San Francisco — Google Inc., owner of the world’s most popular search engines, announced Monday that it will address privacy concerns by reducing the lifetime of “cookies” installed on the computers of people who visit its Web site, will auto delete after two years.
All search engines and most websites store cookies on a computer.
Cookies are small files planted on personal computers to track Internet use, enabling the site to remember the user’s preferences for things like e-commerce and sites that require log-in will automatically expire two years after the last visit to Google’s site, the company’s global privacy counsel, Peter Gleischer, wrote on a blog today.
Mountain View, Calif.-based Google previously designed its cookies to expire in 2038, he said.
The thinking was that users could always delete the cookies if they wanted, but in actuality, not everyone knew how to do that or even thought to.
“After listening to feedback from our users and from privacy advocates, we have concluded that it would be a good thing for privacy to significantly shorten the lifetime of our cookies–as long as we could find a way to do so without artificially forcing users to re-enter their basic preferences at arbitrary points in time,” Gleischer wrote in a Google blog post.
Users can also set their cookie preferences through management settings on their own personal computers, Gleischer said.
“Users who do not return to Google will have their cookies auto-expire after 2 years. Regular Google users will have their cookies auto-renew, so that their preferences are not lost,” he writes.
The European Union’s data-protection agency has criticized Google for holding onto user information for too long. The New York State Consumer Protection Board on May 9 urged U.S. regulators to delay Google’s $3.1 billion takeover of online advertising company DoubleClick Inc. until the company better protects consumers’ privacy rights.
In practice, however, only a miniscule number of people will be affected by the change.
Online privacy advocates expect Google’s new “cookie policy” to change little since the two-year lifespan of tracking software renews with each visit so people must stop using Google for the entire period for the cookies to self-destruct.
“Google’s change does not tame the cookie monster, of course,” wrote Internet privacy expert Jim Harper on the Technology Liberation Front website.
“It remains with you to tame the cookie monster, if that is what you care to do. Your web browser provides you the ability to control them, which gives you the responsibility to do so. I control mine.”
In recent months, it has introduced several steps to reassure its users over the use of personal information. In March the search giant said it would anonymise personal data it receives from users’ web searches after 18 months.
That is because if anyone visits Google even once in the next two years, the cookie expiration date will be extended. In other words, visiting on July 16, 2007, will reset the cookie to expire around July 16, 2009. Visiting any time between those two dates will automatically extend the life of the cookie–renewing it, effectively–for another two years.
None of the other leading search engines have made any statements over anonymising IP addresses or shortening cookie lifespan.