Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

What MSN, Google, Yahoo and AOL Know About You

CmdrTaco posted about 7 years ago | from the know-me-better-than-i-know-myself dept.

Privacy 169

hotgist writes "America's top four Internet companies, Google, Yahoo, AOL and Microsoft's MSN, promise they will protect the personal information of people who use their online services to search, shop and socialize. But a close read of their privacy policies reveals as much exposure as protection. The massive amounts of data these companies collect, which can include records of the searches you make, the health problems you research and the investments you monitor, can be requested by government investigators and subpoenaed by your legal adversaries. But this same information is generally not available to you."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


Cum on, sue me (4, Interesting)

Harmonious Botch (921977) | about 7 years ago | (#18676037)

Ok, if I can't find out what records they are keeping about me, but legal adversaries can, someone please sue me and then subpeona them for me.
BTW, TFA appears to have gone though a buggy porn filter. It has words like "cir*****stantial" and "do*****ents"

Re:Cum on, sue me (5, Funny)

Otter Escaping North (945051) | about 7 years ago | (#18676061)

Ok, if I can't find out what records they are keeping about me, but legal adversaries can, someone please sue me and then subpeona them for me.

Try downloading some music - I hear that works pretty good.

Re:Cum on, sue me (2, Funny)

networkBoy (774728) | about 7 years ago | (#18676083)

I like the open/close quotes disparity ``" :-)
Yeah, we need to get a subpoena ring together. I'll subpoena your records, you subpoena mine...
There needs to be a code of honor though, else I'm in for some trouble.

Re:Cum on, sue me (3, Interesting)

Qzukk (229616) | about 7 years ago | (#18676243)

BTW, TFA appears to have gone though a buggy porn filter. It has words like "cir*****stantial" and "do*****ents"

Yet "child pornography" and "sex partners" had no problem. Fascinating priorities for words to censor by a porn filter, there.

Re:Cum on, sue me (3, Funny)

tritonman (998572) | about 7 years ago | (#18676395)

What we really need to focus on is how much information Jesus has about us. How does he get this information, and what exactly does he plan on doing with it?!?!?

Re:Cum on, sue me (0)

Anonymous Coward | about 7 years ago | (#18677525)

Santa is the one who scares me...I mean, he knows when I've been naughty!

One more reason to never log into Google (0, Redundant)

davidwr (791652) | about 7 years ago | (#18676073)

Memo to self:

Don't log in before doing a search.
Change my IP address frequently or use proxies.
Lobby CowboyNeal to let you post as A.C. more often than once every 10 minutes.

and cookies too (4, Informative)

homer_ca (144738) | about 7 years ago | (#18676209)

Don't forget to clear your cookies or block them from Google. The default Google cookie doesn't expire for 30 years, and with it Google can track all your activity on Google sites, from maps to gmail to search.

Re:and close browser too! (3, Informative)

redelm (54142) | about 7 years ago | (#18676433)

You can also be tracked by unique URLs with embedded keys.

Clearing cookies is great, but I'm not sure whether you're clearing cookies that will be saved, or cookies already saved.

The cookie may last for 30 years -not the computer (1)

vinn01 (178295) | about 7 years ago | (#18676951)

Good luck finding a home computer that will host that cookie for 30 years.

Re:One more reason to never log into Google (1)

jma05 (897351) | about 7 years ago | (#18677381)

How about just use a different browser for private searches etc? One from which, you never log into any service from the said search engine. As far as these sites go, they cannot be sure it is the same person just because the IP info is the same.

The RIAA disagrees. (1)

davidwr (791652) | about 7 years ago | (#18677447)

they cannot be sure it is the same person just because the IP info is the same.
I know this is false because the RIAA lawyer told me so.

Re:One more reason to never log into Google (1)

jaweekes (938376) | about 7 years ago | (#18677715)

It might be better to use a virtual machine, and don't save the changes. VM players are now free, and you don't really get much of a performance hit with the new CPU chips.

Set one browser to use proxy/Tor. (1)

Kadin2048 (468275) | about 7 years ago | (#18677867)

You still run into the problem of association by IP address unless you use a proxy.

What I think is best, is use two browsers, and set one up to use a proxy (preferably Tor, because it's better than just a single, basically untrusted, proxy), and do anything sensitive/private there. Don't ever log in there, and set it to get rid of cookies at the end of your session.

Apple's Safari browser has a nice mode called "Private Browsing" where it pauses adding anything you enter to the History or to saved form values, and when you turn it back off at the end, purges the cache and cookies. Although it's not that difficult to clean that stuff in Firefox, it'd be a nice option to see other browsers adopt. (Frankly, it would be nice if they built in Tor/Privoxy, so that when you activated the feature, it automatically started sending your traffic through the onion-router system, but that's an additional level of paranoia.)

Role reversal? (0, Redundant)

Anonymous Coward | about 7 years ago | (#18676075)

In Soviet Russia, search engines search you!

Re:Role reversal? (0)

Anonymous Coward | about 7 years ago | (#18677593)

If it where in Soviet Russia you have information about search engines, i would go live there.

surprised (4, Interesting)

hobo sapiens (893427) | about 7 years ago | (#18676077)

yawn...nothing you do online is private. The real problem here is that people *think* they cannot be seen.

TFA made an interesting point, though...searches are as close to reading our thoughts as is possible. That is pretty scary. I'll bet there's all kinds of predictive software that could use that search data to profile us, even anticipate our next move. That's pretty scary.

Re:surprised (4, Funny)

voice_of_all_reason (926702) | about 7 years ago | (#18676381)

yawn...nothing you do online is private. The real problem here is that people *think* they cannot be seen.

Ceiling google is watching you masturbate?

