Google Voice Mails Found In Public Search Engine

← Back to Stories (view on slashdot.org)

Google Voice Mails Found In Public Search Engine

Posted by timothy on Monday October 19, 2009 @09:55AM from the wouldn't-mind-being-able-to-put-some-there dept.

bonch writes "Google Voice Mails have been discovered in Google's search engine, providing audio files, names, and phone number as if you were logged in and checking your own voice mail. Some appear to be test messages, while others are clearly not. Google has since disabled indexing of voice mails outside your own website."

145 comments

Min score:

Reason:

Sort:

I dont want to listen to my voice mails by lyquidevil · 2009-10-19 09:58 · Score: 5, Funny

and dont really care if you do. But bad move google.
1. Re:I dont want to listen to my voice mails by martas · 2009-10-19 15:29 · Score: 1
  
  yep, they did evil all right...
  
  --
  weinersmith
2. Re:I dont want to listen to my voice mails by Anonymous Coward · 2009-10-19 16:24 · Score: 3, Informative
  
  This is user error not google error. The users made these voicemails public and google indexed them. They realize some people may not want them public and indexed outside of their own site and have stopped indexing that location. This is a stupid user error and nothing more.
  Must be a slow news day if the garbage from boy genius report is making it here.
User action? by jbohumil · 2009-10-19 10:01 · Score: 5, Insightful

This doesn't sound like a bug or leak, more like some users set up links or otherwise made their messages public.
1. Re:User action? by Anonymous Coward · 2009-10-19 10:20 · Score: 5, Insightful
  
  Exactly.
  IMHO, totally a non-issue: google doesn't spider their own service, but if you post links to your voice mail on a public page with a permissive robots.txt, it gets spidered and shows up in search results with them or anyone else.
  I completely get why Google is now removing these from search results -- they must be seen to be fixing this before it blows up as a scandal -- but shouldn't this sort of media panderage qualify as the evil they purportedly "don't be"? You'd think they're big enough to stand up and enlighten morons about robots.txt specifically, and about the general truth that when you post something on the internet, it's there forever.
2. Re:User action? by causality · 2009-10-19 10:23 · Score: 3, Funny
  
  It sounds like something that wouldn't happen if you used commodity PC hardware to set up your own voice mail system. Sure, you could make a similar mistake, but it's less likely considering that no one is as interested in safeguarding your data and privacy as you are. It's difficult to put a dollar amount on it, but maintaining control over your own data and systems is quite valuable all the same. I think it's great that Google wants to make services like these available to people who want them, but I for one won't be jumping on that bandwagon.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
3. Re:User action? by Mister+Whirly · 2009-10-19 10:32 · Score: 3, Funny
  
  Why stop there? Set up your own ISP and mail servers also. And screw Youtube, I went there once and it was down so I am setting up my own multi-media server. I also don't trust any commercial Maglock system, so I am setting up my own Maglock server to monitor all the door access as well. So, 18 million dollars later and I can guarantee no down time at all. Of course if 99.999% downtime would have been acceptable, I could have done all of that for free, but I would rather pay the big bucks to ensure that extra .001 % of uptime. Anyone who doesn't spend lots of time and money administering all of their own systems is a sucker!
  
  --
  "But this one goes to 11!"
4. Re:User action? by geekboy642 · 2009-10-19 10:49 · Score: 4, Interesting
  
  You speak facetiously, of course, but spending the time and effort to setup your own email server is a very valuable exercise. And at the end, you get an email account with no limits. Want ridiculously tight spam filters? Easy. Want to send and receive 1GB email attachments? Your insanity can be catered to.
  And best of all, nobody is sitting there watching all of your emails and serving you ads based on what you're emailing about.
  
  --
  Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
5. Re:User action? by Anonymous Coward · 2009-10-19 10:54 · Score: 2, Insightful
  
  Good luck sending those 1GB attachments to anyone else......
6. Re:User action? by E+IS+mC(Square) · 2009-10-19 11:04 · Score: 4, Informative
  
  Right on. Here is what Google says: http://www.google.com/support/forum/p/voice/thread?tid=7625b775a05e9401&hl=en
7. Re:User action? by DragonWriter · 2009-10-19 11:13 · Score: 3, Interesting
  
  It sounds like something that wouldn't happen if you used commodity PC hardware to set up your own voice mail system.
  Yes, if you used commodity PC hardware to set up your own voice mail system, you probably wouldn't have automatic transcription that it would be even theoretically possible for you to directly post your voice mails on the web, so it wouldn't be possible for you to expose information the way you could choose to do with Google Voice.
  OTOH, it would be a lot more expensive for the fewer features you would get, so I'm not sure its all that worth it. It would be easier just to use Google voice and not post your own voice mails.
  Note that all of these emails are emails for which the URLs were posted by the user on a public website, and which were subsequently (and as a result of that posting) crawled and indexed by search engines.
  Oh, noes! Search engines find things that are posted publicly on the internet. The horror!
8. Re:User action? by antifoidulus · 2009-10-19 11:18 · Score: 4, Funny
  
  if 99.999% downtime would have been acceptable
  
  Some people have such high standards, I mean jeez the server was functional for 8.64 seconds today, isn't that enough?
  
  --
  Monstar L
9. Re:User action? by antifoidulus · 2009-10-19 11:21 · Score: 4, Interesting
  
  Actually it was 86.4 milliseconds, but when you are only expecting .0001% uptime, you cannot expect your service provider to be able to do arithmetic :P
  
  --
  Monstar L
10. Re:User action? by Anonymous Coward · 2009-10-19 11:26 · Score: 2, Insightful
  
  And best of all, nobody is sitting there watching all of your emails and serving you ads based on what you're emailing about.
  Oh noes, teh privacy. Except that if you actually cared, you'd be using PGP for important correspondence. Also, IMAP = no ads. kthxbai
11. Re:User action? by Anonymous Coward · 2009-10-19 11:30 · Score: 1, Funny
  
  0.01 cents?
12. Re:User action? by Jah-Wren+Ryel · 2009-10-19 11:31 · Score: 3, Insightful
  
  This doesn't sound like a bug or leak, more like some users set up links or otherwise made their messages public.
  I can't log into google voice without telling my browser to accept cookies from google. If they are going to use cookie-based authorization, then there is absolutely no excuse for handing out the data within an account to people who don't have the right cookie authorization.
  Even if they don't index it, the URLs are still going to be accessible to anyone who can figure out the URL.
  It appears to be a classic case of security through obscurity.
  Obscurity as an extra layer is fine, but google voice seems to have no layers excepet for obscurity and that's a ridiculous design decision for a company as big a reptuation for technical acumen as google.
  
