Whoops: he actually says the cookie "does not expire" till 2038. I presume that you can then identify it in your cookie cache and whip it out. But would you have to do that everytime you load up Google? I'm a non-geek citizen requesting a lot of answers in this post, I'm not presenting certainties.
posted by theplayethic at 2:24 AM on April 14, 2003

Google is too important to leave to politicians.

Although it would be amusing to see what kind of search results Mr. Ashcroft and Ms. Gore would decide to give for terms like "bukkake"... (don't ask)
posted by dagny at 2:39 AM on April 14, 2003

I for one implicitly trust my government with this kind information and will sleep safe in the knowledge that they would never even dream of using it against me or any other citizen.

I have also heard that cookies are pretty evil things, not the sort of thing you'd find on Metafilter for example.
posted by johnny novak at 2:39 AM on April 14, 2003

The cookie contains your IP address. But that's no real way to track individuals. Many ISPs assign addresses dynamically so the chances of really being able to identify an individual are pretty slim.
Sure, there are people with a static IP (I have one at home) but tracing by IP is not something which is easy to do.
posted by mopoke at 2:40 AM on April 14, 2003

man i did *not* want to see the b-word today :(
posted by mhjb at 2:49 AM on April 14, 2003

We aren't talking about the post office, highways or prisons. This is an example of politicians creating fear to be able to increase their control over some part of the lives of private citizens (and they will surely hand this power over in some way to private orporations: "Bukkake" search will get you MSN.com) that don't need regulation.

You can use many different kinds of utility programs, some of them freeware, to monitor and expunge unwanted cookies from your computer (spybot for instance), not that they do much damage to you anyway. Or you can just turn cookies off in your web browser. This is a non-problem.
posted by sic at 3:03 AM on April 14, 2003

I've really had enough of hearing about "evil Google" and its long lived cookies. Here's a radical idea - if you don't like it, don't use Google. Alternativly, block cookies.
posted by Orange Goblin at 3:05 AM on April 14, 2003

Didn't want to see 'the b-word'? Best description for it I've heard in ages. ;)

Pre-empting the true geeks, use Mozilla and just block cookies from the google servers. Simple.

For the rest of us, who cares?it's not exactly a huge ammount of your bandwidth, it's not harvesting huge ammounts of personal data, and it's paying their bills so keeping the internet free.

There's a lot worse out there, trust me...
posted by twine42 at 3:05 AM on April 14, 2003

What about Amazon? They use 2038 cookies. The cookies here on Metafilter, that recognise you so you don't have to log in every time you visit, don't expire until 2033. No biggie.

I wouldn't say Google has no respect for the privacy of its users. They've never asked me for any personal info. As for my IP address, they can have it. Not like it's hard to catch someones IP address.

As orange goblin said, you don't like it, use a different search engine. It's not like you're paying for anything, is it?
posted by derbs at 4:20 AM on April 14, 2003

"It will store your computer's IP address, the time/date, your browser details and the item you search for."

How else is it going to search for something? ESP? Do you even know what TCP/IP means?

"It sets a tracking cookie on your computer that does not expire until 2038."

This is because it is impossible to set a permanent cookie. This is standard practice by everyone. $5 says MeFi's cookie is the same. This isn't some scam, it's defacto "permanent" cookie policy.

"This means that Google builds up a detailed profile of your search terms over many years."

Bullshit. I just deleted my cookies, and made a search for a couple of terms. Guess what, it doesn't store your searches, as nothing changed whatsoever in the cookie. Natch on that one!

Want to see yours? Decode them here.

"It refuses to say why it wants this information or to admit whether it makes it available to the US Government for tracking purposes."

Why should they give stupid reporters more information for them to twist?

With 1 minute of effort you'd notice the only time the data in the cookie changes is when you change your google preferences! OMG! What a concept! Storing user preferences in a cookie! Please invade my privacy some more! Next thing you know they'll be wanting to know if I want to search in UTF-8 or ASCII! Call the privacy police!

"And the much-loved Google toolbar tells Google about every web page you look at."

Did they force you to install it? Google search works A-OK without it for me, and I don't see it becoming a requirement, ever.

"Without editors to correct syntax, tidy up the story structure or check facts, it is generally impossible to rely on anything one finds in a blog without verifying it somewhere else - often the much-maligned mainstream media."

Clearly this BBC article had no editor, then.

