By Kevin Murphy
A Google executive has accused rival Autonomy of spreading untruths about Google's enterprise search products to potential customers. The two companies are disputing the contents of a leaked sales document that Google says shows Autonomy making "downright fabrications" about its enterprise search software.
A Google executive said in a company blog that an Autonomy document, which he refers to as a white paper, "would lead a customer or prospect to believe a number of things about Google that are just fundamentally not true."
Autonomy, in a statement sent to Computer Business Review, said the paper in question was "outdated" and "intended for internal use", but went on to reiterate some of the paper's claims that Google's enterprise search products have "considerable weakness".
The paper itself appears to be a document used by Autonomy's salespeople and resellers when customer prospects ask about Google Appliance and Google Mini. It was published online by a Korean reseller, without Autonomy's permission, according to Autonomy.
It claims that the Appliances are "simple keyword search engines contained within a black box" that lack relevancy, are insecure, and are often unable to index data found in content management systems and databases.
Matthew Glotzbach, product management director for Google Enterprise, refuted five of the document's claims in a blog posting entitled "You can't believe everything you read".
"The paper would lead a customer or prospect to believe a number of things about Google that are just fundamentally not true," he wrote. "Inaccuracies about our enterprise ranking algorithms, and downright fabrications about our security and access control capabilities."
Claims that Google Appliance "relies" on web links to determine relevancy are "false and misleading", Glotzbach wrote. "Google's enterprise search algorithms rely on hundreds of factors, only one of which is PageRank," he wrote.
He added that claims that Google cannot tie into other enterprise systems out of the box are wrong, and that "perhaps the most egregious statement in the whole document" is that Google's appliances wantonly index documents without regard for security.
Autonomy said that the paper was published internally "over a year and a half ago", and that it is constantly revised with new information as products are updated.
In fact, the paper, a copy of which we managed to extract from Google's web cache after the Korean reseller deleted it, contains a few quotes from a Financial Times article dated June 12 2006, so it appears to be a little more recent than Autonomy claims.
Autonomy also stuck to its guns to a certain extent, in a statement: "Many of the areas referenced such as relevancy, security and repository access are still those of [Google's] considerable weakness".
"Despite Google's brand momentum and its presence in the market for three years, we see it in less than 1% of all deals we do, as large enterprise customers are very educated and know the difference," Autonomy said.
The Autonomy sales document contains a 2006 quote from Gartner analyst Whit Andrews that may back up that claim: "Bottom line - Is Google something that should be considered for an enterprise search project. Yes, it should be. Should it always make it to the last round of vendors before the final one is selected? Probably not."
Friday, July 27, 2007
Wednesday, July 25, 2007
Canadian ISVs Digest Google’s Cookie Policy
Google’s decision to issue cookies with an automatic two-year expiry for users who don’t return to the search site may not be an earth-shattering move, but it’s the company’s recognition of a privacy issue that really counts, an expert said.
The cookies act as tracking files for user search preferences, such as keywords, primary language, number of results per page, and options to filter out sexually explicit websites. The cookies, which are installed on users’ computers, are currently subject to a blanket expiry date of 2038.
Although it’s "about time" that Google made such a change, the two-year time frame for storing user preference data is probably still too long, said David Fewer, staff counsel at Ottawa, Ontario-based Canadian Internet Policy and Public Interest Clinic (CIPPIC).
However, the bigger issue, he added, is the acknowledgment by the company of a larger underlying matter. "Google’s move here is a recognition that they’ve got to do more."
Google’s announcement isn’t terribly significant, according to Michael McDerment, CEO of Toronto-based Freshbooks, an online invoicing and time-tracking service.
"If no one’s using the cookies for two years, there’s no data being collected anyway, and chances are the computer that created those cookies is obsolete," he said. "It says nothing, to be honest, as far as I can tell."
McDerment thinks Google’s announcement is not all that meaningful, and is garnering interest due to the company’s renown. "These sound like very standard things, nothing to write home about."
But given the advent of Web 2.0 and vendor-hosted services, there should be an industry standard that’s compliant with the law to guide data-retention time frames, said Fewer. "Surprisingly, in this day and age we’re still talking about that being something that industries aren’t doing a good job [at]."
But it’s not that simple, he said: "Does that mean two years, two months, two days if you’re talking about a particular term? It will depend on what’s fair in the circumstances."
McDerment agreed that it’s difficult to establish a blanket standard for user data retention across industries, as it "really depends on what you use the cookie for. It varies from use case to use case."
Freshbooks does not use cookies to store user data, he said. Instead, it uses them to manage Web session log-ins, a common use for such files. "If you don’t refresh your server in two hours, we log you out."
On the enterprise front, companies concerned about privacy probably already address the issue of data-tracking cookies, said Craig Fitzpatrick, CEO of Devshop, an Ottawa-based provider of a Web-based software project management tool.
They do so by way of policies, with tools that automatically delete cookies, or they choose to turn off the cookies by default upon browser installation, he said.
Anyhow, Fitzpatrick doesn’t see data-tracking cookies as that big a deal. "People realize cookies aren’t really that bad to begin with, and if you think they are, you have the right to delete them anytime you want."
Fewer thinks it really boils down to whether vendors are ensuring the technologies they develop operate fair information-gathering practices.
He recommends vendors be guided by two principles when designing tools that have an impact on consumer privacy: Identify the required data, and collect only that data. "What’s the point of collecting ubiquitous information, and what’s the point of keeping it?"
And be transparent with the data-collection process: "If you’re not breaking the law, then why not be transparent in what you’re doing?"
The cookies act as tracking files for user search preferences, such as keywords, primary language, number of results per page, and options to filter out sexually explicit websites. The cookies, which are installed on users’ computers, are currently subject to a blanket expiry date of 2038.
Although it’s "about time" that Google made such a change, the two-year time frame for storing user preference data is probably still too long, said David Fewer, staff counsel at Ottawa, Ontario-based Canadian Internet Policy and Public Interest Clinic (CIPPIC).
However, the bigger issue, he added, is the acknowledgment by the company of a larger underlying matter. "Google’s move here is a recognition that they’ve got to do more."
Google’s announcement isn’t terribly significant, according to Michael McDerment, CEO of Toronto-based Freshbooks, an online invoicing and time-tracking service.
"If no one’s using the cookies for two years, there’s no data being collected anyway, and chances are the computer that created those cookies is obsolete," he said. "It says nothing, to be honest, as far as I can tell."
McDerment thinks Google’s announcement is not all that meaningful, and is garnering interest due to the company’s renown. "These sound like very standard things, nothing to write home about."
But given the advent of Web 2.0 and vendor-hosted services, there should be an industry standard that’s compliant with the law to guide data-retention time frames, said Fewer. "Surprisingly, in this day and age we’re still talking about that being something that industries aren’t doing a good job [at]."
But it’s not that simple, he said: "Does that mean two years, two months, two days if you’re talking about a particular term? It will depend on what’s fair in the circumstances."
McDerment agreed that it’s difficult to establish a blanket standard for user data retention across industries, as it "really depends on what you use the cookie for. It varies from use case to use case."
Freshbooks does not use cookies to store user data, he said. Instead, it uses them to manage Web session log-ins, a common use for such files. "If you don’t refresh your server in two hours, we log you out."
On the enterprise front, companies concerned about privacy probably already address the issue of data-tracking cookies, said Craig Fitzpatrick, CEO of Devshop, an Ottawa-based provider of a Web-based software project management tool.
They do so by way of policies, with tools that automatically delete cookies, or they choose to turn off the cookies by default upon browser installation, he said.
Anyhow, Fitzpatrick doesn’t see data-tracking cookies as that big a deal. "People realize cookies aren’t really that bad to begin with, and if you think they are, you have the right to delete them anytime you want."
