Google Desktop Search Under Fire

AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."

Again?

[__aaitqo8496]

Didn't we already determine [slashdot.org] that Google [google.com] has stated Desktop Search [google.com] is not for use on multiple-user machines [google.com] and that you can always retrict domains, directories [google.com] and result types [google.com] from inclusion despite the fact that the files are still publically accessible [slashdot.org].

Re:Web-mail need not apply

[bhtooefr]

Webmail checked with Internet Explorer DOES apply. ANYTHING visited with Internet Explorer applies.

Re:and how is this googles problem?

[Jucius Maximus]

"Basically, just watch where you surf on a PUBLIC machine. duh."

And clean your browser cache and history afterward. Where do you think it finds the info it returns?

Its a beta!

[dj245]

Sheesh, I'm sure it will go through many more revisions before the thing is actually released as final. Where are these muckrakers when the legislature and the president pass laws that invade privacy?

Re:This was discussed before!

[lukewarmfusion]

I agree. If you're sending sensitive information in email, it's your fault. If you're concerned about privacy and you're using a public computer, it's your fault.

Google archives information. You gave it information.

Google just made it easier

[Eric Giguere]

Nothing new here except that Google has all of a sudden made it easier to look up "private" information that is locally cached. The data is already there for someone who knows what to look at, after all, but now Google's made it easy to access. How is this different from typing something into the address bar of a browser and being presented with an "interesting" list of choices that were stored via the browser's autocomplete functionality?

Eric
Read a bit of Vioxx humor [ericgiguere.com]

In Latin...

[hawkestein]

We refer to this fallacy as post hoc ergo propter hoc [wikipedia.org].

(Well, not "we". I don't actually speak Latin).

Re:Mod down that troll

[cthrall]

> Google got in bed with MS on this one as they only
> cache MS Office type docs.

MSFT released filters allowing developers to get at the content of Office docs. Office is the prevalent productivity suite used. Why is GOOG in bed with MSFT?

> GDS runs as a system service and has access to
> everything.

No, there's an entry in HKEY_CURRENT_USER\...\CurrentVersion\Run that starts everything. That means it runs as the current user.

Re:and how is this googles problem?

[YrWrstNtmr]

And clean your browser cache and history afterward.

And then the Google cache also. Which, on a public machine, you may or may not is there, and may not have access to.

Re:Security Diversion

[BrynM]

As for GDesktop finding things in the web browser's cache - ANY kiosk web browser (library, coffee shop, etc.) should have the cache turned off or set at the absolute minimum. I set it to a token "100" on Firefox and IE. If the files aren't there, GDesktop can't index them. Funny that.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Web-mail need not apply

[seti32]

Gmail most certainly does use SSL for viewing mail. I'm using it right now.

Re:Security Diversion

[HeadDown]

If GDS runs as LocalSystem, it will find and display stuff of all users even if the system properly locked down and users would normally be unable to see each others documents.

Re:and how is this googles problem?

[Meostro]

Or just tell it not to search secure webpages you visit to start with:

Right-click, select Preferences
Under Search Types, uncheck Web history and/or Include secure pages (HTTPS) in web history

Yet another "this is a benefit, not a design flaw" instance from Google. Why are people such idiots that this is a problem?

nevermind, I don't really want to know... it would just depress me.

Re:Web-mail need not apply

[Em Ellel]

Gmail most certainly does use SSL for viewing mail. I'm using it right now.

Hmm, interesting. I just edited the URL to use https, and sure enough, it is running in SSL. Even though it uses SSL for login in both cases, it will display mail in whatever mode you started the connection with. It appears that it is up to user - good to know and I stand corrected.

-Em

Re:Security Diversion

[JimDabell]

I've looked at the html for secure pages before and some used some kind of "nocache" tag or somthing like this.

If it's in the HTML, you are talking about <meta> elements, and they are an unreliable substitution for proper HTTP headers.

More importantly though, the nocache directive still permits clients and proxies to store a copy of the resource in their cache, so long as the copy is revalidated before being used again. The directive that should be used for sensitive data is nostore.

Re:Security Diversion

[Anonymous Coward]

Question: how hard is it to make a "throw-away" login? That is, guest logs on, does his thing, logs off,

Well, one-time password systems have been around for a long time. My OpenBSD server has this installed. But of course, Netcraft confirms that OpenBSD is dying. [netcraft.org]

Re:Security Diversion

[Thundersnatch]

In a windows NT, 2000, or 2003 domain, users do not have administrative rights on a workstation by default. It's been that way for nearly ten years.

The fact that most short-sighted windows administrators change this to ease their workload shouldn't be Microsoft's fault. Even a poorly written Windows application that "requires" administrative privileges can be made to work with standard user privileges, by giving narrow write permissions on select registry keys and directories on the disk. (Such applications do not even qualify for the Windows compatibility seal from Microsoft).

Similarly, no sane "web kiosk" administrator would give a user anything other than guest rights. When you log into windows 2000/XP as a guest account, everything is deleted when you log off - registry settings, temporary files, whatever. There are plenty of auto-logoff screen savers avaiable, too, even some from Microsoft IIRC.

Re:Start | Search | For Files Or Folders

[dimer0]

Search for files or folders named: *.* Containing text: password How is this any different?

Well, Windows search would take about 35 minutes to return results. (Get to watch the search dog, or paperclip, tho!)

GDS - about a tenth of a second.

People suck.

Re:Mod down that troll

[RealityMogul]

The second point - you're right. I was thinking of something else and made an innacurate statement.

As for your first point - you're trying to turn what I said into saying that Google has a business deal with MS to help MS take of the world. Google made a choice to use those formats, and made a choice to release it for one platform, and they forgot to address security properly on that platform.

Re:Mod down that troll

[agallagh42]

I just checked my task manager, and the GDS app consists of three things:

GoogleDesktop.exe
GoogleDesktopCrawl.exe
Googl eDesktopIndex.exe

Each of them run as the current logged in user. Therefore, it can only search things that the current user has access to. The database that everything is stored into (the index) is user specific as well, stored in:

%systemdrive%\Documents and Settings\[username]\Local Settings\Application Data\Google\Google Desktop Search\

Other non-admin users do not have access to your index. Obviously, admin users will have access to all non-encrypted files on the machine, and the google desktop search doesn't change that.

Re:Security Diversion

[Durandal64]

Not very. In OS X, you can set a login hook for a guest account which will reset the account to defaults. So if I put something in a public machine's guest user's ~/Documents folder, it would be gone as soon as I logged in as guest again. Same goes for the entire contents of ~/. All caches would go with it.

How to not have to worry about this at all

[jbash]

Go to zonealarm.com

Download and install their free program.

Then feel free to install the Google Desktop Search. Although the program tried to access the Internet, Zonealarm blocked it. Presto chango, problem solved and now I have an awesome desktop search on my computer which cannot spy on me.

Safari functionality

[l.lerusse]

Safari on Mac OS-X has a functionality just for the shared computer. with the push of a button, all what you have done with it is erased.
Cache, bookmarks, history, ... Nothing to be found afterward.

I know, it not very usefull here as google search is not available for Mac and safari is not available for Windows but, ...

Such a functionality should be implemented in firefox with a default preference which do just that each time you exit.

Laurent
---