When did good journalists drop the "investigative" requirement? I just lost a lot of faith in the credibility of the beeb today.
posted by shepd at 4:22 AM on April 14, 2003

For more discussion on this same subject, see Mefi discussion from August.
posted by jeremias at 4:27 AM on April 14, 2003

shepd, the Google cookie contains a GUID (large random number). The information you search for can be linked on Google's servers with this GUID, it is not actually part of the cookie. Over time, a very extensive profile can be built, even if your IP address changes.
posted by Eloquence at 4:51 AM on April 14, 2003

I, for one, welcome our new search engine overlords!
posted by nofundy at 5:06 AM on April 14, 2003

The fact that you're submitting the data to google means they already have it, though, eloquence

The fact that they could, if they really cared to, track it by computer rather than just by IP, doesn't matter all that much. It's just icing on the cake.

The article itself is simply scaremongering up a story on a dry news day, and smacks of a lack of journalistic integrity, IMHO.

Oh, and here's something the journalist certainly could have included, but chose not to:

Individually identifiable information about you is not willfully disclosed to any third party without first receiving your permission, as explained in this privacy policy ("Privacy Policy").

Google will not disclose its cookies to third parties except as required by a valid legal process such as a search warrant, subpoena, statute, or court order.

But that really takes all of the wind out of his chicken-little story, doesn't it?
posted by shepd at 5:40 AM on April 14, 2003

Cookies from Google? I've never accepted one. I almost always web with my browser set to "Ask", which slows me down a bit but is a handy way to decide at the moment. Further, if you look around, some browsers have it so that Ask has two ways to say OK, "permanently" or not, and under "not" the cookie expires at the end of the session. Quitting the browser clears these. Permanent cookies (well, until 2032 or whatever) can be very handy, such as here. The really annoying thing is that many sites insist on using your email address as your username. I wouldn't be at all surprised if some savvy spammers can read your cookie set scanning for email addresses. Anyone know?
posted by Grand Wahzoo at 5:44 AM on April 14, 2003

Yeah, because I trust the government way more then I trust google. Uh huh.

Wrong on so many levels, for instance:

1) Nothing is stopping the government from setting up their own search engine if it matters that much. I think the chinese have tried that, for example. I kinda doubt they would respect privacy any more then google, though.

2) If the US government gets annoying, google can just hop to whatever country they like.

3) You can delete the damn cookie whenever you like, idiot. And you can also tell your browser not to allow it to be set.
posted by delmoi at 5:50 AM on April 14, 2003

If you're running a poorly designed or unpatched browser, there are security bugs that will let other sites read your cookies.

Otherwise, rest assured, security mechanisms are normally present to prevent cookies from being shared between sites unwillingly. Either that or you don't have an official, rfc-based, web-browser anymore. :-)
posted by shepd at 5:58 AM on April 14, 2003

man, things are going to be pretty fucked up come 2k38. Who the hell came up with this design!?
posted by delmoi at 6:31 AM on April 14, 2003

delmoi: Out-of-work Y2K consultants
posted by ?! at 6:39 AM on April 14, 2003

delmoi: 2038 is the date when the clocks used in Unix (and therefore at Google, what with them being a FreeBSD/Linux shop) reach the end of their 'cycle' ie they roll over back to 00:00:00 Jan 1st 1970 (Unix stores the date as the number of seconds passed since midnight 01/01/1970).
posted by PenDevil at 6:44 AM on April 14, 2003

A lot of people seem to be missing a major point here. Yes, the cookie may not change after every search, but you have no idea what content is being stored by Google. The cookie can contain a simple ID that links your requests together while something serverside tracks you.

[NB: i think this google issue is all bullshit blow out of proportion, but i just thought I'd point out the hole...]
posted by twine42 at 6:54 AM on April 14, 2003

You can use many different kinds of utility programs, some of them freeware, to monitor and expunge unwanted cookies from your computer (spybot for instance)

Hmm, no link provided.

*cue Google to search for "Spybot"*
*head explodes*
posted by Ufez Jones at 7:10 AM on April 14, 2003

Man, I did not want to see the term whip it out today. (^_^)
posted by tomharpel at 7:16 AM on April 14, 2003

PenDevil: I know where the 2038 number comes from (which, by the way, does not affect 64bit Unix implementations, which I'm sure everyone will be using by then).


