AOL Releases Search Logs of 657,427 Users 346
An anonymous reader writes "AOL has released the search logs of over 650,000 users for research purposes. This looks like it may become a public relations disaster for AOL, as well as a privacy nightmare for the users involved as Michael Arrington of TechCrunch notes: "AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the ability to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box." This is also being covered on The Paradigm Shift and Oh My News."
fantomas adds " Looks like they've just taken it down but it's still available on The Pirate Bay; not sure why but some of the academic researchers are going crazy musing the ethical aspects of letting the world know who's searching for how to kill their wives ..."
Update: 08/07 21:32 GMT by T : amromousa writes "AOL is now apologizing for the release ..., calling it a "screw-up," which they're upset and angry about."
Searching for SSN's?? (Score:5, Interesting)
Who in their right mind would type their social security number in a search box, in plain text??? I mean, really???
Wow (Score:3, Interesting)
This just in (Score:4, Interesting)
Hmm, I wonder if this "sorry" will be enough
Funniest thing so far (Score:5, Interesting)
A teacher's credit union employee was searching for sexy underwear, how best to conduct a relationship with a co-worker, and have sex in a pickup.
Just before that, she was searching for cars. And appears to have cancer as well, or lives with someone with cancer. Maybe it's her sick husband.
I wonder if that demonstrates why someone wouldn't want their Google searches or AOL info to make it into the public realm. AOL is obviously a bastion of consumer rights.
Tracing back to a user (Score:3, Interesting)
Re:Searching for SSN's?? (Score:5, Interesting)
Who in their right mind would give their SSN to AOL?
People really don't understand these issues.. I've this to be true recently when an HR person at my university asked me to send my SSN to her over email. Also, a couple weeks ago I booked a room at a hostel over the internet, and apparently I mistyped my credit card information, so they asked me if I could to to them again over email. You know, I just said "No, I'll call you." But it just goes to show that most people just don't even think about privacy issues. Even professionals who should know about these things. They just don't. Either that or they don't understand the technical side of it... like that email is not encrypted, etc.
As for search engines, I've no idea why you'd be searching for one on Google, unless for instance you wanted to see if your own was available somewhere--Which is funny, now that I think about it. How can you search for your own online information (to see what is out there) without giving it away yourself by typing it into a search engine?
Re:finally, maybe users will wake up (Score:5, Interesting)
You're probably just trying to be funny, but this could be a real problem. I know I have had some seriously bizarre search historys when doing research on possible articles to write in my lame ass vanity site. They could very easily be taken out of context and used to make me look like a sicko instead of a cynic who wanted some of the bizarre material that non fiction can provide.
Maybe this guy is doing some research on a book. Maybe he's an artist doing some death metal band's cover. Hell, maybe they have a socially retarded CS major for a dorm mate and are trying to freak them out.
It's the ridiculous release of this type of data and the sensationalist warping of these smallest elements that allow our privacy to get train wrecked.
Re:it's a geographic location! (Score:4, Interesting)
It is 1.5 hours drive from where I live, and a really beautiful place.
More info here. [norway.com]
Furthermore, I just searched for "End of the world" on google...
Re:Searching for SSN's?? (Score:1, Interesting)
Eh? Security vs. convenience (Score:2, Interesting)
I am always amused by people who are concerned about sending their credit card number over email. Credit card numbers are just plain not secure period. The number is even printed right on your card, and also encoded in a machine-readable format! It's sent through the mail on your bill, it's printed on receipts (although things are getting much better here), there are plenty of easy ways to illicitly get credit card numbers that are much easier than email.
If you're not willing to send a credit card number through email, then you probably just shouldn't have a credit card at all.
Re:Searching for SSN's?? (Score:5, Interesting)
I send my credit card numbers over email all the time. But I only use "throw-away" numbers that are generated on the fly and can only be charged by a single vendor up to a specific amount (pre-set by myself). Most of the big card issuers offer a similar service for free (last I heard, MBNA, which has offered it for at least 5-6 years now, has not had a single instance of succesful fraud involving such throw-away numbers, never mind free, they ought to be paying me to use the service).
