Any thoughts on this gang?

Saw this earlier:

EFF - Watch Google's Desktop update... (http://www.eff.org/news/archives/2006_02.php#004400)

I used to have this app on my PC, but upgraded (new PC), so it went the way of the dodo.

This article has me thinking that may not be such a bad thing. I'm sure there are lots of conspiracy theories around this one.

Let's hear some of your thoughts...

Duane

I agree with the first line of the article whos link you posted.

Consumers Should Not Use New Google Desktop

By default the google desktop copies your ENTIRE Hard Drive(s) to googles servers...

I guess if you trust google, googles security and whoever google decides to give your information too, installing this google desktop is not a bad idea. If however, you have any questions or concerns about google's motives, intentions or future plans, you might not want to reinstall it...

Well, no one has to use it. Nor do they force you to or set it as a default to.

Some people will like this. I thought the EFF went a bit overboard. In fact, I'm curious of anyone at the EFF might ever leave data on EFF servers, then pull across to their personal computer. Or do any of them use any type of web mail. Do they always encrypt it, if so.

Remote storage is going to become more and more common. There already have been services that really honestly let you put your data over there (rather than copying data, making a textual index and deleting it, as I understand this does). These other services have been around longer than Google. I don't recall press releases on them. They're just as much a privacy issue.

Anyone putting data on a university server? How about a work server?

In short, you put your data with someone else, yep, that's a privacy issue. Be aware of it, either trust the provider or don't. But to single Google out as if it is so very unique? I think the EFF went a bit too far.

Remote storage is going to become more and more common. Not for sensitive data or data you want to keep secured, like health, financial and tax records, you know the kind of data a lot of people keep on their home computers and don't want ANYONE to see.

I don't see what google is doing with the desktop as remote storage. In my opinion, it is data mining pure and simple.

I agree with Danny it is all a matter of trust. I don't think Google is going to do anything with my info that would leave me vurnerable... though I don't really use Desktop after I beta tested it.... I know where nearly all the stuff I have on my computer is.....

Cool, I get to Quote myself, I don't often get to do that. ;)

I guess if you trust google...

I am glad Danny agrees with me, it is all about trust.

Do you trust google with ALL the information on your computers Hard Drive? If you do then go ahead and install google's desk top.

Just remember what a lot of folks around here like to say before you install the google desk top... "google does not owe you anything".

From what I understood from the article, it's nothing to do with trusting Google or not. It's the other people who can legally get whatever Google has in its system. Whatever files and documents Google has of yours, are available to other people without even the need for a judge's decision. That's how I understood it.

PhilC, I almost jumped on the bandwagon too, but for some odd reason I took a minute to read the article a second time and realized that we shouldn’t be on this whole trust-Google issue, at least not from discussing the article that is the topic of this thread.

Here’s a point we could get instead. The EFF wants to raise our awareness of some outdated privacy laws. These privacy laws are very dangerous to us. They want to get some of these laws changed or brought more current. They want Google to get involved and help, and they make a good left-handed case as to why it would be in Googles best interests to do so.

Then, enter the SEM audience - we go and turn it into a discussion on trusting Google.

The main trust issue raised in the article seems to be about whether it is safe to trust the government, and the laws as currently written. The only other trust issue raised in the article is related to Googles ability to secure the data, and this is not so much related to Googles trustworthiness as it is to their capabilities. In this regard, it’s just like Danny said – it’s the same old issues you have any time you store remote data.

It’s sad to me that we all get so concerned that Google might make a buck off of our information, use the data to somehow tilt the search marketing landscape or in some other way make life worse for us, that it makes us so Google-centric in our thinking and so paranoid that we don’t even see or discuss an important issue like privacy laws.

That's was my point, JohnW. It isn't about trusting Google or not (and I don't - not to that extent). It's that other people can subpoena your documents. It takes a lot less to get hold of your documents from Google than it does to get hold of them from you.

I'm in the UK and I don't know the relevant laws here, but I simply wouldn't allow any private documents of mine to be held by other people if I could help it. I just wouldn't do it.

While I agree that any documents that google holds would be ‘easier’ for any 3rd party to gain access too. I still think it is all about trusting google and what google would do with the information on your hard drive.

That also brings up the question of cross border data access. What if a government other than your own wanted access to your data? Would google provide personal information on a citizen of Canada or the UK to the American or Chinese Governments?

I am a bit concerned about the architecture of the new GDS feature. From a technological point of view, Google could have chosen another architecture. I am working for a search company and we are about to release a similar feature called "peer-to-peer search". The only difference is: We don't store the data (or the index of it) on our servers. Instead, we are just routing the individual query and the indivisual result via a trusted server. All is 256bit encrypted, so no-one can read the communication. The obvious disadvantage is that with our solution, our users can only search content of other users' computers if they are online, but I personally don't want to give *anyone* access to my computer while I am offline anyway.

