Tech Analysis: Does Google Desktop 3 Beta Pose A Serious Risk?
Google Desktop began life as a desktop search product, giving you the ability to find e-mail, files, and recently-visited Web pages. Version 2, released last fall, introduced the Sidebar, the feature that put news and RSS feeds on your computer desktop — and revealed a Google that was transforming itself from a simple search vendor to a software developer and content provider.
Version 3 Beta refocuses on desktop search, but one new feature — Search Across Computers (SAC) — is giving security and IT professionals nightmares about keeping data safe and private.
SAC enables users to find files across all their computers.
(Click to see complete image.)
SAC enables users to find files across all their computers — so, for example, they can access their desktop PC at work while traveling with a notebook. Sounds really useful, right? And so far, it's not available in any other of the leading free desktop search tools like Copernic or Yahoo! Desktop (based on X1).
However, in order to work, information about your documents (or your company's documents) must be uploaded to a Google server. And therein lies the rub. As any security professional knows, once the data is out of your computing environment, it is exposed and no longer secure.
Examining The Process
In some respects this process is very similar to Internet-based data backup services like LiveVault InSync, InfoSure, or EVault. With those services, you pay a monthly fee to back up selected files to a secure Web site. The difference between those services and Google is that, with the former, users are aware of the service's security and encryption techniques before they send a single file over the Internet. They know, for example, that the backup service uses 256-bit AES (Advanced Encryption Standard) encryption, transmits using SSL (Secure Socket Layers) technology and stores information in a data center that's monitored 24/7 with biometrically controlled access.
By contrast, here's what Google Desktop Features Summary says about this process: "In order to share your indexed files between your computers, we first copy this content to Google Desktop servers located at Google. . . We store this data temporarily on Google Desktop servers and automatically delete older files . . ."
The Google Desktop Privacy Policy further states: "If you choose to enable Search Across Computers, Google will securely transmit copies of your indexed files to Google Desktop servers, in order to provide the feature. Google treats the contents of your indexed files as personal information, in accordance with the Google Privacy Policy."
It is possible to encrypt the index Google Desktop creates, but here's what the Features Summary says, "Enabling this feature will reduce the performance of Google Desktop due to the extra work of doing the required encryption and decryption. This feature makes use of the Windows Encrypted File System (EFS) feature." (This only works on NTFS volumes.)
Google doesn't exactly provide enough information to be able to make an informed decision.Just Say No
Google Desktop does offer several checks to help keep your data safe and private.
First, Search Across Computers is turned off by default. If it's a feature you want to try, you have to enable it in Preferences. If you're thinking of trying it on a work computer, you should think long and hard, and check with your company's IT department, before doing so. Anything on your work computer is legally the property (and responsibility) of the company. (Tech research firm Gartner agrees that SAC should be turned off because files could include those with regulatory or security restrictions.) No security professionals worth their salt want to be responsible for protecting data that exits outside of his data center — especially when it's in the care of a company that can be as prone to subpoenas as Google is.
On install, Search Across Computers is turned off by default.
(Click to see complete image.)
Also, the SAC index is a subset of the full Google Desktop index. It includes only Web history; Word, Excel, and PowerPoint documents; and text and PDF files that reside in the My Documents folder. You can choose to make both documents and Web history searchable, or just one or the other. However, though this limits some of the danger, having Office documents exist on a Google server is a bit daunting. Would you want your business's profit and loss statement, or your performance evaluation, accessible from a co-worker's home computer?
Enabling SAC also requires a Google account. You can create a new username and password or use your Gmail or Orkut login.
Trying It Out
Using SAC was pretty cool, though somewhat time consuming. Building the index for over 80,000 items required a few hours, even though the index from a previous version of Google Desktop (including about 65,000 items) was already on the test computer. By contrast, a new install of X1 indexed the entire hard drive in about the same amount of time that Google required just to update. (X1, however, doesn't index chats or Web history.)
When enabling SAC on a second computer, results from the first computer showed up almost immediately, flagged with the first computer's name before the path location. The default computer name is its Windows Networking name, though you can change it to anything you like.
Oddly, though, searches didn't match up. A document search for "Charlton" on computer #2 turned up one result from computer #1. When performing the same search on computer #1, eleven documents turned up. This is because computer #2 doesn't get the full index of computer #1. It only gets an incremental update with documents that have been modified after SAC was turned on. This is functional, as the documents you are most likely interested in are the ones you were recently working on, and it lowers overall exposure as only a subset of your documents is transmitted.
