When Google Desktop Search (GDS) was first released, I couldn't wait to get it installed. The prospect of using Google's search-foo to search documents/files/emails/etc on my laptop was very exciting. GDS easily lived up to the hype, allowing me to search effortlessly through 5 years of email, hundreds of documents, IM logs, etc. Fast-forward to New Years eve 2005. At a gathering with a bunch of Meghan's family, the geeks in the crowd (5 or 6 of us) were lounging around the fire chewing the fat, when the topic of GDS came up. I mentioned that I used it and had really been enjoying its features. Before I knew it, several others in the conversation warned me harshly against using GDS. It's widely known that GDS does transmit some sort of information back to the Google mothership - of course Google says that they're not transmitting any personal information back, but do you believe them? I *want* to believe them and honestly, at this point in time, I do believe them. After a few weeks' worth of thought, I decided to heed the advice of my cousins-in-law and uninstall GDS. The risk of having personal data, passwords, work intellectual property, etc. indexed and transmitted back to Google was too high. Yes I know, Google has the mantre of "Do No Evil". I respect that. They also have stated many times that it's their intention to "Index the world's information".
So...that leads me to this post's title. Yesterday, the Electronic Frontier Foundation posted an advisory warning people against using GDS. This advisory was released after Google introduced a new feature of GDSv3 that they call "Search across computers". This allows you to have GDS installed on several computers and will enable you to, from any of the computers, search documents on any of the computers you have GDS running on. It's unclear exactly how Google accomplishes this, but they're surely storing your documents/emails/etc. on their servers, either in part or in whole. If that's not scary to you, it should be. The EFF brings up a good point that with your documents on Google's servers, not only are they in the hands of a third party, but they're available to law enforcement via a subpoena rather than a search warrant like they'd normally need to confiscate your documents from your residence.
I dunno - maybe this is just the conspiracy theorist in me coming out. I think not, though.
I've never been much of a privacy nut, but since removing GDS from my computer, I've been thinking about all the data I carry around with me. If my laptop were stolen and/or compromised in some other fashion, what information could the thief find out about me. It didn't take much thought before I realized that there's an awful lot of data there that I wouldn't want falling into the wrong hands.
So...since making that observation, I've been trying to take steps to reduce the exposure of my personal (and work) data to potential ill-meaning people. A few steps I've taken are:
- Uninstalled Google Desktop Search. Yes - it was painful to lose the functionality, but I soon found other ways to search that worked just fine.
- Starting to use KeePass to organize and store the dozens of username/password combinations I have. KeePass stores its password database in an encrypted database which is protected by a strong passphrase.
- Started using TrueCrypt to store all of my personal documents, sensitive work documents, etc. TrueCrypt allows you to create encrypted volumes on your disk which are, once again, protected by a strong passphrase. When unlocked with the correct passphrase, the encrypted volume shows up as another drive letter in windows - very slick.
I guess that's it for now - call me paranoid if you will :-) I guess the moral of the story here is when you're dealing with personal information (especially in conjunction with third parties on the intranet), be very wary.
...well that turned out to be quite long and rambling. Oh well - it *is* 1:30 AM and my bed's calling...