Skip the navigation

Privacy backers push FTC to end AskEraser service

They say the Ask.com service doesn't protect privacy as billed

January 24, 2008 12:00 PM ET

Computerworld - A group of privacy advocacy organizations has filed a complaint with the U.S. Federal Trade Commission (FTC) alleging that Ask.com's recently launched AskEraser service does not live up to its promise of deleting users' search histories.

In an 11-page brief filed with the FTC last week (download PDF), the group claimed that the search engine company is indulging in deceptive and unfair trade practices with AskEraser and should be forced to withdraw the service. The Electronic Privacy Information Center (EPIC), the Center for Digital Democracy, Consumer Action and the Fairfax County Privacy Council are among those that filed the complaint.

Officials from IAC Search & Media's Ask.com did not immediately respond to a request for comment on the compliant.

Ask.com's AskEraser service was unveiled on Dec. 11 and described at the time as a way for users to ask that their search activity data not to be retained on the company's servers.

Ask.com claimed that AskEraser, when enabled by the user, would completely delete search queries and associated cookie information from Ask.com servers -- including IP addresses, user IDs, session IDs and the text of queries made. The feature is available to users of the company's U.S. and U.K. search engines and is designed to give users more control over search data, the company said. In most cases, the deletion would take place within a few hours of the time a search is completed.

The reality, however, is quite different, said Marc Rotenberg, executive director of the Washington-based EPIC. He pointed to three problems.

"When it was announced, there as a lot of hoopla over it," Rotenberg said. "So we decided to take a closer look and were kind of surprised. Some of the things that AskEraser does we don't think are very privacy-friendly."

The first issue is that users who want to enable the service must accept and install an AskEraser opt-out cookie on their system. That approach is both counterintuitive and misleading, Rotenberg said. Users who are concerned about privacy typically tend to delete cookies. For such users, the privacy settings on Ask.com are meaningless because each time the cookie is deleted, the settings are lost -- and Ask.com will no longer honor the user's privacy choice. Similarly, Ask.com offered no explanation for its policy of allowing the opt-out cookies to expire after two years.

Another troubling fact is that Ask.com's AskEraser service can be turned off without notice to the user, Rotenberg said. According to Ask.com's policies on its Web site, the company can disable the AskEraser service at any time -- to comply with a court order, for instance. In such cases, the company will retain search data, even if the AskEraser service appears enabled to the user, Rotenberg said. Without user notice, such a practice would be tantamount to spying on a user's search activity.



Our Commenting Policies
Internet of Things: Get the latest!
Internet of Things

Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!