CSC 379:Week 4, Group 3: Difference between revisions
No edit summary |
|||
(23 intermediate revisions by 5 users not shown) | |||
Line 1: | Line 1: | ||
=Privacy of Search Content / Search Engines both Local (Desktop Search) and Internet= | =Privacy of Search Content / Search Engines both Local (Desktop Search) and Internet= | ||
A recent proof-of-concept exploit of Internet Explorer allowed for the running of a search through Google Desktop for passwords on a user’s computer upon visiting a website containing the exploit script | A recent proof-of-concept [http://www.hacker.co.il/security/ie/css_import.html exploit] of Internet Explorer allowed for the running of a search through Google Desktop for passwords on a user’s computer upon visiting a website containing the exploit script. Operating systems, browsers, and other software like desktop searches keep a written history of user activities, of which many users are unaware of. This poses a privacy threat to users as computers with content collected through the use of a variety of programs remains recoverable, even when thought to be deleted. Many business and government agencies implement technologies designed to obscure information on hard drives prior to allowing old computers out of their inventory. However for many non-tech-savvy consumers, such technologies are not implemented, or are impractical (as the case when a computer is disabled and needs repaired). In such cases, private information can be exposed, now ever more easily and thoroughly through the use of desktop search technologies. | ||
Internet search engines also pose a threat to privacy through maintenance of search logs as it may be possible for the government to use subpoenas to acquire normally private user search logs. Google has responded by shortening the length of time it maintains search data, and other search engines have precautions in place as well to protect user privacy. | |||
==Privacy Concerns (Internet Search Engines)== | |||
===Introduction=== | |||
Most internet users are not aware that what they type into seemingly benign search engines is being stored in a database. Though the the tracking methodologies differ across search engines the data is often associated by an ip address or name or both, depending on how much information you've shared with the search engine. This information is very valuable to online advertisers and marketers who can use it to focus and target their campaigns and leverage what people search for (revealing their curiosities, anxieties, fears, and personal dilemmas) in order to increase their profits. | |||
===Regulations=== | |||
Since Google's acquisition of DoubleClick, it has been under investigation by several regulatory bodies (FTC, Congress, and EU) for privacy concerns (as well as unfair business practices). This led to Google announcing that it would "make anonymous" all searches after a period of 18 months. This consists of eliminating any association of a search with an ip address as well as forcing cookies to expire after 2 years. Many [http://news.zdnet.co.uk/security/0,1000000189,39288141,00.htm critics do not feel that this is enough privacy.] They point out that the 18-month limit goes into effect only after you stop using Google, which you are rather unlikely to do, given its position in the world of search engines. Attempting to use the privacy issue to get an edge over Google, [http://www.iht.com/articles/2007/07/23/business/search.php Microsoft announced similar in-house regulations of their data], [http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9027924 as did Yahoo.] Ask.com [http://searchengineland.com/070719-173648.php went further.] In addition to severing identifying links to an IP address it allows for a search which is erased immediately. Though critics point out that too much privacy can allow internet predators to go undetected. | |||
==Privacy Concerns (Desktop Search)== | |||
===Introduction=== | |||
Desktop Search is the name given to a tool that performs searches in a user's local system. Current desktop search applications can search from text files, to music files, to images, to e-mail and chat files. Desktop Search tools use an indexing system, which lets them perform searches in big hard drives at a great speed. Newer versions of desktop searching tools also allow for searching files throughout networks and other computers. Most of the desktop search tools out there can search for the content of files with Microsoft formats, such as word, excel, power point, etc. as well as of locally stored websites. Some others support more formats such as PDF, MP3, JPG, GIF, AIM, etc. Some of the most known desktop search tools out there are [http://desktop.yahoo.com X1 Yahoo! Desktop Search], http://www.microsoft.com/windows/desktopsearch/hp1.mspx Windows Desktop Search], [http://desktop.google.com/ Google Desktop], [http://sp.ask.com/en/docs/desktop/overview.shtml Ask Jeeves Desktop Search], [http://www.copernic.com/ Copernic Desktop Search], etc. | |||
===The Good of Desktop Search=== | |||