Fewer thinks it really boils down to whether vendors are ensuring the technologies they develop operate fair information-gathering practices.
He recommends vendors be guided by two principles when designing tools that have an impact on consumer privacy: Identify the required data, and collect only that data. "What’s the point of collecting ubiquitous information, and what’s the point of keeping it?"
And be transparent with the data-collection process: "If you’re not breaking the law, then why not be transparent in what you’re doing?"
Monday, July 23, 2007
Search engines race to update privacy policies
Microsoft and Yahoo are the latest to announce limits on how long they will keep Web search data.
The major search engines are racing to outdo each other in updating their data retention policies in an attempt to assuage concerns that they keep consumer search data too long.
The latest to go public with their moves are Microsoft and Yahoo.
Microsoft and Ask.com also are proposing an industry effort to create voluntary standards for protecting consumer privacy with search and online ads, a move that is likely spurred by Google's plan to acquire a leader in the online ad market.
Microsoft is set to announce on Monday plans to permanently remove the Internet Protocol address and other identifying data associated with Web searches after 18 months unless the searcher wants the information stored for longer. The company will also store search terms separately from account information that personally identifies a user, such as name, e-mail address and phone number, gathered as part of other Microsoft services.
In addition, Microsoft is promising that it will give people the ability to opt out of behavioral ad targeting it offers on third-party Web sites and it will allow people to search and surf its Web sites without being associated with a personal and unique identifier used for such ad targeting.
Meanwhile, Yahoo is vowing to remove portions of IP addresses and personally identifiable cookie IDs within 13 months except when users want the data retained for longer or when the company is required to retain it for law enforcement or legal processes, said Yahoo spokesman Jim Cullinan.
Cookies are small files stored on a computer so that the computer can be recognized when it revisits Web sites, enabling the site to remember the user's preferences for things like e-commerce and sites that require a log-in.
The news comes days after changes at Ask and Google. On Thursday, Ask said it would allow people to search anonymously and would not retain a user's Web search history at all if the searcher didn't want it to. Searchers will be able to change their preferences using a new AskEraser tool, which will reside on the Ask servers and will work with all the major operating systems. Ask said it will retain the search log data for 18 months for people who don't want to be anonymous and then it will disassociate the search terms from the IP address.
Also last week, Google said it would have cookies expire after two years instead of 2038, although for anyone who visits Google even once in the next two years, the cookie expiration date will be extended another two years.
In March, Google said it would start anonymizing the final eight bits of the IP address and the cookie data after somewhere between 18 months and 24 months, unless legally required to retain the data for longer. That would make it much harder to identify the specific computers used for searches.
The risks associated with retaining search data were illustrated last year when AOL inadvertently exposed the searches of more than 650,000 users. The New York Times was able to discover the identity of at least one of the users, highlighting the risks associated with retaining search data logs.
Microsoft and Ask also said they would work together and are asking other companies and organizations to join them in creating industry guidelines for protecting consumer privacy in the areas of search and online advertising. They said they would provide an update on the effort in September.
The moves come amid discussion in the industry over privacy concerns related to Google's proposed $3.1 billion of online ad provider DoubleClick. Privacy advocates have questioned the deal; Microsoft opposes it on antitrust grounds; and the U.S. Federal Trade Commission is looking into it.
"It's a topical area right now, and (the Google-DoubleClick plan) had some influence on us looking at this" now, said Brendon Lynch, director of privacy strategy at Microsoft. "We believe privacy is a very important aspect for our business going forward."
But where do Yahoo and Google stand on the self-regulation effort? Neither company would give a straight answer to that question.
"We're certainly open to having conversations about technical issues, but we don't think this is the right time to participate in that," said Yahoo's Cullinan, without elaborating.
A Google spokeswoman provided this statement: "Our goal is to improve privacy protection and data security for all Internet users by continuing to innovate in the area of privacy."
The major search engines are racing to outdo each other in updating their data retention policies in an attempt to assuage concerns that they keep consumer search data too long.
The latest to go public with their moves are Microsoft and Yahoo.
Microsoft and Ask.com also are proposing an industry effort to create voluntary standards for protecting consumer privacy with search and online ads, a move that is likely spurred by Google's plan to acquire a leader in the online ad market.
Microsoft is set to announce on Monday plans to permanently remove the Internet Protocol address and other identifying data associated with Web searches after 18 months unless the searcher wants the information stored for longer. The company will also store search terms separately from account information that personally identifies a user, such as name, e-mail address and phone number, gathered as part of other Microsoft services.
In addition, Microsoft is promising that it will give people the ability to opt out of behavioral ad targeting it offers on third-party Web sites and it will allow people to search and surf its Web sites without being associated with a personal and unique identifier used for such ad targeting.
Meanwhile, Yahoo is vowing to remove portions of IP addresses and personally identifiable cookie IDs within 13 months except when users want the data retained for longer or when the company is required to retain it for law enforcement or legal processes, said Yahoo spokesman Jim Cullinan.
Cookies are small files stored on a computer so that the computer can be recognized when it revisits Web sites, enabling the site to remember the user's preferences for things like e-commerce and sites that require a log-in.
The news comes days after changes at Ask and Google. On Thursday, Ask said it would allow people to search anonymously and would not retain a user's Web search history at all if the searcher didn't want it to. Searchers will be able to change their preferences using a new AskEraser tool, which will reside on the Ask servers and will work with all the major operating systems. Ask said it will retain the search log data for 18 months for people who don't want to be anonymous and then it will disassociate the search terms from the IP address.
Also last week, Google said it would have cookies expire after two years instead of 2038, although for anyone who visits Google even once in the next two years, the cookie expiration date will be extended another two years.
In March, Google said it would start anonymizing the final eight bits of the IP address and the cookie data after somewhere between 18 months and 24 months, unless legally required to retain the data for longer. That would make it much harder to identify the specific computers used for searches.
The risks associated with retaining search data were illustrated last year when AOL inadvertently exposed the searches of more than 650,000 users. The New York Times was able to discover the identity of at least one of the users, highlighting the risks associated with retaining search data logs.
Microsoft and Ask also said they would work together and are asking other companies and organizations to join them in creating industry guidelines for protecting consumer privacy in the areas of search and online advertising. They said they would provide an update on the effort in September.
The moves come amid discussion in the industry over privacy concerns related to Google's proposed $3.1 billion of online ad provider DoubleClick. Privacy advocates have questioned the deal; Microsoft opposes it on antitrust grounds; and the U.S. Federal Trade Commission is looking into it.
"It's a topical area right now, and (the Google-DoubleClick plan) had some influence on us looking at this" now, said Brendon Lynch, director of privacy strategy at Microsoft. "We believe privacy is a very important aspect for our business going forward."
But where do Yahoo and Google stand on the self-regulation effort? Neither company would give a straight answer to that question.
"We're certainly open to having conversations about technical issues, but we don't think this is the right time to participate in that," said Yahoo's Cullinan, without elaborating.
A Google spokeswoman provided this statement: "Our goal is to improve privacy protection and data security for all Internet users by continuing to innovate in the area of privacy."
Who's worse? Google or Microsoft
As Google faces mounting criticism over its data- retention practices, rivals Microsoft, Ask and Yahoo are touting improvements to their own privacy policies.
Microsoft says it will only hold onto data that ties users' IP addresses to their search queries for 18 months. The company will let users opt out of its behavioral targeting programs, which would otherwise send them ads based on their Web-surfing history. Yahoo said it will anonymize the search logs after 13 months.
The moves take aim at a major Google vulnerability. The company, currently hoping to purchase DoubleClick, must first persuade the FTC to OK the deal. But consumer privacy groups have been pushing hard for reassurance that Google won't use DoubleClick's data about people's Web-surfing to compile detailed user profiles.
