Slashdot Mirror
Google Copies Corporate Data to Google's Servers?
Penguinisto writes "According to Silicon.com, some CIOs have been seeing their company data being transferred to Google's servers as part of Google Desktop's functionality." From the article: "Mark Saysell, IT director at Coutts Retail Communications UK, said he is planning a network audit to find rogue installations, which will then be de-installed. New security measures will also be put in place to prevent further downloads. He said: 'Google has definitely over-stepped the mark and in turn is forcing IT departments to take a very draconian approach to machine security and web access.'"
Up front disclaimer: My WA state license plates are "GOOGLE" so some would probably accuse me of some bias.
I'll probably get flamed here, but I think CIO's are missing an opportunity for a great productivity enhancement at the hands of their Google paranoia. I wouldn't blame a CIO for wanting policy like this (I guess), but Google has shown themselves to be good corporate citizens, and I still submit they honor their "do no evil" credo.
I don't know what better way for a company of employees to share and access their data than having a Google desktop. Certainly (and Google knows this) Google exposes itself to such huge liability I can't imagine this being something they don't address with extreme due diligence.
As for the paragraph from the fine article:
People sharing information in companies isn't new, and I don't see this desktop searching as bringing any additional risk to bear. As for the information stored on Google servers, as stated above, Google seems to have this in hand, and I'd trust them for this service far more than anyone else, including any home-grown in house attempt to provide similar architecture.
I'd rather my CIO be a little more bold and allow this as a tool to further leverage my company's data.
What if Microsoft tried this?
IAW terms Google may keep data on its servers and "search it" for its own ends.
In our/my US department of Defense shop we took one look at Google desktop search and decided, no.
We actively block installing and using it.
This article is a joke. It's all about quoting people talking about how dangerous the new version of Google Desktop is when Google is very up-front about telling you what features will result in data being copied, and how to turn it off.
IT'S DISABLED BY DEFAULT. You have to WANT to turn it on.
Lousy reporting, is what this is.
If CIOs don't want people using Google Desktop, then make it a policy that they should not use it. Enforce the policy. End of story. Don't blame Google for making a tool that a lot of people find useful. There are other ways to give your enterprise the same capabilities without compromising your data.
It's not enough to bash in heads, you've got to bash in minds. - Captain Hammer
in the TOS, more or less.
who is starled that this was a bad idea?
They introduced a tool that lets you search your desktop from remote machines. They state at download that the tool copies data to their servers.
You are not required to use it. You do anyway.
Why is this overstepped? If you didn't want it to do this, you didn't have to use the tool.
This is not Google's problem. It is the companies who have bad computer security's problem. Google is not trying to hide what it is doing. If they can't avoid this, how are they supposed to avoid when someone is trying to hide what they are doing?
'Sensible' is a curse word.
... CIOs have been seeing their company data being transferred to Google's servers ...
No wonder Google doesn't want to cooperate with the Justice Department's request for information. They're running warez servers!
frist prost!
This isn't an issue with google. It's an issue with the users.
Search across computers is disabled by default. It doesn't even ask you to enable it in the intaller. You have to hunt through the options to turn it on.
It's not google "overstepping the mark" it's incompetant users changing settings they don't understand.
On a different note, if I were a sysadmin, then I would not be letting them install GDS anyway, without authorisation. They are company machines, subject to company rules, and should only run company software.
Snort signatures for the google desktop and download of google desktop can be found here.
If you're really worried.
Your sig(k) has been stolen. There is a puff of smoke!
Is it really asking too much of an Admin to maintain good software installation permissions and policies? If untrustworthy users have been given high enough authority to install their own software then Admins have no one to blame but themselves.
Well you can probably blame management too.. thats always good.
There are certain laws in place that regulate how confidential patient information is passed around (HIPPA). I'm fairly certain that should an employee have such information on their desktop and it's copied up to Google, that would constitute a breach of those laws.
Because of this, our desktop folks have decided that Google Desktop is not something that can be installed. It's a shame, too, as there's lots of "benign" features that we miss out on because of it.
The issue regarding Google Desktop resonates across a broader horizon. Companies don't typically supply all the tools required to be productive and employees end up resorting to 3rd party tools. Mismanagement.
Google Desktop is doing what it's designed to do: keep user's data on central servers so it's accessible from anywhere. It's just that it makes the assumption that all of the computer belongs to the user. Obviously in a corporate environment that's not the case, but Google Desktop doesn't know what kind of computer it's on so it can't do anything about that. The company needs to be more emphatic about the "no unauthorized software" rule (they do have a "no unauthorized software" rule, don't they?).
This is where Google's greatest value really lies: data mining. The possible advertising revenue pales in comparison to the value of the corporate (and even consumer) intelligence that Google collects. Simply being able to detect that persons in company x are suddenly interested in company y and that investment bank z is also interested in company y would allow one to predict things like mergers. Increased specific searches around the holidays might help predict which retail chain might do well. The power of Google should not be underestimated.