This leads to another point of Chris' article, where I absolutely disagree: GDS is a very, very powerful tool and each of us has plenty of secret information literally anywhere on our disks (and I am talking of ordinary formats like mail, notes, documents, spreadheets, etc.). Therefore, I would rather prefer a solution, where I can control which folders of my computer can be searched by others. And really, this is not rocket science. I am working for a quite small company (at least compared to Google). Google has brilliant minds. They could have done a far better job.

I also think the EFF article is a bit hyperbolic, and though a little exaggeration in a worthwhile cause is forgivable, the inaccuracy about the default configuration is less so.

Brad Templeton of the EFF described the same issues much better when Gmail first appeared: http://www.imilly.com/google-cookie.htm#gmail

In that he included :-

"One key risk is that because GMail gets your consent to be more than an e-mail delivery service -- offering searching, storage and shopping -- your mail there may not get the legal protection the ECPA gives you on E-mail. The storage of e-mail on 3rd party servers for more than 180 days almost certainly causes the loss of those privileges. This in turn creates a danger that we may redefine whether e-mail has the "reasonable expectation of privacy" needed for 4th amendment protection."

That creeping erosion of a "reasonable expectation of privacy" seems to me to be at issue here too. It might be less so (as might many of the other risks of accidental and/or malicious disclosure) if Chris Sherman was right in his assertion that the cached information is encrypted during Google's storage :-

"What about Google storing your data on its servers? First, all of your information is encrypted before being sent to Google. This means that it's not just raw text files that are uploaded to Google's servers, but rather a secure mishmash of data that is theoretically only intelligible to your other computers, which hold the decryption keys. So nobody at Google can look at your information and make any sense of it.

Hackers, assuming they were able to penetrate Google's servers and could find this encrypted data, would face a similar challenge in decoding the information, let alone associating it with a particular individual. Yes, if someone manages to figure out your Google Account name and password, you're vulnerable. But not to a general hacker attack. The government, your spouse, business partners or rivals who may subpoena Google for your files would also face this obstacle."

But unless Chris knows something that I and the GDS Help Center don't (the former is always likely, but probably not the latter), then almost all that he says quoted above is wrong.

The transmission itself is via SSL encryption, so (man-in-the-middle attacks apart) it's safe enough 'on the wires'. And the Google Account password is encrypted (naturally). And local-only encryption using the Windows EFS is an (NTFS-only) option.

But the files cached on Google's servers are not, I don't believe, encrypted. Authorised (or naughty) people at Google could look at the information and make sense of it. As could successful hackers and/or social engineers, the government, and subpoena beneficiaries. Or if Google suffered a Checkpoint-like data disclosure fiasco.

But let's remember that millions of people store their entire mail database, unencrypted, at Gmail (including that 'half' of the correspondence that many of their contacts wouldn't themselves choose to store there). That must include a lot of very private and sensitive information.

I agree, Danny, that basically storing data with Google is probably not less secure than other remote storage services. But there is one very important legal difference if you live outside the US.

As an example, many people in Denmark use remote storage services provided by danish companies - and this is all protected by Danish law. Foreign governments and agencies CAN NOT just get access to it and we generally have very strong laws to protect individuals. Once you transfer your data to Google (or any other US based storage provider) you are no longer protected by Danish law. Do the average Dane know this? No, I don't think so.

I explicitly asked Google about this, and received an explicit reply: The data on their servers is encrypted. Admittedly, someone *truly* determined and nefarious might be able to get at the data, but based on what Google told me I think the odds of this happening are quite small.

But the files cached on Google's servers are not, I don't believe, encrypted. Authorised (or naughty) people at Google could look at the information and make sense of it. As could successful hackers and/or social engineers, the government, and subpoena beneficiaries. Or if Google suffered a Checkpoint-like data disclosure fiasco.

But let's remember that millions of people store their entire mail database, unencrypted, at Gmail (including that 'half' of the correspondence that many of their contacts wouldn't themselves choose to store there). That must include a lot of very private and sensitive information.

I explicitly asked Google about this, and received an explicit reply: The data on their servers is encrypted.

Chris - Everyone following this thread should read your excellent SearchDay article, Google Desktop Fears Overblown? (http://searchenginewatch.com/searchday/article.php/3585121) I think it lays to rest most of technical concerns and puts the Orwellian aspects in some perspective.

There's no need to boycott Google Desktop 3. Think carefully before enabling the program's advanced features, but take disingenuous claims like "Google copies your hard drive" with a substantial block of salt.

It's likely, though, that the more Google becomes a one-stop shop for information searches, the more it's also likely to become a one-stop shop for government witch hunts. This is going to be an ongoing public relations issue for Google, and it won't end just with this administration.

In this regard, Google, I feel, needs to be much more communicative about what its software does and how it behaves. I still have unanswered questions, eg, about how vulnerable my credit card information is on my Toolbar, or how to control where Google Desktop Search puts my data files. Google up till now has treated its software as a black box. I think they should be much more forthcoming about the details up front.