  --
  When information is power, privacy is freedom.
13. Re:User action? by Capt.+Skinny · 2009-10-19 11:37 · Score: 3, Insightful
  
  You'd think they're big enough to stand up and enlighten morons about robots.txt specifically
  Cars have been around for about a century and there are still morons who haven't been enlightened about changing a flat tire, so I have my doubts about robots.txt
14. Re:User action? by Anonymous Coward · 2009-10-19 11:51 · Score: 1
  
  how is a page that shows private user data without requiring a cookie or authentication not a bug or a leak?
  they are playing the microsoft security through obscurity card and taking in a long message id and treating it as security credentials to view that message.
  that is FAIL.
15. Re:User action? by Omnifarious · 2009-10-19 12:16 · Score: 4, Insightful
  
  The obscurity in this case happens to be a random number that's at least 100 bits long if not a lot longer. Sure I could guess that, but I could guess your 128 bit symmetric cipher key too.
  No, what happened here is that people used this extremely obscure URL to provide public links to their voicemail messages and google happily indexed those links. And, you know, when you publicize links to things, they show up in search engines.
  Now, google could additionally require authorization before letting people have access to those links, but the way you find out what the big long random number is is by clicking on something saying something along the lines of "I want to share this voicemail with someone." which means that you want someone other than yourself to have access to it. Making the link require authorization to get to would completely defeat the purpose of sharing it with someone.
  No, in my opinion, what google should do is have a per-voicemail switch that lets you decide whether or not the public sharable link works or not. Then you can share the link with a friend, and when you want to close up access so your friend can't share the link with their friend or post it on the internet or whatever, you click on the little check box and the link stops working.
  Voicemails that you schedule for deletion should become private by default when they hit the trash can.
  
  --
  Need a Python, C++, Unix, Linux develop
16. Re:User action? by roguetrick · 2009-10-19 12:33 · Score: 1
  
  No kidding, its not like man in the middle attacks wouldn't happen on self hosted email.
  
  --
  -The world would be a better place if everyone had a hoverboard
17. Re:User action? by The+MAZZTer · 2009-10-19 12:38 · Score: 1
  
  I'm curious to know how you keep your 100% uptime when the power goes out and your backup power solutions all fail at once. :)
18. Re:User action? by lewiscr · 2009-10-19 12:44 · Score: 1
  
  You can email me. The first thing I do with postfix is add three zeros to every parameter with limit in the name. Then I install postgrey.
  Sure, sending a 1Gig email takes 15 minutes, but what I do I care? Disk space and LAN bandwidth are cheap as dirt. And so few people can send me such a big email that I'm not worried about Internet bandwidth.
  The last place I worked capped emails at 4MB. I couldn't even send one digital photo from my camera, because it was > 4MB after the base64 encoding. I ended up creating account on my home PC for several business customers so that they could send me a 10MB zip files. What a fsck'ing joke.
19. Re:User action? by MrCrassic · 2009-10-19 13:02 · Score: 1
  
  Unless you have a dynamic IP address, where you're still confined to somebody else's mail server for sending email out...
  Setting up a mail server is pretty easy, whether it's a simple IMAP+SMTP server or a much bigger suite, like Zimbra or Exchange. As an added bonus, you gain some skills which are REALLY handy in a business...if that's an end-goal. Finally, because it's most likely a single user system, it's REALLY REALLY fast.
  (After turning off my Exchange server in favor of Google Mail, I realized exactly how much speed I lost. Getting my mail from any client takes ages, and sending mail is much, much slower.)
20. Re:User action? by socsoc · 2009-10-19 13:49 · Score: 1
  
  Why are you sending digital photos from your camera out of your work email account?
21. Re:User action? by Mister+Whirly · 2009-10-19 14:11 · Score: 1
  
  Power goes out? You think I would rely on the power company for my precious servers? Hell no. I have my own generators - an array of solar, wind, steam, and diesel. It's all within the 18 million dollar budget.
  
  --
  "But this one goes to 11!"
22. Re:User action? by Nemyst · 2009-10-19 14:34 · Score: 1
  
  A bit like Google Docs then? I'm actually surprised they don't share their design ideas around.
23. Re:User action? by MichaelJE2 · 2009-10-19 14:36 · Score: 1
  
  Power goes out? You think I would rely on the power company for my precious servers? Hell no. I have my own generators - an array of solar, wind, steam, and diesel. It's all within the 18 million dollar budget.
  You left out coal, oil, and nuclear. I have 3 of each sitting in my back yard. (solar, wind, steam, and diesel)
24. Re:User action? by DusterBar · 2009-10-19 14:38 · Score: 2, Informative
  
  I have had my own server (EMail and other) for a long time (almost 2 decades) and I have to say that with SPAM these days, nothing beats the GMail spam filters. I tell my family that I can forward email to their GMail accounts for spam filtering. They get to use GMail for the client (and imap/pop support from GMail) and get all of the spam filtering support while still controlling our email domain. This works far better than what I could ever support on my own server. (The large community of GMail customers and engineering to support them just beats my humble efforts...)
25. Re:User action? by Anonymous Coward · 2009-10-19 14:40 · Score: 0
  
  I agree with what you said except this:
  
  The obscurity in this case happens to be a random number that's at least 100 bits long if not a lot longer. Sure I could guess that, but I could guess your 128 bit symmetric cipher key too.
  It's a bit different here because you have this giant pool of 100 bit (or whatever) keys that you can try to guess from. It's not the same as trying to guess a specific user's key as in the case of guessing someone's symmetric cipher key. If you have 100 million users then the key size is reduced by that much. You can try and random key and hope to get a hit within that pool of 100 million valid keys. Still hard but the more users, the easier it would be to guess a valid key.
26. Re:User action? by Anonymous Coward · 2009-10-19 15:05 · Score: 0
  
  I can't log into google voice without telling my browser to accept cookies from google. If they are going to use cookie-based authorization, then there is absolutely no excuse for handing out the data within an account to people who don't have the right cookie authorization.
  Even if they don't index it, the URLs are still going to be accessible to anyone who can figure out the URL.
  It sounds like a classic case of URL is autogenerated when I click the share link. If I want to post a voicemail on my blog I don't want all of my readers to have to be individually assigned access.
  Biggest story here is the (probable) inability to unshare voicemails once you have shared them.
  People are just making an assumption that emails you haven't yet shared are also stored at these links, but there is no evidence of it.
27. Re:User action? by Anonymous Coward · 2009-10-19 15:13 · Score: 0
  
  I've finally found the use for wolfram alpha - to refute people on the internet.
  (You did the subtraction wrong, GP screwed up... err, something else. But if you average out the power of ten of the two numbers I guess you get the right answer?)
28. Re:User action? by Anonymous Coward · 2009-10-19 15:26 · Score: 0
  
  my guess is that moron has not been around for a century.
29. Re:User action? by martas · 2009-10-19 15:32 · Score: 1
  
  except, of course, there might be a 0.001% chance that you'll die tomorrow, which means that 100% uptime is wasted anyway.
  
  --
  weinersmith
30. Re:User action? by Hurricane78 · 2009-10-19 16:02 · Score: 0
  
  Uuum, I have no idea what you're smokin' but I'm doing all this right now. Except for the ISP of course. I have a root server, a VPN, a intranet, SMB, mailserver, dns, file (video/image/sound/etc) hosting, cross-network p2p, instant messaging, you name it. All encrypted, all in VPNs, except for the tiniest entry points. And you could say that since all I need is the IP and login for my tunnel-server, that I am my own ISP inside that tunnel-net. But I could always switch on my WLAN, and start connecting with others, without even needing any ISP at all.
  And what did it cost me? A cheap rented root server, a old PC, and a simple dumb router/switch that came with the also cheap Internet/telephone plan.
  But I agree that that might only be an option, if you like installing all that.
  Or if you give me 1000 in e.g. 1999 gold. (Get away with your paper money that will be worthless by next week! ^^)
  Yes. Oh yes! I AM an Evil Overlord. MUHAHAHAHAAAA. ;)
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
31. Re:User action? by Omnifarious · 2009-10-19 16:04 · Score: 1
  
  That's true. I oversimplified.
  It's more like a hash collision problem. Given the length of the URLs, I'm guessing the random numbers are a few hundred bits, not just 100. With that, it would take a literally astronomical number of voicemail messages (possible one message per gram of mass of the Earth) before you had even a small hope of making a valid guess.
  