Desktop Search tools can index emails, email attachments, files, messenger contacts, notes, web searches, etc. and uses these indexes to find these targets, based on specified keywords in a few seconds. In some cases, such as with Google Desktop and Yahoo Desktop Search, these applications are mereged with their corresponding search engines by letting the user search their computer and the web, at the same time, from the search engines web site. In other cases, such as Copernic's case, the tool is a stand alone application, which allows for better security. Copernic is an application that is specially good for audio, and image files, as it searches comments and other factors that allow the application to scan their content. In some other cases, the desktop search tool, like the Google tool, caches search results, which allows the user to look at older versions these. | |||
===Security Issues with Desktop Search=== | |||
One of the main concerns with desktop searches has to do with the retrieval of web history. The Google Desktop client was specially drawing attention, because it could index secure cached websites. This gave unrestricted access to anyone who would perform a search, and though this feature could be disabled, it is a | |||
very critical issue to keep in mind. The problem lies in the fact that these are features rather than bugs. It would make sense to have this functionality in a secure personal computer. However, the perspective changes when we have this type of functionality in public or enterprise computers, as confidential information could be easily disclosed. It is essential for companies to research these types of vulnerabilities before using this type of software. There is another issue, which is concerned with indexing in a | |||
network or on remote computers. In this case, cached files are stored in a central server, which may make such information vulnerable for others to see, specially the government. | |||
===Articles=== | |||
====''Introduction''==== | |||
*[http://www.consumersearch.com/www/software/desktop-search-engines/review.html Desktop Search Engines] Consumer Search | |||
*[http://searchenginewatch.com/showPage.html?page=3421651 Google Desktop Search Launched] ''Danny Sullivan'' SearchEngineWatch.com | |||
====''Advantages''==== | |||
*[http://www.microsoft.com/windows/desktopsearch/search/default.mspx Windows Desktop Search: Best in Class Search Tool] Windows Desktop Search | |||
*[http://netsecurity.about.com/od/secureyourcomputer/a/aa102904_2.htm Desktop Search Tools] ''Tony Bradley'' About.com | |||
====''Security''==== | |||
*[http://www.infoworld.com/article/07/03/07/HNgoogledesktopsearch_1.html Google updates desktop search tool] ''James Niccolai'' InfoWorld | |||
*[http://google.blognewschannel.com/archives/2006/02/09/privacy-experts-advice-against-google-desktop-3 Privacy Experts Advise Against Google Desktop 3] ''Nathan Weinberg'' Blog News Chanel | |||
*[http://www.gartner.com/DisplayDocument?doc_cd=137896 Manage Google's Desktop Search Now or Lock It Out] Gartner | |||
*[http://www.eweek.com/article2/0,1895,1735099,00.asp Desktop Search: The Ultimate Security Hole?] ''Matthew Hicks'' eWeek.com | |||
*[http://desktop.google.com/privacypolicy.html Privacy Policy] ''Privacy Matters'' Google Desktop | |||
*[http://searchenginewatch.com/showPage.html?page=3421621 A Closer Look At Privacy & Desktop Search] ''Danny Sullivan'' SearchEngineWatch.com | |||
==Resources== | ==Resources== | ||
===Relevant External Links:=== | |||
* [http://en.wikipedia.org/wiki/AOL_search_data_scandal Wikipedia - AOL Search Data Scandal] | |||
* [http://www.nytimes.com/2006/08/09/technology/09aol.html?ex=1312776000en=f6f61949c6da4d38ei=5090 New York Times - "A Face Is Exposed for AOL Searcher No. 4417749"] | |||
===Relevant Class Website Links:=== | ===Relevant Class Website Links:=== | ||
* [http://ethics.csc.ncsu.edu/abuse/wvt/ http://ethics.csc.ncsu.edu/abuse/wvt/] | * [http://ethics.csc.ncsu.edu/abuse/wvt/ http://ethics.csc.ncsu.edu/abuse/wvt/] |
Latest revision as of 20:44, 2 August 2007
Privacy of Search Content / Search Engines both Local (Desktop Search) and Internet
A recent proof-of-concept exploit of Internet Explorer allowed for the running of a search through Google Desktop for passwords on a user’s computer upon visiting a website containing the exploit script. Operating systems, browsers, and other software like desktop searches keep a written history of user activities, of which many users are unaware of. This poses a privacy threat to users as computers with content collected through the use of a variety of programs remains recoverable, even when thought to be deleted. Many business and government agencies implement technologies designed to obscure information on hard drives prior to allowing old computers out of their inventory. However for many non-tech-savvy consumers, such technologies are not implemented, or are impractical (as the case when a computer is disabled and needs repaired). In such cases, private information can be exposed, now ever more easily and thoroughly through the use of desktop search technologies.
