Google Desktop Search Under Fire

AchilleCB writes "Cnn and many other sources are jumping on the Google-privacy-bash bandwagon, they are carrying stories warning of more privacy implications regarding Google's Desktop Search, "if it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases." ... Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail."

Security Diversion

[stecoop]

warning of more privacy implications regarding Google's Desktop Search

So the actual problem is that public computers aren't secure? Google Desktop Search doesn't do anything more than what a halfway good script kiddies can do. I say that all public computers install the software and plug the permissions problem on the OS. If everyone can SEE the insecurity then the users will either

1. become aware
2. find alternatives
3. clamor to have the problem fixed
4. Another law will be written (don't let it get to this).
   Choose one or proactively make a "none of the above choice" by doing something about it.
   PS we almost freaking died out here - it's been an over an 1 1/2 since the last story.

Re:Security Diversion

[Jucius+Maximus]

Exactly. Google desktop search doesn't find anything that wasn't there before. It just is better at organising and mining it than a human being.

Re:Security Diversion

[antarctican]

I wouldn't blame Google for this, I'd say Google has unwittingly discovered existing problems with shared computers and caching.

From what I understand, Google's desktop only caches what's already on the machine's hard drive. So all this "sensitive information" that it's finding is already there for those who know how to find it, and take the time to.

This is a wake up call for how much personal information is actually kept on our desktop machines.

Re:Security Diversion

[RealProgrammer]

[...] If everyone can SEE the insecurity then the users will either

1. become aware
2. find alternatives
3. clamor to have the problem fixed
4. [...]

The clamor will be, at best, "Make Google stop!"

People who don't understand how things should be done are befuddled when confronted with the way they are done.

Re:Security Diversion

[lpp]

Why is this an OS issue? In Linux or OS X what's to stop me from writing a similar application? If I run the harvester part as a background process run as root (i.e. Administrator on Windows), I'll be able to grab everything. If the client is allowed to communicate with this daemon in order to pull up the information, I'll still see your stuff, unless you've encrypted it.

But encryption is atypical as yet. And on a public terminal you aren't likely to be logging in as another user anyway, but rather as an unprivileged guest account. But then the harvesting and viewing could all happen without root/Administrator access.

Re:Security Diversion

[DunbarTheInept]

But you're forgetting the mentality of the average user.
1 - I didn't notice X before.
2 - I performed action Y.
3 - Now I notice X.
4 - Therefore Y must be the cause of X, regardless of what all those geeky pinhead types have to say about it. Don't they know the customer is always right?

The end result will be the google gets blamed for exposing what was there all along, an nobody is going to let facts get in the way of their own personal perceptions.

Re:Security Diversion

[GoClick]

A well set up system doesn't let you read other user's files. Even a well set up Win2k or XP machine won't let you do that.

Re:Security Diversion

[Pxtl]

Question: how hard is it to make a "throw-away" login? That is, guest logs on, does his thing, logs off, all evidence of his existence is eradicated. Such a setup should be required for public kiosks. Under Linux or Windows, either way.

Alternately, guest can make his own account with password really quickly, which will be destroyed with a month of inactivity. But that would be a frill.

Re:Security Diversion

[ViolentGreen]

Very true. I've looked at the html for secure pages before and some used some kind of "nocache" tag or somthing like this. Is this common? If it is then this shouldn't be a huge worry.

Re:Security Diversion

[BrynM]

Wouldn't the windows search provide the exact same ability if it was enabled? I agree, google has just indexed the data and made it more easily searchable

Windows search ignores lots of data types and directories at Microsoft's discression. Here's an example... example...

Re:Security Diversion

[William+Tanksley]

Right! We demand to NOT be told about collections of our public data, including leaks of our private data into the public.

Your approach is all wrong. It DOES matter that your data is available; that _by definition_ transforms your data from "private" to "public". That's the end of your privacy with respect to that data. And you have yourself to blame. Don't use your credit card on a public computer.

-Billy

Re:Security Diversion

[JimDabell]

I've looked at the html for secure pages before and some used some kind of "nocache" tag or somthing like this.

If it's in the HTML, you are talking about <meta> elements, and they are an unreliable substitution for proper HTTP headers.

More importantly though, the nocache directive still permits clients and proxies to store a copy of the resource in their cache, so long as the copy is revalidated before being used again. The directive that should be used for sensitive data is nostore.

Re:Security Diversion

[Hatta]

People who don't understand how things should be done are befuddled when confronted with the way they are done.

In todays society it's generally the inverse. People who do understand how things should be done are befuddled when confronted with the way they are done.

Re:Security Diversion

[Short+Circuit]

My point is that the ease of searching data is more important than the data itself.

If you go through my comment history, you'll find out all sorts of things about me. But will you? Probably not. It's not worth your time to sift through all the data.

However, with data analysis algorithms, you could have a computer tell you all you need to know about my posting habits, and possibly even find cyclical behaviors and suspicious gaps in my posting.

Add other users' histories into the mix, and you might think you've stumbled onto a conspiracy.

