Slashdot Mirror
The Face of One AOL Searcher Exposed
Juha-Matti Laurio writes "No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything., report NYT journalists Michael Barbaro and Tom Zeller Jr., but with a permission from Mrs. Thelma Arnold, 62. "Those are my searches," she said, after a reporter read part of the list to her, continues the article."
"60 single men"
At her age. I think she should be happy with a couple, but 60... gotta admire her!
User 48956332 Perl For Dummies
User 48956332 HTML 4, whats the big deal
User 48956332 Howto use sandboxen in development
User 48956332 What is CSS
User 48956332 Unit testing
User 48956332 Spelcheking
User 48956332 Why is Digg growing so fast?
Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
Didn't take too long before it leaked all over the place, eh?
http://www.aolsearchdatabase.com/
Scully: Should we arrest David Copperfield?
Mulder: Yes we should, but not for this.
But at least it looks like my code isn't the only place invaded by quote-abducting aliens.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
Asked about Ms. Arnold, an AOL spokesman, Andrew Weinstein, reiterated the companys position that the data release was a mistake. We apologize specifically to her, he said. There is not a whole lot we can do.
What a load... there is plenty you can do AOL. You can promise not to release this data again, you can actively hunt for it on the web. You can promise to delete your copy. You can promise that you won't keep data like this anymore. You can implement better security policies so that you know where your data is, and what is hapenning with it. You can limit the people who have access to posting stuff on your website.
Useless bastards!
I guess this just goes to show that you should be using something like Torpark even when merely conducting an online search. It's a shame but if you value your privacy, I guess it's necessary.
Keep those IPs changing so they can't track and accumulate your searches I guess. I don't want a dossier of my searches available to the public.
My work here is dung.
In other words, the journalists tracked down about 20 AOL searchers, but Mrs Arnold was the only one to give permission for the article as hers was the only search term list that didn't include 'midget porn'.
I don't know how the NYT reporters were able to track her down. After all, this describes most AOL users!
Information wants a fueled airplane waiting at the hangar and no one gets hurt.
Now what kind of legal recourse can people expect from these search results? Can the man who searched for ways to kill his wife be tracked down? How about all of the paedophiles who searched for child pr0n? Oh, I can just see all of the "Come on AOL, think of the children...tell us who that was..." How closely tied are these numbers to the user's AOL Accounts, I mean, I'm sure AOL left themselves some tie to the user in their copy. What's stopping feds from making many major busts on people?
Warning: Corny karma killing post above.
I hope this issue brings more awareness to people about internet anonymity in general and that the government wants all your logs and that companies like Verizon roll over and let them have it.
e rs-free-security
AOL has went one step further and given their customer's information to the world. I googled the news to see if this story is being reported in the mainstream media, and it is minimally (minimal b/c of TimeWarner?) but I have to laugh as it is characterized as a "goof" and a "gaffe". Laughably understated and nice words for something that at best can be described as sheer bumbling negligence and at worst as a breach of privacy of the worst sort.
Even more ironic, the first news story to pop up on google has nothing to do with this but is:
"AOL offers free security software"
http://www.vnunet.com/vnunet/news/2161980/aol-off
Quick, make a bunch of bogus searches! That way you will have some plausible deniability when The Man knocks on your door with a list of your searches.
"Officer, those searches can't be mine, I'm not an 18 year old lesbian movie actress!"
At the end of the article, she says she's cancelling her AOL account as a result.
She shouldn't. There's absolutely no way AOL will ever do anything like that again. On the other hand, if she switches to another online provider, who still hasn't been burned, it's a quite a bit more likely they'll screw up like this as well. She'd be "safer" staying at AOL.
In Soviet Russia, I ruled you
Now if she repeats the searches, she'll find links to his own face.
Where am I?
You're on AOL.
What do you want?
Search information.
Whose side are you on?
That would be telling. We want information. Information. Information.
You won't get it.
By hook or by crook, we will.
Who are you?
The new ad-funded AOL Number 2.
Who is Number 1?
You are Number 4417749.
I am not a number -- I am a free gran!
Why is it that whenever a big company blatantly violates the law, they get away with a few users boycotting them for a while, but when big business is slightly victimized, all hell breaks lose, laws are changed in their favor and individuals' lives get ruined? Sue AOL. Make them pay. Nothing says sorry like a multi-million dollar cheque.
