AOL’s Big Privacy Blunder
After reading story below, I have to thank my lucky stars that I use Google and not AOL to search for information via the Internet. Even still, I might have to reconsider my decision to keep my AOL account.
AOL’s Big Privacy Blunder
ISP stuns its users and bloggers by making sensitive query data available to the general public
by Jason Hahn (woowhee)
In an inexplicably foolish and potentially devastating move, America Online (AOL) released massive amounts of private data to the whole world. Sometime on Sunday it was discovered that AOL made 20 million search queries made by 650,000 of its users, along with additional information related to these queries, available to the public for download on one of its pages, which has since been taken down.
Though news sources have been virtually mute on the event so far, blogs have been quickly picking up on the news and reacting strongly. The word “boycott” has been associated with AOL in many of these posts.
The private data contains searches from these 650,000 AOL users over the course of three months (March through May) in 2006. It also includes indications of whether or not a user actually clicked on a search result, what the result was, and what rank the result held on the search results page.
Michael Arrington, the man behind the popular blog TechCrunch, says
“AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the ability to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box.”
He elaborates on the potential consequences of this data being made available to the public by saying,
“The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with ‘buy ecstasy’ and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen. The possibilities are endless.”
The reason behind this seemingly absentminded move seems to be that AOL was making this information available to researchers in order to provide them with data that would give them the opportunity to be cited as the source, though there are clearly smarter ways to go about this. Before downloading the files containing the sensitive information, “Please reference the following publication when using this collection” was the request made by AOL to the downloader.