The European Union also has made clear it isn't happy with Google's previous record-keeping practices, specifically, its history of storing search queries and IP logs. Google recently said it will unbundle the queries from IP addresses after 18 months, but even this is long enough for damage to be done to users.
Consider: AOL's "Data Vasquez," in which the company released hundreds of thousands of users' search logs that were less than six months old. While AOL said it had made IP addresses anonymous, the queries themselves revealed people's identities.
Microsoft says it will only hold onto data that ties users' IP addresses to their search queries for 18 months. The company will let users opt out of its behavioral targeting programs, which would otherwise send them ads based on their Web-surfing history. Yahoo said it will anonymize the search logs after 13 months.
The moves take aim at a major Google vulnerability. The company, currently hoping to purchase DoubleClick, must first persuade the FTC to OK the deal. But consumer privacy groups have been pushing hard for reassurance that Google won't use DoubleClick's data about people's Web-surfing to compile detailed user profiles.
The European Union also has made clear it isn't happy with Google's previous record-keeping practices, specifically, its history of storing search queries and IP logs. Google recently said it will unbundle the queries from IP addresses after 18 months, but even this is long enough for damage to be done to users.
Consider: AOL's "Data Vasquez," in which the company released hundreds of thousands of users' search logs that were less than six months old. While AOL said it had made IP addresses anonymous, the queries themselves revealed people's identities.
Sunday, July 22, 2007
Google and cookies
Google is shortening the life span of its "cookie" data-tracking file. Under a new policy, the cookies will expire automatically after two years, instead of in 2038, as is currently the case.
However, the two-year period could get extended automatically when users revisit Google's search engine, so one might have to avoid Google for a full two years to see the cookie automatically expire.
"It sounds like it changes things . . . but the reality of how people use computers, I don't think it in reality changes anything substantially," said Pam Dixon, executive director of the World Privacy Forum, a nonprofit advocacy group.
-- Associated Press
All about people
A search engine startup promises to deliver more targeted results on queries about people, whether it's the guy from the bar last night or Paris Hilton.
The idea is to help you avoid sorting through the thousands of results delivered by the major Internet search companies.
The site, called Spock, is gaining 30,000 members per week in an invitation-only "beta" test mode. It will launch within a month with a searchable database of 100 million people. The site relies on public data.
-- Associated Press
All that glitters
Samsung Electronics Co. will make an 18-carat gold-plated mobile phone in China to mark next year's Olympics in Beijing.
The sleek-looking phone is mostly deep black in color, with the gold placed in the trim along the sides and covering the bottom half of its back.
Price and launch date have yet to be set, Samsung said.
-- Associated Press
However, the two-year period could get extended automatically when users revisit Google's search engine, so one might have to avoid Google for a full two years to see the cookie automatically expire.
"It sounds like it changes things . . . but the reality of how people use computers, I don't think it in reality changes anything substantially," said Pam Dixon, executive director of the World Privacy Forum, a nonprofit advocacy group.
-- Associated Press
All about people
A search engine startup promises to deliver more targeted results on queries about people, whether it's the guy from the bar last night or Paris Hilton.
The idea is to help you avoid sorting through the thousands of results delivered by the major Internet search companies.
The site, called Spock, is gaining 30,000 members per week in an invitation-only "beta" test mode. It will launch within a month with a searchable database of 100 million people. The site relies on public data.
-- Associated Press
All that glitters
Samsung Electronics Co. will make an 18-carat gold-plated mobile phone in China to mark next year's Olympics in Beijing.
The sleek-looking phone is mostly deep black in color, with the gold placed in the trim along the sides and covering the bottom half of its back.
Price and launch date have yet to be set, Samsung said.
-- Associated Press
Wednesday, July 18, 2007
Why delete your cookies?
Why not delete your cookies?
Are you aware that when using Internet Explorer and other browsers to surf the internet, your surfing history and habits can easily be viewed and tracked by third partys by your cookies.
Technology enables others to see and track all the sites you've visited! Deleting your cookies, downloaded internet files and images, prevents others from tracking your behavior.
There are plenty of reasons you might want to delete your cookies., and you should not trust all cookie removal software therefore you may have to delete cookies manually.
Cookies may contain credit card information and have passwords!
Deleting cookies can improve computer preformance especially on older machines
Almost 73.5% of all forturne 1000 companies admit they "record and review their employees' communications and activities on the job." This includes cookies.
Advertisers may track and record your movements and purchases!
Your computer may contain hidden or temporary Internet files left behind from surfing the Web. Frequently as you surf the Web, sites that you visit "push" information onto your computer without you knowing it and without your approval. These files, if left on your computer, may automatically spawn other objectionable Web sites or transmit personal information without your consent.
Things every Web site can find out about you
Thought your visit was anonymous? Think again. The Internet gives an image of anonymity, but dig a little deeper and you'll find it's a false front.
Almost all Internet sites, and certainly the bigger ones, collect information about their visitors. It's logged by the site server that sends Web pages to your computer, and the data is referred to as Web server logs or weblogs. You'll be surprised how much information your disloyal computer passes over to the site you're visiting. Nothing as serious as your name or email address, but probably much more than you'd expect. Here are the main items:
IP address
This is your "street address" for the Internet, it's a string of numbers that identify exactly where you are in the huge ever-changing mass of networks that make up the Internet. It has to be passed to the site so that it knows where to send the pages that you've requested.
The bad news is that your IP address is quite distinctive. It's easy to tell from the numbers which country you're connecting from and which Internet Service Provider you're using. The good news is that most ISPs use a rolling address system, so you get a different address each time you log on to the Internet (from a range held by your ISP). Though if you're using a computer on an office network it might have its own IP address that never changes.
Ultimately, you can be tracked down from your IP address. Even if it's a rolling address, your ISP keeps records of who is using any address at any given time. In the space of a few seconds they can link any address with a specific user. That's you. But naturally they're reluctant to do it, even for the police.
If you use a free ISP account that didn't need registration, the detail comes from your phone line. These accounts only work with "line recognition", which means the ISP receives your phone number when you log on. So however you access the Internet, you can be traced. The IP address collected by the site server for its records can be linked directly either to you or to your phone line.
Referring page
Many sites also collect referring page information. Your computer obviously knows where it's just come from, and the shameless electronic traitor freely passes this information on to the next site. "This is the site we arrived from," it says. Hey, who's in control here?
Browser and operating system
Your computer also tells its electronic friend at the other end what kind of browser you're using, including the version number, and what kind of operating system you have - Windows, Mac, Unix, whatever.
Screen details
Although not all computers do this, many also tell the site server what size screen you have (in pixels, not inches) and what kind of colour resolution you're using - 256, 16 bit, 24 bit. Is there no end to their treachery?
Pages viewed
And finally, without the assistance of your computer, the site server records everywhere you go on the site and how long you stay on each page.
So, these are just some of the reasons to delete your cookies.
Are you aware that when using Internet Explorer and other browsers to surf the internet, your surfing history and habits can easily be viewed and tracked by third partys by your cookies.
Technology enables others to see and track all the sites you've visited! Deleting your cookies, downloaded internet files and images, prevents others from tracking your behavior.
There are plenty of reasons you might want to delete your cookies., and you should not trust all cookie removal software therefore you may have to delete cookies manually.
Cookies may contain credit card information and have passwords!
Deleting cookies can improve computer preformance especially on older machines
Almost 73.5% of all forturne 1000 companies admit they "record and review their employees' communications and activities on the job." This includes cookies.
Advertisers may track and record your movements and purchases!
Your computer may contain hidden or temporary Internet files left behind from surfing the Web. Frequently as you surf the Web, sites that you visit "push" information onto your computer without you knowing it and without your approval. These files, if left on your computer, may automatically spawn other objectionable Web sites or transmit personal information without your consent.
