Analysis: New Google Desktop Search Is A Privacy Minefield
Google Desktop's controversial Search Across Computers utility is a great convenience for people who work at multiple computers. But users and network security managers need to be careful about its whopping security and privacy concerns.
In the world of software, one person's feature can be another's bug. So it is with the recently released Google Desktop 3 Beta.
Google Desktop began life as a desktop search product, giving you the ability to find e-mail, files, and recently-visited Web pages. Version 2, released last fall, introduced the Sidebar, the feature that put news and RSS feeds on your computer desktop and revealed a Google that was transforming itself from a simple search vendor to a software developer and content provider.
SAC enables users to find files across all their computers. (Click to see complete image.)
SAC enables users to find files across all their computers so, for example, they can access their desktop PC at work while traveling with a notebook. Sounds really useful, right? And so far, it's not available in any other of the leading free desktop search tools like Copernic or Yahoo! Desktop (based on X1).
However, in order to work, information about your documents (or your company's documents) must be uploaded to a Google server. And therein lies the rub. As any security professional knows, once the data is out of your computing environment, it is exposed and no longer secure.
Examining The Process
In some respects this process is very similar to Internet-based data backup services like LiveVault InSync, InfoSure, or EVault. With those services, you pay a monthly fee to back up selected files to a secure Web site. The difference between those services and Google is that, with the former, users are aware of the service's security and encryption techniques before they send a single file over the Internet. They know, for example, that the backup service uses 256-bit AES (Advanced Encryption Standard) encryption, transmits using SSL (Secure Socket Layers) technology and stores information in a data center that's monitored 24/7 with biometrically controlled access.
By contrast, here's what Google Desktop Features Summary says about this process: "In order to share your indexed files between your computers, we first copy this content to Google Desktop servers located at Google. . . We store this data temporarily on Google Desktop servers and automatically delete older files . . ."
It is possible to encrypt the index Google Desktop creates, but here's what the Features Summary says, "Enabling this feature will reduce the performance of Google Desktop due to the extra work of doing the required encryption and decryption. This feature makes use of the Windows Encrypted File System (EFS) feature." (This only works on NTFS volumes.)
Google doesn't exactly provide enough information to be able to make an informed decision.
5 Top Federal Initiatives For 2015As InformationWeek Government readers were busy firming up their fiscal year 2015 budgets, we asked them to rate more than 30 IT initiatives in terms of importance and current leadership focus. No surprise, among more than 30 options, security is No. 1. After that, things get less predictable.
InformationWeek Tech Digest, Nov. 10, 2014Just 30% of respondents to our new survey say their companies are very or extremely effective at identifying critical data and analyzing it to make decisions, down from 42% in 2013. What gives?