Slashdot Mirror

← Back to Stories (view on slashdot.org)

Yahoo Promises To Anonymize and Limit User Data

Posted by timothy on from the avoid-those-embarrassing-autocompletes dept.

quarterbuck writes "While Google is saying that personalization is the key to search, Yahoo is taking a different view of the topic. Yahoo announced plans to retain user data for no longer than 90 days and to anonymize data. Even if Yahoo is not your favorite search engine, it is a good move in the direction of online privacy if it will force others to follow suit." Reader Mike adds "Yahoo did say, however, that it will keep some data for up to six months for security and fraud reasons, as part of some 'specific and limited exceptions.'"

20 of 76 comments (clear)

  1. I want enforceable privacy by alain94040 · · Score: 3, Interesting

    The problem with personalization is that it's an extremely sensitive topic for 1% of the population (us, the geeks), but 99% of end-users couldn't care less.

    Google is in the very risky position where the wrong move could destroy the positive image they currently enjoy.

    Do the right thing: there needs to be legal means by which I can obtain, verify and erase all personal data associated with me. Voluntary programs from corporations are not good enough. Privacy policies can and do change, based on the corporations' financial interests. It doesn't mean the government needs to be involved, real contracts could do the trick: just get rid of the "we reserve the right to change those terms any time for any reason and steal your house as well."

    I'm no big fan of Microsoft, but at least they never owned any private data on me. Remember the outcry when it was discovered that Windows may sometimes phone home? With Google, it never phones home, you are using Google's phone to place your calls :-)

    --
    iPhone Apps review site looking for bilingual testers

    1. Re:I want enforceable privacy by pin0chet · · Score: 3, Insightful

      How about this: If you're worried about sensitive data getting out, don't give firms private data in the first place without checking out their privacy policy. It's actually a legally binding contract, so if a firm breaks it policy and you suffer as a result, you do have legal recourse to sue. Many privacy policies even oblige firms to inform users when a leak happens.

      And if you must use sites you aren't totally comfortable with, there are tools out there to protect your anonymity including Tor, anonymous proxy servers, VPN tunneling services like Stunnel, no-log encrypted search engines like Scroogle, and Firefox add-ons like No-Script.

    2. Re:I want enforceable privacy by sdnoob · · Score: 5, Insightful

      the reason why "99% of end-users couldn't care less" is because they do not comprehend the implications involved with such "personalization" and retention of data. i'd be willing to wager that most of that "clueless majority", if properly educated on the issue in a way they can understand, would be shocked and outraged when they learn the real truth.

      this is a good move for yahoo, and for the users; and hopefully yahoo still has enough clout to start a trend away from wholesale collection of user data.

    3. Re:I want enforceable privacy by wassabison · · Score: 5, Insightful

      Of course the implications could be much higher quality search results.

    4. Re:I want enforceable privacy by Anonymous Coward · · Score: 5, Insightful

      That there are (rather cumbersome) means to prevent Googles data-hoarding does not relinquish the companies corporate responsibility, especially considering their chosen motto.

    5. Re:I want enforceable privacy by vux984 · · Score: 5, Insightful

      The problem with personalization is that it's an extremely sensitive topic for 1% of the population (us, the geeks), but 99% of end-users couldn't care less.

      99% of end-uses couldn't care less until it bites them in the ass, and then you see their dopey teary eyed face splattered all over the news when something hits the fan... "I just can't believe google/facebook/youtube/myspace had all this information about me! The identity thieves started by hacking my gmail account... and from that were able to reset my facebook password, and from there they had everything... they were able to completely drain my bank accounts, and even managed to successfully impersonate me to my parents and scammed them out of thousands... my parents said the theives used a bad quality phone line, but they didn't suspect a thing, because they new everything... they asked how Dad was coping with losing his job, how my sister was doing, they even talked about the camping trip we went on in the summer... and they got all this from the online data, reading my email, looking at my pictures, and trawling my social network... I just can't beleive this was all right there for the taking."

      Then they'll say... "The government really needs to do something."

    6. Re:I want enforceable privacy by CannonballHead · · Score: 2, Interesting

      Enforceable privacy. That would mean that a third-party (be it the government, another company, or a single alien individual from Uranus) would have to check 'private' data to make sure that the 'private' data is gone...

      This is getting rather complex now.