Things every Web site can find out about you
Thought your visit was anonymous? Think again. The Internet gives an image of anonymity, but dig a little deeper and you'll find it's a false front.
Almost all Internet sites, and certainly the bigger ones, collect information about their visitors. It's logged by the site server that sends Web pages to your computer, and the data is referred to as Web server logs or weblogs. You'll be surprised how much information your disloyal computer passes over to the site you're visiting. Nothing as serious as your name or email address, but probably much more than you'd expect. Here are the main items:
IP address
This is your "street address" for the Internet, it's a string of numbers that identify exactly where you are in the huge ever-changing mass of networks that make up the Internet. It has to be passed to the site so that it knows where to send the pages that you've requested.
The bad news is that your IP address is quite distinctive. It's easy to tell from the numbers which country you're connecting from and which Internet Service Provider you're using. The good news is that most ISPs use a rolling address system, so you get a different address each time you log on to the Internet (from a range held by your ISP). Though if you're using a computer on an office network it might have its own IP address that never changes.
Ultimately, you can be tracked down from your IP address. Even if it's a rolling address, your ISP keeps records of who is using any address at any given time. In the space of a few seconds they can link any address with a specific user. That's you. But naturally they're reluctant to do it, even for the police.
If you use a free ISP account that didn't need registration, the detail comes from your phone line. These accounts only work with "line recognition", which means the ISP receives your phone number when you log on. So however you access the Internet, you can be traced. The IP address collected by the site server for its records can be linked directly either to you or to your phone line.
Referring page
Many sites also collect referring page information. Your computer obviously knows where it's just come from, and the shameless electronic traitor freely passes this information on to the next site. "This is the site we arrived from," it says. Hey, who's in control here?
Browser and operating system
Your computer also tells its electronic friend at the other end what kind of browser you're using, including the version number, and what kind of operating system you have - Windows, Mac, Unix, whatever.
Screen details
Although not all computers do this, many also tell the site server what size screen you have (in pixels, not inches) and what kind of colour resolution you're using - 256, 16 bit, 24 bit. Is there no end to their treachery?
Pages viewed
And finally, without the assistance of your computer, the site server records everywhere you go on the site and how long you stay on each page.
So, these are just some of the reasons to delete your cookies.
The Case of the Disappearing Cookies
Tiny files called "cookies" are the lifeblood of online advertising. Left on visitors' computers, they help Web sites track how many visitors they have, and how often they return — numbers crucial for determining the value of a site's ad space.
So advertisers got worried in 2000 when privacy advocates began denouncing cookies. Soon after, antispyware programs started identifying cookies and offering to delete them. In 2004, 18 percent of people who knew what cookies were said they deleted them very frequently, according to a study by Revenue Science, which helps advertisers find online audiences. A survey in December, 2005 reported a drop in that figure, to 8 percent.
But more recent studies have been less cheerful for advertisers. A February report by JupiterResearch found that 41 percent of male Internet users and 25 percent of women manually deleted cookies at least once a week. Those figures would be even higher if they included people who used antispyware programs to delete cookies automatically.
By ALEX MINDLIN
So advertisers got worried in 2000 when privacy advocates began denouncing cookies. Soon after, antispyware programs started identifying cookies and offering to delete them. In 2004, 18 percent of people who knew what cookies were said they deleted them very frequently, according to a study by Revenue Science, which helps advertisers find online audiences. A survey in December, 2005 reported a drop in that figure, to 8 percent.
But more recent studies have been less cheerful for advertisers. A February report by JupiterResearch found that 41 percent of male Internet users and 25 percent of women manually deleted cookies at least once a week. Those figures would be even higher if they included people who used antispyware programs to delete cookies automatically.
By ALEX MINDLIN
Cookies: How to view, edit and delete
Cookie files are ordinary text files. Therefore, virtually any viewer or text editor that you have can be used to display and edit them. Since they are "ordinary" files, they can also be deleted.
Viewing
Because cookie files are ordinary text files, you can browse them with virtually all text editor or word processor programs. Wordpad and Notepad immediately come to mind. From DOS, you can use the Edit command. All versions of Corel Word Perfect and Microsoft Word, as well as most other word processors, will accurately display these files. If you use any product that is an editor, to view your cookie files, be sure to exit without saving.
The caveats regarding editing these files ring loud, but are largely inaccurate. I frequently view my Cookies, editing those that I choose to. To date, I have not suffered any consequences and the World Wide Web still stands. Because I allow all cookies, I often find cookies from web sites that I do not recognize. Undoubtedly I was doing a search, stopped there for a moment, found nothing memorable and am unlikely to return. Obviously, there is no benefit to me for such a cookie to tie up space on my hard drive. If you are using Netscape Navigator, this justifies removing that specific cookie from the cookies.txt file. If you are using Microsoft Explorer, this calls for a delete.
Editing
I prefer to use the Edit command from DOS because I cannot forget to save the file in proper format. Edit knows only the DOS text format. If you use any program that saves in other formats, but also in DOS text (e.g., Corel Word Perfect or Microsoft Word), be sure that when you save the file that you save it in the DOS text format.
The individual cookies within cookies.txt are clearly discernable. While the warnings at the top of the file are loud, I have been ignoring them since cookies have been on the horizon. When you see a cookie you do not like, delete it. Modifying cookies is more complicated. In many cases, it is impossible to decipher the content. When that is the case, which is most of the time, I make my decisions based on the URL at the beginning of the cookie and either leave it alone or delete the entire cookie.
When done, save the file, making sure that you save it as DOS Text, ASCII DOS Text or whatever phrase your processor uses to output a DOS Text file. If you are not sure what your processor does, play it safe. Go to DOS and simply use the Edit command. It is straight forward and quite easy to use. If you do not like going to DOS, use Notepad. It also defaults to DOS Text files. If you have concerns regarding editing the cookies.txt file, make a copy with the name cookies.dup. Then edit the cookies.txt. If you are unhappy with the results, delete the cookies.txt file and rename the cookies.dup to cookies.txt. Have fun.
Deleting
Netscape Navigator and Microsoft Explorer start fine without a cookies file. Both, on startup, immediately generate one if none is present. Thus, it is perfectly safe to delete any, or all cookies, if that is your preference. Should you take this path, you will not be able to take advantage of the features of cookies like being presented with the initial screen that you prefer or not having to enter an ID and password each time that you access a protected web site. That is your choice.
Once you know where your active cookie file(s) is/are, you can place a delete command in any of several appropriate startup files and your cookie file will survive until the next startup of your PC, Windows or browser, or their shutdown. The preparation of such routines requires a higher than typical degree of skill and the specifics will not be discussed here. If your preference is to not have cookies, but do not enjoy the interrupts that your browser provides you when you do not allow it to automatically write all cookies, there are numerous products on the market to address this problem. Some of the products address other issues including cache content. The Cookies Links button below will give you the opportunity to identify some of these products.
Hiding
The process of hiding cookies when they are not in use and then making them available to your browser upon demand is not very productive. The solution is complex and your cookies are exposed while the browser is active. Thus, the solution is not effective as anyone aware, can start your browser, switch to any viewer and then view, print or copy those cookies. If the process that reveals your cookies to your browser is sufficiently sophisticated, it is possible to setup a process where the cookies would only be revealed to you yet, others could start the browser.
I do not know of such a commercial product and the effort to create one on your own, is not justifiable. Simply stated, while I see great benefits to cookies, I do not see this degree should you be concerned about what your cookies might reveal. I would delete them and forget about it.
Viewing
Because cookie files are ordinary text files, you can browse them with virtually all text editor or word processor programs. Wordpad and Notepad immediately come to mind. From DOS, you can use the Edit command. All versions of Corel Word Perfect and Microsoft Word, as well as most other word processors, will accurately display these files. If you use any product that is an editor, to view your cookie files, be sure to exit without saving.
