AOL Releases Search Logs of 657,427 Users

An anonymous reader writes "AOL has released the search logs of over 650,000 users for research purposes. This looks like it may become a public relations disaster for AOL, as well as a privacy nightmare for the users involved as Michael Arrington of TechCrunch notes: "AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the ability to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box." This is also being covered on The Paradigm Shift and Oh My News." fantomas adds " Looks like they've just taken it down but it's still available on The Pirate Bay; not sure why but some of the academic researchers are going crazy musing the ethical aspects of letting the world know who's searching for how to kill their wives ..." Update: 08/07 21:32 GMT by T : amromousa writes "AOL is now apologizing for the release ..., calling it a "screw-up," which they're upset and angry about."

finally, maybe users will wake up

[yagu]

Finally, for all my support nightmares AOL users I know (and there are many!) that I endured over the years, a misstep that may offend and bother them as much as supporting AOL has bothered me for the last bazillion years. Go away AOL! (But, leave a few of your coasters at the store counters, those did come in kind of handy.)

So, all of that aside (the court of public opinion stipulates AOL as stupid and insensitive), how equally egregious and offensive is others would propogate and perpetuate this misguided release of data? Any mirrors still carrying this information (and they are there) serves few purposes for continuing to provide access, and none are defensible: either they are happy and willing to allow potentially embarassing or damaging data to continue to be distributed, or they are sticking it to AOL when AOL has already fallen on their own sword -- enough is enough. It's not okay.

(So, how many wives are either not going to be home tonight, or are going to fix hubby his very favorite dish?)

Killing wives?

[SoCalChris]

Way to jump to conclusions. How do you know that they weren't working on a screenplay, or simply trying to find a phrase they heard mentioned somewhere?

If "End of the world" was searched for, how do you know if they are looking to the lyrics for an REM song, or trying to build a WMD?

Re:Searching for SSN's??

[Pulse_Instance]

Keep in mind that this is an AOL search box the lowest common denominator of internet users. They probably still find Hampster dance funny.

PR disaster? O RLY?

[cashman73]

This looks like it may become a public relations disaster for AOL,. . .

O RLY? Certainly, it's not the ONLY public relations disaster for the company! Isn't AOL synonymous with PR disasters nowadays? ;-)

Re:Searching for SSN's??

[jamsessionjay]

What makes you think someone is searching for their own SSN?
Isn't it possible someone is searching for information on someone else? Checking to see if someone has listed their SSN else-where would help to narrow the scope of targets for data theives.

But yeah, you're probably right. Someone probably searched for their SSN to see if anybody who had taken it would use it somewhere in plain text, and assumed that the information they were passing to their trusted ISP was secure. Hah, imagine that, trusting a company to not release your private information without a warrent?

Re:Searching for SSN's??

[cbr2702]

Who in their right mind would type their social security number in a search box, in plain text??? I mean, really???

Maybe they want to be sure no one's posted it anywhere?

Re:Searching for SSN's??

[The Good Reverend]

I have. I want to know if it's out there anywhere on the public internet. Same reason I search for my phone number, full name, etc.

Re:Searching for SSN's??

[Anonymous Coward]

It's a good way to find out if your SSN is being mismanaged by sloppy organizations.

I've read of someone who tried it only to find that a group/department at his college had is SSN# posted :-(; which he now fixed. My guess is that his identity is safer for ahving done this.

Of course, a partial SSN with a wildcard match might be a better idea.

Child Porn

[db32]

Ahh...great...maybe I can expect a call from authorities if Google ever caves. I got one of those stupid ICQ Child Porn spams one day and started googling for reporting agencies. Not that I think it would do much good, but hey...I would rather have reported it and have it do nothing than to not have reported it and have no chance of it doing anything.

In Soviet....err...In America the government watches you! Ahh...how the times have changed...Working on losing the 1st Ammendment and 4th Ammendment in 8 years. As Thomas Jefferson said "The beauty of the 2nd Ammendment is that you don't need it until the government tries to take it away"... I recently had a picture taken of my baby girl at the National Archives with those 3 terribly important documents honestly wondering if they will mean anything or even exist by the time she is old enough to show her kids the picture.

But hey...may just be me being a pessimist...so maybe the spooks won't get up and arms datamining slashdot and seeing my TJ quote and come interrogate me for being a terrorist...just in case...

Last post!

Re:Seriously?

[Manchot]

People often search for their own names. Even if they don't, it can often be incredibly easy to narrow down who a person is. For example, I often search on my university's web page. I'm sure it would be obvious to anyone who looked at my search records to surmise that if I'm searching for an academic calendar at my college's web page, I probably go here. From there, it would be easy to guess that since I often search for "EE," I'm probably in the electrical engineering department.

