Forgot your password?
typodupeerror

The Face of One AOL Searcher Exposed 315

Posted by CmdrTaco
from the knew-it-wouldn't-take-long dept.
Juha-Matti Laurio writes "No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything., report NYT journalists Michael Barbaro and Tom Zeller Jr., but with a permission from Mrs. Thelma Arnold, 62. "Those are my searches," she said, after a reporter read part of the list to her, continues the article."
This discussion has been archived. No new comments can be posted.

The Face of One AOL Searcher Exposed

Comments Filter:
  • What a ho (Score:5, Funny)

    by mgblst (80109) on Wednesday August 09, 2006 @08:28AM (#15872667) Homepage
    "60 single men"
     
    At her age. I think she should be happy with a couple, but 60... gotta admire her!
    • by Chapter80 (926879) on Wednesday August 09, 2006 @09:40AM (#15873143)
      Pretty cool seeing people get this data into searchable form, like on:
      http://www.aolsearchdatabase.com/ [aolsearchdatabase.com]

      I did a search on there this morning, and it displays the SQL statement for me, which is very handy...

      Select SQL_CALC_FOUND_ROWS * from search_data WHERE match (anon_id,query,click_url) against ('4417749 ') LIMIT 0,30

      Interestingly, if you do the standard SQL injection, searching for something like "4417749') LIMIT 0,30; DROP TABLE SQL_CALC_FOUND_ROWS;--", I bet you will screw it up for them. Kids, don't try this at home. I'd never encourage people to do something illegal!

      The point of this posting is:
      Learn about SQL Injection, and protect against it.
      Don't display your SQL query to your users.

      If you don't know what SQL injection is, try a simple example: Search for "1','0" (skip the double quotes, but not the single quotes) and you'll see it in action without causing harm.

      • Just to pimp somebody else's work...

        A neat paper was presented in the Software track at USENIX Security just a week or so ago about a technique that can be used to prevent all SQL injection attacks. It's a source code transformation that tracks one or two bits of "taint" information for every byte address in a program's address space.

        The sysadmin or security admin can then define a policy with augmented regular expressions that have three Kleene-style operators that let you say e.g. (expr)^T, which matches
      • Of course, they could simply make the user used to connect to the database unable to modify those tables. There's no reason for them to have that access.
        • >Of course, they could simply make the user used to connect to the database unable to modify those tables. There's no reason for them to have that access.

          Yes, this is a good idea. Even if the database user had read-only privileges, though, SQL injection might allow attackers to run "unapproved" queries. For example, an outer join over all the elements might bring the database server to its knees (if the Slashdot effect hasn't done that already). So you'd want both - defense in depth is always a good id

  • Hmm (Score:5, Funny)

    by Iamthefallen (523816) * <Gmail name: Iamthefallen> on Wednesday August 09, 2006 @08:30AM (#15872674) Homepage Journal
    User 48956332 Perl For Dummies
    User 48956332 HTML 4, whats the big deal
    User 48956332 Howto use sandboxen in development
    User 48956332 What is CSS
    User 48956332 Unit testing
    User 48956332 Spelcheking
    User 48956332 Why is Digg growing so fast?
  • Didn't take too long before it leaked all over the place, eh?

    http://www.aolsearchdatabase.com/ [aolsearchdatabase.com]
  • by KiloByte (825081) on Wednesday August 09, 2006 @08:32AM (#15872689)
    "dog that urinates on everything., report NYT journalists Michael Barbaro and Tom Zeller Jr., but with a permission from Mrs. Thelma Arnold, 62. "
    Hmm... an interesting search query.
    But at least it looks like my code isn't the only place invaded by quote-abducting aliens.
  • Nothing we can do! (Score:5, Insightful)

    by mgblst (80109) on Wednesday August 09, 2006 @08:33AM (#15872693) Homepage
    Asked about Ms. Arnold, an AOL spokesman, Andrew Weinstein, reiterated the companys position that the data release was a mistake. We apologize specifically to her, he said. There is not a whole lot we can do.
     
    What a load... there is plenty you can do AOL. You can promise not to release this data again, you can actively hunt for it on the web. You can promise to delete your copy. You can promise that you won't keep data like this anymore. You can implement better security policies so that you know where your data is, and what is hapenning with it. You can limit the people who have access to posting stuff on your website.

