Special offer: Join AOL now and lose your privacy! It’s FREE!

AOL's barn door is unlocked

Last edited/updated 11-02-2006.

AOL has sucked since they started.

From censoring in chat rooms to charging too much for dial-up to forcing spyware and virus downloads when members install their bloated software, which wrecks smaller systems like my own, to letting legitimate email hit spam filters, to refusing to let customers cancel, to treating call reps like canned goods in drab, overstuffed pantries (called pods), then tossing them out for not being clever enough or just to reduce costs, to firing John over Vinnie Ferrari rather than retraining him, to their latest crime against humanity — the release of 650,000 user search queries to the public — AOL proves time and again they never value the heart of their business: the people who pay for and maintain it.

Readers may recall late last year the DOJ asked for search engine records from AOL, MSN, Yahoo! and Google. Google was the only company to refuse to comply. For one brief, shining moment, Google could do no wrong in my eyes, but I came to myself again.

Now that the dust has settled from that there’s this (the data sets were pulled 10 days after release so you won’t find them using research.aol.com, the site used to show their stuff to us). Those “AOL searches” are actually Google searches — their engine is based on Google’s, and this data set release pissed them off: read more here.

Tech Crunch is going crazy and webmasters are calling for boycotts but AOL’s members are too willing to say, “Uh, well maybe that’s not good,” get busy a minute later with an AIM chat and never think of it again. AOL has pulled another fast one and they don’t have any idea what to do about it, if they’re even aware of it.

View AOL’s description of the data sets here. The files are available there, too. Be warned, the download is 439MB before it’s unzipped, over 2GB once it’s unzipped, and you’ll need WinZip, 7Zip or WIN-RAR to open it, and lots of RAM to view the data in a text editor without crashing your system.

SEO masters of both white and black hat persuasions are jumping on the new marketing data gleefully, and hundreds of private citizens are dissecting it to see if they can identify people using search terms. The records are now public info so the government can do what they want with them — if you’re easily recognized by how you search, you don’t know who may come calling.

Keep it up, AOL, and let us deal with that bitter taste in our mouths as our faith in humanity, thanks in no small part to your heartless, money-grubbing mismanagement, grows steadily weaker and harder to recall.

What we’ll have to remember you by when you finally cave in on yourselves is how selfish, uncaring, and downright evil you always were.

08-08-2006: Updates…Careful examination of the data reveals it contains hundreds of credit card numbers, Social Security numbers, passwords, and personal search terms. Some claim anyone can be identified by a careful parsing and examination of the data. AOL apologized to members, who were always more loyal by a hair than they ought to be, an awe-inspiring fact if it proves they lack discernment.

AOL should be ashamed for trying to be more than the no-brain alternative to the real Internet. In an effort to seem geeky and intellectual (i.e. like Google) they released the information Google got a judge to agree should never be released — not to our government, much less to the public.

Now they’re blaming the people who did the research and published it, as if they weren’t under orders from higher-ups at AOL to do what they did. I don’t buy the ploy they use so often: “Let’s exonerate ourselves by isolating who did this and fire them.” They did that to John, the call center guy who lost his job over Vinnie, and I’m still disgusted and amazed at the tackiness and short-sightedness of that.

AOL is clueless how much it damages their rep to single out a few employees rather than say, “We’re a team at AOL, so we’re in this together — together we’ll take the blame and do all we can to make this up to members.”

A little later: There’s nothing some won’t take advantage of, with ignorance the hottest commodity. Now the data sets are being auctioned on eBay, bids starting at $10.50. Don’t fall for it — there’s hundreds of working download mirrors to get the files for free.

LiveJournal prohibits me hotlinking to such downloads. Even if I could it’s against my values to give the files out, but I assure you, I got them for free. If you want, there’s a way to view them without downloading a single file: visit aolsearchdatabase.com, and don’t say I don’t talk out both sides of my mouth.

Read what Jason Calacanis has to say about this fiasco (“Let’s not keep search logs ever again!”), and the furious comments that follow.

Some more updates, 08-15-2006: The Electronic Frontier Foundation says AOL’s gaffe could cost them up to $686 million if members sue. For naysayers who say bloggers are throwing a fit over nothing, one member was identified using the data sets, which include a picture; learn more about her here. For those who say the data was removed so quickly from research.aol.com that no harm was done, please stop. If I laugh much longer I will lose my breath.

Here’s a partial list of sites gleefully disseminating all they can about AOL members:

Even Capitol Hill got in on AOL’s biggest public relations disaster of 2006, issuing an official rebuke for releasing sensitive information to the public.

Still another update, 08-22-2006: AOL’s gone ahead and done what I predicted: fire people over the dataset release. Stuff it, AOL. I don’t buy the “We didn’t know” defense:

“This wasn’t properly vetted.”

“This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team.”

AOL claims conspiracy: dark-child employees teamed up in secret meetings in the dead of night and broke all of AOL’s “privacy” and “vetting” rules to get these data sets into everyone’s hands…because they wanted to get fired? They love trouble? They’re new employees who didn’t know AOL has rules? That’s what we’re lacking here, folks: a clear motive. Why would anyone risk their careers and reputations to “do this” to AOL?

(Added a little later…) Another thing: AOL’s research.aol.com went live on August 4; the data sets went up that day. Are they claiming an entire subdomain created for research and scholarly pursuits, made available to the public from Day One, is something they were unaware of? I call bullshit.

So does the EFF, and they filed a formal complaint with the FTC over it (you should too, if you’re a member who’s searches were made public, and/or if AOL bills after you cancel). An HTML version of the EFF’s complaint is here. They filed to:

“…force AOL to pay for credit monitoring for users affected and waive fees for subscribers wanting to cancel the online service.”

AOL claims they have no way to notify 650,000+ members affected by this data release that their privacy and security is under siege, but that isn’t entirely true; AOL went out of their way to remove identifying data about each member before releasing it, inserting anonymous tracking numbers instead. How could they not have what they need to send emails to these people?

From the internetnews.com article, the EFF is quoted as saying:

“AOL twice violated the FTC’s deceptive trade practices by not protecting consumer information from public disclosure and failing to use proper security to protect consumer information’…EFF would like to raise the protection of search engine strings to that of e-mail.”

Complain to the FTC here: FTC Complaint Form

Latest update, 09-05-2006: AOL shut down research.aol.com and fired all one employee supposedly responsible for this: Abdur Chowdhury. According to a commenter on Greg Linden’s page:

“…[Abdur] was the crux of their research initiative, and pretty much the only person there. Which means they really have no option: considering it’s an empty organization with a disreputed name, shutting it down makes sense overall.”

Doesn’t this fly in the face of what they claimed earlier (see above): “This incident took place because some employees did not exercise good judgment or review their proposal with our privacy team.” Well, some employees sounds like more than one to me. It’d be nice if they’d keep their stories straight, but they can’t.

Good grief, another update, 09-29-2006: Now AOL’s being sued, in addition to the FTC compliant filed by EFF. According to this C|Net article:

“The lawsuit…accuses AOL of violating the Electronic Communications Privacy Act and of fraudulent and deceptive business practices, among other claims, and seeks at least $5,000 for every person whose search data was exposed.”

5,000 dollars…that would buy some Christmas presents. Too bad I wasn’t a member of AOL when they pulled this stunt.

From the page that never stops getting updated, 11-02-2006: Just learned the World Privacy Forum filed with the FTC in August as well; this is the PDF version.