  --
  Need a Python, C++, Unix, Linux develop
32. Re:User action? by Hurricane78 · 2009-10-19 16:06 · Score: 1
  
  Oh, but wait until he charges you for the 900% "extra value"! ^^
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
33. Re:User action? by Jah-Wren+Ryel · 2009-10-19 16:32 · Score: 1
  
  The obscurity in this case happens to be a random number that's at least 100 bits long if not a lot longer. Sure I could guess that, but I could guess your 128 bit symmetric cipher key too.
  Don't misdirect. I didn't say one thing about guessing. You presumed it and that's PRECISELY the broken thinking that leads to failures of security like this case - nobody had to guess any of these random numbers, yet here they are for the world to see.
  
  but the way you find out what the big long random number is is by clicking on something saying something along the lines of "I want to share this voicemail with someone."
  More presumption. There is no such option in google voice - I just checked. Furthermore, it would be silly to do that for the transcriptions of the messages, just copy the actual text and email it to the 'someone' it is being shared with. No one shares regular email the way you describe, why would they for text versions of voice-mail, or really, even audio versions, it's not like such a short, low-quality audio recording is too big to send as an attachment.
  
  --
  When information is power, privacy is freedom.
34. Re:User action? by Omnifarious · 2009-10-19 16:57 · Score: 1
  
  Don't misdirect. I didn't say one thing about guessing. You presumed it and that's PRECISELY the broken thinking that leads to failures of security like this case - nobody had to guess any of these random numbers, yet here they are for the world to see.
  I was responding to the part of your post you said:
  
  Even if they don't index it, the URLs are still going to be accessible to anyone who can figure out the URL.
  In fact, the whole purpose of those URLs is for people to explicitly share their voicemails with others who may or may not have a google account. People have to go to the voicemail they want to share, click on the appropriate option and then paste the URL into some public forum for the URL to make it into a search engine. There is no 'figuring out the URL'. Google told them what it was specifically so they could make it public if they wanted to.
  
  More presumption. There is no such option in google voice - I just checked. Furthermore, it would be silly to do that for the transcriptions of the messages, just copy the actual text and email it to the 'someone' it is being shared with. No one shares regular email the way you describe, why would they for text versions of voice-mail, or really, even audio versions, it's not like such a short, low-quality audio recording is too big to send as an attachment.
  There is, in fact, just such an option because a friend notified me about this several hours before it hit Slashdot and I checked. Go and click the 'more' menu link for a voicemail, and then click on the 'embed' option. Poof, up pops the URL.
  If there were really a problem where random URLs made it out onto the net with no user intervention then there would be many more than the 25 or so that would match those search criteria. As it is, people had to cut&paste those URLs out of that embed box into a facebook posting or blog posting or put them into some other public forum.
  
  --
  Need a Python, C++, Unix, Linux develop
35. Re:User action? by Anonymous Coward · 2009-10-19 17:16 · Score: 0
  
  google doesn't spider their own service,
  
  What proof do you have that they are not spidering through (or otherwise organizing) all the data generated by their own services? The fact that they are not evil (tm)?
36. Re:User action? by Jah-Wren+Ryel · 2009-10-19 17:23 · Score: 1
  
  I was responding to the part of your post you said:
  Even if they don't index it, the URLs are still going to be accessible to anyone who can figure out the URL.
  Indexing by google isn't the only way for these things to leak. For example, they could be indexed by yahoo, or msn, or just some schmoe who happens upon the wrong web page, or some concerted stalker who manually 'happens across' ALL webpages relevant to that user and picks them up.
  
  There is, in fact, just such an option because a friend notified me about this several hours before it hit Slashdot and I checked. Go and click the 'more' menu link for a voicemail, and then click on the 'embed' option. Poof, up pops the URL.
  Yeah, I saw that when checking and I guess I didn't write clearly - as far as I can tell that is only for sharing audio, not text and yet there are examples of text being handed out. I thought the sharing of audio was a bad idea, but I didn't mean to imply it wasn't being shared, I meant to imply that they should stop sharing and start explicitly copying, just like there is no user interface to share text.
  
  If there were really a problem where random URLs made it out onto the net with no user intervention...
  There is a wide chasm between intentionally publishing for all to see and "no user intrevention" - I see no explanation for the text making it out.
  
  --
  When information is power, privacy is freedom.
37. Re:User action? by camcorder · 2009-10-19 21:11 · Score: 1
  
  I really don't get this Google protectionism of users. If same thing were done by Microsoft *a user action couldn't be acceptable since it must be flawed by design*. But with Google, what they do is always the right way, only because users are moron Google needs to *fix* it afterwards.
  
  Why you can't make yourself believe that Google is as bas as any other company sometimes?
38. Re:User action? by L4t3r4lu5 · 2009-10-19 21:32 · Score: 1
  
  I would love for that to be a private voicemail message hosted on their servers from the CTO to the CEO...
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
39. Re:User action? by L4t3r4lu5 · 2009-10-19 21:34 · Score: 1
  
  I'm fairly sure that, even at 8.64 seconds, the uptime wouldn't be high enough to complete the input of the cal[NO CARRIER]
  
  --
  Finally had enough. Come see us over at https://soylentnews.org/
40. Re:User action? by Spazztastic · 2009-10-19 23:01 · Score: 0
  
  Unless you have a dynamic IP address, where you're still confined to somebody else's mail server for sending email out...
  DynDNS.
  
  --
  Posts not to be taken literally. Almost everything is sarcasm.
41. Re:User action? by Spazztastic · 2009-10-19 23:03 · Score: 1
  
  Power goes out? You think I would rely on the power company for my precious servers? Hell no. I have my own generators - an array of solar, wind, steam, and diesel. It's all within the 18 million dollar budget.
  You left out coal, oil, and nuclear.
  And gerbils on wheels! ...Just keep Richard Gere (Or Larry David) away from them.
  
  --
  Posts not to be taken literally. Almost everything is sarcasm.
42. Re:User action? by sg_oneill · 2009-10-20 01:24 · Score: 1
  
  Do you honestly think anyone who has half a clue on setting up MTAs allows their email to come from Dynamic IPs? Get a clue dude, that shit was getting blacklisted in the 90s.
  
  --
  Excuse the Unicode crap in my posts. That's an apostrophe, and slashdot is busted.
43. Re:User action? by Mister+Whirly · 2009-10-20 02:01 · Score: 1
  
  And what did it cost me? A cheap rented root server, a old PC, and a simple dumb router/switch that came with the also cheap Internet/telephone plan.
  So what you are saying is your time has no value at all? Because mine does. And every minute I am not messing with email/VPN/DNS/File servers is a minute I could be doing other (more productive) things.
  
