"...It is difficult to guarantee complete anonymization, but we believe these changes will make it very unlikely users could be identified."

For a very reasonable fee, I can guarantee complete anonymisation of IP address data. Now why can't Google when they have so called experts on their staff who's skills in such areas are way beyond mine? Surely there is someone smart enough on their staff who can write code to change all those public IP addresses into private ones? Even easier write code to replace all those digits with x's.

We really need a bullshit icon

If one does erase cookies, the old and new cookies could be associated by IP address, browser fingerprints, and common login ids. Knowing google these associations probably are recorded and will not be included in the scrubbing.

In order for google's claims to be genuine they must not only wipe the ip address, but also wipe all records generated by IP address matching algorithms. Otherwise this is nothing more than a publicity stunt.

adnim is right, any average sysadmin could figure out how to remove the IP address data. I wouldn't be surprised if google's delay is due to them tweaking the stored data such that they still still be able to follow the trails even after after removing IP addresses.

Does anyone know how long google plans on keeping the data without IP addresses?

What on Earth is that ? When I surf on a page does my browser mark its unique serial number or something ?

I use Firefox v2.0.0.16, like millions of other people. Are you saying that one can target my specific session based solely on "browser information" ?

I'm sorry but I simply cannot believe that my browser in itself can be used to sort out my data from someone else using the same browser on a different IP address.

... trust Google.

Simple as that. Use other services wherever possible but if you must use Google to search, do so via http://anonymouse.org and clear cookies on exit.

What are the nice people at Google doing with this data anyway? At least Phorm told us what they were going to do with their "anonymous but user-specific" data, what are Google doing with theirs?

But why does it matter if they do or don't know what I've been looking at?

To protetc teh privayc of thsi messaeg soem of teh charactesr haev bene swappde. As yuo can see it rendesr teh messaeg completeyl indecypherabel.

If your email account is with GMail, then they've already got it. If not, I'm not sure how you think Google are suddenly going to know what your email password is.

The bottom line is that, to use Google, I have to -gasp- give google my search terms and -gasp- click on one of the links they serve me. That is what they can log, nothing else. Personally, I don't care whether they keep a log of these or not.

http://www.theregister.co.uk/2008/09/09/google_nine_months_data_anonymization/comments/#c_313847

Please, every Google-hater here, please list all the bad things that have happened precisely because Google keeps usage statistics. All I'm seeing here is fear and paranoia.

Presumably the data is being stored for marketing purposes. People googling for nappies, soon google for prams then for local schools. That sort of thing. Which they can then use to preempt your next searches with a targeted advert for prams and schools in your nappy search results.

However, I bet (hope) all they're getting is noise. If the results from the current targeted ads on goggle are anything to go by.

So, does it matter if google know more about your future than you do?

In my opinion, if it worked, then I don't care. If it's just a thinly veiled excuse to expose me to more adverts for drugs, free money and body part modification, then I'd prefer it if they would sod off and leave me to what I actually look for rather than what they think.

Which reminds me, does anyone have a good method to avoid all the shops selling "product" that you're searching for more information about. I'd almost be prepared to pay for a check box "I don't want to buy one of these I just want related documentation"

Well, there was those guys they grassed up in China wasn't there?

That would be Yahoo. All Google has done is filter search results - unless you can provide URLs saying otherwise.

use http://www.ixquick.com/ instead. they only keep IPs 48 hours, and its a solid search engine. theres a reason it won the European Privacy Seal.

"Please, every Google-hater here, please list all the bad things that have happened precisely because Google keeps usage statistics. All I'm seeing here is fear and paranoia."

Ah, so you're a fan of the "if it hasn't happened yet, it won't happen" game? Perfect! I have not died yet. I guess that means I'll never die. Sounds good at first, but I might grow bored after 600 or 700 years. Also, I have never been hit by a vehicle. Does that mean I can walk across the street without looking without fear of being hit?

Or, if you'd like a better analogy, a couple of years ago, TJX's network had not yet had its bleeding-edge WEP encryption cracked, and crackers had not captured the details of 49 million accounts. But we all know how that turned out.

Up to 9/11, the US government had not systematically stripped away the rights guaranteed to us by our Constitution, and they at least gave the impression of honoring the Bill of Rights. That's not the case anymore.

Just because something hasn't happened YET doesn't mean it won't happen. And in this case, "fear and paranoia", as you put it, is justified. With overzealous governments, "law enforcement" agencies, and good old witch hunts, having your search data stored for so long can come back to bite you in the ass. Especially if you happen to enter a search query which either was acceptable and now is not, or that can be taken out of context. For example, imagine the government's interest in search records for "Anthrax" before and after the US' anthrax-in-the-mail problem. Or a search for "holy war punishment due".

In the current political climate, paranoia is justified. Yes, we can eliminate the problem of stored search queries by not using search engines, but the point of this post was to point out the idiocy of your comment.

If all you google haters are so against Google serving you ads based on your surfing habits, don't use google. Google is free, and it works really well. Don't complain about free things! They make money from advertising to provide you a service. If you don't like how they make their money, don't use their free services.

Read my email? Yes, i'm very sure Google is interested in reading the emails of a few hundred million people.

There's a difference between reading an email and parsing an email. I definitely mind a human reading my email, but if a computer was parsing it looking for keywords to decide what ads would appear on the page, I really, really don't care. How does it affect you? Apart from paranoia.

What's to prevent any internet company from doing the same? They all have access to your email.

Steal my passwords? What, you're all using the same password for all your accounts? tsk tsk.

Bottom line: You google-haters aren't as important as you think. Nobody really cares enough about you to bother to sit down and read your email. You're not that interesting. Really. Paranoia paranoia paranoia.

Did you know that word processors ... read ALL your documents? How else would they know when to put a squiggly red line under mistyped words? Not to mention, online spellchecks on other webmail providers! GASP!! Oh... oh wait... there's a difference between a human reading what you write, and a dumb computer parsing information. Saying "google reads all your emails" is deliberately misleading to instill paranoia in those who like to sensationalize things. Google doesn't "read" your email like a human does. Computers don't "read" things. They recognize things. OCR isn't called Optical Character Reading for a good reason.

Still paranoid? Don't use any google products, and stop trying to "convert" people by sensationalizing things. Don't even use google products through an anonymizer if you're against the way the company makes money to provide you with that free service.

Guilty until proven innocent, eh? Classy.

You can avoid all this nonsense by using a proxy, either a web-based (easy) or server based (more work). See anonymouse.org and http://cogipas.com/web_email/proxies.html to mask your IP address. Not foolproof, but one more layer of armor.