    Useless bastards!
    • by Rob T Firefly (844560) on Wednesday August 09, 2006 @08:37AM (#15872714) Homepage Journal
      On behalf of AOL, let me clarify... what they meant to say was "there is not a whole lot we could do that wouldn't interfere with the lucrative data-mining business."
    • The data is out there, what exactly could they do?
      Erase it from peoples hard drives, remove it from all the pipes that its in, drug everyone who has seen it?

      The fact they have this data is one thing, releasing it to the public is another.
      • by rifter (147452) on Wednesday August 09, 2006 @10:14AM (#15873421) Homepage

        The data is out there, what exactly could they do? Erase it from peoples hard drives, remove it from all the pipes that its in, drug everyone who has seen it?

        The fact they have this data is one thing, releasing it to the public is another.

        When it is data that they *care* about, corporations seem able to do plenty. If it's their source code, the code to decss, TimeWarnerAol's labels' mp3 files, the latest incriminating memos/emails ... they are positively rabid about protecting it. Cease and desist orders fall like rain, sites get shut down, people get sued for millions and prosecuted to the fullest extent of the law. But if it's their customers' data, like these searches, their email addresses, their credit card numbers, etc. They just shrug and say "Oh well. What canya do?"

        It's typical, frustrating, and complete bullshit. If the privacy laws were enforced and these corporations were punished for such egregious mishandling of our data maybe then they might think they can do something. But unless it directly affects them, they just are not going to care and will continue to take no precautions.

      • by dourk (60585) on Wednesday August 09, 2006 @10:41AM (#15873639) Homepage
        remove it from all the pipes that its in

        Tubes, my friend. Tubes.
      • The data is out there, what exactly could they do? Erase it from peoples hard drives, remove it from all the pipes that its in, drug everyone who has seen it?

        Attention /.ers reading this article, please remove your sunglasses and look directly into the screen [wikipedia.org]. You have been browsing /. all day and have not found any mention of AOL other than how wonderful it is. As a matter of fact you were just thinking about how nice it would be to switch. Thank you and have a nice day.

    • by Jafafa Hots (580169) on Wednesday August 09, 2006 @08:57AM (#15872821) Homepage Journal
      and they can pay hundreds of miliions of dollars in damages.
      • Lets hope that their new ad-based revenue scheme will be up to the task. If It was me, id be suing. 1million or so per person. I heard that there were 500,000 or so? If I am wrong, then feel-free to send out the nazis... At this point in time it could mean the end of the company... mmmmmmmmmmm
        • Not to burst your bubble... but- A: there is no way 500,000 people would each win a million dollars. B: It is simple law/business- if someone wins that kind of suit against you, you go bankrupt and reorganize. For example- you hit me in your car, and you have no insurance. I sue you for $1 million and win. You don't have a million $. (I am not saying you personaly, just the "you" example.) So what do you do? You go bankrupt. That way you keep most of your assets, and I am S.O.L. Businesses can do pretty muc
        • It would also drag Time Warner kicking and screaming with it. MAYBE just MAYBE that will teach the companies something about stupid pointless consolidation..
          I doupt it though.
    • Well, you're taking the quote out of context... he was speaking about Mrs. Arnold's case, and the already released data.

      We at slashdot should know more than anyone that once data is "out there" on the net, it never goes away.
    • by ConceptJunkie (24823) on Wednesday August 09, 2006 @09:48AM (#15873212) Homepage Journal
      To be fair, there isn't a whole lot AOL can do about the data that's already been released. In fact, nothing. That genie's out of the bottle, and while it is totally their fault for allowing someone to make such an enormously foolish and potentially dangerous decision, they have stated that they are taking steps so that it won't happen again. Believe me, with so many people looking for an excuse to further bash AOL, they won't dare let this kind of thing continue.

      "Not keeping data like this" doesn't make any sense at all and doesn't accomplish any good for customers. Indeed there is great value in understanding what searches are made and how the search process can be improved. Keeping this kind of data secure is sufficient in my mind. The last two sentences are something I would agree with.

      I just have to wonder who would be stupid enough to not realize the ramifications of doing this. It doesn't take "thorough vetting" to figure out that this would cause a firestorm of bad publicity.

      Of course, the real lesson here is: Don't do anything on the Internet you wouldn't want your mother to find out about. There is no anonymity on the Web. It doesn't take a stupid decision by a large company to prove this.

      • by Bob9113 (14996)
        they have stated that they are taking steps so that it won't happen again.