  --
  "But this one goes to 11!"
44. Re:User action? by Omnifarious · 2009-10-20 03:05 · Score: 1
  
  Indexing by google isn't the only way for these things to leak. For example, they could be indexed by yahoo, or msn, or just some schmoe who happens upon the wrong web page, or some concerted stalker who manually 'happens across' ALL webpages relevant to that user and picks them up.
  Indeed this is true. But none of those services is going to index a URL that a user didn't explicitly make public, even if the user was being stupid. I don't call that 'figuring out' because that implies some notion of obscurity that has to be peeled back.
  
  There is a wide chasm between intentionally publishing for all to see and "no user intrevention" - I see no explanation for the text making it out.
  It is interesting that once you have the URL for the shared voice mail you can find out many of the details about it. I can see how nieve user would quite possibly assume they were just sharing the audio portion. I would agree that Google's user interface should make it clearer exactly how much information is being shared or change it so the URL will only allow access to the audio and no other details.
  But, IMHO, that's not a problem of funny long URLs that don't require authorization. It's that the UI surrounding those URLs is confusing and leads people to share more than they were intending.
  
  --
  Need a Python, C++, Unix, Linux develop
45. Re:User action? by Sulphur · 2009-10-20 03:10 · Score: 1
  
  Why you can't make yourself believe that Google is as bas as any other company sometimes?
  What a relief.
  Or is it bas humbug?
  Or just bas bas bas.
46. Re:User action? by Jah-Wren+Ryel · 2009-10-20 03:28 · Score: 1
  
  But none of those services is going to index a URL that a user didn't explicitly make public, even if the user was being stupid. I don't call that 'figuring out' because that implies some notion of obscurity that has to be peeled back.
  Basically your position is "any accidents are the user's fault." That's a terribly brittle assumption, good security design takes into account failure modes - including human error, anticipates them and counters them. "Funny long URLs" are not obviously sensitive the way username/password pairs are, so right there the strongest defense against human error is wiped out. And not just the user's human error, there is easily the potential for someone at google to accidentally disclose these URLs because they don't know any better. Its also possible for them to end up in a browser's history on a multi-user/public system, probably lots more.
  Ultimately you are arguing for a Pandora's Box's of security. Just because you can't think of a way for one of these URLs to leak out now doesn't mean someone else won't come up with a way to make it happen and once that's the case, there is no stuffing them back into the box of obscurity.
  
  --
  When information is power, privacy is freedom.
47. Re:User action? by Omnifarious · 2009-10-20 03:54 · Score: 1
  
  Ultimately you are arguing for a Pandora's Box's of security. Just because you can't think of a way for one of these URLs to leak out now doesn't mean someone else won't come up with a way to make it happen and once that's the case, there is no stuffing them back into the box of obscurity.
  While the rest of your comment is basically correct, though I will point out that I feel that Google's current UI does not make it clear to people exactly what they're sharing, I do take objection to this.
  The browser history is an interesting question, and definitely an avenue in which the URLs may end up with more exposure than a user intends. Though, IMHO, a user is already being inordinately cavalier with security to be doing anything private on a public terminal. But I still stand by the notion that long URLs are perfectly secure for what they are intended for. And there isn't any other good way to accomplish the same goal.
  The other techniques make you force the party you want to share with get an account with that service in order to be able to name them. I find this to range from dumb to reprehensible, and I consider it a solution worse than the problem.
  The only solution I would consider other than just handing you a funny URL is allowing you to specify a list of OpenIDs that were allowed to see it. But right now, I think most people would find that horribly confusing, and it requires a lot of implementation effort.
  
  --
  Need a Python, C++, Unix, Linux develop
48. Re:User action? by Anonymous Coward · 2009-10-20 03:56 · Score: 0
  
  Cars have been around for about a century and there are still morons who haven't been enlightened about changing a flat tire, so I have my doubts about robots.txt
  I figured out how to change a flat tire on my Chevy but the manual doesn't mention this "robots.txt" thingie. Maybe it's only for the Japanese cars?
49. Re:User action? by Sparr0 · 2009-10-20 04:02 · Score: 1
  
  "Funny long URLs" are not obviously sensitive the way username/password pairs are, so right there the strongest defense against human error is wiped out.
  "Funny long URLs" (that effectively cannot be brute forced or guessed, and have to be explicitly shared by the owner) are the same sort of security that Google Calendar uses for sharing "private" calendar data[1], and that flickr uses for private/protected image files. They are the only no-hassle-for-unregistered-recipients way to share such information. If users are too stupid to figure out the implications of sharing links on the internet, that is not Google's fault.
  [1] "This is the private address for this calendar. Don't share this address with others unless you want them to see all the events on this calendar." But with the additional feature of being able to "Reset Private URLs" if you want to revoke a previously shared one. Maybe GVoice needs that warning and feature as well.
50. Re:User action? by Jah-Wren+Ryel · 2009-10-20 04:09 · Score: 1
  
  And there isn't any other good way to accomplish the same goal.
  I already spelled one out - make copies and do it explicitly, everybody understands the full implications of copying something and sending it on to someone or somewhere else. The file sizes are trivial, so that's not an issue. Make copies with a URL that has no connection to the original source.
  
  --
  When information is power, privacy is freedom.
51. Re:User action? by skeeto · 2009-10-20 05:12 · Score: 1
  
  I like having the ability to use a rope, even if I might use it to tie a noose around my neck. There is little reason to take away a very useful feature from many users just because a handful of thoughtless users shoot themselves in the foot.
52. Re:User action? by Jah-Wren+Ryel · 2009-10-20 05:45 · Score: 1
  
  I like having the ability to use a rope, even if I might use it to tie a noose around my neck. There is little reason to take away a very useful feature from many users just because a handful of thoughtless users shoot themselves in the foot.
  How is this significantly more useful than running the user through a procedure that explicitly makes an independent copy of the data that is fully disconnected from the user's private data storage, just like forwarding a file via email does?
  
  --
  When information is power, privacy is freedom.
53. Re:User action? by Anonymous Coward · 2009-10-20 06:34 · Score: 0
  
  I've finally found the use for wolfram alpha - to refute people on the internet.
  Google can do it, too.
54. Re:User action? by MrCrassic · 2009-10-20 06:50 · Score: 1
  
  No, which is precisely why I made that statement...
55. Re:User action? by gadabyte · 2009-10-20 07:55 · Score: 1
  
  bas doot
  
  --
  the united states is a nation of laws; badly written and randomly enforced -- frank zappa
56. Re:User action? by Anonymous Coward · 2009-10-22 01:27 · Score: 0
  
  Actually it was 86.4 milliseconds, but when you are only expecting .0001% uptime, you cannot expect your service provider to be able to do arithmetic :P
  To be "actually" correct, to meet 0.001% uptime (or 99.999% downtime) his server should be up for 864 milliseconds (or 0.864 seconds) per day. Hey, can I be your ISP?
Natural Language Processing Needs Work by eldavojohn · 2009-10-19 10:05 · Score: 4, Funny

Looks like they got my message to Steve Ballmer.

