Microsoft Boosts Bing Search Privacy

Microsoft on Monday said that it will delete the Internet Protocol (IP) addresses logged by its servers for Bing search queries after six months, a move first proposed by the company in December 2008.

Peter Cullen, Microsoft's chief privacy strategist, described the data retention policy change as a reflection of the company's business needs, the competitive landscape, and dialogue with privacy and consumer advocates and regulators.

The competitive landscape consists of Google, almost as far as the eye can see. Google in December received 85.34% of the global search queries, according to NetApplications. Bing received just 3.27%.

Nonetheless, Bing has delivered slow but continued growth. By making Bing the most privacy-friendly of the major search engines, Microsoft clearly seeks to differentiate itself from Google.

In September 2008, Google said it would start anonymizing IP addresses after nine months, down from 18 previously, and cookies after 18 months. However, Google's anonymization method, removing the last of the four sets of numbers in an IP address, has been criticized as insufficient.

Yahoo anonymizes log data and deletes IP addresses after three months, though it keeps a subset of its search data for a longer period for security uses.

Google has expressed reluctance to anonymize data too quickly, due to "the potential loss of security, quality, and innovation that may result from having less data."

That's a position Microsoft shares, even as it seeks to distance itself from Google. Cullen said that studying search query trends "enables us to improve the quality of our results, protect against fraud and maintain a secure and viable business."

In a blog post, The Future of Privacy Forum, a Washington, D.C.-based privacy group, welcomed Microsoft's action as an "important privacy advance" but cautioned that there's still work to be done because the new policy does not address cross-session identifiers, such as the hashed cookies stored in search query logs.

Microsoft said it plans to implement its new policy over the next 12 to 18 months.

Update: Clarified Yahoo's data retention policy.