Welcome to P2PNET.net - The original daily p2p and digital news site. Always First!
Register | Login
RIAA News
Cool Stuff
MPAA News
Games / Consoles
News
Music
Movies
TV
Open Source
Mobiles
Advertising
Product News
P2P
Off Topic
Freedom
Politics
Interviews
Security
DRM
Links
Kids and Kartels
Search: 
Search
 
Web P2PNET   
   Search: 
Search
Torrent Site Tracker
TekSavvy
 
Add real-time p2pnet headlines to YOUR site ! Click here to download our newsfeed code

CDT search engine privacy chart

p2pnet news | Freedom:- Google was the only major search company to utterly fail a six-month investigation into privacy practices, adding to concerns about what it to does with the user information.

Fears are heightened by its recent acquisition of DoubleClick, a merger the Competition Commissioner, should urgently review, says CIPPIC (the Canadian Internet Policy & Public Interest Clinic).

It recently announced it’s anonymizing its server logs and search companies are now, “competing to provide the best privacy protections,” says the Center for Democracy and Technology (CDT) in a diplomatically phrased report.

That’s, “great news for users” who’ll, “hopefully see a continuing expansion of choices and controls offered to them for managing the information they share over the Internet,” it says in a report which compares the privacy policies which have emerged, “from the recent spate of announcements.

The CDT chart below shows how, and for how long, the major US search companies plan to hold search, IP address, and cookie ID information, and what user controls exist to limit the retention of this data.

Meanwhile, under Towards Increased User Control, the CDT says:

One of the recent announcements addressed in the chart is Ask.com’s development of its AskEraser product. AskEraser gives users the ability to opt out of having Ask.com retain their search information – including IP address, cookie ID, and search query – beyond a few hours. This gives users who do not want their information stored for many months new control over their searches. Ixquick, a search engine with a vastly smaller share of searches than those in the chart, provides users with a different kind of privacy protection: Ixquick shares search queries with a variety of other search engines and stores them indefinitely itself, but deletes users’ IP addresses after 48 hours by default and does not use unique identifiers in its cookies.

On the flip side, all of the companies listed in the chart allow users to create personal accounts by supplying some form of identifying information, such as a name, address, or email address. Google and Ask.com leverage such accounts to provide users with the option of storing their search logs for as long as they want. It is important to note, however, that when users choose to delete information from their personal search history, it will still remain on the search engine’s servers until the minimum retention time (18 months for Google and Ask.com) has passed. Thus, this kind of control serves to extend, not limit, the data retained. Whether or not a search engine offers a personal search history feature, the company still has the ability to correlate a user’s account information to his or her search logs. All of the companies listed in the chart currently store account information separately from search information, and some take further steps to limit correlation, but these systems may not be fully privacy protective if re-uniting account information with search information can be easily accomplished.

As these kinds of accounts proliferate and are combined with other services like email, chat, and maps, this question of correlation becomes increasingly important. Giving users true control over which information is linked back to them should be the ultimate goal.

Recommendation: Search companies should continue to work towards providing controls that allow users to not only extend but also limit the information stored about them. As it becomes possible to tie more and more information back to

an individual user account, users should control the correlation of their account information with records of their online activities.

Safeguarding Privacy in the Long Term

The chart demonstrates the wide variety of approaches that the search engines take to storing data in the long term. The diversity of techniques used to safeguard information held over long periods reveals that much remains to be learned about how to best address this issue:

  • Google removes partial IP address information and partial (or possibly complete) cookie identifiers. Removing this information goes a long way towards reducing the possibility of being able to correlate search queries back to particular users.
  • Yahoo! maintains partial IP addresses and partial cookie identifiers, and additionally applies a personal information filter to remove names, addresses, phone numbers, social security numbers, and other personal information that users may have typed in as search terms. In addition, Yahoo! is investigating the use of a non-reversible identifier that is not derived from IP addresses or cookie IDs. Combining this with the application of personal information filters dramatically reduces the likelihood of being able to correlate search logs to particular users.
  • Microsoft takes a different approach, eliminating all unique identifiers. This makes it extremely difficult, if not impossible, to correlate search queries to specific users.
  • Ask.com, as previously noted, gives users the option of deleting all of their IP address, cookie ID, and search query information. Information that Ask.com passes on to Google is, however, subject to Google’s retention policies.
  • AOL retains queries in the aggregate and deletes all IP addresses and cookie identifiers, eliminating the possibility of correlating searches to users. As with Ask.com, information passed to Google is subject to Google’s policies. That each of the top search engines takes its own unique approach to this problem is a positive sign that the companies are actively pursuing ways to better protect privacy. More research is necessary in order to determine which solution or combination of solutions will be most effective in protecting privacy while also serving the business needs of the search companies. As more consumer information moves online, it becomes increasingly important to be able to improve search services without tying searches to particular users and to safeguard the data that must be stored. Recommendation: Researchers, academics, and Internet companies should continue to pursue new and innovative methods for (1) improving the quality of search results, preventing fraud and otherwise meeting business needs without tying searches to particular users, and (2) safeguarding data that is stored for long periods.

The Advertising Balancing Act

As the chart reveals, two of the companies – Ask.com and AOL – rely on a partner to supply search advertising. But for those that supply their own ads, many of their claims about why they need to retain information relate to advertising. Search logs can help the companies understand which ads are most successful for a particular query. More importantly, search logs are necessary in order to measure the performance of ads and bill advertisers. Stored search logs can also be used to investigate fraud and abuses of search advertising systems.

Against the backdrop of these constraints, safeguarding user privacy becomes increasingly important. If search engines must retain data for months and months – as many of them claim they need to- storing the data securely, providing notice, giving users choices about how the information is stored, and limiting the retention of the data to specific purposes are essential. Many of the Internet’s most amazing innovations are supplied for free thanks to advertising, but the mere presence of advertising-related demands does not justify overlooking privacy concerns. Search engines must balance both.

Recommendation: Search companies should expand efforts to develop policies that balance the demands of the advertising marketplace with their users’ privacy needs. This should include the development of new standards and policies that take privacy into account from the beginning.

Click the mic on the right to hear David Bannister’s p2pnetcast of this story >>>>>>>>

SlashdotSlashdot it! Add to Technorati Favorites

Also See:
utterly fail – Google flunks major privacy study, June 11, 2007
urgently review – Review Google, DoubleClick deal: CIPPIC, August 3, 2007
anonymizing its server logs – Google anonymizes server logs, May 13, 2007
report – Search Privacy Practices: A Work In Progress, August, 2007

Use free p2pnet newsfeeds for your site. It’s really easy!
Subscribe to p2pnet.net | | rss feed: http://p2pnet.net/p2p.rss | | Mobile – http://p2pnet.net/index-wml.php

Net access blocked by government restrictions? Use Psiphon from the Citizen Lab at the University of Toronto. Go here for details. Download here.

This entry was posted on Thursday, August 9th, 2007 at 11:03 am and is filed under Freedom. You can follow any responses to this entry through the RSS 2.0 feed. You can skip to the end and leave a response. Pinging is currently not allowed.

HOME

Viewed 5638 times

« previous Hollywood attacks Calgary
Google copies p2pnet feature next »

One Response to “CDT search engine privacy chart”

  1. susan Says:
    August 10th, 2007 at 4:21 pm

    so-i will go for ixquick.com. they seem to have a very solid privacy policy

Leave a Reply

Please no Spam, flaming (attacking others), trolling, and posting off-topic. Thanks.

    Advertisements
MP3Rocket


Remove Spyware with AntiSpyware for Windows®