        That is not enough. It is one thing when you get caught kicking a dog to say, "I won't kick the dog again." It is another, and far more noble, thing to say, "I will begin actively campaigning for the ASPCA." There has to be some accountability; not necessarily punishment, but retribution. For example, AOL could take steps to prevent any company from doing this again (promoting corporations to have data privacy built into their custome
    • What a load... there is plenty you can do AOL. You can promise not to release this data again, you can actively hunt for it on the web.

      Bottle, meet Genie. Genie, meet... hey, where did that Genie go?

  • Torpark (Score:5, Informative)

    by eldavojohn (898314) * <eldavojohnNO@SPAMgmail.com> on Wednesday August 09, 2006 @08:35AM (#15872701) Journal
    I guess this just goes to show that you should be using something like Torpark [nfshost.com] even when merely conducting an online search. It's a shame but if you value your privacy, I guess it's necessary.

    Keep those IPs changing so they can't track and accumulate your searches I guess. I don't want a dossier of my searches available to the public.
    • Re:Torpark (Score:5, Insightful)

      by FireFury03 (653718) <slashdot@nexus[ ]org ['uk.' in gap]> on Wednesday August 09, 2006 @08:47AM (#15872762) Homepage
      I guess this just goes to show that you should be using something like Torpark even when merely conducting an online search.

      Whilest protecting your privacy does, on the surface, seem like a good thing, I wonder if it might count against you if you were ever suspected of a crime. We've already seen 'he has some encrypted data' used as evidence (even though the contents of the encrypted file weren't known) in one successful conviction, I suspect 'he's using privacy protection software called Tor' may go down the same way.

      Remember, only people who have something to hide care about protecting their privacy. :)
      • by RareButSeriousSideEf (968810) on Wednesday August 09, 2006 @10:50AM (#15873740) Homepage Journal
        You raise an important and oft-overlooked point.

        This is exactly why I think it's so critical to evangelize with regard to using privacy measures. I want my mother, Aunt Sally, and 8-year old neice to be using TrueCrypt and Tor at a minimum (or, something providing similar functionality). Privacy / anonymity suites need to become as commonplace as antivirus, firewall and anti-spam software.

        Helping strong privacy measures become the status-quo serves other important goals too. It makes it more politically costly to try to legislate them out of use, and it reduces the usefulness of developing new data mining programs that require person:transaction relationships - both for the government and for private industry.

        In short, when everyone's Aunt Sally can be expected to have countermeasures against activity monitoring running on her home PC, the world will have become a safer place for all of us.
    • Re:Torpark (Score:5, Insightful)

      by z0idberg (888892) on Wednesday August 09, 2006 @08:53AM (#15872793)
      At the very least do your searching through an engine that is separate to your ISP.

      A customer of AOL searching through AOL has their searches linked to you as an individual. If you search through google then they get your IP address, and your ISP knows which IP address links to which individual at any one time (open Wifi networks aside). But at least the same company doesnt know both.

      The data AOL released was the equivalent of any other search engine releasing its searches with IP addresses, so the same damage could be done by any other search engines logs, but imagine how much a marketing company would pay for that info from AOL with the personal details for each user included (i.e. Age, Sex, location etc.).
      • Your searches, combined with Google Adsense data for that same IP, gives you a very good picture of who the person is, possibly close enough to an identity (and certainly close enough to give an accurate estimate of demographics).
      • Re:Torpark (Score:3, Insightful)

        by Anonymous Coward
        "But at least the same company doesnt know both."


        That is not completely correct. Remember, your ISP knows both who you are and what you searched for at any of the search engines.

        The next big privacy nightmare may be an ISP (and not a search engine) opening up its logs.
      • The thing is, Google can probably infer who you are in a lot of cases even if you went to the trouble of deleting your cookies. They might still be able to re-associate with you through your ip address (even a block), your user agent, and your search criteria. A large ISP might be a tough nut to crack since it contains invisible proxies and other nonsense but other ISPs might allow them to reassociate in a lot of cases. And of course if you use any google services that require you to log in, then you're tot
      • Re:Torpark (Score:3, Insightful)

        by jagilbertvt (447707)
        If you people RTFA, the reporter was able to find her based on her queries, not her IP Address or anything else. Torpack wouldnt help, nor would using a different search engine (after all, that search engine could be compliling the same data about your searches), unless you want to use a different search engine everytime you make a query. And even then, there are only a limited number of decent search engines out there.
      • Re:Torpark (Score:4, Insightful)

        by Bob9113 (14996) on Wednesday August 09, 2006 @11:39AM (#15874214) Homepage
        At the very least do your searching through an engine that is separate to your ISP.

