So much for “anonymized” search data. In a story in its Wednesday edition, the New York Times explains how it was able to quickly trace the identity of one of the 657,000 AOL customers whose search histories were released over the weekend. AOL customer #4417749, who searched on such terms as “numb fingers,” “60 single men,” and ““landscapers in Lilburn, Ga,” is none other than 62-year-old widow Thelma Arnold. Figuring out her identity “did not take much investigating,” write the Times reporters. Says Mrs. Arnold, “My goodness, it’s my whole personal life. I had no idea somebody was looking over my shoulder.” She’s not the only one.
UPDATE: Commenting today on the AOL fiasco, Google’s Eric Schmidt said, “We are reasonably satisfied … that this sort of thing would not happen at Google, although you can never say never.” That’s not altogether comforting, but at least it’s honest.
This is going to wake up a whole lotta people as to the risks (to them) and value (to the engines) of this data. As a minimum initial step, I think we should get an opt-out delimiter that the engines all standardize on that keeps any search out permanent tracking.
I really hope this story gets a lot of play. The (perception of the) anonymous nature of using the Internet is a huge factor in its popularity, and this should really remind us all that data such as this has the power to strip that anonymity at any moment.
The other aspect of this that I don’t see getting as much attention is how this may impact general feelings towards SaaS. I think people have gotten used to thinking of search engines as features of general computer usage, little different from any other application. But here we can clearly see the difference between searching for a file on your hard drive and searching for a file on the net.
While advocates like to say that no online service, like a word processor, would ever divulge a selection of customer documents, do we have any guarantee that this is the case? I’d like to see privacy features become a front-page feature of every service that hosts customer data.
This is just a new Web 2.0 notion: The “Social Search”.
Let all participate in your search phrases!!!
See my cartoon.
Bye,
Oliver
This is going to wake up a whole lotta people
One of my first thoughts was that this story would make for a great example in the classroom. But I do wonder. I’ll be curious to see students’ reactions to this case next time I teach about the privacy implications of people’s online actions. For now, it’s been really hard to get students focused on such issues. The biggest concern seems to be getting your credit card number stolen. Even after numerous conversations about implications in, say, the realm of politics or health, students don’t seem to get too worried. (Granted, I teach small classes so these are small samples, but I don’t know if others have different experiences.)
Stories like this, by the way, contribute to my reasons for using desktop search applications in a limited manner. I realize they are not supposed to be sending information back to the service providers, but who knows what kind of leak may happen and do I really want my confidential documents and all my emails floating around who knows where?
The problem with “you can never say never” is that it will only take one “oops” in the future to lose your privacy up to that point. Unless it is *impossible* for such a mishap — i.e., unless the data is not archived — statements of good intentions by certain billionaires are pretty much irrelevant.