21528558 http com yahoo com wont hurt wont yahoo 2006-04-21 15:31:20
I'm amazed by the masses of stupid search strings that are given, why are so many search strings complete (or non working) http adresses? (e.g. www.yahoo.com) Seems like a lousy database to me anyway.
molmod.com - computing tips from a molecular modeling
From AOL's public apology
"This was a screw up, and we're angry and upset about it. It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted..."
This is sounding very much like Dilbert's boss's public apology made years ago:
"It was wrong for us to sell keyboards with no 'Q' We're sorry. We're morons. We're dumber than squirrels. We hear voices and do what they command. I have broccoli in my socks. "
Life is like a web application. Sometime you need cookies just to get by.
4417749 numb fingers
4417749 60 single men
4417749 dog that urinates on everything
4417749 landscapers in Lilburn, Ga
4417749 bill arnold
4417749 carpet shampoo rental
4417749 julie arnold
4417749 stan arnold
4417749 homes sold in shadow lake subdivision gwinnett county georgia
4417749 gwinnet county animal services
4417749 stan arnold
4417749 pecan pie recipes
4417749 McGyver DVDs
4417749 pet euthanasia services
What?
Now, what can we do?
How about making sure "this conversation" happens, and continues to happen.
And not just here on /.
---
"I can't complain, but sometimes still do..." Joe Walsh
Why is online anonymity so hard to come by? It seems that every service I use on the web keeps logs and statistics, and there always seems to be some trail linking me to whatever I've done online. Perhaps there are searches and discussions I've had online that I don't want a potential employer to come across, for example. No matter how careful I may be, I never feel too confident that I've been successfully shielded by anonymity.
It would be nice to see more online services that at least make an effort to maintain your anonymity. How about a proxy that will do all your google searches from a set of hundreds of random IP addresses, selecting a new one each time and never connecting the searches to one another? Or how about an ISP that gives you a new, random IP address on request, and keeps NO LOGS of who had which IP in the past?
There are two obstacles to this - first, the average joe doesn't think too carefully about anonymity, so the demand for such services is low. Second, there are legal issues regarding what information would be recorded. It would be very interesting to see the RIAA come to the ISP in my above example and request the account information of a file trader. What would happen if they literally had no logs and no way of telling which user had been using that IP? It seems like they might get in trouble, but why should they? Grocery stores aren't required to keep careful logs of each person walking through their doors. Don't ISPs have the same right to allow people to come and go?
http://www.aolsearchdatabase.com/
I did a search on there this morning, and it displays the SQL statement for me, which is very handy...
Select SQL_CALC_FOUND_ROWS * from search_data WHERE match (anon_id,query,click_url) against ('4417749 ') LIMIT 0,30
Interestingly, if you do the standard SQL injection, searching for something like "4417749') LIMIT 0,30; DROP TABLE SQL_CALC_FOUND_ROWS;--", I bet you will screw it up for them. Kids, don't try this at home. I'd never encourage people to do something illegal!
The point of this posting is:
Learn about SQL Injection, and protect against it.
Don't display your SQL query to your users.
If you don't know what SQL injection is, try a simple example: Search for "1','0" (skip the double quotes, but not the single quotes) and you'll see it in action without causing harm.
After reading through all of the 0+ modded comments, I've seen everyone saying "God, I wish there was something that could be done to stop this from happening again". You want to see it stop? Find something that ties your local congressmen to their search histories on AOL. Contact them with that information. I can almost guarantee you that if you find enough dirt on enough congressmen/senators, you'll see legislation passed requiring that Search companies not keep records of searches. It quickly changes from "Think of the children" to "Think of saving my ass from dirt that can be used against me next election year"
Warning: Corny karma killing post above.
You raise an important and oft-overlooked point.
This is exactly why I think it's so critical to evangelize with regard to using privacy measures. I want my mother, Aunt Sally, and 8-year old neice to be using TrueCrypt and Tor at a minimum (or, something providing similar functionality). Privacy / anonymity suites need to become as commonplace as antivirus, firewall and anti-spam software.
Helping strong privacy measures become the status-quo serves other important goals too. It makes it more politically costly to try to legislate them out of use, and it reduces the usefulness of developing new data mining programs that require person:transaction relationships - both for the government and for private industry.