--
My work here is dung.
1. Re:Natural Language Processing Needs Work by Anonymous Coward · 2009-10-19 11:34 · Score: 1, Funny
  
  Wait, who's Donna?
Article is already updated by vxvxvxvx · 2009-10-19 10:05 · Score: 5, Informative

UPDATE: It seems as if these voicemails have been publicly posted/shared online and Google indexes them. Here’s official word:
“Since the initial idea behind posting a voicemail, was precisely to share it with others, we did not restrict crawling of those messages that users post on the web, but we can certainly understand that users would want to make them public on their sites but not necessarily searchable directly outside of their own website. We made a change to prevent those to be crawled so only the site owner can decide to index them.”
1. Re:Article is already updated by v(*_*)vvvv · 2009-10-19 10:16 · Score: 2, Insightful
  
  Honestly, I wonder how many people post stuff on some obscure URL thinking only the friends and family they send it to would see it, just to find out watching CNN Headline News that it got indexed by Google and journalists were reporting on bloggers blogging about it.
2. Re:Article is already updated by Mr.Bananas · 2009-10-19 10:16 · Score: 4, Insightful
  
  At around 10am, a comment on the same page linked by OP revealed what the parent has pointed out, and even linked to a GV forum post explaining as much.
  
  And yet, at 5pm, Slashdot posts this as news...
3. Re:Article is already updated by noidentity · 2009-10-19 10:17 · Score: 2, Insightful
  
  "[...] we can certainly understand that users would want to make them [voice messages] public on their sites but not necessarily searchable directly outside of their own website. We made a change to prevent those to be crawled so only the site owner can decide to index them."
  
  So in other words, Google supports robots.txt? Still, if you put them on your website, some search engine will index them. Moral of the story: don't make something accessible by anyone on the web unless you want anyone to be able to access it.
4. Re:Article is already updated by Beardo+the+Bearded · 2009-10-19 10:31 · Score: 4, Funny
  
  Common. I remember when Beenz did that for a grand prize, and someone found the URL and claimed the prize. They got the equivalent of $500USD in Beenz.
  Younger readers are wondering, "what the fuck are Beenz?".
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
5. Re:Article is already updated by Animaether · 2009-10-19 10:41 · Score: 1
  
  This seems a bit odd...
  
  we can certainly understand that users would want to make them public on their sites but not necessarily searchable directly outside of their own website. We made a change to prevent those to be crawled so only the site owner can decide to index them
  Don't we, and Google, usually tell people to use robots.txt if they want to restrict crawling?
6. Re:Article is already updated by TubeSteak · 2009-10-19 10:44 · Score: 1
  
  Don't we, and Google, usually tell people to use robots.txt if they want to restrict crawling?
  Indeed. I'm slightly confused by Google's wording.
  Does the change prevent other search engines from indexing your voicemails?
  
  --
  [Fuck Beta]
  o0t!
7. Re:Article is already updated by iCEBaLM · 2009-10-19 10:57 · Score: 3, Funny
  
  It's like flooz.
8. Re:Article is already updated by Anonymous Coward · 2009-10-19 11:08 · Score: 0
  
  This might be news to my grandma, who has never heard of Facebook, Myspace, or the fact that public content on the web is crawlable by Google...
9. Re:Article is already updated by nnet · 2009-10-19 11:19 · Score: 1
  
  Wondering what was common.
10. Re:Article is already updated by 42forty-two42 · 2009-10-19 12:12 · Score: 3, Informative
  
  They added Disallow: /voice/fm/ to robots.txt for google.com, that's all.
11. Re:Article is already updated by erayd · 2009-10-19 12:31 · Score: 1
  
  Your grandma reads slashdot?
  
  --
  Forget world peace, bring on -1 pointless
12. Re:Article is already updated by The+MAZZTer · 2009-10-19 12:39 · Score: 1
  
  I wonder if Bing or Yahoo or other websites have the voicemails in their indexes as well?
13. Re:Article is already updated by Anonymusing · 2009-10-19 21:03 · Score: 1
  
  Whoopi, is that you?
  
  --
  Liberal? Conservative? Compare perspectives at Left-Right
14. Re:Article is already updated by Anonymous Coward · 2009-10-19 23:02 · Score: 0
  
  Older readers are wondering, "what the fuck are Beenz?" too!
If it's out there by El_Muerte_TDS · 2009-10-19 10:14 · Score: 4, Insightful

Like everything on the internet, if it's public, a web-spider will find it (eventually). But I'm seriously impressed by the speech-to-text engine Google uses, quite nice.
1. Re:If it's out there by gravos · 2009-10-19 10:31 · Score: 1
  
  What's really impressive about it is that it's able to make any sense at all out of the terrible obscenely band-limited quality most phone messages are. I'm sure they have to use a bunch of statistical techniques based on their observations of common english text (eg, was "Dear aunt, let's set so double the killer delete select all" really what that person was probably saying?) to have any hope of producing something close to the correct answer.
  
  --
  This game will waste your life. Don't clicky!
2. Re:If it's out there by Cal27 · 2009-10-19 10:40 · Score: 1
  
  I agree, I've often wondered when Google is going to make a voice command and dictation program.
  I guess you could always just dictate to your voicemail box until then.
3. Re:If it's out there by zippthorne · 2009-10-19 11:30 · Score: 3, Funny
  
  Huh. I figured they just outsourced the translation to an indian sweat shop and the little checkbox next to the translation "was this useful?" results in a beating if you click "No."
  
  --
  Can you be Even More Awesome?!
4. Re:If it's out there by dubner · 2009-10-19 14:45 · Score: 1
  
  If by "nice" you mean that it
  confuses 'Donna office' with 'dumbass' and 'she'll tell welcome' with 'shut the hell up' then I agree.
Appropriate by C_Kode · 2009-10-19 10:22 · Score: 2, Insightful

Was that appropriate? Posting that voice mail that has names numbers and locations?
Extremely poor ethics here at Slashdot.
1. Re:Appropriate by MichaelSmith · 2009-10-19 10:40 · Score: 1
  
  We should pay Mary Logan back by giving her some free graphic design services for her new logo. Payment for our lulz you know.
  
  --
  http://michaelsmith.id.au
2. Re:Appropriate by socsoc · 2009-10-19 14:01 · Score: 1
  
  Or at least a few business cards from vistaprint
Not a new problem... by rickb928 · 2009-10-19 10:23 · Score: 1

Information wants to be free...

--
deleting the extra space after periods so i can stay relevant, yeah.
1. Re:Not a new problem... by Anonymous Coward · 2009-10-19 10:33 · Score: 0
  
  Information wants to be free...
  Nature abhors you.
Already explained by google, in TFA. by gehrehmee · 2009-10-19 10:23 · Score: 2, Informative

Could at least mention that the link you linked to has the express updated statement from google:
"Since the initial idea behind posting a voicemail, was precisely to share it with others, we did not restrict crawling of those messages that users post on the web, but we can certainly understand that users would want to make them public on their sites but not necessarily searchable directly outside of their own website. We made a change to prevent those to be crawled so only the site owner can decide to index them."
These are messages that people went out of their way to make public, via a URL with a hash. There's a question of whether there should have been a different type of authentication here, but this story is an alarmist knee-jerk reaction at best.

