Yahoo Promises To Anonymize and Limit User Data 76
quarterbuck writes "While Google is saying that personalization is the key to search, Yahoo is taking a different view of the topic. Yahoo announced plans to retain user data for no longer than 90 days and to anonymize data. Even if Yahoo is not your favorite search engine, it is a good move in the direction of online privacy if it will force others to follow suit."
Reader Mike adds "Yahoo did say, however, that it will keep some data for up to six months for security and fraud reasons, as part of some 'specific and limited exceptions.'"
Re:I want enforceable privacy (Score:4, Insightful)
How about this: If you're worried about sensitive data getting out, don't give firms private data in the first place without checking out their privacy policy. It's actually a legally binding contract, so if a firm breaks it policy and you suffer as a result, you do have legal recourse to sue. Many privacy policies even oblige firms to inform users when a leak happens.
And if you must use sites you aren't totally comfortable with, there are tools out there to protect your anonymity including Tor, anonymous proxy servers, VPN tunneling services like Stunnel, no-log encrypted search engines like Scroogle, and Firefox add-ons like No-Script.
Re:I want enforceable privacy (Score:5, Insightful)
the reason why "99% of end-users couldn't care less" is because they do not comprehend the implications involved with such "personalization" and retention of data. i'd be willing to wager that most of that "clueless majority", if properly educated on the issue in a way they can understand, would be shocked and outraged when they learn the real truth.
this is a good move for yahoo, and for the users; and hopefully yahoo still has enough clout to start a trend away from wholesale collection of user data.
Re:I want enforceable privacy (Score:5, Insightful)
Re:I want enforceable privacy (Score:5, Insightful)
That there are (rather cumbersome) means to prevent Googles data-hoarding does not relinquish the companies corporate responsibility, especially considering their chosen motto.
I think you may have something... (Score:4, Insightful)
Most people may well be happy with the current state of affairs... however I think you've it upon the catalyst that has potential to change everything:
monetary compensation
If word were to get out to the masses that "you will get money", you'll have droves of people stepping over their own mothers for it. Of course this depends on the amount of money... but you get the idea. Bring up the word money, the people will follow.
Re:Actual versus PR speak (Score:3, Insightful)
I guess I'm cynical. I hear them saying no more than 90 days EXCEPT in some special cases.
How is that different from:
We'll continue to hold any data that we think is of use, but the rest of the garbage that most of our users seem to want to look at will be thrown away after 90 days because we really don't want to store your garbage for longer than we find it useful. oh, and, uhhh, some other company mentioned 90 days somewhere in the beer tent of some convention, so that's definitely a good number.
Not quite (Score:3, Insightful)
Do the right thing: there needs to be legal means by which I can obtain, verify and erase all personal data associated with me.
You really want the government to be involved in the means to your privacy? Wouldn't you just be begging for some warrantless wiretapping? The problem with your proposal is the enormous likelihood of corruption that comes with government involvement in services such as this.
The right solution is something like a VeriSign for privacy. Independent competing organizations demand privacy practices and transparency from companies in exchange for their "seal of approval". By having competing organizations, you minimize the risk of corruption. Best of all, no rights are violated in the process.
Re:I want enforceable privacy (Score:5, Insightful)
The problem with personalization is that it's an extremely sensitive topic for 1% of the population (us, the geeks), but 99% of end-users couldn't care less.
99% of end-uses couldn't care less until it bites them in the ass, and then you see their dopey teary eyed face splattered all over the news when something hits the fan... "I just can't believe google/facebook/youtube/myspace had all this information about me! The identity thieves started by hacking my gmail account... and from that were able to reset my facebook password, and from there they had everything... they were able to completely drain my bank accounts, and even managed to successfully impersonate me to my parents and scammed them out of thousands... my parents said the theives used a bad quality phone line, but they didn't suspect a thing, because they new everything... they asked how Dad was coping with losing his job, how my sister was doing, they even talked about the camping trip we went on in the summer... and they got all this from the online data, reading my email, looking at my pictures, and trawling my social network... I just can't beleive this was all right there for the taking."
Then they'll say... "The government really needs to do something."
Re:I want enforceable privacy (Score:3, Insightful)
Oh, I see. And when they change their privacy policy, they need to contact me so I can choose whether or not to allow them to continue holding my information? How can I be certain they have destroyed any record of any of my personal information?
And as for legal recourse... good luck with that. With the exception of a few very visible data breaches with traceable exploits of the data, it would be very hard to prove damages. What about the loss of privacy for privacy's sake? Good luck getting a worthwhile judgment on that one. And say you are awarded some kind of damages via class-action suit or what-have-you... have fun spending merchandise vouchers with the very company that caused the problem.
Legal recourse is meaningless in this situation, preventative measures are the key. There's no sense in closing the barn door after the horse is loose -- especially when that horse can replicate instantly without your knowledge.