Re:surprised (4, Informative)

blueZhift (652272) | about 7 years ago | (#18676457)

Absolutely! There is no such thing as anonymous on the net. So the real solution is not going to be getting Yahoo, AOL, or whoever to stop collecting data. They never will because it makes them too much money. The real "solution" is spreading the word to users that they are not anonymous and behave accordingly.

BTW, the Chicago Police already use an Oracle based data mining system to produce crime forecasts for the city that they use to decide how to deploy forces from day to day. I first learned about this system years ago, so it may be safe to assume that there have been improvements since that time. The future is now.

Re:surprised (1)

Frozen Void (831218) | about 7 years ago | (#18676887)

>Oracle based data mining system to produce crime forecasts for the city
Is this liek a weather forecast?

Re:surprised (5, Funny)

LordOfTheNoobs (949080) | about 7 years ago | (#18677073)

It's a bit muggery out there today folks, with a thirteen percent chance of homicide over on 5th. So remember to don those kevlars. Back to you, Tom.

Re:surprised (1)

blueZhift (652272) | about 7 years ago | (#18677747)

It's a bit muggery out there today folks, with a thirteen percent chance of homicide over on 5th. So remember to don those kevlars. Back to you, Tom.

Actually, it was a little like this. It would show the probabilities of various types of crimes in an area based on past data. So it was easy to see developing trends.

Re:surprised (1)

LordOfTheNoobs (949080) | about 7 years ago | (#18678283)

Wow. I imagined their system as just being a statistical analyzer hooked up to a computer program map they would use to send out emails with information for officers coming onto duty to read/be briefed with before going out.

Actually having some two bit cliché weatherman delivering a stand up crime forecast on the evening news? Awesome. Let's go ahead and lampoon him in front of a large projection of a time loop with a cloud of looters moving east to west over the city and little pinup mugger glyphs with percentages popping up in different spots.

/ And blue hair. You gotta have blue hair. // Hoping it's still 'a little like this' /// Long live strongbadia.

Re:surprised (0)

Anonymous Coward | about 7 years ago | (#18677889)

Short of physical access, your first statement is false.

I can vouch for this, as up until a year ago, I was not found in ANY public search engine ON the Internet. Thats not to say you couldn't probably pay to retrieve my information, but ANYTHING can be found with money and the right know how. Even now, if I do the search, results still show up under 20, and thats with the 3 sites set up to google cache. MSN, Yahoo, AOL, are all lower than that.

Anonymity requires discipline, and a fairly high level of awareness(paranoia ??) whilst connected to ANY network. Its ALL about information control.

/this message brought to you without Anonymity

Re:surprised (1)

Billosaur (927319) | about 7 years ago | (#18676487)

...searches are as close to reading our thoughts as is possible.

I knew you were going to say that!

Re:surprised (1)

hobo sapiens (893427) | about 7 years ago | (#18677023)

now that you mention it, I just have to...

obligatory Simpson's quote:
"I know you can read my thoughts, boy! meow meow meow meow, meow meow meow meow, meow meow meow meow..."

Re:surprised (1)

corifornia (995298) | about 7 years ago | (#18677059)

Seriously, its not difficult to thwart all of this . . . Just search for all your child porn and ways to hide dead bodies on your friends computers. Sheesh, its a no brainer.

Re:surprised (1)

charlieman (972526) | about 7 years ago | (#18677757)

Quick! start searching for random words, that will make their predictive software crazy!!!

unless... they already know we are gonna search for random stuff!!

Google allows you to see past searches... (2, Informative)

garcia (6573) | about 7 years ago | (#18676081)

If you're logged in and you have it enabled, you can have Google tell you all of your search history. I disable that and generally block cookies from being stored by Google. I sometimes, depending on what I'm searching for, use inurl:nph-proxy.pl and find a random open proxy to search through or use a public facility like a SurfThing enabled coffee shop or library.

If my legal adversaries want to find out that I searched converting 3.5 tablespoons to teaspoons while cooking on Saturday, good for them. The rest of it is protected.

Now, what the general public does (like the moron that got busted for searching for how to commit undetectable murder and then poisoning her husband) is another story. No matter what, there will always be idiots that don't know how to cover their tracks regardless of the "privacy policy" of third parties.

Re:Google allows you to see past searches... (3, Funny)

voice_of_all_reason (926702) | about 7 years ago | (#18676143)

If my legal adversaries want to find out that I searched converting 3.5 tablespoons to teaspoons while cooking on Saturday, good for them.

Except when they list also includes "fertilizer" or "ammonia" and some guys end up locking you up and throwing away the room.

Re:Google allows you to see past searches... (4, Insightful)

Anonymous Coward | about 7 years ago | (#18676313)

Do you really think that Google doesn't keep track of your past searches, just because you disabled it?

Re:Google allows you to see past searches... (2, Insightful)

maxume (22995) | about 7 years ago | (#18677499)

I think it adds at least one step for a snoop trying to put me and my searches together(one with direct access to the various databases that is).

Re:Google allows you to see past searches... (2, Funny)

mwvdlee (775178) | about 7 years ago | (#18676373)

3.5 tablespoons of crack? I guess "teaspoon" is slang for syringe?
I wonder what kind of searches you want to keep private!

Re:Google allows you to see past searches... (4, Interesting)

Billosaur (927319) | about 7 years ago | (#18676543)

If my legal adversaries want to find out that I searched converting 3.5 tablespoons to teaspoons while cooking on Saturday, good for them. The rest of it is protected.

Which brings up an interesting idea - fake search patterns. On the one hand, you could perform all sorts of irrelevant, meaningless searches to clutter up your search record. On the other hand, imagine you wanted to make it appear that someone was searching for certain information, information that might prove incriminating. Assuming you could somehow gain access to their computer(s), wouldn't it be possible to "plant" searches in a person's search history? How many people who use the major search engines every day know they are being tracked?