This is silly

[fjf33]

" Looks like they've just taken it down but it's still available on The Pirate Bay; not sure why but some of the academic researchers are going crazy musing the ethical aspects of letting the world know who's searching for how to kill their wives ..."

Because of the presumption that your are not breaking the law? We all have things to hide. Some don't even break the law but could be bad if they were out there. Presumably this guy hasn't killed his wife either. If there was a dead wife and her husband was a suspect, it should not be a problem to get the household computer IP search history from AOL. It is even legal.

Should we investigate anyone that talks about killing someone. We all say that in jest from time to time.

This is the same stupidity behind the automated listening to conversations. It generates too many false positives and it wastes investigator time. Gods know we don't need more fuzzy leads for possible crimes. There are many ACTUAL crimes out there that need investigating.

Maybe you won't object to a camera in every room of your house? After all you are not guilty of anything are you?

What if he's searching for a story

[Moraelin]

I hate to break it to you, but there are a ton of stories out there dealing with morbid topics. Either seriously (e.g., horror stories, a la Lovecraft or Edgar Alan Poe) or as a sort of dark/macabre humour.

And especially pay attention to the last alternative: there are a lot of stories and sites that are just supposed to be obviously humorous, not actually to be a DYI guide to the subject in their title. E.g., I think there was a humorous site somewhere titled something like "how to pick up underage girls", or something to that effect, and it wasn't actually a paedophile's field guide. E.g., take sites like the Evil Overlord's List, which are just a parody of common movie cliches, not actually a guide to be followed by someone. (Unless they're writing a story involving a stereotypical Evil Overlord.)

So how do you know if that guy didn't google for the title of such a story? Or for some random phrase he remembered from one?

E.g., I remember reading an absurdist play by Eugen Ionesco about some murderer who tempted people to come see the colonel's photo, and then pushed them into some lake. What if I googled for that? Remember, I don't know the title of the play any more, so I can't just google for that. Not that it would make it any better, because the title IIRC was something about an unpaid assassin.

The whole thing didn't even make much sense, other than maybe as a metaphor for something or another. It's an absurdist play, so don't ask me for what it was a metaphor. It contained such gems as the everyman hero asking a police officer something to the effect of "and didn't you send cops to get him?" and getting an answer like "yeah, but they too wanted to see the colonel's photo." Nowhere does it say what colonel or what's special about that photo. I guess it wouldn't be absurdist if it did.

So if I tried googling for that play on the net, would you use your amazing deductive powers to conclude that I'm looking for a hitmal willing to do some pro-bono work? Maybe to whack-off some colonel?

Re:Searching for SSN's??

[ryanduff]

To be fair, anyone could type in a nine digit number and it could be anyone's number. For example, 165-32-4865. I'm sure this might match someone reading slashdot at this very moment.

Now, when they're typing in searches with their name and number in the same search, yes, that's dumb!

I haven't had a chance to look at the data myself, but I'm sure it's happened.

Re:The last nail in the coffin

[ivan256]

Yeah, if I were 6497 I'd.... Well I'd be ashamed that I liked Ricky Martin, but that's about it.

There is no privacy issue here. Even if users names had been used, you don't have a right to privacy of submitted internet form data unless you are using encryption and the server operator has agreed to enforce your privacy. Every major browser informs you of this the first time you submit data, and every time until you acknowledge it.

This was not a well thought out move by AOL, but that's about it.

What does the data tell us about humans?

[presidenteloco]

Let's step back a minute.

Presumeably, this whole collection is actually interesting and informative data
about peoples' patterns of interest. Yes, the privacy violation of including any personally identifying searches is terrible, but that's water under the bridge now.

Here's a question. Are we, collectively, afraid of finding out what human beings are really like? What our statistical behaviour actually suggests, as opposed to what sanitized morality-focused religious "education" would have us believe about peoples' nature?

The "shocked and appalled" tone of the responses certainly suggests that we are afraid of finding out the truth about ourselves. Some of the negative reaction is, justifiably, about the dumb release of identifying information,
but what of the rest of the negative reaction? Surely it would be fascinating to do some statistical socio-psychological research on this data, and other data like it, and find out answers to questions like "what are people interested in,
in general, and relatively how much are they interested in various topics, and various connections between topics. This would tell us a lot about the behaviour of the human animal."

  Are we ready to know these answers?

Re:Killing wives?

[Rayston]

uhh, is there something I am not seeing? How does this search pattern indicate that he wasnt writing a play? or a book, or just morbidly curious(wierd but mostly harmless), or putting together some resources for a plot for an RPG group or any of a million other things. I have done similiarly unusual searches on just as distasteful subjects for completely innocent reasons. ....well innocent in that I wasnt going to kill or harm anyone real.

