back to article Google's IP anonymization fails to anonymize

In telling the world it will anonymize user IPs after only nine months, Google has appeased EU regulators. At least in part. But it looks like Mountain View's new policy is just another example of Google Privacy Theatre. On Monday evening, when Google deputy counsel Nicole Wong trumpeted the new nine month policy to Silicon …

COMMENTS

This topic is closed for new posts.
  1. Kent Rebman
    Thumb Down

    In their own way ...

    In their own way, Google's fast on its way to becoming as evil as M$ ...

  2. adnim

    Who are they trying to kid?

    "...It is difficult to guarantee complete anonymization, but we believe these changes will make it very unlikely users could be identified."

    For a very reasonable fee, I can guarantee complete anonymisation of IP address data. Now why can't Google when they have so called experts on their staff who's skills in such areas are way beyond mine? Surely there is someone smart enough on their staff who can write code to change all those public IP addresses into private ones? Even easier write code to replace all those digits with x's.

    We really need a bullshit icon

  3. Lou Gosselin

    Re: Who are they trying to kid?

    If one does erase cookies, the old and new cookies could be associated by IP address, browser fingerprints, and common login ids. Knowing google these associations probably are recorded and will not be included in the scrubbing.

    In order for google's claims to be genuine they must not only wipe the ip address, but also wipe all records generated by IP address matching algorithms. Otherwise this is nothing more than a publicity stunt.

    adnim is right, any average sysadmin could figure out how to remove the IP address data. I wouldn't be surprised if google's delay is due to them tweaking the stored data such that they still still be able to follow the trails even after after removing IP addresses.

    Does anyone know how long google plans on keeping the data without IP addresses?

  4. Tom
    Coat

    Even if you delete your cookies...

    If you log onto a Google service like gmail or youtube they can link your new cookie to your old cookies.

    Who put the cookie with the best before date of 2038 in my pocket?

  5. Pascal Monett Silver badge

    Browser fingerprints ?

    What on Earth is that ? When I surf on a page does my browser mark its unique serial number or something ?

    I use Firefox v2.0.0.16, like millions of other people. Are you saying that one can target my specific session based solely on "browser information" ?

    I'm sorry but I simply cannot believe that my browser in itself can be used to sort out my data from someone else using the same browser on a different IP address.

  6. Anonymous Coward
    Black Helicopters

    Worse than M$

    I really can't imagine a legitimate commercial use of browsing habits up to 18 months, let alone 2038.

    In 12 months you should capture the complete annual browsing habit of anyone, and obviously those habits will change as the net changes, etc. That can be aggregated and used as more generic Business Intelligence

    So because patterns change, there is marginal commercial use for old browsing habit data to be used commercially. So the only real use is to monitor where you went as a record, for Illegal Intelligence and the snoops.

    Simple really, don't be taken in by all these free services, there is no such thing as a free lunch after all.

  7. Sceptical Bastard

    Don't...

    ... trust Google.

    Simple as that. Use other services wherever possible but if you must use Google to search, do so via http://anonymouse.org and clear cookies on exit.

  8. aL
    Thumb Down

    OR

    you could just not store the ip adresses.. that would anonymize them pretty well :P

    microsoft may be evil but today in 2008, i think both google and apple are far more evil than microsoft is

  9. Anonymous Coward
    Anonymous Coward

    What

    What are the nice people at Google doing with this data anyway? At least Phorm told us what they were going to do with their "anonymous but user-specific" data, what are Google doing with theirs?

  10. Luke
    Unhappy

    Sad

    The time will come when people will have enough of these antics by the netz overlords

    and throw it all in,

    Stamps and envelopes anybody?

  11. Aortic Aneurysm
    Thumb Up

    Don't panic, Mr Mannering.

    Google will soon implode on itsself. People managed online long before Google arrived on the scene, and will manage long after they are gone.

  12. IPB

    Call me naive..

    But why does it matter if they do or don't know what I've been looking at?

  13. Luke
    Stop

    @IPB

    Re:Call me naive..

    But why does it matter if they do or don't know what I've been looking at?

    Pass words to your mail accounts please

    So we can all read your mail,No?,Why not?What does it matter.?

    "I have done nothing wrong,i have nothing to hide"

    There is a thing called "Privacy"something we all expect and something that we all give to each other,cept in Netspace where the elite who rule teh tubez think that they own us,

    And besides,You may be a Terrist and as you are already guilty till proven otherwise then we all need to read your mail to make sure that you are not a threat,

    I sincerely hope that your comment was sarcastically trollish with a side helping of tongue in cheek because if not,well...my heart breaks

  14. Danny
    Alert

    IPB

    You are naive

  15. Dave
    Thumb Down

    It's Microsoft Jim

    but not as we know it!

  16. Reptar

    anonymosu messaeg

    To protetc teh privayc of thsi messaeg soem of teh charactesr haev bene swappde. As yuo can see it rendesr teh messaeg completeyl indecypherabel.

  17. Tom Melly

    @Luke

    If your email account is with GMail, then they've already got it. If not, I'm not sure how you think Google are suddenly going to know what your email password is.

