Yahoo Promises To Anonymize and Limit User Data

quarterbuck writes "While Google is saying that personalization is the key to search, Yahoo is taking a different view of the topic. Yahoo announced plans to retain user data for no longer than 90 days and to anonymize data. Even if Yahoo is not your favorite search engine, it is a good move in the direction of online privacy if it will force others to follow suit." Reader Mike adds "Yahoo did say, however, that it will keep some data for up to six months for security and fraud reasons, as part of some 'specific and limited exceptions.'"

I want enforceable privacy

[alain94040]

The problem with personalization is that it's an extremely sensitive topic for 1% of the population (us, the geeks), but 99% of end-users couldn't care less.

Google is in the very risky position where the wrong move could destroy the positive image they currently enjoy.

Do the right thing: there needs to be legal means by which I can obtain, verify and erase all personal data associated with me. Voluntary programs from corporations are not good enough. Privacy policies can and do change, based on the corporations' financial interests. It doesn't mean the government needs to be involved, real contracts could do the trick: just get rid of the "we reserve the right to change those terms any time for any reason and steal your house as well."

I'm no big fan of Microsoft, but at least they never owned any private data on me. Remember the outcry when it was discovered that Windows may sometimes phone home? With Google, it never phones home, you are using Google's phone to place your calls :-)

--
iPhone Apps review site [applicationiphone.com] looking for bilingual testers

Re:I want enforceable privacy

[pin0chet]

How about this: If you're worried about sensitive data getting out, don't give firms private data in the first place without checking out their privacy policy. It's actually a legally binding contract, so if a firm breaks it policy and you suffer as a result, you do have legal recourse to sue. Many privacy policies even oblige firms to inform users when a leak happens.

And if you must use sites you aren't totally comfortable with, there are tools out there to protect your anonymity including Tor, anonymous proxy servers, VPN tunneling services like Stunnel, no-log encrypted search engines like Scroogle, and Firefox add-ons like No-Script.

Re:I want enforceable privacy

[Anonymous Coward]

That there are (rather cumbersome) means to prevent Googles data-hoarding does not relinquish the companies corporate responsibility, especially considering their chosen motto.

Re:

[pin0chet]

What's so cumbersome about simply abstaining from Google? Lots of substitutes exist to all of their services, many of which have more robust privacy guarantees.

Re:

[Red Flayer]

It's actually a legally binding contract, so if a firm breaks it policy and you suffer as a result, you do have legal recourse to sue.

Oh, I see. And when they change their privacy policy, they need to contact me so I can choose whether or not to allow them to continue holding my information? How can I be certain they have destroyed any record of any of my personal information?

And as for legal recourse... good luck with that. With the exception of a few very visible data breaches with traceable exploits

It's often gathered without privacy policies

[jesterzog]

How about this: If you're worried about sensitive data getting out, don't give firms private data in the first place without checking out their privacy policy.

Apart from sometimes being very inconvenient given how a small number of mega-corps tend to own the vast majority of communications and commercial infrastructure these days, and it's often extremely difficult if at all possible to get certain services without signing away ridiculously one-sided agreements in favour of a corporation, this only works so

Re:

[DeeFresh]

Just as a warning to anyone else who's at work and is curious about scroogle, do not try going directly to scroogle.com! Not safe for work, to say the least.

Re:

[Hordeking]

No worries, I'll mine your retained data for you.

Can we get a WinMine.exe out here?! Kaboom!

Re:I want enforceable privacy

[sdnoob]

the reason why "99% of end-users couldn't care less" is because they do not comprehend the implications involved with such "personalization" and retention of data. i'd be willing to wager that most of that "clueless majority", if properly educated on the issue in a way they can understand, would be shocked and outraged when they learn the real truth.

this is a good move for yahoo, and for the users; and hopefully yahoo still has enough clout to start a trend away from wholesale collection of user data.

Re:I want enforceable privacy

[wassabison]

Of course the implications could be much higher quality search results.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[Thaelon]

pretty deep searching of my email

An email typically a little bit of text. How exactly do you do a "deep search" of such a tiny piece of information?

As for the package tracking link, it's really as simple as

grep "1Z[a-zA-Z0-9]{16}" email

and then produce a link including the match. That's hardly what I would call a "deep", or even a particularly alarming search of my email contents.

Especially when you consider the sheer volume of email they handle. Even if every employee at google actually spent all of

Re:

[scientus]

they alsa refuse to include the tracking number when they notify you that they have that information wafter you buy something through google checkout. They FORCE you to track it through THEIR page, and you must log in. The shippers tracking systems are already designed to be secure, when you track a package there is no personal information displayed. But Google FORCES you use use their site.

Their like an overcontrolling parent.