All this search pattern indicates is that...he searched for some wierd stuff. Thats it, absoloutely nothing else can be reliably inferred without some more context. Just because I read the communist manifesto doesnt make me a communist, it makes me a guy who reads a controversial book. You need more information before you can come to any more conclusions.

Thanx

Rayston

Hypocrites

[xplenumx]

I'm absolutely stunned by the number of people who are on one hand saying "This is evil! We must protect privacy!" and yet at the same time have downloaded the list and commented on the information therein.

Big problem with this

[Anonymous Coward]

I've seen in several places now how the "gubmint" might start asking AOL to identify user 12345 since this user searched on child pron or kill wife or whatever. However, you don't always just search on things you like. You might be trying to find ways to stop it. You might have gotten a spam email and are trying to stop that.

"I think child porn is bad, so I'll put 'bad child porn' in the search and maybe there is a group that stops this kind of stuff."

"What's that restaurant's name, something like 'Big Dicks' or 'Last Dicks' or something?"

"My daughter needs new clothes, I'll search for 'young girls dressing' - oops, I meant 'dresses'."

"I want to make a lot of money, search on 'how to make a killing'"

"What's that famous book, 'Of Human Bondage'?"

Or

"I want to kill my spouse, search on 'poisoning rats'."

Search data is useless.

Re:Funniest thing so far

[ivan256]

Keep reading.

Get down to the part about AOL Search, which has additional privacy terms. It is implied that they have your consent unless you opt out of the data collection.

Re:Funniest thing so far

[ivan256]

Also keep in mind that this data is transmitted in plain text over the public network. I continue to maintain that you have to be delusional or uninformed if you consider that data to be private, regardless of whether AOL says they are keeping it private or not.

Re:14 download mirrors + BitTorrent link to the fi

[General Wesc]

Nice to see you care so much about users' privacy that you're willing to distribute half a million users' private data.

Oh, but they're AOLers, so they don't have any rights. Rights only apply to the technologically literate, I suppose. Never mind then.

Worst of class or all guilty?

[twitter]

Is AOL really the worst? It's good they publically screwed up but others have been doing the same thing behind your back for years. Most spyware, like Microsoft Windows, comes with an EULA that grants the supplier complete ability to monitor what you do and sell the results to the highest bidder. All of the ISPs, by law, must keep your web activity and email on file so that the feds can come and look through it. Do you trust them to not mine and sell it? Before 9/11 justified all sorts of invasive behavior, US courts had bent over backwards to allow ISPs to read your email with such ridiculous criteria as they could read it if it was "in storage" instead of "in transit". Can you even trust the jokers to keep it to themselves? My ISP might be bright enough to be using Solaris and Apache for web services, but I'm sure they are accessing the information with some crummy Windoze client. If a clerk does not sell them out, it's surely running out over the network multiple times a day. AOL's little "mistake" is just the tip of the iceburg. Abuse over this and "support" issues can be cast far and wide, though one is much more important than the other.

There need to be more of these kinds of scandals because companies should not be keeping this kind of information in the first place. Most don't even want to because it's expensive and prone to abuse. Back when the Feds required Carnivore type logging, all the ISPs objected that it would cost too much. The net result of all of this is places like ChoicePoint. Having a secure OS won't help you when those serving you betray your trust.

Found scary fishable networks

[mattr]

This is really chilling. My Mom uses AOL so of course I picked up a copy of the archive. I just searched for a few terms in one of the ten files it contains. grepped the name of my small home town (population 10-20 thousand) which has grown more affluent in recent years. I found two users who did extensive searches, found a number of full names of individuals, hotel names, domain names, personal searches including phrases you might not want your significant other to see, searches including the full name, position and company of an individual, etc. I found the names of nearby schools and my supermarket. Thank God I didn't see my mother's name in it but on the other hand there are 9 files left to go.. and I was going to post some interesting phrases but then I realized that then anybody could see the name of my town. I don't see how you could defend yourself against this kind of thing, someone else's search could end up as an innuendo and picture this scenario: wife uses AOL at home, husband is geek at work with this archive. Maybe the AOL software caches recent queries anyway, I don't know, but who wouldn't worry if they see the names of various men with online searches to purchase party dresses and sexy music? Hoooo boy, they don't even realize the danger in their 0.3% they released. They are going to get sued into oblivion. Now just need some enterprising /. lawyer to start fishing for clients... ouch.

Re:Funniest thing so far

[vidarh]

By your argument practically all internet users are uninformed. Fair enough. However that means most of these searches are likely made with the belief that they'd stay private. Whether or not someone theoretically could intercept it has no relevance as it was a company providing them a service who - whether they technically had the right or not - blatantly abused their customers trust.

You're being delusional if you think that technicalities of whether or not it's wise of people to assume their searches will stay completely private affects peoples right to be pissed off when a service provider they have a customer relationship to releases it to the general public.