Things have changed a bit at the big G; they now have serious privacy policy employees and are making public statements about user privacy. That's great. Yesterday they announced a new cookie policy, moving away from cookies that expire in 2038 (the maximum length):
In the coming months, Google will start issuing our users cookies that will be set to auto-expire after 2 years, while auto-renewing the cookies of active users during this time period.
The old policy was always cited as shorthand for Google-is-evil diatribes: "they put cookies on your machine until 2038!". I recently heard some call-in radio guest asking whether Google should pay him to store this file for them. What's the emoticon for eye rolling?

However, the cookie change will have zero effect on actual user privacy. Every time you go back to Google the cookie expiration will reset to two years. In other words, the cookie will never expire; what are the odds of you not visiting Google on your computer for two years? Maybe after the global war, when we emerge from the Vaults after the fallout is gone we'll enjoy the nuclear winter in privacy.

So in practice the new policy changes nothing. Is it evil? No. Every major web site in the world does the same thing, refreshing cookies every time you visit. And the cookie gives the user actual benefit, preferences. But now Google won't have to put up with the "2038 is evil!" inanity. Hopefully the privacy discussion will shift to something more meaningful, like why Google doesn't have a complete opt-out for cookies. Or logging.

  2007-07-17 16:23 Z