google and privacy

Privacy International has released a report stating that Google’s privacy policies are “the worst on the web”, ranking it dead last in a list of “internet service companies” that includes names like Microsoft, Ebay, Last.fm, Livejournal, the BBC, Amazon, etc.

That report turns out to be rather poorly researched, and the conclusions are to be taken with a big grain of salt, according to this analysis over at SearchEngineLand. And here’s another analysis, admittedly by someone who works for Google. I’m inclined to agree with their criticism.

While I applaud what Privacy International is trying to do, and I do think that there are privacy issues with a lot of what Google does, this report feels like something that was made up without much thorough research or investigation.

The fact alone that Google was the only search company to refuse turning over search data to the US Department of Justice, while Microsoft and Yahoo happily obliged without even pretending to want to protect the privacy of their users should be a clear indication of just how flawed the ranking in this report is.

And as a more general point, I’m a bit fed up with the whole ‘cookies are bad’ nonsense. Http is a stateless protocol folks! Cookies are pretty much necessary to retain state between page views. There are some alternatives for cookies, but none that are technoligically equivalent. Should web services set their cookies to be removed when the user closes the browser, or ideally after the user logs out of the service? Absolutely. But if they don’t, it’s no big deal. Just use a decent web browser like Firefox, and tell it to delete all cookies when you close the browser. Cookies are not a big privacy threat because the user has full control over them. There are much bigger fish to fry when it comes to online privacy.

Conclusion: dear Privacy International, I support your cause, but this report is fundamentally flawed. It uses questionable methodology and the conclusions seem to be rather unscientific.