|
Background: AOL released search history of some ~650K users The data was intened for reasearch. AOL now appologized and called it a mistake. Nevertheless, the cat is out of tne box and the data can still be downloaded here slashdot article “The face of one AOL searchers exposed” has generated a vibrant discussion (238 comments and going). Here is a selection of those that we found interesting, informative, and funny. markild (862998): Didn't take too long before it leaked all over the place, eh?
http://www.aolsearchdatabase.com/ [aolsearchdatabase.com]
eldavojohn (898314): I guess this just goes to show that you should be using something like Torpark [nfshost.com] even when merely conducting an online search. It's a shame but if you value your privacy, I guess it's necessary.
Adsense what's that? [noscript.net]
ConceptJunkie (24823): To be fair, there isn't a whole lot AOL can do about the data that's already been released. In fact, nothing. That genie's out of the bottle, and while it is totally their fault for allowing someone to make such an enormously foolish and potentially dangerous decision, they have stated that they are taking steps so that it won't happen again. Believe me, with so many people looking for an excuse to further bash AOL, they won't dare let this kind of thing continue.
"Not keeping data like this" doesn't make any sense at all and doesn't accomplish any good for customers. Indeed there is great value in understanding what searches are made and how the search process can be improved. Keeping this kind of data secure is sufficient in my mind. The last two sentences are something I would agree with.
I just have to wonder who would be stupid enough to not realize the ramifications of doing this. It doesn't take "thorough vetting" to figure out that this would cause a firestorm of bad publicity.
Of course, the real lesson here is: Don't do anything on the Internet you wouldn't want your mother to find out about. There is no anonymity on the Web. It doesn't take a stupid decision by a large company to prove this.
markild (862998): Didn't take too long before it leaked all over the place, eh?
http://www.aolsearchdatabase.com/ [aolsearchdatabase.com]
eldavojohn (898314): I guess this just goes to show that you should be using something like Torpark [nfshost.com] even when merely conducting an online search. It's a shame but if you value your privacy, I guess it's necessary.
Adsense what's that? [noscript.net]
ConceptJunkie (24823): To be fair, there isn't a whole lot AOL can do about the data that's already been released. In fact, nothing. That genie's out of the bottle, and while it is totally their fault for allowing someone to make such an enormously foolish and potentially dangerous decision, they have stated that they are taking steps so that it won't happen again. Believe me, with so many people looking for an excuse to further bash AOL, they won't dare let this kind of thing continue.
"Not keeping data like this" doesn't make any sense at all and doesn't accomplish any good for customers. Indeed there is great value in understanding what searches are made and how the search process can be improved. Keeping this kind of data secure is sufficient in my mind. The last two sentences are something I would agree with.
I just have to wonder who would be stupid enough to not realize the ramifications of doing this. It doesn't take "thorough vetting" to figure out that this would cause a firestorm of bad publicity.
Of course, the real lesson here is: Don't do anything on the Internet you wouldn't want your mother to find out about. There is no anonymity on the Web. It doesn't take a stupid decision by a large company to prove this.
phorm (591458): Bullshit. If they were afraid of consequences it wouldn't have gotten out in the first place. One would have thought "AOL wouldn't dare releasing my personal information to the world" about 8 months ago, but whoops, they did.
Now, if they're suddenly hit with a barrage of lawsuits or a nice, really big, juicy class-action... perhaps that'll teach them. If there aren't any consequence, they'll likely do it again if it means making a quick buck.
Bob9113 (14996): they have stated that they are taking steps so that it won't happen again.
That is not enough. It is one thing when you get caught kicking a dog to say, "I won't kick the dog again." It is another, and far more noble, thing to say, "I will begin actively campaigning for the ASPCA." There has to be some accountability; not necessarily punishment, but retribution. For example, AOL could take steps to prevent any company from doing this again (promoting corporations to have data privacy built into their customer contract, lobbying for data purge laws, lobbying for privacy rights acts). If they do not, then they have done nothing but say, "We will feign remorse when we get caught." That is not good enough.
