Google Desktop Search Under Fire

AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."

Web-mail need not apply

[Anonymous Coward]

Searching through e-mails only works if you're using a mail client, why would someone in a cafe use Outlook to check their email?

This was discussed before!

[Discotechnica]

It's not google's fault that other programs leave data out in the open. The search tool does nothing a regular user couldn't do!

Re:Security Diversion

[Jucius Maximus]

Exactly. Google desktop search doesn't find anything that wasn't there before. It just is better at organising and mining it than a human being.

and how is this googles problem?

[Ummagumma]

...google provides this tool, for personal use. Any libraries/public terminals that ALLOW the desktop search are the real problem here, not the desktop search agent itself.

I've been using the desktop search for a week, and find it indispensible now. But, like any good, powerful tools, it can be misused, in a mis-configured enviornment.

Basically, just watch where you surf on a PUBLIC machine. duh.

Reasonable thing to comment on!

[francisew]

Isn't it time that media start to put up opposition to services that compromise privacy in fundamental ways? I think this bandwagon is one that isn't so bad to have going on.

Google does great things, but without such opposition, they might not keep all issues in proper perspective. The things they mention are very important.

Oh come on

[savagedome]

First of all, GDS does not bypass security or username/passwords. These files are accessible via the IE cache using Windows Explorer anyway. The index is stored in %USERPROFILE%\Local Settings\Application Data\Google\Google Desktop Search

Plus, why are these people have rights to install GDS on library computers? The libraries need to take notice by using a policy control to begin with.

Its a GOOGLE DESKTOP SEARCH tool. It says SEARCH in a screaming font. If that doesn't ring these people's bells, then they need to buy hi-fidelity headphones that are used by chronic deaf.

Blaming the kinfe company when the kid cut itself playing with the knife.

KeyLoggers anyone.. ?

[Manip]

So if I have user rights on public computers to install software for all users and store large data stores of cached information that is accessible to everyone it would be very simple to exploit that in order to install way more effective spying software such as keyloggers, remote monitoring software and other such software.

Notice people that write this software are the same group that use clippy to help them use Word and the same people that think anti-virus means complete security. Nuff Said!

This obvious fear mungering on the part of the media. Clueless as always.

When you remove the obscurity...

[Kiaser Zohsay]

...it becomes easier to see the "security through obscurity" really doesn't work. It's not that a desktop search compromises security, it's that the security wasn't there in the first place.

Re:Security Diversion

[dresgarcia]

Slow news day. . .Its all on the OS. . .ALL ON THE OS. The os is what makes those files available for google search to find. By the way. . . maybe if the computers were cheaper people would put money into security. . .instead of spending it all on the cost of the PC.

How is this really a concern?

[aidoneus]

It's not as if Google didn't document this [google.com]. If you're installing this on a public system without any real form of user access control, then you're asking for trouble. Google desktop doesn't do anything that an end-user wouldn't be able to do with a little cache snooping and looking in temp files. Really, Google Desktop doesn't belong on this open of a type of system, and in addition one really shouldn't be using such an insecure system for anything very sensitive.

Maybe Google just needs to make the warning a bit more obvious, like a hug "WARNING: Google desktop allows you to search all files on this computer" or something.

-jason

Not to be the bearewr of bad news but...

[CliffH]

... the whole email argument is stupid as far is internet cafe's and libraries are concerned. I mean, come on. Do you honestly setup an email client for your ISP, download mail to a PUBLIC system, and then LEAVE IT THERE!!! If you want to argue about privacy concerns, argue about something that really breaches your privacy. These attacks on the desktop search are really pissing me off lately. Oh, and for those who who check their hotmail and yahoo or whatever, clear the bloody cache if the systems are setup to let you. Hell, they should do that by themselves if they are properly setup cafe or library machines anyway to protect your privacy. In fact, they should be setup so YOU CAN'T INSTALL APPS!!!! Damn I'm sounding shitty this morning. :) Ok, end of rant....

Kill the messenger.

[scribblej]

Hey, that stuff is there whether you use Google to show it to you or not. I say we thank our Google Overlords for showing the masses how stupid it is to read e-mail or get passwords on a public terminal.

