Google cookie expiration plans called 'worthless'
The company has touted the idea as improving privacy
Google Inc.'s plans to shorten the life span of cookies installed on a user's computer, ostensibly to improve user privacy, is being dismissed by some as complete hype.
Apart from making it appear that the company is taking steps to address growing privacy concerns related to its data storing habits, in reality, the move changes very little, observers said.
"No users will experience any gains in privacy at all due to Google's change in policy," said Randy Abrams, director of technical education at ESET, a vendor of antivirus products in San Diego. "It's not a bad idea. It's just a worthless one. [Google's announcement either] demonstrates a complete lack of understanding about the role cookies can play in privacy, or else utter contempt for the intellect of Google users."
In a blog post on Monday, Google's global privacy counsel, Peter Fleischer, said that in the coming months, the company will start issuing user cookies that will be set to autoexpire after two years. Currently, the cookies set by Google on a user's computer are designed to expire in 2038 -- unless users set their browsers to delete them sooner, he said
"After listening to feedback from our users and from privacy advocates, we've concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies," Fleischer said.
But the fact that Google's cookies will autorenew every time a user visits a Google Web site completely negates any effect the move might have had, Abrams said. Only users who do not return to Google for two years will have their cookies autoexpire after that period. In all other cases, cookies will autorenew and reset their life spans with each visit to a Google site.
Consequently, the move has no effect on Google's existing privacy posture, said Pete Lindstrom, an analyst at the Burton Group in Midvale, Utah. "As far as I can tell, there's going to be no change to the effective level of their intrusiveness, which I don't think is too significant in the first place. Maybe they want to get a little bit of privacy press."
Google did not immediately respond to a request for comment.
Google's plans to shorten the life span of its cookies come amid growing concerns, especially in the European Union (EU), about its data retention policies. In June, Privacy International, a global privacy advocacy group, placed Google at the bottom of a list of 23 Internet companies for "comprehensive consumer surveillance and entrenched hostility to privacy."
In June, Google announced that it would anonymize its search server logs, including IP addresses and cookie ID numbers after 18 months. That move was in response to a letter sent in May by the EU's Article 29 Data Protection Working Party, which expressed concerns about the length of time Google stores information in its search server logs (download PDF).
The letter, addressed to Fleischer, noted that server logs contain information that could be linked to an identified or identifiable person and therefore come under the purview of European data protection laws. In the same letter, the EU group also expressed concern about the 30-year life span of the cookies that Google installs on user systems. The letter noted that the Google's cookie life span was "disproportionate" to its stated purpose of storing user preference information.
- It's Not Them, It's You: How Customer Experience Impacts Your Identity and Access Management Practices Customers want more online access, but they also want to do less to get there: more mobility with less hassle. More security, but...
- 5 Reasons It's Time For Secure Single Sign-On While cloud-based applications provide many business benefits including lowering capital expenditures, they can also drive up operational expenses by requiring more administration and...
- Identity is the Center of Omnichannel This paper covers the benefits of adding an identity layer to bridge the gaps of simplified access, multiple entry points and authentication -...
- How to Extend Identity Security to Your APIs This paper discusses what these standards and specifications are, how they can be composed with existing standards like SAML, and details about how...
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center...
- Tips to Simplify Database Administration and Development Make your job easier while getting the most from the leading productivity tool for database professionals. Learn tips from Dell Software's Oracle® ACE,... All E-business White Papers | Webcasts