
Yahoo Limits Retention of Personal Data to 90 days - robg
http://www.nytimes.com/2008/12/18/technology/internet/18yahoo.html?ref=technology
======
briansmith
The headline is misleading and this story is horribly one-sided. It is written
as though Yahoo's policy is a breakthrough for privacy:

"Under the new policy, Yahoo will delete the last eight bits of the Internet
Protocol, or I.P., address associated with a search query after 90 days."

This is the same trick that Google is trying to play on us. Basically, they
still retain all information they use to track you indefinitely, except for 8
bits of it. With decent data-mining software you can still identify somebody
pretty accurately even without those 8 bits.

Here is a better story that gives better information:
<http://tech.yahoo.com/news/nm/20081217/wr_nm/us_yahoo_data>

~~~
sh1mmer
The internal memo I got said "Anonymizing user log data". I doubt we are going
to try to put it back together. You give us too much evil genius credit.

~~~
Haskell
Removing the last 8 bits or, by the way, the whole IP address from the user
log data DOESN'T make it anonymous.

<http://tinyurl.com/l8rfm>

 _"Yahoo will also hide cookie data related to each search log and strip out
any personally identifiable information, like a name, phone number, address or
Social Security number, from the query itself."_

There's much more personal information in a few month of search logs than
that.

------
aneesh
_"I.P. addresses are digital tags that can identify a specific computer"_

That's misleading. An IP address can't always uniquely identify the client
computer. For starters, people can use proxies or anonymizers.

 _"Yahoo will also ... strip out any personally identifiable information, like
a name, phone number, address or Social Security number"_

Who is giving their SSN to Yahoo, and why??

~~~
lacker
Anyone who searches on a social security number to see if it has leaked online
anywhere.

