Slashdot Log In
Google Will Anonymize IP Logs Faster
Posted by
timothy
on Tue Sep 09, 2008 09:56 AM
from the time-to-make-a-baby dept.
from the time-to-make-a-baby dept.
An anonymous reader writes "The BBC reports on some changes to the data retention policy at Google in response to pressure from European authorities, but also included in the article is information about why Google claims they need to retain non-anonymised data for so long. Improving services, sure, but preventing fraud? Aiding 'valid legal orders'?"
Reader s0ckratees points to some commentary on the change at Google's official blog. The upshot: IP addresses in Google's logs will be anonymized after nine months, rather than 18 as previously.
Related Stories
Firehose:Why Google keeps non-anonymised search data by Anonymous Coward
[+]
Technology: Questioning Google's Privacy Reform 134 comments
JagsLive makes note of a story questioning whether Google's recent commitment to anonymize IP logs faster is really as good as it sounds. We discussed their announcement a few days ago. CNet's Chris Soghoian takes a closer look:
"While the company hasn't said how it de-identifies the cookies, it has revealed in public statements that its IP anonymization technique consists of chopping off the last 8 bits of a user's IP address. As an example, an IP address of a home user could be 173.192.103.121. After 18 months, Google chops this down to 173.192.103.XXX. Since each octet (the numbers between each period of an IP) can contain values from 1-255, Google's anonymization technique allows a user, at most, to hide among 254 other computers. ... Google has now revealed that it will change "some" of the bits of the IP address after 9 months, but less than the eight bits that it masks after the full 18 months. Thus, instead of Google's customers being able to hide among 254 other Internet users, perhaps they'll be able to hide among 64, or 127 other possible IP addresses. By itself, this is a laughable level of anonymity. However, it gets worse."
This discussion has been archived.
No new comments can be posted.
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Full
Abbreviated
Hidden
Loading... please wait.
Scrape it (Score:3, Funny)
To sparkling shine
So the chin
Hairless, divine
Burma Shave
So if you live in china (Score:4, Interesting)
And the government wants to know who's been searching for things they don't approve of they have to ask google for the logs every 9 months rather than every 18 months.
Re:So if you live in china (Score:4, Insightful)
You may not like that Google keeps data, but they have an almost perfect record for keeping it private from others. Or did you not see the fuss they raised over YouTube data, and how even after being ordered to turn over their data, they still fought to reach a compromise that protected user privacy?
As for China, there's a reason Google keeps literally zero servers on Chinese soil. Even data for Chinese nationals is kept out of China, specifically so Google won't have to turn it over.
Short of not keeping data at all, there is pretty much nothing more they can do to protect privacy. But that's never enough for SlashDot...
Parent
Re:So if you live in china (Score:5, Insightful)
China is the least of my concerns. How about the Justice Department [zdnet.com] or the Department of Homeland Security?
The Europeans might be pressuring Google to reduce its retention periods, but I suspect that Google heard the opposite point-of-view from the government here in the USA.
Frankly I think that none of Google's logs should carry identifying information. If they need to track IPs for some reason, put them in a separate database table that's unconnected to the contents of the search strings. Keeping this information much beyond a week or two seems unreasonable to me.
Parent
Re: (Score:3, Insightful)
In fact google clearly state they are only anonymising the users IP address and do not talk about any other long term user records. Even their pr
Re: (Score:3, Insightful)
The Europeans might be pressuring Google to reduce its retention periods, but I suspect that Google heard the opposite point-of-view from the government here in the USA.
Interesting the Europeans want Google to not keep logs on people, the complete opposite of the European Union who have no problem on keeping logs of people for ever longer time to see if they are a threat (to them getting voted out). The oppression loving UK government is interested in unlimited retention time of data.
http://news.bbc.co.uk/2/hi/europe/4527840.stm [bbc.co.uk]
The European Parliament has approved rules forcing telephone companies to retain call and internet records for use in anti-terror investigations. Records will be kept for up to two years under the new measures.
Re: (Score:3, Funny)
Whew! Good thing I'm in America.
Why the question. (Score:2)
but preventing fraud? Aiding 'valid legal orders'?
While I would say IP addresses shouldn't be the only method for these protection they do help.
Wow every site within 123.45.67.x seems to have a virus and malware on it. Oh a new site was scanned its address is in 123.45.67.x lets not publish right away lets put it threw full check. Or say 98.76.54.* always had clean site that were legit. A new site was found Well lets put it threw the quick checks and post it and queue it for full scan for later.
Yes knowing
Re: (Score:2)
Improving services, sure, but preventing fraud? (Score:5, Insightful)
Improving services, sure, but preventing fraud?
Sure - AdWord fraud. Scrubbing logs quicker means less leeway for click fraud to be discovered.
