“Google hacking” gets a new connotation
I tried to install Google’s new desktop search tool, but the installer didn’t work. It said I didn’t have enough hard drive space to install it, despite the fact that I had more than enough hard drive space to install it. After submitting the bug report, I got a response a week or so later that essentially said too bad.
Their tool captures everything you do on your computer, including emails sent and received, browser history, and all textual information on your hard drive (except WordPerfect documents apparently). It can take that information and let you run searches on your PC just like searching on Google’s web site, then combine those results with a search of the Internet, reporting your query to Google as well.
Google is going to be deluged with individual search habit information to a degree that they’ve never seen before. They (probably) know how people search the Internet, but now they know how people search their own computers. And the resulting information and popularity of the tool will put Google years ahead of any of their closest search engine competitors.
I don’t want a search engine on my computer, regardless if Google gets my search information or not, so I guess I’m happy that the tool didn’t work. But faster than you can say “script kiddie,” there are hacks for providing remote access to your computer’s Google desktop searches. One of these sites that described the trick warned that you shouldn’t use it for malicious purposes. Like that’s going to keep the hackers from using this.
Let me explain my fear. Google releases a tool that lets you search (almost) every document on your computer including, say, your Excel spreadsheet that contain password lists, your cached browser page that has your social security number on it, or the email that you got with your username and password for a shopping website. Just Google your machine for “password” or “username” or “SSN” or “credit card number” or “billing address” and see what comes up.
And now there’s an exploit that lets other people remotely query your machine using Google’s tool. People worry about what if they get a virus that turns their computer into a spam spewing zombie. Now you can worry that you’ll get a virus which will allow someone to search away on your PC for any information about you. I can’t wait until the first viruses that install Google’s new tool after infecting your machine. Just think of the rise in identity theft, stolen credit card numbers, cases of blackmail, and so on scaling in proportion to the rise of desktop search tools.
(Note: I’m calling this an exploit even if Google doesn’t (actually, I don’t know what they call it). If this was Microsoft, that’s what it would be called. As I see it, Google’s good name is the only thing keeping this off the radar.)
I think this could be the first of a series of similar tools that threatens privacy, security, and more. Well, maybe it’s not the first either. Gmail and other web-based email tools have a great exploit too — using search engines to answer the “security question” like “What’s your mother’s maiden name?” or “What’s your dog’s name?” when some of that information is easily searchable on the net. I know I’m not the first person to suggest that exploit, but what you should realize is that while the migration of search to the desktop gives you better access to your information, it also gives others better access to your information, your search habits, and, if used for bad purposes, your private information. Compared to Google’s desktop tool, RFID is just a UPC code.
Google scares me. Not because they’re evil, but because they’re throwing tools onto the ‘net without any regard for, well, without regard for anything as far as I can tell. The word “irresponsible” comes to mind. They’re like kids playing chemistry with the chemicals under the kitchen sink. Maybe there’s value in using the Internet as a research or marketing setting on a mass scale. But “beta testing” with anybody who wants to play with their tools means we can find the bad parts of their technology before they can fix them.
Now everyone is speculating on where Google is going next. Rumors include a Google branded browser or instant messenger. Google doesn’t want a browser. There’s enough competition in that market without Google; their toolbar is as involved as they want to get with the browsers. What Google does want is to be your portal to all the information on the Internet, your computer, and everything. They have two extraordinarily valuable assets besides their name – search technology and storage capacity. These assets stick out in all of their tools — the search engine, Orkut, Gmail, Froogle, image searching, etc.
If they are creating a “browser,” it’s not in any traditional sense of the word. I hate fortune telling, but I have a vision of something with IM and chat (based on Jabber that remembers and makes searchable all your conversations), community and social networking services (Orkut but using community information tied to their search engine info), email (Gmail), location based services (my sleeper prediction for their next avenue, eventually tied into community and general searches), and brute force searching power (including the not mentioned yet desktop and Internet searches) all built into a single (web?) application like Gmail. IBM had a prototype of parts of this in their Remail tool. Unlike IBM, if there’s anyone who can pull this off, it’s Google. And if Google can’t pull that off all at once, just watch the next few applications they release and you’ll see where they’re headed. Yahoo will be kicking themselves in the pants if (more accurately, when) Google gets to it first.
But if Google seems intent on throwing a new application to the world without some due diligence on their part, they’re only deluding themselves. And so I want to repeat my earlier comment. Google, the Internet is not your beta testing environment. You deserved more flak than you got after you released Gmail for the privacy concerns in that software, and I can only hope that your future technologies are put under even more scrutiny. Your glory days will not last forever, so you had better start thinking of new markets to wind your way into not based on your search or storage technologies. And Google, start thinking about social responsibility before you unleash these beasts into the wild.
Finally, when you get around to it, could you please fix that bug in the desktop tool installer? I’ve got some friends that I want to send it to so I can keep an eye on them…