Google cookies die, rise from the ashes

Peter Fleischer, Google’s Global Privacy Counsel, announced a new expiration policy for Google cookies on the company’s official blog today:

In the coming months, Google will start issuing our users cookies that will be set to auto-expire after 2 years, while auto-renewing the cookies of active users during this time period. In other words, users who do not return to Google will have their cookies auto-expire after 2 years. Regular Google users will have their cookies auto-renew, so that their preferences are not lost. And, as always, all users will still be able to control their cookies at any time via their browsers.

The announcement comes a month after the G-Monster capitulated to pressure from the European Article 29 Working Group and agreed to anonymize its server log files after 18 months, rather than the previously vague 18-24 months.

Well done, Google! As Fleischer points out, the purpose of cookies is to remember your preferences, like language and number of results per page. If you’re continually having to reset them, you’d get pretty frustrated pretty quickly. To my way of thinking, the search kings have struck a balance between serving the customer need for unnecessary re-entry of basic info and serving the customer need for privacy. If you haven’t been back to Google for two years, your preferences have probably changed anyway.

There is an inherent tension between making the experience smoother and protecting the privacy of the users, and the more options that people have to control the customization of their experience, the more they’ll be able to find their own happy mediums (media?). I remember visiting cnn.com several times over a period of a few months, and every time I’d get that stupid pop-up that asked me if I wanted the U.S. or international version. I gladly allow cookies that stop me from getting the same question over and over.

Fleischer makes another point in his post when he says that people can always control their cookies through their browser. I accept this as valid, but there is another side to it. Essentially, the message is that you can control your Internet experience only if you’re savvy enough to do so, begging the question: whose responsibility is it to ensure your privacy?

It reminds me of The Hitchhiker’s Guide to the Galaxy, Arthur Dent complaining to Mr. Prossard that he wasn’t told about the plans to demolish his house to make way for a bypass:

“But Mr. Dent, the plans have been available in the local planning office for the last nine months.”

“Oh yes, well, as soon as I heard I went straight round to see them, yesterday afternoon. You hadn’t exactly gone out of your way to call attention to them, had you? I mean, like actually telling anybody or anything.”

“But the plans were on display…”

“On display? I eventually had to go down to the cellar to find them.”

“That’s the display department.”

“With a flashlight.”

“Ah, well, the lights had probably gone.”

“So had the stairs.”

“But look, you found the notice, didn’t you?”

“Yes,” said Arthur, “yes I did. It was on display in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying ‘Beware of the Leopard.’”

I’m having a bit of fun at Google’s expense here, but my question is sincere. For me, and most likely for you, changing our cookie preferences is child’s play. For my mom? Or your Auntie Dolores? We might as well ask them to whip us up a working prototype of the space shuttle.

And, again, I’m not sure that this is an issue. To be honest, even if you put ‘cookie settings’ right smack in the middle of the home page, there are lots of people who still wouldn’t begin to know what to do with them.

What do you think? Do you think that expiration after a two year lag in activity is enough to protect the interests of those who couldn’t find their cookie settings with both hands? Or should the default be privacy overprotection, with people being given the control and authority to reveal more as they see fit?

This entry was posted on Tuesday, July 17th, 2007 at 5:23 am and is filed under Privacy, Google. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

2 Responses to “Google cookies die, rise from the ashes”

  1. Brian Hayes Says:
    July 17th, 2007 at 6:21 pm

    The provocative part of this post is the term .overprotection..

    Should people be given .control and authority. to reveal personal information as they see fit? My answer is yes.

    I gave a short speech at a computer expo in Vancouver calling for .Information Sovereignty.. Over centuries we have developed articulate rules governing property and person. We cannot have a stranger snooping into our closets nor pilfering our pockets. Yet when it comes to our brain, we are probed, picked and invaded.

    Control of who we are and what is recorded about us isn’t overprotection, but fundamental protection.

  2. Kaila Colbin Says:
    July 20th, 2007 at 2:02 am

    I take your point, Brian. How do you think the concept of fundamental protection should be applied to cookies?

    And is there a line in the sand up to which point probing, picking and invading our brains is appropriate or allowable? For example, a stranger can’t snoop into my closet, but if she sees me every day, she’ll get a good understanding of my wardrobe (back to the ‘reasonable expectation of privacy’ thing). At what point do we not have a reasonable expectation of privacy regarding the information we make available online?

    And how private is private? If Google takes note of the information I give them but doesn’t share it with anyone, have they breached my privacy? Or do they only cross the line once they make it available to others that I haven’t given that information to?

    Over to you…

Leave a Reply

*
To prove you're a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.
Click to hear an audio file of the anti-spam word