The Internet is awash with “anonymous” information that really isn’t all that anonymous. This information allows companies to provide a more customized Internet, one that acts and reacts to your thoughts, interests, and desires.
With just a small amount of that data, for example, Amazon.com Inc. (Nasdaq: AMZN) can recommend books that even your closest friend wouldn’t suggest.
When you think about how much the Internet truly knows about you (search habits, purchase behavior, Web surfing patterns), the thought is downright exhilarating.
Or frightening. Consider the now-famous article from The New York Times, where a reporter was able to take unidentified log files (surfing data) from AOL and determine exactly who was doing the surfing. In one case, they were able to match “user number 4417749” to Thelma Arnold of Lilburn, Ga., just by looking at her “anonymous” search data.
And that was three years ago.
Search data isn’t really that anonymous when you think about it, despite what Google (Nasdaq: GOOG) or AOL Inc. (NYSE: AOL) might lead you to believe. In the case of Thelma, she had searched on “landscapers in Lilburn, GA,” “Arnold,” “homes sold in shadow lake subdivision Gwinnett county Georgia,” “60s Single men,” “numb fingers,” “dry mouth,” “thyroid,” “dog that urinates on everything,” and “swing sets.”
As the reporters put it, “search by search, click by click, the identity of AOL user No. 4417749 became easier to discern.” And it didn’t take the reporters much time to track back her “anonymous” search files directly to Thelma. You can imagine Thelma’s surprise though, when she opened her door to find a reporter from the Times asking whether she’d been able to get the dog pee out of her carpet last week!
Unfortunately, many mainstream companies are getting sloppy and are openly violating our privacy. Even companies that aim to “do no evil” often inadvertently do so.
A few years ago, Google released a software program called Google Alerts. With alerts, you can sign up to be notified of news and Web alerts by typing in your email address and choosing keywords to be alerted to (e.g., “Bob Dylan LA Concert”). And it is smart, too: If you already signed up to be alerted to “Bob Dylan LA Concert” and try to sign up again, Google will instantly tell you that you have already signed up.
Smart, but maybe a bit too smart. Go to Google Alerts and use someone else’s email address and you can reverse engineer what they are tracking, as the system will confirm or deny the presence of existing alerts as you type in keywords.
If you had the email address for, say, Google CEO Eric Schmidt, you could quickly learn who he keeps tabs on, simply by typing in their names and getting confirmation. Maybe Schmidt keeps a close eye on Larry Page, one of Google’s founders. Maybe Schmidt regularly tracks himself. It would certainly cause Schmidt some grief if we learned that he decided to ignore Google’s other co-founder, Sergey Brin, entirely (no offense, Sergey). And what if we found out Steve Ballmer was tracking Sergey (Sergey is redeemed)? Or worse, that he was tracking some small public company that could be an acquisition target for Microsoft? [Ed. note: And what if his dog has peed on the carpet?]
As for me, I learned that no one on my executive team had alerts for me except my head of public relations (I used to have alerts for them until I found this bug). My mom and wife were nice enough to have alerts for me, but I digress. (I stopped my research after learning that, as it all started getting a bit sinister.)
Google will certainly fix this when they learn of the problem, but new problems will emerge if companies are not more careful. The Internet is an evolving creature, and companies have an obligation to ensure that it is not abused.
Our privacy will always be at risk, but the benefits are tremendous if companies work to minimize that risk. What we give up is small; what we gain is the Internet.
— Jeffrey M. Stibel is the author of Wired for Thought: How the Brain Is Shaping the Future of the Internet (Harvard Business Press, Sept. 2009).