AOL’s recent intentional, yet mistaken, release of
search data shows how tenuous our privacy really is.
Become a Patron of Ask Leo! and go ad-free!
Transcript
Hi everyone, this is Leo Notenboom with news, commentary and answers to some
of the many questions I get at askleo.info.
As most of you have heard by now, AOL recently released three months of
search data, apparently for academic research. The release was intentional, but
AOL later admitted their mistake in doing so. They even went so far as to say
that they were sorry.
Now, one of the really common themes across questions I get at Ask Leo! is
that of privacy. And I mean that in both directions. I get a lot of questions
from people who are concerned about maintaining their privacy, people concerned
about IP address tracing, cookies, key loggers, spyware and the like. I also
get a lot of questions from folks trying to invade someone else’s privacy –
perhaps hack an account, or view someone’s message history.
What the AOL release has done is shown us how seemingly innocuous data –
something as simple as the things we search for on the internet, can create a
trail of information that can lead right back to us. It shows us how tenuous
our privacy really is.
The AOL data did not include any user names or IDs. All it included was a
token that indicated which searches were preformed by the same persons –
without identifying that person. Or to put it in privacy statement terms:
without any personally identifiable information.
Nope, the users did that themselves.
And the personally identifiable information that the AOL users happened to
provide? The terms they entered into the search engine.
The New York Times has already tracked down one individual based solely on
the terms that she entered into AOL search. Without knowing anything other than
those terms, and that they all came from the same person, they were able to
identify exactly who that person was.
Individual searches, by themselves, are pretty meaningless. But the
aggregate – your search history – tells a lot about you, what you do, what you
care about, and ultimately who you are.
The lesson here is not that we need to be afraid of the search engines for
fear of someone spying on us. The lesson here is one of awareness: know what
privacy you can reasonably expect, and know that it doesn’t always take a
hacked account, an IP address or other directly obvious way to compromise
it.
I foresee a day when this type of analysis of otherwise innocuous data may
find its way into a court case and contribute to a conviction or acquittal. In
fact, it’s already been tried.
The other individual in the AOL data who was searching for terms related to
“extramarital on-line affair” might be concerned.
Perhaps we all should be.
I’d love to hear what you think. Visit ask leo dot info, and enter 10603 in
the go to article number box. Leave me a comment, I love hearing from you.
This is a presentation of askleo.info, a free on-line technical question and
answer service. Hundreds of questions and answers are online and ready to help
solve your computer problems.
That’s askleo.info.
Several years ago Scott Mcnealy, former CEO of Sun Systems said that our privacy was gone and we should get over it. I wish it were not so, but I think that the world depicted in Orwell’s 1984 and Huxley’s Brave New World, where everbody is watched 24/7, is already here. Not too much we can do about it except speak up and speak out whenever and wherever we encounter violations of our privacy. I’ve always been careful online & in print. If I don’t feel comfortable about my remarks appearing in a court case some day, I don’t hit that “Send” button.
AOL`s actions are despicable, in my opinion. They should be hauled over the coals on this one! Personally, I try and remain as anonymous as possible (hence first name only!), but with folk like AOL around, that seems well nigh impossible.
Do I keep my yahoo adress or do I get a hot mail adress?