We've often regretted that the most popular search engines have been keeping a dossier of everything you search for -- forever. It's easy to forget just how intrusive this kind of record can be until something like the AOL search history leak occurs and confronts users with even a portion of the search logs that track their everyday on-line activities. These logs are a tempting target for subpoenas (although most search companies refuse to reveal how often they receive subpoenas or how much data they disclose); they imply an on-going risk that this sensitive data may be stolen or leaked.
Recently Google took a tiny step in the right direction by promising to delete portions of users' IP addresses and cookie information from its logs after a period of eighteen months (and to allow the cookies themselves to expire after two years -- at least if the users don't use any Google services in that time). As the aftermath of the AOL data release -- and studies by researchers like Latanya Sweeney -- shows, even supposedly "anonymized" data can often be readily de-anonymized and reassociated with individuals.
Thus, it's exciting to hear that Ask.com plans to take a leap into the lead of search engine privacy by expressly allowing users to opt-out of tracking -- as the Associated Press and Ars Technica report, Ask has pledged to launch a service called AskEraser that allows users to decline to stop their search histories from being logged. (Google allows users to "pause" search history, but this only prevents the information collected from later being displayed to the user; it continues to be fully available to Google. Other leading search engines do not have any feature allowing users to opt out of data collection.) We're looking forward to hearing more technical details about how AskEraser will work and how Ask can prevent advertisers from retaining search data in a way that would circumvent AskEraser.
We commend Ask for taking this important step and hope that other search engines will follow suit and let users meaningfully limit the retention of search history data. (Ixquick, a meta-search site that combines results from other search engines, took a similar step last year; Ixquick's policy applies to everyone, so users don't have to opt in to limit retention of information about them.)
Update (7/22/2007): It looks like our hope that other search engines would follow Ask's lead is becoming a reality, and faster than we expected: Microsoft announced over the weekend that it is now intending to offer users the ability to opt out of having their searches automatically associated with a single identifier. Microsoft will also be shortening the retention period of identifiable logs to 18 months. Meanwhile, Yahoo! is reportedly shortening its retention period to 13 months, so far the shortest such period amongst the major search engines.
We're still trying to get all the technical details, and will be watching carefully to make sure that these search providers effectively implement their new privacy promises. In the meantime, though, such spirited public competition over search privacy features is certainly a good thing for Internet users.