However, it's asinine to use that number for the 'max' cookie expiration date, since there was no compulsion to use a 32bit int in the definition of the cookie standard. They could have used anyone of the many 64bit time standards, or even (as they probably should have) plain text!
posted by delmoi at 7:17 AM on April 14, 2003

Condescensionfilter
posted by divrsional at 7:21 AM on April 14, 2003

So, when 2038 comes around, will we experience the chaos we were led to expect in 2000? 'Cause I'm still owed some chaos.
posted by graventy at 7:22 AM on April 14, 2003

davidmsc wins.
posted by RylandDotNet at 7:42 AM on April 14, 2003

Interesting point the article brings up:

The much-praised reputation mechanism that is supposed to ensure that bloggers remain true, honest and factually-correct is, in fact, just the rule of the mob, where those who shout loudest and get the most links are taken more seriously.

It is the online equivalent of saying that The Sun newspaper always tells the truth because four million people read it, and The Guardian is intrinsically less trustworthy as it only sells half a million.

Well, no, it's the online equivalent to everybody knowing that the Sun is a rag and the Guardian is much better. Just as everyone knows the author of this article is clueless.
posted by RylandDotNet at 7:46 AM on April 14, 2003

shepd, the Google cookie contains a GUID (large random number).

So does one of the Metafilter cookies.

Better idea: let's turn the government over to Google!

Hey, at least Google has a commitment to not being evil (scroll down to #6; there's no anchor), and I think they're doing a good job at it.
posted by Mars Saxman at 8:06 AM on April 14, 2003

Try this. Go to Google. type in anyone's phone number (with hyphens and area code) If that phone is listed you will not only get the name of the person but a map to the house and an address. Got a young girl living at home? Like this for privacy? To eliminate: go to your phone number and if it is listed it will give you the info I listed. Now hit the phone icon to the left: this will remove your info from Google data base.
posted by Postroad at 8:18 AM on April 14, 2003

What, some slimy politruc wants to get his greasy paws on Google, and all he can come up with is the old cookie-scare?

Puh-lease, that's just sooooo 1998.
posted by spazzm at 8:18 AM on April 14, 2003

And also:
How many searches are made every day, every minute, every second at google?
Wouldn't storing all those in a database be a huge waste of time&money? Sure, they have the hardware to index a large part of all websites, but think about this for a second:
How many websites have you made in your life, and how many google searches have you made?

If google was hell-bent on world domination, I'm sure they'd think of something better than a scheme that can be defeated by deleting your cookies.
posted by spazzm at 8:30 AM on April 14, 2003

I just had a look through the cookies that Google has been setting for my browser for the last four years:

2000 - "brittney spears naked"
2001 - "jessica simpson naked"
2002 - "christina aguilera naked"
2003 - "avril lavigne naked"

Should I be concerned that they're storing this information?
posted by filmgoerjuan at 8:33 AM on April 14, 2003

Postroad - So let me get this straight? If someone knows my phone number they can get my name and address? Oh. My. God. The only thing worse would be if they knew just my name and could use that to get my phone number!!!

When will this maddness end? Pretty soon people will be able to just type in my address at some website and have it return a map to my house. Are we actually going to allow this? How long can it be before some company puts this "mapping software" on CD so that evil doers could get such maps right from their own desktop?

God forbid this information actually gets printed up in book form so that maniacs could just carry it around with them.

Hello? People? The sky is falling.
posted by y6y6y6 at 8:51 AM on April 14, 2003

Bill Thompson just informed me that my computer is currently broadcasting an IP address and that my data may be in jeopardy.
posted by m@ at 9:05 AM on April 14, 2003

The much-praised reputation mechanism that is supposed to ensure that bloggers remain true, honest and factually-correct is, in fact, just the rule of the mob, where those who shout loudest and get the most links are taken more seriously.

It is the online equivalent of saying that The Sun newspaper always tells the truth because four million people read it, and The Guardian is intrinsically less trustworthy as it only sells half a million.

For what it's worth, a google search for "UK newspaper" brings up the Guardian as the first result, the Telegraph as the second, and the Times as the third. The Sun doesn't even crack the first page.

I have my qualms about Google's information hoarding, but the article is just stupid.
posted by Tlogmer at 9:10 AM on April 14, 2003

How can the UK regulate a US company anyway? That's what he's advocating. Is it that he doesn't understand how the internet works, or that I don't understand law?
posted by walrus at 9:14 AM on April 14, 2003

Google had better not have a data file on me that runs from now through 2038!

