Discovering how your favourite search engine protects your privacy is not an easy task, despite recent moves from the major players to make policies more transparent.
To help our readers evaluate the privacy differences between AOL, Ask.com, Google, Microsoft, and Yahoo, ZDNet Australia's sister site CNET News.com sent them a survey on August 6. We've published their answers -- in the companies' own words.
In some cases, we asked follow-up questions for clarification. If you have any suggestions for a future survey, send them along. And for background, here's a similar survey we did last year.
AOL
Here are responses from Amy Call, a spokeswoman for Time Warner's AOL Internet unit, which apologised a year ago for inadvertently exposing the Web searches made by a large group of users. The company retains personally identifiable Web search histories for up to 30 days, after which time the identifying information is obscured using a hashing technique, Call said. It also announced last month that it would buy Tacoda, which delivers behavioural targeted ads.
Q: What search-related data -- including IP addresses, cookie IDs, user identities, and search terms -- do you retain?
Call: Under AOL's policy this kind of data may be retained for 13 months.
How long do you retain those data?
Call: 13 months.
If you retain data for a limited period of time, is it completely deleted (in such a way that the data and backups cannot be recovered, even under court order) or is it anonymised instead?
Call: After 13 months only aggregate search terms are retained.
If the data is anonymised, exactly how do you do this?
Call: Not applicable.
Do you do behavioural targeting, meaning showing ads to users based on their behaviour across multiple queries?
Call: Yes.
If you do, is there a way for users to opt out of behavioural targeting?
Call: Yes.
Do you use knowledge about your users (such as ZIP code, e-mail address, gender, or birth date) obtained through user registration to deliver targeted ads on your search engine?
Call: No. We do use information provided by the user for localisation purposes to return more relevant search results for the specified location, such as when a user enters a preferred location through the AOL My Locations feature, or when the user enters a query with explicit local intent (ie weather "20166") -- such as local business names.
Do you use knowledge about the identities of your users' instant messaging or e-mail correspondents when using those services, or the contents of those communications, to deliver targeted ads on your search engine?
Call: No.
Ask.com
Here are responses from Nicholas Graham, a spokesman at IAC-owned Ask.com, which received accolades for the redesign of its search site in June.
What search-related data -- including IP addresses, cookie IDs, user identities, and search terms -- do you retain?
Graham: With the upcoming launch of AskEraser, a user's IP address, search data cookie ID and search query will be completely deleted and expunged.
How long do you retain those data?
Graham: Users of AskEraser will have their complete IP address, complete search data cookie ID, and complete search query eliminated in a few hours or less.
If you retain data for a limited period of time, is it completely deleted (in such a way that the data and backups cannot be recovered, even under court order) or is it anonymised instead?
Graham: Users of AskEraser will have their complete search query data eliminated so that no one who requests it from Ask.com will be able to access it -- ever.
If the data is anonymised, exactly how do you do this?
Graham: Since users of AskEraser have their complete search data totally deleted, none of their data is ever anonymised.
Do you do behavioural targeting, meaning showing ads to users based on their behavior across multiple queries?
Graham: No.
If you do, is there a way for users to opt out of behavioural targeting?
Graham: Not applicable, per the above answer.
Do you use knowledge about your users (such as ZIP code, e-mail address, gender, or birthdate) obtained through user registration to deliver targeted ads on your search engine?
Graham: No.
Do you use knowledge about the identities of your users' instant messaging or e-mail correspondents when using those services, or the contents of those communications, to deliver targeted ads on your search engine?
Graham: No.
We wrote last month that AskEraser will launch by the end of the year. Do you have a more specific date?
Graham: We don't have a more specific one.
Here are responses from Victoria Grand, a spokeswoman for Google. Of the companies subpoenaed by the US Department of Justice for Web search data and random URLs last year, Google was the only search engine to challenge the order. In what was mostly a victory for Google, a judge said the company only had to turn over a subset of the random URLs the government sought and none of the Web search terms.
What search-related data -- including IP addresses, cookie IDs, user identities, and search terms -- do you retain?
Grand: Like most Web sites, our servers record the page requests made when users visit our sites in "server logs." These server logs typically include a user's Web request, IP address, browser type, browser language, the date and time of the user's request, and one or more cookies that may uniquely identify a user's browser.
6%
1%