Re:Security Diversion

[antarctican]

I wouldn't blame Google for this, I'd say Google has unwittingly discovered existing problems with shared computers and caching.

From what I understand, Google's desktop only caches what's already on the machine's hard drive. So all this "sensitive information" that it's finding is already there for those who know how to find it, and take the time to.

This is a wake up call for how much personal information is actually kept on our desktop machines.

Lurking privacy concern

[indros13]

When Google first announced this, the Google-fanboy in me said, "sweet, another computer thing improved by Google!" But I read a couple of the detractor's articles and realized that there are some things on a PC I just wouldn't want to share with others. While this is fine on my personal, one-man home computer, I wouldn't want to use a public computer with the Google Desktop installed.

What really gets me is the Slashdot response. If Microsoft had released similar search feature, it would be one more nail in the coffin of poor security, no matter what user advisories they had given. When Google does it, we all jump to say that Google expressly warned against using this on a multi-user box.

I'm guilty of it, too, but let's not lose sight of the goal--better privacy and security--just because one company has a better track record.

Re:Security Diversion

[RealProgrammer]

[...] If everyone can SEE the insecurity then the users will either

1. become aware
2. find alternatives
3. clamor to have the problem fixed
4. [...]

The clamor will be, at best, "Make Google stop!"

People who don't understand how things should be done are befuddled when confronted with the way they are done.

Public Computers?

[lcde]

Wah. Don't install it on public computers. They don't need to search through files anyways.

Re:Web-mail need not apply

[Anonymous Coward]

https is not cached. if your webmail isnt using ssl then, once again, this is not google's problem.

Re:I wonder....

[Anonymous Coward]

man slocate

Re:Again?

[rhsanborn]

Microsoft also states that for security you should disbale ActiveX. The government says you shouldn't smoke. Your parents warn you about strangers, and Santa Claus tells you to be nice.

Just because people have been warned, doesn't mean that they will take the advice. Many, if not most, actually will ignore the advice because it is a hassle. Stories like these hopefully wake people up a bit. Unfortunately, the blame is placed on google unfairly.

Re:Mod down that troll

[a55mnky]

Why do you assume that it is Google's responsibility to determine what may or may be "obviously" private.

People need to be responsible for the own actions.

Intent

[Traa]

Some considerations:

In favor of google: I do think they had the intent on creating a usefull tool.

In favor of google: As far as I know, all the information that their desktop search tool exposes can be found in simular ways using a veriety of tools including MS windows own 'find-in-files' search options. In other words, their desktop search tool doesn't go out and break user-protected barriers.

Against Google: Just because your intent is honerable doesn't mean you can ignore privacy concerns.

Against the media (CNN, et.al): No integrity to be found for a while now! Just plain bashing, advertising, manipulating, money-making propaganda.

my $0.02

This is silly

[tarnin]

How much privacy before or after usage of a system in a public place do these people think they actually get? They are public, not your home system.

Also, who would be sending private emails or requestion passwords via a public terminal and not know that this info could be seen after weither the Google utility is installed or not.

I'm called Overhype on this.

Re:Reasonable thing to comment on!

[francisew]

I agree with the replies to my comment. Google isn't doing anything worse than what is already available.

Does that mean that they should releaase a tool that has some serious privacy-invasion concerns?

The fact that they are hugely popular, and that people might otherwise never realize the inherent privacy risk is exactly why I think it's good that this extra attention is being paid to google.

... and yes, I think IE vulnerabilities are terrible. I think people should switch to more secure browsers. But I'm not discussing browsers right now...

Re:Security Diversion

[DunbarTheInept]

But you're forgetting the mentality of the average user.
1 - I didn't notice X before.
2 - I performed action Y.
3 - Now I notice X.
4 - Therefore Y must be the cause of X, regardless of what all those geeky pinhead types have to say about it. Don't they know the customer is always right?

The end result will be the google gets blamed for exposing what was there all along, an nobody is going to let facts get in the way of their own personal perceptions.

Re:Mod down that troll

[RealityMogul]

A few points here:

GDS runs as a system service and has access to everything.

