Catch up on stories from the past week (and beyond) at the Slashdot story archive


Forgot your password?
Privacy Businesses Google The Internet

Google Will Anonymize IP Logs Faster 97

An anonymous reader writes "The BBC reports on some changes to the data retention policy at Google in response to pressure from European authorities, but also included in the article is information about why Google claims they need to retain non-anonymised data for so long. Improving services, sure, but preventing fraud? Aiding 'valid legal orders'?" Reader s0ckratees points to some commentary on the change at Google's official blog. The upshot: IP addresses in Google's logs will be anonymized after nine months, rather than 18 as previously.
This discussion has been archived. No new comments can be posted.

Google Will Anonymize IP Logs Faster

Comments Filter:
  • Scrape it (Score:3, Funny)

    by smittyoneeach ( 243267 ) * on Tuesday September 09, 2008 @09:56AM (#24932173) Homepage Journal
    Scrape the log
    To sparkling shine
    So the chin
    Hairless, divine
    Burma Shave
  • by HungryHobo ( 1314109 ) on Tuesday September 09, 2008 @10:03AM (#24932285)

    And the government wants to know who's been searching for things they don't approve of they have to ask google for the logs every 9 months rather than every 18 months.

    • by Anonymous Coward on Tuesday September 09, 2008 @10:31AM (#24932649)

      You may not like that Google keeps data, but they have an almost perfect record for keeping it private from others. Or did you not see the fuss they raised over YouTube data, and how even after being ordered to turn over their data, they still fought to reach a compromise that protected user privacy?

      As for China, there's a reason Google keeps literally zero servers on Chinese soil. Even data for Chinese nationals is kept out of China, specifically so Google won't have to turn it over.

      Short of not keeping data at all, there is pretty much nothing more they can do to protect privacy. But that's never enough for SlashDot...

      • Like any other company, google will roll over if the price is right or the US government is turning the screws.

        • by Gerzel ( 240421 )

          That order was from the US government and they were turning the screws, perhaps not that hard but they were turning.

          Now I don't think google is the great force of good, but it so far is at least neutral which is more than can be said for most companies its size and scope.

      • It has to do with the accumulation of a lot of wealth by Google, and the fact that Google's business is optimized by collecting data about the users using its free services. It also has to do with the fact that no security system is impregnable, especially if it's connected to the internet as closely as Google is.

        Some conspiracy theorists think that this means Google cannot possibly collect user data in a responsible way that does not breach privacy, or that there is no guarantee that Google will not releas

    • by yuna49 ( 905461 ) on Tuesday September 09, 2008 @10:58AM (#24932981)

      China is the least of my concerns. How about the Justice Department [] or the Department of Homeland Security?

      The Europeans might be pressuring Google to reduce its retention periods, but I suspect that Google heard the opposite point-of-view from the government here in the USA.

      Frankly I think that none of Google's logs should carry identifying information. If they need to track IPs for some reason, put them in a separate database table that's unconnected to the contents of the search strings. Keeping this information much beyond a week or two seems unreasonable to me.

      • Re: (Score:3, Insightful)

        by rtb61 ( 674572 )
        Do you realise how pointless it is anonymising IP adresses after 18 months or even 9 months, via simple data base associations they can link access to a particular individual and no longer need the IP adress for longer term analysis. Based upon those records and intervening IP adress records any new access can be tied to existing database and the individual user.

        In fact google clearly state they are only anonymising the users IP address and do not talk about any other long term user records. Even their pr

      • Re: (Score:3, Insightful)

        by Wowsers ( 1151731 )

        The Europeans might be pressuring Google to reduce its retention periods, but I suspect that Google heard the opposite point-of-view from the government here in the USA.

        Interesting the Europeans want Google to not keep logs on people, the complete opposite of the European Union who have no problem on keeping logs of people for ever longer time to see if they are a threat (to them getting voted out). The oppression loving UK government is interested in unlimited retention time of data. []

        The European Parliament has approved rules forcing telephone companies to retain call and internet records for use in anti-terror investigations. Records will be kept for up to two years under the new measures.

      • The Europeans might be pressuring Google to reduce its retention periods, but I suspect that Google heard the opposite point-of-view from the government here in the USA.

        I also suspect they heard the opposite view in Ireland. It's fun to make flippant statements isn't it? Check out the actual news from Europe and you may find that the grass isn't greener over there.

    • Truly, a human rights victory for the ages! Like that place ... uh ... what's it called? Something "square". I think it might be in India. Google's not coming up with anything.

    • Re: (Score:3, Funny)

      by zoogies ( 879569 )

      Whew! Good thing I'm in America.

