Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Face of One AOL Searcher Exposed

Posted by ryuzaki0 on from the knew-it-wouldn't-take-long dept.

Juha-Matti Laurio writes "No. 4417749 conducted hundreds of searches over a three-month period on topics ranging from "numb fingers" to "60 single men" to "dog that urinates on everything., report NYT journalists Michael Barbaro and Tom Zeller Jr., but with a permission from Mrs. Thelma Arnold, 62. "Those are my searches," she said, after a reporter read part of the list to her, continues the article."

13 of 315 comments (clear)

  1. Hmm by Iamthefallen · · Score: 5, Funny

    User 48956332 Perl For Dummies
    User 48956332 HTML 4, whats the big deal
    User 48956332 Howto use sandboxen in development
    User 48956332 What is CSS
    User 48956332 Unit testing
    User 48956332 Spelcheking
    User 48956332 Why is Digg growing so fast?

    --
    Wax-Museum Fire Results In Hundreds Of New Danny DeVito Statues
    1. Re:Hmm by LiquidCoooled · · Score: 5, Funny

      User 48956332 Preventing Dupes.
      User 48956332 Preventing Dupes.
      User 48956332 Preventing Dupes.
      User 48956332 Preventing Dupes.

      --
      liqbase :: faster than paper
    2. Re:Hmm by JPDeckers · · Score: 5, Funny
      Love browsing the data. As I noticed yesterday, a nice trace for user 14109288 (stripped a bit for readability):

      sexual positions 2006-05-22 21:57:18 http://www.sexualpositionsfree.com/
      sexual positions 2006-05-22 21:57:18 http://www.askmen.com/
      sexual positions 2006-05-22 21:57:18 http://www.condoms.au.com/
      premature ejaculation 2006-05-22 22:20:23 http://www.webmd.com/

      Note the timestamps of the last two lines, sounds like he had, well, an evening that did not go as planned

  2. Search string by KiloByte · · Score: 5, Funny
    "dog that urinates on everything., report NYT journalists Michael Barbaro and Tom Zeller Jr., but with a permission from Mrs. Thelma Arnold, 62. "
    Hmm... an interesting search query.
    But at least it looks like my code isn't the only place invaded by quote-abducting aliens.
    --
    The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
  3. Nothing we can do! by mgblst · · Score: 5, Insightful

    Asked about Ms. Arnold, an AOL spokesman, Andrew Weinstein, reiterated the companys position that the data release was a mistake. We apologize specifically to her, he said. There is not a whole lot we can do.
     
    What a load... there is plenty you can do AOL. You can promise not to release this data again, you can actively hunt for it on the web. You can promise to delete your copy. You can promise that you won't keep data like this anymore. You can implement better security policies so that you know where your data is, and what is hapenning with it. You can limit the people who have access to posting stuff on your website.

    Useless bastards!

    1. Re:Nothing we can do! by rifter · · Score: 5, Insightful

      The data is out there, what exactly could they do? Erase it from peoples hard drives, remove it from all the pipes that its in, drug everyone who has seen it?

      The fact they have this data is one thing, releasing it to the public is another.

      When it is data that they *care* about, corporations seem able to do plenty. If it's their source code, the code to decss, TimeWarnerAol's labels' mp3 files, the latest incriminating memos/emails ... they are positively rabid about protecting it. Cease and desist orders fall like rain, sites get shut down, people get sued for millions and prosecuted to the fullest extent of the law. But if it's their customers' data, like these searches, their email addresses, their credit card numbers, etc. They just shrug and say "Oh well. What canya do?"

      It's typical, frustrating, and complete bullshit. If the privacy laws were enforced and these corporations were punished for such egregious mishandling of our data maybe then they might think they can do something. But unless it directly affects them, they just are not going to care and will continue to take no precautions.

  4. Oblig. Prisoner by ettlz · · Score: 5, Funny

    Where am I?
    You're on AOL.
    What do you want?
    Search information.
    Whose side are you on?
    That would be telling. We want information. Information. Information.
    You won't get it.
    By hook or by crook, we will.
    Who are you?
    The new ad-funded AOL Number 2.
    Who is Number 1?
    You are Number 4417749.
    I am not a number -- I am a free gran!

  5. Re:She should stay at AOL by shudde · · Score: 5, Funny

    At the end of the article, she says she's cancelling her AOL account as a result.

    Correction, she's going to try to cancel her AOL account.

  6. Technology in the NY Times by MobyDisk · · Score: 5, Interesting
    I found this interesting:
    Next Article in Technology (1 of 27)
    The NY times considers this an article on technology. Slashdot considers this an article on "Your Rights Online." That is the reason nothing will happen no matter how many times these privacy violations occur. People don't act on technology issues. They act on privacy, religion, and entertainment. I would shame the NY times that they still don't get it, but neither does most of the rest of the planet either.
  7. Re:Torpark by z0idberg · · Score: 5, Insightful

    At the very least do your searching through an engine that is separate to your ISP.

    A customer of AOL searching through AOL has their searches linked to you as an individual. If you search through google then they get your IP address, and your ISP knows which IP address links to which individual at any one time (open Wifi networks aside). But at least the same company doesnt know both.

    The data AOL released was the equivalent of any other search engine releasing its searches with IP addresses, so the same damage could be done by any other search engines logs, but imagine how much a marketing company would pay for that info from AOL with the personal details for each user included (i.e. Age, Sex, location etc.).

  8. AOL's apology vs. Dilbert's boss by khendron · · Score: 5, Funny

    From AOL's public apology

    "This was a screw up, and we're angry and upset about it. It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted..."

    This is sounding very much like Dilbert's boss's public apology made years ago:

    "It was wrong for us to sell keyboards with no 'Q' We're sorry. We're morons. We're dumber than squirrels. We hear voices and do what they command. I have broccoli in my socks. "

    --
    Life is like a web application. Sometime you need cookies just to get by.
  9. user 4417749's Search Records by aquatone282 · · Score: 5, Funny

    4417749 numb fingers
    4417749 60 single men
    4417749 dog that urinates on everything
    4417749 landscapers in Lilburn, Ga
    4417749 bill arnold
    4417749 carpet shampoo rental
    4417749 julie arnold
    4417749 stan arnold
    4417749 homes sold in shadow lake subdivision gwinnett county georgia
    4417749 gwinnet county animal services
    4417749 stan arnold
    4417749 pecan pie recipes
    4417749 McGyver DVDs
    4417749 pet euthanasia services

    --
    What?
  10. SQL injection target? by Chapter80 · · Score: 5, Informative
    Pretty cool seeing people get this data into searchable form, like on:
    http://www.aolsearchdatabase.com/

    I did a search on there this morning, and it displays the SQL statement for me, which is very handy...

    Select SQL_CALC_FOUND_ROWS * from search_data WHERE match (anon_id,query,click_url) against ('4417749 ') LIMIT 0,30

    Interestingly, if you do the standard SQL injection, searching for something like "4417749') LIMIT 0,30; DROP TABLE SQL_CALC_FOUND_ROWS;--", I bet you will screw it up for them. Kids, don't try this at home. I'd never encourage people to do something illegal!

    The point of this posting is:
    Learn about SQL Injection, and protect against it.
    Don't display your SQL query to your users.

    If you don't know what SQL injection is, try a simple example: Search for "1','0" (skip the double quotes, but not the single quotes) and you'll see it in action without causing harm.