internetnews.com has a new article about the google desktop search application and security, (Google Desktop Security Warning Issued: "UPDATED: Two analysts issued independent warnings today suggesting Google's Desktop Search tool -- released in October -- poses security risks for the enterprise.")
google is said to be investigating the issues the article raises. i want to know why google is bothering. it's not them...
google has given us another of their terrific tools - one that sure makes personal productivity much easier for me and my genealogy research. with it, i just located on my own current hard drive, for instance, 10 emails and 180 other mentions of asa, the first name of one of my 3d great-grandfathers, asa newport of rhea county, tn. it took me about two seconds flat to get the results via google. my windows xp search engine grinds away and yet doesn't easily locate the same findings without me filtering and/or using advanced searching - and then it's minutes, not seconds, before i can see the results.
with my google desktop search (gds in techno slang), i can type in asa and presto chango, view hundreds of results as quickly as if i'd used google for a whole "regular" web search. my results show up in a familiar google format list and, when clicked, show the content of the whole cached version of my hard drive files (which doesn't include files, folders, etc that i have excluded via my filtered preferences). for the asa search, for instance, i even get results for photos of his grave marker and can open it in an irfan-view window by clicking on the google listing.
if do a regular google search like asa newport jpg, i get the web search results, yes, but at the top of the page on my home computer, i also see this:
5 results stored on your computer - Hide - About
asa&eliz_newport_marr_poo.. - - Nov 9
newport_asa_b1802_w_roger.. - - Apr 17
and no, these local file results are not going out over the internet for others to see. the same on-the-fly technology that drives google's ad sense may show ads related to local searches in the right-hand column format, but it's not collecting personally identifiable data. and since it's in beta and i want good service, i have, at least temporarily, allowed google to collect information about how i use desktop search and to collect an error report if necessary (which it hasn't had to do yet).
okay, so i'm a private user and am basically the only one to use my computer. granted, i'm not on a virtual private network, the target audience for today's internetnews article warnings. but internetnews isn't the only show in town which seems to be scaring away everyone from this exciting tool. this is evidenced from the continued interest in and commenting on an earlier, misinformed article published in october by pc world.
today's internetnews article revolves around a caveat from whale enterprises for customers of its secure vpn product. the company's warning says basically the same thing google cautions in its user and privacy statements: that if you don't set up your filters on install, the search engine may cache files you don't want cached. here's the spiel quoted by internetnews:
Google Desktop Search asks users at installation what kinds of files should be indexed. They can omit their Web histories and also secure HTTPS pages. They also can change the options at any time after the install.
But Joseph Sternberg, director of technical services for Whale Communications, said that administrators can't rely on their users to do the right thing.
"Security needs to be implemented at the enterprise. IT administrators need to ensure the system is secure."
source: Google Desktop Security Warning Issued: "UPDATED: Two analysts issued independent warnings today suggesting Google's
Desktop Search tool -- released in October -- poses security risks for the enterprise."
i basically come down on the side of
pc world comments like marli's:
There is no security issue with GDS here. There is, however, a security issue with computer configurations and people's use habits. Which brings us back to the point, if you don't know what your doing with a computer you either shouldn't be using it for sensitive purposes, get someone who knows something to set it up properly or don't complain about things like this. It is YOUR fault.
source: http://blogs.pcworld.com/staffblog/archives/000264.html
look, here's how i see it: anything i download from the internet could put me at risk for a virus, trojan horse, or privacy problems. i'm pretty paranoid, actually, but here's what i try to do:
i use a firewall that monitors outgoing transmissions; keep it and my virus protection religiously updated; use email filters and don't open email from folks i don't know or messages not properly addressed to me that may have slipped through. before i download a program or sign up for a service, i read all the warnings, options, caveats, bug reports, etc. i try to pick providers whose integrity i have learned to trust or one recommended by someone whose integrity i trust. i use the amazing
firefox as my default browser and just about any mail program besides microsoft outlook express. i don't save my browsing history or cache between browser loadings.
after all those precautions, i feel a little a better prepared to take my knocks, and so, when i fire up my browser, i think of its immense potential. i throw my shoulders back, keep my eyes wide open, tap a few quick keystrokes, and stride into the virtual world to download away.
and this monitoring stuff? i live in area where red light cameras click away at every major intersection. radio shack throws a conniption fit if i say i don't want to give them my phone number even though i pay them in cash. phone plans have neighborhoods and chips that'll tell you if you're physically near someone on your list.
any genealogist who uses ancestry.com knows that they are monitored on that company's sites. otherwise, how could they send us emails saying they've discovered a new file with our ancestor's name in it? (well, assuming you've allowed ancestry.com to send you e-mail.) family tree legend's smart matching counts on its ability to monitor your data entry in its program. as does gen smarts. you're just not getting your money's worth out of them if you're not using their monitoring and live-updating features.
amazon.com and the alexa toolbar follow you all around the web if you let them, evincing a whole lot more privacy concerns than google ever has with its more anonymous collecting approach. and besides, if google's desktop search really is a game of
who do you trust, think about this (also from today's internetnews article): microsoft, ask jeeves, and likely even yahoo are all developing their own desktop search tools and hope to have them out by the end of this year. we all should be over cookie and web beacon shock by now.
a lot of this new technology comes with a steep learning curve. but so much of it is worth it. what i love and cherish about the internet is that is dynamic and ever-changing. so the nay sayers have it right, alas, that the virtual world, like our real one, isn't totally benign. let's face it: if you use a computer and haven't already lost your information age innocence, then you're in big time denial, and i'm not talking about the river in egypt.