Bob9113 (14996): Your ISP has access to everything you do online unless you're using an encrypted channel like SSL. Your HTTP requests go through your ISPs routers, which see all. Not just search terms, everything. Cox will see this submission when I send it through, and has seen each preview. Cox sees every email I send, including the full content and any attachments. Some ISPs may not be recording it, but for AOL a big part of their business is selling aggregated data to advertisers, and enterprise grade storage costs a few dollars a gig. They'd be stupid to throw away HTTP requests, and I'd lay 20 to 1 odds that they are not. At least until we have laws that require them to. But then, I think we're more like to have laws that require them to keep the data. The EU already does.
Everything you do online is watched. It's just a question of whether you can trust your ISP. We currently lack any serious accountability for privacy breaches. The public is blissfully ignorant, and the government, far from promoting privacy, actually wants the data. In fact, depending on how far you think Epic/Carnivore/TIA goes, they already have it. Your phone records are protected by federal law, and they have those. What of data that isn't protected? Do you think they don't have it?
infolib (618234): Yes, and if you have an always-on computer, please consider running a TOR server [eff.org]. TOR includes mechanisms for limiting bandwidth usage and blocking certain connections at your choice. Also, keep the cookies down. I personally block google cookies and those of a bunch of other ad vendors - these are the data that would give the most away about me. I really ought to run something like Privoxy [privoxy.org]
scribblej (195445): Here's the person's searches in question:
17556639 how to kill your wife
17556639 how to kill your wife
17556639 wife killer
17556639 how to kill a wife
17556639 poop
17556639 dead people
17556639 pictures of dead people
17556639 killed people
17556639 dead pictures
17556639 dead pictures
17556639 dead pictures
17556639 murder photo
17556639 steak and cheese
17556639 photo of death
17556639 photo of death
17556639 death
17556639 dead people photos
17556639 photo of dead people
17556639 www.murderdpeople.com
17556639 decapatated photos
17556639 decapatated photos
17556639 car crashes3
17556639 car crashes3
17556639 car crash photo
If you want this person investigated, you are worse than the "thought police." First off, it's clear (to me, at least) that this guy isn't thinking about killing anyone. He just wants to see some gory photos. "steakandcheese" is a site like rotten.com. Even if he is thinking about killing someone, that's OK. There's a comment further down on the site you linked to that I find to be "insightful" about an old twilight zone episode. The main character could read minds and he reads the mind of a bank security guard who is thinking about robbing the bank! He has the man investigated, but nothing comes out of it. In the end, the guard admits he was thinking about robbing the bank... in fact he's thought about it almost every day. It's just a fantasy he has to make the day go faster... not something he'd ever act on.
And having been a regular visitor to rotten.com in the past myself, I know that just wanting to see some of the reality of death that we tend to keep hidden in American society is not a crime. It's not even thinking of a crime. It's perfectly natural and healthy curiosity. Neither is daydreaming about terrible things you would never do -- or want to have happen -- in real life. Fantasy is normal and healthy.
In fact, if you've never been to rotten.com or a similar site, I'd recommend you go sometime.
hackstraw (262471): What about the one we really need to know?? User 17556639!!!
Hello, I'm user 17556639, and I'm a crime novelist.
Actually, I'm not but it is simply not up to AOL or the government or anybody to snoop into my business without probable cause. And probable cause is limited to the government, the rest stay the fuck out of my business.
Anything taken out of context can look completely different, and it simply is NOT the duty of a citizen to chronically prove their innocence.
A) Its sometimes impossible to prove that I was home alone asleep.
B) I'm innocent until proven guilty. Even after being charged and possibly jailed until my court time.
So, yes, I'm one of those "Fuck the children" people. I'm one of those people that respects my privacy. I'm one of those people that believes in free speech. Yes, I vote libertarian too.
