Google Desktop Search Under Fire

AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."

Again?

[__aaitqo8496]

Didn't we already determine that Google has stated Desktop Search is not for use on multiple-user machines and that you can always retrict domains, directories and result types from inclusion despite the fact that the files are still publically accessible.

Re:Web-mail need not apply

[bhtooefr]

Webmail checked with Internet Explorer DOES apply. ANYTHING visited with Internet Explorer applies.

In Latin...

[hawkestein]

We refer to this fallacy as post hoc ergo propter hoc.

(Well, not "we". I don't actually speak Latin).

Re:Mod down that troll

[cthrall]

> Google got in bed with MS on this one as they only
> cache MS Office type docs.

MSFT released filters allowing developers to get at the content of Office docs. Office is the prevalent productivity suite used. Why is GOOG in bed with MSFT?

> GDS runs as a system service and has access to
> everything.

No, there's an entry in HKEY_CURRENT_USER\...\CurrentVersion\Run that starts everything. That means it runs as the current user.

Re:and how is this googles problem?

[YrWrstNtmr]

And clean your browser cache and history afterward.

And then the Google cache also. Which, on a public machine, you may or may not is there, and may not have access to.

Re:and how is this googles problem?

[Meostro]

Or just tell it not to search secure webpages you visit to start with:

Right-click, select Preferences
Under Search Types, uncheck Web history and/or Include secure pages (HTTPS) in web history

Yet another "this is a benefit, not a design flaw" instance from Google. Why are people such idiots that this is a problem?

nevermind, I don't really want to know... it would just depress me.

Re:Security Diversion

[JimDabell]

I've looked at the html for secure pages before and some used some kind of "nocache" tag or somthing like this.

If it's in the HTML, you are talking about <meta> elements, and they are an unreliable substitution for proper HTTP headers.

More importantly though, the nocache directive still permits clients and proxies to store a copy of the resource in their cache, so long as the copy is revalidated before being used again. The directive that should be used for sensitive data is nostore.

Re:Mod down that troll

[agallagh42]

I just checked my task manager, and the GDS app consists of three things:

GoogleDesktop.exe
GoogleDesktopCrawl.exe
Googl eDesktopIndex.exe

Each of them run as the current logged in user. Therefore, it can only search things that the current user has access to. The database that everything is stored into (the index) is user specific as well, stored in:

%systemdrive%\Documents and Settings\[username]\Local Settings\Application Data\Google\Google Desktop Search\

Other non-admin users do not have access to your index. Obviously, admin users will have access to all non-encrypted files on the machine, and the google desktop search doesn't change that.