Re:Google allows you to see past searches... (0)

Anonymous Coward | about 7 years ago | (#18678591)

And help increase the noise for any autoprofilers:
http://search.msn.com/results.aspx?q=bush%20schedu le%20june [msn.com]
http://search.msn.com/results.aspx?q=how%20to%20ma ke%20a%20pipe%20bomb [msn.com]
http://search.yahoo.com/search?p=world+trade+cente r+memorial [yahoo.com]
http://search.yahoo.com/search?p=anfo+igniter [yahoo.com]

And to any CIA employees: my commendations on your impeccable information gathering systems, and have a nice day!

Re:Google allows you to see past searches... (1)

Radon360 (951529) | about 7 years ago | (#18676737)

Now, what the general public does (like the moron that got busted for searching for how to commit undetectable murder and then poisoning her husband) is another story.

FWIW, the way she was discovered was by the police rummaging through her browser history on her computer and discovering what she was searching for, not a supoena to Google, et al.

So, as you put it, she was one of the morons because she didn't cover her tracks in her own computer, let alone worry about what she was leaving in Google's logs.

I just tried that.... (1)

StressGuy (472374) | about 7 years ago | (#18678429)

Only three sites came up....an "animusic" video clip....the website of a nearby community college....and a site entirely in what appeared to be German....the image was suppressed by my work computer (as were the other two), and I have no recollection of visiting such a site - particularly given that it's in a language I don't understand.

A bit puzzling

Same problem, new technology (4, Insightful)

loafing_oaf (1054200) | about 7 years ago | (#18676103)

Were things really much more private before the Internet as we know it today? You had to approach actual experts like doctors for any questions you had. That leaves a trail. And if you had checked out library books as research, I'm sure the government could trace those records as well, even before computerized systems. Technology simply makes the process shorter.

Re:Same problem, new technology (2, Insightful)

voice_of_all_reason (926702) | about 7 years ago | (#18676223)

And when the process is shorter, it increases the scope of abuses. Imagine if 1940s Germany had the ability to find all the jews? It's not so farfetched to beleive the US would ask google to run a find_all_arabs() function in the event of a second terrorist attack.

Re:Same problem, new technology (3, Informative)

lawpoop (604919) | about 7 years ago | (#18676455)

"You had to approach actual experts like doctors for any questions you had."

Yes, but a doctor isn't allowed to blab to anybody about your medical problems. If somebody sues you, they aren't allowed to subpoena your medical records.

Not very surprising (3, Funny)

skoaldipper (752281) | about 7 years ago | (#18676153)

You can find out more about me by rummaging through my trash can - quite legal too. Just make sure you get it off my lawn first, or say hello to my boomstick.

Re:Not very surprising (3, Insightful)

tgatliff (311583) | about 7 years ago | (#18677035)

Yes but you cannot datamine a trashcan over several years without a considerable amount of effort. Meaning, there is an inherent cost in digging thru millions of peoples trashcans, including probably getting shot by some for intruding on their property. From a search engine companies perspective, there is no inherent cost of gathering this data. It is simply an benefit of their business model.

To me this is a failure of congress once again. In no way should they have allowed companies to keep this information. With the current situation in the US political system, though, I suspect nothing will change anytime soon. I suspect that at some point GOOG and the others will get caught selling some of this intrusive data. At that point the pubilic will force congress's hand. Until then, however, we will have the deal with this situation...

diversify (3, Informative)

gEvil (beta) (945888) | about 7 years ago | (#18676221)

This is why I use different services for different things. While I absolutely love gmail, I don't use it for my primary webmail account. Instead, I use Yahoo! (though I hate those ads at the bottom of messages). This is because I use Google as my search engine of choice. And for messaging, I use AIM. I don't want companies to be able to attach seemingly disparate portions of my life together into a single profile. Sure, it can still be done, but diversifying makes things that much more difficult.

Rehash of old news, let me summarize (1)

vivaoporto (1064484) | about 7 years ago | (#18676287)

The Aol "accident", government trying to subpoena search results, etc. Big companies whose source of income is to store and analyze massive amounts of personal preferences to sell targeted advertisements effectively store and analyze personal data. This article is a complete waste of time, don't bother reading it.

Which is why I suggest "GoogleAnon" (4, Informative)

I)_MaLaClYpSe_(I (447961) | about 7 years ago | (#18676295)

Copy the code below and bookmark it as if it was an ordinary url. Then, when you visit google the next time, anon your google.

javascript:x='Nothing';y='preferences';try{if(conf irm('OK: Zero it\n\nCancel: Do_'+x+'_(e.g._already_zeroes?)\n\n'+unescape(docu ment.cookie.replace(/;/g,'\n'))))h=location.host.m atch(/\.google\.((off|com?)(\...)|..|com)$/)[0];do cument.cookie='PREF=ID=0000000000000000:LD=en:TM=1 115409441:LM=1129104254:S=kSuablMgN8pP9-91;expires =Sun, 17-Jan-2038 19:14:07 GMT;domain='+h;location='/'+y+'';alert('Zeroed:\n\ nNow_reset_your\n'+y+'\n\n')}catch(e){alert(x+'_do ne\n\n(e.g._not_Google?)\n\n')}void(0)

Or else, google for GoogleAnon :-)

Most people dont value privacy (3, Insightful)

140Mandak262Jamuna (970587) | about 7 years ago | (#18676353)

Most people just dont care. People carry frequent shopper cards for their regular grocery store. Tagged to a real name, not some pseudo handle, tagged to a real address. And they fill their prescriptions there too. All for what? 25cents off a loaf of bread. Even on line people just dont seem to care. The kind of information people post in Facebook and other places, the amount of information they reveal in their blog, using real name that any prospective employer can search for...

