A Closer Look At Privacy & Desktop Search

The anticipated popularity of Google’s new desktop search tool means that soon it will be commonplace for everyone to search their computers as easily, comprehensively and quickly as they search the web. After all, several of Google’s competitors already are working on desktop search offerings of their own. So even if you don’t use Google’s tool, chances are, you’ll use someone else’s.

In short, a new era of search is being ushered in. With it comes some new issues about search privacy. We’ve already seen how people are sometimes shocked to discover that personal information about themselves is out on the web and made easily accessible through search. Our Search Engines & Legal Issues page recounts many such examples.

That the information was online has not been the search engines‘ fault, of course. The information should have never been out there in the first place. The search engines have merely made it easier to find things. But their role as conduits have meant they’ve often, especially Google, had to take the blame for someone else’s poor security.

The same issues apply in general to desktop search. Search tools, like the new one from Google, will make it much easier to find and locate information on a particular computer. That shouldn’t be a privacy issue, as long as ordinary security procedures are followed. Unfortunately, they often aren’t.

Protecting Access To Your Computer

You know those movies, where someone breaks into an office, sits down at a computer and quickly finds that secret information by running a search on the computer? Those scenes always make me laugh, since there’s been no easy way to search a computer that fast.

The new era of desktop search now will make that possible. As a result, anyone who wants to check up on you will be able to quickly discover if you’ve got incriminating evidence on your computer — assuming you give them access. Imagine:

  • Someone is considering taking another job and writing email about this from their desk. Employers intercepting email and acting upon that knowledge isn’t new. But having all that mail nicely indexed and quickly searchable will make life even easier for an employer who can sneak a peak at an employee’s computer.
  • Been having a tryst with a secret lover? Again, your spouse or partner might have discovered this by getting some quality time to read your email. But with desktop search (or even good email search like Microsoft’s free Lookout product), they only need a few seconds to see if there are any matches to names of those they might suspect.
  • Been at the porn on your computer? Someone knowledgeable could always discover this by looking at your browser cache. But desktop search makes it even easier to recover the sites you may have been viewing.
  • Leave your computer out during a business negotiation? With desktop search , your competitor can more easily be scan for any sensitive information while you step out for that quick bathroom break.

In short, it’s not new that computers have sensitive data that needs to be protected. What is new is how desktop search centralizes that data and makes it more accessible.

This is only an issue if someone gets physical access to your computer, of course. If you log off and use a secure password, that will be a huge deterrent.

Restricting What’s Indexed

Not indexing some sensitive data will also help further protect you. If it’s not in the desktop search index, no one’s going to easily be able to scan for it — including yourself, of course.

With Google’s product, you can also restrict portions of your computer from being indexed using the “Don’t Search These Items” box on the Desktop Preferences page. However, you’d better understand exactly where your data is stored and how the Windows file structure works. Unfortunately, many like my mom find this stuff a mystery.

It would help if Google’s tool provided more precise and easy to use restriction control. The free Copernic Desktop Search provides a good example of this. You can pick exactly what you want indexed with Copernic, be it within a particular section of your computer or mail folders within Outlook. With Google, you either index all your email or none of it.

Of course, that control also assumes that people understand where sensitive data is kept. Returning to my mom, she doesn’t. So in her case, she really needs to depend first and foremost on preventing access to her computer.

An easier restriction is not to index certain type of data. Don’t want your web history monitored? Email too sensitive? In Google’s product, searching specific types of content can be disabled. The downside remains that doing this keeps you from searching yourself.

What If Your Data Is Stolen?

Earlier I discussed controlling access to your computer. In each scenario I spun out, it was assumed someone had physical access to your computer. They were coworkers, someone in your house or anyone that some how, some way, got to sit down in front of your computer.

It’s also possible your data could be in danger if someone gains access to your computer from afar, by hacking in. That’s already been a threat to your data before desktop search. Indeed, it’s one reason the latest release of Windows XP has better firewall security tools built in.

What’s different with desktop search is that the index that’s created centralizes your data. A hacker who does manage to get in doesn’t need to root around. If they understand where the desktop search tool keeps its data (and this isn’t hard to discover), they have a nice fat target to go after.

For example, I copied the data from my desktop computer to my laptop. I did this across my local network, but at 238 MB, it would easily fit on some USB and other portable storage devices (the exact size will vary based on the amount of original data you have).

On my laptop, I swapped out its Google Desktop data with that from my desktop computer. Voila — I had access to everything that originally was on my desktop.

All this was done with physical access. Even with broadband, 238 MB is a lot to pull down. A hacker might as easily go after other important targets, such as Outlook’s PST data file. That data’s not hard to find and will almost certainly be much smaller in size than a desktop index.

Secure Your Computer

In the end, the message remains the same. Have good computer security to begin with. Then you are safe even with new opportunities that desktop search may present, and it’s something you’ve always had to do anyway, even without desktop search.

How about going the extra mile and adding password protection or encryption? For its part, Google stresses again that basic computer security is first and foremost required, which I agree with.

“Google Desktop Search strives to be as secure as your computer is,” said Marissa Mayer, Google’s director of consumer web products. “So we really do encourage users to use the built in security controls in Windows.”

However, the company also intends to add a layer beyond this:

“We do plan on offering password protection for people who are sensitive about it,” Mayer said.

The protection won’t be mandatory, she added. You won’t have to use it — and as long as you’ve got good computer security, that’s fine. It’s also important not to let password protection, when it comes to any desktop tool, lull you into neglecting protecting your computer at the core level.

I think it would still be great to see if the Google Desktop data could be encrypted some how. That’s part of the password protection in my Outlook data, I believe. Yet having said this, I admittedly don’t use that protection. Ultimately, I rely on having good basic computer security.

Some Old & Other Issues

Some past search privacy issues involving web search really aren’t that much a concern from my perspective, when it comes to desktop search.

For example, some may be disturbed that Google Desktop Search makes use of Google’s cookie plus each application has its own unique identifying number. My past article, Search Privacy At Google & Other Search Engines, provides some guidance on why that’s not so scary as it sounds.

Google Desktop Search also gathers some non-personal data, such as the number of serches you do, the time it takes to see results, program crash reports and so on. This is sent back to Google unless you disable this via the Desktop Preferences page. If you dislike the idea, by all means, turn it off. It’s not necessary to run the program.

By default, Google Desktop automatically records the web pages you view. Similar automatic recording by a9 hasn’t inspired privacy outrage so far, but as Google’s a much bigger player, perhaps this will come up. For more on that, see my Where’s The Privacy Freak Out Over Search Personalization? article.

If concerns do rise, it’s worth understanding that Internet Explorer itself is already recording and storing pages that you view, so the fact that Google does this as well isn’t much different. In addition, unlike search memory features rolled out by competitors, the data Google gathers is stored on your computer rather than with the company.

What about the fury over Gmail? Won’t we see the same with Google Desktop Search? Perhaps not, given that Gmail involved showing ads that were targeted by the computerized scanning of that email. That reading of email freaked some people out.

Google Desktop search also involves reading email — that has to be done to make it searchable. But the reading happens on your own computer. Unlike with Gmail, nothing is seen by Google itself in any way, shape or form.

Finally, for more about search privacy and Google’s own desktop search product, see the information Google provides in its Privacy Policy and Privacy FAQ.

Related reading

Six must-know international SEO tips to expand your businesses
The changing face of search: Dynamic content and experiences that perform
Case Study: How BDCenter transformed a reputation from 48% negative on Google to neutral