Google Desktop Search Under Fire

AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."

Security Diversion

[stecoop]

warning of more privacy implications regarding Google's Desktop Search

So the actual problem is that public computers aren't secure? Google Desktop Search doesn't do anything more than what a halfway good script kiddies can do. I say that all public computers install the software and plug the permissions problem on the OS. If everyone can SEE the insecurity then the users will either

1. become aware
2. find alternatives
3. clamor to have the problem fixed
4. Another law will be written (don't let it get to this).
   Choose one or proactively make a "none of the above choice" by doing something about it.
   PS we almost freaking died out here - it's been an over an 1 1/2 since the last story.

Re:Security Diversion

[lpp]

Why is this an OS issue? In Linux or OS X what's to stop me from writing a similar application? If I run the harvester part as a background process run as root (i.e. Administrator on Windows), I'll be able to grab everything. If the client is allowed to communicate with this daemon in order to pull up the information, I'll still see your stuff, unless you've encrypted it.

But encryption is atypical as yet. And on a public terminal you aren't likely to be logging in as another user anyway, but rather as an unprivileged guest account. But then the harvesting and viewing could all happen without root/Administrator access.

Re:Security Diversion

[GoClick]

A well set up system doesn't let you read other user's files. Even a well set up Win2k or XP machine won't let you do that.

Re:Security Diversion

[Pxtl]

Question: how hard is it to make a "throw-away" login? That is, guest logs on, does his thing, logs off, all evidence of his existence is eradicated. Such a setup should be required for public kiosks. Under Linux or Windows, either way.

Alternately, guest can make his own account with password really quickly, which will be destroyed with a month of inactivity. But that would be a frill.

Re:Security Diversion

[William+Tanksley]

And my point is that your point doesn't make sense to me. I can do all of that if I really wanted to, and you couldn't stop me (nor could the government). The reason? All that information is public, not private. If you want it private, keep it that way. If you need to work with someone who wants your data, make sure you get them to contract to keep your data private.

This points out a very severe recent problem, by the way. A judge recently decided that an airline's privacy policy didn't matter because "few people even read it, and most people don't care". If this is upheld, this sort of contract will become impossible to enforce, and privacy will become very hard to guard.

-Billy

Google Desktop Spam finder

[khendron]

My big problem with Google Desktop Search is not the privacy issues, but the fact that it indexes all my email. By that I mean ALL my email, including spam. It is rather annoying to perform an seemingly innocent search and get the first hit being "Bu|y V|agra , Us|e you|r B|G D|CK!" Especially if my manager is looking over my shoulder.