February 14, 2006

The nonprofit EFF (Electronic Frontier Foundation) warns that a new feature implemented on Google's Desktop on February 9 presents a serious security and privacy risk. The method used by Google to store user data on its servers triggered the security warning by the EFF.

Google's new Share Across Computers feature stores Internet browsing history, Microsoft Office documents, PDF and text files on Google's servers, to allow a user to run remote searches from multiple computers.

However, according to the EFF, this presents a vulnerable target to malicious hackers.

"We urge Internet users not to use Google's new desktop feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who've obtained a user's Google password," the EFF said in a statement.

Google says it has to store the data on its own servers to deal with situations when one of a user's computers may be turned off or otherwise be offline when new or updated items are indexed on a different machine.

"We store this data temporarily on Google Desktop servers and automatically delete older flies, and your data is never accessible by anyone doing a Google search," the Web search giant insists.

Google said users can use a "Clear my Files" button to manually remove all files from its servers or a "Don't Search These Items" preference to remove specific files and folders from the software's index.

But, the EFF isn't impressed, especially coming on the heels of what it calls "serious consumer concern about government snooping into Google's search logs."

"It is shocking that Google expects its users to now trust it with the contents of their personal computers," said EFF staff attorney Kevin Bankston.

"Unless you configure Google Desktop very carefully, and few people will, Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index," he added.

In a strongly worded statement, Bankston warned that the government could demand access to personal files with only a subpoena rather than the search warrant it would need to seize the same things from a user's home or business.

"Other litigants—your spouse, your business partners or rivals, whoever—could also try to cut out the middleman (you) and subpoena Google for your files," he argued.

Security analysts have long warned enterprises against the use of desktop search software because of the serious risk of data theft and sensitive information exposure.

Google itself has struggled with security in the Google Desktop software. In November 2004, the company rushed out a patch for a security vulnerability that put users at risk of man-in-the-middle data leak attacks.

Source: eWeek

Save Internet Security.ca's URL to the list of your favorite web sites in your Web browser by clicking here.

Become an authorized reseller of Proxy Sentinel™ and Firewall Sentinel™. Do like the rest of our authorized resellers and have your clients benefit the important security features of our products and solutions, while increasing your sales at the same time. Click here for all the details.

You can link to the Internet Security web site as much as you like. Read our section on how your company can participate in our reciprocal link exchange program and increase your rankings in the major search engines such as
Google and all the others.