Woverly Harris Gooch, IV CTO American Fire and Bomb, LLC
They can avoid it easily -- stop uploading files!
If users need to share data between computers, there are these newfangled technologies called "CD-R", "USB Key" and "Email" that would probably work pretty well.
Conformity is the jailer of freedom and enemy of growth. -JFK
Tell your employees not to install the software. Its not that hard. And if the employee does install it, hold that person liable for the data transfered.
Click Click Bloody Click PANCAKES!
It is not hard to argue that this does not help all that much however. Notice how Firefox, IE and pretty much all browsers warn the first time you want to submit a form on a webpage (google web search perhaps) that this action will transmit data over the internet? Or pretty much all registration procedures for software, and tons of other little things. The fact is that people expect an application from a known vendor to not do something as stupid as copy the documents whole to their servers with only so little warning.
The fact is that the user did indeed choose it, however users also often install spyware. Yet we consider the spyware makers evil but Google good here.
I'd have to agree with the article that this feature was poor judgement on Google's part. Slashdot may consider it wrong to cater to the fact that people are a bit clueless with computers, but it is the truth and any serious software company must work with that in mind.
In other shocking and unexpected news, norton firewall blocks programs from accessing the network, NetNanny prevents access to some websites, and Slashdot decreases corporate productivity
You clearly haven't a clue - or you actually work for Google.
Any CIO in a government organisation would have their employment terminated, and possibly end up facing criminal charges for doing as you suggest.
All organisations have a responsibility (government or otherwise) to ensure that any and all data under their management is only disclosed to authorised people, and only under appropriate conditions. Failing to do so is extremely bad and stupid.
Now, this is usually done with some form of legal framework. Typically this will be a contract, or memorandum of understanding, between the organisation and the external party.
THERE IS NO SUCH DOCUMENT BINDING GOOGLE.
Are you somehow implying that Google is a special organisation that should be treated from others ?
Get a clue.
This FUD-fest brought to you by Microsoft.
(Who just announced that they will bury Google with their new search engine. No no, I'm sure they're not related in the slightest! Nooooo!!!)
It is surprising that Google (or any company) would go as far as moving data to their servers.
... Google earning more money from trying to manipulating people with more personalised and directed adverts ... oh joy ... I can't wait.
It can only be a matter of time until companies like this one start legal action to go after Google. Surely this is opening Google up to any number of legal issues, not least of which even as far as claims of corporate espionage. Saying they are not going to look at the data and its encrypted so just trust us doesn't exactly inspire confidence.
Plus further down the line, as they earn so much of their current money from advertising, it must be tempting to use data mining techniques to do a bit of consumer research in the future. So what do we have to look forward to, from this technology?
There are 10 kinds of people in the world... those who understand binary and those who don't.
Er, turns out it does default to not putting that data on their servers. I hadn't installed it yet, because of the FUD that said it did this in the first place. Turns out, it doesn't have to, and it defaults to not doing it. Lameasses. (not GP.)
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
Ships a lot of information about you or your activities to the home office
Yes, however, the difference here being
1) Google doesn't trick you into installing the "spyware"
2) Google tells you exactly what the "spyware" feature does
3) Google has the "spyware" feature turned off by default
Help me take back Slashdot. When did 'News for Nerds' become 'FUD and Conspiracy Theories for Extremist Nutjobs'?
I've never worked anywhere where IT policies like "no unauthorized software" were actually enforced. Hell, I've had HR people tell me they "won't" back terminations based on those policy violations because they're not severe enough. And if you're not firing people, you're not enforcing anything.
I know one guy who got shitcanned for it, but he was a prick and HIS boss came to me looking for some additional crap to throw at him and I suggested "Oh, how about the three system rebuilds we've done due to his software installs in the last six months" -- this just got tossed in as "wasting time."
Anyway, it's all well and good to say "enforce the policy" but most people outside of IT seek to usurp it at worst or at least treat it like yet another tech-geek OCD symptom.
instead of railing against Google, for a product and service that does exactly what it says. Seriously, google is not secretly copying data, and other than not babysitting other corporations employees, has done nothing wrong here.
If you trust your employee base with docs that can't be leaked or copied into the wrong hands, why aren't you training them on software best practices and using filtering and scanning to make sure they aren't taking it off network?
Really, Isn't this a bit of an amature hour effect here? If your security is that lax you probably also let people connect USB mass storage devices to your desktops as well. This is unlikely to be your greatest security hole.
They should also forbid/filter HTTP POST requests, IM file transfers, e-mail attachments, and any internet application that would allow the enterprise data to flow out of the company network.
This style of ruling totoally miss the point. You should teach your employers to generally avoid leaking enterprise data out of the company network and the risks of using certain applications. It is not to disable or to forbid the use of certain programs. Google Desktop Search is not built to compromise your data security, especially when this contradictionary function is turned off by default. It is your disloyal employer who you should be careful about. Your employ will always find a way if he wants to leak the enterprise data.