Google got in bed with MS on this one as they only cache MS Office type docs.

GDS could easily cache file security attributes and filter accordingly based on the logged in user.

You'd all be having a fit if this happened on Linux.

Re:Intent

[Anonymous Coward]

i dont get the privacy concerns. This is a tool DESIGNED to index PRIVATE material. That is the intent. so i dont think its a suprise that it may be installed in places it shouldnt because of public access. But honestly, what can google do, they entire tool is based on indexing material on a computer including private material.

Price?

[cbr2702]

By the way. . . maybe if the computers were cheaper people would put money into security. . .instead of spending it all on the cost of the PC.

Computers are now at $400 [microcenter.com] . When computers were $1500, people had no money for security, and they still don't.

Re:Intent

[drinkypoo]

Incidentally, on both Windows 2000 and XP your cache files are stored in your Profile directory, which is not world-readable. Does google search allow you to retrieve documents to which you do not have permission? I don't think so. I installed it but I haven't even used it so I don't know what it shows in summaries... how much of the document is indexed?

The risk are already there...

[stephanruby]

If your library allows you to install executables on your own or allows you to change some of the privacy internet browser settings, then this risk is already there.

The point is that all the libraries I've been into don't allow you to do any of those things, otherwise they would already be infested with spyware and trojans, and I doubt that those same libraries would be stupid enough to install this google desktop search without knowing what it does. And it's the same with Kinkos, Kinkos actually allows you to install some stuff on there, but they reimage the drive every time a new user goes on there (but unlike what the story seems to suggest, Kinko has been doing this for years -- long before Google even became an household name).

This is a non-issue. This is just a newspaper troll who's taken the issue of the day and combined it with the hottest brand of the day, nothing more.

Start | Search | For Files Or Folders

[DaWorm666]

Search for files or folders named: *.* Containing text: password How is this any different?

Not Google's fault, but the PC admins...

[jbarr]

First off, after using it for several days, I realized that I do NOT want GDS caching my Web activity. I certainly don't have anything to hide in my surfing at work, but to me, GDS's incredible usefulness comes in being able to VERY EASILY AND QUICKLY search for data WITHIN documents currently stored on my PC. This is proving to be an invaluable tool at work.

Anyway, as for being installed on public PC's, the problem is not Google's, but those who permit the application to be installed on a public PC in the first place. Any PC administrator who permits user-installable applications in a public environment is asking for problems, headaches, and potential litigation.

Let's just hope this news doesn't get spun wrong and opens people's eyes to security...

Re:Security Diversion

[Short Circuit]

That's the thing about privacy. It doesn't matter so much that your data is available. What matters is how easy it is to search, compare and use.

That's why I don't like things like federal databases, or even cross-company commercial database integration.

Re:Mod down that troll

[forgotten_my_nick]

I would be intrested to know how you would do this.

Currently all software defines things that are private that are.

1) encrypted.
2) Access control handed over by the operating system.

Anything other then that is fair game. The problem isn't google. It is the software on a public machine or the user who doesn't know better.

Complaining about the insecurities of GDS...

[SwansonMarpalum]

...is like complaining about General Electric's light bulbs when they show you the termites which are eating your house from the foundation up.

Google Desktop Search is highlighting problems in Windows' Security, which is that there is none. This is good for Google in the long run on two fronts. It puts Microsoft on the defensive, as this is another issue that Microsoft will ultimately need to solve in security ahead of implementing new features. This gives Google the time to go on the offensive implementing new products for customers that are technically excellent and do not have the cooked in problems of Microsoft Software.

Re:Kill the messenger.

[drinkypoo]

not only that but you can use the OS-supplied search function to search for files which contain a string. The difference between using google desktop search and Explorer search is simply one of speed and convenience. OMG Microsoft provided a tool which you can use to do data mining if you have access to the user account! THOSE BASTARDS!

Re:Reasonable thing to comment on!

[stephanruby]

"Blaming the knife company when the kid cut itself playing with the knife"

This is a stupid quote. Google doesn't even create the knife. The knife is already there in the cache, and if your library doesn't take care to delete it -- it is already accessible. You can already access that information by browsing through the directory structure, using an old cookie, going to your history tab, using the autocomplete feature, and probably a couple of other ways as well.

