AOL’s recent intentional, yet mistaken, release of
search data shows how tenuous our privacy really is.
Become a Patron of Ask Leo! and go ad-free!
Hi everyone, this is Leo Notenboom with news, commentary and answers to some
of the many questions I get at askleo.info.
As most of you have heard by now, AOL recently released three months of
search data, apparently for academic research. The release was intentional, but
AOL later admitted their mistake in doing so. They even went so far as to say
that they were sorry.
Now, one of the really common themes across questions I get at Ask Leo! is
that of privacy. And I mean that in both directions. I get a lot of questions
from people who are concerned about maintaining their privacy, people concerned
about IP address tracing, cookies, key loggers, spyware and the like. I also
get a lot of questions from folks trying to invade someone else’s privacy –
perhaps hack an account, or view someone’s message history.
What the AOL release has done is shown us how seemingly innocuous data –
something as simple as the things we search for on the internet, can create a
trail of information that can lead right back to us. It shows us how tenuous
our privacy really is.
The AOL data did not include any user names or IDs. All it included was a
token that indicated which searches were preformed by the same persons –
without identifying that person. Or to put it in privacy statement terms:
without any personally identifiable information.
Nope, the users did that themselves.
And the personally identifiable information that the AOL users happened to
provide? The terms they entered into the search engine.
The New York Times has already tracked down one individual based solely on
the terms that she entered into AOL search. Without knowing anything other than
those terms, and that they all came from the same person, they were able to
identify exactly who that person was.
Individual searches, by themselves, are pretty meaningless. But the
aggregate – your search history – tells a lot about you, what you do, what you
care about, and ultimately who you are.
The lesson here is not that we need to be afraid of the search engines for
fear of someone spying on us. The lesson here is one of awareness: know what
privacy you can reasonably expect, and know that it doesn’t always take a
hacked account, an IP address or other directly obvious way to compromise
I foresee a day when this type of analysis of otherwise innocuous data may
find its way into a court case and contribute to a conviction or acquittal. In
fact, it’s already been tried.
The other individual in the AOL data who was searching for terms related to
“extramarital on-line affair” might be concerned.
Perhaps we all should be.
I’d love to hear what you think. Visit ask leo dot info, and enter 10603 in
the go to article number box. Leave me a comment, I love hearing from you.
This is a presentation of askleo.info, a free on-line technical question and
answer service. Hundreds of questions and answers are online and ready to help
solve your computer problems.