The caveats regarding editing these files ring loud, but are largely inaccurate. I frequently view my Cookies, editing those that I choose to. To date, I have not suffered any consequences and the World Wide Web still stands. Because I allow all cookies, I often find cookies from web sites that I do not recognize. Undoubtedly I was doing a search, stopped there for a moment, found nothing memorable and am unlikely to return. Obviously, there is no benefit to me for such a cookie to tie up space on my hard drive. If you are using Netscape Navigator, this justifies removing that specific cookie from the cookies.txt file. If you are using Microsoft Explorer, this calls for a delete.
Editing
I prefer to use the Edit command from DOS because I cannot forget to save the file in proper format. Edit knows only the DOS text format. If you use any program that saves in other formats, but also in DOS text (e.g., Corel Word Perfect or Microsoft Word), be sure that when you save the file that you save it in the DOS text format.
The individual cookies within cookies.txt are clearly discernable. While the warnings at the top of the file are loud, I have been ignoring them since cookies have been on the horizon. When you see a cookie you do not like, delete it. Modifying cookies is more complicated. In many cases, it is impossible to decipher the content. When that is the case, which is most of the time, I make my decisions based on the URL at the beginning of the cookie and either leave it alone or delete the entire cookie.
When done, save the file, making sure that you save it as DOS Text, ASCII DOS Text or whatever phrase your processor uses to output a DOS Text file. If you are not sure what your processor does, play it safe. Go to DOS and simply use the Edit command. It is straight forward and quite easy to use. If you do not like going to DOS, use Notepad. It also defaults to DOS Text files. If you have concerns regarding editing the cookies.txt file, make a copy with the name cookies.dup. Then edit the cookies.txt. If you are unhappy with the results, delete the cookies.txt file and rename the cookies.dup to cookies.txt. Have fun.
Deleting
Netscape Navigator and Microsoft Explorer start fine without a cookies file. Both, on startup, immediately generate one if none is present. Thus, it is perfectly safe to delete any, or all cookies, if that is your preference. Should you take this path, you will not be able to take advantage of the features of cookies like being presented with the initial screen that you prefer or not having to enter an ID and password each time that you access a protected web site. That is your choice.
Once you know where your active cookie file(s) is/are, you can place a delete command in any of several appropriate startup files and your cookie file will survive until the next startup of your PC, Windows or browser, or their shutdown. The preparation of such routines requires a higher than typical degree of skill and the specifics will not be discussed here. If your preference is to not have cookies, but do not enjoy the interrupts that your browser provides you when you do not allow it to automatically write all cookies, there are numerous products on the market to address this problem. Some of the products address other issues including cache content. The Cookies Links button below will give you the opportunity to identify some of these products.
Hiding
The process of hiding cookies when they are not in use and then making them available to your browser upon demand is not very productive. The solution is complex and your cookies are exposed while the browser is active. Thus, the solution is not effective as anyone aware, can start your browser, switch to any viewer and then view, print or copy those cookies. If the process that reveals your cookies to your browser is sufficiently sophisticated, it is possible to setup a process where the cookies would only be revealed to you yet, others could start the browser.
I do not know of such a commercial product and the effort to create one on your own, is not justifiable. Simply stated, while I see great benefits to cookies, I do not see this degree should you be concerned about what your cookies might reveal. I would delete them and forget about it.
Fear of Spyware Changing Online Habits
By ANICK JESDANUN, AP Internet WriterThu Jul 7,10:08 AM ET
Internet users worried about spyware and adware are shunning specific Web sites, avoiding file-sharing networks, even switching browsers.
Many have also stopped opening e-mail attachments without first making sure they are safe, the Pew Internet and American Life Project said in a study issued Wednesday.
"People are scaling back on some Internet activities," said Susannah Fox, the study's main author. "People are feeling less adventurous, less free to do whatever they want to do online."
Like no other Internet threat before it, spyware is getting people's attention, she said. "It maybe will bring more awareness of all kinds of security issues."
Linda Parra, a technology usability consultant at an insurance firm in Madison, Wis., is typical of the once-burned, now-vigilant crowd.
Hit twice by spyware, after which all her Internet searches went to a rogue search engine rather than Google, she bought the safer Mac computer, installed two layers of firewalls and began switching off her broadband-connected machine when she's out.
"I've become a lot more security conscious," she said, adding that she had to learn much more about how computers and the Internet work.
Parra also banned her daughters, ages 12 and 14, from game sites.
"All it takes is one click ... and you can end up going somewhere you don't want to go and getting a little bonus pack (spyware) with your freebie," she said. "I believe that's what happened."
Spyware generally refers to unwanted programs that often sneak onto computers without their owners' full knowledge. A subset called adware covers software designed to display targeted ads to subsidize another program's development.
While some computer users knowingly install spyware and adware, they often hitch rides with games, screensavers and other freebies, or exploit security flaws in Microsoft Corp.'s Windows operating systems and Internet Explorer browsers.
According to Pew, 48 percent of adult Internet users in the United States have stopped visiting specific Web sites that they fear might be harboring unwanted programs.
Twenty-five percent stopped using file-sharing software, which often comes bundled with adware. Rogue programs can also disguise themselves as songs or movie files awaiting download on file-sharing networks.
Eighteen percent of U.S. adult Internet users have started using Mozilla Firefox or another alternative to Internet Explorer.
In addition, 81 percent have become more cautious about e-mail attachments, a common way for spreading viruses, though rare for spyware or adware.
All told, 91 percent have made at least one behavioral change.
Users hit by spyware or adware were more likely than others to change their habits.
Avi Naider, president of adware company WhenU.com Inc., said he's not surprised.
Although in theory, adware is about exchanging value for value — free software for ads — in practice, some in the industry engage in deceptive practices and alienate consumers such that they "just stop visiting Web sites," Naider said.
Although many users have changed their online habits, they haven't necessarily fixed their machines, even as infected computers slow, often to a crawl.
Twenty percent of users who had computer problems did not attempt a fix. Among those who did, 29 percent waited a month or longer.
Two in five who tried to fix their machines did so on their own while others needed help from a friend, family member or a professional repair shop. In 20 percent of cases, the problem couldn't be fixed.
The survey also found that 43 percent of Internet users say they've been hit with spyware, adware or both. Those who report spyware were more likely to have previously engaged in "risky" behavior such as playing online games and visiting adult sites. Broadband users tend to be at greater risk.
Pew also found that three-quarters of Internet users do not always read user agreements and other disclaimers where spyware and adware are sometimes disclosed. The study was based on random telephone-based interviews with 2,001 adult Americans conducted May 4 to June 7. It has a margin of sampling error of plus or minus 2 percentage points.
Internet users worried about spyware and adware are shunning specific Web sites, avoiding file-sharing networks, even switching browsers.
Many have also stopped opening e-mail attachments without first making sure they are safe, the Pew Internet and American Life Project said in a study issued Wednesday.
"People are scaling back on some Internet activities," said Susannah Fox, the study's main author. "People are feeling less adventurous, less free to do whatever they want to do online."
Like no other Internet threat before it, spyware is getting people's attention, she said. "It maybe will bring more awareness of all kinds of security issues."
Linda Parra, a technology usability consultant at an insurance firm in Madison, Wis., is typical of the once-burned, now-vigilant crowd.
Hit twice by spyware, after which all her Internet searches went to a rogue search engine rather than Google, she bought the safer Mac computer, installed two layers of firewalls and began switching off her broadband-connected machine when she's out.
"I've become a lot more security conscious," she said, adding that she had to learn much more about how computers and the Internet work.
Parra also banned her daughters, ages 12 and 14, from game sites.