In short, when everyone's Aunt Sally can be expected to have countermeasures against activity monitoring running on her home PC, the world will have become a safer place for all of us.
Pi Ran Out
This is very scary data, though also chock full of interesting info, interesting taken in many different ways. It was easy to find a number of people referencing my small home town of about 20,000 people. I shiver to imagine say a wife using AOL at home and her geek husband searching this stuff at work (not my problem).
Suffice it to say, the data is FULL of personally identifying information. AOL is not telling the truth. Heck, Google even gives you an address if you give it a phone number, people are used to typing people's names into the search box. And if you search for a given ID you can follow their trains of thought over time and it can be shattering; everyone looks for their own family online.. I even found an unknown relative that way once. AOL should hire some clueful people and get them into the loop, but it's too late for some people.
Incidentally, I found one of the most interesting words is "should". That, and "cocktail dresses" but I'm not going to get into that one. You see it turns out that not only do people sometimes unintentionally paste info from mail or webpages into the search field, they also ask questions that normally they might just write on paper and throw in the trash, or give up worrying about. So what AOL has done is closer to taping a confessional, what someone might ask of God or their doctor, or just worry endlessly about, and release it! What infants! It seems to say something about why doctors and priests have a professional code and know how to keep things private. Here are some search phrases, I'm not putting any in that have a person's name but you can probably get the idea from this.
what the fuck should i name my fetus
my nose is bleeding from cocaine what should i do
baby has something stuck in his foot what should i do
my mom is a hooker what should i do
how to tell a wife her husband is having an affair with you
caught my wife cheating
my wife cheated on me with a guy with a huge cock now what
spy on the wife
get revenge from a wife cheater
catch your wife having an affair
my cheating wife
got caught cheating on my wife and now she trying to take my kids away
my wife and kids are living with an ex con
very sexy baby nice pics i wanna c more lol u should take a look at my pic s tell me what ya think if u wanna chat my yahoo is lets get it mane and my aim is mhsplaya8
should a spouse stay married to a sex addict
should i let my son inlaw fuck me
i should have used a condom
dude read this its reallllly weird body hi. my name is kimi. it's too late now. you shouldn't have opened this bulletin but since you did you will die tonight if you dont keep reading. well i'm 19. i don't have eye lashes and i dont have a nose. pr
what should i do about heart palpitations after smoking crack
should a man go to a strip club the girlfriend is upset
should i see a married man
should i tell the other man's wife
should i confront my wife's adultery partner
mom showed me how to masterbate
why my girlfriend should give me head
should i buy extended warranty on my laptop
an employee jokes all day long what should i do
should parents let their children become stars
l want some pill to dead
l want to kill myself pill sleep
i want to kill myself
should i kill myself
i need someone to help me before i kill myself
help no one loves me i want to kill myself
best way to kill myself
i want to kill myself indiana hotline
god please my heart hurts help
l need to talk with a fbi
should informants be identified
Now maybe people will understand what AOL has done.
I am posting this because:
I can only think of a few possibilities as to why this is - either someone else was searching at the same time using the same account (or, hopefully, multiple people, unless the "steak and cheese" caused them troubles with "poop" - eh), or these records are presented in nothing like date/time order.
Can anybody tell me if the data in the dump has more than two fields (all I have ever seen is an "id" field, and a "search terms" field listed)? Are there other fields in the data dump that indicate a date/time stamp or something so that the searches can be ordered by that?
If not, then it is very likely that these searches were simply dumped using the equivalent of "SELECT id, terms FROM table", with no ORDER BY (or equivalent) clause tacked on, and the results were returned in a non-defined order (which might be by record insert order, by random order, or by any other possible order - for SQL compliant databases, if you don't specify an ORDER BY clause, the returned order of a recordset is undefined, and could possibly be in a different order each time the query is run by the backend SQL engine). If that is the case, than this data become just a bit more meaningless, as one could not follow a searcher's "train of thought" to determine what they were going after.
This would have both good and bad consequences for the data as it stands - good in that it obsfuscates the data just a bit more which could conceivably help hide a searcher's intentions, but also bad in that it could make innocent intentions look more non-innocent, depending on how the result set is skewed...
Reason is the Path to God - Anon