibilities. if they changed a random number of bits in each IP address, then the possibilities grow even larger. and this isn't a login password or encryption scheme. there's no way to brute-force the original IP address from the anonymized IP address even if only a single bit was changed.
  this is just more unwarranted alarmism. google has stated that they are working on developing a method of anonymization that would protect user privacy while retaining the useful characteristics of their log data. frankly, as long as they're not giving up user data to 3rd parties anonymization is a non-issue.
3. Re:Well by figleaf · 2008-09-14 06:54 · Score: 3, Insightful
  
  I didn't see any mention of random bits being changed in the article.
4. Re:Well by Silas+is+back · 2008-09-14 07:32 · Score: 5, Funny
  
  Subpoenaing logs for IP 123.456.789 from Google is not the same as getting logs from icanhascheezburger.
  I'm not sure whether you're qualified to talk about IPs giving this example IP.
  
  --
  this sig is useless
5. Re:Well by Your.Master · 2008-09-14 08:23 · Score: 4, Insightful
  
  That's kind of the point. We want to make an informed decision about the costs here.
  Without hearing about "this bullshit", you cannot make an informed decision. Imperfect information damages capitalism; and the more imperfect the information, the more damage is done.
  There's also another aspect. Just about everybody wants everything to be better than it is now. This is a way this could be better. So we ask for it to be better. The argument can be paraphrased as:
  A: Good enough is good enough
  B: Yes, but better would be better.
Who cares about the IP? by compumike · 2008-09-14 05:42 · Score: 4, Insightful

Everyone makes it much easier than matching IP addresses... As the article discusses, many people use Google logins for e-mail and other services. This is a much more reliable way to track all of your information.
What I'd like to see is some significant differentiation between logged-in and logged-out states and the level of anonymity that is provided in each case.
But really, if you're voluntarily storing your stuff on someone else's server with the known understanding that they're parsing it for ad matching, what kind of privacy expectations do you really have?
--
Hey code monkey... learn electronics! Powerful microcontroller kits for the digital generation.
1. Re:Who cares about the IP? by TubeSteak · 2008-09-14 06:30 · Score: 4, Informative
  
  What I'd like to see is some significant differentiation between logged-in and logged-out states and the level of anonymity that is provided in each case.
  There's no difference.
  Google sets a tracking cookie.
  That cookie gets tied to your current IP.
  If you log in, that gets tied to your login name.
  Logging out doesn't undo the log entry saying IP 127.0.0.1 = cookie 34kl5j2345 = compumike@gmail.com
  The spread of google-analytics makes avoiding their tracking cookie all the harder.
  
  --
  [Fuck Beta]
  o0t!
Hide by Wowsers · 2008-09-14 05:44 · Score: 3, Interesting

I'm on IPv6, so I hide behind ::1/128

--
Take Nobody's Word For It.
1. Re:Hide by Anti_Climax · 2008-09-14 06:27 · Score: 5, Funny
  
  If you're using google services from IPv6, it's even easier to figure out who you are.
  I mean, it's either you or the other guy...
  
  --
  Even people that believe in pre-destiny look both ways before crossing the street.
Uh huh, yeah, whatever. by Creepy+Crawler · 2008-09-14 05:48 · Score: 5, Informative

Dont trust anybody what they say about your "privacy".
Install Firefox 3, AdBlock+, noscript, and torbutton.
You want complete anonymity, click torbutton (you have to set up tor). You're now damned hidden. No cookie leaks and stuff;.
--
- Mod parent up! by Anonymous Coward (Score:1) Thurs, Nov 31, @13:37
1. Re:Uh huh, yeah, whatever. by Apoorv+Khatreja · 2008-09-14 05:57 · Score: 3, Insightful
  
  If only we had more relays in the Tor network than the leeches. That's why Tor is really really slow these days. We need a restructure or major change in protocol for Tor to survive. A lot of people seem to be hopping onto the network these days, with companies becoming increasingly nosy.
  
  --
  RutSum.com
Why does Google risk customer relations? by wandm · 2008-09-14 05:49 · Score: 4, Insightful

I don't get it. I'm sure I'm not the only one looking for a good Google substitute, and the number of skeptics will just grow, unless Google gets it privacy protection act together. It's just a matter of time that another AOL-type leak happens.

In the internet age, companies' luck can change quite quickly. Please Google, just get rid of those logs quickly and completely..
1. Re:Why does Google risk customer relations? by tylerni7 · 2008-09-14 07:10 · Score: 3, Informative
  
  Well first, while I'm sure you aren't the only person looking for a Google substitute, that doesn't mean a significant amount of users are. With the percent of the market that Google already has, a few people going somewhere else won't even make a dent.
  That said, at least they are working on the issues rather than just ignoring them completely, as most companies do.
  
  And second, that AOL leak wasn't really a leak. Instead they purposefully released the data for research purposes, thinking that a random, unique ID number for each user would be enough to keep them anonymous. According to this article (well the summary), even if they released search data (which they aren't stupid enough to do) instead of a unique ID number it would be something like 64 or 128 people under one ID number, which makes it impossible to see who searched for what, even if you know what IP block someone has.
Tor is not a solution either by speedtux · 2008-09-14 05:57 · Score: 5, Insightful

except, of course, that with Tor, the egress routers can (and probably do) look at your unencrypted communications, which often can be traced back to you, too.
If you want reasonable anonymity, you need to buy VPN access from a source using a non-traceable payment method. And, of course, they can still correlate your online activity on various sites. A single unencrypted Yahoo Mail or GMail session will unlock your entire usage history.
Anonymizing IP info properly. by Animats · 2008-09-14 06:35 · Score: 3, Interesting

I have something that actually does anonymize IP data. I need a roughly unique identifier for web sites for load balancing and queuing purposes, but don't need to identify the remote site. So I run the IP address through MD5, the cryptographic hash, then take the absolute value, then reduce mod 1,000,000. So the world of IP addresses is mapped into 0..999999. About 4000 IP addresses map to each number, but they're spread pseudorandomly across IP space.
So there's no real problem doing this if you just need enough info to make your server farm run smoothly. Of course, Google wants more.
Re:It only gets worse by nog_lorp · 2008-09-14 08:28 · Score: 3, Funny

How are these "revelations"? A massive web-app provider HAS LOGS? No way! They might even do analysis of them for RESEARCH PURPOSES? How dare they! And if they are legally required to disclose them, THEY DO? The evil of it!