The latest version of Google Desktop, version 3, adds a new feature which allows users to search through their documents across multiple, unconnected computers. Security companies, and digital rights activists say this could pose severe privacy risks to all users, and should be avoided at all costs.
The update to Google Desktop was released Wednesday, immediately a noise came from the security and blogging communities, suggesting data stored on Google’s servers could be subject to subpoenas or other forms of privacy-manipulation.
The “Search Across Computers” function sends copies of text documents and the entire web history to Google’s servers, stored under your Google Account. Then, from any other computer which has Google Desktop installed, when a search is made, the original computer is also searched.
The Electronic Frontier Foundation, a major consumer digital rights group, warns that litigious individuals, or even the government could subpoena Google for any data stored on the Google servers: a length Google says is “under 30 days.” While this sounds like a unsubstantiated threat, Google’s recent run-in with the Department of Justice shows that this could effect even the most innocent of users.
“EFF urges consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers who’ve obtained a user’s Google password,” says the EFF in their public statement on this issue. “Coming on the heels of serious consumer concern about government snooping into Google’s search logs, it’s shocking that Google expects its users to now trust it with the contents of their personal computers.”
Kaspersky Labs, a major security firm and developers of the Kaspersky Antivirus software posted a public statement regarding Google Desktop and privacy in their security blog, “For this feature to operate you need to use your Google account, the same one that you use for Gmail, Orkut and the other Google services. This means that if an attacker can obtain your Google login details, he will be able to access your confidential files. The good side is that this feature is an option and is not turned on by default. We advise you to keep it that way.”
“For the files stored on Google servers we would of course comply with valid legal process, but we provide notice to users when a request for their data is made, unless we are prohibited from doing that,” said a Google spokesperson on the topic of subpoenas.
The EFF and Kaspersky Labs have released public statements on the security implications with Google Desktop 3.
Contact the author.