Google has done nothing to compromise your security or your privacy. Nothing. Even the guy who tries to defend Google doesn't seem to understand this point.

What I want to know...

[Ayanami Rei]

How is it possible the users can install ANYTHING (not just Google Desktop) on public internet terminals or in libraries?

Seems to me focusing on the WRONG problem.

Re:Lurking privacy concern

[Jerf]

If Microsoft had released similar search feature, it would be one more nail in the coffin of poor security, no matter what user advisories they had given.

Microsoft has released a similar feature. You've been able to find files by a string in the contents for a long time now. Not only is it not "a nail in the coffin of poor security", it is completely unnoticed in this entire fracas. Yes, the implementation sucks (and it seems like I've never gotten it to work right in XP), but it is there and I am yet to hear a Google Search privacy problem that is not equally a problem for the built-in OS search.

I guess you can only bitch about what you know about. Most people, even on Slashdot, are ultimately pretty ignorant about what is in the seething miasma that is Windows. (I'm only slightly better than ignorant.) Speaking as a certified privacy wonk [jerf.org], this is all too silly to worry about.

Re:Again?

[rackhamh]

"The fact that you can get the data with some other tool does not remove all fault on Google... The Desktop search do make it a lot easier to get and present it in a way that it can be easily understood."

By that line of reasoning, we should get all pissy at Microsoft for including Windows Explorer with their OS. After all, Explorer makes it "lot easier to get and present it in a way that it can be easily understood."

And the Recycle Bin makes documents accessible "even if they are DELETED"!

Bottom line: you're wrong. Google has provided a useful tool for INDIVIDUAL users. Now the burden of enforcing that is on system administrators. Period.

Re:Security Diversion

[ViolentGreen]

Very true. I've looked at the html for secure pages before and some used some kind of "nocache" tag or somthing like this. Is this common? If it is then this shouldn't be a huge worry.

Re:Security Diversion

[BrynM]

Wouldn't the windows search provide the exact same ability if it was enabled? I agree, google has just indexed the data and made it more easily searchable

Windows search ignores lots of data types and directories at Microsoft's discression. Here's an example [bellbits.com]... example [microsoft.com]...

Two Questions you missed

[Deeper Thought]

Two Questions you missed

1: Does Google Search's index maintain copies or text fragments of e-mail and HTML items AFTER they are deleted? (Can I search for 4000000000000000...4999999999999999 and at least find an index entry?)

2: Does Google Search turn on any additional logging that isn't already on? I thought it turned on AIM's logging.

one more:
3: Can the tray icon be hidden -- so you don't know it's running?

Blame Google, but not keyloggers and others.. nice

[supermonkeyball]

Personally, if I use a public computer, I wouldn't trust my life on how secure it is. True, Google allows you to do that stuff (or so I assumed), but there are many MANY things that users should be wary of other than Google's desktop search.

Who knows if key loggers (hardware and software) are installed? What virii are sending your information to China? All sorts of crap could get your information. I think media is blaming the wrong group here, but they're doing it because they themselves don't understand.

Re:what about "locked down" computers

[over_exposed]

(no new windows, no downloads of software, no access to drive)

So how would one download the Googlebar?

Re:what about "locked down" computers

[over_exposed]

...at which time it's use becomes the sole responsibility of the administrator - not Google.

Stupid Humans

[turnage]

Ok, you guys are amazing. Let's put this into context. Microsoft comes out with this great tool called ActiveX. It allows all kinds of wonderful things to happen, especially rich content in emails. Uh-oh, someone finds out that this technology is a great way to F around with folks' email since it's so integrated in Outlook (just using Outlook as an example, won't even go there with Windows). Bad, M$, no bone. Nevermind the users who don't know to simply turn off active scripting, they're not the problem - it's Microsoft - since software manufacturers should understand that all users are dumb. Enter Google. All data that's currently on the PC is presented in a highly searchable manner, even to people who have no idea about privacy issues involving electronic data. Stupid users, you shouldn't put such data there, don't you know how every application you've ever used persists data? It's obviously not Google's fault you're so stupid.