Anonymous: this is the exact reason i use anonet [anonet.org]! its not just AOL keeping records.
MobyDisk (75490) : The NY times considers this an article on technology. Slashdot considers this an article on "Your Rights Online." That is the reason nothing will happen no matter how many times these privacy violations occur. People don't act on technology issues. They act on privacy, religion, and entertainment. I would shame the NY times that they still don't get it, but neither does most of the rest of the planet either.
Anonymous: Why Google made such a fight out of the government's request for similar information, even if anonymized. It isn't a harmless request. I mean, the particular search identified in the article isn't a big deal, but some of the others that are in there are rather scary/personal, to say the least. Out of millions, I expect this pattern is normal.
As goofs go, this is a biggie, but an instructive one that will hopefully serve as a wakeup call. If the government were requesting something like this, it is as invasive as a library turning over a carefully-tracked list of patron searches that would be one ISP subpoena away from being personally identifiable. It's basically one huge fishing ground.
Anonymous: Here's an interesting search to add to Google's history database. [ google.com]
What's even more interesting is the eBay ad offering to sell this. :)
GiantCranes (949957): I clicked the link before reading what it was. I then wrote a little note to big brother by searching for : "sorry, that last search was not something that I was interested in. I just clicked a link on slashdot"
CopaceticOpus (965603): Why is online anonymity so hard to come by? It seems that every service I use on the web keeps logs and statistics, and there always seems to be some trail linking me to whatever I've done online. Perhaps there are searches and discussions I've had online that I don't want a potential employer to come across, for example. No matter how careful I may be, I never feel too confident that I've been successfully shielded by anonymity.
It would be nice to see more online services that at least make an effort to maintain your anonymity. How about a proxy that will do all your google searches from a set of hundreds of random IP addresses, selecting a new one each time and never connecting the searches to one another? Or how about an ISP that gives you a new, random IP address on request, and keeps NO LOGS of who had which IP in the past?
There are two obstacles to this - first, the average joe doesn't think too carefully about anonymity, so the demand for such services is low. Second, there are legal issues regarding what information would be recorded. It would be very interesting to see the RIAA come to the ISP in my above example and request the account information of a file trader. What would happen if they literally had no logs and no way of telling which user had been using that IP? It seems like they might get in trouble, but why should they? Grocery stores aren't required to keep careful logs of each person walking through their doors. Don't ISPs have the same right to allow people to come and go?
RagingFuryBlack (956453): After reading through all of the 0+ modded comments, I've seen everyone saying "God, I wish there was something that could be done to stop this from happening again". You want to see it stop? Find something that ties your local congressmen to their search histories on AOL. Contact them with that information. I can almost guarantee you that if you find enough dirt on enough congressmen/senators, you'll see legislation passed requiring that Search companies not keep records of searches. It quickly changes from "Think of the children" to "Think of saving my ass from dirt that can be used against me next election year"
JPDeckers (559434): Love browsing the data. As I noticed yesterday [kiobi.com], a nice trace for user 14109288 (stripped a bit for readability):
Note the timestamps of the last two lines, sounds like he had, well, an evening that did not go as planned
Chagatai (524580): I'm sorry, but I went ahead and looked at The Randomizer [aolsearchdatabase.com], and saw the following. Here we have someone with a deaf dog who has interests in the Harlem Globetrotters, the human endocrine system, and a branch of civil services (?) in the Iberian Peninsula. I swear, this tool is the next big funny thing around: User ID Search Keywords Date Website
14476047 canine hearing aids 2006-03-13 20:10:50 http://www.listen-up.org/ [listen-up.org]
14476047 harlem globetrotters.com 2006-03-22 21:39:33
14476047 harlem globetrotters.com 2006-03-22 21:39:47
14476047 splinter cell 2006-03-22 21:45:41 http://www.splintercell.com/ [splintercell.com]
14476047 pacreas 2006-03-27 05:19:27
14476047 ounces to quarts 2006-04-06 16:09:39 http://www.metric-conversions.org/ [metric-conversions.org ]
14476047 ounces to quarts 2006-04-06 16:09:39 http://www.metric-conversions.org/ [metric-conversions.org ]
14476047 ounces to quarts 2006-04-06 16:09:39 http://www.free-gourmet-recipes.com/ [free-gourmet-recipes.com ]
14476047 roy rogers 2006-04-08 09:33:37 http://www.roy-rogers.com/ [roy-rogers.com]
14476047 portuguese fireman. com 2006-04-21 21:35:01 http://www.portuguesefireman.com/ [portuguesefireman.com ] Ant2 (252143): Inevitable...