By doing what? Releasing a software package which does exactly what it says it does?
Might as well say the people who wrote FTP overstepped the mark as it doesn't stop people from sending sensitive data outside the company.
If you liked this thought maybe you would find my blog nice too:
BlackBerry maker, NTP ink $612 million settlement:t p/index.htm?cnn=yes
http://money.cnn.com/2006/03/03/technology/rimm_n
Off Topic, so sue me. My submissions are never accepted anyway. $612 million dollars for not making a product. I need to get in on some of that.
"To lead the people, you must walk behind them"
Isn't this problem only relevant to the Enterprise version? The Personal version doesn't have this "feature", so it's not an issue for that version. I understand that there isn't anything that's keeping google from putting this in the personal version, but they haven't. Personally I find google desktop (at least the deskbar - the rest of it is just annoyingly large, even with multiple monitors) to be an excellent addition to my machine. It is SO much faster and easier to use than the Windows search function.
Friends help you move. Real friends help you move bodies.
Never forget: 2 + 2 = 5 for extremely large values of 2.
I use Google desktop, and find it very handy. It's quite possible I'll have to give up using it because of this issue. That doesn't make me feel well-disposed towards Google, or inclined to try any new products they might release.
If these people have such sensitive data on their machines why the hell are they allowed to install any random software off the web onto them?? You can get "software" that does waaaaaaay more than just cache some of your files online, and you might not even know you installed it.
So Google copies data and the /. community supports them, But what if Bill G had started to copy deasktop data. The /. foums would melt from teh flames and anger. Hmmm - a little biased are we?
Google understands this and created an Enterprise version that allows you control this... http://googleenterprise.blogspot.com/2006/02/searc h-across-enterprise-desktop.html
Apart from depending on the data, it's also not clear that google is legally allowed to protect the data. At present they are being sued by the U.S. govt. which wants access to people's search history without any justification. This may or may not succeed, but certainly any request with just a hint of justification will be allowed.
Google is being stupid. The first person who gets kidnapped because their financial data was copied by Google and then accidentally leaked by the secret service will not be happy.
It seems to me that Google is in the same position that Microsoft was years ago, when corporations all ran Netware or IBM servers because Microsoft products were naive about corporate reqirements. Google will probably climb the learning curve faster than Microsoft did, but they aren't there yet. /. readers who make suggestions like "forbid installing the software" or "fire users who do it" also don't understand corporate IT. Some corporations have desktops locked down so users can't install software, but some don't because their users are higher level and need to install selected applications.
The suggestion to fire users who turn on the data upload is also hated by IT managers. Corporations are full of clerks and other mid-level people who never read IT policy documents, don't really care about security, and like to turn on cool features. The IT manager is not going to look good if he tells HR "Sally who is otherwise a great employee checked this box because she didn't know she shouldn't, so now you have to fire her".
IT managers differ, but they generally want to give users as much functionality as possible, as long as they are sure it is safe and reliable. What an IT manager probably wants are network-level options to (1) forbid Google desktop entirely, (2) allow it but disable the data-sharing features, (3) leave it up to the user, or (4) do a mandatory (push) install to all desktops. Then the IT manager would want a web page or other report to see who had done what.
When Microsoft figured out requirements like these, they invented Active Directory and its Group Policy component. Look at products like Symantec Antivirus Corporate, where you can look at all desktops and verify their antivirus status from a central console, or Microsoft's own free WSUS which lets you make sure everybody in the corporation has installed all critical patches.
These are the kinds of solutions that work in the real world as opposed to firing people, and as soon as Google figures this out they will be a lot more popular on corporate desktops.
Hm. "Do no evil"(TM) is just a trademark... They should come up with some logo for it. For example rounded label "No evil inside", oh, better not or somebody could think that there is no Windows inside...
But wait didn't they defend the same stance hand in hand with Microsoft in the "obeying local law" case in China? If Microsoft is an evil what is Google then? Or is the Google evil and Microsoft good? Or are they both evil... or good? And wait what is "evil" and what is "good"? Oh, sure, just brand. It sounds good and people may thing that it is true because it was broad casted on the TV and TV is about real life.
I simply do not like cheap labels. It is better to watch the actions and then make the opinion then listen to propaganda and trying to match expected behavior to the real behavior. It remembers me my childhood when I had to attend the "Pioneer" organization (organization for very young people before they could join the communist party) I saw similar "good" labels there and it taught me a lot when I grown up.
Well, I've got to get back to work. When I stop rowing, the slave ship just goes in circles.
Score:-1, Troll
Calling me a Troll for stating the truth is taking the piss, I was trying to help. Most people are not programmers.
There are 10 kinds of people in the world... those who understand binary and those who don't.
