Archive for July, 2008

Why Search is the Biggest Online Privacy Risk

Wednesday, July 16th, 2008

AOL made one of the biggest online privacy blunders in the history of the web when they released massive amounts of user search data. Eventually The New York Times linked Thelma Arnold to search number 4417749.

Searcher 17556639 searched for things like how to kill your wife. While privacy is important, should data that could imply a desire to commit crime become public prior to the action? How big of a stretch is pre-crime when people type such queries into a search box?

AOL, Yahoo!, Microsoft and other search services gave data to the US Department of Justice to comply with the Child Online Protection Act, but Google was one of the few companies to hold out.

More recently Google, in an aim to justify their own data retention, claimed the following:

the IP addresses recorded by every website on the planet without additional information should not be considered personal data, because these websites usually cannot identify the human beings behind these number strings.

Using Google’s own words against them in court, Viacom demanded IP addresses and usernames associated with YouTube video views. Google got authorization to anonymize the data, but AOL’s search data was allegedly anonymous too. Worth thinking about before setting up any additional user accounts or typing anything into a search box.

Firefox a Privacy Safe Haven? Or Not?

Tuesday, July 15th, 2008

Firefox, the popular open source browser, gained much of it’s popularity and market exposure by being open and allowing developers to create useful extensions. One of the more popular extensions is called Adblock Plus, which allows surfers to turn off most traditional web based advertisements. But Firefox, which is helping users remain private on some fronts, is also creating a stealth start up based on sharing usage data across the web graph.

Firefox version 3 beta ships with StopBadWare turned on by default, but older versions shipped with Google Prefetch turned on, which automatically visited top ranked sites in the search results and loaded your computer up with cookies.

The line between useful features and violating user privacy is a thin one. Some of the things that you once liked about Firefox are being countered by

Job Site Databases for Sale

Tuesday, July 8th, 2008

Some people believe that there is no harm in always having your CV available online, just in case a good opportunity comes about. That line of thinking recently proved false, with Channel Register reporting:

A Russian gang called Phreak has created an online tool that extracts personal details from CVs posted onto sites including Monster.com, AOL Jobs, Ajcjobs.com, Careerbuilder.com, Careermag.com, Computerjobs.com, Hotjobs.com, Jobcontrolcenter.com, Jobvertise.com and Militaryhire.com. As a result the personal information (names, email addresses, home addresses and current employers) on hundreds of thousands of jobseakers has been placed at risk, according to net security firm PrevX.

Anything you post online is publicly available – for the good guys and the bad guys.