Search Privacy: An Issue?, Part 2

In part one, we took a closer look at exactly what Google knows about you when you come to search. Today, we look at Yahoo’s search privacy issues and compare Google’s and Yahoo’s privacy policies.

The Rise and Fall of Yahoo Impulse Mail

Late last year, Yahoo considered what would have been the first significant use of personalized search history. Yahoo Impulse Mail would have delivered targeted email ads based on your searches.

This came to light in a report from last summer’s Direct Marketing Days. Through the program, anyone with a free Yahoo email account who hadn’t opted out of third-party ads might receive the targeted email. Marketers wouldn’t send directly; instead email would come via Yahoo

When I talked with a Yahoo spokesperson about the proposed program last year, I was reassured Yahoo would not share personal information with advertisers. It would serve as an intermediary.

“We have a strict policy of keeping user information within Yahoo Yahoo does not sell or rent user information to third parties,” said Yahoo’s Diana Lee.

I was also told the information would only be used in “aggregate” form, implying anonymity in being mixed with many others. It wasn’t clear what protection this would provide. My impression was Yahoo would aggregate a series of terms linked to a particular email ad, and those ads would go out to the users who searched for the terms. This doesn’t negate the fact individual users would still be personally monitored.

A defense of the program was people could “opt out” of getting these emails.

“The key thing is that people have opted in and signed onto their email account before doing the search,” said Alan Thompson, senior producer, in a story. “We’re being very conservative about privacy.”

This wasn’t reassuring. Sure, you could opt out. Yahoo offered no ability to opt-out of search monitoring while logged in as a user. To keep searches private from Yahoo, you needed to log off as a Yahoo member.

What happened to the program? Today, Yahoo says it was never formally announced, despite the earlier positioning. Yahoo also says it has no plans to go ahead with it. The company claims it was an idea some Yahoo staffers were considering.

Privacy and Personalized Search Results

The first major mining of personal search history failed to materialize. That doesn’t mean it won’t come up again. We’ll almost certainly see mining happen when some search engine is brave enough to try personalized search results.

In such a system, a search engine might feed you results customized based on your age, sex, and other demographic or personal information. You’d need to register and agree to the terms.

I wrote about the potential of such systems back in 1998: “I’ve long been expecting for some journalist to track down what a politician is searching for while at work, in the way that some have sought video rental records.”

Personalized search is in the future. Indeed, in September 2001 Google acquired a firm, Outride, that was working on a personalized search solution. Google has done nothing public in the space. Nor are other major search engines suggesting they’re about to do so. User privacy concerns have been a key factor in holding this back.

Time for Better Privacy Policies?

Clearly, some people worry about the privacy of their search requests. The entire search industry might reexamine their privacy policies and consider expanding them to provide more specifics about what happens with search data.

Let’s look at the policies of just two search engines, Yahoo and Google, to illustrate some potential changes and problems.

Yahoo’s Search Privacy Policy

When I looked at the Yahoo Impulse Mail program last year, a defense Yahoo offered about the proposed program was its privacy policy made clear searches were monitored:

When visitors conduct a search on Yahoo, we keep track of which search terms are popular. You can save your searches and access them from your My Yahoo page. Advertising shown to you may be related to the search term you entered.

In no way does it suggest Yahoo can associate your searches with your profile, a capability it has, though not something Yahoo says it does.

The fact you can save searches suggests saved searches can be linked to you. You would have to explicitly chose the action.

As for showing advertising, this has historically been done based not on personal profiles but rather real-time ad customization based on the terms you entered.

Why isn’t the policy more detailed? Until now, search engines have not had enough consumer concern to go into more depth.

Yahoo has an entire page about its use of cookies. The same is true for its use of Web beacons. Search privacy in just a single paragraph? What gives? Consumers have had a lot of concerns about cookie use and Web bugs.

In contrast, search privacy has not been raised as an issue. No one has abused it in any way. That may continue, but the allegations raised about Google mean the entire search industry must better explain what happens with search data.

Google’s Search Privacy Policy

Some believe Google has their personalized search histories. It doesn’t, and should say as much in its privacy policy. Instead, it says: “Individually identifiable information about you is not willfully disclosed to any third party.”

That implies Google has personal information about anyone searching at the site. It may cause more worry that relief. Google does later say:

Google does not collect any unique information about you (such as your name, email address, etc.) except when you specifically and knowingly provide such information. Google notes and saves information such as time of day, browser type, browser language, and IP address with each query.

Better, but imagine a section explaining specifically what Google does with searches. It could look something like this:

When you search at Google, information is recorded along with the search conducted, such as the time of day, browser type you used, your Internet address, and an anonymous user ID provided by our cookie.

Personal information, such as your name or email address, is not recorded. Google does not require such information to be provided to search the Web. It may be collected if you use other Google services, such as Google Groups. However, no personal information collected is ever linked with the anonymous ID assigned to your search requests.

Google never provides search histories to third parties, unless required to by law. In these cases, the search histories provided carry no personal information about you.

OK, it is a rough idea, doesn’t cover everything, and certainly could be written better. But such a policy would certainly help consumers. Check out the nice privacy policy Yahoo maintains on IP logging.

As for services that do record personal information with searches, I could see them providing an opt-out option. If they won’t allow an opt-out, they might have to provide better guarantees about how information is safe-guarded or destroyed over time.

The Google Account

You may have noticed in my mention of a Google privacy policy revision, I made note of personal information perhaps being collected for non-search activities, such as Google Groups. In addition, those who wishing for a Google API key or who use Google Answers need a Google Account, introduced in the middle of last year.

Google says an account gives you a separate cookie that’s not recorded or linked with your searches. The same is true if you participate in Google’s ad programs, which require personal information. A Google Account does open the possibility to identity linked to search queries. Privacy implications will need to be addressed.

Trusting the Companies

Searching when a company knows you only by cookie ID keeps you anonymous to that company. It’s only when you log in through a registration system you need to be aware you’ve given up your anonymity.

Yahoo stresses this early in its privacy policy: “Once you register with Yahoo and sign in to our services, you are not anonymous to us.”

Giving up anonymity isn’t bad, assuming you trust the company. According to Lee:

Yahoo has long been a brand and company that consumers trust. Consumers voluntarily register to log in and provide personal information because they trust us and we work very hard to continue to maintain that trust through robust notice and meaningful choice.”

Should you decide you want to regain your anonymity, then log out before searching. That provides better protection.

Lee stressed Yahoo doesn’t currently maintain search “profiles” of users. It’s not effective to target ads based on what people search for over time. It’s far better to target on a per-search basis, as through paid listings, which is generally done without profiling.

The Government’s Missing Key

Although Google lacks personal information to tie into search requests, the information it records could conceivably do this if a government agency got hold of it.

Here’s the horror story Google Watch tells:

The fact that you record unique cookie ID, plus IP number, plus date and time, makes much of your information “identifiable.” Authorities can also do a “sneak and peek” search of a Google user’s hard drive when he isn’t home, retrieve a Google cookie ID, and then get a keyword search history from you for this ID.

Sure, this is possible. Even then, it doesn’t show conclusively who searched, assuming more than one person can access the computer in question. Searches in and of themselves don’t mean anything. Is someone a terrorist if they searched “weapons of mass destruction” or “osama bin laden”? Plenty of ordinary people look for these.

Even without a Google ID, a government authority could go to an ISP to see records of what you’ve searched — and anywhere else you’ve been on the Web.