$ORGANIZATION is about to update its information security policy in light of Google Desktop with a recommendation that the software must not be downloaded onto any
For heaven's sake, what planet do these people that are allegedly responsible for IT come from? Let's see:
I've worked as an IT director in a few financial services companies over the last ~20 years, and everyone employed there, on their first day, had to read and sign something like this:
We would install or make available external software if it was useful and appropriate, after testing it. Otherwise, no dice. Will some people complain? Absolutely! Tough shit.You've never been through a Sarbanes Oxley audit I see ...
Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws-Plato
> I still submit they honor their "do no evil" credo.
On the flip side, Google's intentions have little or nothing to do with this. The U.S. government has already issued a subpoena for their data; the only thing stopping them from complying has been the lack of a court order. You're not trusting Google to manage your data; you're trusting the justice system.
If all they cached was actual corporate data, that could actually be less of an issue. However, now those budget spreadsheets and corporate memos will be mixed in with user/personal data (can you say browser cache?). This is an unscrupulous lawyer's dream -- they can pick out documents to paint their own picture of you and your company.
This is really no different than if I sell you a canister of propane with a big warning label on it that says, "If you place this canister into a fire it will explode, killing you". If someone is stupid enough to actually do it, do you really think the company that made the canister is responsible?
- Google Desktop has the functionality to uplaod data to google servers
- This Functionality is turned OFF by default
- To turn this functionality ON you have to purposely navigate to it, it's not out in the open
- Any employee dumb enough to do this in a corporate environment is not an employee you want working in said corporate environment
- None of this is GOOGLES fault
Just because you make an item with a certain potential level of functionality that could be misused doesn't mean it's your fault when Joe Dumbass misuses it.
You are offtopic, but I appreciate the link anyway. Thanks!
You are reading a copy of my copyrighted post.
I'm confused...google could have its cake and eat it too if they did this feature right.
Here's how it ought to work. Everything is encrypted client-side before being sent up to the google servers in a way that google can't decrypt based on your user account password guarding public/private keys you generate per machine in the GDS front-end. Only the public keys are shared across the network, the data is completely encrypted everywhere except the endpoints. What's the problem?
Ah ha!, you say, the problem is that they mine that data on their servers for information they can use to advertise at you. First, is this true? I haven't been able to confirm it, though it seems in line with their advertising model. Second, assuming it is true, there's no reason GDS can't create some kind of index over your data client-side and then send up the statistical summary of the info it mined. That way, there's no way the docs could be reconstructed, google gets their ad revenue, and users get their functionality without having to worry about data on google's servers.
Anyone have any notion of why this wouldn't work?
but have you considered the following argument: shut up.
Yeah, but spyware generally does this without your knowledge. Google Desktop must be a pretty shitty spy to explicitly tell you, both in their TOS and on the page where you enable the feature, what they are doing. Plus, Spyware installs without your knowledge for the most part. With Google Desktop, you have to download the program, then dig through the settings and turn this feature on.
That's a good link.
... until CIA and FBI employees discover the wonders of Google Desktop et al.
FBI: Hand over the search logs.
Google: How bout $50mil and we'll give you back the area 51 documents for starters?
Indeed, or Mac OS 9. Or any operating system for which Google Desktop search doesn't work. Brilliant!
After all, I am strangely colored.
Will you please shut up! You don't need to post this in every thread on the damn article. Not all companies are able to just rip up all their windows installations, plus their custom software built for Windows, and replace it overnight with another system. Christ, you're like one of those kids that run around saying the same thing over and over again in the hopes someone will pay attention to you.
I put GoogleDesktop on a pretty non-critical personal machine awhile ago and just got the creeps, so I removed it--not to mention the HUGE index files ticked me off.
However, if Google is going to vacuum up the contents--in any amount--of my local drive from software that from all appearances is meant to be LOCAL, they damned well better have a huge flashing 87pt type warning to that effect. It's disturbing enough that, owing largely to Google, the web has become such an indelible medium, but if I don't intend to send my info out into the ether to be forever inscribed, leave it the !#%k where it is, 'kay?
I hope they get a swift kick in the nads for this one.
Really thats just fucking scary.
OMG Ponies!!! with Glitter!!!! I miss Pink
My company now forbids using Google Desktop because of this feature.
Yes, it's off by default.
Yes, you have to go out of your way to turn it on.
Yes, they keep track of what's installed on everyone's machine.
Yes, there are ways around that -- but for safety's sake, I now use MSN's local search.
Google's product is forbidden.
So google (you listening?) -- how about local-only version for us corporate folks, with the upload option completely removed?
We get a version that can be blessed by IT, you keep your user base.
Seems like a winner to me.
Using systems like OpenBSD and Solaris...
