Ask.com's Eraser in FTC Complaint Crosshairs

« EU Privacy Leader: IP Addresses Are Personal Information | Main | Senate Pushes FISA Overhaul to the Wire »

January 23, 2008

Ask.com's Eraser in FTC Complaint Crosshairs

EPIC and five other privacy advocacy groups have filed a complaint against Ask.com over its "AskEraser" service. AskEraser, in a nutshell, was supposed to be a toggle switch that would effectively remove an end user's Ask.com search history. Ask.com announced the service in the midst of a Google/Doubleclick-inspired data retention policy frenzy, and got some notice because it seemed to be the most radically pro-privacy policy of any major commercial search engine.

AskEraser launched last month, and it took about a day for people to read the fine print and realize it might not be all that awesome. Ask.com is still keeping information around even with the service enabled, since it can't deprive partners like Google of certain usage data.

There are a number of points under each major element of the complaint, but here are the core issues the group has:

"The opt-out cookie is a flawed technique for privacy protection," to the extent it requires users to permit cookies on their computers and provides Ask with a tracking mechanism for the very people who don't want their usage to be tracked.
"The persistent identifier enables permanent tracking of Internet users," because each AskEraser cookie timestamps the user, meaning there's no meaningful anonymization of user data.
"Ask.com reserves the right to disable the service without notice, even while telling users it's still activated," meaning a user can never be sure if the service is actually working.
"Third party data protection is non-existent," meaning Ask's assorted partners still get a lot of usage data.

The entire complaint is available as a PDF from EPIC.

Threat Level has some protest boilerplate from Ask.com in which a lot of assertions are made without any backing.

Previously: