Contrary to Google's statements yesterday, the company's new policy for issuing cookies won't meaningfully help protect users' privacy.
Cookies are small chunks of information that websites can put on your computer and can be used to link all of your visits and activities at the site. Among other things, Google can use cookies to link all of your search records together and track your usage patterns.
Shorter cookie life-spans can help limit a site's ability to track you, but Google's change doesn't amount to any practical difference. Rather than expiring in 2038, Google cookies will be set to expire 2 years from your last visit to the site. However, cookies will auto-renew whenever you visit Google, pushing out the expiration date; in other words, your cookie can essentially last forever on the installment plan. Only if you stop visiting Google -- in which case they can't track you anyway -- will your cookie eventually expire.
To its credit, Google did decide in March to delete key identifying information in its search logs, including cookie ID numbers, after 18 months. As we said at the time, this is a good first step towards protecting users' privacy, but more is needed. Unfortunately, Google's new policy for issuing cookies doesn't move the ball forward.
If you actually want to limit how Google and other search engines can be track you via cookies and other means, check out our white paper, Six Tips to Protect Your Online Search Privacy.