--
"You know, Hobbes, some days even my lucky rocketship underpants don't help" -- Calvin
Needs a new button by Megaweapon · 2009-10-19 10:24 · Score: 2, Funny

I'm Dialing Lucky

--
I'm sure "SlashdotMedia" will improve on all the wonders that Dice Holdings blessed us all with
The Real Problem is ... by itzfritz · 2009-10-19 10:25 · Score: 5, Interesting

The real problem, IMO, is that Google Voice voicemails are world-readable to begin with. The only security is the URL scheme. If that can be reverse engineered, the privacy of all google voice users will be in danger. (fyi I have tested this myself. The url scheme is "https://www.google.com/voice/fm/20-digit account id/long b64 encoded binary string", and these urls can be viewed by unauthenticated users. Note the use of https; while no man in the middle will read my voicemail, the man on one end can ;)
1. Re:The Real Problem is ... by noidentity · 2009-10-19 11:00 · Score: 3, Insightful
  
  The real problem, IMO, is that Google Voice voicemails are world-readable to begin with. [...] The url scheme is "https://www.google.com/voice/fm/20-digit account id/long b64 encoded binary string", and these urls can be viewed by unauthenticated users
  
  And my gmail account is available to anyone who knows my username and an n-character string (hunter2, starred for obvious resons).
2. Re:The Real Problem is ... by 93+Escort+Wagon · 2009-10-19 11:13 · Score: 1
  
  The real problem, IMO, is that Google Voice voicemails are world-readable to begin with.
  I'm not really meaning to argue, but I believe the biggest part of that "real problem" is that a lot of users simply don't care about the security of their personal information.
  Quite by accident, I discovered that the transcripts are open to the world not long after my brother got a Google Voice account. He was commenting (via email) on the funny misinterpretation of a message I'd left him - he sent me the text and as chance would have it left the original link intact. When I clicked on it, I heard the message I'd left him! But when I told him about this glaring security problem (IMHO), he basically said "this isn't really a big deal".
  Companies won't have much reason to pay real attention to security until a large percentage of their customer base forces them to pay real attention from the get-go.
  
  --
  #DeleteChrome
3. Re:The Real Problem is ... by kybred · 2009-10-19 11:14 · Score: 1
  
  You know, if you type in your password, Slashcode will convert it to stars.
  See I'll type in my password:
  *********
  Slashcode converted it to stars. Try it yourself!
4. Re:The Real Problem is ... by BobPaul · 2009-10-19 11:18 · Score: 1
  
  Is that even true? If you choose "Download" and copy the URL it gives you for the wav file, you can't use the link unless your logged it. It's my assumption that to get a public URL of the scheme "google.com/voice/fm/*" you need to first choose the option to e-mail a voice mail and include a public link. Perhaps that's a poor assumption on my part. Do we have evidence that it's one way or the other?
5. Re:The Real Problem is ... by Anonymous Coward · 2009-10-19 11:20 · Score: 0
  
  Let me try:
  (null)
  You see any stars?
6. Re:The Real Problem is ... by Anonymous Coward · 2009-10-19 11:22 · Score: 0
  
  You know, if you type in your password, Slashcode will convert it to stars.
  See I'll type in my password:
  *********
  Slashcode converted it to stars. Try it yourself!
  oh, really?
  you can go hunter2 my hunter2-ing hunter2
  haha, does that look funny to you?
7. Re:The Real Problem is ... by mysidia · 2009-10-19 11:36 · Score: 1
  
  1234
8. Re:The Real Problem is ... by Zerimar · 2009-10-19 11:42 · Score: 1
  
  Mine is: 12345
9. Re:The Real Problem is ... by hldn · 2009-10-19 12:02 · Score: 1
  
  oh, really?
  you can go hunter2 my hunter2-ing hunter2
  haha, does that look funny to you?
  lol, yes. See, when YOU type hunter2, it shows to us as *******
  
  --
  http://www.accountkiller.com/removal-requested
10. Re:The Real Problem is ... by kybred · 2009-10-19 12:06 · Score: 1
  
  Amazing! I have the same combination on my luggage!
11. Re:The Real Problem is ... by Omnifarious · 2009-10-19 12:23 · Score: 2, Interesting
  
  And, you know, if I 'reverse engineer' the right bunch of binary digits I can read all the credit card information in your https transactions. That bunch of binary digits being your AES key.
  If Google was in the least intelligent, that string would either be a random number or a hash (basically a random number if you don't know the exact data that went into it) of the voicemail contents plus the user and some other stuff. Personally, I expect they are in the least intelligent and that the URL is about as 'reverse engineerable' as the AES key your browser used to talk to the place you bought your latest motherboard from.
  
  --
  Need a Python, C++, Unix, Linux develop
12. Re:The Real Problem is ... by JustinRLynn · 2009-10-19 13:24 · Score: 1
  
  Oh, so you just have to brag that you bought the high-security luggage.
13. Re:The Real Problem is ... by farnsworth · 2009-10-19 13:38 · Score: 1
  
  The real problem, IMO, is that Google Voice voicemails are world-readable to begin with. The only security is the URL scheme.
  http://some-site/some-service/some-item/2bdccb1f-08d9-4f0d-a270-bc061f0c475f
  http://some-site/some-service/some-item?user=youruserid&password=12345
  Which is more secure? "Authentication" is just a URL, after all. (true, posts are handled slightly differently by browsers, but it's essentially the same as a get. It's all http in the end.)
  I like obfuscated URLs since I don't have to create a new thing to remember to access it. I can just look up the URL in my mail client or whatever. And I don't believe that it significantly reduces the access control. Let me know if I'm wrong.
  
  --
  There aint no pancake so thin it doesn't have two sides.
14. Re:The Real Problem is ... by kybred · 2009-10-19 16:27 · Score: 1
  
  Should we let all the n00bs in on it?
15. Re:The Real Problem is ... by Anonymous Coward · 2009-10-19 21:55 · Score: 0
  
  Replay attacks
  Your browser logs
  Web proxy logs (they can be inline so you won't notice).
  Enough?
16. Re:The Real Problem is ... by ei4anb · 2009-10-19 23:59 · Score: 1
  
  Another risk is the interaction with any desktop or proxy software that leaks the URLs. Many systems seem secure but have unintended consequences when used with another system. For example, once the administrator of the proxy learns the "20-digit account id" of the CEOs voicemail a simple grep thru the logs would give access.
my favorite (so far) by gEvil+(beta) · 2009-10-19 10:27 · Score: 3, Funny

Butt dialing on a roller coaster?

--
This guy's the limit!
1. Re:my favorite (so far) by nschubach · 2009-10-19 11:27 · Score: 1
  
  Murder in progress, definitely. My guess is the assailant is a demented clown from the sound of the laughing...
  
  --
  Every time I start to have faith in humanity, I ruin it by driving to work between 7 and 8 am.
2. Re:my favorite (so far) by Anonymous Coward · 2009-10-19 15:25 · Score: 0
  
  An interesting one I heard posted on another site... here's the comments from the person who posted it.
  
  it's apparently a conversation between thach nguyen and his psychiatris http://www.thachnguyen.com/
  The most fucked up part is at 11min where the doc tell him that he needs to stop helping other people through the work he does.
  The doc is talking shit the entire time.
  Scientology was right all along...
  They were talking about this voicemail.
3. Re:my favorite (so far) by martas · 2009-10-19 15:41 · Score: 1
  
  it sounds to me like a bunch of pigs are getting gang-raped and chopped to pieces by escaped criminally insane convicts.
  
  --
  weinersmith
4. Re:my favorite (so far) by Hurricane78 · 2009-10-19 16:10 · Score: 1
  
  No. Alien tickling ray attack. ^^
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
the drunk monkey is crystal clear about reality by gEvil+(beta) · 2009-10-19 10:34 · Score: 1

Uhhh, yeah...