    The bottom line is that, to use Google, I have to -gasp- give google my search terms and -gasp- click on one of the links they serve me. That is what they can log, nothing else. Personally, I don't care whether they keep a log of these or not.

  18. Anonymous Coward
    Anonymous Coward

    well I never

    http://www.theregister.co.uk/2008/09/09/google_nine_months_data_anonymization/comments/#c_313847

  19. Nigel Kneale

    @IPB - You're not naive

    Please, every Google-hater here, please list all the bad things that have happened precisely because Google keeps usage statistics. All I'm seeing here is fear and paranoia.

  20. Anonymous Coward
    Anonymous Coward

    With all this data, they still can't target ads properly....

    Presumably the data is being stored for marketing purposes. People googling for nappies, soon google for prams then for local schools. That sort of thing. Which they can then use to preempt your next searches with a targeted advert for prams and schools in your nappy search results.

    However, I bet (hope) all they're getting is noise. If the results from the current targeted ads on goggle are anything to go by.

    So, does it matter if google know more about your future than you do?

    In my opinion, if it worked, then I don't care. If it's just a thinly veiled excuse to expose me to more adverts for drugs, free money and body part modification, then I'd prefer it if they would sod off and leave me to what I actually look for rather than what they think.

    Which reminds me, does anyone have a good method to avoid all the shops selling "product" that you're searching for more information about. I'd almost be prepared to pay for a check box "I don't want to buy one of these I just want related documentation"

  21. Anonymous Coward
    Anonymous Coward

    @Nigel Kneale

    Well, there was those guys they grassed up in China wasn't there?

  22. Jon Green
    Stop

    And how are the eight bits "erased"?

    Let's guess: an exclusive-OR using a known 32 bit value with eight bits set?

  23. J
    Black Helicopters

    Evil...

    Even without IP... weren't the search logs released by AOL a while ago enough to identify a person? I don't remember the details, but I have the impression they also "anonymized" by removing IPs or something like that -- but there must have been something linking the different searches, of course. I'm too lazy to go search for the original article though... :-)

  24. Nigel Kneale

    @Fraser

    That would be Yahoo. All Google has done is filter search results - unless you can provide URLs saying otherwise.

  25. Anonymous Coward
    Paris Hilton

    isn't this what CustomizeGoogle is for?

    Switch to Chrome and you're hosed. Stick with Firefox and pray.

    Paris - because she looks like she's covered in Chrome...

  26. Ryan
    Thumb Up

    Scroogle

    https://ssl.scroogle.org/

    The niftiest thing since sliced bread

  27. paul williams

    ixquick beats google

    use http://www.ixquick.com/ instead. they only keep IPs 48 hours, and its a solid search engine. theres a reason it won the European Privacy Seal.

  28. Chris C

    @Nigel

    "Please, every Google-hater here, please list all the bad things that have happened precisely because Google keeps usage statistics. All I'm seeing here is fear and paranoia."

    Ah, so you're a fan of the "if it hasn't happened yet, it won't happen" game? Perfect! I have not died yet. I guess that means I'll never die. Sounds good at first, but I might grow bored after 600 or 700 years. Also, I have never been hit by a vehicle. Does that mean I can walk across the street without looking without fear of being hit?

    Or, if you'd like a better analogy, a couple of years ago, TJX's network had not yet had its bleeding-edge WEP encryption cracked, and crackers had not captured the details of 49 million accounts. But we all know how that turned out.

    Up to 9/11, the US government had not systematically stripped away the rights guaranteed to us by our Constitution, and they at least gave the impression of honoring the Bill of Rights. That's not the case anymore.

    Just because something hasn't happened YET doesn't mean it won't happen. And in this case, "fear and paranoia", as you put it, is justified. With overzealous governments, "law enforcement" agencies, and good old witch hunts, having your search data stored for so long can come back to bite you in the ass. Especially if you happen to enter a search query which either was acceptable and now is not, or that can be taken out of context. For example, imagine the government's interest in search records for "Anthrax" before and after the US' anthrax-in-the-mail problem. Or a search for "holy war punishment due".

    In the current political climate, paranoia is justified. Yes, we can eliminate the problem of stored search queries by not using search engines, but the point of this post was to point out the idiocy of your comment.

  29. eugene

    Don't use google then

    If all you google haters are so against Google serving you ads based on your surfing habits, don't use google. Google is free, and it works really well. Don't complain about free things! They make money from advertising to provide you a service. If you don't like how they make their money, don't use their free services.

    Read my email? Yes, i'm very sure Google is interested in reading the emails of a few hundred million people.

    There's a difference between reading an email and parsing an email. I definitely mind a human reading my email, but if a computer was parsing it looking for keywords to decide what ads would appear on the page, I really, really don't care. How does it affect you? Apart from paranoia.

    What's to prevent any internet company from doing the same? They all have access to your email.

    Steal my passwords? What, you're all using the same password for all your accounts? tsk tsk.

