> -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] Behalf Of Shawn K. > Hall > Sent: Tuesday, November 16, 2004 12:33 AM > To: [EMAIL PROTECTED] > Subject: RE: [DQSD-Users] Incorporate Google desktop search > into DQSD - WORKS! > > Hi Dennis,
Hello, Shawn: > > > Still have to do the one time indexing...baulking at > > > the tought of google having all my info stored....I > > > know you you posted similiar sentiments... > > > > The question is *where* the info is stored. The answer > > is *locally*. > > > > From http://desktop.google.com/privacyfaq.html#make_searchable > > Even with the information "stored locally" there is significant > pause for contemplation. I store my email and ftp settings locally > as well, but is the software that I use likely to be readily > exploitable in order to obtain my information? Further, since Google > has indexed this information already, will someone that wants access > to it only have to drop into my DQSD and type "ggd password" to see > where all the passwords are stored (and previews of each)? And how does this hypothetical person get *to* your DQSD in the first place? Either someone has physical access to your machine, or you've been compromised and remote access is possible. Neither of those concerns me. This machine is used by me and my SO. No one else has physical access to it. I am connected to a Linksys wireless router with a hardware firewall, and also run a software firewall (Sygate Personal Firewall), which was in place before I got the router, and left up because it does not conflict. The local wireless net is secured. Every test I've run indicates I am fully stealthed, and the only connections to the outside world are those I initiate. I run automatically updated A/V software, check regularly for spyware/malware, and visit the Windows Update site weekly to check for new critical security patches. Oh, yes -- I *don't* use IE as my browser. I use Mozilla, with both SeaMonkey (the suite) and Firefox (the stand-alone browser) installed. IE is used only to visit the MS Update site and occasional compatibility tests on web pages. Depending upon just *where* I am poking around on the Internet, I may also forward through an anonymous proxy. And this machine has multiple physical drives. For the most part, stuff I might be concerned about anyone seeing is on drives *other* than drive C:, and Google Desktop has not been told to index them. Am I 100% bulletproof? Who knows? Do I lose any sleep over it? I don't. > Worse even, how does the Google.com integration work? Is it 'before' > the content hits my browser, or after - via script, BHO or somesuch > locally? In each case, if the system has spyware of any sort then > the Google Desktop extends the capacity for exploitation since it > gives advanced access to priviledged content from valuable files > across my system. Again, not a concern here. I sweep for spyware regularly, using updated definitions. I use Ad Aware and Spybot Search and Destroy. The only things either finds are "tracking" cookies, which I consider a nuisance at worst. Since I *don't* use IE as my browser, these results are what I expect. > Google also has an interesting response to this FAQ: > > <<< >>> > 7. Does Google collect information about me? > > Google Desktop Search will not send any personally identifying > information, such as your name or address, to Google without your > explicit permission. So that we can continuously improve Google > Desktop Search, the application sends non-personal information about > things like the application's performance and reliability to Google. > You can choose to turn this feature off in your Desktop Preferences. > <<< >>> > > Does that information include the search terms, keywords, index data > and system profile information? Sure this is not 'personally > identifying' but it surely identifies my PC capabilities, system > contents and performs a very high-level of *system* profiling which > could be used for rather significant aggressive 'other' uses - and > the rest of the Google services have interesting lapses in their > privacy coverage and limitations. > http://google-watch.org/ Since I'm reasonably well armored, this doesn't concern me either. > Don't get me wrong - I've been using Google since '98. I've been > using Google Desktop since I wrote this search. But what do we > really know about what Google does with the information they have > access to? We know what they tell us. It comes down to "Do you trust Google?" My answer is, yes, I generally do. Everything I know about Google (including knowing people who work there) indicates they are an ethical company. What they have to sell is integrity, and they know it. > The search engine that has the term 'search engine' in > its pocket has an unlimited potential for exploitation. If you thnk > the number of people looking for holes in IE is bad because it has > the market-share it does - consider the number of people looking for > holes in Google! This month there were 3 vulnerabilities reported on > Full-Disclosure, one of which was a significant programming error > that exposed the way Google functioned. Uh - oops? The other two > were 'mere' cross-site scripting vulnerabilities. That's no big > deal, except it's Google. Even then it's not that big a deal to me, because my personal data is not stored on Google's servers. I *do* have a Gmail account, which I use increasingly. But as a matter of reflex, if it's *so* sensitive that I *really* don't want other people than me and the recipient to see it, I don't say it in email. I don't consider email secure technology, and never have. If I *do* find it necessary to send anything that sensitive via email, well, that's what PGP or equivalent is for. Even if my Gmail account were compromised, there is nothing there that would cause me serious problems were it to become public. > Anyway... the jury is still out as far as I'm concerned. As you wish. My personal opinion can be summed up by two statements: 1) The only perfectly secure computer is shut down and turned off in a locked room. Security is always a trade-off between safety and usability. I take reasonable precautions and double-check frequently to make sure new holes haven't opened. Beyond that, I don't worry. 2) The essense of paranoia is that it's a defese mechanism. What the paranoid is *really* afraid of is that they aren't important and no one *cares* about them. If you think someone is out to get you, you *matter*. You are important enough that somneone is willing to take the trouble to try to get you. Most of the privacy concerns I see people express on-line make me mumble "You *wish* you were that important to anyone..." Frankly, I'm *not* important. I *don't* matter, save to a small circle of family and friends. There's no particular reason for anyone to be after me in the first place. This suits me just fine. Yes, there are folks who would love to get to my machine to mine my credit card or bank account data, or use it as a compromised zombie for launching things like DDOS attacks. But they feel the same way about any other machine out there, and none of this is specific to me. And in any case, that sort of thing is why I run firewalls. Bottom line? I have no problem running Google Desktop, > Regards, > Shawn K. Hall ______ Dennis ------------------------------------------------------- This SF.Net email is sponsored by: InterSystems CACHE FREE OODBMS DOWNLOAD - A multidimensional database that combines robust object and relational technologies, making it a perfect match for Java, C++,COM, XML, ODBC and JDBC. www.intersystems.com/match8 _______________________________________________ To unsubscribe visit: https://lists.sourceforge.net/lists/listinfo/dqsd-users [EMAIL PROTECTED] http://sourceforge.net/mailarchive/forum.php?forum_id=8601
