Microsoft to Delete IP Addresses From Bing Search Logs after 6 months

Microsoft has fired a new salvo into the search privacy wars, announcing it will delete IP addresses from the Bing search engine logs after 6 months.

Recall that in early 2007, Google announced it would “anonymize” its user search logs after 18-24 months. Later that year, Google reluctantly decided to add an expiration date to its web cookie, while (unsuccessfully) tried to gain market share by giving users almost complete control over whether any data is collected. Then, in 2008, under pressure from EU regulators, Google announced it would anonymize its search logs after 9 months. Later, Microsoft endorsed the EU’s  Article 29 Working Party’s position that search companies should anonymize data retention logs after 6 months, but only if the other major search engines follow suit. None did, but Yahoo did agree to anonymize its logs after 90 days.

Microsoft has now decided to take the lead in search privacy and agree to the European Union’s demand that data retention be cut to six months. Previously, Microsoft de-identified its search logs immediately, but didn’t purge the IP address until 18 months. Now, de-identification still takes place immediately, and the IP addresses are completely removed in 6 months. Here’s the chart included with Microsoft’s announcement:

Microsoft’s bold move puts significant pressure on Google. Currently Google merely “anonymizes” IP addresses on its server logs after nine months, arguing it must retain user logs to improve their services, fight spam and abuse, and comply with legal obligations. I, of course, have been critical of this reasoning on various occasions, and now Microsoft appears to be confirming that long-term data retention isn’t necessary to run a successful search engine.

Google, the ball is in your court.

(Hat tip to Jules Polonetsky at the Future of Privacy Forum)


  1. Hi there, Michael

    Click to access Privacy%20Protections%20in%20Microsoft%27s%20Ad%20Serving%20System%20and%20the%20Process%20of%20De-Identification.pdf

    Do you know which is the structure of cookie ID assigned to queries on Bing?
    Would it be feasible to apply brute force in combination with hash algorythm for de-identification process used?
    Revert hash to cookie ID is not possible, but is it possible to generate same hash for a particular cookie ID? If lenght and complexity of cookie ID structure is simple, I believe would be easy to generate multiple hashes until creation of a particular one?

    Which is your opinion?


  2. Michael,

    Queries cookie ID is called MUID…have check on my web navigator and MUID structure is 32 characters combination of capital letters and numbers.

    So knowinfg the way Microsoft is creating its own MUID and de-identification hashing algorithm guess could be possible to apply brute force until generate hash that correlates a particular hash on Bing queries log databases.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s