        Your ISP has access to everything you do online unless you're using an encrypted channel like SSL. Your HTTP requests go through your ISPs routers, which see all. Not just search terms, everything. Cox will see this submission when I send it through, and has seen each preview. Cox sees every email I send, including the full content and any attachments. Some ISPs may not be recording it, but for AOL a big part of their business is selling aggregated data to advertisers, and enterprise grade storage costs a few dollars a gig. They'd be stupid to throw away HTTP requests, and I'd lay 20 to 1 odds that they are not. At least until we have laws that require them to. But then, I think we're more like to have laws that require them to keep the data. The EU already does.

        Everything you do online is watched. It's just a question of whether you can trust your ISP. We currently lack any serious accountability for privacy breaches. The public is blissfully ignorant, and the government, far from promoting privacy, actually wants the data. In fact, depending on how far you think Epic/Carnivore/TIA goes, they already have it. Your phone records are protected by federal law, and they have those. What of data that isn't protected? Do you think they don't have it?
    • changing ips *AND* blocking of cookies is needed to avoid leaving a single continous trail at any site you visit regularily.
    • Yes, and if you have an always-on computer, please consider running a TOR server [eff.org]. TOR includes mechanisms for limiting bandwidth usage and blocking certain connections at your choice.

      Also, keep the cookies down. I personally block google cookies and those of a bunch of other ad vendors - these are the data that would give the most away about me. I really ought to run something like Privoxy [privoxy.org]

    • TOR doesn't seem like it would have helped in her specific case, since she was searching for things she needed, as a resident of a particular town, and a particular development in that town. That's what made her easy to track, not anything like client IP or anything that TOR would guard against. It's a matter of search being less useful if you can't search for things that you need to know because of privacy concerns. It's a bummer.
  • by kafka47 (801886) on Wednesday August 09, 2006 @08:36AM (#15872705) Homepage
    What about the one we really need to know?? User 17556639 [wordpress.com]!!!

    /K

    • Well, you can look at it one of two ways: User 17556639 is a diseased member of society or User 17556639 is a coroner doing research. Which is it? How do you decide based on just search information? And what does "steak and cheese" suggest?

      Yes, AOL releasing this information was the longest in a series of boneheaded decisions, and when it finally dies, no one will mourn its passing. However, unless you're a card-carrying member of the tin hat brigade, there's not much to fear. Yes, someone can potentially

      • >And what does "steak and cheese" suggest?
        A bad diet?
      • There are so many other ways to look at it.

        The person could have been looking for ideas for a Death Metal album cover.
        Or it was an 8 year old kid trying to gross out his sister. Of course the "kill a wife" thing could take some explaining.

        It is likely though that "User 17556639" had a problem spelling decapitated ;).

        BTW why are there multiple instances of a search? Are they for each page of results? Does AOL tell the person that they may have mispelt decapitated? Like google's "Did you mean"?
      • FYI: Googling "steak and cheese" myself, I see that steakandcheese.com is a site containing gory and disgusting photos and video.

        So it suggests that this person, while they may have had an idle curiosity towards the subject, was either well-versed or well-instructed enough about such things to know the name of that site, which I had no idea existed until today.
    • Now that is a good one.

      Go to the parents link, then click the murderpeople.com link. That will take you to one of those domain for sale pages with tons of ads.

      The interesting thing is the page's title "AOL FUCKED UP AGAIN" and one link that reads "aolsucksass".

      Does anyone know who are the registers of this page?

    • by scribblej (195445) on Wednesday August 09, 2006 @09:16AM (#15872927)
      Your comment is marked "insightful"

      That is sad. "Funny" sure. But "Insightful?"

      Here's the person's searches in question:

      17556639 how to kill your wife
        17556639 how to kill your wife
        17556639 wife killer
        17556639 how to kill a wife
        17556639 poop
        17556639 dead people
        17556639 pictures of dead people
        17556639 killed people
        17556639 dead pictures
        17556639 dead pictures
        17556639 dead pictures
        17556639 murder photo
        17556639 steak and cheese
        17556639 photo of death
        17556639 photo of death
        17556639 death
        17556639 dead people photos
        17556639 photo of dead people
        17556639 www.murderdpeople.com
        17556639 decapatated photos
        17556639 decapatated photos
        17556639 car crashes3
        17556639 car crashes3
        17556639 car crash photo

      If you want this person investigated, you are worse than the "thought police." First off, it's clear (to me, at least) that this guy isn't thinking about killing anyone. He just wants to see some gory photos. "steakandcheese" is a site like rotten.com. Even if he is thinking about killing someone, that's OK. There's a comment further down on the site you linked to that I find to be "insightful" about an old twilight zone episode. The main character could read minds and he reads the mind of a bank security guard who is thinking about robbing the bank! He has the man investigated, but nothing comes out of it. In the end, the guard admits he was thinking about robbing the bank... in fact he's thought about it almost every day. It's just a fantasy he has to make the day go faster... not something he'd ever act on.