Re:Security Diversion

[William+Tanksley]

And my point is that your point doesn't make sense to me. I can do all of that if I really wanted to, and you couldn't stop me (nor could the government). The reason? All that information is public, not private. If you want it private, keep it that way. If you need to work with someone who wants your data, make sure you get them to contract to keep your data private.

This points out a very severe recent problem, by the way. A judge recently decided that an airline's privacy policy didn't matter because "few people even read it, and most people don't care". If this is upheld, this sort of contract will become impossible to enforce, and privacy will become very hard to guard.

-Billy

Re:Security Diversion

That's why I don't like things like federal databases, or even cross-company commercial database integration.

Oh, come on. The only reason you don't like federal databases is because you owe the IRS $2,674.26 in back taxes and penalties from your 1999 taxes. And you never paid that parking ticket you got on 2nd Street in Cincinnati. Ohio on December 22, 2002. And there's that toll booth in Chicago you drove through without paying three times back in July. If you don't take care of your tickets, we might have to sieze the $3299 plasma TV you put on your Visa card on the 17th of last month (normally we'd threaten to put a lien on your house, but our records show that you moved into an apartment back in June).

This was discussed before!

[Discotechnica]

It's not google's fault that other programs leave data out in the open. The search tool does nothing a regular user couldn't do!

Again?

[__aaitqo8496]

Didn't we already determine that Google has stated Desktop Search is not for use on multiple-user machines and that you can always retrict domains, directories and result types from inclusion despite the fact that the files are still publically accessible.

and how is this googles problem?

[Ummagumma]

...google provides this tool, for personal use. Any libraries/public terminals that ALLOW the desktop search are the real problem here, not the desktop search agent itself.

I've been using the desktop search for a week, and find it indispensible now. But, like any good, powerful tools, it can be misused, in a mis-configured enviornment.

Basically, just watch where you surf on a PUBLIC machine. duh.

Re:and how is this googles problem?

[YrWrstNtmr]

And clean your browser cache and history afterward.

And then the Google cache also. Which, on a public machine, you may or may not is there, and may not have access to.

Re:and how is this googles problem?

[Meostro]

Or just tell it not to search secure webpages you visit to start with:

Right-click, select Preferences
Under Search Types, uncheck Web history and/or Include secure pages (HTTPS) in web history

Yet another "this is a benefit, not a design flaw" instance from Google. Why are people such idiots that this is a problem?

nevermind, I don't really want to know... it would just depress me.

Reasonable thing to comment on!

[francisew]

Isn't it time that media start to put up opposition to services that compromise privacy in fundamental ways? I think this bandwagon is one that isn't so bad to have going on.

Google does great things, but without such opposition, they might not keep all issues in proper perspective. The things they mention are very important.

Re:Web-mail need not apply

[bhtooefr]

Webmail checked with Internet Explorer DOES apply. ANYTHING visited with Internet Explorer applies.

Oh come on

[savagedome]

First of all, GDS does not bypass security or username/passwords. These files are accessible via the IE cache using Windows Explorer anyway. The index is stored in %USERPROFILE%\Local Settings\Application Data\Google\Google Desktop Search

Plus, why are these people have rights to install GDS on library computers? The libraries need to take notice by using a policy control to begin with.

Its a GOOGLE DESKTOP SEARCH tool. It says SEARCH in a screaming font. If that doesn't ring these people's bells, then they need to buy hi-fidelity headphones that are used by chronic deaf.

Blaming the kinfe company when the kid cut itself playing with the knife.

When you remove the obscurity...

[Kiaser+Zohsay]

...it becomes easier to see the "security through obscurity" really doesn't work. It's not that a desktop search compromises security, it's that the security wasn't there in the first place.

How is this really a concern?

[aidoneus]

It's not as if Google didn't document this. If you're installing this on a public system without any real form of user access control, then you're asking for trouble. Google desktop doesn't do anything that an end-user wouldn't be able to do with a little cache snooping and looking in temp files. Really, Google Desktop doesn't belong on this open of a type of system, and in addition one really shouldn't be using such an insecure system for anything very sensitive.

Maybe Google just needs to make the warning a bit more obvious, like a hug "WARNING: Google desktop allows you to search all files on this computer" or something.

-jason

Kill the messenger.

[scribblej]

Hey, that stuff is there whether you use Google to show it to you or not. I say we thank our Google Overlords for showing the masses how stupid it is to read e-mail or get passwords on a public terminal.

library users?

[Texodore]

What is someone going to find if they install this on a library computer? livejournal.com pages? Orlando Bloom pictures? Lyrics to an Eminem CD? chat sessions with pinkkitty5555?

This is silly

[tarnin]

How much privacy before or after usage of a system in a public place do these people think they actually get? They are public, not your home system.

Also, who would be sending private emails or requestion passwords via a public terminal and not know that this info could be seen after weither the Google utility is installed or not.

I'm called Overhype on this.

Re:Mod down that troll

[RealityMogul]

A few points here:

GDS runs as a system service and has access to everything.

Google got in bed with MS on this one as they only cache MS Office type docs.

GDS could easily cache file security attributes and filter accordingly based on the logged in user.

You'd all be having a fit if this happened on Linux.