Google is always right. Just go to Google and Google will have the answer. Google

Re:

[rumith]

I'm not sure Google can effectively use info extracted from analysis of my private data (searches, gmail, etc.) to display relevant ads to me. Hell, they've been plastering my GMail with some sort of religious propaganda and astrology-related crap lately (me being a physicist), and it's been a week or so that AdSense has been showing throngs "Try Google Chrome" ads to me even when I'm using Chrome. You don't get much stupider and worthless advertisement than that :-)

It's pretty sad since some time ago I re

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[cyngus]

No, the reason 99% of people don't care is that 99.9% of people aren't important enough for anyone to want their data. Of the 1% that do care, 9% are people who are important enough they should worry, and 91% are geeks like you who think you merit notice, but don't.

Re:

[Anonymous Coward]

"...I'm no big fan of Microsoft, but at least they never owned any private data on me...."

Interesting, I guess you never registered Microsoft products, applied for the money back from Microsoft for the Microsoft tax, used Windows Search, or Windows Live, MSN, Windows update, and the like. And never use sites like Digg that use ads sold by Microsoft. (Both MSN and Microsoft Live seem to ask for access to my machine when on Digg the other night...according to NoScript.) Good for you!

When Microsoft buys Yaho

Not quite

[brian0918]

Do the right thing: there needs to be legal means by which I can obtain, verify and erase all personal data associated with me.

You really want the government to be involved in the means to your privacy? Wouldn't you just be begging for some warrantless wiretapping? The problem with your proposal is the enormous likelihood of corruption that comes with government involvement in services such as this.

The right solution is something like a VeriSign for privacy. Independent competing organizations demand privacy practices and transparency from companies in exchange for their "seal of approval". By having competing organizations, you

Re:

[jgtg32a]

Yes, privacy is one of the few area's where I welcome government action.

You wouldn't be begging for the warrantless wiretapping. The government has always been "do as I say not as I do."

Re:

[brian0918]

Yes, privacy is one of the few area's where I welcome government action.

Well then all you're asking for is a false sense of security, because the opportunity for corruption is ridiculously high. (Bernard Madoff comes to mind)

Incompetence versus corruption

[sjbe]

Well then all you're asking for is a false sense of security, because the opportunity for corruption is ridiculously high. (Bernard Madoff comes to mind)

You are correct about the potential for a false sense of security but don't mistake incompetence of regulators (the SEC) with corruption of a trusted agent (Madoff).

Re:

[brian0918]

You are correct about the potential for a false sense of security but don't mistake incompetence of regulators (the SEC) with corruption of a trusted agent (Madoff).

You need to keep up on the news. Madoff's niece is a lawyer for his firm, and she's married to an SEC investigator. That might help explain why the complaints that have poured in since 1999 (or earlier) were ignored.

Corruption versus conflict of interest

[sjbe]

You need to keep up on the news. Madoff's niece is a lawyer for his firm, and she's married to an SEC investigator.

That's not evidence of corruption. Conflict of interest maybe but absent additional facts that is not sufficient grounds to level a charge of corruption. The SEC has plenty of investigators and their real problem is that they lack the funding and manpower to seriously fulfill their job of regulating financial institutions. Furthermore the SEC has freely admitted [marketwatch.com] they dropped the ball and that so far there is no evidence of malfeasance by any SEC employee. Furthermore the husband of the niece in question

Re:

[brian0918]

Just because someone could potentially act unethically doesn't automatically imply that they did in fact act unethically.

You know what they say about absolute power and corruption...

I know it makes for a nice conspiracy theory but let's get some actual evidence first shall we?

I'm fully in agreement, but when it comes to the government, it's usually safest to accept the theories until they've been disproved. :)

Re:I want enforceable privacy

[vux984]

The problem with personalization is that it's an extremely sensitive topic for 1% of the population (us, the geeks), but 99% of end-users couldn't care less.

99% of end-uses couldn't care less until it bites them in the ass, and then you see their dopey teary eyed face splattered all over the news when something hits the fan... "I just can't believe google/facebook/youtube/myspace had all this information about me! The identity thieves started by hacking my gmail account... and from that were able to reset my facebook password, and from there they had everything... they were able to completely drain my bank accounts, and even managed to successfully impersonate me to my parents and scammed them out of thousands... my parents said the theives used a bad quality phone line, but they didn't suspect a thing, because they new everything... they asked how Dad was coping with losing his job, how my sister was doing, they even talked about the camping trip we went on in the summer... and they got all this from the online data, reading my email, looking at my pictures, and trawling my social network... I just can't beleive this was all right there for the taking."

Then they'll say... "The government really needs to do something."

Re:

[CannonballHead]

Enforceable privacy. That would mean that a third-party (be it the government, another company, or a single alien individual from Uranus) would have to check 'private' data to make sure that the 'private' data is gone...

This is getting rather complex now.

