Tuesday, August 22, 2006

Slothmud Search Data

The AOL CTO was fired (or quit), according to reports, for allowing the release of search query data entered by its customers. AOL did take precautions against the search data being tracked back to specific users by obfuscating their screen names with numbers.

However, through the logs of what people entered, it was in a few cases possible to figure out who the people were. This was done by making some assumptions about what people entered, particularly that when someone entered a name that wasn't a celebrity, it was their own name or a name of someone they know. The so called vanity searches along with the obfuscated screen names could tie a bunch of queries together. A New York Times journalist managed to find a 60-year old lady in Georgia and told her a few embarrassing things on which she searched.

All this doesn't really concern me, because on AOL search you are entering things via http not https. There are many ways people can track what you search on at several different layers of communication networks that make up the internet. What crossed my mind was the data that might be sitting in logs on mud servers, including Slothmud, all over the world. Most players and admins, don't give a second thought to what they type in the game, and in most cases rightfully so. I haven't seen a case yet where a mud has opened up its logs by posting them on the web for anyone to see. In fact, I'd think if I heard of a mud doing that, I don't think I'd play there.

I think that AOL kept logs to make their search work better or figure out why it was broken. Sloth keeps logs for similar reasons. We catch cheaters with logs. We use it to help reimburse people when there is an unfair loss. We use it to help us fix crash bugs.

Rest assured there are no plans to release the Sloth logs (not even sure how long they are kept before they are cleaned out anyway) to the general public. I suppose I could be proven wrong by a hacker who decides to break in and steal them or by some former member of the admin that decided to copy logs along with code (maybe that falls under stealing still), but that type of thing could happen to any email box or personal computer.

At some level it makes people a little nervous to think people might be looking over their shoulder and see them misbehave. That isn't necessarily all bad in my book.