u500k.erinye.com - the AOL data analyzed

Examining the Top Ten Leader

When I was looking at the top then user ID in terms of entries associated with them, I found that the user ID that had by far the most searches associated with them was very obviously a shared account. This user ID accounts for roughly 280.000 of the 36 million entries. Here's, again, the hourly activity diagram:

hourly search activity of one person

It is apparent from this diagram that this person does not correspond to one real person, but to multiple real persons. Also, the large number of searches for "internet" points to a public AOL terminal that is used by people who haven't seen AOL before.

Determining the Location

One user of this shared account apears to have mistakenly pasted a myspace password recovery URL into the search box. This URL included a myspace user ID of a person located in Santa Barbara, California, going to Sacramento State University. Of the 280.000 total queries, about 30 are related to Santa Barbara and about 100 are related to Sacramento. Therefore, it is likely that this AOL account is a shared account in the area of Santa Barbara, California. However, there are also other searches for topics related to locations near Los Angeles, e.g. San Bernardino, and about 200 searches for Los Angeles itself.

Locating Persons who used this Account

Besides the myspace account, there also are several e-mail addresses that occur in erroneously pasted URLs. One person apparently registered at goarmy.com and pasted the confirmation link, which includes her e-mail address. There are also some links to myspace and xanga profiles that very likely do not belong to the person who searched for them.

Additionally, some 50 e-mail addresses appear in search queries. It is unlikely that they would be helpful, though, except someone wants to contact all of them, asking whether they had an acquaintance send them an e-mail from a public terminal in the Los Angeles area.

There are several links to password reset forms that don't contain any meaningful ID, i.e. they contain tokens that can be associated with a session until they expire. It is unlikely that the persons using these tokens can be found.