In a talk held by Michael Zimmer, “Privacy and Quaero’s Quest for the Perfect Search Engine: Threats and Opportunities“, he called the designers of the Quaero project to engage in value-conscious design in order to protect the value of privacy.
He made eight privacy-protecting demands:
1. Quaero must be designed in such a way as to prevent any substantive response to a civil or criminal subpoena of user activity
2. Quaero must be designed so IP addresses and cookies cannot be associated with particular users or accounts
3. Query traffic must be encrypted to prevent ‘man in the middle’ monitoring
4. Quaero must provide transparency in the data it collects about users, how it is used, who uses it, and how long it is retained
5. Quaero must not engage in personalized or behaviorally-targeted advertising
6. Quaero must take steps to remove or obscure personally-identifiable images (faces, license plates, etc) from its searchable index
7. Quaero must provide individuals the ability to remove or obscure personally-identifiable data from its searchable index
8. Quaero must provide users the ability to view, edit, and delete any search history data associated with their account
While we don’t know if Quaero will listen to him, FAROO meets already today six out of eight of his demands. And we believe that we are even conform with the intention behind demand No. 5 .
1. FAROO neither knows its users nor what they are searching.
2. There are neither IP addresses logged nor cookies used.
3. Search queries and index are encrypted.
4. There is no central instance collecting user data at all. No personal data is leaving the computer at any time.
5. Well, FAROO does personalized and behaviorally-targeted advertising. But we are doing this solely on the client side. Therefore we can provide both: personalization and privacy.
6. There is no image search.
7. Difficult, as there is a verification/authorization issue: How we know that the person requesting the removal of information is in fact the person the information is belonging to?
8. There is no search account and there is no search history beyond the own computer.