Dude, that's enough. You've posted this 3 of 4 times already. Are you some kind of preacher or what? Here's your line, corrected for you: Using systems like OpenBSD and Solaris and Linux and Windows, PROPERLY CONFIGURED it is quite easy to provide an employee with a desktop that will not only vastly increase their productivity, but will also eliminate problems such as this.
It is irrelevant if it would be used by google or not. Simply by transferring the files to a 3rd party w/o a relevant Non-disclosure Agreement would invalidate any trade-secret protection it might have had and make it useable by anybody not just Google. That in and of itself is reasons for any company to block this type of transfer. :
If this had been a Microsoft product, the tune here would be different. Much different.
"Who are in control, they are not in control of anything - they don't even control themselves!" - Glen Beck
The problem here is employees checking the "Upload my corporate data to Google's servers" checkbox.
No offense, really, but this is why you have "ATTENTION! THIS GUN MAY FIRE A BULLET" warning stickers all over the US. And no offense again, but this is an american thing...
Yet we consider the spyware makers evil but Google good here.
Come on, this is easy to refute. Spyware by its very nature (the "spy" part) tries to install itself silently, and returns data to a central point without telling you. Google Desktop Search discloses its actions fully in all documentation, does not install silently, and the controversial option is off by default. Now, IT managers may be right to call for restraint in use of this product, but it's easy to see why spyware can be branded "evil", and Google's tool "not evil".
If you double click "The Internet", go to the address bar, type in www.slashdot.org, log in, see my response, click Reply, type in a Comment, and click 'Submit', then you will send information to slashdot.org that might be read by others, searched, and indexed as slashdot sees fit.
Alternatively
If you double click "The Internet", go to the address bar, type in desktop.google.com, Agree to the terms of use that you say you've read that state that if you click some checkbox that you have to find first it might send data to google for them to search, download the program, install it, then go to the preferences, find some checkbox that says if you click it it's going to send data to google for them to search, click it, and then click OK..
Who's the fucking idiot if that's not what they wanted?
I think non-programmers can understand that "This will send your data to google's servers" means that it might.. send the data to google's servers?
They have to INTENTIONALLY install the program. They have to INTENTIONALLY go to the preferences (this blocks 95% of the people who install it, I suspect). They have to INTENTIONALLY find an option that SPECIFICALLY states what it will do, and INTENTIONALLY click it and turn it on.
It's not "spying" on me if I call up Jim and say "Hey, come sit in my living room with a phone and relay everything I say and do to Bob."
Agreed. For a large percentage of employees there's no need to install software period. For them an X-terminal (no local storage) or X-server-only PC with all actual software on a central server would do fine. Put home directories on a filesystem mounted noexec, don't put $HOME in their default path and don't give them a shell from their normal desktop icons/menus and it's going to take a fairly persistent and knowledgeable employee to get around the barriers and install anything unauthorized (at which point you have enough evidence that they knowingly and deliberately circumvented corporate policies that you can skip right to the pink-slip-and-final-paycheck stage, pour discourager les autres).
The IT department that has machine permissions set so a secretary can install applications is asking for it. (trouble)
for suggesting that this was a very real possibility with installing google desktop some time ago, no doubt some folks instant response to this software was "no, outright" And look, it clearly wasn't a possibility ever, so clearly I was wrong and any other naysayer was clearly wrong too. *wears stupid hat* etc
I don't know if you have noticed this, but the number of results when googleing for "evil" has steadily dropped during the last 2 years from over 500,000,000 in may 2004 to a mere 273,000,000 today.
I think they are trying to change the definition of evil to fit their view of it.
For example, a search for "child labour evil" (without quotes) gives you an article as first result that states that child labour might not be so evil.
Perhaps google are planning to change their pigeonrank to a more human childrank with hundreds of thousands of children endlessly searching the net and ranking the pages.
No you confused knucklehead. That's something your IT should have been doing all along. Why was your IT department allowing end users to install whatever software they wanted? There's nothing draconian about that.
Goolge has over stepped nothing. You just have some lousy sysadmins.
My karma is not a Chameleon.
Yes, of course you needed to sign those for the past 20 years. The
issue is that, for a company to remain competitive at attracting the
best talent in the future, it needs to realize that home life
sometimes extends into the workday and the workplace, just as work
life sometimes extends into off hours at home. Home life today may be
mostly covered by telephone calls and standard software, but won't be
in the future. Employees absolutely will need to use software of their
choice while at work. Everyone will expect that the network is
ubiquitous and adaptable to their needs. The open question is what is
the most cost-effective way to manage the risk - loading the software
onto the one company PC on your desk, separate company-provided PCs:
one for proprietary data and one for everything else, virtual
machines, other data isolation, relying on individually owned devices
and cellular data networks for all "personal use," etc., etc.
You just find out about them and are all excited or what? Settle down, Beavis.
Solaris blows chunks anyway.
Yeah, they're not the #1 search engine or anything...they're not a verb for searching the net or anything...