      IMO, the real question is - does Google claim it's NOT keeping private data? Privacy policies abound on all kinds of websites. Don't like it, don't use it. You can't enforce (unless it's illegal) ... or shouldn't ... a private enterprise to adhere to some sort of privacy standards if they clearly give you their privacy policy. Yes, that means unscrupulous companies can sell your information to marketers. Maybe there should be enforced laws about identity theft and credit cards and what not, but Google's not performing identity theft by giving you personalized search results, either, nor is it taking your credit card number, getting your credit report, and handing it to you, without you asking...

      (And if you e-mail your CC number in plain text, you've got issues anyways, and probably aren't reading slashdot.)

    7. Re:I want enforceable privacy by Red+Flayer · · Score: 2, Insightful

      It's actually a legally binding contract, so if a firm breaks it policy and you suffer as a result, you do have legal recourse to sue.

      Oh, I see. And when they change their privacy policy, they need to contact me so I can choose whether or not to allow them to continue holding my information? How can I be certain they have destroyed any record of any of my personal information?

      And as for legal recourse... good luck with that. With the exception of a few very visible data breaches with traceable exploits of the data, it would be very hard to prove damages. What about the loss of privacy for privacy's sake? Good luck getting a worthwhile judgment on that one. And say you are awarded some kind of damages via class-action suit or what-have-you... have fun spending merchandise vouchers with the very company that caused the problem.

      Legal recourse is meaningless in this situation, preventative measures are the key. There's no sense in closing the barn door after the horse is loose -- especially when that horse can replicate instantly without your knowledge.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  2. Actual versus PR speak by Recovering+Hater · · Score: 3, Interesting

    Well. It seems like Yahoo is trying to actually not do evil and Google is trying to talk about not doing evil while making it palatable for the masses. Or something. (Insert witty statement illustrating contrasting styles of Google and Yahoo here)

    --
    My humor is probably your flamebait
    1. Re:Actual versus PR speak by MikeDirnt69 · · Score: 2, Interesting

      I think it isn't about evilness, but money. Yahoo! is on a non comfortable situation, as investors are definitely not amused. In my view, they're simply trying to show they can do better where the biggest concurrent seems to be failing. But if it really is better or if it will help Yahoo! somehow, we don't know (yet).

      --
      Am I eval()? - http://www.monst3r.com.br
    2. Re:Actual versus PR speak by zappepcs · · Score: 2, Insightful

      I guess I'm cynical. I hear them saying no more than 90 days EXCEPT in some special cases.

      How is that different from:

      We'll continue to hold any data that we think is of use, but the rest of the garbage that most of our users seem to want to look at will be thrown away after 90 days because we really don't want to store your garbage for longer than we find it useful. oh, and, uhhh, some other company mentioned 90 days somewhere in the beer tent of some convention, so that's definitely a good number.

      --
      Support NYCountryLawyer RIAA vs People
  3. Reverse contracts by girlintraining · · Score: 5, Interesting

    The problem in IT today is that contracts give companies the power, not the end user. If you want to level the playing field, what we need is for the user to make contracts and exceptions about how their data is used, and then legally enforce it. In short, a user's union. We could design plugins to our browsers to eliminate companies from consideration that do not adhere to our privacy requests -- in effect, blackholing them. Since our private data is considered to have value, we want something back for it -- so we'd organize together to give that data out in exchange for monentary compensation.

    that said... It would never work. People don't care to organize to protect their rights. They're quite happy with the current state of affairs.

    --
    #fuckbeta #iamslashdot #dicemustdie
  4. personalization is not always personal data by dsvick · · Score: 5, Informative
    I think some people get up in arms about this without realizing that, in many cases, the "personal" data being kept isn't really personal anyway. It is their search and browsing history, their clicks and the sites they've visited. It's not necessarily anything personal about that them the site doesn't already have on file for it's users.

    Yahoo is still keeping the user's name, contact info, preferences, favorites, and other items, just as is Google, MSN, and any other online service/portal you sign up for. What they aren't keeping (after 90 days), or rather are not associating with the individual user, is the information that they could/did use to target advertising to the user.

    Google is retaining it and probably charging more, or at least getting a better response rate, for their advertising because of it.

