The myth of privacy

You do know that every search term you type into a search engine is saved by the search engine, don’t you? That time you searched for porn, or an ex boy/girlfriend, or information about an illness you thought you might have – all saved by the search engine.

This practice was brought sharply into focus when AOL purposefully posted 3 months of search data on the Internet. Usernames were replaced with numbers but it was still possible to identify some of the searchers. The New York Times runs a story today about a Ms Thelma Arnold, a 62 year old living in Lilburn, Georgia. Ms Arnold was searcher number 4417749 in AOL’s records but was readily identifiable based on her searches for “numb fingersâ€?, “60 single menâ€?, “dog that urinates on everythingâ€?, “landscapers in Lilburn, Ga,â€? several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.â€?

Marketers are going to have a ball with all this info!

Someone has helpfully taken a copy of the data and put a web interface on it to make it easier to query!

Michael Geist said it best when he said:

The article provides a powerful illustration not only of the severity of the AOL mistake (which remains online for all to see), but of why search companies simply should not be retaining this data for any significant period of time. The public privacy risks, whether self-inflicted, from hackers, or via law enforcement fishing expeditions, outweigh the private commercial benefits.

While Ms Arnold is quoted in the New York times article as saying

My goodness, it’s my whole personal life, I had no idea somebody was looking over my shoulder… We all have a right to privacy, Nobody should have found this all out.

You haven’t searched for anything you wouldn’t want people to know about recently, have you?

6 thoughts on “The myth of privacy”

  1. I believe it’s just as chilling to realise that the Irish government will save all records of your search engine requests for three years, without any clearly-articulated data protection standards wrapped around that data. This is the crux of the legal challenge made by Digital Rights Ireland and one you’ve highlighted in an earlier podcast. I don’t think most Irish citizens understand the implications of this data retention policy.

    You haven’t searched for anything you wouldn’t want the gardai to know about, have you?

  2. Bobby – proxies haven’t caught on here for two reasons:
    1. Nobody is aware of them and
    2. With the irish government forcing ISPs to hold onto log files for 3 years, search proxies are no good for protecting your privacy (unless there are some operating over ssl)!

Comments are closed.