IMO, the real question is - does Google claim it's NOT keeping private data? Privacy policies abound on all kinds of websites. Don't like it, don't use it. You can't enforce (unless it's illegal) ... or shouldn't ... a private enterprise to adhere to

Re:

[LingNoi]

I'm sure Google was one of the first to make search data Anonymous [blogspot.com] in March last year unlike how the author of the summary tried to make out it wasn't the case.

I don't see where Google is in a risky position given the facts above. Please point out if I am wrong however I am very certain this is the case.

Lets not forget this is the same Google which fought with the US gov to keep user search data secret. This is the same Yahoo which helped jail a Chinese blogger for many years when they could have just said

Re:

[shanx24]

This is why endeavors like dataportability.com are important, because they put the control in the hands of the users, where the ownership of private data belongs in the first place.

What a coincidence!

[Gizzmonic]

Yahoo! is exactly what the ladies say when they see my 'private dataset.'

Actual versus PR speak

[Recovering Hater]

Well. It seems like Yahoo is trying to actually not do evil and Google is trying to talk about not doing evil while making it palatable for the masses. Or something. (Insert witty statement illustrating contrasting styles of Google and Yahoo here)

Re:

[MikeDirnt69]

I think it isn't about evilness, but money. Yahoo! is on a non comfortable situation, as investors are definitely not amused. In my view, they're simply trying to show they can do better where the biggest concurrent seems to be failing. But if it really is better or if it will help Yahoo! somehow, we don't know (yet).

Re:

[zappepcs]

I guess I'm cynical. I hear them saying no more than 90 days EXCEPT in some special cases.

How is that different from:

We'll continue to hold any data that we think is of use, but the rest of the garbage that most of our users seem to want to look at will be thrown away after 90 days because we really don't want to store your garbage for longer than we find it useful. oh, and, uhhh, some other company mentioned 90 days somewhere in the beer tent of some convention, so that's definitely a good number.

Reverse contracts

[girlintraining]

The problem in IT today is that contracts give companies the power, not the end user. If you want to level the playing field, what we need is for the user to make contracts and exceptions about how their data is used, and then legally enforce it. In short, a user's union. We could design plugins to our browsers to eliminate companies from consideration that do not adhere to our privacy requests -- in effect, blackholing them. Since our private data is considered to have value, we want something back for it -- so we'd organize together to give that data out in exchange for monentary compensation.

that said... It would never work. People don't care to organize to protect their rights. They're quite happy with the current state of affairs.

I think you may have something...

[Kabuthunk]

Most people may well be happy with the current state of affairs... however I think you've it upon the catalyst that has potential to change everything:

monetary compensation

If word were to get out to the masses that "you will get money", you'll have droves of people stepping over their own mothers for it. Of course this depends on the amount of money... but you get the idea. Bring up the word money, the people will follow.

Re:

[jlarocco]

that said... It would never work. People don't care to organize to protect their rights. They're quite happy with the current state of affairs.

There's nothing stopping you from starting a group like that. If you're not concerned enough to put in the required effort to start things off, then it shouldn't be too surprising that nobody else is either. If you honestly think it'd be worthwhile, stop whining and get to work.

I don't mean to be harsh, but your complaining that nobody else cares, yet you don't

Re:

[account_deleted]

Comment removed based on user account deletion

personalization is not always personal data

[dsvick]

I think some people get up in arms about this without realizing that, in many cases, the "personal" data being kept isn't really personal anyway. It is their search and browsing history, their clicks and the sites they've visited. It's not necessarily anything personal about that them the site doesn't already have on file for it's users.

Yahoo is still keeping the user's name, contact info, preferences, favorites, and other items, just as is Google, MSN, and any other online service/portal you sign up for. What they aren't keeping (after 90 days), or rather are not associating with the individual user, is the information that they could/did use to target advertising to the user.

Google is retaining it and probably charging more, or at least getting a better response rate, for their advertising because of it.

Given the way things are now I don't see how anyone could have the expectation that anything you do on the web could possible be anonymous. Just browsing a site takes your request through any number of different systems any one of which could be logging the information and using for who know what. At least with the Googles, and the Yahoos you have a reasonable idea of what they are keeping and how they are using it.

Re:

[oahazmatt]

See, this issue confounds me. I can understand people wanting their information to be private, but at the same time if you don't want that information on the Internet, don't give it to them.

Re:

[RJFerret]

Given the way things are now I don't see how anyone could have the expectation that anything you do on the web could possible be anonymous. ... At least with the Googles, and the Yahoos you have a reasonable idea of what they are keeping and how they are using it.

Nada.

One of the best links I learned from earlier Slashdot discussions was Scroogle [scroogle.org], Google results with no tracking, ads or loss of anonymity.

