Week in review: The seedier side of search

AOL suffers a black eye this week thanks to its search business, but it also gives us an eye full of surfers' bizarre search habits.

Steven Musil Night Editor / News
Steven Musil is the night news editor at CNET News. He's been hooked on tech since learning BASIC in the late '70s. When not cleaning up after his daughter and son, Steven can be found pedaling around the San Francisco Bay Area. Before joining CNET in 2000, Steven spent 10 years at various Bay Area newspapers.
Expertise I have more than 30 years' experience in journalism in the heart of the Silicon Valley.
Steven Musil
6 min read
AOL suffered a black eye this week thanks to its search business, but it also gave us an eyeful of surfers' bizarre search habits.

AOL apologized for releasing search log data on subscribers that had been intended for use with the company's newly launched research site. The randomly selected data, which focused on 658,000 subscribers and posted 10 days ago, was among the tools made available for use on AOL Research. The Internet giant has since removed the search logs from public view.

"This was a screw-up, and we're angry and upset about it. It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant," AOL, a unit of Time Warner, said in a statement.

Although AOL had used identification numbers rather than names or user IDs when listing the search logs, that did not quell concerns of privacy advocates, who said that anyone among the 658,000 could easily be identified based on the searches each individual conducted.

The 21 million search queries also have exposed innumerable life stories, ranging from the mundane to the illicit and bizarre.

From that massive list of search terms, for instance, it's possible to guess that AOL user 710794 is an overweight golfer, owner of a 1986 Porsche 944 and 1998 Cadillac SLS, and a fan of the University of Tennessee Volunteers Men's Basketball team. That's pretty normal. What's not is that user 710794 also regularly searches for "lolitas," a term commonly used to describe photographs and videos of minors who are nude or engaged in sexual acts.

Many CNET News.com readers were furious with AOL for the flub, while others didn't see the release as much of a threat to their privacy.

"After a certain point in time that data needs to be scrubbed, unless you like the idea of being able to (be) profiled based upon your internet activities," one reader wrote to the TalkBack forum. "This profiling not only makes Google et al money but can also result in unexpected situations for you."

CNET News.com compiled a series of excerpts from the AOL search logs, with each user's search terms included in chronological order.

The privacy gaffe may breathe new life into a proposal to slap strict rules on what data Internet companies may collect. Rep. Ed Markey, a Massachusetts Democrat, said the disclosure demonstrates that new laws are necessary. AOL has apologized for the disclosure.

Markey's proposal is intended to cover far more than search engines. It seeks to import European-style privacy regulations by requiring all Web site operators to delete from their logs personal information, defined as everything from a name and e-mail address to--in some cases--an Internet Protocol address. Violations would be punished by the Federal Trade Commission.

To offer some suggestions about preserving your privacy while using search engines, CNET News.com has prepared a list of frequently asked questions.

Meanwhile, Google users should have faith that their Web searches won't end up being public information like they have at AOL, according to Google CEO Eric Schmidt.

"We have systems in place that won't allow it to happen," Schmidt told reporters Wednesday after a keynote discussion at the Search Engine Strategies conference here. However, during the keynote discussion, Schmidt had hedged a bit, saying, "We are reasonably satisfied...that this kind of thing could not happen at Google," before adding, "Never say never."

Leopard in the ring
Apple Computer gave developers a preview of Leopard--the next version of Mac OS X--as the Worldwide Developers Conference kicked off in San Francisco.

Apple didn't offer a full look at Leopard but instead showed off a top-10 list of new features the operating system is set to sport upon debuting next spring. Among those features is a Time Machine option that automatically backs up files on a Mac. Other features include enhanced videoconferencing options, improved Mail and the inclusion of the Front Row media software and PhotoBooth picture-taking programs that previously have been available only on new Macs. (To see CNET Reviews' first take on the Leopard preview, click here.)

Apple also introduced the Mac Pro, the company's first Intel-based professional desktop. The Mac Pro offers a similar casing to the Power Mac G5 that preceded it, but it replaces the older PowerPC processors with two dual-core Intel Xeon chips, as well as space for two optical disc drives and up to four hard drives.

Leopard's Time Machine will let Apple users search for the last time they saved a document, picture or any other file on their Mac. Only around a quarter of all Mac users back up their files, and just 4 percent do so automatically, Apple said. Time Machine will make it easy for Mac users to set up automatic backups and restore the file they desperately need, the company said.

So which will come first, Microsoft's Vista or Apple's Leopard? That is the question that was on the minds of many after Apple announced that the new version of the Mac OS X operating system will arrive next spring. Microsoft has said it plans to release Windows Vista in January. However, it has hedged somewhat, and many analysts believe the update won't arrive until later in the year.

Apple CEO Steve Jobs first talked about Leopard at last year's developer conference, saying it would arrive in late 2006 or early 2007. Vista, meanwhile, has suffered through many delays, most recently missing its target of being ready for PCs on sale in this year's holiday shopping season.

Fixing a hole
In a rare alert, the U.S. Department of Homeland Security urged Windows users to plug a potential worm hole in the Microsoft operating system. The agency, which also runs the United States Computer Emergency Readiness Team (US-CERT), sent out a news release on Wednesday recommending that people apply Microsoft's MS06-040 patch as quickly as possible. The software maker released the "critical" fix Tuesday as part of its monthly patch cycle.

"Users are encouraged to avoid delay in applying this security patch," the Department of Homeland Security said in the statement. The patch fixes a serious flaw that, if exploited, could enable an attacker to remotely take complete control of an affected system, the agency said.

Microsoft issued a dozen security bulletins, nine of which were tagged "critical," the company's highest severity rating. However, the flaw addressed in MS06-040 is the only one among the updates that could let an anonymous attacker remotely commandeer a Windows PC without any user interaction.

Microsoft is also feeling heat over a new feature in Windows that security software makers say is locking out the good guys, but letting in a lot of bad guys. Microsoft designed PatchGuard to safeguard core parts of Windows, including Vista, against malicious code attacks. But some security companies say that the feature makes it harder for them to protect Windows PCs, as it locks them out of the kernel, the core of the operating system.

Microsoft defends the technology, which applies only to 64-bit versions of Windows. Cybercrooks have found ways to exploit the kernel for malicious purposes, making the protection offered by PatchGuard key to securing the operating system, said Stephen Toulouse, a program manager in Microsoft's Security Technology Group.

In a third and final report on Windows Vista, Symantec examined the security of the operating system core and found some vulnerabilities. Vista includes several barriers designed to prevent malicious code from gaining access to the operating system kernel. These enhancements are "quite substantial" and result in a "dramatic reduction" of the overall attack surface of the operating system, Symantec said in a report.

"However, we have identified certain weaknesses in the kernel enhancements that may be leveraged by malicious code to undermine these improvements," wrote Matthew Conover, principal security researcher at Symantec.

Microsoft dismissed Symantec's report as old news, because the research is based on a Vista build released several months ago.

Also of note
Microsoft is putting a halt to a version of its Virtual PC software for Intel-based Macs...A federal appeals court ruled in favor of IBM in an age-discrimination suit concerning a change in pension plans that the plaintiffs said favored younger workers...Microsoft offered the first glimpse of an external HD DVD drive built for the Xbox 360 game console.