Google Desktop Search Under Fire 444
AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."
Security Diversion (Score:5, Interesting)
So the actual problem is that public computers aren't secure? Google Desktop Search doesn't do anything more than what a halfway good script kiddies can do. I say that all public computers install the software and plug the permissions problem on the OS. If everyone can SEE the insecurity then the users will either
Choose one or proactively make a "none of the above choice" by doing something about it.
PS we almost freaking died out here - it's been an over an 1 1/2 since the last story.
Re:Security Diversion (Score:5, Interesting)
But encryption is atypical as yet. And on a public terminal you aren't likely to be logging in as another user anyway, but rather as an unprivileged guest account. But then the harvesting and viewing could all happen without root/Administrator access.
New killer app needed for public computers? (Score:3, Interesting)
But travellers that don't have laptops, travellers who've lost their laptops, and people who don't own computers, are going to find internet access more and more essential as time goes by.
It would be good if there were some way to have secure public terminals, that people could get onto the internet and be reasonably assured that their access is private.
I realize that iron-clad security isn't possible, but if it could rise to at least the security of ATMs (I say this knowing that ATMs have vulnerabilities) then I think the internet would be a better public resource.
Ultimately doesn't this come down to how MS works (Score:3, Interesting)
Google Desktop is doing exactly what it's programmed to do. The insecurity is in the way Windows has no seperation between users.
If there was a Google desktop for linux it would only be indexing the logged in users information and it would be readable/seachable only by that user (and root of course).
I understand the concern and I would say that google desktop doesn't belong on public terminals. I mean is there any situation where public terminals should have files to be searched on them anyway?
Google Desktop Spam finder (Score:5, Interesting)
Re:Security Diversion (Score:5, Interesting)
Re:Security Diversion (Score:5, Interesting)
Alternately, guest can make his own account with password really quickly, which will be destroyed with a month of inactivity. But that would be a frill.
Re:Security Diversion (Score:2, Interesting)
Btw, see my
Please dont mistake me. My concern is less with google's great idea and more with IE. The combination of these two technologies could really open up some exploit "opportunities".
Microsoft Knows Their Business (Score:1, Interesting)
The question is, if Google's stuff can do all this, what would NGSCB and Trusted Computing do?
Re:Security Diversion (Score:5, Interesting)
This points out a very severe recent problem, by the way. A judge recently decided that an airline's privacy policy didn't matter because "few people even read it, and most people don't care". If this is upheld, this sort of contract will become impossible to enforce, and privacy will become very hard to guard.
-Billy
Re:Security Diversion (Score:3, Interesting)
Re:Security Diversion (Score:2, Interesting)
Re:Security Diversion (Score:2, Interesting)
Many (though certainly not all) people assume that sharing information about themselves is fine, because it's too difficult for malicious persons to collect, organize and analyze that data.
And the only way to keep the data private is to become a hermit. The only other solution is to slow the process of analysis.
I refuse to become a hermit. I'd rather take part in EFF Action Alerts to slow the passage of legislation that makes data about me easier to analyze.
The Big Corperation (Score:2, Interesting)