Re:

[Colonel Korn]

1. Mod parent up.

2. https://ssl.scroogle.org/ [scroogle.org] is even better.

3. There's no reason to ever use Google directly again.

Re:

[dookiesan]

Suppose a friend of yours starts working at google. You have to presume that he can then see every search you've ever made. Or suppose they go to work for facebook and they can now see how many times you clicked on their girlfriend's profile in the last month...or any girl's besides your girlfriend's.

Collecting this data can damage people's lives because we don't expect to be tracked. We assume that the employees in these companies are far away and too removed to have any interest in us. You can say tha

As long as it's optional...

[Anonymous Coward]

Yahoo needs to improve the search results quality. Without competition, it doesn't matter much what anyone thinks about Google's plans. I can usually find what I'm looking for with Yahoo, but there are many more junk results and the interesting pages are rarely listed on the first page. So I keep returning to Google, even though I think that the agglomeration of search engine, ad broker, maps hoster, email provider and web statistics service is a major threat to the privacy of all users, even those who make

Am I the only one...

[thousandinone]

...who has actually stumbled across products and services that I find extremely useful due in no small part to Googles targetted ads?

I mean, is it really such a bad thing? No matter what ad is showed to me, its still my choice to click on it or not. If they're going to be there, they may as well be things I may find interesting.

Re:

[zonky]

In theory, the advertising is ensuring a greater range of content on the internet, not your actual connection.

Re:

[tehcyder]

Yes, you're probably one in a thousand.

Re:

[thousandinone]

Yes, you're probably one in a thousand.

Ba-dum KSH!
Well played, sir.

ixquick

[aristofanes]

ixquick recives privacy award from eu

http://us2.ixquick.com/uk/protect_privacy.html [ixquick.com]

Ixquick's position:
You have a right to privacy.
Your search data should never fall into the wrong hands.
The only real solution is deleting your data.
We delete our users' privacy data within 48 hrs.
We are the first and only search engine to do so.

Data Portability and User Control

[zorkerz]

I would like the data collected about me to be portable and under my control. I would like to be able to create an identity online that I can use to login to any website I desire. Data collected would be stored against this identity. Every identity should have access to the data stored against it and have the ability to control who has access to that data. This would put the control of my personal information in my hands. I don't have a problem with collection of anonymized data. Currently the internet se

privacy and not retaining user data ..

[rs232]

How does this relate to such programs as NSAs Echelon [tomflocco.com] and wholescale tapping of fiberlinks in major switching centers such as at AT&T [cnet.com]. Incidentally most of the current effort in surveillance goes on industrial espionage and the monitoring of 'activists', ie people who speak out against the government.

http://www.spamdailynews.com/publish/ATT_tech_outs_NSA_spy_room.asp [spamdailynews.com]
http://uk.youtube.com/watch?v=LDk6jxcSDlQ [youtube.com]
,br>

Re:

[Kindaian]

Like anyone with IQ of more then 1... ;)

groups.yahoo.com

[vlm]

Yahoo announced plans to retain user data for no longer than 90 days and to anonymize data.

They've been doing that to groups.yahoo.com for years... just kidding (sort of)

Re:

[boyter]

I disagree. You need to know what people are searching for and then clicking on in order to improve your algorithm. Thats just common sense. If people are searching for "google" and then clicking on link number 17 in your result set then it should probably be moved up a bit.

Google is not the only offender. ICQ, AIM, etc.

[$criptah]

Google is not the only offender. In fact if you read TOS and privacy policies for many other companies, like AOL (owns ICQ), you will see that many popular products are quite dangerous to anybody who is concerned about privacy. For example, an ICQ account cannot be deleted. You can only remove information in the account and that is that. However, since Google is just a major player it simply shows on the tip of the iceberg.

I bet most people who read /. know that there is no such thing as privacy on the Internet. Privacy is only limited by the amount of resources available to private companies or federal agencies and in fact most of the network traffic can be recorded if necessary. Of course whether such recordings will be useful is not clear, but it is still possible. If a DA has thousands of well paid investigators and a budget to enforce every single law, you bet your sweet ass many of us will be wiretapped and charged with stupid shit like violation of TOS (horray for Lori Drew's case, the PATRIOT act and other sweet by-products of 9/11.). The only question is what you, a private citizen, can do about this?

Ideally, I would like every service provide to clearly state that personal data about me will be stored on their system and for how long. If anything, users should have an option to permanently delete their information without a trace. Also, inactive accounts should be automatically deleted. This already happens in real life where stores are required to shred credit cards lost on their premises if the owner of the card does not claim it within a reasonable amount of time. Unfortunately these policies will only add additional burden on companies and not being able to mine your private data is going to be a disaster for some.

China

[binaryseraph]

Unless your in China- then your data will be Sold. I mean- yahoo has to justify its price for Microsoft somehow- right?