Coffeehouse Thread

41 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

Has Google dropped the ball?

Back to Forum: Coffeehouse
  • User profile image
    TimP

    The Google Desktop Search seems to be doing very poorly so far in the public. Major news sources like CNN are now attacking it for its lack of privacy. It seems to me that the "Google does everything right" attitude is starting to fade away with this release. Personally, I never got caught up in the Google aura, but it looks like now that Google isn't the latest and greatest innovation anymore, people are more open to express their discontent.

  • User profile image
    ahockley

    A little negative public attention every now and then is good for a company.  A company which barges along without competition or criticism will become complacent.

  • User profile image
    Mav Phoenix

    ahockley wrote:
    A little negative public attention every now and then is good for a company.  A company which barges along without competition or criticism will become complacent.

    That hasn't really applied to MS and IE then has it?  SP2 was a step in the right direction but even that was slow coming.  A day late and a dollar short comes to mind.

  • User profile image
    jsrfc58

    I suppose to some people there is no easy way to convince them that it is not the "mighty hand of Google" reaching into your machine through the internet or something weird like that.  Maybe that will pass, or maybe there are widespread technical problems, I don't know.  I haven't had the time to try it, but I thought it worked offline (?).  Then again, maybe they tried to head off what was originally supposed to be in Longhorn (desktop search) and pushed something out there too soon.  That is what beta testing is all about though--gathering information, seeing what works, and what does not, and also doing a bit of live marketing/user research.

  • User profile image
    ahockley

    Mav Phoenix wrote:

    That hasn't really applied to MS and IE then has it?  SP2 was a step in the right direction but even that was slow coming.  A day late and a dollar short comes to mind.

    I suspect if Mozilla/Firefox hadn't been increasing in popularity, we would have seen even less IE changes.

  • User profile image
    Maurits

    jsrfc58 wrote:
    I haven't had the time to try it, but I thought it worked offline (?).


    It does.  But it also phones home to Google, as users with personal firewalls must notice (haven't tried it myself either.)  Google's official reason for this is that the product is in beta, and it's sending back statistics to the mother ship to help them improve the product.

  • User profile image
    Manip

    Which you can opt out of once during setup and again post-setup.

    Google dropped nothing, google has done nothing wrong. Google Desktop Search does not compromise security. I will say that again in case you misread - Google desktop search does not compromise security.

    This story was started by ignorant media types that know less about computers than the standard IT student. They complain because what google desktop search does is make information already accessible to the technical elite accessible to everyone. They are shocked because they thought such information was secure in the past and it scares them because they had no clue it was always in the open.

    I take my privacy very seriously. Maybe a little too seriously and I am happy to run google desktop search because I believe I know the vast majority of what it does. Instead of listening to your inferiors in the media why don't you try installing Desktop Search yourself, you will see that it is no threat and if Windows is setup correctly it does not even make one's computer any less secure.

    Let me note a few things -

    Google Desktop search can only index files you have local permission to access.

    Google Desktop search stores the cache under the current users permissions so it is no accessible to other users by default.

    Google Desktop search does not return private or personal information about your files to google or any third party.

    Google Desktop search does not return anonymous usage statistics to google without first giving the user the chance to opt out. You can opt out at a later date if you change your mind.

  • User profile image
    Maurits

    Manip wrote:
    Google Desktop search does not return private or personal information about your files to google or any third party.

    Google Desktop search does not return anonymous usage statistics to google without first giving the user the chance to opt out. You can opt out at a later date if you change your mind.


    Really?  Have you seen the source?  Have you run a packet sniffer on its outgoing traffic?  Has anyone?

    Maybe I'm being super-paranoid.  But it's entirely possible to encode private data in seemingly innocent usage statistics, if you really want to.  Certainly there's enough smart people at Google that they could figure out a way to do so without getting caught.

    A couple of possibilities off of the top of my head:
    Report search timings in seconds to five decimal places.  Only the first three places are actually from the timing.  The other two are used to send coded data back to Google.

    When sending normal data back to Google, introduce a delay between successive TCP packets.  The exact duration of the delay carries the coded information.

    If I worked for a Google competitor I'd be VERY careful about installing any Google desktop software... and that goes for the IE toolbar, too.

  • User profile image
    Jeremy W

    I'm more concerned with the whole "all users are one user" approach to the GDSE than anything. I'm not really concerned with future privacy issues in regards to Google centralizing the information store as that hasn't happened yet.

    The ability for someone to search MY internet cache, though, does bother me. If for no other reason than I read a lot of personal email online.

  • User profile image
    Manip

    Maurits wrote:
    Have you run a packet sniffer on its outgoing traffic?  Has anyone?


    Yes I have.

    the CNN article - my text is in blue.



    Users could unwittingly let others see sensitive information
    ‘Unwittingly’ is correct and also take note it is the users who are acting incorrectly.

    NEW YORK (AP) -- People who use public or workplace computers for e-mail, instant messaging and Web searching have a new privacy risk to worry about: Google's free new tool that indexes a PC's contents for quickly locating data.

    If it's installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they've exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases.
    The very same subsequent users could also search though the Internet Explorer or Firefox cache and get the very same information. They could use tools available from the internet to help in this task. Such tools would probably be more efficient than Google Desktop search that will try and index the entire drive.

    "It's clearly a very powerful tool for locating information on the computer," said Richard M. Smith, a privacy and security consultant in Cambridge, Massachusetts. "On the flip side of things, it's a perfect spy program."
    Is he talking about the built in search function in windows explorer or Google Desktop search? Does it matter which? That exact quote could be applied to ANY automated search system ever created.