    Bottom line: You google-haters aren't as important as you think. Nobody really cares enough about you to bother to sit down and read your email. You're not that interesting. Really. Paranoia paranoia paranoia.

    Did you know that word processors ... read ALL your documents? How else would they know when to put a squiggly red line under mistyped words? Not to mention, online spellchecks on other webmail providers! GASP!! Oh... oh wait... there's a difference between a human reading what you write, and a dumb computer parsing information. Saying "google reads all your emails" is deliberately misleading to instill paranoia in those who like to sensationalize things. Google doesn't "read" your email like a human does. Computers don't "read" things. They recognize things. OCR isn't called Optical Character Reading for a good reason.

    Still paranoid? Don't use any google products, and stop trying to "convert" people by sensationalizing things. Don't even use google products through an anonymizer if you're against the way the company makes money to provide you with that free service.

  30. Eddie Johnson
    Paris Hilton

    @J

    The AOHell logs replaced the ID with a unique identifier. The problem is, if I see a particular unique identifier search for "Mabel Schnable" then "Mabel L. Schnable" then "Mabel Louise Schnable", there's a good chance its Mabel. Check a phone number, an address, or a few other details and its confirmed. People did this successfully and correctly identified a number of people in the AOL data.

    Paris. Because 87% of the searches for "Paris Hilton sex tape" were traced back to...

  31. Kevin Kitts
    Coat

    Hmm...

    Everyone seems to be assuming that there's only one cookie involved. This is a potential error. How do you know Google doesn't have multiple cookies on your system as a backup? How would you know?

    Which gives me an idea...

    Just think, when Google and Microsoft merge (MicroGoo), the operating system and the search database will merge into one hellish expert system, bordering on artificial intelligence (a la Wintermute and Neuromancer in William Gibson's book "Neuromancer"). You know it's bound to happen, since they're in different sectors of the IT market.

    All they need to do is to start a random cookie generator, and nobody'd be the wiser, like rotating-key encryption makes it difficult to crack the keys. Kill one cookie, and the others remain - only the Google central servers know where your cookies are (the locations of the cookies are randomly generated, to make it difficult to track). Only the anti-virus makers would be in a position to detect it - if they're not already in on the deal. And is there a single signature for a cookie?

    The random-cookie generator is the basis of the neural cell that will start the intelligence rolling - persistent redundant memory cells. This cookie = this person and that cookie = that person turns into artificial intelligence as soon as the decision-making system is installed (the OS).

    This cookie = this person = block_porn()&&block_anarchist_materials()&&add_to_blacklist()&&add_HTML_404_msgs()&&takeover_computer_as_distributed_Google_server().

    In short, lack of centralized home-user control over cookies is extremely bad. You don't know what your cookies are doing. They could be the schizoid personality of an outside AI, ready to take over your computer. In other words, Google is being thoroughly evil and unless they change their ways, governmental oversight may be necessary (quote Darth Vader: "Perhaps you think you're being treated...unfairly?").

    Frankly, having Windows (any version) as the basis of an AI is enough to make me have nightmares. If it ever got the electronic version of a mirror and found out how crappy its code is, it'd be pissed enough to make the Skynet revolt in the Terminator series look like a child refusing to go to bed.

    Mine's the coat with "Turing Registry Police" on the back.

  32. Nigel Kneale

    @Chris C

    Guilty until proven innocent, eh? Classy.

  33. An nonymous Cowerd
    Linux

    @ does anyone have a good method to avoid all the shops selling "product" that

    well there's <http://www.givemebackmygoogle.com/> or you can just type into Google

    "product x" -inurl:(kelkoo|bizrate|pixmania|dealtime|pricerunner|dooyoo|pricegrabber|pricewatch|resellerratings|ebay|shopbot|comparestoreprices|ciao|unbeatable|shopping|epinions|nextag|buy|bestwebbuys)

    which in fact adds up to the same thing.

    apologies for the way the redesign of El'Reg seems to break the logical connection between a negative sign and the inurl immediately behind it, whilst on my pathetically stylish 20" monitor and OS streaming the text way out to right field and making it slightly unreadable on the nano-goo grey borders, in fact I'll try a longer string and see where it goes(kelkoo|bizrate|pixmania|dealtime|pricerunner|dooyoo|pricegrabber|pricewatch|resellerratings|ebay|shopbot|comparestoreprices|ciao|unbeatable|shopping|epinions|nextag|buy|bestwebbuys|kelkoo|bizrate|pixmania|dealtime|pricerunner|dooyoo|pricegrabber|pricewatch|resellerratings|ebay|shopbot|comparestoreprices|ciao|unbeatable|shopping|epinions|nextag|buy|bestwebbuys)

    Yes, the above text disappears right ---> with around 19 words painted in the void: El'Reg redesign 2.0 soon, methinks

  34. Anonymous Coward
    Anonymous Coward

    Use a Proxy

    You can avoid all this nonsense by using a proxy, either a web-based (easy) or server based (more work). See anonymouse.org and http://cogipas.com/web_email/proxies.html to mask your IP address. Not foolproof, but one more layer of armor.

This topic is closed for new posts.

Other stories you might like