Google announced today they are changing the expiration date of their cookie from 2038 (the latest possible date) to a rolling 2 year period. Once put into action, users who visit Google today, for example, will receive a cookie that expires on July 16, 2009. If that user never visits a Google website again, that cookie will disappear after those 24 months.
Of course, if that user visits Google again tomorrow, the cookie will renew for a new 2-year period. So, users who visit Google daily (like many), will continue to receive cookies with a rolling 24-month expiration. In practice, then, regular users of Google will not really benefit from this policy change.
Peterongoing plan to continue innovating in the area of privacy to protect our users.” This is a good first step, but far from a complete solution. An easy way to take this announcement a step further would be for Google to announce that not only will the cookie on my computer expire after 24 months of non-use, but that they will also remove any record associated with that cookie from their internal databases. Such a policy would have a much greater impact on user privacy, since even if my cookie vanishes after 24-months, a record of all my activity remains on the servers in Mountain View.