Site owners - can you find the searches? (Score:3, Interesting)
Re:finally, maybe users will wake up (Score:5, Interesting)
Who hasn't typed "how to kill your wife" into a search box by now anyway? (That was a joke! Hi honey!)
Conspiracy theory 1 (Score:2, Interesting)
Time to revisit "personally identifying info" (Score:5, Interesting)
Back in January, related to the story on how the DoJ demands and gets ISP data [slashdot.org], AOL had said that [informationweek.com] "We did not comply with the request made in the subpoena," spokesman Andrew Weinstein said. "Instead, we gave the Department of Justice a list of aggregate anonymous search terms that did not include results or any personally identifiable information."
AOL- you need to rethink that phrase personally identifiable, because it doesn't seem to mean what you think it means. You're hiding behind one technical definition of PII, without concern about whether or not the results actually have PII. If you're releasing results with personally identifying information, then you cannot say you're not releasing PII. I'd written in January [slashdot.org] I'd writen "I question this assumption by Yahoo, AOL, etc. that search terms, by themselves, have no privacy considerations because they've been separated from personal info. What if the search itself contains personal information? Are the search companies deleting the timestamps and randomizing the order of the search terms themselves? Because otherwise I could see personal info showing up." Obviously, half a year later, they still think that replacing a name with a number takes away the PII. They need to have a talk with, say, the Census Department, about why the department will withhold data [census.gov] about *groups* of businesses in a region. Grouped data can easily become PII data if you can tease out characteristics. AOL didn't even group the data!
As always, relevant quotes from the best.essay.evar on why privacy is a fundamental human right [privcom.gc.ca]: "If information that is actually about someone else is wrongly applied to us, if wrong facts make it appear that we've done things we haven't, if perfectly innocent behavior is misinterpreted as suspicious because authorities don't know our reasons or our circumstances, we will be at risk of finding ourselves in trouble in a society where everyone is regarded as a suspect. By the time we clear our names and establish our innocence, we may have suffered irreparable financial or social harm..."
"...agents of the state in Canada cannot order Canada Post to photocopy the address on every envelope we send, nor can they order bookstores to keep a record of every book we buy, let alone of every page of every magazine we leaf through. There is no reason why they should be able to exercise such powers with regard to every e-mail someone sends or every Web site he or she visits."
"I do not see any reason why e-mails should be subject to a lower standard of privacy protection than letters or telephone calls. And I do not see why Internet browsing should be subject to a lower standard of protection than book purchasing or researching in a reference library. Canadians should not be subject to greater state monitoring or scrutiny just because they choose to use new communication technologies."
Re:Eh? Security vs. convenience (Score:3, Interesting)
I was biking thru an alleyway on the way home from work a couple of days ago, and I found a bunch of what looked like bill statements scattered all over from, I'd guess, the garbage cans. Since this sort of thing concerns me, I gathered them up and tried to find the recipient ( he turned out to be a block down from there)
I only looked at them long enough to find an address on them, then gathered them up and dropped them in the mailbox of the owner with a quick note as to how I found them. But even that quick look was enough to see that there were both the account number and the SSN of the recipient printed on them.
Until that sort of foolishness stops, there isn't much point in securing databases or email, is there? I see it quite often.
SB
(who hasn't had a credit card in 16 years thru my own choice)
Re:Searching for SSN's?? (Score:5, Interesting)
- Go to http://www.ssa.gov/employer/statewebcali.htm [ssa.gov] and pick an SSN prefix for a particular state (say, CA, which is from 545 to 573).
- Go to Google, click Advanced Search, and in "With all of the words:" enter "SSN".
- In "Return web pages containing numbers between" enter 545000000 "and" 574000000.
- Click Search and stare in horror all the student listings, bankruptcy filings, etc. posted with names, SSNs, addresses, etc.
I'm sure I'm not the first to think of this, but if you abuse any of this information, the Erinyes [wikipedia.org] will come after you!