SAN FRANCISCO, CA — As the search-engine wars heat up – with Google, Yahoo!, Ask.com, Microsoft, and AOL jockeying for the user eyes that mean money in the bank – consumers may become the ultimate winners. That’s because one of the most active battlegrounds in the war is on the privacy field.As consumers become savvier, search engines become ever more aware that advances in personal-information protection are valuable weapons. After all, every time a hacker, murderer, stalker, rapist, or child abuser is convicted based partially on the contents of his hard drive, the public becomes more concerned about interacting with online organizations that collect and save information about behavior. Divorce lawyers love Web cookies and so do employers. So do thieves and blackmailers who can glean all sorts of information from an ill-considered Web affair.

CNET’s News.com recently compared the legalese in the five largest search engines’ privacy policies with the engines’ actual behavior. This is what the demystification process undertaken by newshounds Declan McCullagh and Elinor Mills discovered:

“Ask.com was the most protective of user privacy,” according to CNET. Not only does Ask.com not record user queries, but it also declines to engage in behavioral targeting (the practice of serving ads based on previous searches). Google – which enjoys about 53-percent of the search market share, according to Nielsen//NetRatings – is the only other one of the search big five that eschews behavioral targeting, but it maintains identifiable cookies containing users’ Internet Protocol addresses for 18 months before they’re only partially anonymized.

Microsoft “permanently and irreversibly” disassociates cookie values and IP addresses after 18 months, Chief Privacy Strategist Peter Cullen told CNET, but its search engine engages in behavioral targeting. Yahoo! also engages in behavioral targeting, but it deletes personally identifiable information after 13 months. The same is true of AOL. Ask.com doesn’t retain any user information at all.

The most recent CNET survey revealed a remarkable improvement over previous studies. In 2006, Google, Microsoft and Yahoo! revealed they kept data “for as long as the data proved useful,” whatever that means. Now they’ve set firm expiration dates, and Google has shortened the lifespan of its cookies from 2038 to two years from the date of the user’s most recent visit.
It’s relatively simple to prevent any online entity from collecting and storing personally identifiable information about you without your consent. Simply set your browser not to accept cookies. The drawback to that plan is that membership sites (including social networking, banking, Web-based email and some others) won’t play with you unless your browser accepts cookies – but if you’re really concerned about who knows what about you, the price of privacy may be affordable.

All of the concern may become moot if some members of the U.S. Congress and a group of European bureaucrats have their way. Both groups are pressuring search engines to store data for shorter periods of time, and last year a proposed U.S. law would have prohibited the storage of personal information not needed for “legitimate” business purposes (whatever that means).