Seeing the second computer's documents and Web history on the first computer took longer than expected. The second computer finished indexing, but its files did not appear in computer #1's results right away. And there was nothing in Indexing Status to indicate when those files might appear. After some time passed, long enough for the index to be updated, the second computer's files began appearing in computer #1's results, and it was listed on the Advanced Search page. There was no notification that the index had been updated to include the second computer's results. This is a beta product, however, so hopefully that will be addressed before the final version is ready.
When you decide you're done with SAC, Google Desktop provides a "Clear My Files From Google" button to remove the index from Google's server. Google also states in its newly updated Google Desktop privacy policy (dated February 9, 2006) that your data may remain on their servers for as long as 60 days after Google Desktop is uninstalled or a Google account cancelled. Keep in mind that your document index will also be on any computers you've used to search across computers. To remove that, you will need to uninstall Google Desktop and click No when you're asked if you want to save the indexes.The Elephant Remembers
If, despite all concerns, you decide to go ahead with Search Across Computers, Google Desktop does provide some tools to help you better manage the process. First, like X1 and Copernic, Google Desktop lets you exclude folders from the index. Indeed, Google goes a bit beyond the others and lets users exclude individual files and URLs. Oddly, though, Google Desktop doesn't extend this ability to e-mail. Both Copernic and X1 let you choose which e-mail folders to include or exclude.
Excluding folders, however, must be done before the index is created. Once items are part of the index, they are permanently there, unless you manually delete them. Though not new in this version, the ability to manually remove individual items from the index is a welcome addition to desktop search. Neither Copernic nor X1 allow you to remove individual items from the index.
Another welcome new feature is the ability to password-protect the search feature. Enabling Lock Search requires a user to enter their Windows password to initiate a desktop search. (If you don't use a password to log in to Windows, you need to set one before the Lock Search feature will work.)
Google Desktop's Search Across Computers features is useful -- but not necessary. Think hard before you decide to use it.
(Click to see complete image.)
Other new additions to Google Desktop include the ability to index Zip files and their contents, and the addition of Advanced Search. This lets you narrow searching to specific file types or specify recently created files. Advanced Search is modal, so selecting files, for example, lets you search within specific folders, if you so choose. Searching within a folder and its subfolders and directories is a new feature of version 3.
There have also been some updates to the Sidebar. New panels are available that let you check local driving traffic, search for jobs, and monitor eBay auctions. Panels can be undocked from the Sidebar and placed anywhere on the desktop. Once they are undocked, you can opt to hide them, or set them to always be on top. Also, in an attempt to build more interest in Google Talk, Google's instant messaging applet, news items, and Web clips can be shared with your Google Talk friends.
Google Desktop is available only for Windows XP or Windows 2000 SP3+.
Conclusion
Google Desktop on its own is a worthy competitor in the field of desktop search. It has the ability to search a range of media types not found in the other desktop search programs, including the Web history of Internet Explorer, Firefox, Mozilla, and Netscape; AIM, MSN Messenger, and Google Talk chats; plus Gmail, Outlook, Outlook Express, Netscape Mail, Thunderbird, and Mozilla Mail. The ability to password-protect searches and remove items from its index are also much-needed additions to help protect personal data.
Networking Pipeline editor Preston Gralla recently reversed his position on Search Across Computers. Originally citing concerns about personal documents being stored on Google's servers, he warned against enabling the feature. After a phone call with a Google representative, he is now using SAC on several PCs. The reason for the change in his comfort level? "At any one time, very little of your information is stored on Google servers."
He's right. Fears about subpoenas may be greatly exaggerated.
However, it doesn't change the overall concerns of security professionals. By using Search Across Computers, employees are transmitting confidential company documents outside existing security systems. The means of transmission and storage (for the limited time documents are on its servers) aren't understood, because Google hasn't explained them. Additionally, the Google Desktop software provides no mechanism for indicating when data is uploaded to a server, when it's accessed by your second computer and when it's deleted from Google's servers. We just don't know.
If Google is going to play in the software market, it needs to take responsibility for communicating what its software does and does not do, in conjunction with the software release. It needs to be more respectful of the burden on security/IT professionals and enable features that help them protect their data. We all know that Google will do no evil, but they need to help make sure that they don't enable it either.