  • How do you Anonymize IP logs?
    Any hash can be "reversed" because the search space is so small in this case (2^32)

    On the other hand, any one-one mapping can only be compared to others in the log whilst you keep the mapping. (or key that you hashed your IP addresses with)

    I read google scrubbed out the last octet of the IP. If that is so, that process doesn't really deserve the name anonymize.

    • by maxume ( 22995 )

      Throw away the salt.

      You still have the "Netflix problem", but that was related to the users publicly disclosing large amounts of information on a different site, which probably wouldn't come into play here.

    • I guess you never heard of salting [] your hash function?
    • by sakdoctor ( 1087155 ) on Tuesday September 09, 2008 @10:30AM (#24932639) Homepage

      Salting goes without saying -1 uninsightful

      I'm talking about the fact that it's 2008, and that search space could be exhaustively searched in a matter of hours on a desktop machine.

      As the poster below me points out, "throw away the salt" is an answer, but it means the logs can only be compared to other logs in the time frame that you were using that salt.

      Maybe IPv6 will make anonymized logs more feasible because of the 2^128 search space.

    • by Fusen ( 841730 )
      you could simply use md5 and use the IP as it's own salt.
      • Re: (Score:3, Insightful)

        by HungryHobo ( 1314109 )

        So I generate a table with 2^32 IP addresses and their MD5 with themselves as the salt, it doesn't enlarge the search space in this situation and I can then easily do a binary search to find what the origional IP was.

    • How do you Anonymize IP logs?

      By using Scroogle [].

      Note to mods:
      I got my karma for this post here [], don't mod me up again for the same information <grin>.

    • use new encryption key every day. throw away the key that is 9month+1day old. problem solved.
    • I'd like to know if they also commit to anonymizing the client ID that is associated with every Chrome installation and the associated history tied to your account. After all, what's the point of anonymizing the IP data if your Chrome installation is tracking everything anyway? The same company would hold all the same information.

    • I should have been way more specific here.

      What I'm saying is that IP (v4) addresses are uniquely problematic for being pseudonymized from the perspective of a web master, because of the tiny search space.
      You wouldn't choose a 10 digit only password would you?

      Say the threat model here is you are running a website and you get subpoenaed.

      It would be great to be able to say, "OK here is a list of hashes of IP addresses, that's all I've got, have fun." ...but you can't do that for the reason I said above. If you

    • by Dan541 ( 1032000 )

      The same way /. Anonymizes email addresses.


  • but preventing fraud? Aiding 'valid legal orders'?

    While I would say IP addresses shouldn't be the only method for these protection they do help.

    Wow every site within 123.45.67.x seems to have a virus and malware on it. Oh a new site was scanned its address is in 123.45.67.x lets not publish right away lets put it threw full check. Or say 98.76.54.* always had clean site that were legit. A new site was found Well lets put it threw the quick checks and post it and queue it for full scan for later.

    Yes knowing

    • by ianare ( 1132971 )
      Web sites are, by their very nature, indexed by IP address. No one is suggesting anonomyzing web sites.

      What is being anonymysed are the IP addreses of people that do a google search.
    • by n3tcat ( 664243 )

      Wow every Arab country seems to hate us and throw planes at us. Oh a new male was seen in an airport. His ethnicity is Arabic lets not let him board the plane right away lets put it threw(sic) full check. Or say whitey always had clean papers that were legit. A new white boy was found Well lets put him threw(sic) the quick checks and let him board and queue it for full scan for later.

      Fixed that for you. Hope you see the lunacy of your statement now.

      • Your argument has flaws in it.
        Checking IP Address is less like profiling an individual but the location. Even before 9/11 there has always been more security from people entering from plane in a different country. A plain from UK would be treated differently then a Plane from Switzerland (even if all the passengers are White Americans).
        While they will all be security checked. There are fast tracks open for known friendly location vs. Neutral Locations.

        If it is known that a Netblock owner is lax about the c

  • Improving services, sure, but preventing fraud?

    Sure - AdWord fraud. Scrubbing logs quicker means less leeway for click fraud to be discovered.

    • Has anyone ever heard a convincing reason why the data is needed for even this long? I don't mean nebulous claims about "improving" the service for the "customer", but actual 2+2=4 reasons.

      • I don't think Google *needs* a reason - they are scrubbing it out of good will more than anything.
        • they are scrubbing it out of good will more than anything.

          Well, not really. The European advisory group was recommending a 6 month maximum, and Google were at 18. As Microsoft have learned, Europe is not shy about going after megacorps that think they are above its laws, and privacy and data protection issues are hot political topics in various EU countries right now, with a lot of media coverage of leaked data and rising public awareness of the dangers associated with such things.

