Defending The Kingdom

After AOL published its users’ private search data last month, you may be wondering where it’s safe to do your searches. Who Which is the most trustworthy search engine? Is there something you can do so that you don’t have to trust the search engines at all? (continue reading…)

America Online fired two employees and its chief technology officer because of the release of user search data earlier this month, says the New York Times:

‘This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team,’ Miller said in a second memo. ‘We are taking appropriate action with the employees who were responsible.’

Accountability is a good thing when it comes to enforcing privacy requirements in any organization, and AOL seems to be taking it seriously. The company is taking several steps to ensure that this never happens again, such as keeping tighter controls on employee access to data, educating employees about privacy issues, and reviewing data retention and privacy policies.

I hope other companies that harbour large collections of user data are paying close attention. Then again, AOL didn’t take the hint from privacy fiascos that came before it (for example, it has been just over a year since ChoicePoint, a company that gathers and sells data about consumers, announced that it gave up sensitive information on more than 160,000 people to criminals posing as ChoicePoint customers - the media coverage on the story was extensive). (continue reading…)

Wired News has an excellent article called FAQ: AOL’s Search Gaffe and You.

In it, questions such as “Why did AOL release the records?” and “AOL says it anonymized the data by replacing the AOL user ID with a randomized number. Is it possible for someone to figure out who I am just from my searches?” are posed and answered in a straightforward way.

The following question is probably the most pertinent for those who would like to avoid search engine privacy infringements:

Has the government ever requested such records before?

Yes. One attempt was made public last fall when Google fought a subpoena from the Justice Department which asked for similar records from AOL, MSN, Yahoo and Google. The feds wanted the records to help defend an ongoing court challenge to the Child Online Protection Act. Google largely won that battle, but Yahoo, MSN and AOL all turned over records to the government. The government may have also asked for large quantities of search records as part of antiterrorism efforts, but those subpoenas and warrants typically come with gag orders that would prevent the search engines from publicly discussing them.

As far as I know, MSN, Yahoo, and AOL didn’t put up the slightest resistance. Google is not beyond reproach on all things privacy related, but the company is certainly a big step ahead of its competition in this instance.

This website is all about keeping your privacy. But I should make a qualification: it’s about keeping your information as private as possible. The miserable reality remains that you will not always have control over your data and your privacy.

That’s not to say that you should give up on keeping your information secure - you shouldn’t. But try to be prepared when the worst happens, as it did on August 4, 2006.

Last Friday, AOL posted on one of its websites a compressed text file holding 20 million search terms and phrases for about 650,000 users. The data was collected between March and May of 2006.

AOL has since removed the text file and issued an apology, but the damage is done (especially since the file is still available through other sources - once something is on the internet, it doesn’t disappear easily). This was taken from TechCrunch, which has been following the story closely:

AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the abilitiy [sic] to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box.

The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with “buy ecstasy” and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen. The possibilities are endless.

(continue reading…)

Google, by partnering with the StopBadware Organization, has begun to issue warnings when users click on search results that lead to dangerous websites.

StopBadware keeps a list (so far it appears to be quite limited) of user-submitted websites that are known to host spyware, adware, and other malware. After receiving submissions, the organization analyzes the purported malware using a list of seven categories of bad behaviour that help to identify malicious software.

This list includes:

…deceptive installations, unclearly [sic] identification, causing harm to other computers, modifying other software, transmitting user data, interfering with computer use, and being difficult to uninstall completely.

You can see one of the warnings in action by doing a search for “seriall” and clicking on the first result (SeriAll.com is a website that publishes serial numbers for pirated software). After clicking on the link, you should see a screen similar to the one shown at the top of this post. (continue reading…)