Google Voice Mails Found In Public Search Engine

← Back to Stories (view on slashdot.org)

Google Voice Mails Found In Public Search Engine

Posted by timothy on Monday October 19, 2009 @09:55AM from the wouldn't-mind-being-able-to-put-some-there dept.

bonch writes "Google Voice Mails have been discovered in Google's search engine, providing audio files, names, and phone number as if you were logged in and checking your own voice mail. Some appear to be test messages, while others are clearly not. Google has since disabled indexing of voice mails outside your own website."

26 of 145 comments (clear)

Min score:

Reason:

Sort:

I dont want to listen to my voice mails by lyquidevil · 2009-10-19 09:58 · Score: 5, Funny

and dont really care if you do. But bad move google.
1. Re:I dont want to listen to my voice mails by Anonymous Coward · 2009-10-19 16:24 · Score: 3, Informative
  
  This is user error not google error. The users made these voicemails public and google indexed them. They realize some people may not want them public and indexed outside of their own site and have stopped indexing that location. This is a stupid user error and nothing more.
  Must be a slow news day if the garbage from boy genius report is making it here.
User action? by jbohumil · 2009-10-19 10:01 · Score: 5, Insightful

This doesn't sound like a bug or leak, more like some users set up links or otherwise made their messages public.
1. Re:User action? by Anonymous Coward · 2009-10-19 10:20 · Score: 5, Insightful
  
  Exactly.
  IMHO, totally a non-issue: google doesn't spider their own service, but if you post links to your voice mail on a public page with a permissive robots.txt, it gets spidered and shows up in search results with them or anyone else.
  I completely get why Google is now removing these from search results -- they must be seen to be fixing this before it blows up as a scandal -- but shouldn't this sort of media panderage qualify as the evil they purportedly "don't be"? You'd think they're big enough to stand up and enlighten morons about robots.txt specifically, and about the general truth that when you post something on the internet, it's there forever.
2. Re:User action? by causality · 2009-10-19 10:23 · Score: 3, Funny
  
  It sounds like something that wouldn't happen if you used commodity PC hardware to set up your own voice mail system. Sure, you could make a similar mistake, but it's less likely considering that no one is as interested in safeguarding your data and privacy as you are. It's difficult to put a dollar amount on it, but maintaining control over your own data and systems is quite valuable all the same. I think it's great that Google wants to make services like these available to people who want them, but I for one won't be jumping on that bandwagon.
  
  --
  It is a miracle that curiosity survives formal education. - Einstein
3. Re:User action? by Mister+Whirly · 2009-10-19 10:32 · Score: 3, Funny
  
  Why stop there? Set up your own ISP and mail servers also. And screw Youtube, I went there once and it was down so I am setting up my own multi-media server. I also don't trust any commercial Maglock system, so I am setting up my own Maglock server to monitor all the door access as well. So, 18 million dollars later and I can guarantee no down time at all. Of course if 99.999% downtime would have been acceptable, I could have done all of that for free, but I would rather pay the big bucks to ensure that extra .001 % of uptime. Anyone who doesn't spend lots of time and money administering all of their own systems is a sucker!
  
  --
  "But this one goes to 11!"
4. Re:User action? by geekboy642 · 2009-10-19 10:49 · Score: 4, Interesting
  
  You speak facetiously, of course, but spending the time and effort to setup your own email server is a very valuable exercise. And at the end, you get an email account with no limits. Want ridiculously tight spam filters? Easy. Want to send and receive 1GB email attachments? Your insanity can be catered to.
  And best of all, nobody is sitting there watching all of your emails and serving you ads based on what you're emailing about.
  