"All it takes is one click ... and you can end up going somewhere you don't want to go and getting a little bonus pack (spyware) with your freebie," she said. "I believe that's what happened."
Spyware generally refers to unwanted programs that often sneak onto computers without their owners' full knowledge. A subset called adware covers software designed to display targeted ads to subsidize another program's development.
While some computer users knowingly install spyware and adware, they often hitch rides with games, screensavers and other freebies, or exploit security flaws in Microsoft Corp.'s Windows operating systems and Internet Explorer browsers.
According to Pew, 48 percent of adult Internet users in the United States have stopped visiting specific Web sites that they fear might be harboring unwanted programs.
Twenty-five percent stopped using file-sharing software, which often comes bundled with adware. Rogue programs can also disguise themselves as songs or movie files awaiting download on file-sharing networks.
Eighteen percent of U.S. adult Internet users have started using Mozilla Firefox or another alternative to Internet Explorer.
In addition, 81 percent have become more cautious about e-mail attachments, a common way for spreading viruses, though rare for spyware or adware.
All told, 91 percent have made at least one behavioral change.
Users hit by spyware or adware were more likely than others to change their habits.
Avi Naider, president of adware company WhenU.com Inc., said he's not surprised.
Although in theory, adware is about exchanging value for value — free software for ads — in practice, some in the industry engage in deceptive practices and alienate consumers such that they "just stop visiting Web sites," Naider said.
Although many users have changed their online habits, they haven't necessarily fixed their machines, even as infected computers slow, often to a crawl.
Twenty percent of users who had computer problems did not attempt a fix. Among those who did, 29 percent waited a month or longer.
Two in five who tried to fix their machines did so on their own while others needed help from a friend, family member or a professional repair shop. In 20 percent of cases, the problem couldn't be fixed.
The survey also found that 43 percent of Internet users say they've been hit with spyware, adware or both. Those who report spyware were more likely to have previously engaged in "risky" behavior such as playing online games and visiting adult sites. Broadband users tend to be at greater risk.
Pew also found that three-quarters of Internet users do not always read user agreements and other disclaimers where spyware and adware are sometimes disclosed. The study was based on random telephone-based interviews with 2,001 adult Americans conducted May 4 to June 7. It has a margin of sampling error of plus or minus 2 percentage points.
Google Cookies Expire Sooner, If You Stop Visiting
Google has thrown another bone to critics of its privacy practices, announcing it would no longer set cookies to expire in the year 2038. Now, Google will set cookies to expire two years after a user last visits the site, with the expiration date auto-renewing to two years after each visit.
The search giant says the decision to make the cookies renew is so that users would not have to re-enter their basic preferences. Google does not require visitors to log in to store search preferences, using cookies to retain the data. The move follows a recent announcement that Google would anonymize its server search logs -- including IP addresses and cookie IDs -- after 18 months.
The search giant says the decision to make the cookies renew is so that users would not have to re-enter their basic preferences. Google does not require visitors to log in to store search preferences, using cookies to retain the data. The move follows a recent announcement that Google would anonymize its server search logs -- including IP addresses and cookie IDs -- after 18 months.
Google to cut lifetime of 'cookies'
Google Inc., owner of the world's most popular search engine, said it would address privacy concerns by reducing the lifetime of "cookies" installed on the computers of people who visit its website.
The cookies, files planted on personal computers to track Internet use, will automatically expire two years after the last visit to Google's site, Peter Fleischer, the company's chief privacy lawyer, wrote Monday on the company's corporate blog. Mountain View, Calif.-based Google previously designed its cookies to expire in 2038, he said.
The European Union's data-protection agency has criticized Google for holding on to user information for too long. The New York State Consumer Protection Board on May 9 urged U.S. regulators to delay Google's $3.1-billion takeover of online advertising company DoubleClick Inc. until the company better protected consumers' privacy.
"After listening to feedback from our users and from privacy advocates, we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies," Fleischer wrote.
Shares of Google rose 83 cents to $552.99.
The cookies, files planted on personal computers to track Internet use, will automatically expire two years after the last visit to Google's site, Peter Fleischer, the company's chief privacy lawyer, wrote Monday on the company's corporate blog. Mountain View, Calif.-based Google previously designed its cookies to expire in 2038, he said.
The European Union's data-protection agency has criticized Google for holding on to user information for too long. The New York State Consumer Protection Board on May 9 urged U.S. regulators to delay Google's $3.1-billion takeover of online advertising company DoubleClick Inc. until the company better protected consumers' privacy.
"After listening to feedback from our users and from privacy advocates, we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies," Fleischer wrote.
Shares of Google rose 83 cents to $552.99.
Google trims lifespan of user-tracking 'cookies'
SAN FRANCISCO (AFP) - Google announced Monday that it is shortening the lives of software "cookies" used to track users' online preferences.
In coming months Google will begin issuing cookies that automatically expire two years after a person visits the website provided they don't return, according to the US firm's global privacy counsel Peter Fleischer.
"We've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies as long as we could find a way to do so without artificially forcing users to re-enter their basic preferences at arbitrary points in time," Fleischer wrote in a Google blog post Monday.
Online privacy advocates expect Google's new "cookie policy" to change little since the two-year lifespan of tracking software renews with each visit so people must stop using Google for the entire period for the cookies to self-destruct.
Cookies previously installed on computers by Google are made to expire in 2038.
"Google's change doesn't tame the cookie monster, of course," wrote Internet privacy expert Jim Harper on the Technology Liberation Front website.
"It remains with you to tame the cookie monster, if that's what you care to do. Your web browser provides you the ability to control them, which gives you the responsibility to do so. I control mine."
Google and other Internet firms put bits of code called "cookies" on users' computers to tailor services, for example determine whether a search for "WWF" should get World Wildlife Fund or Worldwide Wrestling Federation as a result.
In coming months Google will begin issuing cookies that automatically expire two years after a person visits the website provided they don't return, according to the US firm's global privacy counsel Peter Fleischer.
"We've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies as long as we could find a way to do so without artificially forcing users to re-enter their basic preferences at arbitrary points in time," Fleischer wrote in a Google blog post Monday.
Online privacy advocates expect Google's new "cookie policy" to change little since the two-year lifespan of tracking software renews with each visit so people must stop using Google for the entire period for the cookies to self-destruct.
Cookies previously installed on computers by Google are made to expire in 2038.
"Google's change doesn't tame the cookie monster, of course," wrote Internet privacy expert Jim Harper on the Technology Liberation Front website.
"It remains with you to tame the cookie monster, if that's what you care to do. Your web browser provides you the ability to control them, which gives you the responsibility to do so. I control mine."
Google and other Internet firms put bits of code called "cookies" on users' computers to tailor services, for example determine whether a search for "WWF" should get World Wildlife Fund or Worldwide Wrestling Federation as a result.
Google Puts 2-Year Expiration Date on Cookies
Google has significantly decreased the lifespan of the cookies it distributes to users' computers. Instead of staying alive for 30 years, the data packets will now automatically delete after just two years. However, that decrease may not be as dramatic as it appears -- the cookies will still automatically renew their two-year countdowns each time the computer visits a Google site.
Google (Nasdaq: GOOG) decreased the length of time and amount of information the company holds on users' preferences and searches Monday with the announcement that it will shorten the lifespan of the small parcels of information it stores on users' computers, known as "cookies." The lifespan of Google's cookies will be shortened from more than 30 years to a comparatively brief two years, the company said.
"We are committed to an ongoing process to improve our privacy practices, and have recently taken a closer look at the question of cookie privacy," said Peter Fleischer, global privacy counsel at Google. "How long should a Web site 'remember' cookie information in its logs after a user's visit? And when should a cookie expire on your computer? Cookie privacy is both a server and a client issue.
