AOL’s recent intentional, yet mistaken, release of search data shows how tenuous our privacy really is.

Listen to the podcast: Privacy? What Privacy?

Hi everyone, this is Leo Notenboom with news, commentary and answers to some of the many questions I get at

As most of you have heard by now, AOL recently released three months of search data, apparently for academic research. The release was intentional, but AOL later admitted their mistake in doing so. They even went so far as to say that they were sorry.

Now, one of the really common themes across questions I get at Ask Leo! is that of privacy. And I mean that in both directions. I get a lot of questions from people who are concerned about maintaining their privacy, people concerned about IP address tracing, cookies, key loggers, spyware and the like. I also get a lot of questions from folks trying to invade someone else’s privacy – perhaps hack an account, or view someone’s message history.

What the AOL release has done is shown us how seemingly innocuous data – something as simple as the things we search for on the Internet, can create a trail of information that can lead right back to us. It shows us how tenuous our privacy really is.

The AOL data did not include any user names or IDs. All it included was a token that indicated which searches were preformed by the same persons – without identifying that person. Or to put it in privacy statement terms: without any personally identifiable information.

Nope, the users did that themselves.

And the personally identifiable information that the AOL users happened to provide? The terms they entered into the search engine.

The New York Times has already tracked down one individual based solely on the terms that she entered into AOL search. Without knowing anything other than those terms, and that they all came from the same person, they were able to identify exactly who that person was.

Individual searches, by themselves, are pretty meaningless. But the aggregate – your search history – tells a lot about you, what you do, what you care about, and ultimately who you are.

The lesson here is not that we need to be afraid of the search engines for fear of someone spying on us. The lesson here is one of awareness: know what privacy you can reasonably expect, and know that it doesn’t always take a hacked account, an IP address or other directly obvious way to compromise it.

I foresee a day when this type of analysis of otherwise innocuous data may find its way into a court case and contribute to a conviction or acquittal. In fact, it’s already been tried.

The other individual in the AOL data who was searching for terms related to “extramarital online affair” might be concerned.

Perhaps we all should be.

I’d love to hear what you think. Visit ask leo dot info, and enter 10603 in the go to article number box. Leave me a comment, I love hearing from you.

This is a presentation of, a free on-line technical question and answer service. Hundreds of questions and answers are online and ready to help solve your computer problems.


[tags]spyware,aol,privacy,cookies,search data,ip address tracing,key loggers[/tags]