    Given the way things are now I don't see how anyone could have the expectation that anything you do on the web could possible be anonymous. Just browsing a site takes your request through any number of different systems any one of which could be logging the information and using for who know what. At least with the Googles, and the Yahoos you have a reasonable idea of what they are keeping and how they are using it.

    1. Re:personalization is not always personal data by oahazmatt · · Score: 2, Informative

      See, this issue confounds me. I can understand people wanting their information to be private, but at the same time if you don't want that information on the Internet, don't give it to them.

      --
      Those who believe the Internet is private,
      find their privates are on the Internet.
  5. As long as it's optional... by Anonymous Coward · · Score: 2, Interesting

    Yahoo needs to improve the search results quality. Without competition, it doesn't matter much what anyone thinks about Google's plans. I can usually find what I'm looking for with Yahoo, but there are many more junk results and the interesting pages are rarely listed on the first page. So I keep returning to Google, even though I think that the agglomeration of search engine, ad broker, maps hoster, email provider and web statistics service is a major threat to the privacy of all users, even those who make an effort not to use any of these services directly.

    So yes, I hope it will be optional, so that I can put some distance between myself and the easier targets, but that's not really a solution. At least one of the other search engines needs to get its act together and provide a competitive product, or it will be Microsoft all over again.

  6. I think you may have something... by Kabuthunk · · Score: 3, Insightful

    Most people may well be happy with the current state of affairs... however I think you've it upon the catalyst that has potential to change everything:

    monetary compensation

    If word were to get out to the masses that "you will get money", you'll have droves of people stepping over their own mothers for it. Of course this depends on the amount of money... but you get the idea. Bring up the word money, the people will follow.

    --
    Planet Zebeth - Metroid with a twist
  7. Not quite by brian0918 · · Score: 2, Insightful

    Do the right thing: there needs to be legal means by which I can obtain, verify and erase all personal data associated with me.

    You really want the government to be involved in the means to your privacy? Wouldn't you just be begging for some warrantless wiretapping? The problem with your proposal is the enormous likelihood of corruption that comes with government involvement in services such as this.

    The right solution is something like a VeriSign for privacy. Independent competing organizations demand privacy practices and transparency from companies in exchange for their "seal of approval". By having competing organizations, you minimize the risk of corruption. Best of all, no rights are violated in the process.

  8. Comment removed by account_deleted · · Score: 5, Interesting

    Comment removed based on user account deletion

  9. privacy and not retaining user data .. by rs232 · · Score: 3, Interesting

    How does this relate to such programs as NSAs Echelon and wholescale tapping of fiberlinks in major switching centers such as at AT&T. Incidentally most of the current effort in surveillance goes on industrial espionage and the monitoring of 'activists', ie people who speak out against the government.

    http://www.spamdailynews.com/publish/ATT_tech_outs_NSA_spy_room.asp
    http://uk.youtube.com/watch?v=LDk6jxcSDlQ
    ,br>

    --
    davecb5620@gmail.com
  10. Google is not the only offender. ICQ, AIM, etc. by $criptah · · Score: 2, Interesting

    Google is not the only offender. In fact if you read TOS and privacy policies for many other companies, like AOL (owns ICQ), you will see that many popular products are quite dangerous to anybody who is concerned about privacy. For example, an ICQ account cannot be deleted. You can only remove information in the account and that is that. However, since Google is just a major player it simply shows on the tip of the iceberg.

    I bet most people who read /. know that there is no such thing as privacy on the Internet. Privacy is only limited by the amount of resources available to private companies or federal agencies and in fact most of the network traffic can be recorded if necessary. Of course whether such recordings will be useful is not clear, but it is still possible. If a DA has thousands of well paid investigators and a budget to enforce every single law, you bet your sweet ass many of us will be wiretapped and charged with stupid shit like violation of TOS (horray for Lori Drew's case, the PATRIOT act and other sweet by-products of 9/11.). The only question is what you, a private citizen, can do about this?

    Ideally, I would like every service provide to clearly state that personal data about me will be stored on their system and for how long. If anything, users should have an option to permanently delete their information without a trace. Also, inactive accounts should be automatically deleted. This already happens in real life where stores are required to shred credit cards lost on their premises if the owner of the card does not claim it within a reasonable amount of time. Unfortunately these policies will only add additional burden on companies and not being able to mine your private data is going to be a disaster for some.