News
News
2/17/2006
01:31 PM
50%
50%

Analysis: New Google Desktop Search Is A Privacy Minefield

Google Desktop's controversial Search Across Computers utility is a great convenience for people who work at multiple computers. But users and network security managers need to be careful about its whopping security and privacy concerns.

In the world of software, one person's feature can be another's bug. So it is with the recently released Google Desktop 3 Beta.

Google Desktop began life as a desktop search product, giving you the ability to find e-mail, files, and recently-visited Web pages. Version 2, released last fall, introduced the Sidebar, the feature that put news and RSS feeds on your computer desktop — and revealed a Google that was transforming itself from a simple search vendor to a software developer and content provider.

Version 3 Beta refocuses on desktop search, but one new feature — Search Across Computers (SAC) — is giving security and IT professionals nightmares about keeping data safe and private.



SAC enables users to find files across all their computers.
(Click to see complete image.)

SAC enables users to find files across all their computers — so, for example, they can access their desktop PC at work while traveling with a notebook. Sounds really useful, right? And so far, it's not available in any other of the leading free desktop search tools like Copernic or Yahoo! Desktop (based on X1).

However, in order to work, information about your documents (or your company's documents) must be uploaded to a Google server. And therein lies the rub. As any security professional knows, once the data is out of your computing environment, it is exposed and no longer secure.

Examining The Process
In some respects this process is very similar to Internet-based data backup services like LiveVault InSync, InfoSure, or EVault. With those services, you pay a monthly fee to back up selected files to a secure Web site. The difference between those services and Google is that, with the former, users are aware of the service's security and encryption techniques before they send a single file over the Internet. They know, for example, that the backup service uses 256-bit AES (Advanced Encryption Standard) encryption, transmits using SSL (Secure Socket Layers) technology and stores information in a data center that's monitored 24/7 with biometrically controlled access.

By contrast, here's what Google Desktop Features Summary says about this process: "In order to share your indexed files between your computers, we first copy this content to Google Desktop servers located at Google. . . We store this data temporarily on Google Desktop servers and automatically delete older files . . ."

The Google Desktop Privacy Policy further states: "If you choose to enable Search Across Computers, Google will securely transmit copies of your indexed files to Google Desktop servers, in order to provide the feature. Google treats the contents of your indexed files as personal information, in accordance with the Google Privacy Policy."

It is possible to encrypt the index Google Desktop creates, but here's what the Features Summary says, "Enabling this feature will reduce the performance of Google Desktop due to the extra work of doing the required encryption and decryption. This feature makes use of the Windows Encrypted File System (EFS) feature." (This only works on NTFS volumes.)

Google doesn't exactly provide enough information to be able to make an informed decision.

Previous
1 of 3
Next
Comment  | 
Print  | 
More Insights
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest, Nov. 10, 2014
Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.