16432953 las vegas shemale escorts 2006-05-10 12:51:11 http://lasvegas.sexydepo.com/ [sexydepo.com]
16432953 chicago shemale escorts 2006-05-10 13:16:33 http://www.eros-chicago.com/ [eros-chicago.com]
16432953 chicago shemale escorts 2006-05-10 13:16:33 http://www.eros-chicago.com/ [eros-chicago.com]
16432953 shemale escorts in tampa 2006-05-10 22:45:29 http://www.eros-tampa.com/ [eros-tampa.com]
16432953 how to clean computer hard drive 2006-05-09 13:11:50 http://www.microsoft.com/ [microsoft.com]
You just can't make this stuff up!
16582590 paranoia 2006-04-12 22:02:48
16582590 paranoia 2006-04-12 22:06:47
16582590 paranoia 2006-04-12 22:07:10
16582590 paranoia 2006-04-12 22:07:32
16582590 paranoia 2006-04-12 22:01:09
16582590 paranoia 2006-04-12 21:59:32
16582590 paranoia 2006-04-12 21:52:42
16582590 paranoia 2006-04-12 21:52:26
16582590 paranoia 2006-04-12 21:50:31
16582590 paranoia 2006-04-12 21:50:07
16582590 dillusions 2006-04-12 21:34:54
Castar (67188): Ah ha! User 54620096, I found you!
User 54620096 quote abducting aliens
User 54620096 code quotes
User 54620096 quote aliens
User 54620096 where are my quotes you bastards
User 54620096 sex with sandwich
User 54620096 quotealien
jscheelmtsu (955511): Someone seems to be having a little parenting problem... or something. I'll let you find out what sites he went to yourself.
17720123 preteen 2006-04-06 22:42:52
17720123 preteen 2006-03-24 13:47:48
17720123 preteen 2006-03-24 13:47:11
17720123 preteen 2006-03-24 13:46:43
17720123 preteen 2006-04-06 22:46:02
17720123 preteen 2006-04-06 22:52:24
17720123 preteen 2006-04-20 23:29:19
17720123 preteen 2006-04-20 23:29:19
17720123 preteen 2006-04-20 23:33:53
17720123 preteen 2006-03-24 13:48:04
17720123 preteen 2006-03-24 14:06:38
17720123 preteen 2006-03-30 22:01:16
17720123 preteen 2006-03-24 14:19:56
17720123 preteen 2006-03-24 14:19:44
17720123 preteen 2006-04-06 22:46:02
17720123 preteen 2006-03-24 14:16:00
17720123 preteen 2006-03-24 14:14:43
17720123 preteen 2006-03-24 14:12:03
17720123 preteen 2006-03-24 14:10:09
curecollector (957211): I'm partial to 15222649, myself:
15222649 how to do a pompadour 2006-05-04 00:03:22
15222649 eating maggots is it bad 2006-05-05 19:59:23
15222649 accidently ate maggots 2006-05-05 20:01:09
15222649 eating maggot larvae 2006-05-05 20:17:18
15222649 face cyst 2006-05-08 16:05:41
15222649 labia burns 2006-05-09 00:14:14
15222649 vagina burns 2006-05-09 00:16:26
15222649 first response pregnancy tests 2006-05-13 10:00:45
15222649 half breed people 2006-05-13 10:29:06
mattr (78516):I wrote a little perl program to check on whether my family is in the released data. This is very scary data, though also chock full of interesting info, interesting taken in many different ways. It was easy to find a number of people referencing my small home town of about 20,000 people. I shiver to imagine say a wife using AOL at home and her geek husband searching this stuff at work (not my problem). Suffice it to say, the data is FULL of personally identifying information. AOL is not telling the truth. Heck, Google even gives you an address if you give it a phone number, people are used to typing people's names into the search box. And if you search for a given ID you can follow their trains of thought over time and it can be shattering; everyone looks for their own family online.. I even found an unknown relative that way once. AOL should hire some clueful people and get them into the loop, but it's too late for some people. Incidentally, I found one of the most interesting words is "should". That, and "cocktail dresses" but I'm not going to get