They (my nephews and nieces) look at me as though I am an brontosauraus wearing Sanjaya's fauxhawk when I talk to them about the dangers of "overexposure" (both literally and figuratively) in the internet.

Re:Most people dont value privacy (3, Insightful)

SatanicPuppy (611928) | about 7 years ago | (#18676429)

I picked my frequent shopper card up out of the parking lot in front of the grocery store, so while it is attached to a real name and address, god alone knows whose.

Re:Most people dont value privacy (1)

defy god (822637) | about 7 years ago | (#18677711)

You know, I used to do the same thing. I used some randomly found grocery shopper cards or ask for one but never fill out the info paper. After reading more about those cards, I realized it was pointless because of my payment patterns.

I don't like carrying more than $40 in my wallet. Whenever I go to the grocery store, I pay using my debit or credit card. I'm also a sucker for the 5% cash back credit card when paying for gas or groceries. That's probably all I use the card for, but 5% is still a big chunk for those two things. There's one way they can easily trace my usage patterns.

If you use check, debit, or credit along with the store card, the store's got attached you to the discount card at that point. They may have some representation for those numbers to keep the data "safe," but I'm sure if they really wanted to, they can find a way to attach the name to the card. They would still have all your data, but you don't get the mailed coupons.

Too lazy to find the article now, but a few years back I read about a man falsely charged with the arson of a building or house he lived in. They were able to connect him to the crime by using the discount card. He didn't fill out the shopper card's application sheet, but they were able to connect a credit card of his with a a discount card that showed he had bought lighter fluid. The same lighter fluid container was found at the scene of the crime. The details are fuzzy, but apparently that was pure coincidence.

Re:Most people dont value privacy (3, Interesting)

frdmfghtr (603968) | about 7 years ago | (#18676593)

Actually, I tend to save a couple of dollars every trip to the grocery store with it, and if the grocer knows my grocery habits, I really don't care. I'll spend time and energy protecting info that NEEDS protection, like bank account numbers and credit card numbers, not my preference for whole wheat bread over white or rye. If I don't want a particular purchase "remembered," I don't use the card and pay cash. There's a concern for privacy, and there's paranoia.

I'll agree with you though as far as Facebook/MySpace type sites go...before you post it on a web site, ask yourself this: Would you post it on a billboard along the freeway? Ask that, because that is exactly where it is going--on a billboard along the "Information Superhighway."

Re:Most people dont value privacy (0)

TheAwfulTruth (325623) | about 7 years ago | (#18677161)

You do realize that you are not actually "saving money" right? As far as the ntire system goes, using it is a wash at best. The 2$ you save on one item is taken back on the others being higher priced than they should be.

If you DON'T use the card its more like you are being ripped off severely! So at best you are trading privacy for being screwed at the register.

One common tactic I've noticed on items I buy every week is that when they want to raise the price on somethihing they raise the pricer severely (like 50 cents on a 3 dollar item) then immediately give it a card discount down to maybe 10 cents lower than the original price. Then a week or two later the discount is gone and suddenly the every day price is 50 cents higher than it was before and remains that way till they raise it again.

The store cards are just ways of them playing with you from multiple angles while making you FEEL like you are getting "a deal", NONE of which is good for you in the end :(

Re:Most people dont value privacy (1)

grishnav (522003) | about 7 years ago | (#18677325)

The good news is, when the store chains and the insurance companies hook up, you'll "save" another couple of bucks for preferring wheat bread over rye...

/but not as much as the guy who picks something even healthier.

I really should worry (2, Interesting)

SmallFurryCreature (593017) | about 7 years ago | (#18677971)

My grocer already knows my order when he sees me coming. Not that he gets them then for me. He already has gotten them ready because he knows when I arrive.

Invasion of privacy OR bloody good service I happily pay his slighly higher then average prices for?

God I love corner stores.

Re:Most people dont value privacy (0)

jahudabudy (714731) | about 7 years ago | (#18678365)

If I don't want a particular purchase "remembered," I don't use the card and pay cash.

Just this weekend, I went into a Lowe's Hardware to pick up a can of spray paint. I went thru the self-checkout and paid cash b/c it was like $4 or something. Before the machine would continue my purchase, it required me to put in my telephone # in order to "verify my purchase".

Okay, so my phone # is not really 111-111-1111, but still, I was quite disturbed by the BLATANT attempt to track my cash purchase.

People Care About Security: +1, True (-1, Troll)

Anonymous Coward | about 7 years ago | (#18676719)

That's why I continue to reduce civil rights in the United Gulags of America.

Yours dictatorially,
"President" George W. Bush [whitehouse.org]

Re:Most people dont value privacy (2, Insightful)

fatmonkeyboy (257833) | about 7 years ago | (#18676875)

If you're using anything but cash to pay at the grocery store, they can already store all of this information about you.

You swipe your credit/debit card and there's nothing to stop the store from recording your name along with everything you purchased in a database. Your address may not be on the card's magnetic strip (but I wouldn't be surprised if it were). My billing ZIP code has been checked at the register before, so its either on the card or (more likely) can be retrieved and/or checked by the software that verifies the transaction.

Checks have the same problem - your name and address are probably on there. Mine are. Lots of stores are using electronic check readers, so there's not much difference between using those and a card.

So, unless you're paying with cash, you might as well reap the benefits of the frequent shopper card. I know I will :)

Re:Most people dont value privacy (0)

Anonymous Coward | about 7 years ago | (#18677667)

My frequent shopper card is in the name of Fuzzy Buttwhisker. So was my ebay name. It was funny when the Ebay rep had to ask for Mr. Buttwhisker?