--
This guy's the limit!
Looks like by Anonymous Coward · 2009-10-19 10:42 · Score: 0

kdawson figured out timothy's password.
data posted on the internet found on the internet! by Kenja · 2009-10-19 10:44 · Score: 2, Interesting

Dont want data to be found online? Dont put it out there for people to find.

Total non-issue.

--

"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Google voice to speech is (relatively) crap by Fencepost · 2009-10-19 10:50 · Score: 3, Informative

I've been experimenting with the voicemail-to-text transcription services out there, and compared to both GotVoice and PhoneTag the quality of transcription from Google Voice is something of a bad joke.

I understand that currently it's free (as opposed to $10+/month from the commercial services), and I have hopes that it will improve, but "quite nice" seems like a heck of a stretch at this point.

Anecdotally, here's an edited for privacy transcription from PhoneTag: "Hi, Alan. It's Nancy at Village Surgeons. My number is 123-456-7890. I'm following up on my e-mail that I sent you last week with regard to backup of our (quicken?) system here. (Paul Oddlastname?) was, had a concern that it wasn't backing up. So, I just kinda wants to touch base with you about that. When you have a chance. Give me a call. Thank you. Bye."

And here's an edited for privacy transcription from Google Voice today: "Hi Alan, it's gia Craig over at Northeastern collagen help topped and my computer is dead. It's definitely not working or managers on my phone's working. I checked the lines it doesn't look like. Anything's Unplugged, but I've pushed in any way you push the button to turn it on. There's no white that goes on movie then Maher of a machine starting. It's just absolutely dead and so could you do call me back and and come today. I do have to run over to delivery of the office for a few minutes this morning and then but I did not half hour. I might be at Colin's desk and that is extension 251. If I'm not at my own here and I'm 253. Thanks a lot. Bye bye."

--
fencepost
just a little off
1. Re:Google voice to speech is (relatively) crap by Anonymous Coward · 2009-10-19 11:35 · Score: 1, Informative
  
  You're comparing automatic speech recognition to human transcription services. Why?
2. Re:Google voice to speech is (relatively) crap by Mr2001 · 2009-10-19 12:23 · Score: 1
  
  Here's one I got a few weeks ago from Google Voice:
  
  Hello voice subscriber what. Hey if you few questions for you. They can feel me 6 like a year like 2 years ago to like forever. Go you came over and I was locked out of the password didn't know the password so much and we wanted. Anybody passed it. I don't know how you guys have a good i just took it out for the first time in years and it says your class is expired. I must be changed and I go to that the windows X P professional you went and dollar dishing whatever it is really old addition, windows 85,001 yet and it's give me a change. Faster screen and says, administrative, which is still around. Funny has got hold us for new password. I confirm you got through. I've any idea what the password again, 30, or if you're more than the who knows no idea what it would've been so if you tell me but sister for you know the next week, otherwise, I was gonna go out to confirm for some a long time, so if you should come pick the and a case.
  
  --
  Visual IRC: Fast. Powerful. Free.
3. Re:Google voice to speech is (relatively) crap by martas · 2009-10-19 15:38 · Score: 1
  
  while i was reading this, i thought you were claiming that the same voice message resulted in the two transcripts... needless to say, i was about to declare this bullsh!t.
  
  --
  weinersmith
4. Re:Google voice to speech is (relatively) crap by Anonymous Coward · 2009-10-19 19:55 · Score: 0
  
  Of course, since all we've got is two different messages by two different people, the difference could just as well be due to Nancy speaking more clearly than Craig. Unless of course both messages were by Nancy and Google was just that bad at transcription.
5. Re:Google voice to speech is (relatively) crap by LiquidAvatar · 2009-10-20 05:19 · Score: 1
  
  And here's an edited for privacy transcription from Google Voice today: "Hi Alan, it's gia Craig over at Northeastern collagen help topped and my computer is dead. It's definitely not working or managers on my phone's working. I checked the lines it doesn't look like. Anything's Unplugged, but I've pushed in any way you push the button to turn it on. There's no white that goes on movie then Maher of a machine starting. It's just absolutely dead and so could you do call me back and and come today. I do have to run over to delivery of the office for a few minutes this morning and then but I did not half hour. I might be at Colin's desk and that is extension 251. If I'm not at my own here and I'm 253. Thanks a lot. Bye bye."
  Funny... this is what I hear whenever a user asks me for help...
  
  --
  It is difficult to free fools from the chains they revere.
  -Voltaire
There is no free lunch... by Anonymous Coward · 2009-10-19 10:52 · Score: 0

... or free service. No business will give you anything for free. You pay for google services with your privacy. Some people find that this is a fair trade, others use secure services with guaranteed privacy, like xebba.com in exchange for the service fee.
Voice MailSSSSS? by Anonymous Coward · 2009-10-19 11:16 · Score: 0

What are mails? It's mail. Not mails. Learn it, love it.
Catpcha: pointing... pointing out small mistakes?
The voicemails were published (not by google) by mysidia · 2009-10-19 11:43 · Score: 1

Other websites provided links to the voice mails.
Google gives each voicemail a secret URL. If you choose publish the secret URL of one of your voicemail messages, then the voicemail message is no longer secret.
Google's search service was just making URLs of messages that has been published searchable.
Any search engine could and (does) index the very same.
GoogleBot doesn't have any privileged access to index Google Voicemail messages that the account holder didn't make public (by publishing URLS to)
If you ask me, however: I think Google Voice should default to only allowing the account owner to see messages.
If you want to "share" a message, there should be a flag you need to set on the message to make it publicly visible (that you can later revoke), or an account-wide setting you need to turn on before you can share messages.
This way, people who don't normally share their messages will have a protection more like what they are familiar with re. E-mail.
As far as I know, you can't (yet) publish a Gmail.com URL online and let other people read one of your e-mail messages... what justification is there for Google Voice to be different by default?
Most people do not commonly publish their voicemail messages, although some might wish to share with friends.
An issue is that voicemail messages generally include phone numbers, and these are generally considered personal/private.
It is poor etiquette to publish someone else's phone number without permission.....
Therefore, a (suitable) privacy default for shared voicemail, should in some manner censor phone numbers (such as by replacing with a handle, alias, or nickname)
1. Re:The voicemails were published (not by google) by nog_lorp · 2009-10-19 11:49 · Score: 1
  
  I assumed it would be set up like GMail documents: you click a "publish" button, and a link is enabled + given to you to publish. Can anyone confirm/deny this?
2. Re:The voicemails were published (not by google) by mysidia · 2009-10-19 14:26 · Score: 1
  
  Not exactly.. how it works is each message has a "More" link, you click the link, you choose "Embed" or "Email" from the menu, and it either prompts you for an e-mail address to send the link to, or for Embed, it displays some HTML code to allow you to embed the message on your web site, for Email you check a box "include a link to this message".
BGR isn't the "exclusive" first story by Anonymous Coward · 2009-10-19 11:52 · Score: 1, Interesting

BGR stole it from 4chan's /g/ (technology) board last night. See Google's index for proof. We were discussing it at 2AM, someone tipped off google, and BGR saw it on 4chan & reported on it. They misrepresent themselves as the story source, though.
Re:Google is Big Brother? by bendodge · 2009-10-19 12:29 · Score: 2, Informative

Google only hides the voicemail files with a monster-long URL. Though served over https, they are still world-readable. This is not an accident. This is deliberately done so that one can post a link to it somewhere else (email to coworker comes to mind) and they can hear it. Google did not simply forget to have access control; they purposefully chose this way over the Docs' everyone-must-signup-for-any-reason style.
Now, some morons have posted those voicemail URLs on public sites, along with the text translation. Along came a spider and sat down, er, crawled over them. These URLs and texts then appeared in search engines.
There's really no shock here. If I post links to my family photo gallery, everyone will see those, too, unless I have an account-based system which requires all my relatives to jump hoops in order to get access. Google tried to pick the lesser of two evils - whether they picked the right one I don't know.

