Slashdot Mirror
Google Desktop Search Under Fire
AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."
Didn't we already determine that Google has stated Desktop Search is not for use on multiple-user machines and that you can always retrict domains, directories and result types from inclusion despite the fact that the files are still publically accessible.
Webmail checked with Internet Explorer DOES apply. ANYTHING visited with Internet Explorer applies.
And clean your browser cache and history afterward. Where do you think it finds the info it returns?
Sheesh, I'm sure it will go through many more revisions before the thing is actually released as final. Where are these muckrakers when the legislature and the president pass laws that invade privacy?
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
I agree. If you're sending sensitive information in email, it's your fault. If you're concerned about privacy and you're using a public computer, it's your fault.
Google archives information. You gave it information.
Nothing new here except that Google has all of a sudden made it easier to look up "private" information that is locally cached. The data is already there for someone who knows what to look at, after all, but now Google's made it easy to access. How is this different from typing something into the address bar of a browser and being presented with an "interesting" list of choices that were stored via the browser's autocomplete functionality?
Eric
Read a bit of Vioxx humor
We refer to this fallacy as post hoc ergo propter hoc.
(Well, not "we". I don't actually speak Latin).
-- Will quantum computers run imaginary-time operating systems?
> Google got in bed with MS on this one as they only
> cache MS Office type docs.
MSFT released filters allowing developers to get at the content of Office docs. Office is the prevalent productivity suite used. Why is GOOG in bed with MSFT?
> GDS runs as a system service and has access to
> everything.
No, there's an entry in HKEY_CURRENT_USER\...\CurrentVersion\Run that starts everything. That means it runs as the current user.
And then the Google cache also. Which, on a public machine, you may or may not is there, and may not have access to.
As for GDesktop finding things in the web browser's cache - ANY kiosk web browser (library, coffee shop, etc.) should have the cache turned off or set at the absolute minimum. I set it to a token "100" on Firefox and IE. If the files aren't there, GDesktop can't index them. Funny that.
US Democracy:The best person for the job (among These pre-selected choices...)
In most public libraries/terminals you can already access all sensitive information on the hard drive. Sometimes, if you just go in and paste what is on the clipboard you can get people's e-mails. Inbetween users these computers should be completely wiped. How do you access data on a computer that has the run menu disabled and you can't get to the desktop? Easy. Just go to Internet Explorer and enter this into the address bar:
// yeah THIS isn't a security threat. //takes you to the system root //takes you to the current user profile //takes you to the all users profile //takes you to the application data // THIS WILL EXECUTE CMD.EXE GIVING THE USERS A COMMAND PROMPT
V ER%X T%R %P T%U SERPROFILE%
%TEMP% and %TMP%
%SYSTEMROOT%
%USERPROFILE%
%ALLUSERSPROFILE%
%APPDATA%
%COMSPEC%
Now that they have a command prompt they can type in even MORE fun things.
%HOMEDRIVE%
%HOMEPATH%
%HOMESHARE%
%LOGONSER
%NUMBER_OF_PROCESSORS%
%OS%
%PATH%
%PATHE
%PROCESSOR_ARCHITECTURE%
%PROCESSOR_IDENTFIE
%PROCESSOR_LEVEL%
%PROCESSOR_REVISION%
%PROM
%RANDOM%
%TIME%
%USERDOMAIN%
%USERNAME%
%
%WINDIR%
See here for a list. It's for Windows Server 2003 but it's all more or less relevant. GDS isn't even taking full capability of Windows' inherent flaws.
python -c "x='python -c %sx=%s; print x%%(chr(34),repr(x),chr(34))%s'; print x%(chr(34),repr(x),chr(34))"
Gmail most certainly does use SSL for viewing mail. I'm using it right now.
If GDS runs as LocalSystem, it will find and display stuff of all users even if the system properly locked down and users would normally be unable to see each others documents.
Or just tell it not to search secure webpages you visit to start with:
Right-click, select Preferences
Under Search Types, uncheck Web history and/or Include secure pages (HTTPS) in web history
Yet another "this is a benefit, not a design flaw" instance from Google. Why are people such idiots that this is a problem?
nevermind, I don't really want to know... it would just depress me.
Gmail most certainly does use SSL for viewing mail. I'm using it right now.
Hmm, interesting. I just edited the URL to use https, and sure enough, it is running in SSL. Even though it uses SSL for login in both cases, it will display mail in whatever mode you started the connection with. It appears that it is up to user - good to know and I stand corrected.
-Em
RelevantElephants: A Somatic WebComic...
If it's in the HTML, you are talking about <meta> elements, and they are an unreliable substitution for proper HTTP headers.
More importantly though, the nocache directive still permits clients and proxies to store a copy of the resource in their cache, so long as the copy is revalidated before being used again. The directive that should be used for sensitive data is nostore.
Question: how hard is it to make a "throw-away" login? That is, guest logs on, does his thing, logs off,
Well, one-time password systems have been around for a long time. My OpenBSD server has this installed. But of course, Netcraft confirms that OpenBSD is dying.
In a windows NT, 2000, or 2003 domain, users do not have administrative rights on a workstation by default. It's been that way for nearly ten years.
The fact that most short-sighted windows administrators change this to ease their workload shouldn't be Microsoft's fault. Even a poorly written Windows application that "requires" administrative privileges can be made to work with standard user privileges, by giving narrow write permissions on select registry keys and directories on the disk. (Such applications do not even qualify for the Windows compatibility seal from Microsoft).
Similarly, no sane "web kiosk" administrator would give a user anything other than guest rights. When you log into windows 2000/XP as a guest account, everything is deleted when you log off - registry settings, temporary files, whatever. There are plenty of auto-logoff screen savers avaiable, too, even some from Microsoft IIRC.
Search for files or folders named: *.* Containing text: password How is this any different?
Well, Windows search would take about 35 minutes to return results. (Get to watch the search dog, or paperclip, tho!)
GDS - about a tenth of a second.
People suck.
The second point - you're right. I was thinking of something else and made an innacurate statement.
As for your first point - you're trying to turn what I said into saying that Google has a business deal with MS to help MS take of the world. Google made a choice to use those formats, and made a choice to release it for one platform, and they forgot to address security properly on that platform.
I just checked my task manager, and the GDS app consists of three things:
l eDesktopIndex.exe
GoogleDesktop.exe
GoogleDesktopCrawl.exe
Goog
Each of them run as the current logged in user. Therefore, it can only search things that the current user has access to. The database that everything is stored into (the index) is user specific as well, stored in:
%systemdrive%\Documents and Settings\[username]\Local Settings\Application Data\Google\Google Desktop Search\
Other non-admin users do not have access to your index. Obviously, admin users will have access to all non-encrypted files on the machine, and the google desktop search doesn't change that.
Carpe Cerevisi - Seize the Beer
Not very. In OS X, you can set a login hook for a guest account which will reset the account to defaults. So if I put something in a public machine's guest user's ~/Documents folder, it would be gone as soon as I logged in as guest again. Same goes for the entire contents of ~/. All caches would go with it.
Download and install their free program.
Then feel free to install the Google Desktop Search. Although the program tried to access the Internet, Zonealarm blocked it. Presto chango, problem solved and now I have an awesome desktop search on my computer which cannot spy on me.
Safari on Mac OS-X has a functionality just for the shared computer. with the push of a button, all what you have done with it is erased. ... Nothing to be found afterward.
...
Cache, bookmarks, history,
I know, it not very usefull here as google search is not available for Mac and safari is not available for Windows but,
Such a functionality should be implemented in firefox with a default preference which do just that each time you exit.
Laurent
---