      And having been a regular visitor to rotten.com in the past myself, I know that just wanting to see some of the reality of death that we tend to keep hidden in American society is not a crime. It's not even thinking of a crime. It's perfectly natural and healthy curiosity. Neither is daydreaming about terrible things you would never do -- or want to have happen -- in real life. Fantasy is normal and healthy.

      In fact, if you've never been to rotten.com or a similar site, I'd recommend you go sometime.

      • The main character could read minds and he reads the mind of a bank security guard who is thinking about robbing the bank! He has the man investigated, ...

        This is really an example of a common failure in logic. If you were the least bit rational, you'd hope that the bank's security people are thinking about how to rob the bank. If not, they're incompetent and should be replaced with people who do think about obvious job-related problems.

        Actually, I've seen this sort of failure in person. I've worked with
    • He's an avid movie-goer [imdb.com] who also is trying to get over his fear for car crashes by watching images of dead people and accidents. Or maybe he is planning to kill his wife. Or maybe he is doing research for his book. Why do we really need to know about him? If you knew who it was what would you do?
    • by hackstraw (262471) * on Wednesday August 09, 2006 @09:56AM (#15873274)
      What about the one we really need to know?? User 17556639!!!

      Hello, I'm user 17556639, and I'm a crime novelist.

      Actually, I'm not but it is simply not up to AOL or the government or anybody to snoop into my business without probable cause. And probable cause is limited to the government, the rest stay the fuck out of my business.

      Anything taken out of context can look completely different, and it simply is NOT the duty of a citizen to chronically prove their innocence.

      A) Its sometimes impossible to prove that I was home alone asleep.

      B) I'm innocent until proven guilty. Even after being charged and possibly jailed until my court time.

      So, yes, I'm one of those "Fuck the children" people. I'm one of those people that respects my privacy. I'm one of those people that believes in free speech. Yes, I vote libertarian too.

  • by Catmeat (20653) <`ku.ca.aeu.sys' `ta' `mtm'> on Wednesday August 09, 2006 @08:36AM (#15872710)
    ... but with a permission from Mrs. Thelma Arnold, 62...

    In other words, the journalists tracked down about 20 AOL searchers, but Mrs Arnold was the only one to give permission for the article as hers was the only search term list that didn't include 'midget porn'.

  • by andrewman327 (635952) on Wednesday August 09, 2006 @08:37AM (#15872712) Homepage Journal
    From TFA: "a 62-year-old widow who frequently researches her friends' medical ailments and loves her three dogs.


    I don't know how the NYT reporters were able to track her down. After all, this describes most AOL users!

  • Legal Standing? (Score:3, Interesting)

    by RagingFuryBlack (956453) <{moc.liamg} {ta} {115feRjN}> on Wednesday August 09, 2006 @08:38AM (#15872722) Homepage
    FTA:

    There are also many thousands of sexual queries, along with searches about "child porno" and "how to kill oneself by natural gas" that raise questions about what legal authorities can and should do with such information.



    Now what kind of legal recourse can people expect from these search results? Can the man who searched for ways to kill his wife be tracked down? How about all of the paedophiles who searched for child pr0n? Oh, I can just see all of the "Come on AOL, think of the children...tell us who that was..." How closely tied are these numbers to the user's AOL Accounts, I mean, I'm sure AOL left themselves some tie to the user in their copy. What's stopping feds from making many major busts on people?