          This was done out of "good will" for the same reasons that industries accept "volunt

    • [citation needed]
  • Google is handing data over to a few 3 letter agencies. BIG SHOCK! OH NO! NSA Reads my email!

    Seriously, I put google not handing over such data at somewhere between 0 and -1.

    • Are we talking 32-bit signed integers? Because if so, there's a lot of room between 00000000000000000000000000000000 and 11111111111111111111111111111111.

  • Figure out a pseudo average for a DHCP lease... say 72hours, and make anonymous after that?

  • by AtomicJake ( 795218 ) on Tuesday September 09, 2008 @10:26AM (#24932589)

    Actually, the IP should not be stored at all. Google might want to analyze the IPs to analyze and prevent attacks on its servers and additionally to get location information for its ad services. But there is no need to store it for a longer period -- unless you want to start massive data mining projects, which is exactly what is feared most from a privacy point of view.

    So, any good news would be that the IP is not stored at all (except very temporarily).

    • -- unless you want to start massive data mining projects, which is exactly what is feared most from a privacy point of view.

      Aehmm, I don't know, how you would describe the inner processes of a search engine, but in my book massive data mining is involved. So you got at least one motive to store massive distributed data, like say, the IP and search terms from 75% of Internets population: Testinput, ZeitGeistmaterial or localized ads and/or search results. Sorry, but storing data is a result of computing data and entering data.

      Remember: It's not the information that hurts, it's the way you use and react to it.

      • -- unless you want to start massive data mining projects, which is exactly what is feared most from a privacy point of view.

        Aehmm, I don't know, how you would describe the inner processes of a search engine, but in my book massive data mining is involved.

        Agreed, but you do not need to store persistently for months the IP address of the requester. You can store the tags with the requests (such as location info, AS range of the IP). For more personalized computations you can use cookies -- at least with cookies the requester has some sort of control over his information.

        Apparently, Google does not require the IP info after 9 months. So, what do they do with the IP address during those 9 months? Why can't they do it more or less immediately and then jus

    • by skeeto ( 1138903 )

      9 months are too long

      I am sure many women, especially mothers, agree.

  • What difference does it make to reduce this 18 months to 9 months log retention period?

    Will Google anonymize logs in other countries too?

    How about Google China? It respectfully hands over logs to the authorities on demand anytime. Same with Google India [].

  • by caluml ( 551744 ) <> on Tuesday September 09, 2008 @10:41AM (#24932765) Homepage
    It's OK - I just did it.

    peon@google ~ $ /bin/su -
    google ~ # psql searchlogs scooby -W
    Welcome to psql 8.0.15, the PostgreSQL interactive terminal.

    Type: \copyright for distribution terms
    \h for help with SQL commands
    \? for help with psql commands
    \g or terminate with semicolon to execute query
    \q to quit

    searchlogs=> DELETE FROM searchlogs WHERE ts < NOW() - INTERVAL '9 months';
    DELETE 551719812875516
    searchlogs=> \q
    google ~ # logout
    peon@google ~ $ logout

  • It appears this 18 months, or 9 months as it is now, does not apply to Google Web History when you are logged into your google account. My Web History log goes back to April 2005.

    I for one am glad they are not deleting the Web History log at 9 months. It is nice to be able to peruse through my searches done years ago.

    • I for one am glad they are not deleting the Web History log at 9 months. It is nice to be able to peruse through my searches done years ago.

      We Agree.

      --Your Friendly Neighborhood TLA

  • ...'George Will Anonymizes IP Logs Faster'?

    I gotta loosen my bow tie a bit and get back to work.

  • by nurb432 ( 527695 )

    Extend record retention times out by law. Google will have to comply or no longer do business there.

    Nice try tho.

  • I always thought Google should buy Sealand or some other country and move it's operations there outside of United states laws, it would do a lot of good if we had a country that didn't have such crap... abuses of new countries laws or lack of laws non-withstanding

  • Even if IP addresses are removed or changed, search history is still not anonymous unless the records of search results get shuffled together. As long as all the search terms and results from one address are kept together in one record or otherwise tied to a unique identifier of any kind, your search habits and results can still be traced back to you. Anonymous search data is a myth.
  • Now I only have to escape 9 months after I blow up a school! And then they'll never know I searched google to make the bomb. Thanks Google!

  • Tor isn't great for high bandwidth connections, but I think it's just perfect to make sure all of those do-gooder large corporations don't get a choice about anonymizing IP addresses. []

  • EU should not say anything unless they do something about "The retention of data generated or processed in connection with the provision of publicly available electronic communications services or of public communications networks and amending Directive 2002/58/EC" [] which makes member countries pass laws that requires ISP's to save IP-adresses etc. for from 1/2 to 2 years.

VMS must die!