Re:Lurking privacy concern

[savagedome]

You are blaming the violet light maker when it finds those 'stains' on your bed sheet. The stains were already there. You just didn't know and now you are pissed that everybody found out!

Price?

[cbr2702]

By the way. . . maybe if the computers were cheaper people would put money into security. . .instead of spending it all on the cost of the PC.

Computers are now at $400 . When computers were $1500, people had no money for security, and they still don't.

In Latin...

[hawkestein]

We refer to this fallacy as post hoc ergo propter hoc.

(Well, not "we". I don't actually speak Latin).

Not Google's fault, but the PC admins...

[jbarr]

First off, after using it for several days, I realized that I do NOT want GDS caching my Web activity. I certainly don't have anything to hide in my surfing at work, but to me, GDS's incredible usefulness comes in being able to VERY EASILY AND QUICKLY search for data WITHIN documents currently stored on my PC. This is proving to be an invaluable tool at work.

Anyway, as for being installed on public PC's, the problem is not Google's, but those who permit the application to be installed on a public PC in the first place. Any PC administrator who permits user-installable applications in a public environment is asking for problems, headaches, and potential litigation.

Let's just hope this news doesn't get spun wrong and opens people's eyes to security...

Re:Mod down that troll

[cthrall]

> Google got in bed with MS on this one as they only
> cache MS Office type docs.

MSFT released filters allowing developers to get at the content of Office docs. Office is the prevalent productivity suite used. Why is GOOG in bed with MSFT?

> GDS runs as a system service and has access to
> everything.

No, there's an entry in HKEY_CURRENT_USER\...\CurrentVersion\Run that starts everything. That means it runs as the current user.

Google Desktop Spam finder

[khendron]

My big problem with Google Desktop Search is not the privacy issues, but the fact that it indexes all my email. By that I mean ALL my email, including spam. It is rather annoying to perform an seemingly innocent search and get the first hit being "Bu|y V|agra , Us|e you|r B|G D|CK!" Especially if my manager is looking over my shoulder.

What I want to know...

[Ayanami+Rei]

How is it possible the users can install ANYTHING (not just Google Desktop) on public internet terminals or in libraries?

Seems to me focusing on the WRONG problem.

Re:what about "locked down" computers

[over_exposed]

(no new windows, no downloads of software, no access to drive)

So how would one download the Googlebar?

Stupid Humans

[turnage]

Ok, you guys are amazing. Let's put this into context. Microsoft comes out with this great tool called ActiveX. It allows all kinds of wonderful things to happen, especially rich content in emails. Uh-oh, someone finds out that this technology is a great way to F around with folks' email since it's so integrated in Outlook (just using Outlook as an example, won't even go there with Windows). Bad, M$, no bone. Nevermind the users who don't know to simply turn off active scripting, they're not the problem - it's Microsoft - since software manufacturers should understand that all users are dumb. Enter Google. All data that's currently on the PC is presented in a highly searchable manner, even to people who have no idea about privacy issues involving electronic data. Stupid users, you shouldn't put such data there, don't you know how every application you've ever used persists data? It's obviously not Google's fault you're so stupid.

Allow me to describe for you living-in-yo-mamas-basement geeks how 6 billion people operate:

The average user has no idea of the security implications of simply going to a public computer and using the facilities provided for them.

If they've ever bought a computer before, they did not buy it from a store with a sales rep that gave them a book listing out every privacy/security vulnerability in the OS installed on it, and if they did they didn't read it. They may have never even talked to anyone knowledgeable about it.

Average users don't have conversations with geeks, sitting around talking about why M$ fscking sucks today and how 3l337 they are or how they 0wn3d U or whatever the hell they say. Average users have conversations with other average users about sports and knitting.

It is doubtful the user has a college degree in computer science, engineering, or even went to a technical school.

Not every kiddie is a script kiddie. I would venture to say most kids who use a library aren't script kiddies - script kiddies have computers at home. If you don't believe me, go to any public library with computers in south Atlanta and ask if their parents own a computer.

In a perfect world, it would be awesome if everyone understood the problems with computer privacy, but we have to deal with all those fucking ignorant lusers who don't read slashdot every hour. If Google doesn't understand this, rest assured they will be hounded by privacy counsils until they learn.

Ok, off do to some google credit card searches ;)

Re:Mod down that troll

[agallagh42]

I just checked my task manager, and the GDS app consists of three things:

GoogleDesktop.exe
GoogleDesktopCrawl.exe
Googl eDesktopIndex.exe

Each of them run as the current logged in user. Therefore, it can only search things that the current user has access to. The database that everything is stored into (the index) is user specific as well, stored in:

%systemdrive%\Documents and Settings\[username]\Local Settings\Application Data\Google\Google Desktop Search\

Other non-admin users do not have access to your index. Obviously, admin users will have access to all non-encrypted files on the machine, and the google desktop search doesn't change that.

Privacy Issues at Libraries

[Slavinski]

Although I don't care for the desktop search utility,
it's hardly a valid complaint for privacy at a public
facility. It just means the average Joe can now find what most
with any limited knowledge of Windows can already see.

This is hardly worthy of news. It should be titled "Using Public Computers
Leaves Users Open."