Google handing data over... (Score:2)
Google is handing data over to a few 3 letter agencies. BIG SHOCK! OH NO! NSA Reads my email!
Seriously, I put google not handing over such data at somewhere between 0 and -1.
Why not after DHCP lease expires... (Score:2)
Figure out a pseudo average for a DHCP lease... say 72hours, and make anonymous after that?
9 months are too long (Score:3, Informative)
Actually, the IP should not be stored at all. Google might want to analyze the IPs to analyze and prevent attacks on its servers and additionally to get location information for its ad services. But there is no need to store it for a longer period -- unless you want to start massive data mining projects, which is exactly what is feared most from a privacy point of view.
So, any good news would be that the IP is not stored at all (except very temporarily).
Google anonymizing in China/India (Score:2, Informative)
What difference does it make to reduce this 18 months to 9 months log retention period?
Will Google anonymize logs in other countries too?
How about Google China? It respectfully hands over logs to the authorities on demand anytime. Same with Google India [wired.com].
I've just done it. (Score:4, Funny)
Re: (Score:2)
Re:Just out of interest (Score:5, Insightful)
Salting goes without saying -1 uninsightful
I'm talking about the fact that it's 2008, and that search space could be exhaustively searched in a matter of hours on a desktop machine.
As the poster below me points out, "throw away the salt" is an answer, but it means the logs can only be compared to other logs in the time frame that you were using that salt.
Maybe IPv6 will make anonymized logs more feasible because of the 2^128 search space.
Parent
Re: (Score:2)
How do you Anonymize IP logs?
By using Scroogle [scroogle.org].
Note to mods:
I got my karma for this post here [slashdot.org], don't mod me up again for the same information <grin>.
Re: (Score:3, Funny)
I'm hypertensive, you insensitive clod.
Re: (Score:3, Insightful)
So I generate a table with 2^32 IP addresses and their MD5 with themselves as the salt, it doesn't enlarge the search space in this situation and I can then easily do a binary search to find what the origional IP was.
Re: (Score:2)
The summary reads "...Google claim they need to retain..." The use of *claim* rather than *claims* suggests that Google is being viewed as something other than a single entity.Am I missing something or was that just a typo?
I'm sure their partners will retain the good stuff.
Re: (Score:2)
British English, dude. At some registers, collectives are viewed as plural, not singular.
Search BBC stories for "Microsoft are" and such. (Whether that somewhat informal register should be used in BBC pieces is another topic entirely...)
Re:9 Months (Score:5, Insightful)
considering the amount of data Google processes on a regular basis, a 9 Month backlog isn't that unreasonable.
i'm more concerned about Google not handing my data over to 3rd parties or governments than their retaining records of my searches. as long as they're willing to stand up for the rights of users, they can hold my search data for as long as they need to improve search results, reduce spam, and develop personalized search features.
Parent
Re: (Score:3, Insightful)
considering the amount of data Google processes on a regular basis, a 9 Month backlog isn't that unreasonable.
Sure it is. Why? Because they are collecting data continuously and if it takes a long time to process what they've collected, more data is backlogged, and it keeps spiraling out of control. In fact, if it takes more than 24 hours to process 1 day of data, the backlog will increase without limit. The proper thing to do is to apply proper anonymization to the information immediately so you don't
Re:9 Months (Score:5, Insightful)
first off, Google's processing capacity isn't static, it's constantly growing. just because it takes more than 24 hrs to process a certain set of data doesn't mean that the backlog will increase without limit. that isn't a logically sound argument.
if you take that argument and reduce the time frame from 1 day to 1 hour->1 minute->1 millisecond... so on and so forth, you reach the conclusion that if Google is unable to instantaneously process/analyze every piece of data the exact moment it is received or created, then their backlog will increase without limit.
sometimes data needs to accumulated before it can be processed. for instance, to observe search trends, or to compare e-mails for spam analysis, etc. sometimes logs need to be kept for extended periods of time--that's why they're called logs--or data is retained for repeat analysis.
i don't know what exactly Google retains user data for or what kind of analysis they do, but it's understandable if some data needs to be retained in its original state for certain types of research or analysis. if they were going to release network measurement data to 3rd parties, as that paper you linked to discusses, then, yes, i would expect Google to follow their own anonymization guidelines. but like they've stated in their press release, it's all about finding a balance between protecting user privacy and improving the quality of their services.
perhaps the best thing to do is to give users the option to have their search requests retained for improving personalized search results, and let them enable/disable this feature as it suits them. all other data will simply be processed for a set period of time and then expunged.
if they're not releasing server logs to anyone, anonymization isn't really necessary. though i'm sure they allow users to access their services through anonymous proxies.
Parent