Allow me to describe for you living-in-yo-mamas-basement geeks how 6 billion people operate:

The average user has no idea of the security implications of simply going to a public computer and using the facilities provided for them.

If they've ever bought a computer before, they did not buy it from a store with a sales rep that gave them a book listing out every privacy/security vulnerability in the OS installed on it, and if they did they didn't read it. They may have never even talked to anyone knowledgeable about it.

Average users don't have conversations with geeks, sitting around talking about why M$ fscking sucks today and how 3l337 they are or how they 0wn3d U or whatever the hell they say. Average users have conversations with other average users about sports and knitting.

It is doubtful the user has a college degree in computer science, engineering, or even went to a technical school.

Not every kiddie is a script kiddie. I would venture to say most kids who use a library aren't script kiddies - script kiddies have computers at home. If you don't believe me, go to any public library with computers in south Atlanta and ask if their parents own a computer.

In a perfect world, it would be awesome if everyone understood the problems with computer privacy, but we have to deal with all those fucking ignorant lusers who don't read slashdot every hour. If Google doesn't understand this, rest assured they will be hounded by privacy counsils until they learn.

Ok, off do to some google credit card searches ;)

Re:and how is this googles problem?

[LnxAddct]

More importantly, a point which everyone seems to be forgetting, is that the damn program is still *beta* and not only that, but its still in Google labs. So lets see... A beta product still in the lab thats designed for personal use on a personal computer, assuming a public terminal should be fairly locked down(i.e. at my libray you can't install, yet alone right click) so that other people can't install things, what sane administrator would install this program on a public computer!?!? All of these people are trying to take a story about an insecure operating system being administered by ignorant sys admins and turn it into something against Google.
Regards,
Steve

we're forgetting how many stupid users there are

[ericbrow]

I agree that this google search is a security problem. You won't find it on my machine. People do need to be aware of what this program can do.

With that said. I'm a web design teacher. I've got four kids in here right now trying to get caught up before quarter grades are due. They're typing up a web page, and cannot remember where they are saving it. One kid tells me he's saved it four times. Problem is, he can't tell where or under what name he saved it (I've serached about a dozen ways, I really don't think he did it). This represents about 20% of my class who cannot grasp the concept of directory structure.

If this is indicitative of the rest of the population, I can see how Google thought this would be a needed product.

Re:Security Diversion

[William Tanksley]

Right! We demand to NOT be told about collections of our public data, including leaks of our private data into the public.

Your approach is all wrong. It DOES matter that your data is available; that _by definition_ transforms your data from "private" to "public". That's the end of your privacy with respect to that data. And you have yourself to blame. Don't use your credit card on a public computer.

-Billy

Re:Lurking privacy concern

[stevemm81]

If Microsoft had released similar search feature, it would be one more nail in the coffin of poor security, no matter what user advisories they had given.

If Microsoft had produced this search feature, it would probably be integrated into Windows, turned on by default, and difficult to disable. If Microsoft produced something like this, where you would go to msn.com and download the MSN Desktop Search Wizard which sits noticably in your system tray and can easily be disabled/uninstalled, I doubt there would be any more complaints or that Slashdot would take them any more seriously. Using
this tool to steal someone's data is about as sneaky as trying to look over their shoulder with a bright red SpyKids periscope.

Privacy vs Functionality

[nwbvt]

You are constantly being forced to decide between privacy vs functionality. I can give out my email address to other people and thus increase the functionality of my email, but at the time I am sacrificing some degree of privacy.

In this case you are sacrificing 'privacy' (if you want to call having information hidden away in some part of the file system that most users don't know about privacy) for the ability to quickly find things. If you think that is a worth sacrifice, by all means install the program. Otherwise, keep it off your computer.

As far as public computers go, well you shouldn't be accessing sensitive data on a public computer in the first place! Its easy to tell if google's desktop search thing is running, its not so easy to tell if someone installed a virus that is recording your every keystroke.

Re:Security Diversion

[Short Circuit]

My point is that the ease of searching data is more important than the data itself.