I explicitly asked Google about this, and received an explicit reply: The data on their servers is encrypted. Admittedly, someone *truly* determined and nefarious might be able to get at the data, but based on what Google told me I think the odds of this happening are quite small.

I can see how having the data in an encrypted form on Google's servers will help make the information less valuable for hackers to try to steal, and possibly shield it from the eyes of a non-authorized Google employee, but their privacy policies fail to make it clear regarding who at Google can view this data (and have the power to decrypt te data), and this encryption means nothing in regards to the ability for law enforcement to subpoena the information.

I explicitly asked Google about this, and received an explicit reply: The data on their servers is encrypted. Admittedly, someone *truly* determined and nefarious might be able to get at the data, but based on what Google told me I think the odds of this happening are quite small.
Well, okay. But without the benefit of seeing the question and answer (and whether the reply was by just a PR or someone who understands the technicalities: was it anything better than the vague and contradictory comments by Marissa Mayer and Sonya Boralv which are being quoted everywhere?), my guess is that all they might be doing is employing a googly equivalent of the Windows EFS. Which would be better than nothing, but not much, and not nearly the protection you describe.

Chris, no matter what Google are doing on their servers, your article includes logical inconsistencies about their encryption which ought to be cleared up, I believe.

What you describe would be end-to-end encryption using the account name and password as keys. It seems most unlikely to me that such an arrangement exists while the GDS documentation is entirely silent about it. But even if it is so, and thus reasonably secure from hackers gaining access only to the raw encrypted data, Google themselves necessarily have access to the account name and password, and so what you say about the encrypted information being inaccessible to Google, the government and subpoena beneficiaries, just can't be right.

And if, as seems more likely, Google simply employ some EFS-like system on their servers then, similarly, stymieing hackers gaining access only to the raw encrypted data would be the only protection above raw text storage. Not protection against Google (by changed intent, accident, social engineering or malice), the government and subpoena beneficiaries. (And your implication that the same encryption done before transmission is retained throughout the process, would also be wrong).

So, despite the reply from Google (and of course your good faith belief) I still believe your article is very wrong and misleading about this important aspect. Whatever the true position (and I'll be most pleased to be shown to be wrong!), I hope you'll want to get to the bottom of it, and clarify the details for all our benefit.

I was mistaken about the encryption - Google does hold the key, not your machines. I received this clarification from Cindy Cohn at the EFF, and I think it's important for everyone to read:

I wanted to correct one thing in your article. You point out that Google stores the Google Desktop data in encrypted form on Google's servers, then state:

"The government, your spouse, business partners or rivals who may subpoena Google for your files would also face this obstacle."

I'm afraid that's not true. Google encrypts the data but Google holds the key. I've checked this with Google. In response to a subpoena, whether from the government or a private party, Google would have to use its key to unencrypt the data and turn it over in plaintext.

So you are vulnerable to subpoenas, court orders, warrants and other process served on Google, and Google has no obligation to even inform you when it receives one, although for civil subpoenas I think they generally have a policy of giving notice.

Can you post this to the forum for me? You may still disagree with EFF's advisory that consumers not use the product, but I think that it's important that your readers understand that while Google's encryption may help protect them against hacks to Google's computer, it will not help protect them against legal process.

For cross-computer GDS to work in a secure fashion, each computer needs some amount of secret information to encrypt and decrypt the indexes that are replicated to each computer. Since during the installation of GDS3 one is not asked to transfer any 'special' files manually to the other computers the system would have to utilize a trusted peer-to-peer mechanism or a trusted third party for this purpose (Verisign, etc.)

At minimum, Google should have implemented an additional password that people could type into each computer independently of their Google Account credentials. Of course this password would need to remain local.

I'm sure Google PMs decided that for the sake of simplicity and ease of use for most people they should automate the system in the way that they did. As a result Google now has to handle this mess. Take Skype as an example of a company that is dealing with a similar issue. Although their protocol is also proprietary, they have authored numerous documents explaining how it works. Still, companies are developing software to specifically block Skype. Should we start counting the days until one of these companies offers an anti-GDS3 solution? "Protect your company's assets against employees sharing with their home computers and the world..."

Unfortunately Google's system is not secure and it is closed, so we don't know how well they are handling the keys involved and our personal information. Too bad. The EFF article may sound alarmist in tone but the issue is spot on.

I was mistaken about the encryption - Google does hold the key, not your machines. I received this clarification from Cindy Cohn at the EFF, and I think it's important for everyone to read:[...]
Perhaps also a factual edit (if nothing else) to the article itself? It's being widely (http://feedster.com/search.php?q=%22Google%20Desktop%20Fears%20Overblo wn%22) pointed to (http://www.google.com/search?q=%22Google+Desktop+Fears+Overblown%22) and probably few readers will then venture on to this forum.