Internet search engines also pose a threat to privacy through maintenance of search logs as it may be possible for the government to use subpoenas to acquire normally private user search logs. Google has responded by shortening the length of time it maintains search data, and other search engines have precautions in place as well to protect user privacy.
Privacy Concerns (Internet Search Engines)
Introduction
Most internet users are not aware that what they type into seemingly benign search engines is being stored in a database. Though the the tracking methodologies differ across search engines the data is often associated by an ip address or name or both, depending on how much information you've shared with the search engine. This information is very valuable to online advertisers and marketers who can use it to focus and target their campaigns and leverage what people search for (revealing their curiosities, anxieties, fears, and personal dilemmas) in order to increase their profits.
Regulations
Since Google's acquisition of DoubleClick, it has been under investigation by several regulatory bodies (FTC, Congress, and EU) for privacy concerns (as well as unfair business practices). This led to Google announcing that it would "make anonymous" all searches after a period of 18 months. This consists of eliminating any association of a search with an ip address as well as forcing cookies to expire after 2 years. Many critics do not feel that this is enough privacy. They point out that the 18-month limit goes into effect only after you stop using Google, which you are rather unlikely to do, given its position in the world of search engines. Attempting to use the privacy issue to get an edge over Google, Microsoft announced similar in-house regulations of their data, as did Yahoo. Ask.com went further. In addition to severing identifying links to an IP address it allows for a search which is erased immediately. Though critics point out that too much privacy can allow internet predators to go undetected.
Privacy Concerns (Desktop Search)
Introduction
Desktop Search is the name given to a tool that performs searches in a user's local system. Current desktop search applications can search from text files, to music files, to images, to e-mail and chat files. Desktop Search tools use an indexing system, which lets them perform searches in big hard drives at a great speed. Newer versions of desktop searching tools also allow for searching files throughout networks and other computers. Most of the desktop search tools out there can search for the content of files with Microsoft formats, such as word, excel, power point, etc. as well as of locally stored websites. Some others support more formats such as PDF, MP3, JPG, GIF, AIM, etc. Some of the most known desktop search tools out there are X1 Yahoo! Desktop Search, http://www.microsoft.com/windows/desktopsearch/hp1.mspx Windows Desktop Search], Google Desktop, Ask Jeeves Desktop Search, Copernic Desktop Search, etc.
The Good of Desktop Search
Desktop Search tools can index emails, email attachments, files, messenger contacts, notes, web searches, etc. and uses these indexes to find these targets, based on specified keywords in a few seconds. In some cases, such as with Google Desktop and Yahoo Desktop Search, these applications are mereged with their corresponding search engines by letting the user search their computer and the web, at the same time, from the search engines web site. In other cases, such as Copernic's case, the tool is a stand alone application, which allows for better security. Copernic is an application that is specially good for audio, and image files, as it searches comments and other factors that allow the application to scan their content. In some other cases, the desktop search tool, like the Google tool, caches search results, which allows the user to look at older versions these.
Security Issues with Desktop Search
One of the main concerns with desktop searches has to do with the retrieval of web history. The Google Desktop client was specially drawing attention, because it could index secure cached websites. This gave unrestricted access to anyone who would perform a search, and though this feature could be disabled, it is a very critical issue to keep in mind. The problem lies in the fact that these are features rather than bugs. It would make sense to have this functionality in a secure personal computer. However, the perspective changes when we have this type of functionality in public or enterprise computers, as confidential information could be easily disclosed. It is essential for companies to research these types of vulnerabilities before using this type of software. There is another issue, which is concerned with indexing in a network or on remote computers. In this case, cached files are stored in a central server, which may make such information vulnerable for others to see, specially the government.
Articles
Introduction
- Desktop Search Engines Consumer Search
- Google Desktop Search Launched Danny Sullivan SearchEngineWatch.com
Advantages
- Windows Desktop Search: Best in Class Search Tool Windows Desktop Search
- Desktop Search Tools Tony Bradley About.com
Security
- Google updates desktop search tool James Niccolai InfoWorld
- Privacy Experts Advise Against Google Desktop 3 Nathan Weinberg Blog News Chanel
- Manage Google's Desktop Search Now or Lock It Out Gartner
- Desktop Search: The Ultimate Security Hole? Matthew Hicks eWeek.com
- Privacy Policy Privacy Matters Google Desktop
- A Closer Look At Privacy & Desktop Search Danny Sullivan SearchEngineWatch.com
Resources
Relevant External Links:
- Wikipedia - AOL Search Data Scandal
- New York Times - "A Face Is Exposed for AOL Searcher No. 4417749"