[attrition] SCREWED! the AOL search history DB snafu

Wed Aug 16 22:57:11 EDT 2006

http://attrition.org/news/content/06-08-16.001.html

Wed Aug 16 19:15:24 EDT 2006
martums

You kissed your privacy goodbye a long time ago, right?

>From Wikipedia:

     On August 4th, 2006, AOL released a compressed text file on one of its 
websites containing twenty million search keywords for over 650,000 users 
over a 3-month period, intended for research purposes. AOL pulled the file 
from public access by the 7th, but not before it had been mirrored, 
P2P-shared and seeded via BitTorrent. News filtered down to the 
blogosphere and popular tech sites such as Digg and Wired News.

     Whilst none of the records on the file are personally identifiable per 
se, certain keywords contain personally identifiable information [1] by 
means of the user typing in their own name (ego-searching), as well as 
their address, social security number or by other means. Each user is 
identified on this list by a unique sequential key, which enables the 
compilation of a user's search history.

     AOL acknowledged it was a mistake and removed the data, although the 
files can still be downloaded from mirror sites. Additionally, several 
searchable databases of the report also exist on the internet. [2]

Mistake? If betraying the trust of 2/3 of a million subscribers equals a 
mistake, how do they define catastrophe?

Apart from the obvious PR quagmire that AOL now finds itself in, and the 
painful regret (or torn anus) that AOL users may be feeling (and should 
have been feeling since they signed up </rant>), the long-term impact is 
immeasurable. Their stock is falling [3]. They're giving away BYOA 
accounts, [4] (they'd have to at this point), a move which may cost Time 
Warner over a billion dollars by 2009. [5] They're facing penalties, 
fines, not to mention lawsuits. [6] If there's a bottom for any business 
to hit, they're very close. [7]

They should take a cue from ValuJet and change their name (again). [8, 9]

AOL states they keep 30 days of user-identifiable search history, and that 
a research division may keep three months or more of search history, but 
not associated to specific accounts, (the latter echoes of what was 
released on 4 August). Google has already stated they will continue to 
store search queries and related info, and that they won't make the same 
mistake AOL did. [10, 11] Predictably, Yahoo! Search! will! do! the! same! 
Considering the staggering amount of infrastructure Google possesses, 
(Great Caesar's Ghost--Google has an estimated four PB of RAM alone), 
their data retention capabilities far exceed the 90 days of history AOL 
retains for research purposes. [12, 13]

That search you did recently for Paris' poodle porn may come back to haunt 
you. Even though you were just doing it for a friend.

[...]