"After listening to feedback from our users and from privacy advocates, we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies. ... In the coming months, Google will start issuing our users cookies that will be set to auto-expire after two years," he continued.
The decision comes four months after Google announced that it would "anonymize" data logs containing details on users' searches -- such as search queries, IP addresses and cookie ID numbers -- after 18 to 24 months. The policy would make the data "much more anonymous, so that it can no longer be identified with individual users," the company stated.
Pre-Packaged Cookies
Cookies are bits of information sent from a Web site's server, in this case Google's search servers, to a visitor's Web browser, Jen Albornoz Mulligan, a Forrester Research analyst, explained to TechNewsWorld. They can track information about what Web sites the user visits and what searches are conducted.
There are two types of cookies. First-party cookies are those supplied, read and used by the same server. Third-party cookies are cookies set to track users across multiple Web sites and are commonly used by advertisers to improve targeted advertising .
"[Cookies] can keep track of this information over time, even if the computer switches IP addresses, such as moving from home to work," Mulligan continued.
Practically every Web site uses cookies to differentiate between its visitors or users and log data concerning their activities while on the site. Nearly every Internet surfer in the world, knowingly or not, is affected from the use of cookies multiple times a day during common activities such as logging in, using a shopping cart or having a personalized Web page on a site based on the user's preferences.
As is often the case, however, the very technology that makes using the Internet a bit easier at the same time poses a significant risk to users' privacy.
Cookies issued by Google enable users to maintain search histories and to personalize their iGoogle homepages, among other things. While beneficial for users, Google also uses the data to provide better search results as well as targeted advertising. The information is not just a boon for Google and its users; the government can also subpoena the data for use in its investigations, criminal and otherwise.
Google set its cookies to expire in 2038, Mulligan said, so that the company will know users' preferences over a long time. The time span of 30 years was arbitrarily chosen. "They probably wanted to be sure that they'd have the settings saved for as long as they'd imagine someone could possible keep their computer."
From 2038 to 2009
Although Google touts the reduction of its cookie lifespan as a boon for privacy, the policy revamp is in fact merely a "mild concession," according to Mulligan. The cookies may be set to auto-expire after two years, but they have also been programmed to auto-renew for active users.
In other words, say a student goes to Google for the first time to research an eighth grade science project. After it is completed, she does not return to the site again until the 11th grade. In that scenario, any cookies deposited on the student's computer would have expired. However, if the student used the site on a daily basis, each visit would reset the cookie's expiration date to two years from the most recent visit. That, Google said, will ensure that users' preferences are not lost.
"It is a step in the right direction, but two years is still a relatively long-lasting cookie," Mulligan pointed out. "The new policy does a better job of conforming to the privacy principles of collection limitation and use limitation -- meaning data should only be collected if it is really useful -- and should only be used for the purposes previously stated."
On the up side, Mulligan noted, Google's policy change will "force consideration of the issue by other search engines, just as now the EU (European Union) is looking at Lycos and Microsoft (Nasdaq: MSFT) for how long they keep logs as well."
Privacy Promotion
Google, she added, is in a strong position to do some very good public privacy awareness campaigns that would go a long way in protecting users' privacy. "They have a lot of users and could actively teach those users about privacy and cookies," she continued. "They should train users about setting proper privacy controls, in their browser and on their machine."
Users, for instance, who really want to keep cookies off of their computers can set their Web browsers' privacy options to reject those cookies automatically.
The company needs to take their privacy considerations one step further, Mulligan stated, and review new products with a more discerning eye towards privacy to prevent issues such as inappropriate pictures on Google Earth.
At times it seems the search provider is caught between a rock and a hard place, with privacy advocates on one side and government on the other. Over the past 18 months, Google fought what it called an overreaching subpoena from the U.S. Department of Justice, received a poor ranking from advocacy group Privacy International, and has come under fire from the European Union for its privacy policy.
"Google has been skewered by the media unfairly compared to its peers," Mulligan concluded. "It generally has not done anything worse [than other Internet search providers] and is garnering attention because it is the most popular. But with that popularity comes the responsibility to set a good example and behave ethically. Google is clearly working through the pain of having to trade off business effectiveness and user privacy, which is difficult for any business."
Google (Nasdaq: GOOG) decreased the length of time and amount of information the company holds on users' preferences and searches Monday with the announcement that it will shorten the lifespan of the small parcels of information it stores on users' computers, known as "cookies." The lifespan of Google's cookies will be shortened from more than 30 years to a comparatively brief two years, the company said.
"We are committed to an ongoing process to improve our privacy practices, and have recently taken a closer look at the question of cookie privacy," said Peter Fleischer, global privacy counsel at Google. "How long should a Web site 'remember' cookie information in its logs after a user's visit? And when should a cookie expire on your computer? Cookie privacy is both a server and a client issue.
"After listening to feedback from our users and from privacy advocates, we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies. ... In the coming months, Google will start issuing our users cookies that will be set to auto-expire after two years," he continued.
The decision comes four months after Google announced that it would "anonymize" data logs containing details on users' searches -- such as search queries, IP addresses and cookie ID numbers -- after 18 to 24 months. The policy would make the data "much more anonymous, so that it can no longer be identified with individual users," the company stated.
Pre-Packaged Cookies
Cookies are bits of information sent from a Web site's server, in this case Google's search servers, to a visitor's Web browser, Jen Albornoz Mulligan, a Forrester Research analyst, explained to TechNewsWorld. They can track information about what Web sites the user visits and what searches are conducted.
There are two types of cookies. First-party cookies are those supplied, read and used by the same server. Third-party cookies are cookies set to track users across multiple Web sites and are commonly used by advertisers to improve targeted advertising .
"[Cookies] can keep track of this information over time, even if the computer switches IP addresses, such as moving from home to work," Mulligan continued.
Practically every Web site uses cookies to differentiate between its visitors or users and log data concerning their activities while on the site. Nearly every Internet surfer in the world, knowingly or not, is affected from the use of cookies multiple times a day during common activities such as logging in, using a shopping cart or having a personalized Web page on a site based on the user's preferences.
As is often the case, however, the very technology that makes using the Internet a bit easier at the same time poses a significant risk to users' privacy.
Cookies issued by Google enable users to maintain search histories and to personalize their iGoogle homepages, among other things. While beneficial for users, Google also uses the data to provide better search results as well as targeted advertising. The information is not just a boon for Google and its users; the government can also subpoena the data for use in its investigations, criminal and otherwise.
Google set its cookies to expire in 2038, Mulligan said, so that the company will know users' preferences over a long time. The time span of 30 years was arbitrarily chosen. "They probably wanted to be sure that they'd have the settings saved for as long as they'd imagine someone could possible keep their computer."
From 2038 to 2009
Although Google touts the reduction of its cookie lifespan as a boon for privacy, the policy revamp is in fact merely a "mild concession," according to Mulligan. The cookies may be set to auto-expire after two years, but they have also been programmed to auto-renew for active users.
In other words, say a student goes to Google for the first time to research an eighth grade science project. After it is completed, she does not return to the site again until the 11th grade. In that scenario, any cookies deposited on the student's computer would have expired. However, if the student used the site on a daily basis, each visit would reset the cookie's expiration date to two years from the most recent visit. That, Google said, will ensure that users' preferences are not lost.
"It is a step in the right direction, but two years is still a relatively long-lasting cookie," Mulligan pointed out. "The new policy does a better job of conforming to the privacy principles of collection limitation and use limitation -- meaning data should only be collected if it is really useful -- and should only be used for the purposes previously stated."
On the up side, Mulligan noted, Google's policy change will "force consideration of the issue by other search engines, just as now the EU (European Union) is looking at Lycos and Microsoft (Nasdaq: MSFT) for how long they keep logs as well."
