Interesting People mailing list archives
more on article on the dangers of Google
From: David Farber <dave () farber net>
Date: Sat, 20 May 2006 12:02:30 -0400
Begin forwarded message: From: Lauren Weinstein <lauren () vortex com> Date: May 20, 2006 11:52:32 AM EDT To: dave () farber net Cc: lauren () vortex com Subject: Reply to: [IP] article on the dangers of Google Dave, While nothing really significant in that article is technically incorrect, I think it largely misses the point. I indeed am in the "Google is the big kahuna so what they do often matters most" camp, but most of the risks cited in that article really fall into the "if your security sucks what do you expect?" category. What's more, the article basically ignores an entire class of risks associated with an operation like the Internet Archive's "Wayback Machine," which keeps retrospective copies of old Web pages frequently going back for years, with a range of potentially serious liabilities, despite their adherence to robots.txt conventions for future scanning and public access control. Concerns over Google Desktop are real enough, which fundamentally relate to the inherent issues of a "shared" data topology -- that is, applications that may introduce technical, legal, or other vulnerabilities by virtue of their processing and/or holding otherwise local user data on central servers in arguably insufficiently secure forms. However, this is not an issue only with Google. Many of the big players are moving toward this sort of topology, especially as a prelude to various Web-based subscription models. We're going to see the same sorts of risks popping up again and again at least until we forge the technical means and will to perform such distributed tasks more safely (which I strongly believe is doable). For years now we've seen everybody and his brother throwing everything including the kitchen sink up on the Web and then expressing horror that this or that file, data, or old message can be indexed and then potentially misused or abused in some way. Government agencies and municipalities have perhaps been even more guilty of this than commercial firms in many cases. Often the desire to quickly monetize archives of data has driven the related carelessness in many cases. There are crucial ways in which Google (and other services) could and should improve their security and privacy models, as readers of IP know I've long promoted. But blaming Google or the others for their ability to access materials that we've voluntarily made available on the Web makes no real sense, and at best serves as a diversionary tactic in many quarters. The old "Pogo" line, "We have met the enemy and he is us" still remains worth remembering. --Lauren-- Lauren Weinstein lauren () vortex com or lauren () pfir org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, IOIC - International Open Internet Coalition - http://www.ioic.net Moderator, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com DayThink: http://daythink.vortex.com - - - -
This article goes into detail explaining how dangerous Google can be. At the very least please read the sections on Google Hacking and Google Desktop. http://csoonline.com/read/050106/google_security.html ------------------------------------- You are subscribed as lauren () pfir org To manage your subscription, go to http://v2.listbox.com/member/?listname=ipArchives at: http://www.interesting-people.org/archives/interesting- people/
------------------------------------- You are subscribed as lists-ip () insecure org To manage your subscription, go to http://v2.listbox.com/member/?listname=ip Archives at: http://www.interesting-people.org/archives/interesting-people/
Current thread:
- more on article on the dangers of Google David Farber (May 20)