Searching For Trouble With Google

achilles writes "From a recent eWeek article: 'Whether they realize it or not, many people leave sensitive information out in plain view on Web sites. But sooner or later, a Google search will dig it up.' The article goes on to list some examples such as 'a search for credit card numbers. Try this one, for "Visa 4366000000000000..4366999999999999' and other 'risky data' from careless users, such as QUICKEN files etc."

Liability

[usefool]

Is Google liable for harvesting and publishing sensitive information? If neighbour's window wasn't closed, it doens't mean you can take his naked photo and put it on the website?

Also, maybe those numbers are traps to catch people? Surely you need those goods to be sent to an address and someone has to eventually pick it up.

Try phpMyAdmin

Very popular is the search for "Welcome to phpMyAdmin".

This will give you some nice databases to browse through.

Terrifying

[corby]

I had trouble believing this, so I downloaded one of the .QDF files from the referenced link. I am feeling completely sick. This guy's checking account number, credit card number, and meticulously-maintained transaction history are sitting on my computer.

It's way too late to warn these people about the files. Their current identity is toast. So is their credit for the next seven or so years.

Is there anything we can advise these people to do to minimize the damage at this point?

Re:I blame the Google Toolbar for a lot of this

[RsG]

Not to troll, but "real security and ease of use"? That's a contradiction in terms. Any system thats easy to use is almost certainly easy to crack (hint, the crackers have as easy a time as the user). Any secure system usually requires long passwords, encryption keys or something equally challenging. If your users keep their passwords the same for all systems, or have accessable copies to remind them, then the system isn't secure (remember last week when Gabe Newall's forum accounts got hacked because he used the same friggin password and it was easy to guess?)
If you mean security through obscurity then you're describing the current situation on the net, but the article states that Google is removing the obscurity aspect by making the entire net accessible. We no longer have any kind of assurance than a given nook or cranny is too obscure to bother with.
I agree that people shouldn't leave their personal data lying around, but to simply assume that the general public can adopt security measures that we, the /. crowd, consider adequate and easy to use is silly. What we need is internet education (the do's and do not's for the clueless).

P2P is Worse

[deebaine]

On a lark, I've tried searching P2P (in this case, Kazaa), for things that people have inadvertently made available. The things I found were jaw-dropping. Beyond the expected credit card and finance information, I found patent applications, doctoral dissertations, corporate documents, etc.

I'm pretty laissez faire on this one. If you leave your keys in the car and car running, the insurance company won't cover its theft (or at least, so goes the lore). Same principle applies here, I think.

-db

Just Call Them and help them out.

[freality]

I just called all the people on one of the lists linked here and either left a msg or explained the situation. Took about 30 minutes. The clearest way I found of convincing them was to tell them how to do the Google search themselves. For most of them, their name in quotes and the word "MasterCard" or whatever brought up 1 page, the page with their info on it. I got many answering machines and disconnected numbers, but a few thanks as well.