Google decreased the length of time and amount of information the company holds on users’ preferences and searches Monday with the announcement that it will shorten the lifespan of the small parcels of information it stores on users’ computers, known as “cookies.” The lifespan of Google’s cookies will be shortened from more than 30 years to a comparatively brief two years, the company said.
“We are committed to an ongoing process to improve our privacy practices, and have recently taken a closer look at the question of cookie privacy,” said Peter Fleischer, global privacy counsel at Google. “How long should a Web site ‘remember’ cookie information in its logs after a user’s visit? And when should a cookie expire on your computer? Cookie privacy is both a server and a client issue.
“After listening to feedback from our users and from privacy advocates, we’ve concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies. … In the coming months, Google will start issuing our users cookies that will be set to auto-expire after two years,” he continued.
The decision comes four months after Google announced that it would “anonymize” data logs containing details on users’ searches — such as search queries, IP addresses and cookie ID numbers — after 18 to 24 months. The policy would make the data “much more anonymous, so that it can no longer be identified with individual users,” the company stated.
Cookies are bits of information sent from a Web site’s server, in this case Google’s search servers, to a visitor’s Web browser, Jen Albornoz Mulligan, a Forrester Research analyst, explained to TechNewsWorld. They can track information about what Web sites the user visits and what searches are conducted.
There are two types of cookies. First-party cookies are those supplied, read and used by the same server. Third-party cookies are cookies set to track users across multiple Web sites and are commonly used by advertisers to improve targeted advertising.
“[Cookies] can keep track of this information over time, even if the computer switches IP addresses, such as moving from home to work,” Mulligan continued.
As is often the case, however, the very technology that makes using the Internet a bit easier at the same time poses a significant risk to users’ privacy.
Cookies issued by Google enable users to maintain search histories and to personalize their iGoogle homepages, among other things. While beneficial for users, Google also uses the data to provide better search results as well as targeted advertising. The information is not just a boon for Google and its users; the government can also subpoena the data for use in its investigations, criminal and otherwise.
Google set its cookies to expire in 2038, Mulligan said, so that the company will know users’ preferences over a long time. The time span of 30 years was arbitrarily chosen. “They probably wanted to be sure that they’d have the settings saved for as long as they’d imagine someone could possible keep their computer.”
From 2038 to 2009
Although Google touts the reduction of its cookie lifespan as a boon for privacy, the policy revamp is in fact merely a “mild concession,” according to Mulligan. The cookies may be set to auto-expire after two years, but they have also been programmed to auto-renew for active users.
In other words, say a student goes to Google for the first time to research an eighth grade science project. After it is completed, she does not return to the site again until the 11th grade. In that scenario, any cookies deposited on the student’s computer would have expired. However, if the student used the site on a daily basis, each visit would reset the cookie’s expiration date to two years from the most recent visit. That, Google said, will ensure that users’ preferences are not lost.
“It is a step in the right direction, but two years is still a relatively long-lasting cookie,” Mulligan pointed out. “The new policy does a better job of conforming to the privacy principles of collection limitation and use limitation — meaning data should only be collected if it is really useful — and should only be used for the purposes previously stated.”
On the up side, Mulligan noted, Google’s policy change will “force consideration of the issue by other search engines, just as now the EU (European Union) is looking at Lycos and Microsoft for how long they keep logs as well.”
Google, she added, is in a strong position to do some very good public privacy awareness campaigns that would go a long way in protecting users’ privacy. “They have a lot of users and could actively teach those users about privacy and cookies,” she continued. “They should train users about setting proper privacy controls, in their browser and on their machine.”
Users, for instance, who really want to keep cookies off of their computers can set their Web browsers’ privacy options to reject those cookies automatically.
The company needs to take their privacy considerations one step further, Mulligan stated, and review new products with a more discerning eye towards privacy to prevent issues such as inappropriate pictures on Google Earth.
“Google has been skewered by the media unfairly compared to its peers,” Mulligan concluded. “It generally has not done anything worse [than other Internet search providers] and is garnering attention because it is the most popular. But with that popularity comes the responsibility to set a good example and behave ethically. Google is clearly working through the pain of having to trade off business effectiveness and user privacy, which is difficult for any business.”