Google Notebooks and Security - a wake up call
This is a public safety warning.
Google indexes public notebooks. Their robots.txt shows Google doesn’t disallow this. They only prevent the search results from being indexed, as you can see on the following image, or by looking directly at robots.txt
As some recent small research from Arjan Snaterse has pointed out, these notebooks can be used to influence ranking. As we look into the results in google of indexed notebooks, we can already see big amounts of spam appearing.
Now I’m wondering what Google’s goal is to be indexing these notebooks. To me some people’s personal notes don’t add up to my user experience, especially when they are cluttering up the results with big fat cans of spam. While you might not see these ranking on first page in Google.com. They do appear in Microsoft’s Live Search.
Now why is this article called “Google Notebooks and security“?
Not only do these Notebooks have contain Spam. These notebooks also contain people’s private account information. Usernames, Passwords, Grocery lists, everything is stored in these notebooks and it is being made easy by Google themselves by providing plugins to easily add content to your notebook from within Firefox.
Ofcourse we can argue if its the notebook user their own fault, storing their private information inside these notebooks. But Google needs to make it more clear to users that whenever they Share their notebook with anyone, their information get’s public. Same goes for your Google Reader shared items by the way. By using some creative Google queries you will be able to gain access to merchant accounts, people’s private email. etc.
My opinion? Google, take some action and prevent this from happening, take responsibility in this! Make it more clear to users that their information is Public and prevent fraud from happening.
Thijs Bosschert, an expert on security and IT forensics, argues:
“People don’t seem to know that ’sharing’ your notebook means that you make the data in it public. This means that before you know it someone will find your grocery list with a Google query. Or worse, your account information you had put there to remember it.”
Legal Disclaimer: any action/activity that gets carried out or envolves from the posting listed above, is not my responsibility. The information provided is of informative purpose only.
Related posts
Comments
4 Responses to “Google Notebooks and Security - a wake up call”
Leave a Reply
[...] it! Google Notebooks and Security - a wake up call Share and [...]
Wow! Thanks Martijn for the valuable information. I was about to discover this new tool from Google, but I think I have alot more to read about and more to expect from Google from now on.
I don’t know if it is Google fault for people not knowing what sharing means.
Anyway I will use notebook just for SEO purposes.
[...] Please note that you should not insert sensitive information into these notes. Many people include password information and check the note to be publicly available. A search within Google Notebook using the keyword “password” brings all kind of sensitive information to the top. Martijn Beijk already wrote a topic on this security risk. [...]