backtop


Print 41 comment(s) - last by bbomb.. on Aug 8 at 11:15 PM


Screen capture from AOL's website before it was taken down -- Image courtesy Texturabtion
AOL does the unthinkable

AOL grabbed headlines last week when it announced that it was making its online services freely available to anyone with Internet access. Today, the company is making news for what is an inexplicable turn of events. The company freely made available the private search history of over 650,000 users without permission. The 439MB compressed download features over 20 million search queries over a three month period and was made available on AOL's research website along with a readme file detailing the results. In an effort to ease damage control, AOL has removed both links, but mirrors for both search data and the AOL readme (for better or worse) are mirrored at multiple sites.

The vast amount of data included in these search queries is staggering and the possibilities for abuse are endless. TechCrunch reports:

AOL has released very private data about its users without their permission. While the AOL username has been changed to a random ID number, the ability to analyze all searches by a single user will often lead people to easily determine who the user is, and what they are up to. The data includes personal names, addresses, social security numbers and everything else someone might type into a search box. The most serious problem is the fact that many people often search on their own name, or those of their friends and family, to see what information is available about them on the net. Combine these ego searches with porn queries and you have a serious embarrassment. Combine them with “buy ecstasy” and you have evidence of a crime. Combine it with an address, social security number, etc., and you have an identity theft waiting to happen.

It’s one thing to make private search data available to the federal government upon request (and even that has been widely debated over the past eight months), but to make it freely available from a public website is downright malicious. It’d be interesting to see what AOL’s response to this whole fiasco will be.



Comments     Threshold


This article is over a month old, voting and posting comments is disabled

Just curious..
By rocchioo on 8/7/2006 3:16:36 PM , Rating: 2
...do any of you plan to download the AOL search list?




RE: Just curious..
By Chalmus on 8/7/2006 4:17:50 PM , Rating: 2
Already did. Pretty interesting stuff to say the least.

I LOL'd at my desk at work when I was reading through one person's search history in particular -- there were all these searches for porn (and it shows the site they ended up going to, and yes, he went to a LOT of sites), software cracks, free downloads, MP3s, all kinds of that sort of thing.

Then, at the end of the list of searches, the poor sap searched for "how to get rid of adware"

ROFL, well, what do you expect from going to all those other sites?


RE: Just curious..
By Chalmus on 8/7/2006 4:23:49 PM , Rating: 2
Oh yeah, and anyone who says that this isn't personal information, that this is the same as the phonebook, please, download the file and look at what is there and then say that again with a straight face. Seriously. Do it.

There are search histories that will give you chills (suicide help, how to cope with the loss of children/parents/siblings, and just tons of astounding things) that also contain enough information that it wouldn't be impossible to figure out who it was searching for that stuff.

This is not a small matter.


RE: Just curious..
By masher2 (blog) on 8/7/2006 4:49:40 PM , Rating: 2
> "that also contain enough information that it wouldn't be impossible to figure out who it was searching for that stuff."

Then do so. Pick a user, and tell us who they are. I think you'll find out its not nearly as easy as you believe.


RE: Just curious..
By Chalmus on 8/7/2006 4:57:31 PM , Rating: 2
There is no financial or any other benefit to me doing that, and with 20 million+ queries to sort through, then I guess you just proved me wrong that I cannot give a name, address, SSN, or whatever on any particular member in the list.

But if you think that there aren't scammers and thieves working on getting that personal information out of that list as we type, and that they will not be able to retrieve anything of use out of the list, you are not the poster that I came to respect.

Have you looked at the list?


RE: Just curious..
By Lifted on 8/7/2006 5:03:31 PM , Rating: 2
I have, and the possibility of scumbags being able to blackmail people is there.


RE: Just curious..
By masher2 (blog) on 8/7/2006 5:11:04 PM , Rating: 2
> "Have you looked at the list? "

I have. Certainly there is "information of value" in there. Quite probably information of value to a thief or scammer. But is the data "personally identifiable"? That's a horse of a different color. I found quite a few searches for my surname, just in the first of the 10 files....and I can guarantee you none of those queries were from me. Even if you saw a search for an exact name and address...does it prove that particular person did the searching? Or just that someone searched for them?



RE: Just curious..
By mindless1 on 8/8/2006 4:26:03 PM , Rating: 2
Maybe, just maybe people looking to harvest lists, had already started doing so and this list ties in with a lot of OTHER data. WHile that'd be a daunting task by hand, thanks to the computer age it might only harvest a few names but would that be a consolation to one of those people?


RE: Just curious..
By rocchioo on 8/7/2006 5:08:40 PM , Rating: 2
I'm user 6497.


"Game reviewers fought each other to write the most glowing coverage possible for the powerhouse Sony, MS systems. Reviewers flipped coins to see who would review the Nintendo Wii. The losers got stuck with the job." -- Andy Marken

Related Articles
Setting AOL Free
August 3, 2006, 4:56 AM













botimage
Copyright 2014 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki