Want to know what's going on in someone's mind? Look at the words they enter in their favourite search engine. Fortunately, that information is private, right? Maybe not.

If you use Google, for instance, and are not blocking cookies, the search engine is likely to have placed a cookie on your system that won't expire until 2038. That cookie lets Google track what you searched for, when you conducted the search, and which results you clicked. The cookie doesn't identify you by name, but it does identify you by your system's information and IP address.

This is what the US government was after when it subpoenaed Google for search records of millions of random users to establish the need for a federal online pornography law. At the time of writing the company is still fighting the subpoena, but AOL, MSN, and Yahoo have already given the government at least some of the kinds of data it wants.

The case highlights the sensitivity of search records in general, and Google's in particular. The company's position at the top of the search engine food chain means its archives could contain years of detailed logs on what millions of users search for, and where they surf. Google has not said how long it keeps such records and didn't respond to our requests for information on the subject.

Fortunately, there are well-established ways to rid your PC of tracking cookies, either using your browser or one of many third-party antispyware and system cleanup utilities.

But ending the privacy threat that cookies pose requires action by websites as well as by individuals. As storage gets cheaper, system administrators at commercial sites tend to log everything and keep the data as long as possible, broadening the window for misuse. At last December's Usenix Large Installation System Administration conference, an Electronic Frontier Foundation lawyer recommended that administrators keep only the logs they need, and destroy the rest.

If Google truly wishes to live up to its corporate motto, "Don't Be Evil", the company should be selective about the logs that it keeps, and should chuck out everything else.