If you go through my comment history, you'll find out all sorts of things about me. But will you? Probably not. It's not worth your time to sift through all the data.

However, with data analysis algorithms, you could have a computer tell you all you need to know about my posting habits, and possibly even find cyclical behaviors and suspicious gaps in my posting.

Add other users' histories into the mix, and you might think you've stumbled onto a conspiracy.

Isn't this similar to WinFS features?

[Reivec]

I have not used google's desktop or WinFS so I could be way off base here. But isn't the google desktop providing many of the same features promised by WinFS in longhorn? And people on slashdot never really seemed to exicted about longhorns features :-P. Now don't get me wrong, I don't think google has done anything wrong here, I just think it is strange that no one has pointed out that it is just like a feature that has been demonized on slashdot in the past. I personally don't like the concept of either. The best way to find data fast is to *gasp* keep it organized in the first place. If I want to check my AIM logs I have a search for that already. If I want to check old emails, my email client can search for that already.... etc. Thus if I keep everything on those areas and a decent order I can find things super quickly anyway. To me it would only be helpful to those that have no idea what they are looking for but just want to find something "interesting" and they do some keyword searches to see what comes up.

I suppose the only major difference is that google doesn't integrate it into the OS.

Re:Security Diversion

[ksnivwj]

Why on earth would any publicly accessible PC have Google Desktop Search installed anyway? These PCs are usually dumb terminals for accessing the web. Even in libraries, they do NOT store anything locally so none of the material would be indexed. If any public organization or kiosk does have this package, its is up to the PC/kiosk owner to warning the user. CNN: "this sky is falling"

Re:Ultimately doesn't this come down to how MS wor

[omicronish]

Windows is moving that direction but files aren't protected between users in any way.

That's a bunch of BS. Profile directories have permissions set so that only that user, Administrators, and the system (SYSTEM account = OS) can read it. This is by default, without any user intervention. User-specific data includes user documents, the HKEY_CURRENT_USER registry tree, and Internet cache among other things.

What I'm assuming is happening with Google Desktop is that it's running as a service when indexing, which enables it to bypass the default permissions since SYSTEM is given full access to profiles. This is akin to running a service as root in *nix. In case you're thinking "see?!?! Windows sucks because it runs as system!!!", you can change the account under which services run; IIS for Windows 2003 runs under a lesser-privileged account, in fact.

So really, the fact that Google Desktop is indexing data of all users is in the design of Google Desktop itself. It's perfectly feasible to restrict Google Desktop to running under the security context of a single user, which will restrict it to indexing only that user's files. Unfortunately, although permissions are restricted properly, users by default have Admin access in Windows, so it ends up being a Windows problem in the end unless you've restricted accounts. However, my point that file protection between users exists still stands.

Re:Security Diversion

[Issue9mm]

But, if the data weren't available in the first place, one couldn't apply any analysis algorithms to it.

How easy the information is to find doesn't matter, if it CAN be found at all. Ease is a matter of how much effort one is willing to invest.

-9mm-

Re:Mitnick-style social engineering

[bayvult]

Nicely put. When Microsoft does it, the users are victims. When Google does it, the users are stupid.

When Microsoft uses a privacy policy that entitles it to your business plans all hell breaks loose - as it should. When Google uses the same privacy policy for Orkut, the l33t kids roll over and want to be fucked^H^H tickled again. It's amazing.

Google has performed a Mitnick-style social engineering exploit, giving people what they want to hear.

l33t kidz: "We love you, Google!"
Google: "We're not evil!"
l33t kidz: "We love you even more, Google!"
Google: "We're not evil but we're not too bothered about security or privacy, and you allow us to use your business plans!"
l33t kidz: "That's OK! It's not your fault. We love you, Google!"
... rinse and repeat.

Google might not be evil, but it's already gone far beyond anything Microsoft could have got away with. And with l33t kidz as our watchdogs, how will we ever hold them accountable?

If you let people install things on public PCs...

[almaw]

If you let people install things on public PCs then as a sysadmin you deserve to be shot.

At the very least, you will end up reinstalling Windows every week as the system drowns in a mire of spyware and viruses.

