Google Desktop Search Under Fire 444
AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."
Again? (Score:5, Informative)
Re:Web-mail need not apply (Score:5, Informative)
Re:and how is this googles problem? (Score:4, Informative)
And clean your browser cache and history afterward. Where do you think it finds the info it returns?
Its a beta! (Score:3, Informative)
Re:This was discussed before! (Score:3, Informative)
Google archives information. You gave it information.
Google just made it easier (Score:2, Informative)
Eric
Read a bit of Vioxx humor [ericgiguere.com]
In Latin... (Score:5, Informative)
(Well, not "we". I don't actually speak Latin).
Re:Mod down that troll (Score:5, Informative)
> cache MS Office type docs.
MSFT released filters allowing developers to get at the content of Office docs. Office is the prevalent productivity suite used. Why is GOOG in bed with MSFT?
> GDS runs as a system service and has access to
> everything.
No, there's an entry in HKEY_CURRENT_USER\...\CurrentVersion\Run that starts everything. That means it runs as the current user.
Re:and how is this googles problem? (Score:5, Informative)
And then the Google cache also. Which, on a public machine, you may or may not is there, and may not have access to.
Re:Security Diversion (Score:3, Informative)
Comment removed (Score:2, Informative)
Re:Web-mail need not apply (Score:2, Informative)
Re:Security Diversion (Score:2, Informative)
Re:and how is this googles problem? (Score:5, Informative)
Right-click, select Preferences
Under Search Types, uncheck Web history and/or Include secure pages (HTTPS) in web history
Yet another "this is a benefit, not a design flaw" instance from Google. Why are people such idiots that this is a problem?
nevermind, I don't really want to know... it would just depress me.
Re:Web-mail need not apply (Score:3, Informative)
Hmm, interesting. I just edited the URL to use https, and sure enough, it is running in SSL. Even though it uses SSL for login in both cases, it will display mail in whatever mode you started the connection with. It appears that it is up to user - good to know and I stand corrected.
-Em
Re:Security Diversion (Score:5, Informative)
If it's in the HTML, you are talking about <meta> elements, and they are an unreliable substitution for proper HTTP headers.
More importantly though, the nocache directive still permits clients and proxies to store a copy of the resource in their cache, so long as the copy is revalidated before being used again. The directive that should be used for sensitive data is nostore.
Re:Security Diversion (Score:1, Informative)
Well, one-time password systems have been around for a long time. My OpenBSD server has this installed. But of course, Netcraft confirms that OpenBSD is dying. [netcraft.org]
Re:Security Diversion (Score:2, Informative)
In a windows NT, 2000, or 2003 domain, users do not have administrative rights on a workstation by default. It's been that way for nearly ten years.
The fact that most short-sighted windows administrators change this to ease their workload shouldn't be Microsoft's fault. Even a poorly written Windows application that "requires" administrative privileges can be made to work with standard user privileges, by giving narrow write permissions on select registry keys and directories on the disk. (Such applications do not even qualify for the Windows compatibility seal from Microsoft).
Similarly, no sane "web kiosk" administrator would give a user anything other than guest rights. When you log into windows 2000/XP as a guest account, everything is deleted when you log off - registry settings, temporary files, whatever. There are plenty of auto-logoff screen savers avaiable, too, even some from Microsoft IIRC.
Re:Start | Search | For Files Or Folders (Score:3, Informative)
Well, Windows search would take about 35 minutes to return results. (Get to watch the search dog, or paperclip, tho!)
GDS - about a tenth of a second.
People suck.
Re:Mod down that troll (Score:3, Informative)
As for your first point - you're trying to turn what I said into saying that Google has a business deal with MS to help MS take of the world. Google made a choice to use those formats, and made a choice to release it for one platform, and they forgot to address security properly on that platform.
Re:Mod down that troll (Score:5, Informative)
GoogleDesktop.exe
GoogleDesktopCrawl.exe
Goog
Each of them run as the current logged in user. Therefore, it can only search things that the current user has access to. The database that everything is stored into (the index) is user specific as well, stored in:
%systemdrive%\Documents and Settings\[username]\Local Settings\Application Data\Google\Google Desktop Search\
Other non-admin users do not have access to your index. Obviously, admin users will have access to all non-encrypted files on the machine, and the google desktop search doesn't change that.
Re:Security Diversion (Score:3, Informative)
How to not have to worry about this at all (Score:3, Informative)
Download and install their free program.
Then feel free to install the Google Desktop Search. Although the program tried to access the Internet, Zonealarm blocked it. Presto chango, problem solved and now I have an awesome desktop search on my computer which cannot spy on me.
Safari functionality (Score:2, Informative)
Cache, bookmarks, history,
I know, it not very usefull here as google search is not available for Mac and safari is not available for Windows but,
Such a functionality should be implemented in firefox with a default preference which do just that each time you exit.
Laurent
---