    Google Desktop Search, publicly released Thursday in a "beta" test phase for computers running the latest Windows operating systems, automatically records e-mail you read through Outlook, Outlook Express or the Internet Explorer browser. It also saves copies of Web pages you view through IE and chat conversations using America Online Inc.'s instant-messaging software. And it finds Word, Excel and PowerPoint files stored on the computer.

    If you're the computer's only user, the software is helpful "as a photographic memory of everything you've seen on the computer," said Marissa Mayer, director of consumer Web products at Google Inc.

    The giant index remains on the computer and isn't shared with Google. The company can't access it remotely even if it gets a subpoena ordering it to do so, Mayer said.

    Where the privacy and security concerns arise is when the computer is shared.
    Exactly. So when the operating system isn’t setup to guarantee users privacy the users have none.

    Type in "hotmail.com" and you'll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type "password" and get password reminders that were sent back via e-mail.

    Acknowledging the concerns, Mayer said managers of shared computers should think twice about installing the software until Google develops advanced features like password protection and multi-user support.
    So in other words it is up to the person who setup the computer or who manages the computer to guarantee users security.

    In the meantime, users of shared PCs can look for telltale signs.

    A multicolored swirl in the system tray at the lower right corner of the computer desktop means the software is running. A user can right-click on that to exit the program -- thereby preventing it from recording Web surfing, e-mail and chat sessions.

    Users can also surf on non-IE browsers like Opera and Mozilla, although the software may index Web pages already stored before the software gets installed.

    Managers of public access terminals can also install software or deny users administrative privileges so they can't install unauthorized programs, such as Google's. In fact, many libraries and cybercafes already do so.
    Oh look – they have solved the problem themselves... Doesn’t this paragraph negate the entire article?

    Herb Jones, owner of Herb's Cyber Cafe in Oblong, Illinois, tried out the desktop search program on his computer and likes it -- but he won't install it on his two public terminals. In fact, he's written software to prevent customers from installing programs like it.

    "Otherwise, they can put on their own files if they want, a worm, a virus, anything, and you're shut down," Jones said.

    Owners taking preventive measures

    The FedEx Kinko's chain is also taking preventive measures. It's deploying software designed to automatically refresh its public access terminals to a virgin state for each new customer. So any errant software would disappear, as would any personal settings, files or Web caches, said Maggie Thill, a spokeswoman with FedEx Kinko's.
    Again they are disproving their entire argument against Google Desktop search.

    But policies do vary, and no precaution is foolproof, warned Carol Brey-Casiano, president of the American Library Association and director of public libraries in El Paso, Texas.

    "We do our best to protect our patrons and computers and network, but as you can imagine, thousands of people can use public computers in a given week," she said.

    The new Google tool would not only aid people in spying on past patrons on public PCs. At home, users could record their kids' instant messaging conversations or view a spouse's e-mail. In the office, employers could index what their workers are up to.
    Something parents if they have full administrative privileges can do anyway. There are lots of commercial software packages designed to do exactly this.

    If each user has a separate logon to Windows, Google Desktop Search will be stymied, however. That's because only one person can install and use the software on a given computer.

    The power of Google's software relies on centralizing what's already saved on computers; most browsers, for instance, have a built-in cache that keeps copies of Web pages recently visited. The difference is that Google's index is permanent, though users can delete items individually. And the software makes all the items easier to find.

    The software can also betray users, said Annalee Newitz, policy analyst at the Electronic Frontier Foundation. Delete an e-mail or file, yet a copy remains on Google's index.

    Neel Mehta, leader of the X-Force research and development team at Internet Security Systems Inc., said the threats are real, though there are plenty of other products available for spying -- ones better at doing the recording secretly.

    "It's not designed to be an illicitous tool," Mehta said of the Google software. "It's designed to be a search engine."

  • User profile image
    Jeremy W

    Manip, just a note: GDSE runs in the System space. It has access to all Internet caches. No user who logs onto my workstation at work (or home) has that level of access. But, suddenly, with the GDSE they would.

  • User profile image
    Maurits

    Manip wrote:
    Maurits wrote:Have you run a packet sniffer on its outgoing traffic?  Has anyone?
    Yes I have.


    Great! Can you post the packet log?

  • User profile image
    Manip

    Yes here it is:




    .. I found none, zero packets leaving my machine. I left it run an hour while google desktop search was indexing have tried different things like starting/stoping GDS.

  • User profile image
    Maurits

    As I understand it, it phones home whenever you search.

  • User profile image
    Manip

    Some people are tards..

    GDS.jpg

    Ethereal.jpg

    GPS2.jpg

  • User profile image
    infrared

    In reply to Google phone home: I thought MS's XP's own find engine did that itself anyways!

    The dog's just there for "distraction" (as in where's my gun!) Wink

  • User profile image
    Jorgie

    In my opinion, they have dropped nothing.

    It is a beta product and does exactly what they say it does.

    At worst they need to add some install options that will help people correctly use NTFS to protect anything they want protected.

    I use it daily and love it, but do do not search my web-history as I don't see enough good that that to balance out having all that old data around.

    Just for the record, I only use it on machines on which I am the only user.

    Jorgie

  • User profile image
    TimP

    I just think that with restrictions like one user machines, requiring admin rights, and not being able to limit or delete the cache makes it seem more like a product unfit for release than a beta. I think they should've either sent it to a team of beta testers or refined it more before releasing it. To be honest though, many of these features should've been built in from the start and the fact that they're not worries me.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.