Dave Winer cites this PC World article as a “legit security concern”. I don’t agree.
Essentially the concern is that GDS enables the indexing and search of webmail, without the required password authentication required for the actual webmail site.
Now I can see the problem here for families or departmental machines, but my response would be – don’t use GDS. Or tell it not to index the files your concerned about – uncheck the Web history button. Or use a non-supported browser. Or delete your cache before Google can index it. Or have it exclude your cache in Windows from indexing.
What GDS is doing here, IMO, is simply making people aware of the fact that what they type on machines is not secret and never was. That may come as a shock to some people, but I’d hardly blame Google for that. If you want things kept private, you need to protect them.
No, the security concern that’s got me more worried is the fact that thousands of people using this are going to be running their own web servers serving up personal content. I’m aware of the typical security doctrine that says the internal user is more of a threat that the external attacker, but nonetheless I’m more worried about the reverse at this point.
Update: A slightly more extensive – and thus authoritative – alternative take on the risks can be found here.
No Comments