I really hope to have gotten a new computer by then.
posted by Wingy at 9:24 AM on April 14, 2003

Imagine the outcry if he advocated the instigation of an "Office of newspapers" that where to control and regulate newspapers, so that they "remain true, honest and factually-correct".
posted by spazzm at 9:25 AM on April 14, 2003

Yes, people should be more paranoid about cookies. When I ask most computer users about cookies that give me that cow-eyed "duh?" look, since they have no idea what a cookie is. I delete all of my cookies and temporary internet files after every surfing session, which I think is the smartest thing that any of us can do.

"Blogging is not journalism."

No shit, Sherlock. That's the only truly factual point in the entire article.
posted by mark13 at 9:46 AM on April 14, 2003

Having a cross-IP history of search terms is not just "icing on the cake", it is the cake itself. Most people surf with dynamic IP addresses that change after every login -- it is impossible to build a meaningful profile from that. A permanent cookie that contains a GUID makes your machine equivalent to one with a static IP address from Google's POV -- allowing them to create near perfect profiles.

It doesn't matter that MetaFilter also uses such a GUID -- MetaFilter has far less useful information about my behavior than Google does. However, the simple solution to the privacy problem is to not take Google's cookies. The only thing you lose are your preferences, which you probably don't use anyway. Once again, the risk is primarily a risk to the clueless.
posted by Eloquence at 11:16 AM on April 14, 2003

All your cookies belong..., on second thought, nevermind.
posted by tommasz at 12:18 PM on April 14, 2003

Postroad, you also need to look more closely at what Google tells with the reverse phone number lookup. A person's specific address is not given, even on using the mapping tool, but only the city correlating to the zip code. Power down on the paranoia, dude!
posted by billsaysthis at 12:57 PM on April 14, 2003

Postroad: You know there are phonebooks, right? Google's information is the same that's in the phonebook. I don't think it needs to be a state secret, you know?

As for this article, it's assertions are proposterous. First, there's a complete lack of understanding of how cookies work - as pointed out already, it's basically impossible to correlate cookies with individuals based on how IP's are given out. Second, basically every site on the internet, most govt. websites inclusive, give out cookies. Third, maybe it's because I'm American and not British, but the fact that Google is a private company with this information and "control" over searches is much much more comforting than if a govt. ran the searches. The whole concept that "Google is useful, therefore should be publicly owned" is counter to the American business ethos. It's not a monopoly because it's unfair, it's a monopoly because it gets the job done a hundred times better than the other guy.
posted by Kevs at 2:05 PM on April 14, 2003

Maybe for your phone number, billsaysthis, but when I typed in my mom's number, up popped both parents' full names, a full street address and the map pinpoints their house exactly.

And on the whole Google cookie thing ... don't take cookies from strangers. Didn't anyone's mom every teach them that? :D
posted by Orb at 2:34 PM on April 14, 2003

billsaythis, beg to diff, reverse phone numbers do provide specific street and number address.
However, big deal, several other sources do this as well, reverse phone books have always been available in public libraries.

I agree re powering down the paranoia. The paranoid presumably have something to hide, ie., searches they'd rather not have anyone find out about. So, erase your cookies.

What Google's database is most likely to lead them toward is some kind of psychographic marketing, that is, serving you with advertising taylored to whatever profile they can develop from your aggregate searches. Doing this will take a hell of a lot of development, and the volume of datamining required certainly means that nobody will be sitting in Mountain View chortling over your particular list of searches; it'll just be computers crunching data and deciding to send you an LL Bean ad, because you seem to be an outdoors type.
posted by beagle at 2:34 PM on April 14, 2003

Yes, but unlike metafilter, eloquence, google has a privacy policy (I quoted it earlier) and it's as private as a company or individual can possibly be without breaking laws. Even if they did track you in the manner you suggest they might be, it'd be in direct violation of their TOS, and would, overall look bad and serve no useful purpose.

I don't worry about it.
posted by shepd at 3:52 PM on April 14, 2003

orb, beagle, I guess I've just been more careful about using my street address on the web then. Sorry for the misunderstanding but let's be careful out there!
posted by billsaysthis at 4:03 PM on April 14, 2003

It seems to me that it really wouldn't be worth the effort to keep track of what everyone's searching for over the years. You'd get what porn they watch, song lyrics they can't remember the title for, research paper topics, stuff like that. Very little that's marketable or even interesting.
posted by dagnyscott at 4:31 PM on April 14, 2003

A permanent cookie that contains a GUID makes your machine equivalent to one with a static IP address from Google's POV -- allowing them to create near perfect profiles.

