In a letter to Ask.com, EPIC and several other privacy organizations have asked CEO Jim Lazone to change AskEraser, a new search tool that the company says “will offer its searchers unmatched control over their privacy.” After a study of the search product, EPIC found that Ask Eraser (1) requires an opt-out cookie, (2) creates a quasi-unique identifier, and (3) will be disabled without notice. All three attributes create substantial privacy risks for Internet users.
Apart from the cookie issues the following is quite disturbing when you read the ask.com news release describing AskEraser and the following in the EPIC letter:
Ask inserts the exact time that the user enables AskEraser and stores it in the cookie, which makes identifying the computer easier. The letter recommends using a session cookie that expires once the search result is returned.
Ask’s Frequently Asked Questions for the feature notes that there may be circumstances when Ask is required to comply with a court order and if asked to, it will retain the consumer’s search data even if AskEraser appears to be turned on. Ask does not notify searchers when the feature has been disabled and misleads them into believing their searches aren’t being tracked when they actually are, the EPIC letter said.
0 Responses to “Problems with AskEraser”