Stunning Privacy Breach by AOL

By now you’ve probably read about the astonishing breach of privacy in which AOL posted the supposedly “anonymous” search records for 500,000 users over a three month period.

You can read more at:

siliconbeat , techcrunch , digg , reddit , and zoli’s blog

Most of the comments on these sites point out the problem of people entering personally identifiable information searches – the idea being that if people searched on topics that might identify them, then also search on topics that are embarrassing or illegal, the database effectively becomes a map to prosecution, blackmail, etc.

What most of the posts and comments miss is that the situation is even worse. Each search request also includes a very accurate (to the second) timestamp. So all the government would need to do to identify someone is to match up a couple of requests to a government owned web site by IP address and time (one can assume that while a company like Google might protect users privacy, government owned web sites probably won’t).

So, to use a hypothetical example: if someone searches for how to pass a drug test, and you find the same user paid a visit to the Department of Motor Vehicles and maybe a court site, it wouldn’t be too hard to pull the logs from those sites and see which IP address visited both at the times specified. Presto – you have some pretty solid evidence what that user is up to, and a map of their searches (who knows what else it might turn up). Plus, since you now have their IP address, you can (as a tech savvy prosecutor), subpoena their records from their ISP you now have some solid identification.

Aside from a gross violation of trust on the part of AOL, this represents a threat to the very future of the Internet. If every search you perform becomes part of your permanent record, how will that impact search?

One thing is clear – AOL cannot be trusted. This is too great a mistake to just brush off. Google has shown at least a willingness to protect user’s information, going to court to protect exactly this kind of information. I don’t know Microsoft’s stand at the moment – if anyone has information on their record please feel free to comment.

3 Responses to “Stunning Privacy Breach by AOL”

  1. Tal Says:

    for at least 4 years there have been search proxies which separate your personal info from your search terms and prevent ad tracking too.

    Why isnt anyone talking about it? Most are free
    Take your pick but I like this one.

    http://www.blackboxsearch.com

  2. ty Says:

    A site where you can search the data is here:

    http://www.datablunder.com/logitems/query/

  3. Cornflakes Says:

    A *quick* site where you can search the AOL Logs for yourself, is here:

    http://www.frogspy.com

Leave a Reply

Comments are moderated - allow 24-48 hours for your comment to appear.