inside the man

Thursday, December 08, 2005

Google Desktop godsend or spyware?

I am not embarrassed to say it, I love Google Desktop. It has changed the way I work for the better in a way that has not been matched since WYSIWYG word processing became readily available. However, like many, I am very concerned by GT's threat to my privacy. Not only does GT index every web transaction that I make (other than those at URLs that I have explicitly excluded), every document I have, every email I send or receive, it caches it! This can be a blessing when I am trying to find something from long ago, but it is also a pretty complete log of my online life that I am not comfortable with others having access to.

Mathew Schwartz has published this interesting list of steps to managing Google Desktop securely from an enterprise risk management perspective:

  1. Use an enterprise DSE Google Desktop is like instant messenger software: if you don't explicitly block it, it's guaranteed to be on some users' PCs, therefore consider centrally managing it. Desktop Search for the Enterprise, Google's administrator-controlled version, has a Group Policy control. It also enables centralized distribution and adds the ability to search Lotus Notes e-mails. Microsoft's WDS also offers centralized administration tied to group policies.
  2. Encrypt the index file To secure the actual Google Desktop index -- in case an attacker manages to grab it -- set the Group Policy preference to "encrypt index." Note this only works on NTFS volumes.
  3. Change the index file's location Beyond encrypting the index file, administrators can also change its default location, which makes it more difficult for an attacker to grab it.
  4. Disallow Google Desktop on PCs with shared login names For PCs with multiple users, Google Desktop creates a different index for each user, mitigating many privacy and sensitive information-sharing concerns. However, in organizations where multiple employees share a computer and use the same username and password, prohibit the use of Google Desktop. If you don't, each user's Web sessions will be added to a centralized index.
  5. Disable HTTPS indexing By default, Google Desktop indexes all cached Web pages, even if they're secure (HTTPS). Deactivating the "secure Web pages (HTTPS)" preference will prevent the indexing of sensitive information. Most other DSEs do not offer such functionality.

No comments:

About Me

My photo
Edmonton, Alberta, Canada
Returned to working as a Management Consultant, specializing in risk, security, and regulatory compliance, with Fujitsu Canada after running the IT shop in the largest library in the South Pacific.

CC Developing Nations
This work is licensed under a Creative Commons Developing Nations license.

Site Meter