September 09, 2008, 4:01 PM — Reacting to criticism that its new Chrome browser was essentially acting as a keylogger, potentially recording users' every keystroke, Google Inc. Monday said it would render anonymous the data it collects from the browser within 24 hours.
A privacy expert said the change's impact couldn't be gauged without knowing exactly how Google will "anonymize" the data it records as users type in Chrome's "OmniBox," the name given to the browser's combination address bar-search bar.
Google has taken heat over the "Google Suggest" feature used within OmniBox since it launched Chrome last week. The Suggest feature automatically lists related search queries and popular Web destinations based on the text typed into the OmniBox. Suggest works by logging users' keystrokes -- not just in the OmniBox, but since late last month in Google's primary search field -- and offering the most likely sites or searches based on a blend of popularity and the search company's own algorithms.
Suggest transmits those keystrokes to Google's servers, as the feature's FAQ acknowledges. "Just as E.T. needs to phone home in order to get a spaceship to pick him up, Google Suggest needs to talk to Google while you type in order to offer suggestions to you," the FAQ reads.
While all keystrokes typed into Chrome's OmniBox are sent to Google, the vast majority aren't permanently recorded, but instead are discarded as soon as suggestions are returned to the browser. About 2% of the time, however, the keystrokes are recorded, along with associated data such as the IP address of the user who entered those keystrokes.
Previously, Google said it needed that data to monitor and improve Suggest. On Monday, the company announced it would change how long it keeps the data logged from Suggest.
"Given the concerns that have been raised about Google storing this information, and its limited potential use, we decided that we will anonymize it within about 24 hours, basically, as soon as we practically can," said Urs Holzle, Google's senior vice president for operations, in an entry to the company's blog late Monday.
"All data retention is a balance between user privacy and trust on the one hand, and security and innovation on the other," argued Holzle. "In the case of Google Suggest, we decided it's possible to provide a great service while anonymizing data almost immediately."
Google Suggest, which had been in development since 2004, began rolling out late last month to Google's search engine. Before that, it was widely used by Google Toolbar , Mozilla Corp.'s Firefox and Apple Inc. 's iPhone.
The logging, transmitting and recording of keystrokes, however, returned to the forefront when Google released Chrome a week ago. What sparked the criticism over Chrome was the everything-in-one-place nature of the browser's OmniBox, said Alissa Cooper, the chief computer scientist at the Center for Democracy and Technology . Unlike other browsers, which separate the address bar -- where users type URLs -- from the search bar, Chrome combines the two.
"It's the URLs that sparked the criticism, and the change by Google," said Cooper. "Users were faced with Google retaining all of their search logs and all of the URLs they were typing."
Nor was Cooper sure that Google's new promise to anonymize the recorded data within 24 hours is enough. "That's a good step, but that doesn't mean that all those logs are rendered anonymous," she said, pointing out that Google says it anonymizes its server logs, for instance, when it only partially deletes IP addresses and cookies.
"It will really depend on the mechanism Google uses to anonymize those logs," Cooper said. "The impact this has on privacy will only become clear when we know how they render the data anonymous."
Chrome users can disable Google Suggest by right-clicking the OmniBox, then selecting "Edit search engines" and clearing the check box beside "Use a suggestion service to help complete searches and URLs typed in the address bar."