  --
  Just another "DOJ fascist authoritarian totalitarian bootlicker" -- Zeio
5. Re:User action? by E+IS+mC(Square) · 2009-10-19 11:04 · Score: 4, Informative
  
  Right on. Here is what Google says: http://www.google.com/support/forum/p/voice/thread?tid=7625b775a05e9401&hl=en
6. Re:User action? by DragonWriter · 2009-10-19 11:13 · Score: 3, Interesting
  
  It sounds like something that wouldn't happen if you used commodity PC hardware to set up your own voice mail system.
  Yes, if you used commodity PC hardware to set up your own voice mail system, you probably wouldn't have automatic transcription that it would be even theoretically possible for you to directly post your voice mails on the web, so it wouldn't be possible for you to expose information the way you could choose to do with Google Voice.
  OTOH, it would be a lot more expensive for the fewer features you would get, so I'm not sure its all that worth it. It would be easier just to use Google voice and not post your own voice mails.
  Note that all of these emails are emails for which the URLs were posted by the user on a public website, and which were subsequently (and as a result of that posting) crawled and indexed by search engines.
  Oh, noes! Search engines find things that are posted publicly on the internet. The horror!
7. Re:User action? by antifoidulus · 2009-10-19 11:18 · Score: 4, Funny
  
  if 99.999% downtime would have been acceptable
  
  Some people have such high standards, I mean jeez the server was functional for 8.64 seconds today, isn't that enough?
  
  --
  Monstar L
8. Re:User action? by antifoidulus · 2009-10-19 11:21 · Score: 4, Interesting
  
  Actually it was 86.4 milliseconds, but when you are only expecting .0001% uptime, you cannot expect your service provider to be able to do arithmetic :P
  
  --
  Monstar L
9. Re:User action? by Jah-Wren+Ryel · 2009-10-19 11:31 · Score: 3, Insightful
  
  This doesn't sound like a bug or leak, more like some users set up links or otherwise made their messages public.
  I can't log into google voice without telling my browser to accept cookies from google. If they are going to use cookie-based authorization, then there is absolutely no excuse for handing out the data within an account to people who don't have the right cookie authorization.
  Even if they don't index it, the URLs are still going to be accessible to anyone who can figure out the URL.
  It appears to be a classic case of security through obscurity.
  Obscurity as an extra layer is fine, but google voice seems to have no layers excepet for obscurity and that's a ridiculous design decision for a company as big a reptuation for technical acumen as google.
  
  --
  When information is power, privacy is freedom.
10. Re:User action? by Capt.+Skinny · 2009-10-19 11:37 · Score: 3, Insightful
  
  You'd think they're big enough to stand up and enlighten morons about robots.txt specifically
  Cars have been around for about a century and there are still morons who haven't been enlightened about changing a flat tire, so I have my doubts about robots.txt
11. Re:User action? by Omnifarious · 2009-10-19 12:16 · Score: 4, Insightful
  
  The obscurity in this case happens to be a random number that's at least 100 bits long if not a lot longer. Sure I could guess that, but I could guess your 128 bit symmetric cipher key too.
  No, what happened here is that people used this extremely obscure URL to provide public links to their voicemail messages and google happily indexed those links. And, you know, when you publicize links to things, they show up in search engines.
  Now, google could additionally require authorization before letting people have access to those links, but the way you find out what the big long random number is is by clicking on something saying something along the lines of "I want to share this voicemail with someone." which means that you want someone other than yourself to have access to it. Making the link require authorization to get to would completely defeat the purpose of sharing it with someone.
  No, in my opinion, what google should do is have a per-voicemail switch that lets you decide whether or not the public sharable link works or not. Then you can share the link with a friend, and when you want to close up access so your friend can't share the link with their friend or post it on the internet or whatever, you click on the little check box and the link stops working.
  Voicemails that you schedule for deletion should become private by default when they hit the trash can.
  
  --
  Need a Python, C++, Unix, Linux develop
Natural Language Processing Needs Work by eldavojohn · 2009-10-19 10:05 · Score: 4, Funny

Looks like they got my message to Steve Ballmer.

--
My work here is dung.
Article is already updated by vxvxvxvx · 2009-10-19 10:05 · Score: 5, Informative

UPDATE: It seems as if these voicemails have been publicly posted/shared online and Google indexes them. Here’s official word:
“Since the initial idea behind posting a voicemail, was precisely to share it with others, we did not restrict crawling of those messages that users post on the web, but we can certainly understand that users would want to make them public on their sites but not necessarily searchable directly outside of their own website. We made a change to prevent those to be crawled so only the site owner can decide to index them.”
1. Re:Article is already updated by Mr.Bananas · 2009-10-19 10:16 · Score: 4, Insightful
  
  At around 10am, a comment on the same page linked by OP revealed what the parent has pointed out, and even linked to a GV forum post explaining as much.
  