If anyone that needs googlef6ckingdesktopsearch to help them find the crappy picture they just downloaded with outlook.... The bigger issue here is USER(FUCKING LUSERS)TRAINING... Dah gee Fred, were are the files.... if you need a search that bad get a mac and let spotlight do you right!! Hey moderator take your one point and add it to your penis size and give it to some one that cares!
Sig Hansen?
Your users ticked the box, right next to the clear warning of what it would do. Have you trained them not to do this? Are they being reckless anyway?
Have you considered all the other ways they could get data out? Email, CD-R, USB key, taking their laptop home? Are you going to stop all of those?
Did you install the Google Enterprise Desktop with the central control policies, forbidding installation of other copies of google desktop and forbidding copying of data offsite?
Get some perspective on the REAL problems and stop going apeshit over Google.
"For a successful technology, reality must take precedence over public relations, for Nature cannot be fooled"
How does one go about stopping it? Active Directory permissions? Proxy blocking?
When modding "Informative", please make sure it both has a source and IS actually informative.
what google servers have to be blocked at the fw/proxy to disable this?
If in order to make your point you have to make up an imaginary viewpoint that would occur under an imaginary situation, and then accuse other people of holding that imaginary viewpoint under your imaginary situation...
You don't have a point at all.
It took a bit to dig this up, but it turns out that if you set the registry key:
HKLM\Software\Policies\Google\Google Desktop\Enterprise -> disallow_ssd_service
as a REG_DWORD to '1'
Google Desktop won't let you use the "Search Across Computers" feature. (I tried it.) You can set that key in the group policy scripts relatively easily.
How about this. Why doesn't google pick some obscure port for getting this data, make it public, and if the corp security guys want to stop the google copy, block the port on the F/W, problem solved!!!!
MrJynxx
"He said: 'Google has definitely over-stepped the mark and in turn is forcing IT departments to take a very draconian approach to machine security and web access.'" My favorite part of the story.. Draconain eh? why was the install allowed in the first place? Ever hear of group policy?
I'm going to use Google desktop, and I'm not giving Google my data. The tool makes me more productive. If my IT department wants me to stop using it, they can convince my boss to lower his expectations of what I'll do. IT won't do that, and I won't stop doing what ever I can to get around IT's edicts. No HIPAA data here - so I'm not doing anything against the law, phew! Really, people want to use what ever tools makes their job easier, and have some fun. Its a tough problem. -aggles
Well if you don't encrypt your data you deserve to have your data stolen
I don't see the big deal there. Yes, the Chinese government is insane. And I agree with you that government censorship (particularly of a political or religious nature) is a bad thing.
It's not just China, though. France and Germany restrict access to Nazi-related sites. And in most first-world countries, it's a crime to view or possess child pornography. There are certainly differences between kiddie porn and hate speech and criticism of your government, but it's fundamentally the same thing: information that is illegal to possess.
And what would a Google boycott accomplish? The Chinese Internet would not be any more "free" without a locally-hosted Google farm.
In the long term, I don't think China will ever succeed in completely filtering out "dangerous" information. Blanket bans on things people want don't work in any society on Earth. Recreational drugs are illegal almost everywhere, but they're readily available in every city in the world. Bans on Nazi material haven't done much to curb racism and anti-Semitism in Europe, and judging by the arrests I see all the time on the news, there're still plenty of people with child porn out there, too.
Those who want such information in China can still get it, albeit at great personal risk. And if Google makes the Internet even a little bit more useful for those poor bastards in China, I think that, in the long run, is a good thing.
And pro-google people will think that its a cool feature. A vast majority of computer users around the world are fully capable of enabling this feature and never realising that they have done so. And if they have any inkling of sensitive data then the sys admin goes bye-bye. By the way a lot of our sensitive data is on other people's servers (bank, credit card, insurance). If someone installs Google Desktop Search there and some uberuser turns on this feature. After that firing an incompetent SysAdmin won't help, i won't get that data back.
I won't because they tell you what they are doing.
I will blame M$ for much worse. I blame them for intentional leaks, by making an OS that does much of the same without telling anyone, and demanding even more in their EULAs. I also blame them for making an OS with so many holes and backdoors that corporate espionage is easy.
I'll also blame any clueless Admin who bans Google while using M$. Fanboys who "standardize" on IE, Outlook, Exchange and all that other garbage should have no expectations of privacy or data integrity. These are the kinds of people who ban cell phones with cameras, but let people keep normal cameras. Dumb, dumb, dumb.
Friends don't help friends install M$ junk.
It's sad that windoze users have to go and ask how to NOT install programs. If the OS were as secure as their "Trustworthy Computing Initiative" was full of crap the users would always be asking "How do I install programs". Why are end users installing stuff to begin with? Here's a rule of thumb....for every app they install on purpose, they have 10 malicious apps that are installed without their knowledge that evade the "science" of spyware and virus scans. Honestly....
