more on article on the dangers of Google

[David Farber <dave () farber net>]

Begin forwarded message:

From: Lauren Weinstein <lauren () vortex com>
Date: May 20, 2006 11:52:32 AM EDT
To: dave () farber net
Cc: lauren () vortex com
Subject: Reply to: [IP] article on the dangers of Google


Dave,

While nothing really significant in that article is technically
incorrect, I think it largely misses the point.  I indeed am in the
"Google is the big kahuna so what they do often matters most" camp,
but most of the risks cited in that article really fall into the
"if your security sucks what do you expect?" category.

What's more, the article basically ignores an entire class of risks
associated with an operation like the Internet Archive's "Wayback
Machine," which keeps retrospective copies of old Web pages
frequently going back for years, with a range of potentially serious
liabilities, despite their adherence to robots.txt conventions for
future scanning and public access control.

Concerns over Google Desktop are real enough, which fundamentally
relate to the inherent issues of a "shared" data topology -- that
is, applications that may introduce technical, legal, or other
vulnerabilities by virtue of their processing and/or holding
otherwise local user data on central servers in arguably
insufficiently secure forms.

However, this is not an issue only with Google.  Many of the big
players are moving toward this sort of topology, especially as a
prelude to various Web-based subscription models.  We're going to
see the same sorts of risks popping up again and again at least
until we forge the technical means and will to perform such
distributed tasks more safely (which I strongly believe is doable).

For years now we've seen everybody and his brother throwing
everything including the kitchen sink up on the Web and then
expressing horror that this or that file, data, or old message can
be indexed and then potentially misused or abused in some way.
Government agencies and municipalities have perhaps been even more
guilty of this than commercial firms in many cases.  Often the desire
to quickly monetize archives of data has driven the related
carelessness in many cases.

There are crucial ways in which Google (and other services) could
and should improve their security and privacy models, as readers of
IP know I've long promoted.  But blaming Google or the others for
their ability to access materials that we've voluntarily made
available on the Web makes no real sense, and at best serves as a
diversionary tactic in many quarters.

The old "Pogo" line, "We have met the enemy and he is us" still
remains worth remembering.

--Lauren--
Lauren Weinstein
lauren () vortex com or lauren () pfir org
Tel: +1 (818) 225-2800
http://www.pfir.org/lauren
Co-Founder, PFIR
   - People For Internet Responsibility - http://www.pfir.org
Co-Founder, IOIC
   - International Open Internet Coalition - http://www.ioic.net
Moderator, PRIVACY Forum - http://www.vortex.com
Member, ACM Committee on Computers and Public Policy
Lauren's Blog: http://lauren.vortex.com
DayThink: http://daythink.vortex.com


 - - - -

> This article goes into detail explaining how dangerous Google can be.
> At the
> very least please read the sections on Google Hacking and Google
> Desktop.
>
> http://csoonline.com/read/050106/google_security.html
>
> -------------------------------------
> You are subscribed as lauren () pfir org
> To manage your subscription, go to
>   http://v2.listbox.com/member/?listname=ip
>
> Archives at: http://www.interesting-people.org/archives/interesting- 
> people/


-------------------------------------
You are subscribed as lists-ip () insecure org
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/