OK, so here’s a quick primer on Internet traffic. Much like the traffic on the streets, it finds its way to its destination via an address (well except for male traffic which wanders randomly around until it sees its destination, luckily for us all, Internet traffic is androgynous). The world of computer technology (especially early technology in the space) used very descriptive naming and IP (or Internet Protocol) is one of those amazingly descriptive names. Every time you communicate with another machine on the internet (e.g. every time you type in an email address, a web-site or IM someone) your IP address is communicated to that site. Don’t believe me, go to www.WhatsMyIPAddress.com and it will tell you what your IP address is. The current version of IP addresses is called IPv4 (for version 4). The problem with IPv4 is that as the number of devices that are connected to the Internet has expanded (think of every server, Internet capable cell phone, desktop, laptop, etc.) the number of available addresses is getting pretty slim (much like with telephone numbers). Also like telephone numbers (or street addresses) sections are given out in blocks (blocks of numbers or just street blocks). To deal with the lack of addresses, organizations (probably like your workplace or school) set up a set of IP addresses and then allow the traffic to get sent to addresses only it knows within its network (this is called DHCP within a reverse-proxy, don’t worry about the tech parts of this, just accept that your IP address changed periodically to allow others to use that address when you weren’t). Your Internet Service Provider (ISP) most likely does this as (just like you might have an office number at work that the post office has no idea where it is). This has all changed.
Two things are changing this system. First off is IPv6. IPv6 has much more “addressing space” which means that if this were a city, you just built a ton of new roads and everyone can easily have their own address. This means that there is no need for dynamic addressing and thus people may keep their IP addresses for long periods of time (effectively making them personally identifiable). The second change was around data aggregation.
Data aggregation has become cheap enough that storing massive amounts of data is quite cheap. Right now I can go buy a terabyte of space (that’s 1,000,000 Megabytes (MB)) for a couple hundred dollars (US $). Since storage is cheap, organizations started to store this information and associate it with other information. IP address could be linked to users (say if you logged into an online website then linking your login time and IP address would give you a user’s identity, then use that IP address on other sites and you know where the person has been). You can even use this information to get a person’s physical location (or at least the location of the machine/access point they are using). Search engines use this information to build a profile of a user and use that information to build marketing profiles. In this is where Google has found itself on the bad side of the European Union’s Privacy initiatives.
Recently the EU, decided that IP addresses are personal information (called PII or personally Identifiable Information in the US). Google, in particular is fighting this as they argue that IP addresses aren’t personally identifiable. If comments on that blog are any indication, the net community isn’t buying this line any more than the EU is. In fairness to Google, they really don’t care if it personally identifies you as long as it uniquely identifies a person (since that’s where their targeted ad business (the core of how they make money) makes its money). Google is trying several steps to convince people they aren’t keeping info that is personally identifiable but in reality, anyone who is storing IP addresses (even without things like search histories that invariably have PII in them) is going to have this issue. Using ISP records, IP addresses can be linked to users and from a Govt. standpoint this is the magic connection.
If you are concerned about such actions, I can recommend two actions to take. The first is to use a service like Scroogle. You can make a search plug-in for your browser for them or just go to their homepage. They proxy searches to Google but take out the ads and the tracking cookies. In this way you can access the value of a search engine (like Google) without worrying about the nasty tracking aspects of such a company. The second option is to use an anonymizing service like TOR. TOR sends all your traffic though at least three other nodes. The data is thus Anonymized from its original source but it is NOT confidential (e.g. if you log into a website that is not using SSL (the little lock icon on your browser) then the person on the end of that chain of servers could capture your login and password). This is just as true if you aren’t using TOR but just a reminder that anonymity is different than privacy.