    • Re:Legal Standing? (Score:3, Interesting)

      by CastrTroy (595695)
      And just for the sake of argument, what does searching for something prove. Sure in the case of child pr0n, they would probably be able to search the guy's house/computer for evidence, but other than that, can you really get arrested for something solely on the fact that you searched for it? Maybe the guy who was searching for how to kill is wife was just joking, seeing what would come up. There's a lot of crazy stuff on the internet. I know i've searched for things just to see what comes up. Just abou
      • Exactly my point. Normally, I'm one of those people who are for the "Let them watch if you have nothing to hide", but searches show no motives, no intent, hell, it diddn't even have to be the owner of the account who made the search. I can't tell you how many times my AIM Accounts were cracked back in the day. Same with IPs, as the woman that won against the RIAA proved. IPs can be spoofed, computers can become bots. Just because it says you searched for it doesn't mean you actuially did. Sadly, it st
      • Re:Legal Standing? (Score:3, Insightful)

        by muellerr1 (868578)
        It seems to me that if you're going to give the guy who wants to kill his wife the benefit of the doubt, then the same benefit should extend to the child pr0n guys. Either it's protected speech or it's not. That's why the ACLU defends the neo-Nazis' right to free speech--we may not like what they say, but they have the right to say whatever they want. Not that I want to protect child pr0n guys in any way, however this is what people are talking about when they say 'slippery slope'. First it's the child
  • by rolfwind (528248) on Wednesday August 09, 2006 @08:41AM (#15872735)
    I hope this issue brings more awareness to people about internet anonymity in general and that the government wants all your logs and that companies like Verizon roll over and let them have it.

    AOL has went one step further and given their customer's information to the world. I googled the news to see if this story is being reported in the mainstream media, and it is minimally (minimal b/c of TimeWarner?) but I have to laugh as it is characterized as a "goof" and a "gaffe". Laughably understated and nice words for something that at best can be described as sheer bumbling negligence and at worst as a breach of privacy of the worst sort.

    Even more ironic, the first news story to pop up on google has nothing to do with this but is:

    "AOL offers free security software"
    http://www.vnunet.com/vnunet/news/2161980/aol-offe rs-free-security [vnunet.com]
  • Quick! (Score:4, Funny)

    by ttys00 (235472) on Wednesday August 09, 2006 @08:43AM (#15872740)
    Quick, make a bunch of bogus searches! That way you will have some plausible deniability when The Man knocks on your door with a list of your searches.

    "Officer, those searches can't be mine, I'm not an 18 year old lesbian movie actress!"
    • Re:Quick! (Score:3, Funny)

      by nEoN nOoDlE (27594)
      =typing searches=
      pictures of dead people
      *no, that didn't work*
      killed people
      *hmm, no good, maybe try "dead pictures"*
      dead pictures
      *hmm, no results, lemme try again*
      dead pictures
      *0 searches, cmon! one more try*
      dead pictures
      *no, nothing... how about...*
      murder photo
      *ah fuck it, lemme go on Slashdot.*
      =reads ttys00's comment=
      Quick, make a bunch of bogus searches! That way you will have some plausible deniability when The Man knocks on your door with a list of your searches.
      *oh shit... he's right. Lemme go make so
  • by gorbachev (512743) on Wednesday August 09, 2006 @08:43AM (#15872745) Homepage
    At the end of the article, she says she's cancelling her AOL account as a result.

    She shouldn't. There's absolutely no way AOL will ever do anything like that again. On the other hand, if she switches to another online provider, who still hasn't been burned, it's a quite a bit more likely they'll screw up like this as well. She'd be "safer" staying at AOL.
    • by shudde (915065) on Wednesday August 09, 2006 @08:51AM (#15872775)

      At the end of the article, she says she's cancelling her AOL account as a result.

      Correction, she's going to try to cancel her AOL account.

    • Perhaps she's taking the first step in filing a lawsuit against the company for violation of privacy? It wouldn't look very good for her if she kept her account and still chose to sue.
    • At the end of the article, she says she's cancelling her AOL account as a result. She shouldn't. There's absolutely no way AOL will ever do anything like that again.

      What makes you say that? AOL have done many anti-customer things that they've been caught on and they don't change their behavior. Their target market doesn't know (or care) about these things.