--
The government can't save you.
ehh by cl0s · 2009-10-19 13:53 · Score: 1

I understand this is not necc Google's fault but their fix doesn't necc stop Yahoo or Bing from crawling it. I mean if you want to share your voicemail on your blog its like girls who post pictures wearing a bra and panties in the bathroom mirror on myspace, you can't be too mad when someone you didn't want to finds it.
I do agree they should make the voice mail completely private and only activate the URL from outside if specifically "shared". Funny because less than 10 minutes ago I setup my G1's voice mail to forward to Google Voice so I can use it as visual voice mail (works great by the way) -- didn't know this was going on though.
Because that *was* his work? by ChipMonk · 2009-10-19 13:56 · Score: 1

Maybe he's working for a graphic design studio, or an advertising agency.
1. Re:Because that *was* his work? by socsoc · 2009-10-19 14:20 · Score: 1
  
  Oh sure, they always cap emails at 4mb. If that was the case, there must have been a preferred method of moving those files, FTP for instance.
  He's just another user who wants to disregard the policies that are in place for a reason and start using consumer grade accounts for business which degrades the professionalism of both him and his organization.
2. Re:Because that *was* his work? by lewiscr · 2009-10-19 15:26 · Score: 2, Informative
  
  The digital photo was an example... I was having a hard time converting 4MB into Library of Congresses in my head.
  Aside from the occasional office event (work sponsored with a camera), we did send a lot of .zip files. One-off reports, server logs, sample data sets, etc.
  The preferred method for sending these files was a Windows share drive. Except nobody bothered to tell us that, probably because my satellite office wasn't big enough to get one. The biggest drawback is that Windows Shares don't work very well for people outside the firewall... like my customers. For irregular customer communication, it was email or nothing. Regular customer communications (daily data feeds, etc) was on an FTP site, but those were not available for ad-hoc file transfers. I tried to get a hole opened in the firewall for an ad-hoc (ie: locally administered) FTP site, but was denied.
  Before we were acquired, I was the system/mail/database/web admin (yeah, yeah, entitlement issues). As a non-Exchange shop, I had no problem providing reasonable email limits. And even (gasp!) changing them when the business needed it. Once we were acquired (and required to use Exchange), the uselessly low limit were imposed. There were valid reasons for it, but I wasn't given any alternative.
  My home computer was used as a last resort, after several Senior VPs asked if there was "anything I could do to make it work". It was always one-off, and always torn down and cleaned up. I am quite willing to bend the rules to make the customer happy, as long as it's done correctly.
3. Re:Because that *was* his work? by thejynxed · 2009-10-19 15:38 · Score: 1
  
  You act as if there is any significant difference between the two.
  Hint: Outside of paying your own money for someone to maintain it for you, or maintaining it yourself, there is no difference. Email is Email is Email. It all has the same basic functionality, no matter what fairy dust you attempt to sprinkle it with.
  IMHO - Your fancy blahblahblah@fancybusinessdomain.com address means no more to me than an address at blahblahblahblah@gmail.com.
  
  --
  @Mindless Drivel: 100% of Twitter posts ever Tweeted.
"someone" != "everyone" by Anonymous Coward · 2009-10-19 14:39 · Score: 0

And that is why Google failed.
Their designers made the same mistake with Google Voice that Microsoft made when they added "accounts" to pre-NT Windows -- they failed to consider the concept of controlled access. There really is a vast middle ground between "share it with the entire world" and "nobody but me can see it" and Google's designers need to understand that before they're allowed to play with business-sensitive (Google Docs and Google Voice) or PII (digitized health records) data.
1. Re:"someone" != "everyone" by Omnifarious · 2009-10-19 16:00 · Score: 1
  
  So, everybody should have to get a Google account so Google can authenticate them so you can give them explicit permission? That's whate every other service does, but it's dumb and wrong.
  Really, the only decent other solution is to allow you to specify a list of OpenIDs that can listen to the voicemail.
  
  --
  Need a Python, C++, Unix, Linux develop
It's obviously user error by sabre307 · 2009-10-19 15:35 · Score: 1

or intentional on their part. It seems like they are only coming from a select few users, and most of them are obviously recordings that were meant to be shared. I don't think this is Google's fault and it doesn't sway me in the least from utilizing my Google Voice Number.

--
My software never has bugs.
It just develops random features.
1. Re:It's obviously user error by Anonymous Coward · 2009-10-19 21:20 · Score: 0
  
  Sure. After all, you have signed away your rights to privacy the moment you signed up to ANY Google service (read the Terms of Service, clause 11) so it's a bit late to start complaining now.
  You get what you pay for. If you think your privacy is not worth maintaining then by all means go for Google, just stop the annoying whinging when it predictably goes wrong. I can only tell you "I told you so" so many times before it becomes boring, so please spare me the "Aww my Gaawwwd, my infomazion is all over the Innernet" whining.
  If you insist on having blonde moments despite plenty of warning to the contrary (you didn't swallow that "anti terrorist" excuse as well, did you?) you're welcome to live with the consequences. Just don't have any kids or otherwise contribute to the gene pool, and if I catch you handing off my personal details to the service (for instance, via the Picasa picture tagging system), rest assured I'll come after you proper - after all, your details will be easy to find..
  ---
  You can lead a horse to water, but it's still hard to make it read the Terms of Service..
This is suprising? by Anonymous Coward · 2009-10-19 17:41 · Score: 0

When are people going to learn that anything you store or use on a free public network "cloud" is free bait. This is why this type of thing is fail for corporate use.
User contraction? by Anonymous Coward · 2009-10-19 21:52 · Score: 1, Funny

"It sounds like something that wouldn't happen if you used commodity PC hardware to set up your own voice mail system."
Hmmm, I'll take ....answering machine for $10 Alex.
"It's difficult to put a dollar amount on it, but maintaining control over your own data and systems is quite valuable all the same."
By Insular Inc we bring you, Internet in a box. Gain all the joys of the internet without a connection to the outside world. Twitter yourself all day long. Set up Youtube and discover you CAN bend like that. My-space page were your multiple personalities can discover each other. For that genuine internet experience, if you reply now? We'll throw in Echelon were you listen in on your deepest secrets and then expose yourself. *zziiiippp* [censored]
yahoo too by Anonymous Coward · 2009-10-19 22:55 · Score: 0

Also Yahoo! is indexing these pages:
http://siteexplorer.search.yahoo.com/search?p=https://www.google.com/voice/fm/&y=Explore+URL&fr=sfp