Stunning Privacy Breach by AOL
By now you’ve probably read about the astonishing breach of privacy in which AOL posted the supposedly “anonymous” search records for 500,000 users over a three month period.
You can read more at:
siliconbeat , techcrunch , digg , reddit , and zoli’s blog
Most of the comments on these sites point out the problem of people entering personally identifiable information searches – the idea being that if people searched on topics that might identify them, then also search on topics that are embarrassing or illegal, the database effectively becomes a map to prosecution, blackmail, etc.
What most of the posts and comments miss is that the situation is even worse. Each search request also includes a very accurate (to the second) timestamp. So all the government would need to do to identify someone is to match up a couple of requests to a government owned web site by IP address and time (one can assume that while a company like Google might protect users privacy, government owned web sites probably won’t).
So, to use a hypothetical example: if someone searches for how to pass a drug test, and you find the same user paid a visit to the Department of Motor Vehicles and maybe a court site, it wouldn’t be too hard to pull the logs from those sites and see which IP address visited both at the times specified. Presto – you have some pretty solid evidence what that user is up to, and a map of their searches (who knows what else it might turn up). Plus, since you now have their IP address, you can (as a tech savvy prosecutor), subpoena their records from their ISP you now have some solid identification.
Aside from a gross violation of trust on the part of AOL, this represents a threat to the very future of the Internet. If every search you perform becomes part of your permanent record, how will that impact search?
One thing is clear – AOL cannot be trusted. This is too great a mistake to just brush off. Google has shown at least a willingness to protect user’s information, going to court to protect exactly this kind of information. I don’t know Microsoft’s stand at the moment – if anyone has information on their record please feel free to comment.