into that one. You see it turns out that not only do people sometimes unintentionally paste info from mail or webpages into the search field, they also ask questions that normally they might just write on paper and throw in the trash, or give up worrying about. So what AOL has done is closer to taping a confessional, what someone might ask of God or their doctor, or just worry endlessly about, and release it! What infants! It seems to say something about why doctors and priests have a professional code and know how to keep things private. Here are some search phrases, I'm not putting any in that have a person's name but you can probably get the idea from this. what the fuck should i name my fetus
my nose is bleeding from cocaine what should i do
baby has something stuck in his foot what should i do
my mom is a hooker what should i do
how to tell a wife her husband is having an affair with you
caught my wife cheating
my wife cheated on me with a guy with a huge cock now what
spy on the wife
get revenge from a wife cheater
catch your wife having an affair
my cheating wife
got caught cheating on my wife and now she trying to take my kids away
my wife and kids are living with an ex con
very sexy baby nice pics i wanna c more lol u should take a look at my pic s tell me what ya think if u wanna chat my yahoo is lets get it mane and my aim is mhsplaya8
should a spouse stay married to a sex addict
should i let my son inlaw fuck me
i should have used a condom
dude read this its reallllly weird body hi. my name is kimi. it's too late now. you shouldn't have opened this bulletin but since you did you will die tonight if you dont keep reading. well i'm 19. i don't have eye lashes and i dont have a nose. pr
what should i do about heart palpitations after smoking crack
should a man go to a strip club the girlfriend is upset
should i see a married man
should i tell the other man's wife
should i confront my wife's adultery partner
mom showed me how to masterbate
why my girlfriend should give me head
should i buy extended warranty on my laptop
an employee jokes all day long what should i do
should parents let their children become stars
l want some pill to dead
l want to kill myself pill sleep
i want to kill myself
should i kill myself
i need someone to help me before i kill myself
help no one loves me i want to kill myself
best way to kill myself
i want to kill myself indiana hotline
god please my heart hurts help
l need to talk with a fbi
should informants be identified
Now maybe people will understand what AOL has done.
I am posting this because: - I want strong pro-privacy legislation re search engines and other online venues
- The use of search engines as Voice-of-God or call-for-help is real. Search engines should be mandated to 1) not take advantage of this with advertising, and 2) to provide a way to offer help to desperate cases i.e. wanting to kill oneself, being drugged, or being in the midst of a crime scene. You can tell if someone is in danger from their searches it appears. I wish AOL would look for users 10253390 and 3318459 who apparently want to kill themselves.
I posted this as an AC but now I think, fuck it, especially if it will help someone not kill themselves. To me this is the most important evidence to drive a strong privacy law in the U.S. and elsewhere into reality and there is also a real value to at least having someone responsible look at searches flagged by suicidal people. Possibly it could be used very carefully with study over time of people who are aiming towards murder too, but possibly this is that gray line that must not be stepped over.
|
