Privacy and Desktop Search: A Closer Look
A new era of desktop search is coming. With it come new search privacy issues. If you’ve protected your data the way you always should, no problem. If not, it’s time you did.
The anticipated popularity of Google’s new desktop search tool means soon it will be common for everyone to search their hard drives as easily, comprehensively, and quickly as they search the Web. Several of Google’s competitors are already working on their own desktop search offerings. If you don’t use Google’s tool, chances are you’ll use someone else’s.
A new era of search is being ushered in. With it come new search privacy issues. Some people are shocked to discover personal information is out on the Web and easily accessible via search. Our Search Engines & Legal Issues page recounts many examples.
That such information is online isn’t the search engines’ fault. That information often should never have been out there in the first place. Search engines merely make it easier to find things. But their role as conduits means they often (particularly Google) take the blame for someone else’s poor security.
The same issues apply broadly to desktop search. Search tools make it much easier to find and locate information on a particular computer. This shouldn’t be a privacy issue, so long as ordinary security procedures are followed. Unfortunately, they often aren’t.
Protect Access to Your Computer
You know those movies where someone breaks into an office, sits at the computer, and quickly finds that secret information by running a search of the hard drive? Those scenes always make me laugh. There’s never been an easy way to search a computer that quickly.
The new desktop search era makes it possible. Anyone who wants to check on you can quickly uncover incriminating evidence on your computer — assuming you give them access. Imagine:
- An employee considers another job and writes email about this from her desk. Her employers intercepting email and acting on that knowledge isn’t new. But having it all nicely indexed and quickly searchable makes life easier for an employer who wants to sneak a peak at an employee’s computer.
- Having a dalliance with a secret lover? Your partner may have learned this by spending some quality time with your email. With desktop search (or even good email search, like Microsoft’s free Lookout product), your partner needs only seconds to find matches to suspect names.
- Been at the online porn? Someone knowledgeable can uncover this in your browser cache. Desktop search makes it easier to pinpoint which sites you’ve been viewing.
- Leave your computer unattended during a negotiation? Desktop search enables your competitor to quickly scan for sensitive information while you step out for that bathroom break.
It’s hardly news computers contain sensitive data that should be protected. What is new is how desktop search centralizes that data and makes it more accessible.
This is only an issue if someone has physical access to your computer, of course. Logging off and using a secure password is a huge deterrent.
Restrict What’s Indexed
Not indexing sensitive data further protects you. If it’s not in the desktop search index, no one can easily scan for it (yourself included).
With Google’s product, you can restrict portions of a drive from being indexed using the “Don’t Search These Items” box on the Desktop Preferences page. You’d better understand exactly where data are stored and how the Windows file structure works. Many (like my mom) find this stuff a mystery.
It would help if Google’s tool provided more precise, easy-to-use restriction control. The free Copernic Desktop Search is a good example. Copernic lets you pick exactly what you want indexed, be it within a particular section of the computer or email folders in Outlook. With Google, you index either all email or none.
Of course, the control assumes people understand where sensitive data are kept. My mom doesn’t. She must rely first and foremost on preventing access to her computer.
An easier restriction is not to index certain types of data. Don’t want your Web history monitored? E-mail too sensitive? In Google’s product, search for specific content types can be disabled. The downside is doing so keeps you from searching, too.
What If Data Are Stolen?
Earlier, I discussed controlling access to your computer. Each scenario assumed someone had physical access to your computer. Coworkers, someone in your house, or anyone who somehow, some way, could sit down with your computer.
It’s also possible data could be in danger if a hacker accesses your computer from afar. That threat predates desktop search. It’s a reason the latest Windows XP release has better firewall security tools.
Desktop search is different because the index it creates centralizes data. A hacker who gets in needn’t root around. If he knows where the desktop search tool keeps its data (this isn’t hard to find out), he has a nice, fat target.
I copied some data from my desktop computer to my laptop across my local network. At 238 MB, the file would easily fit on a USB or other portable storage device (the exact size varies, based on the amount of original data).
I swapped out my laptop’s Google Desktop data with the file from my desktop computer. Voilà! Access to everything originally on my desktop.
This was achieved with physical access. Even with broadband, 238 MB is a lot to download. A hacker could as easily go after other important targets, such as Outlook’s .pst file. It isn’t hard to find and is almost certainly much smaller than a desktop index.
Secure Your Computer
In the end, the message is unchanged. Start with good security. You’ll be safe even with the new opportunities desktop search may present. You should have been doing it all along.
How about going the extra mile and adding password protection or encryption? Google stresses basic computer security is the first and foremost requirement, and I agree.
“Google Desktop Search strives to be as secure as your computer is,” said Marissa Mayer, Google’s director of consumer Web products. “So we really do encourage users to use the built-in security controls in Windows.”
The company intends to add an extra layer:
“We do plan on offering password protection for people who are sensitive about it,” Mayer said.
Protection won’t be mandatory, she added. You won’t have to use it, and so long as you’ve got good computer security, that’s fine. It’s important not to let password protection in any tool lull you into neglecting to protect your computer at the core level.
It would be great to see if Google Desktop’s data could somehow be encrypted. That’s part of the password protection in my Outlook data, I believe. Having said this, I admit I don’t use that protection. I rely on good, basic computer security.
Other Issues
Earlier privacy issues involving Web search really aren’t a concern when it comes to desktop search.
It may bother some that Google Desktop Search makes use of Google’s cookie, plus each application has its own unique identifying number. “Search Privacy At Google & Other Search Engines” provides some guidance on why that’s not as scary as it sounds.
Google Desktop Search gathers non-personal data, such as the number of searches you conduct, the time it takes to display results, program crash reports, and so on. It’s sent to Google, unless you disable it via the Desktop Preferences page. If you dislike the idea, by all means, turn it off. It won’t affect the program.
By default, Google Desktop automatically records the Web pages you view in Internet Explorer (IE). A9’s similar automatic recording hasn’t ignited privacy outrage, but as Google’s a much bigger player, perhaps it will.
If concerns do arise, it’s worth understanding IE already records and stores pages you view. That Google does this too isn’t very different. Unlike competitors’ search memory features, data Google gathers is stored on your PC, not with the company.
Won’t Google Desktop Search spark the same furor Gmail did? Perhaps not, given Gmail shows ads targeted by computerized email scanning. “Reading” email freaks some people out.
Google Desktop Search scans email, too. That must happen to make it searchable. But it happens on your computer. Unlike Gmail, nothing is “seen” by Google in any way, shape, or form.
For more on search privacy and Google’s own desktop search product, see the information Google provides in its Privacy Policy and Privacy FAQ.
Want more search information? ClickZ SEM Archives contain all our search columns, organized by topic.