  And yet, at 5pm, Slashdot posts this as news...
2. Re:Article is already updated by Beardo+the+Bearded · 2009-10-19 10:31 · Score: 4, Funny
  
  Common. I remember when Beenz did that for a grand prize, and someone found the URL and claimed the prize. They got the equivalent of $500USD in Beenz.
  Younger readers are wondering, "what the fuck are Beenz?".
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
3. Re:Article is already updated by iCEBaLM · 2009-10-19 10:57 · Score: 3, Funny
  
  It's like flooz.
4. Re:Article is already updated by 42forty-two42 · 2009-10-19 12:12 · Score: 3, Informative
  
  They added Disallow: /voice/fm/ to robots.txt for google.com, that's all.
If it's out there by El_Muerte_TDS · 2009-10-19 10:14 · Score: 4, Insightful

Like everything on the internet, if it's public, a web-spider will find it (eventually). But I'm seriously impressed by the speech-to-text engine Google uses, quite nice.
1. Re:If it's out there by zippthorne · 2009-10-19 11:30 · Score: 3, Funny
  
  Huh. I figured they just outsourced the translation to an indian sweat shop and the little checkbox next to the translation "was this useful?" results in a beating if you click "No."
  
  --
  Can you be Even More Awesome?!
The Real Problem is ... by itzfritz · 2009-10-19 10:25 · Score: 5, Interesting

The real problem, IMO, is that Google Voice voicemails are world-readable to begin with. The only security is the URL scheme. If that can be reverse engineered, the privacy of all google voice users will be in danger. (fyi I have tested this myself. The url scheme is "https://www.google.com/voice/fm/20-digit account id/long b64 encoded binary string", and these urls can be viewed by unauthenticated users. Note the use of https; while no man in the middle will read my voicemail, the man on one end can ;)
1. Re:The Real Problem is ... by noidentity · 2009-10-19 11:00 · Score: 3, Insightful
  
  The real problem, IMO, is that Google Voice voicemails are world-readable to begin with. [...] The url scheme is "https://www.google.com/voice/fm/20-digit account id/long b64 encoded binary string", and these urls can be viewed by unauthenticated users
  
  And my gmail account is available to anyone who knows my username and an n-character string (hunter2, starred for obvious resons).
my favorite (so far) by gEvil+(beta) · 2009-10-19 10:27 · Score: 3, Funny

Butt dialing on a roller coaster?

--
This guy's the limit!
Google voice to speech is (relatively) crap by Fencepost · 2009-10-19 10:50 · Score: 3, Informative

I've been experimenting with the voicemail-to-text transcription services out there, and compared to both GotVoice and PhoneTag the quality of transcription from Google Voice is something of a bad joke.

I understand that currently it's free (as opposed to $10+/month from the commercial services), and I have hopes that it will improve, but "quite nice" seems like a heck of a stretch at this point.

Anecdotally, here's an edited for privacy transcription from PhoneTag: "Hi, Alan. It's Nancy at Village Surgeons. My number is 123-456-7890. I'm following up on my e-mail that I sent you last week with regard to backup of our (quicken?) system here. (Paul Oddlastname?) was, had a concern that it wasn't backing up. So, I just kinda wants to touch base with you about that. When you have a chance. Give me a call. Thank you. Bye."

And here's an edited for privacy transcription from Google Voice today: "Hi Alan, it's gia Craig over at Northeastern collagen help topped and my computer is dead. It's definitely not working or managers on my phone's working. I checked the lines it doesn't look like. Anything's Unplugged, but I've pushed in any way you push the button to turn it on. There's no white that goes on movie then Maher of a machine starting. It's just absolutely dead and so could you do call me back and and come today. I do have to run over to delivery of the office for a few minutes this morning and then but I did not half hour. I might be at Colin's desk and that is extension 251. If I'm not at my own here and I'm 253. Thanks a lot. Bye bye."

--
fencepost
just a little off