This story appeared on Network World at

http://www.networkworld.com/columnists/2006/082806bradner.html

Thanks for nothing, AOL

'Net Insider

By Scott Bradner, Network World, 08/28/06

As you all know by now, in early August someone over at AOL had a brain fart and posted a few months of raw search queries by 650,000 customers. The queries were semi-anonymous because they showed ID numbers, not IP addresses for the query source. As a number of people quickly found out, however, lots of individuals could be identified easily by what they searched for. The New York Times even published a front-page story about one of the searchers it was able to identify.

What AOL did was stupid. To its credit, AOL said so, but we are all in greater danger because of what AOL did even if we are not all AOL users. Even though AOL quickly removed the posting, its data has been mirrored in a number of places on the 'Net. The data is quite an interesting - and sometimes deeply troubling - snapshot of the psychology of the United States in the Internet age. A number of Web sites that provide analysis of or access to it have sprung up in the last week or so (for example). A number of newspapers other than the Times also have analyzed the data or have asked outside researchers to do so. The Wall Street Journal, for instance, reported that more than 3 million of the 26 million queries were "some form of explicit sexual search" (vs. somewhat more than 3,000 searches on the word "god").

I grabbed a copy of the data and poked around a bit. There are a lot of people looking for not so nice things: More than 800 queries included the phrase "child porn"; 38 queries contained both "build" and "bomb"; more than 400 queries included the term "bestiality"; and almost 39,000 queries included the word "kill." Worrisome for AOL (and Google) was the fact that more than a half-million of the AOL searches were requests to use Google. Google may not like it but "to google" is becoming the generic term for performing an Internet search.

The biggest problem with AOL's releasing this data is not the potential invasion of its users' privacy, although that can be significant. I expect a number of police agencies already have served AOL with subpoenas - or will soon - demanding identification information for specific people who searched for suspicious content: building bombs or child pornography, for example. The biggest problem with what AOL did is that it destroyed the security-through-obscurity cover over all the data that search engine companies have been collecting on their users. Sure, a lot of people have been worried about this data, particularly after the U.S. government, in some type of wild-goose chase, subpoenaed huge amounts of raw search info from these companies. Now, however, every divorce lawyer, private eye or local cop will think first of this easy way to get dirt on someone. Have fun trying to explain some of the searches you have done in the past to your soon-to-be ex's lawyer.

There are ways to search without leaving a trail, for example using "anonymizing" networks such as Tor: See this page on how to set it up to make your Google searches anonymous. It would be great if Congress just would put a halt to these massive databases, but your privacy apparently is not a Congressional concern.

So, have your browser remove Google's cookies and use an anonymizing network or public Internet kiosk if you want to do a search that might be hard to explain five years from now.

Disclaimer: Harvard is infrequently anonymous - and does Web searches even less frequently - so the above is my own ramble and warning.