Posts Tagged 'Online Privacy'

*You Are What You Querying For: The AOL ‘Data Valdez’ Case of Thelma Arnold

A Short History Lesson: In July 2006 AOL offered a data-bank, containing the data of 20 million search queries by 680.000 AOL-users, for download on its website. Although the data was removed again shortly after, the data had found its way into the net and since then stayed there. This did not only prove as a PR-disaster (the ‘Data Valdez‘ case) but also triggered an interesting legal dispute (Does v. AOL LLC, Case No. C06-5866 SBA (N.D. Cal.; June 22, 2010).

Hendrick Speck already mentioned this case 3 years ago on the Suma e.v. conference but it took me until today (Thank You Links&Law) to get hold of the exactly facts of the case.

Although the AOL-users had been assigned random numbers to protect their identity it took reporters of the New York Times less than a month to identify at least one user (only) on the basis of the search queries of this user:

Continue reading ‘*You Are What You Querying For: The AOL ‘Data Valdez’ Case of Thelma Arnold’

*How Unique Is Your Browser’s Fingerprint? – The EFF’s Panopticlick Test

ORF’s reported last week about the PANOPTICLICK initiative of the Electronic Frontier Foundation which aims to inform users how traceable their browsers  are and suggest various  relief-measureSo far nothing new or exciting.

Things however got exciting when I ran the TEST with my default browser (Firefox) and was shown why my browser has got a pretty unique  (unique among the 414,408 browsers tested so far by the EEF) fingerprint on the world wide web.

Summary for Jurists: Browser do not only transmit very basic information such as the computer’s operating system (e.g. Intel Mac OS X 10.6; en-US), the language selected, the screen resolution, the time zone used but also about the plugins (e.g. Windows Media Plugin 2.2.1, Java Embedding Plugin, iPhotoPhotocast) installed and the individual fonts (as I do graphics for clients who use specific fonts, I have added a nice selection of fonts) that are installed on the computer. Each element of this information, continuously provided by your browser while surfing, viewed on its own, is widely irrelevant, but combined however it creates a pretty distinctive “fingerprint“.

Click on the image to be forward to the test page

To definitely identify a single person on the net 33 bits (quantity of entropy) are needed, my browser alone provides around 19 bits of information (For a very interesting description of the whole issue, that will force you to reactivate knowledge untouched since you last maths exam at high school, please click here).

At this point readers of this blog should be reminded of the fact that I also use a free blog counter ( which allows me to analyse some of the information (OS, browser type and version, screen resolution, location, ISP) mentioned above. I do this to track the performance of my recent post. The counter only stores the last 500 views (2-10 days depending on the traffic). To read more about this blog’s privacy policy please refer to the “About-Tab“.

*Google Won’t Search For Your Private Data; You Will Provide Google With It Yourself

Google Social Search allows users to customize their search results with content generated by those in their online social circle. But it requires everybody in that social circle to opt-in into the program (Google Profile). Thus the members of the user’s  social circle will  have to actively add links to the content they produce through services like Blogger, Twitter, Facebook, to their Google Profiles in order for it to show up in the searches some in their social circle does for a given topic.

If you are interested in Google’s new service in detail I’d recommend you Tom Krazit’s post on CNet , the original post on Google’s Blog (a good read with pictures and videos), Matt McGee’s post on Searchengineland or a  post on the issue in German by André Vatter.

What strikes me however is the fact that Google doesn’t actively search for your private data but instead places the burden on the individual user to actively produce content and to indicate to Google who is within his social circle. Thus a prerequisite for using Google Social Search is the use of Google Profile, a service I am heavily sceptical about.

If you want to try it out, open up a Google Profile and sign up at the Google Labs. After activating the option in Google Labs go to the US site of Google and try the service.

*Social Media Services Provide A Rich Resource for Data Mining

While people in the past used to be terribly worried about hackers etc. breaking into their computer and thus accessing their data, the current (at least gradually progressing) exhibitionism on the social web (feel free to call it ‘web 2.0‘) combined with a status quo of today’s search technology already enables to gain impressive insights not only into user’s private details, but also into users’ behaviour.

Such insights are of great relevance for e.g. the advertising industry as they enable advertisers to ‘efficiently target‘ the users and to supply them with ‘tailored ads‘, minimizing advertising waste coverage.

Not being able to index social networks thus constitutes a competitive disadvantage and thus search engines are willing to pay to be granted access to such data. As the data on e.g. Twitter and Facebook however is changing in “real time” SEs were required to modify the way in which they index data to be able to cope with short term peaks caused by unexpected events (e.g. Hudson river plane crash, Michael Jackson’s death, more >>here<<).

The service TweetPsych for example creates a psychological profile of any public Twitter account and compares it to the others already in their database. This enables the service to identify those traits/issues that are used more or less frequently by the user analysed.

Far less creepy but still interesting, Google also offers a service to help you gaining and combining information from the (social) web. The service Google Social Graph, still a Beta and aiming at developers, makes information about the public connections between people on the Web, expressed by certrain markup languages (XFN and FOAF) and other publicly declared connections, easily available. The service however returns only web addresses of public pages and publicly declared connections between them. The service is not able to  access non-public information, such as private profile pages or websites accessible to a limited group of friends.

Google Social Graph should help help users connect to their public friends more easily.

Google’s statement on the sources for their data doesn’t necessarily mean much as having e.g. a friend on facebook who has fully published and opened his profile for search engines will thus also enable search engines to gain access to certain data from your profile.

Since the most recent change of Facebook’s Privacy Policy in December 2009 some data (picture, current city, friends list, gender, and fan pages) is now deemed to be ‘publicly available information‘, which means that users have no way to prevent any other Facebook user from viewing this information on their profile. Thus it is e.g. easy for marketers to create a dummy facebook account and to supply facebook with an email-list of its customers. Facebook then scans the email-list and will as a consequence supply the marketer about his customers with all the information below:

“Certain categories of information such as your name, profile photo, list of friends and pages you are a fan of, gender, geographic region, and networks you belong to are considered publicly available to everyone, including Facebook-enhanced applications, and therefore do not have privacy settings. […]”

This data is furthermore also accessible to the developers of applications used by your friends. That means that you don’t even have to use the apps yourself to allow the developers of your friends’ apps’ so get your publicly available information. An option (FaceBook API opt-out) which could be used to prevent this got removed from Facebook through its last Privacy Policy change. For more information on this issue please refer to the EFF.

This Satelite Doesn’t Beep But It ‘Tweets’

Please click here if you want to follow this blog on Twitter.

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 94 other followers

Author’s Rights - Online reporting hotline for child pornography and nationalsocialist content on the internet
JuraBlogs - Die Welt juristischer Blogs

Previous Posts:

RSS Goldman’s Tech & Marketing Blog

  • An error has occurred; the feed is probably down. Try again later.

RSS Class 46 Blog

  • An error has occurred; the feed is probably down. Try again later.

RSS WIRED Epicenter

  • An error has occurred; the feed is probably down. Try again later.
wordpress stat