Additional Problems (2, Interesting)

Foobar of Borg (690622) | about 7 years ago | (#18676357)

There are other online data problems besides the main computer companies. You also have to worry about companies like USSearch, PrivateEye, and so on which basically allows anyone to find out tons of stuff about you for a nominal fee. USSearch's FAQ even says

"Can you search for minors or public figures?

No. In order to protect the identities and safety of minors and public figures, US Search does not provide searches for these types of individuals."

So, they understand the danger. They just don't care about the danger posed to the "proles".

Data retention really is the stealth liberty issue (1)

MikeRT (947531) | about 7 years ago | (#18676379)

Look, I know that we don't have to use these services, but that doesn't make this sort of policy any less dangerous to the public in general. The Bush Administration will not be the last time we will hear about data retention policies [codemonkeyramblings.com] , and if these services keep maintaining such detailed records, it's only a matter of time before the government gets full access to them. The privacy implications for that are that it'll be the first major step toward a total surveillance state for modern communications. A first, very, very important step once they get the search engines and ISPs working together to help them keep detailed record on what is done online.

How is it linked? (1)

tgatliff (311583) | about 7 years ago | (#18676405)

Is it linked by just cookie or also the mac? I would assume that most routers/firewalls mask the mac address, so is the cookie reference the only link?

Re:How is it linked? (0)

Anonymous Coward | about 7 years ago | (#18676931)

Here [google.com] is a google "answer" explaining why they can't tie it to your MAC - more complete than anything I could bang out, especially at this ungodly hour.

Not Surprising (1)

madsheep (984404) | about 7 years ago | (#18676445)

Well I do not find this surprising. You should just use the Internet and associated products with the assumption of no privacy. If you do not have this assumption, you should read every line of the privacy policies. Even then make the assumption you are not safe. Mistakes and screw up happens. Hackers happen. "0day happens." Even if that information is "protected" it might still get out anyway. Assume they are collecting *.

They're all probably collecting tons of stuff, but I for one will not use Gmail or Google Talk. I make the assumption that they are data mining everything I do.

Is this covered by UK DPA? (2, Interesting)

LighterShadeOfBlack (1011407) | about 7 years ago | (#18676603)

I'd be interested to know if this information is covered by the DPA for UK residents. Does search data count as personal information if the data is linked to an IP address rather than directly linked to my identity?

If it is then presumably I should be able to make a request under the DPA (without a court order) and they would be required by law to provide me with all information they have pertaining to me for a nominal fee within a certain time-period (I forget exactly how long).

Clearly IANAL and I don't know nearly enough about the DPA or international law to know if this applies. Any actual lawyers about there who can clear this up?

Re:Is this covered by UK DPA? (0)

Anonymous Coward | about 7 years ago | (#18678357)

The UK Data protection act dosent actually limit anyones ability to collect personnel data. It just requires them to register the type of data they collect and its purpose.

If Google.co.uk is actually based in the UK then they have a legal obligation to register that they collect search data and use it for advertising. They do not have to tell you this. But if you ask they do have to give you at reasonable cost a list of all the data they have on you.

Of course this is all only valid if they have a company presence inside the UK. Otherwise it is no different to you phoneing a US company and ordering flowers they abide by US laws not UK. I have a co.uk address but have lived in the US for 8years now.

PS INAL but am a Software Engineer trained in teh UK so know a small amount about the DPA. But my data is 8yrs out of date so read it as such.

Um, That I Like Midget Clown Pr0n? (0)

Anonymous Coward | about 7 years ago | (#18676621)

Oh, crap.

What MSN knows about me (1)

metamatic (202216) | about 7 years ago | (#18676643)

I'd be surprised if MSN knows anything about me, given that I never use MSN for anything. I only have one friend who uses MSN, so it's never been worth abandoning my principles and signing up.

People who use MSN are the kind of people who refer to their web browser as "the Internet".

What if Google suggests I like porn? (1)

cyberianpan (975767) | about 7 years ago | (#18676661)

Say we accept our overlords as benign. Well a "useful" feature is clearly personalised search/news based on search history or email contents etc. This has been in beta in Google for some time. However what if in a workplace with a colleague looking over my shoulder I search for some innocuous term & it starts offering pornsites (which it knows being a single slashdottian I like) ? Problem is we all have secrets, closed areas ... if we use Google as our primary www interface & it works well then it's like we've written a diary - worse it has intelligent statistical mining in it that offers insights ! It could be the case that Google "knows" us nearly as well as our best friends but doesn't have the tact to keep its mouth shut at certain times !

That happened to me.... (2, Funny)

StressGuy (472374) | about 7 years ago | (#18677741)

I was in the process of refinishing my basement. It had existing cinder-block walls that I chose to leave partially bare along with conventional sheetrock walls which I added. So, not being clear if the same Latex based interior paint would adhere equally well to both types of walls, I googled for "Latex Bondage"

I got a lot of unrelated hits......

Does Track-Me-Not help? (3, Interesting)

sphealey (2855) | about 7 years ago | (#18676671)

Does anyone have any information on whether or not Track-Me-Not (which runs random searches against the big engines at random intervals) helps to confuse the trackers or not?


A way out (2, Funny)

Yurka (468420) | about 7 years ago | (#18676683)

There are precedents for suing yourself [theregister.co.uk] , so the door is open a crack. Actually, no matter what the TFA implies, I imagine that search history wouldn't be the most interesting piece of information you could find about yourself, if you arm yourself with a good subpoena against yourself.

