Slashdot Mirror
Google Desktop Search Under Fire
AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."
Didn't we already determine that Google has stated Desktop Search is not for use on multiple-user machines and that you can always retrict domains, directories and result types from inclusion despite the fact that the files are still publically accessible.
Webmail checked with Internet Explorer DOES apply. ANYTHING visited with Internet Explorer applies.
And clean your browser cache and history afterward. Where do you think it finds the info it returns?
We refer to this fallacy as post hoc ergo propter hoc.
(Well, not "we". I don't actually speak Latin).
-- Will quantum computers run imaginary-time operating systems?
> Google got in bed with MS on this one as they only
> cache MS Office type docs.
MSFT released filters allowing developers to get at the content of Office docs. Office is the prevalent productivity suite used. Why is GOOG in bed with MSFT?
> GDS runs as a system service and has access to
> everything.
No, there's an entry in HKEY_CURRENT_USER\...\CurrentVersion\Run that starts everything. That means it runs as the current user.
And then the Google cache also. Which, on a public machine, you may or may not is there, and may not have access to.
Or just tell it not to search secure webpages you visit to start with:
Right-click, select Preferences
Under Search Types, uncheck Web history and/or Include secure pages (HTTPS) in web history
Yet another "this is a benefit, not a design flaw" instance from Google. Why are people such idiots that this is a problem?
nevermind, I don't really want to know... it would just depress me.
If it's in the HTML, you are talking about <meta> elements, and they are an unreliable substitution for proper HTTP headers.
More importantly though, the nocache directive still permits clients and proxies to store a copy of the resource in their cache, so long as the copy is revalidated before being used again. The directive that should be used for sensitive data is nostore.
I just checked my task manager, and the GDS app consists of three things:
l eDesktopIndex.exe
GoogleDesktop.exe
GoogleDesktopCrawl.exe
Goog
Each of them run as the current logged in user. Therefore, it can only search things that the current user has access to. The database that everything is stored into (the index) is user specific as well, stored in:
%systemdrive%\Documents and Settings\[username]\Local Settings\Application Data\Google\Google Desktop Search\
Other non-admin users do not have access to your index. Obviously, admin users will have access to all non-encrypted files on the machine, and the google desktop search doesn't change that.
Carpe Cerevisi - Seize the Beer
Download and install their free program.
Then feel free to install the Google Desktop Search. Although the program tried to access the Internet, Zonealarm blocked it. Presto chango, problem solved and now I have an awesome desktop search on my computer which cannot spy on me.