      Take the hastle you have cancelling for one. There was a recent story about a guy who recorded the process. My last AOL account was about seven or eig

  • Now if she repeats the searches, she'll find links to his own face.
  • by ettlz (639203) on Wednesday August 09, 2006 @08:46AM (#15872759) Journal
    Where am I?
    You're on AOL.
    What do you want?
    Search information.
    Whose side are you on?
    That would be telling. We want information. Information. Information.
    You won't get it.
    By hook or by crook, we will.
    Who are you?
    The new ad-funded AOL Number 2.
    Who is Number 1?
    You are Number 4417749.
    I am not a number -- I am a free gran!
  • by Anonymous Coward
    Why is it that whenever a big company blatantly violates the law, they get away with a few users boycotting them for a while, but when big business is slightly victimized, all hell breaks lose, laws are changed in their favor and individuals' lives get ruined? Sue AOL. Make them pay. Nothing says sorry like a multi-million dollar cheque.
  • by MobyDisk (75490) on Wednesday August 09, 2006 @08:53AM (#15872791) Homepage
    I found this interesting:
    Next Article in Technology (1 of 27)
    The NY times considers this an article on technology. Slashdot considers this an article on "Your Rights Online." That is the reason nothing will happen no matter how many times these privacy violations occur. People don't act on technology issues. They act on privacy, religion, and entertainment. I would shame the NY times that they still don't get it, but neither does most of the rest of the planet either.
    • You might be interested to read this interview [nytimes.com] with the Technology editor for NYT. One of the two measly questions he answered was in regards to the NYT discontinuing its weekly "Circuits" section. According to Mr. McKenna, the cancellation was for business reasons, but also because...

      [W]e've reached a point in the digital age where technology is so central to so many coverage areas that the kinds of stories once reserved to Circuits are now being told on the front page and all over the paper.

      In spit

  • It would not surprise me to see government or corporate-funded research into "intelligent buddies" - programs that are the descendendants of "Clippy" or "Bob" that are actually sophisticated enough to be more useful than annoying. Once we're immersed in ubiquitous computing, they can be active participants in any conversation or activity, chiming in with juicy morsels of pertinent trivia, jokes, gossip or actual useful information - cool enough that everybody would always want them on. They could be relea
  • by pimpimpim (811140) on Wednesday August 09, 2006 @09:00AM (#15872831)
    Some clearvoiant (how do you spell that actually?) already saw in advance that this won't hurt yahoo:

    21528558 http com yahoo com wont hurt wont yahoo 2006-04-21 15:31:20

    I'm amazed by the masses of stupid search strings that are given, why are so many search strings complete (or non working) http adresses? (e.g. www.yahoo.com) Seems like a lousy database to me anyway.

    • why are so many search strings complete (or non working) http adresses?

      Less than intelligent computer users, normally. Such as those where I work, where I've observed this kind of behaviour....

      The issue is that most browsers launch up in their default search page - MSN for IE, Google for Firefox and no doubt AOL for AOL. And as I've observed, most "Joe Schmoe" computer users in the office etc simply don't know the difference between an address bar and a search box. I know a few people in this office who
  • by khendron (225184) on Wednesday August 09, 2006 @09:02AM (#15872852) Homepage
    From AOL's public apology

    "This was a screw up, and we're angry and upset about it. It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted..."

    This is sounding very much like Dilbert's boss's public apology made years ago:

    "It was wrong for us to sell keyboards with no 'Q' We're sorry. We're morons. We're dumber than squirrels. We hear voices and do what they command. I have broccoli in my socks. "
  • by aquatone282 (905179) on Wednesday August 09, 2006 @09:03AM (#15872856)
    4417749 numb fingers
    4417749 60 single men
    4417749 dog that urinates on everything
    4417749 landscapers in Lilburn, Ga
    4417749 bill arnold
    4417749 carpet shampoo rental
    4417749 julie arnold
    4417749 stan arnold
    4417749 homes sold in shadow lake subdivision gwinnett county georgia
    4417749 gwinnet county animal services
    4417749 stan arnold
    4417749 pecan pie recipes
    4417749 McGyver DVDs
    4417749 pet euthanasia services
  • "60 single men"

    Wow! That's quite a few.

    You go, gran.
  • by kent_eh (543303) on Wednesday August 09, 2006 @09:04AM (#15872862)
    "As unhappy as I am to see this data on people leaked, I'm heartened that we will have this conversation as a culture, which is long overdue."

    Now, what can we do?
    How about making sure "this conversation" happens, and continues to happen.

    And not just here on /.

  • Anonymity? (Score:2, Insightful)

    by CopaceticOpus (965603)
    Why is online anonymity so hard to come by? It seems that every service I use on the web keeps logs and statistics, and there always seems to be some trail linking me to whatever I've done online. Perhaps there are searches and discussions I've had online that I don't want a potential employer to come across, for example. No matter how careful I may be, I never feel too confident that I've been successfully shielded by anonymity.

    It would be nice to see more online services that at least make an effort to ma
  • Something just dawned on me.

