In their own words: Search engines on privacy

Trying to learn how your favorite search engine protects your privacy can be as frustrating as a Where's Waldo book: it's not easy to find what you're looking for, and doing it on multiple sites is even more irksome.

To help our readers evaluate the privacy differences between AOL, Ask.com, Google, Microsoft, and Yahoo, CNET News.com sent them a survey on August 6. We've published their answers--in the companies' own words--below.

Related story
Search engine privacy

How do search giants
protect personal data?

In some cases, we asked follow-up questions for clarification. If you have any suggestions for a future survey, send them along. And for background, here's a similar survey we did last year.

AOL

Here are responses from Amy Call, a spokeswoman for Time Warner's AOL Internet unit, which apologized a year ago for inadvertently exposing the Web searches made by a large group of users. The company retains personally identifiable Web search histories for up to 30 days, after which time the identifying information is obscured using a hashing technique, Call said. It also announced last month that it would buy Tacoda, which delivers behavioral targeted ads.

What search-related data--including IP addresses, cookie IDs, user identities, and search terms--do you retain?
Call: Under AOL's policy this kind of data may be retained for 13 months.

How long do you retain those data?
Call: 13 months.

If you retain data for a limited period of time, is it completely deleted (in such a way that the data and backups cannot be recovered, even under court order) or is it anonymized instead?
Call: After 13 months only aggregate search terms are retained.

If the data are anonymized, exactly how do you do this?
Call: Not applicable.

Do you do behavioral targeting, meaning showing ads to users based on their behavior across multiple queries?
Call: Yes.

If you do, is there a way for users to opt out of behavioral targeting?
Call: Yes.

Do you use knowledge about your users (such as ZIP code, e-mail address, gender, or birth date) obtained through user registration to deliver targeted ads on your search engine?
Call: No. We do use information provided by the user for localization purposes to return more relevant search results for the specified location, such as when a user enters a preferred location through the AOL My Locations feature, or when the user enters a query with explicit local intent (i.e. weather "20166")--such as local business names.

Do you use knowledge about the identities of your users' instant messaging or e-mail correspondents when using those services, or the contents of those communications, to deliver targeted ads on your search engine?
Call: No.

Ask.com

Here are responses from Nicholas Graham, a spokesman at IAC-owned Ask.com, which received accolades for the redesign of its search site in June.

What search-related data--including IP addresses, cookie IDs, user identities, and search terms--do you retain?
Graham: With the upcoming launch of AskEraser, a user's IP address, search data cookie ID and search query will be completely deleted and expunged.

How long do you retain those data?
Graham: Users of AskEraser will have their complete IP address, complete search data cookie ID, and complete search query eliminated in a few hours or less.

If you retain data for a limited period of time, is it completely deleted (in such a way that the data and backups cannot be recovered, even under court order) or is it anonymized instead?
Graham: Users of AskEraser will have their complete search query data eliminated so that no one who requests it from Ask.com will be able to access it--ever.

If the data are anonymized, exactly how do you do this?
Graham: Since users of AskEraser have their complete search data totally deleted, none of their data is ever anonymized.

Do you do behavioral targeting, meaning showing ads to users based on their behavior across multiple queries?
Graham: No.

If you do, is there a way for users to opt out of behavioral targeting?
Graham: Not applicable, per the above answer.

Do you use knowledge about your users (such as ZIP code, e-mail address, gender, or birt hdate) obtained through user registration to deliver targeted ads on your search engine?
Graham: No.

Do you use knowledge about the identities of your users' instant messaging or e-mail correspondents when using those services, or the contents of those communications, to deliver targeted ads on your search engine?
Graham: No.

We wrote last month that AskEraser will launch by the end of the year. Do you have a more specific date?
Graham: We don't have a more specific one.

Google

Here are responses from Victoria Grand, a spokeswoman for Google. Of the companies subpoenaed by the U.S. Department of Justice for Web search data and random URLs last year, Google was the only search engine to challenge the order. In what was mostly a victory for Google, a judge said the company only had to turn over a subset of the random URLs the government sought and none of the Web search terms.

What search-related data--including IP addresses, cookie IDs, user identities, and search terms--do you retain?
Grand: Like most Web sites, our servers record the page requests made when users visit our sites in "server logs." These server logs typically include a user's Web request, IP address, browser type, browser language, the date and time of the user's request, and one or more cookies that may uniquely identify a user's browser.

[Dolphie1]

Re: Google

This article appears flawed. Google does utilize behavior based tactics. Conduct a search on any topic and notice the ads on the search page. Wath the type of ads which appear relative to one's search habits.

[declan00]

not behavioral targeting

That's not what people mean by behavioral targeting. Read the question and the response more closely.

[spothannah]

"a few hours"

When your talking Whooping Cranes a few = 2. When your talking Population of China a few = a couple of million. Please make them define "few" with at least an upper limit like "24 hours."

[commentator2010]

Phone calls used to be private before the anti terrorism acts in homeland security. Now privacy in this country, regardless of medium, is constantly compromised. I wonder if Google and all the rest would be willing to open all their private information to the public. They decide what will be my enhanced browsing experience while creating the opportunity for everyone else to discover what I do or what I want to know. When does the little guy get to decide for him or herself just what should be collected and saved and by whom? Maybe consumers should go back to snail mail and tell all these big brother organizations to take a hike. No they do not have a right to collect personal data. They simply assume the right and tell everyone that they have the right because no one is big enough to challenge them. People and companies government officials, get away with anything that the individual would be crucified for. I suppose that really is change we can believe in. The right to privacy stops at birth. Never mind the constitution; it does not apply to those who are too big to fail. People should have the right to freely move about the net in relative anonymity without anyone keeping tabs on them. The KGB used to do that too. In some venues, there are words that describe that kind of behavior. But hey Komrade; maybe you haf other interestink tings to share wit beeg brutter; eh?