free html hit counter Google Desktop: Too Good For Its Own Good? - John Battelle's Search Blog

Google Desktop: Too Good For Its Own Good?

By - November 29, 2004

From an eweek piece by respected security expert Bruce Schneier:

The problem is that GDS indexes and finds documents that you may prefer not be found. For example, GDS searches your browser’s cache. This allows it to find old Web pages you’ve visited, including online banking summaries, personal messages sent from Web e-mail programs and password-protected personal Web pages.

GDS can also retrieve encrypted files. No, it doesn’t break the encryption or save a copy of the key. However, it searches the Windows cache, which can bypass some encryption programs entirely. And if you install the program on a computer with multiple users, you can search documents and Web pages for all users.//

…Some people blame Google for these problems and suggest, wrongly, that Google fix them. What if Google were to bow to public pressure and modify GDS to avoid showing confidential information? The underlying problems would remain: The private Web pages would still be in the browser’s cache; the encryption program would still be leaving copies of the plain-text files in the operating system’s cache; and the administrator could still eavesdrop on anyone’s computer to which he or she has access. The only thing that would have changed is that these vulnerabilities once again would be hidden from the average computer user.

In the end, this can only harm security.

GDS is very good at searching. It’s so good that it exposes vulnerabilities on your computer that you didn’t know about. And now that you know about them, pressure your software vendors to fix them. Don’t shoot the messenger.

Related Posts Plugin for WordPress, Blogger...

One thought on “Google Desktop: Too Good For Its Own Good?

  1. Justin says:

    Fallacy: “This allows it to find old Web pages you’ve visited, including online banking summaries…”

    No self-respecting banking website transfers confidential information over HTTP; it’s all done over HTTPS. HTTPS pages, by default, are not cached.