What works for me.. (2, Informative)

mulvane (692631) | about 7 years ago | (#18676699)

I have a VPN tunnel to a hosted dedicated server I setup as a proxy to my home connection. All my home traffic first passes through it encrypted. I share this box out to a few people. To establish connection with the proxy requires secure vpn. At home, I have 2 firefox items in my menu. One for my casual browsing, and another that connects to the proxy and request it to even anonymous communication even further using tor. This, plus not saving cookies beyond session helps me feel at least a little more secure that I can't be easily targeted. It also removes the case of my ISP being able to turn over anything useful on me.

No ISP... (1)

tygt (792974) | about 7 years ago | (#18677535)

I don't have an ISP.... well, mostly; I have a business T1 link from AT&T (nothing remotely as good or better around here), but I'm under no illusions that AT&T won't still keep track of stuff.

Maybe they don't, but I have to assume that they do.

I'd assume that your dedicated server has the same sort of issue.

I'm not worried, I use Google. (0, Flamebait)

mattgreen (701203) | about 7 years ago | (#18676705)

I don't see what the big deal is here. Everyone should just use Google. They said they don't do any evil, so they must not.

Laws and other obstacles (0)

Anonymous Coward | about 7 years ago | (#18676727)

In some places (eg the UK) there are laws about the retention and usage that companies can make of the personal data that they accumulate on their users.
The UK Data Protection Act (which applied is if goto www.google.co.uk but not if I go to www.google.com) restricts the use and onward resale of personal data.
It also allows me to (upon the payment of a small fee) find out what data they hold on me.

Other countries may or may not have similar/better/worse provision for data protection.

Hint to readers.
  make sure you look at all those small tick boxes when signing up for online services. In many places there are options to opt out of your data being used for marketing purposes amd even onward resale. This should stop most of any abuses.
In the UK, the Data Protection Registrar is the Govt Agency responsible for protecting your rights. They like to come down hard on companies who abuse the act.

Should be the same as with credit reports (1)

MCZapf (218870) | about 7 years ago | (#18676757)

(Can't get to the article at the moment.)

I should have the right to receive, for free, a copy of any information a company has about me. It should be the same as with my credit report. By law (in the U.S.) you are entitled to a free copy of your credit report every year. I don't see why this concept can't be extended to ALL personally-identifiable data. For example, look at the way Google allows people to see their own search history. A law is needed, a "freedom of information" act, if you will, except this one should be applicable to organizations other than the government.

What about identity theft? (0)

Anonymous Coward | about 7 years ago | (#18677647)

Imagine someone accessing all your data from Google by pretending to be you, that's more disturbing than not being able to access the data at all.

Slashdot assignment (1)

VikramSingh11111 (1086611) | about 7 years ago | (#18676799)

I think its wrong on the part of big search/email engines to log information about its user. For example whenever I use gmail and suppose I am writing an email to my sister asking how she is after her hernia operation, next time when I enter gmail I see all these ads on its interface about medicines/solutions for hernia. This clearly states that all this information is logged somewhere. Seems like we all need to be careful about what we typein our emails. I like how the physical world functions. If I go to a bookstore and buy a specific book, I am not bombarded by similar books the next time I go there. I again have the pleasure of browsing the whole selection rather than having options thrown at me without wanting them. Even though the internet has a larger catalogue of options, sooner or later everyone realizes that through their so called clever use of cookies and information logging we always get the same boring things thrown at us. These online companies do not believe in diversifying the customers options but it believes that if someone buys an action flick, they will always be buying the same genre. Atleast in the real world I am not pre-judged on my previous transactions.

Things you can do if you use Google... (1)

CyberZCat (821635) | about 7 years ago | (#18676855)

You can mostly protect yourself from this if you use Google and a few simple tips:

1. If you have a Google account, make sure to disable search history and clear your previous searches. Also only login when necessary, not for general surfing.
2. If you get use Firefox get the CustomizeGoogle [customizegoogle.com] extension, it allows you to disable Google click tracking and also the Google Cookie (along with a bunch of other nice options like ad removal).

This still won't protect you from your local browser history on your computer, or from your own IP address, you can use a proxy to help conceal your IP from Google, and clearing your local history is easy enough. It really depends on how paranoid you are as to how extensively you wish to cover your tracks.

Finally, another choice is to use the Scroogle Scraper [scroogle.org] for your general searches, which is basically a totally anonymous Google-front end without Google ads.

Re:Things you can do if you use Google... (1)

dimeglio (456244) | about 7 years ago | (#18677421)

I didn't read TFA and INAL but could you not simply write a registered letter to Yahoo, AOL, Google, et al. to inform them that you now refuse their license agreement and that you are cancelling your account? You can also then request in that letter that any information about you, stored searches, IP address records, etc be completely and permanently erased from all media, including but not limited to tape backups, off-site storage, etc... Once it's sent, it should protect you from any exposure as part of a potential subpoena. Any information they pull should not be admissible - as long as you keep your records in order.

Oh all Mighty Google (0)

Anonymous Coward | about 7 years ago | (#18676885)

Can you tell me what I did to piss my wife off yesterday, she's acting like a real bitch!

Trademark (1)

Archangel Michael (180766) | about 7 years ago | (#18676907)

It is time to trademark all the things about you that make yourself unique. Then, they cannot buy or sell your info without your expressed permission, which you don't do,

My identity is not for sale, thank you very much. My personal details, aren't for sale, thank you very much.