" It took a bit to dig this up, but it turns out that if you set the registry key:
HKLM\Software\Policies\Google\Google Desktop\Enterprise -> disallow_ssd_service
as a REG_DWORD to '1'
Google Desktop won't let you use the "Search Across Computers" feature. (I tried it.) You can set that key in the group policy scripts relatively easily."
First of all, no one is making you install it. Why does everyone see a problem with this? If you don't want that don't use it. They're not infringing on any of your rights, you're choosing to install it, and you're choosing to have your data sent. If you know that it does this, then if you have a problem don't enable it. Don't tell everyone how it will mess them up if they install it. That message is very misleading, it will only mess you up if you install it, and then turn the option on. Its not Google's fault that people turn it on then complain. Its really quite simple, don't like it, don't use it.
Uhhh, they could install software they can actually own and lock down instead of the crap they buy from Microsoft. Provided with reasonable tools, they would not need Google's tool.
At the end of the day, your closed source software vendor can sell you and your company's data out no mater what you do.
Friends don't help friends install M$ junk.
I can understand why other companies may be afraid of storing their documents on Google's servers, but why is Google afriad of their own documents being stored on their servers? I mean unless they doubt their own security for the desktop search data stored on their own central server, is there anything they really need to worry about?
Sort of shakes up the confidence of people who do use Google desktop, doesn't it?
HD Trailers
You're right, if they're allowed to mess with stuff, people *will* fuck it up. So why was this secretary allowed to install random, unapproved software off the internet?
It certainly isn't Google's fault. Don't blame them for your poor (or absent) security.
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
A pefectly good solution. I don't see the problem here, except that you weren't doing that in the first place. Or do you want to run a botnet for someone else?
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
I'd like you to explain how using BSD will vastly increase the productivity of my company's employees, when it...
Congratulations. You've removed our ability to take orders, design packaging, make shipments, store our product safely, manage our employees, and manage our finances.
I'm serious. I want you to explain. But I know you won't.
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
My company -- and it's not that large -- has no problem doing exactly what you suggest. No employee in marketing or accounting has Admin rights on their computers, and very few in Sales do. Those that do, only do because they are hundreds, if not thousands, of miles from the office, and sometimes need to do things like print to a new printer. But even then, it's not a default. We enable it for them when we're presented with a legitimate need.
The CEO of our company has Admin rights on his laptop. He also doesn't install random shit off the internet, though.
--
"I personal[ly] think Unix is "superior" because on LSD it tastes like Blue." -- jbarnett
Is it true that Microsoft doesn't allow GDS to be installed on their corporate machines ?
our company just sent out an order to remove Google Desktop from all PCs (or at least use an older version that doesnt have this feature).
As we have seen through the course of this nice little discussion, Google has, in fact addressed the very security issues that we are dealing with. I loove google's software, and their dedication to providing this kind of support in a BETA product(isn't using beta software in a production environment a no-no anyways?). I see people here that think google should come up with a local solution instead of caching stuff on their servers... take a look at this: Google Mini which is fully compatable with Google Desktop 3 for Enterprise(beta). May I also highlight a key feature of Desktop 3 for Enterprise: "Control content and enforce document retention policies" I don't know what all the busle is about. A IT Jury wants to bust on Google's Desktop software... I can see banning the personal edition, what is the use of that in a work environment? But when a firm deploys Desktop for Enterprise they can manage all of these details that everyone is getting upset about... alas, these discussions have no end.
u mean there was no security policy in place that denied the average user any ability to install any programs?
_ In Egypt Networks: Network Solutions with a Twist
This comment is a bit late, but I'll post it anyways.
When I was working on the public web site for one of America's largest companies, I'd ask people wanting to put info on the site if they'd be comfortable seeing the info on the front page of the next edition of the National Enquirer (or any publication). If they were uncomfortable with that we told them that their data needed to be secure. Any CIO that thinks that they can have data on their servers that google can't see should be fired on the spot for incompetence.
I had it installed and thought it would be a real nice tool, and then one of those popups appeared and told me that I had a new email. I assumed it would be my gmail account and had a look, but no, it wasn't. Then I noticed the email was in my email account that I read in Thunderbird. How did Google know?? I never gave it a username or password or even gave it permission to read my email.
That is scary.
First, you can leave out the sarcasm about how to use the internet (I'm a programmer with over 26 years of experience). Therefore in that time I have had to create many products for people who are NOT PROGRAMMERS.
Second, some machines come pre-installed with this Google search tool. Plus people do not read the instructions (e.g. RTFM!). So to them its simply a way to use the tool without knowing exactly how far and for what purposes the data can be used for, above and beyond their need simply to find something.
Third, you cannot assume ALL people know about data mining and how that can be uses to manipulate the searches they do on the internet.
