©Sean McManus - www.sean.co.uk
Twitter RSS www.sean.co.uk

UK freelance journalist and author Sean McManus

Home > Blog

AOL betrays user trust

08 August 2006

Changing ISP is like changing your bank. It's a real hassle. You have to tell everyone your email address has changed. You have to update all your banking and online shopping sites, so that you can be sure that those accounts remain secure. There will be many people who will regularly hop between ISPs, in the same way many people are rate-whores, flitting between credit cards. Most of us, though, settle down with an ISP and stick with it for a long time.

So choosing the right ISP is important. You would expect people to study the privacy policy, and terms and conditions to work out what kind of junk messages they will have to endure, what they'll be allowed to do, and how much it will cost. If they don't, then they can't complain later. If they do, then they know what they're buying and it's part of the contract between supplier and customer. But what if the privacy policy turns out to be lies?

The blogosphere is up in arms over AOL. It released the search history [link broken] of over 500,000 of its users. It replaced screennames with unique numbers, but that's not enough to completely conceal everyone's identity. Some people have searched for themselves, their friends or local amenities. Some of the more exciteable blogs are suggesting there is evidence of criminal intent in the searches, which goes to show how dangerous this data is. People leap to conclusions.

AOL apparently released the data as a contribution to the research community. Maybe they didn't study it closely enough or realise the privacy implications. You could argue that releasing the data was a foolish mistake. Yes, they're stupid, but at least they didn't mean harm.

Well, here is where it gets evil. There doesn't seem to be any doubt that they betrayed the contract they agreed with their users. Their own privacy policy says that 'information about the searches you perform through the AOL Network and how you use the results of those searches' is part of a user's 'network information'. That information, the policy adds, will only be disclosed as set out in the privacy policy. There's the usual stuff about law enforcement, managing their own network and any disclosure you've consented to. But there's nothing about releasing the entire data set into the public domain for research purposes.

AOL has pulled the data set now, but it's widely available online. The company could recover from making the mistake of releasing the data, provided it apologised [link no longer available] often and sincerely enough. Recoveries like that happen in business all the time. I don't think it will be able to recover so quickly from the breach of its own privacy policy. How can AOL ever expect customers and prospects to trust it again?

Related links:

Labels: ,

Bookmark and Share
Permanent link for this post

Dip into the blog archive

June 2005 | July 2005 | August 2005 | September 2005 | October 2005 | November 2005 | December 2005 | January 2006 | February 2006 | March 2006 | April 2006 | May 2006 | June 2006 | July 2006 | August 2006 | September 2006 | October 2006 | November 2006 | December 2006 | January 2007 | February 2007 | March 2007 | April 2007 | May 2007 | June 2007 | July 2007 | August 2007 | September 2007 | October 2007 | November 2007 | December 2007 | January 2008 | February 2008 | March 2008 | April 2008 | May 2008 | June 2008 | July 2008 | August 2008 | September 2008 | October 2008 | November 2008 | December 2008 | January 2009 | February 2009 | March 2009 | April 2009 | May 2009 | June 2009 | July 2009 | August 2009 | September 2009 | October 2009 | November 2009 | December 2009 | January 2010 | February 2010 | March 2010 | Top of this page | RSS