...I don't know it? (2, Insightful)

Slaryn (986308) | about 7 years ago | (#18677165)

...records of the searches you make, the health problems you research and the investments you monitor, can be requested by government investigators and subpoenaed by your legal adversaries. But this same information is generally not available to you.
Erm, what? I'm pretty sure that what health problems I've researched or investments I've monitored are available to me, since I was the one that did them.

mod dof3n (-1, Offtopic)

Anonymous Coward | about 7 years ago | (#18677419)

corporate to deliver what, It. Do not share than its W1ndows cuurent core were BSDI is also dead,

It is available to you (2, Informative)

kippers (809056) | about 7 years ago | (#18677713)

If you live in the UK, then it *is* legally available to you under the Data Protection Act 1998 (for a maximum of £10). Under s.7(1).(a)(b)(c), they are required to give you a access to "the information constituting any personal data of which that individual is the data subject" (s.7(1).(c)(i)).

Go ahead and try.


Anonymous Coward | about 7 years ago | (#18677901)

Since it is being /.'d.

What do Google, Yahoo, AOL and Microsoft's MSN know about you?

America's top four Internet companies, Google, Yahoo, AOL and Microsoft's MSN, promise they will protect the personal information of people who use their online services to search, shop and socialize.

But a close read of their privacy policies reveals as much exposure as protection.

By Elise AckermanMercury News
The massive amounts of data these companies collect, which can include records of the searches you make, the health problems you research and the investments you monitor, can be requested by government investigators and subpoenaed by your legal adversaries.

But this same information is generally not available to you.

The risk is that personal information that can be traced to you will at some point be provided to someone else, like the 20 million AOL searches that were published on the Internet at the beginning of August and are now causing random AOL users to admit that they looked for ``movies for dogs'' or ``welley shoes.''

Two months ago, the San Jose Mercury News began asking the Big Four Internet companies to clarify their privacy policies. The newspaper wanted to know precisely what information was recorded when someone made a date on Yahoo, sought help for addiction on MSN or plotted their daily peregrinations on Google maps.

How long was the data kept? Could someone's Internet searches be cross-referenced with their horoscope habit? Could a person find out exactly what was stored about him or her? Could a person ask Google, Yahoo, AOL or Microsoft to delete that data?

How often was personal data being requested by law enforcement? Could someone subpoena someone else's searches in a civil suit? Was this happening?

Few answers were forthcoming.

Google and Yahoo both said they kept data ``for as long as it is useful.'' Microsoft said it kept data ``based on needs to run and maintain our online services effectively while protecting user privacy.''

AOL said in an interview that data was retained for ``roughly up to 30 days'' -- but that turned out to be not entirely true.

The companies declined to provide any details about how often user information was given to law enforcement or to others.

``If these companies can't give definitive answers about how they are handling this incredibly sensitive and private information, Congress needs to demand answers from them,'' said Kevin Bankston, an attorney for the Electronic Frontier Foundation, a civil liberties group that has asked the Federal Trade Commission to investigate AOL's disclosure of search records.

A few weeks after the Mercury News made its request to the companies, AOL published the searches of approximately 658,000 AOL users on a public Web site as part of an effort to share data with researchers. The searches, which were done from March to May, provided an incredibly intimate glimpse into the life of the searchers.

On March 1, AOL User 310416 looked for ``how to self induce your own labor.'' A few days later she searched on ``true contractions,'' then she did an ``inmate search,'' which took her to the Illinois Department of Corrections. Later in the month, she searched for ``bedbugs'' and ``matress sets in illinois.''

AOL User 792334 looked for ``aol privacy guard,'' before progressing to ``tan ropey bowel movements'' and ``symptoms of parasites.''

Some users looked for child pornography and sex partners. Others sought the ``best way to avoid jury duty'' and ``misdamenor extradition to alaska.''

According to an analysis done by the Electronic Frontier Foundation of the AOL data, 106 users typed in what appeared to be Social Security numbers. More than 3,700 users typed in what appeared to be phone numbers, while more than 4,000 users entered what appeared to be a street address.

All of which showed how easy it would be to track a person down through their searches.

``Search logs are quite possibly the single most revealing record that we've ever had ability to create,'' Bankston said. ``They're practically a printout of the goings on in your brain.''

While AOL is unique among the Big Four in that its users are easily identified by an AOL user name after they have logged in, people who frequent Google, Yahoo and MSN are also monitored by a combination of digital tracking systems.

First, there is the IP address that is assigned to every computer each time it connects to the Internet. Internet service providers, such as AT&T and Earthlink, retain records of all the IP addresses given to a particular subscriber for periods ranging from 30 days to seven years.

The Internet companies log these IP addresses every single time information is requested from their servers. In other words, there is an IP address associated with every Google search, every Yahoo video and every game played on MSN.

Once a person has an IP address, they can request a court order forcing Google to turn over the searches, or other user information, associated with that IP address.

The Big Four also employ unique alphanumeric strings, called ``cookies,'' to track their users as their IP addresses change. For example, Google typically installs one cookie in the browser of a person who wants to use its search engine and upwards of 10 to use Gmail. Yahoo installs four cookies to use its home page, plus one from the advertising network DoubleClick.

Users can delete the cookies, but the companies require that new cookies be accepted in order to use popular services, like Yahoo mail or the Google's Notebook. These services require registration, and allow the companies to continue matching IP addresses with a particular user.

``Once you register with Yahoo! and sign in to our services, you are not anonymous to us,'' Yahoo's privacy policy states.

Microsoft's policy says: ``The information we collect may be combined with information obtained from other Microsoft services and other companies.''

The record of an online life can thus be assembled almost minute-by-minute by combining logs from different services recording not only Internet searches, but all other activity.

``This is sometimes possible, but it depends on which services and can be extremely difficult to do because the services were not built to do this,'' said Nicole Wong, a Google lawyer, in a written response to the Mercury News.