Forth, you should read up on the work of people like Edward Bernays and how his work (and his uncle's work, Sigmund Freud), and the evolution of Edward Bernays marketing techniques have been used for decades to manipulate people. Google and data mining is just the next way of getting more info to use to market stuff. Plus many people (and yes, even some programmers) don't know how much of these psychoanalysis techniques are used by marketing companies against them.
http://en.wikipedia.org/wiki/Edward_Bernays
There are 10 kinds of people in the world... those who understand binary and those who don't.
Well, some does, but I am referring to those that don't, which is the majority at that. They tell the user what it will do, but in terms that are too obscure for most user to know what it means. Like Google.
If they really do not want to be evil, they should:
In other words, I would like to see Google Desktop use e.g. a specific source and/or destination port that can be blocked at packet filter level, and I would like to see this documented. I haven't verified whether it does so already, though.
http://erichsieht.wordpress.com/category/english/
I actually sent out communication to our employees last week requiring users to disable the "Search Across Computers" functionality (which we're monitoring) rather than requiring them to remove it completely. Additionally, I have the Windows administrators investigating the possibility of using the GDS Enterprise solution, which has full AD support and the ability to disable Search Across Computers through Group Policy.
be installing their own software. It makes no difference who made it.
http://www.groklaw.net/article.php?story=20040817
There is an Enterprise version of Google Desktop that you ask for, except maybe #2. But I don't think they use a specific port - I assume it's all web service-based.
The 'hard to dig up' bit was because I had to download their Enterprise version, read its documentation, and interpret the Group Policy Template to figure out what the registry key was. If it was actually trying to roll something out company-wide they've gone to great lengths to make it easy.
Actually, even in olden times we wanted happy staff, and included among the permitted uses things like E-mail, using the Web (when that came along), using "office" applications for personal stuff, and so on. In many cases, we provided a choice of applications.
I have no quarrel with that at all, although you should realize that there are some industries (financial services being one, health care another) where individual freedom is constrained -- not because the boss is a mean old fart, but because there are rules imposed by law and bodies like the SEC that have to be followed. For example, in a financial services business, all E-mail has to be archived, and all external telephone calls from trading-room phones are recorded.
That leads to the main point I was trying to make. If management, IT or otherwise, has security rules it really believes are important, then it has a duty to take steps to see that they are enforced. It is ridiculous for management to merely "recommend" that users not install their own software, and then act surprised, blaming some external entity, when things go wrong.
Your all ignoring one little thing.. they have a enterprise edition that - hang on now - has a "Group Policy administrative template file". You know, that thing you ought to be able to use if you are managing a corporate network (I know, many admins are as clueless as their users...), you can very easily disable the advanced - that would be share across desktops - the part that involves sending information up to Google. If your admin doesn't know how to prevent unauthorized installs, or how to set up and use the domain policies, he isn't much of an admin & you have bigger problems then Google desktop to worry about.... Maybe the slashdot crowd is getting lazy, but I would have expected this lame complaint to have gone down in flames by the end of the first page... of course, that's only if any of ya had bothered to look (which you already should have long before this article) at the CORPORATE version & understand what a group policy template is & how to use it...
What would google have to do to be 'right' in this situation? How much do you have to protect people from their own stupidity?
If they have something to protect, and yet still install and activate something that tells them that what they want to protect might not be so protected anymore, then I say it's their own damned fault.
This is just further proof that the world is full of idiots. I fully expect there to be mandatory signs posted every 5 feet along every roadway warning me of potential cars passing by, in about 5 years. "Well, it looked like a road, sir, but I didn't know for sure. There weren't any warnings!" "Caution: HOT" on an item you asked for that was hot. "Warning: Sharp" on a knife. "Warning: bridge wet when raining" (actual street sign). At what point does common sense and personal responsibility triumph?
I don't care what someone's background is, if they go in to the preferences and turn on something that they don't know what it does, when it says right next to it what it does, it's their own damned fault.
Fuck it. I'm going to make a device, put it on the sidewalk, and have a sign above a big red button that says "DANGER: If you press this button, you'll be punched in the face" (in several languages.). And if they press it, they get punched in the face. Is it illegal? Probably. Way too many stupid people won't believe it, or won't bother reading the sign. They deserve what they get.
Your assuming I trust Googles's software at all. The domain policy is to prevent any Google software install. Period. Screw their corporate version.
No, I think most people are assuming that the only people this concerns are those that actually DO use the software. If you don't, then shut the fuck up and quit bitching. It's not about you.
What it looks to me is that Google is being blamed for lame user (and admin) incompetance. I mean, if you can't read, or understand what is basically written in big red letters on the page that "Your files will be uploaded to a remote server if you check this box. This could be a bad thing. Don't do it unless you really, really, reallyreallyreally.. REALLY mean it. Don't say we didn't warn you."... well then.. umm, sorry, but you really shouldn't be allowed around a computer.. of any type. Likely your VCR still blinks 12:00.
We have enough youth, how about a fountain of SMART?