Dan Appleman: Kibitzing and Commentary

My personal blog

Stunning Privacy Breach by AOL

By now you’ve probably read about the astonishing breach of privacy in which AOL posted the supposedly “anonymous” search records for 500,000 users over a three month period.
You can read more at:
siliconbeat , techcrunch , digg , reddit , and zoli’s blog
Most of the comments on these sites point out the problem of people entering personally identifiable information searches – the idea being that if people searched on topics that might identify them, then also search on topics that are embarrassing or illegal, the database effectively becomes a map to prosecution, blackmail, etc.
What most of the posts and comments miss is that the situation is even worse. Each search request also includes a very accurate (to the second) timestamp. So all the government would need to do to identify someone is to match up a couple of requests to a government owned web site by IP address and time (one can assume that while a company like Google might protect users privacy, government owned web sites probably won’t).
So, to use a hypothetical example: if someone searches for how to pass a drug test, and you find the same user paid a visit to the Department of Motor Vehicles and maybe a court site, it wouldn’t be too hard to pull the logs from those sites and see which IP address visited both at the times specified. Presto – you have some pretty solid evidence what that user is up to, and a map of their searches (who knows what else it might turn up). Plus, since you now have their IP address, you can (as a tech savvy prosecutor), subpoena their records from their ISP you now have some solid identification.
Aside from a gross violation of trust on the part of AOL, this represents a threat to the very future of the Internet. If every search you perform becomes part of your permanent record, how will that impact search?
One thing is clear – AOL cannot be trusted. This is too great a mistake to just brush off. Google has shown at least a willingness to protect user’s information, going to court to protect exactly this kind of information. I don’t know Microsoft’s stand at the moment – if anyone has information on their record please feel free to comment.

Fun Buying From Dell

Joel Spolsky just posted an item on Why Dell.com Still Feels Like Buying A Used Car that describes how Dell’s attempt to segment their customer base makes it that much harder to buy a computer (and know you’re getting a good deal).
I do have two small items to add:
First, they aren’t just trying to make more from business customers – they’re trying to make more from all customers and manage their supply chain efficiently. Thomas Friedman writes about this in his fantastic book “The World is Flat: A Brief History of the Twenty-First Century” where he convinces Dell to trace the history of all the components that make up his laptop.
Second, assuming you aren’t buying in volume and able to negotiate a better deal, here’s a hint – always check prices on both the consumer and small business sites. The consumer site may seem cheaper, but they sometimes stack the small business site with some serious rebates and premium service plans that can actually make it less expensive for a comparable or better machine.
For the biggest bang for the buck on PCs, the best deals are often the refurbished units or discontinued models, where you can get 6 month old technology for a substantial discount over the latest and greatest. I discuss this in my article “The Best Deals on Desktop PCs“.