``The concern is that as more and more data is stored electronically, the more risky the situation becomes,'' said Joe Kraus, chief executive of JotSpot, and a co-founder of Excite, an early search engine and Internet portal.

Concern about computerized record keeping dates back to at least 1973, when a federal task force recommended a ``Code of Fair Information Practice,'' to protect citizens against ``arbitrary and abusive record-keeping practices.''

The code had five tenets: There must be no secret record-keeping system. There must be ways for people to learn what information is kept about them and how it is being used. There must be ways for people to keep information that was obtained for one purpose from being used for another. There must be a way to correct inaccurate information, and organizations that collection information are responsible to prevent its misuse.

The code formed the basis of a number of federal and state laws, including the Electronic Communications Privacy Act and the Video Privacy Protection Act, which requires video-tape rental records to be destroyed after one year.

``The problem today is that privacy policies that the private sector is relying on do not provide the same type of protection as traditional privacy laws or codes of fair information practices would, because the companies do not clearly take on responsibilities and the policies do not clearly give individuals rights,'' said Marc Rotenberg, executive director of Electronic Privacy Information Center.

``In fact many of these privacy policies actually operate as disclaimers or waivers.''

The Big Four defend their policies, saying they provide clearly written descriptions of how personal data is collected and used.

``Microsoft maintains a commitment to protecting the privacy of our customers and works very hard to develop notification approaches and processes that make it easier for our customers to understand how their information is used,'' Peter Cullen, Microsoft's chief privacy strategist, wrote in a letter to the Mercury News.

Indeed, the Big Four all collect personal information for the same reason: To make their services better and to provide a targeted audience to advertisers.

Already worth billions of dollars, online advertising is projected to reach $29 billion, or one tenth the U.S. total advertising spending, by 2010, according to research company eMarketer.

The more precisely Internet companies can match a user with an ad, the more money they stand to make. Hence the drive to amass personal information by the gigabyte.

Experts say the concentration of personal data kept by the biggest Internet companies is unprecedented -- and potentially dangerous.

``Imagine that your life is recorded in such a way that never happened in the history of mankind and that information can be discovered in the course of litigation,'' said John Palfrey, executive director of the Berkman Center for Internet & Society at Harvard University.

None of the Big Four would respond to questions about the nature or number times they have provided a user's information to a third-party.

In sworn testimony to Congress in June, John Ryan, AOL's chief counsel, said AOL was receiving over 14,000 subpoenas a year, not including search warrants or other orders related to suspected criminal behavior.

Local prosecutors say Internet companies are generally cooperative with criminal investigations, but they could not quantify the number of times any one company has been approached. They said investigators typically get search histories from log files on a suspect's computer.

That is where North Carolina investigators looked for information about Robert Petrick after his wife's decomposed body was found in Falls Lake. Prosecutors in Petrick's murder trial told jurors that he had searched Google for words ``neck,'' ``snap'' and ``break.''

Four days before he reported his wife missing on Jan. 22, 2003, they said he also researched the level of the lake, water currents and boat ramps.

Petrick was found guilty largely on cir*****stantial evidence, including the Google searches.

In retrospect, Assistant District Attorney Mitchell Garrell said it might have been more efficient to ask Google directly for the information because investigators had spent months sifting through approximately nine gigabytes of data on Petrick's computers.

Jack King, a spokesman for the National Association of Criminal Defense Lawyers, said Internet searches are likely to be increasingly used to develop leads in criminal cases and to investigate people without their knowing.

``I predict it will be even bigger in the civil litigation field,'' he added, noting that use of electronic records was initially embraced most enthusiastically by civil litigators.

In order to get your search data or other Internet information, a legal opponent in a civil suit would only have to ask for it.

A court order for producing do*****ents, known as a subpoena, can be written and signed by an attorney of record in a civil case in California.

``As a general principle there are relatively weak standards for protecting that data,'' said Eric Goldman, director of the High Technology Law Institute, Santa Clara University School of Law.

After receiving a subpoena, the Big Four say they notify the person whose information is involved and give them time -- usually about two weeks -- to fight it in court. (An exception are e-mails, which according to a recent California appeals court ruling must be subpoenaed from the people who created them.)

It may be difficult for many people to make a legal argument protecting their information, in part because few people can remember what they have searched for. The Big Four generally won't let you review the data they have collected.

The exception is an option called ``personalized search,'' which is offered by Google and Yahoo. By logging in, users allow these companies to keep track of their searches regardless of changing IP addresses or cookies. In exchange, users get to see their search histories.

AOL also allows users to review searches, but only for 30 days. Afterwards, the searches are stripped of user names and IP addresses and saved indefinitely for research purposes. These are the searches that were published on the Web in early August.

While AOL's mistake is unlikely to be repeated, attorneys say there is nothing to prevent search histories from becoming standard evidence in court.

At that point, the searches will no longer be in any way anonymous, and the intimate, awkward and curious stories they tell will become part of the public record.

Contact Elise Ackerman at eackerman@mercurynews.com or (408) 271-3774.

It's a conspiracy! (1)

RichardDeVries (961583) | about 7 years ago | (#18677967)


You don't have permission to access /money/microsoft/04/09/what-microsofts-msn-google- yahoo-and-aol-know-about-you.html on this server.

Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
Apache/1.3.37 Server at haisojnetwork.com Port 80
Scary indeed!

WoW (1)

scottennis (225462) | about 7 years ago | (#18678203)

Crap! You mean they can subpoena Blizzard and find out that I'm the one who slaughtered all those Shadethicket Stone Movers and Bark Rippers near Fallen Sky Lake on Sunday night?

Pull and Intel (0)

Anonymous Coward | about 7 years ago | (#18678563)

Hey you can just hire intel to purge all your data. They seem to be very good at it.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account