May I ask a simple question? Why does Google need a "near perfect profile" that it then links to a unique GUID on my home machine? Please note that I'm not asking about simple language and results preferences; I'll never understand, e.g., why anyone would search with less than 100 results per page and have no problem with non-GUID containing cookies to handle things like that. But why does Google want and/or need more than that? And why is this only coming to light now, years after Google supposedly implemented the move?

I can't help think of the public librarians who deliberately choose *not* to store detailed profiles of what their patrons read over time. Their argument (which echoes Erik Larsen's 1992 book on the modern corporate privacy grab, The Naked Consumer: How Our Private Lives Become Public Commodities) is that if an organization is keeping detailed user information around, it's a sure bet that info will soon be used in new and unpredictable ways by government or corporate officials. Imagine insurance companies, for instance, paying Google to find out if you've ever surfed sci.med.aids or alt.support.depression. There's no law stopping Google from announcing tomorrow that it's going to start allowing that kind of "service;" this is new legal territory, remember.

A user database of Google's size and scope is just too tempting a resource for centralized groups to ignore. So why does Google keep it around, if not for future surveillance/profit? I also wonder why Google itself consistently refuses to answer that question. That's curious, to say the least.

I think the reason articles like Thompson's come across a bit breathless is that a lot of Google users are honestly surprised to learn that someone might be keeping a detailed personal record of everything they've searched for at Google.
posted by mediareport at 5:06 PM on April 14, 2003

Just to comment on the article - we know it's all rubbish; the vast majority of mainstream reporting on internet technology (as with the majority of reporting on science) are complete tripe. You can go though, line by line and pick out the factual errors, misunderstandings, simplifications, and what you're left with is nothing worth reading or paying attention to. It's got nothing to do with the BBC shepd, or even this particular journalist. I could pick up a copy of The Australian or watch Sky News and expect to see the same misreporting.

The media does not report well on the boffin-world.

And I'm really not too concerned about Google anyway. I surf using... two different computers, two different locations, up to two different operating systems on each computer (which I change often), up to three different web browsers on each operating system (which up change often, and delete the history and cookies weekly). Good luck to Google keeping an accurate record of my activities for the next 35 years!
posted by Jimbob at 5:14 PM on April 14, 2003

Really, is there anyone with any sense doesn't clear out their Temporary Internet Files on a regular basis?
posted by Joeforking at 5:58 PM on April 14, 2003

You guys are avoiding the question. Why won't Google answer questions about what it's doing?
posted by mediareport at 6:23 PM on April 14, 2003

Hey, will you guys stop broadcasting your IP addresses all over the place?!

It's buggering up my radio reception.

And Paul Harvey's on in ten minutes!
posted by backOfYourMind at 7:24 PM on April 14, 2003

Why won't Google answer questions about what it's doing?

Because it would be redundant to do so. It's on record that they're working on tailoring search results to invididual users. Learning more about the way you use Google can help them deliver better results.
posted by kindall at 11:02 PM on April 14, 2003

Want to see yours? Decode them here.

Downloaded it. This was in the readme file...

Licence Information
===================
Please distribute it to anyone working in the law enforcement forensic field or to anyone who supports law enforcement in the prosecution of offenders and the detection of criminals.

Not that I know anything about this. It just struck me as odd.
posted by LouReedsSon at 11:28 PM on April 14, 2003

I do believe that google stores your searches, but I fail to find this practice particularly evil given the lack of personally identifying information, and the lack of an effort to make the information personally identifiable.

If I were running google, I'd store everything I possibly could about how people use my service, so I could try to find patterns to make the search engine better. After all, you need a large set of usage data if you want to find ways to reliably give more relevant results.
posted by mosch at 9:06 AM on April 15, 2003

I fail to find this practice particularly evil given the lack of personally identifying information

A GUID isn't "personally identifiying information"??

Because it would be redundant to do so.

That's an absurd and demonstrably inadequate excuse, kindall. The question that's been asked is quite specific: "Is Google keeping detailed records of searches that are linked to individual computers of searchers?"

Google also refuses to answer questions about how that data, if it in fact exists, will be used in the future - say by marketers or insurance companies, as I mentioned above. That Google is "working on" ways to make my searches better is understood. That it refuses to I need to make an informed decision about taking advantage of its cookies is not. Answering those questions honestly would hardly "be redundant."
posted by mediareport at 3:52 PM on April 15, 2003

Er, that 2nd-to-last sentence should read, "That it refuses to give me the information I need to make an informed decision about taking advantage of its cookies is not."
posted by mediareport at 3:54 PM on April 15, 2003