Thelma Arnold's personal A-O-Hell (and caveat emptor)

Run and hide, it's IT Blogwatch, in which AOL users find their privacy compromised. Not to mention cheap retro gaming consoles (buyer beware)...

This week, we've seen the first report of an AOL user identified from her leaked search terms, as our own Martin McKeay reports:

The first person to be positively identified due to the AOL search query release this weekend is the lucky Ms. Thelma Arnold. Or at least the first person to allow her name to be put in print, that is.  I'm willing to bet the authors of the article identified at least one or two other candidates, and Ms. Arnold was just the first they could contact.  Give it another day or two and I'm sure more people will be positively identified.  There's just too much data, too easily searched, for more people to not show up. AOL has already admitted what they did was wrong.  They've apologized in general, and apparently to Ms. Arnold in particular.  But I still see lawsuits in the near future as more people are found due to their search queries.  And some people won't have innocent explanations for the nature of their searches like Ms. Arnold did.

David Berlind smells blood in the water:

By now, members of the "plaintiffs' bar" are probably hounding Ms. Arnold while they furiously dig through the rest of AOL's data (which is still on the loose) to identify other members of "the class" which could land a large and substantive class action suit in AOL's lap.  In case you don't know what the plaintiffs' bar is, I first learned of it when I asked in 2001 whether Microsoft can be held liable in any way for the many security transgressions against its customers (answer? No).  The plaintiffs' bar is an informal group of lawyers that build entire practices out of finding people and businesses that have been wronged, and filing class action lawsuits on behalf of those plaintiffs. The targets of these suits typically have deep pockets. So, in response to Weinstein's comment that there isn't a whole lot that AOL can do, my guess is that some of the lawyers that have probably already called Ms. Arnold since the New York Times story came out have some ideas.

Murky Matt Marshall calms our fears:

You may think it is sick for the NYT to write the story -- for outing the poor person. We link to it only because the woman comes off maintaining her respect (she's revealed as a well-rounded, conscientious person). The NYT at least did a decent job of selecting who it was going to pick on. If this sort of disaster doesn't get out to the mainstream immediately, the privacy time-bomb will only get more dangerous.

Rex Hammock swings gently in the breeze: [you're fired -Ed.]

AOL has a long tradition of doing really dumb things. So, its current blunder in releasing search data for "academic purposes" without considering the obvious result that people can sometimes deduce a searcher's identity by the terms he or she uses is merely another milestone in a journey of stumbles along the way ... I think AOL has the ability to turn things around, somehow. However, I believe the current private-data fiasco is much bigger than AOL is hoping it is. While most lay-people did not comprehend the significance of recent controversies surrounding the potential for government security agencies analyzing telephone call patterns (although it was never fully confirmed that phone companies cooperated), this AOL blunder may do a service to those who would like to demonstrate to lay-people (non-techies) what type of information we share through the simple act of searching for something on the Internet -- especially when people learn how easy it is to play detective.

Philipp Lenssen unspins the truth:

AOL said “there was no personally-identifiable data” linked to accounts found in their recently released search logs*. The New York Times proves them wrong... in a very visual way, by showing off the photo of one particular searcher (who agreed for this to be published).

Jack Schofield lays it bare:

One day, you might get a phone call from a reporter who knows more about you than your mother ever did. Not just facts that are publicly available, but the kind of pornography you like, the time you thought you might have AIDS, how you planned to dispose of the body of your spouse, and so on. And if you have ever searched for bomb-making instructions or child pornography or something similar, you can now worry about the fact that someone may well have kept a record ... Happily for [Thelma Arnold], she doesn't seem to have any skeletons in her closet -- she worries about the health of her three dogs, and her friends, and wondered when would be the best time to visit Italy.

Your humble blogwatcher was interviewed for American Public Media's Marketplace:

But tracking searches is what keeps companies like Google in business. They relay a person's click history to advertisers and the ad companies use that information to better target potential customers on the Web. Richi Jennings is an analyst at Ferris Research.

RICHI JENNINGS: "You know a lot of people think of Google as a search engine company. Hate to burst your bubble but, the business of Google is to advertise to you and be a broker for advertising."

Jennings says so long as consumers trust the search company they use, their records are relatively safe from prying eyes.

Mathew Ingram asks, "Is privacy dead?":

I realize that there is a lot of information included in what AOL released, and that by putting two and two together (as the NYT did) someone could come up with a pretty good idea of who did those searches. I guess the point I was trying to make is that much of that information is already out there, and is effectively publicly available. If you type in your name or address or credit card number, it can be tracked and accessed, and while it takes a little more effort and knowhow than sifting through AOL’s search data (Elliott Back helpfully describes how to do it here), it doesn’t take a whole lot more. Privacy of information on the Internet is not black and white — it is shades of grey. I guess that was my point ... If you want to explore the issue further, there is some great discussion going on not just in the comment section of my Globe blog but also at Greg Linden’s and Jeff Nolan’s.

Buffer overflow:

Around the Net

• 4sysops: Never sign up for ZDNet white papers
• Richi Jennings: Ziff Davis are SPAMMERS
• Dave Rosenberg: Lenovo to preload SUSE on Thinkpad
• Bruce Schneier: Surveillance Tour of Minneapolis
• Rational Security: ICMP = Internet Compromise Malware Protocol...the end is near!
• Neil Kjeldsen: Web 2.0: The 24 Minute Documentary
• Frank Gens: P&G’s CIO on Making IT Matter
• Matt Marshall: Local engineers find way to lower computer network costs: DC power

Around Computerworld

• Douglas Schweitzer: Security is only as strong as the weakest link!
• C. J. Kelly: This one is scary for some of us
• Dan Tennant: NeoEdge, EULAs, and Morality
• Tony Asaro: Avamar - Well Kept Secret
• Jerri Ledford: I love VoIP, and so does everyone else
• Shark Tank: It never rains, but it pours
• Martin MC Brown: Virtual PC exits stage left; VMware enters stage right
• Douglas Schweitzer: Call the Exterminator!

And finally... caveat emptor when buying a cheap retro gaming console

Richi Jennings is an independent technology and marketing consultant, specializing in email, blogging, Linux, and computer security. A 20 year, cross-functional IT veteran, he is also an analyst at Ferris Research. Contact Richi at blogwatch@richi.co.uk.