In addition, why would anyone on a public PC want to install this? They'd only do it to look at other people's files. And if they want to do that, then why not go the whole hog and install a keystroke logger instead? Why bother looking through the windows when you can steal the keys?

Nothing to see here, move along...

with or without

[robbieb]

with or without google desktop the problem about caching information will be there yet.

Google desktop find some information that some other program store in unsafety mode in computer.
The problem is about these other software.

Sorry for my poor english language :)

MetaData

[r2q2]

This is merely a tool. Just because it can be used the wrong way shouldn't make it a privacy concern. Peer to peer apps actually are more of a privacy concern just because they export all of the information?

Privacy Issues at Libraries

[Slavinski]

Although I don't care for the desktop search utility,
it's hardly a valid complaint for privacy at a public
facility. It just means the average Joe can now find what most
with any limited knowledge of Windows can already see.

This is hardly worthy of news. It should be titled "Using Public Computers
Leaves Users Open."

The Media Got It Right

[kwn]

This is a valid example of the media working in the interest of its readers. There is a security issue as a result of what Google has created and there is a need for that flaw to be exposed. There is not an excess of negative publicity or a bandwagon.

GDS departs, subtly, but significantly, from a resonable definition of search because it caches data and thus misleads it's users (though, without malice). When the average person thinks "search" they do not think "cache". Cacheing does not enter into the experience of searching, from which most people are going to base their assumptions.

The average person when searching for their keys will try to remember where they put them. They may even have written down where they put them last, but they would not put a copy of their key in their pocket, nor would they keep a history of all the keys they had ever used as they moved from house to house.

Its the difference between what a resonable person expects when Google says to them "Desktop Search!" and what actually happens that creates the potential security problem.

When you delete a sensitive document is it reasonable that your "Search" tool underminds your intentions?

Reading the GDS documentation you can glean that GDS caches data and that users should be wary, but I see nothing wrong with the explicit manner in which the media has pointed it out.

The headlines are mild at best: "Google's desktop search a serious privacy risk?" and "New Google tool creates privacy risk on shared PCs"There is really only one article on this topic by Anick Jesdanun of The Associated Press that appears to be syndicated to many different sites. I read one other original article by Wolfgang Gruener, Senior Editor Tom's Hardware Guide (and I don't count the Motely Fool article). At best, a lonely and awkward bandwagon ride for the two of them.

Enough with the Google Love-fest on /.

[johansalk]

I am truly sick and tired of all those comments that get moderated as high whenever there's a google story and all seemingly are defensive of google regardless of what.

Let's face it. Google's practices towards privacy have been far from holy and way too intrusive. In fact, they've had an AWFUL record by any objective account. This invitation-only model of builcing up demand for their services as in orkut and gmail is ludicrous; it's such a cheap trick, the scarcity principle, and I can't believe how stuipdly the masses are falling for it, that once they get an orkut or gmail account they'll willingly do anything. Have you filled up an orkut form? pages and pages of information collected, NEVER seen anyone online who wants so much information about someone. The privacy conerns about gmail are also legitimate. It doesn't require you to tell them your life story by filling forms before you can use the service but who needs that when they got your email and can and do scan them. This whole beta excuse is pure BS; Google News has been beta for 3 years now! I have downloaded Google desktop search, but decided not to install it seeing how I already had software solutions that did more and better and without the privacy compromises I would have to make.

Dare anyone mod me down as troll or flamebait on this post and it'd be so much evidence of how sucked up into it many of you are.

Google DTS: Towards a Security Analysis

[j.leidner]

There are the following individual problems, which should not be bagged together, since they require different solutions:

1) The current tool runs with Administrator permissions.

This is simply a tiny technical oddity that Google will soon be able to fix.

2) The current tool indexes cache content.

We users don't want that. Even if the fact that it merely exposes underlying OS or app security flaws (by virtue of the power of indexing), it's not likely to impress users if Google brings these things up as search results.

This can be easily fixed by excluding cached content from indexing.

3) Search might move in a direction where global repositories and Web content are accessed using the same query.