Privacy Promotion
Google, she added, is in a strong position to do some very good public privacy awareness campaigns that would go a long way in protecting users' privacy. "They have a lot of users and could actively teach those users about privacy and cookies," she continued. "They should train users about setting proper privacy controls, in their browser and on their machine."
Users, for instance, who really want to keep cookies off of their computers can set their Web browsers' privacy options to reject those cookies automatically.
The company needs to take their privacy considerations one step further, Mulligan stated, and review new products with a more discerning eye towards privacy to prevent issues such as inappropriate pictures on Google Earth.
At times it seems the search provider is caught between a rock and a hard place, with privacy advocates on one side and government on the other. Over the past 18 months, Google fought what it called an overreaching subpoena from the U.S. Department of Justice, received a poor ranking from advocacy group Privacy International, and has come under fire from the European Union for its privacy policy.
"Google has been skewered by the media unfairly compared to its peers," Mulligan concluded. "It generally has not done anything worse [than other Internet search providers] and is garnering attention because it is the most popular. But with that popularity comes the responsibility to set a good example and behave ethically. Google is clearly working through the pain of having to trade off business effectiveness and user privacy, which is difficult for any business."
Google Puts New Time Limit on Cookies
In its ongoing efforts to placate the concerns of privacy groups in the United States and in Europe, Google announced a new expiration date for the cookies that it uses to store information about users of its services. As has become common practice for Google, the change was announced on the company's official blog.
"After listening to feedback from our users and from privacy advocates," wrote Peter Fleischer, Google's Global Privacy Counsel, "we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies -- as long as we could find a way to do so without artificially forcing users to reenter their basic preferences at arbitrary points in time. And this is why we're announcing a new cookie policy."
From now on, Fleischer said, any cookie placed on a user's computer will automatically expire after two years. However, if a user revisits a Google service, then the Google cookies will automatically renew and start a new two-year lifespan.
Significantly Shorter Lifespan
The move by Google reduces the life of its cookies substantially; currently, Google cookies are set to expire in 2038. Fleischer said that the purpose of setting such a distant expiration date was to ensure that the cookies would adequately maintain user information, such as Google site preferences.
Privacy expert Lauren Weinstein, moderator of the long-running Privacy Forum, expressed support for the change, but offered some reservations. "A cookie that expires in a reasonable length of time is almost always better in theory (from a privacy standpoint) than one that lasts for much longer periods of time, all else being equal," Weinstein said.
"Does two years fall into the 'reasonable' category?" he asked rhetorically. "That depends on the details of how the cookies are being used, so I can't definitively answer the question in this case."
DoubleClick Implications
The more significant issue, Weinstein said, is how Google's cookies will interact with those of DoubleClick, the online ad server company that Google recently purchased for $3.1 billion.
"The challenge for Google," he suggested, "is to maintain high privacy standards even while using cookies to link services. This will need to be a crucial element in their integration of DoubleClick, since DoubleClick is traditionally associated with third-party sites which would typically have no obvious connection with Google."
Like other privacy advocates, Weinstein is concerned that the purchase of DoubleClick by Google gives Google access to vast quantities of data that can be combined with Google-collected data in as-yet-unseen ways, particularly given the fact that DoubleClick's services are so widely deployed.
"It doesn't necessarily have to be a big privacy problem," Weinstein said, "but the potential risks are real. The devil is in the details."
"After listening to feedback from our users and from privacy advocates," wrote Peter Fleischer, Google's Global Privacy Counsel, "we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies -- as long as we could find a way to do so without artificially forcing users to reenter their basic preferences at arbitrary points in time. And this is why we're announcing a new cookie policy."
From now on, Fleischer said, any cookie placed on a user's computer will automatically expire after two years. However, if a user revisits a Google service, then the Google cookies will automatically renew and start a new two-year lifespan.
Significantly Shorter Lifespan
The move by Google reduces the life of its cookies substantially; currently, Google cookies are set to expire in 2038. Fleischer said that the purpose of setting such a distant expiration date was to ensure that the cookies would adequately maintain user information, such as Google site preferences.
Privacy expert Lauren Weinstein, moderator of the long-running Privacy Forum, expressed support for the change, but offered some reservations. "A cookie that expires in a reasonable length of time is almost always better in theory (from a privacy standpoint) than one that lasts for much longer periods of time, all else being equal," Weinstein said.
"Does two years fall into the 'reasonable' category?" he asked rhetorically. "That depends on the details of how the cookies are being used, so I can't definitively answer the question in this case."
DoubleClick Implications
The more significant issue, Weinstein said, is how Google's cookies will interact with those of DoubleClick, the online ad server company that Google recently purchased for $3.1 billion.
"The challenge for Google," he suggested, "is to maintain high privacy standards even while using cookies to link services. This will need to be a crucial element in their integration of DoubleClick, since DoubleClick is traditionally associated with third-party sites which would typically have no obvious connection with Google."
Like other privacy advocates, Weinstein is concerned that the purchase of DoubleClick by Google gives Google access to vast quantities of data that can be combined with Google-collected data in as-yet-unseen ways, particularly given the fact that DoubleClick's services are so widely deployed.
"It doesn't necessarily have to be a big privacy problem," Weinstein said, "but the potential risks are real. The devil is in the details."
Google in cookie concession to dead peoplePrivacy in the hereafter
Hoping to appease privacy advocates who've come down hard on its data retention policies, Google has made a practically meaningless change to its cookie policy.
The world's most popular search engine will soon issue browser cookies that automatically expire if you don't come back to the site for two years.
El Reg estimates that most people who don't return to Google after two years are either dead or confined to maximum security prison - most likely dead.
"After listening to feedback from our users and from privacy advocates, we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies - as long as we could find a way to do so without artificially forcing users to re-enter their basic preferences at arbitrary points in time. And this is why we're announcing a new cookie policy," Google global privacy counsel Peter Fleischer writes on the company's official blog.
Sometime "in the coming months", according to Fleischer, Google will introduce cookies that "auto-expire" for users who don't return for two years and "auto-renew" for active users. The "auto-renew" bit means that anytime you visit the site, the two year clock starts all over again. Or as Fleischer puts it, "regular Google users will have their cookies auto-renew, so that their preferences are not lost".
Existing Google cookies were set expire sometime in 2038. "We were mindful of the fact that users can always go to their browsers to change their cookie management settings, e.g. to delete all cookies, delete specific cookies, or accept certain types of cookies (like first-party cookies) but reject others (like third-party cookies)," says Fleischer.
The way we see it, even after the policy change, the onus is still on users to manage their own cookies. Unless they kick the bucket.
The world's most popular search engine will soon issue browser cookies that automatically expire if you don't come back to the site for two years.
El Reg estimates that most people who don't return to Google after two years are either dead or confined to maximum security prison - most likely dead.
"After listening to feedback from our users and from privacy advocates, we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies - as long as we could find a way to do so without artificially forcing users to re-enter their basic preferences at arbitrary points in time. And this is why we're announcing a new cookie policy," Google global privacy counsel Peter Fleischer writes on the company's official blog.
Sometime "in the coming months", according to Fleischer, Google will introduce cookies that "auto-expire" for users who don't return for two years and "auto-renew" for active users. The "auto-renew" bit means that anytime you visit the site, the two year clock starts all over again. Or as Fleischer puts it, "regular Google users will have their cookies auto-renew, so that their preferences are not lost".
Existing Google cookies were set expire sometime in 2038. "We were mindful of the fact that users can always go to their browsers to change their cookie management settings, e.g. to delete all cookies, delete specific cookies, or accept certain types of cookies (like first-party cookies) but reject others (like third-party cookies)," says Fleischer.
The way we see it, even after the policy change, the onus is still on users to manage their own cookies. Unless they kick the bucket.
Subscribe to:
Posts (Atom)