    Security and privacy is a concern. All the tech savvy bloggers, lawyers and post whores (us) have known for quite some time that what you search for or what you do on the internet directly relates to you. It can be stolen or used against your will. But the normal person blindly searches "teenage donkey porn" thinking since no one is watching over their shoulder no one can see.

    Then comes AOL. A failing social network that Time Warner is struggling to keep above water. In this comp
  • Obviously she doesn't care that she can be linked to those search terms and I don't see why she would have to be. Anyone who would take the effort to get to know her would get to know these things. Privacy is about things people want to keep private, not about the amount of information you let be free.
  • by RagingFuryBlack (956453) <{moc.liamg} {ta} {115feRjN}> on Wednesday August 09, 2006 @10:07AM (#15873376) Homepage
    After reading through all of the 0+ modded comments, I've seen everyone saying "God, I wish there was something that could be done to stop this from happening again". You want to see it stop? Find something that ties your local congressmen to their search histories on AOL. Contact them with that information. I can almost guarantee you that if you find enough dirt on enough congressmen/senators, you'll see legislation passed requiring that Search companies not keep records of searches. It quickly changes from "Think of the children" to "Think of saving my ass from dirt that can be used against me next election year"
  • I wrote a little perl program to check on whether my family is in the released data.

    This is very scary data, though also chock full of interesting info, interesting taken in many different ways. It was easy to find a number of people referencing my small home town of about 20,000 people. I shiver to imagine say a wife using AOL at home and her geek husband searching this stuff at work (not my problem).

    Suffice it to say, the data is FULL of personally identifying information. AOL is not telling the truth. Heck, Google even gives you an address if you give it a phone number, people are used to typing people's names into the search box. And if you search for a given ID you can follow their trains of thought over time and it can be shattering; everyone looks for their own family online.. I even found an unknown relative that way once. AOL should hire some clueful people and get them into the loop, but it's too late for some people.

    Incidentally, I found one of the most interesting words is "should". That, and "cocktail dresses" but I'm not going to get into that one. You see it turns out that not only do people sometimes unintentionally paste info from mail or webpages into the search field, they also ask questions that normally they might just write on paper and throw in the trash, or give up worrying about. So what AOL has done is closer to taping a confessional, what someone might ask of God or their doctor, or just worry endlessly about, and release it! What infants! It seems to say something about why doctors and priests have a professional code and know how to keep things private. Here are some search phrases, I'm not putting any in that have a person's name but you can probably get the idea from this.

    what the fuck should i name my fetus
    my nose is bleeding from cocaine what should i do
    baby has something stuck in his foot what should i do
    my mom is a hooker what should i do
    how to tell a wife her husband is having an affair with you
    caught my wife cheating
    my wife cheated on me with a guy with a huge cock now what
    spy on the wife
    get revenge from a wife cheater
    catch your wife having an affair
    my cheating wife
    got caught cheating on my wife and now she trying to take my kids away
    my wife and kids are living with an ex con
    very sexy baby nice pics i wanna c more lol u should take a look at my pic s tell me what ya think if u wanna chat my yahoo is lets get it mane and my aim is mhsplaya8
    should a spouse stay married to a sex addict
    should i let my son inlaw fuck me
    i should have used a condom
    dude read this its reallllly weird body hi. my name is kimi. it's too late now. you shouldn't have opened this bulletin but since you did you will die tonight if you dont keep reading. well i'm 19. i don't have eye lashes and i dont have a nose. pr
    what should i do about heart palpitations after smoking crack
    should a man go to a strip club the girlfriend is upset
    should i see a married man
    should i tell the other man's wife
    should i confront my wife's adultery partner
    mom showed me how to masterbate
    why my girlfriend should give me head
    should i buy extended warranty on my laptop
    an employee jokes all day long what should i do
    should parents let their children become stars
    l want some pill to dead
    l want to kill myself pill sleep
    i want to kill myself
    should i kill myself
    i need someone to help me before i kill myself
    help no one loves me i want to kill myself
    best way to kill myself
    i want to kill myself indiana hotline
    god please my heart hurts help
    l need to talk with a fbi
    should informants be identified

    Now maybe people will understand what AOL has done.
    I am posting this because:

    • I want strong pro-privacy legislation re search engines and other online venues
    • The use of search engines as Voice-of-God or call-for-help is real. Search engines should be mandated to 1) not

"Card readers? We don't need no stinking card readers." -- Peter da Silva (at the National Academy of Sciencies, 1965, in a particularly vivid fantasy)

Working...