August 9th, 2006
AOL demonstrates why cookies are evil
I have been put on the spot often enough for defending people’s rights to remove cookies that I am rather sensitive to the issue. I have never been comfortable talking about invasion of privacy because it makes me sound a bit paranoid. Rather, I have fallen back on the argument "people don’t like cookies so they should be able to remove or block them."
Now that AOL has blundered and posted 20 million search queries of 650,000 AOL users this issue has come back to haunt us. After realizing just how stupid it was to reveal even "anonymized" data, AOL pulled the information off their server. But the cat is out of the bag. The NYT reports how one such AOL subscriber was tracked down just from her searches:
And search by search, click by click, the identity of AOL user No. 4417749 became easier to discern. There are queries for “landscapers in Lilburn, Ga,” several people with the last name Arnold and “homes sold in shadow lake subdivision gwinnett county georgia.”
It did not take much investigating to follow that data trail to Thelma Arnold, a 62-year-old widow who lives in Lilburn, Ga., frequently researches her friends’ medical ailments and loves her three dogs. “Those are my searches,” she said, after a reporter read part of the list to her.
Scary. Try it for yourself. Here are a bunch of mirrors for the 439 Mb data set. (Don’t bother bidding for it on eBay) Or just for fun someone put together a search utility here. Search for a few common terms like anthrax, flight school, fertilizer. You get the picture.
Now, imagine you have not only search history but browsing history as well. That is what a spyware or third party cookie application collects. Are you comfortable with that amount of databeinng collected? Are you comfortable with Claria’s "new business model" that collects browsing history? Are you paranoid yet?
Richard Stiennon is an industry consultant. See his full profile and disclosure of his industry affiliations.
