Lost in the Crowd
I don’t know how many of you are familiar with what happened over at AOL during the first week of August, but it was some pretty big news. Apparently, two AOL employees released information on over twenty million private online search records. Although AOL states that the information was stripped of any identifying information, ensuring that none of this information would compromise any of the individual users’ anonymity, it still happened. Of course, the two individuals responsible were let go, their direct supervisor and chief security manager have stepped down and AOL has publicly stated that all steps will be taken to make sure this doesn’t happen again.
As with any data security breach like this, there are going to be huge repercussions and lines being drawn on whose rights are getting stepped on. Is it the ISPs who feel this information is safe to share with others in order to better suit the customer’s needs? Then of course, you have the customers who react to these headlines in almost hysteria feeling betrayed and unsecured. This in turn, creates some security market where the competitors add to the mania, in order to move their products and services. (I mean, AOL should know, they almost invented this maneuver). Then you have the IT/security community with their take on things.
So, what is the “big picture,” you ask? Well, first of all, who is right in this situation? AOL says they need to share this information in order to better suit their customers and a lot of people in the security community agree. What information is actually in a search engine? People don’t search the Web using their social security number or their bank account. People are usually shopping, checking out top stories, looking for new jobs, etc. Keep in mind that search engines don’t save any of the content for the pages you visit, but they simply store the search words and results.
When you think about it in that light, it doesn’t seem like there is anything too horribly wrong with that and I honestly don’t think there is either. That is, until I read the story about a woman in Georgia who was apparently identified from the use of information found from the AOL leak. So that tells me that AOL cannot possibly state that all this information is useless in identifying an individual.
Well, in all the confusion, I do have a solution for you if you would like to keep your search engine data secure, just in case it’s a Web application that allows a user to stay anonymous while performing Web searches. What the service does is attempt to confuse search engine databases by sending out bogus search requests from what looks like your IP address. The one I’m introducing is called Lost in the Crowd. It uses random unrelated keyword searches to keep the engines thoroughly confused. The service will send out searches throughout the day, whether your PC is on or not. It bounces your requests for IP address to IP address while adding even more false information to the fake Web search.
Since there is nothing installed, the service won’t slow your PC down at all. Also, even though the service will send random searches out 24/7, it’s not being done from your PC, so its performance doesn’t come into play either. Lost in the Crowd does use a cookie, but it is necessary for it to perform its duties on the chosen search engines.
Check out Lost in the Crowd here.
Until next week, stay safe out there.
~ Chad Stelnicki