I am inclined to think that we should be concerned.
Jack (01)
On 11/16/05, Peter P. Jones <ppj@concept67.net> wrote:
> Hi,
>
> Maybe Google has been doing this for a while, but their recent attempt
> to shift everything into one giant user account had me reading privacy
> policies again. In their privacy FAQ referred to by the privacy policy
> of October 14, 2005 concerning logging, it says:
>
> http://www.google.co.uk/intl/en/privacy_faq.html#serverlogs
> <quote>
> 740674ce2123a969 is the unique cookie ID assigned to this particular
> computer the first time it visited Google. (Cookies can be deleted by
> users. If the user has deleted the cookie from the computer since the
> last time s/he visited Google, then it will be the unique cookie ID
> assigned to the user the next time s/he visits Google from that
> particular computer).
> </quote>
>
> Adopting the stance of the super-paranoid for a moment, I am concerned
> about its use of the phrase 'that particular computer'.
>
> How are those IDs generated? Do they encode any information beyond that
> a normal session ID does?
>
> Does anyone know whether Google tracks the assignment of unique cookie
> IDs? Google doesn't have to do it explicitly, it seems to me. See below.
>
> Even if Google themselves don't, it looks like they can pass that
> information on ('legally', under the terms of their policy) to those
> 'authorised' to view it.
> Their logging information looks like this:
> "123.45.67.89 - 25/Mar/2003 10:15:32 -
> http://www.google.com/search?q=cars - Firefox 1.0.7; Windows NT 5.1 -
> 740674ce2123e969"
>
> Let's assume that you don't delete the cookies, then over time Google
> can build up a profile of NAT assignments for your network, and can
> correlate an ID with a usage profile.
> Can Google, or some user of its information, deduce anything useful from
> the loss of a cookie ID under a given network?
> I.e. when '740674ce2123e969' goes missing, is its loss from under a
> network tracked? It looks like Google doesn't have to do it explicitly.
> If it is the only cookie of a set that goes missing, then an analyst can
> still track the particular machine. Assume that produces errors in
> tracking now and again so that certainty of identification is lost
> short-term, I'm guessing that aggregating the data over time would still
> allow _significant_ correlations to be made between specific machines
> and usage patterns.
>
> Now tie that to GMail and Orkut. They both use the same privacy policy.
>
> Should we (Joe/Jane Public) be concerned?
>
> --
> Peter
>
> --
> This message is archived at:
>
>
>http://collab.blueoxen.net/forums/cgi-bin/mesg.cgi?a=yak&i=437B1C6A.10502@concept67.net
>
> (02)
--
This message is archived at: (03)
http://collab.blueoxen.net/forums/cgi-bin/mesg.cgi?a=yak&iQ79aafa0511160647qbd36e4cif1735b560eaa0c42@mail.gmail.com (04)
|