Google search engine may be a privacy risk
October 18, 2004
NEW YORK – People who use public or workplace computers for e-mail, instant messaging and Web searching have a new security risk to worry about: Google’s free new tool that indexes a PC’s contents for quickly locating data.
If it’s installed on computers at libraries and Internet cafes, users could unwittingly allow people who follow them on the PCs, for example, to see sensitive information in e-mails they’ve exchanged. That could mean revealed passwords, conversations with doctors, or viewed Web pages detailing online purchases.
“It’s clearly a very powerful tool for locating information on the computer,” said Richard M. Smith, a privacy and security consultant in Cambridge, Mass. “On the flip side of things, it’s a perfect spy program.”
Google Desktop Search, publicly released Thursday in a “beta” test phase for computers running the latest Windows operating systems, automatically records e-mail you read through Outlook, Outlook Express or the Internet Explorer browser. It also saves copies of Web pages you view through IE and chat conversations using America Online Inc.’s instant-messaging software.
And it finds Word, Excel and PowerPoint files stored on the computer.
If you’re the computer’s only user, the software is helpful “as a photographic memory of everything you’ve seen on the computer,” said Marissa Mayer, director of consumer Web products at Google Inc.
Recommended Stories For You
The giant index remains on the computer and isn’t shared with Google. The company can’t access it remotely even if it gets a subpoena ordering it to do so, Mayer said.
Where the privacy and security concerns arise is when the computer is shared.
Type in “hotmail.com” and you’ll get copies, or stored caches, of messages that previous users have seen. Enter an e-mail address and you can read all the messages sent to and from that address. Type “password” and get password reminders that were sent back via e-mail.
Acknowledging the concerns, Mayer said managers of shared computers should think twice about installing the software until Google develops advanced features like password protection and multi-user support.
In the meantime, users of shared PCs can look for telltale signs.
A multicolored swirl in the system tray at the lower right corner of the computer desktop means the software is running. A user can right-click on that to exit the program – thereby preventing it from recording Web surfing, e-mail and chat sessions.
Users can also surf on non-IE browsers like Opera and Mozilla, although the software may index Web pages already stored before the software gets installed.
Managers of public access terminals can also install software or deny users administrative privileges so they can’t install unauthorized programs, such as Google’s. In fact, many libraries and cybercafes already do so.
The FedEx Kinko’s chain is also taking preventive measures. It’s deploying software designed to automatically refresh its public access terminals to a virgin state for each new customer. So any errant software would disappear, as would any personal settings, files or Web caches, said Maggie Thill, a spokeswoman with FedEx Kinko’s.
But policies do vary, and no precaution is foolproof, warned Carol Brey-Casiano, president of the American Library Association and director of public libraries in El Paso, Texas.
“We do our best to protect our patrons and computers and network, but as you can imagine, thousands of people can use public computers in a given week,” she said.