This is tough: because it's such a useful feature, many people will want to have it. However, by submitting all your local searches in parallel also to a global search engine that maintains knowledge about your IP and a cookie, Google will soon more about you than your next to kin. This needs a theoretical solution (most likely there needs to be an intermediate layer of anonymization, like Freenet has it).

4) Google might be transferring "interesting" local content they find to their site to spy on you.

I don't believe they do this now, but that doesn't matter. The problem is they might in the future: imagine a fictional country passed a law that allowed their agents to get access to Google's infrastructure to fight a made-up enemy.... Right now, you have to TRUST them, but nobody monitors this in a principled way, so there should be a well-found mechanism in place to render potential temptations meaningless. Freedom is at stake here.

5) Even if you index only your own account, you don't want to see everything all the time. When you're being watched by your nine-year old boy, a search for mum shouldn't perhaps bring up and email revealing somebody close to him will probably die from cancer within 6 months. There are more examples.

This is tough, and it's a conceptual HCI issue, and a social one, not a technical security flaw. One solution could be to introduce a MODE to indicate the privacy/trust level of your context/environment, e.g. "I'm working alone at home", "I'm working in a group of colleagues in my company", "I'm on a public terminal in a busy shopping mall" (some people access their home machines remotely). The problem is somewhat related to watching other people type their passwords: it's always been part of hacker etiquette to look away when somebody logs on to a machine rather than stare on their fingers and take pencil notes. But the search issue is more complex, and there really needs to be a mechanism in place, not a social norm.

In summary, the Google desktop search tool is useful, because it forces us to re-think security and privacy as boundaries between local and global systems are blurred. After all, the network is the computer.

--
Try Nuggets [mynuggets.net], our mobile search engine. Ask questions in plain English via SMS, across the UK.

Is this a joke?

[Sigma 7]

"if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs,

If it's somehow installed on library or Internet cafes, then it means the security of the compter has been compromised. Either someone is trying to make a very big joke, or they are too paranoid.

Besides, these problems are easily countered through one of many methods (some of which are exclusive with some other options):
1. Regular security audits (e.g. after the library or cafe closes.) You may need specialized software to automate the process, but you should at the very least be checking the computers to see if they are okay.
2. User account restrictions. In most cases, security breaches occurr because the user somehow got hold of local administrator prvilages - this should be prevented when possible.
3. Public monitering. You generally want most computers within public view. For the computers that have a privacy screen, you should give a priority audit. While this doesn't preevnt intrusions, it does deter some and otherwise make things easier to detect by a random bystander.
4. Hard drive images. If a machine is suspected to be compromized, restore it from an image.
5. DeepFreeze. Pressing the reset button restores the computer to a usable state. You can even give users permission to install software without worries either under this option (but be careful not to give permissions to change user accounts or configure the network.)

The sky is not falling. As long as Chicken Little doesn't create enough panic to get all the barnyard animals to the fox's den, we are safe.

Re:you have an answer

[dedazo]

Because M$

"M$"!? How original!

made a system that automatically installs software from any random internet site?

Automatically... what? WTF does that mean?

Librarians go through absurd lengths, such as automated software that reinstalls windoze every day

Um, WTF are you talking about? Reinstall "Windoze" every day?? Are you on crack? By god, are you actually generalizing this?

For all that work, it's still an insecure, single user OS that should not be trusted

No, "twitter", it's not a single user OS. I suppose you need to wrap yourself in your Linux security blanket to justify your existence, but Windows NT4 or anything newer supports multiple users just fine. XP supports multiple concurrent users, sort of like X (but it's a simpler system, unless you use a full-fledged TS server). No one has to read anyone else's files, and the whole thing is easily secured and restricted if you know what you're doing. If you cannot be bothered to figure out how "Windoze" works, then I suggest you stop offering your opinion as to why "it sucks". I don't even use Windows nowadays, but your vacuous claims that it's somehow hopelessly unusable are simply stupid.

Gawd I go away for a few months and here you are offering the same tired "M$" "Windoze" and "i don't want to hear it" ejecta. You insult everyone's intelligence by wading in here and spouting your tired bullshit. Go away.