Author Archive

Why Search is the Biggest Online Privacy Risk

Wednesday, July 16th, 2008

AOL made one of the biggest online privacy blunders in the history of the web when they released massive amounts of user search data. Eventually The New York Times linked Thelma Arnold to search number 4417749.

Searcher 17556639 searched for things like how to kill your wife. While privacy is important, should data that could imply a desire to commit crime become public prior to the action? How big of a stretch is pre-crime when people type such queries into a search box?

AOL, Yahoo!, Microsoft and other search services gave data to the US Department of Justice to comply with the Child Online Protection Act, but Google was one of the few companies to hold out.

More recently Google, in an aim to justify their own data retention, claimed the following:

the IP addresses recorded by every website on the planet without additional information should not be considered personal data, because these websites usually cannot identify the human beings behind these number strings.

Using Google’s own words against them in court, Viacom demanded IP addresses and usernames associated with YouTube video views. Google got authorization to anonymize the data, but AOL’s search data was allegedly anonymous too. Worth thinking about before setting up any additional user accounts or typing anything into a search box.

Firefox a Privacy Safe Haven? Or Not?

Tuesday, July 15th, 2008

Firefox, the popular open source browser, gained much of it’s popularity and market exposure by being open and allowing developers to create useful extensions. One of the more popular extensions is called Adblock Plus, which allows surfers to turn off most traditional web based advertisements. But Firefox, which is helping users remain private on some fronts, is also creating a stealth start up based on sharing usage data across the web graph.

Firefox version 3 beta ships with StopBadWare turned on by default, but older versions shipped with Google Prefetch turned on, which automatically visited top ranked sites in the search results and loaded your computer up with cookies.

The line between useful features and violating user privacy is a thin one. Some of the things that you once liked about Firefox are being countered by

Job Site Databases for Sale

Tuesday, July 8th, 2008

Some people believe that there is no harm in always having your CV available online, just in case a good opportunity comes about. That line of thinking recently proved false, with Channel Register reporting:

A Russian gang called Phreak has created an online tool that extracts personal details from CVs posted onto sites including, AOL Jobs,,,,,,, and As a result the personal information (names, email addresses, home addresses and current employers) on hundreds of thousands of jobseakers has been placed at risk, according to net security firm PrevX.

Anything you post online is publicly available – for the good guys and the bad guys.

Did Your ISP Sell You Out?

Thursday, June 12th, 2008

Phorm, a behavioral ad targeting firm, signed deals with large British ISPs British Telecom, Virgin Media and TalkTalk to target ads to consumers across the U.K. The Wikipedia page on Phorm details their frightening evolution. They originally started as an opt out operation, but the Information Commissioner Office warned they must be opt in. BT conducted trials without testing their customers, as noted in the June 4th Wikileaks BT Phorm document!

And, as if that was not bad enough, under the current set up they would still collect your data even if you opt out, and if you ever delete your cookies you would be opted back in.

Blogs & Social Sites Ripe for Data Mining

Tuesday, May 13th, 2008

As far back as 2002 blogs started playing a role in employment. Both as a way for companies to find people they would like to hire, and as a means for employees to get fired! Heather Armstrong, who writes the popular blog Dooced was fired for a satyrical account of work at her dot com employer. The same fate was shared by bloggers who were temporarily employed by companies like Google and Wells Fargo.

In response to such firings and other privacy issues EFF created a guide on How to Blog Safely (About Work or Anything Else).

It appears social networks are now following the path of blogs, with Anglo Irish Bank intern Kevin Colvin calling off sick, and then posting his party photos on Facebook. That did not work out to well for him!