Google queries provide stolen credit cards
News.com
http://news.com.com/Google+queries+provide+stolen+credit+cards/2100-1029_3-5295661.html
"It seems like everyone has their own trick," said Chris Wysopal, vice president of research and development for digital security firm @Stake. "This is really searching for data that should be secret but has been exposed through either through misconfiguration or by someone who has stolen it."

Aside from the number range search feature that Google offers (and mentioned in the article) the writer does not mention any other engine and what they do or do not contain. I'm betting that if others have this data in their database the people who want it will find it. Simply focusing on Google seems a bit unfair to me. In a enterprise situation, shouldn't the webmaster also have the skills to keep the data from being crawled?

Btw, while the News.com study is new, many articles have been written about this issue.
#1 (http://www.cbronline.com/article_news.asp?guid=44C16364-F776-485B-BD54-840031236FC4)
#2 (http://www.newscientist.com/news/news.jsp?id=ns99994002)
#3 (http://seattletimes.nwsource.com/html/nationworld/2001854419_google100.html)

The nongeographical nature of the internet could possibly make it a target in courts of law around the country, and the world.

Google, as one of the most visible representatives of the web, is a target when it comes to the type of suit mentioned. Anyone try to see if the same type of credit card information could be located on Yahoo! or Teoma? Did anyone Ask Jeeves? :)

I've seen some suggestions considering blocking by geographical location, and IP blocking of sites or information. There's been blocking of certain information in Saudi Arabia (http://cyber.law.harvard.edu/filtering/saudiarabia/), China (http://cyber.law.harvard.edu/filtering/china/), France and Germany (http://cyber.law.harvard.edu/filtering/google/), and in libraries (http://cyber.law.harvard.edu/people/edelman/mul-v-us/) across the US.

Google isn't the only target of suits and research. We've seen Yahoo! accused in a French court, and cleared (http://www.guardian.co.uk/international/story/0,3604,893642,00.html) on charges of condoning war crimes and crimes against humanity for allowing someone to sell Nazi memorabilia on its auction sites.

Search engines, portal providers, and almost every web site has to show some concern over the international nature of the web. There are a few ways to describe the location of the internet. One is to say that it is nowhere, and is outside of geographical restraints. Another is to say it is everywhere, and subject to the laws of every land. Some are taking steps to limit access - either by filtering or by denying access to it completely.


When a search engine links to information that violates someone's privacy or could cause financial harm - like credit card numbers, are they causing harm? If they are informed of their link, and they don't then remove it, are they acting wrongly?

When people did a search for the word Jew (http://www.google.com/explanation.html) on Google, they weren't very pleased with the top result, which was a site that most would call hateful. The site in question is still amongst the top results for that term, but a concerted effort to googlebomb the search engine has now brought a wikipedia result for the term to the top of the search results.

This control of the web, of search engines, by legal battles, or by group effort is a fascinating topic. What happens when you're a very large and influential company, and a search for the word "Hell" brings up your company name at the top of google's results page? It's no longer there, but Microsoft used to occupy that position. When did it change? How did it change? ;)

There are a lot of forces working at search engines, and information on the web. Some will be legal challenges, and some political ones. Others will be force exerted by people, or forces exerted by commercial organizations (http://www.free-culture.cc/freecontent/).

Will country boundaries have geographical filters placed upon them? What other efforts will limit our access to information? Shouldn't some access and information be blocked anyway? Who should decide? :eek:

An article and an essay about this very situation, with specific reference to privacy problems on Google, and a general call for more regulation of search engines. The first is from the latest issue of Forbes (http://www.forbes.com/home/free_forbes/2004/0816/102.html) and the second an essay I wrote today (http://www.google-watch.org/optin.html) that was inspired by the Forbes piece.

Should inclusion in a search engine be opt-in?

It's a good question, and a reversal of the Robot Exclusion Protocol (http://www.robotstxt.org/wc/exclusion.html) is an interesting approach.

Does it solve the problem cited?

In other words, is the web better with robots indexing pages unless ordered otherwise, or should they only be allowed to visit and index sites where they are given express permission?

I remember ALIWEB, which required special index files, and wouldn't include a site in its index unless it had those files. There are a few other engines which wouldn't include pages in their indexes unless special meta tags were on the pages.

The ALIWEB approach never achieved the popularity other search engines after it would. The same is true with those other engines. If search engines required people to know how to opt-in, would most people know how to do that, or learn easily, or would they not even bother. Honestly, I never created the ALIWEB files because it never seemed worth the effort.

There are some other issues, such as the cost of indexing. The robot programs cost processing power and bandwidth. Given the profits made by search engines selling advertising, and other bots providing different services, such as the ones searching for trademarked material for intellectual property owners. An interesting article that addresses this issue from 1995:

Robots in the Web: threat or treat? (http://www.robotstxt.org/wc/threat-or-treat.html).



The commercialization of the Internet would be de-emphasized slightly, and the interests of the public would become an issue for the first time in recent Internet history.

I'm not sure I agree. I suspect that most people posting noncommericial information on the web have less incentive to take the additional steps to opt-in to search engines, and make certain that their information is indexed. It may not be the priority that it is for someone with a commercial motivation.

I think an opt-in would also limit the amount of new search engines that index sites. The cost of advertsing that there is a new indexer, and convincing people to add those engines may be a price that a new indexer can't afford.

I asked, in the third paragraph of this post, if opt-in solves the problem cited. The problem is that information is being indexed that people didn't intend to have present on the web. I'm not sure that it would.

I suspect that people would opt-in to search engines, and continue to publish material to the web that they didn't intend to have published. But, because of the opt-in approach, there would be less competition amongst search engines, and less sites within their indexes.

One method that might work well is for html editing programs to have easy to find and use directions on inserting "no index" robot meta tags. And for people to be more careful about what they publish on the web. If information isn't intended to be public, why publish it where people could easily find it? For some reason, people do.

I do agree that it is getting harder for the average person to conduct a search, and find information such as nonprofit services. I don't think and opt-in approach would help in any way.

Opt-in opt-out, I think you hit the nail on the Head Bill when you said:
One method that might work well is for... people to be more careful about what they publish on the web.
Really, sue the idiots that let your credit card details get out!!!

Problem is, that same idiot probably doesn't have enough $$$ to justify litigating, and SEs make for a richer target.

Personally, I believe Search Engines should be able to index whatever you don't exclude that is publicly accessible. If you have a problem with personal information being published, the publisher is to blame.