Google docs soon to be publicly searchable

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
Post Reply
dougj-p40
New Member
Posts: 7
Joined: Wed Jan 24, 2007 7:55 pm

Google docs soon to be publicly searchable

#1

Post by dougj-p40 »

EDIT (Alan_Brown): This was originally also posted in the thread Google Docs now blocked?, but since duplicate posts are not allowed, I deleted that post. This thread is more appropriate.

I've always been a bit leery of 'cloud' computing. This new anouncement by google validates that concern. As a stake technology specialist, I'd be amiss to recommend using google docs - even if the stake presidency and bishoprics gave assurance they never publish documents. Who knows what could happen with documents stored in a 'cloud' at some point in the future.

Source: http://news.cnet.com/8301-17939_109-...orsPicksArea.0


Users of Google Docs and Spreadsheets accustomed to publicly publishing their documents might want to rethink exactly how publicly available they want to them to be.

Google on Thursday wrote in a blog post that "in about two weeks, we will be launching a change for published docs. The change will allow published docs that are linked to from a public Web site to be crawled and indexed, which means they can appear in search results you see on Google.com and other search engines...This is a very exciting change, as your published docs linked to from public Web sites will reach a much wider audience of people."

"Marie" of Google was quick to note that the crawling for search results "only applies to docs which you explicitly publish using the 'Publish as Web page' or 'Publish/embed' option, and which are linked to from a publicly crawled Web page" (documents for which users choose only to "allow anyone with the link to view" will not get crawled, she wrote, adding that users can unpublish documents they wish to remain uncrawled).

Some users of the search giant's suite of online productivity applications expressed concerns about the plan, suggesting better labeling of potentially crawlable documents, spreadsheets, and presentations. For example, how would you know definitively if a publicly crawled Web page has linked to your published document? Is the only way to ensure that your published document does not ultimately show up in search results to actually unpublish it?

As noted by The Register, "Google Apps master view does not tell you which docs are publicly published and which aren't." While it may well be obvious to most users how publicly available their Google documents are--and many of those published documents may well be intended to be as publicly available as possible--this seems to be another area where Google needs to find the right balance between transparency and data accessibility.
RossEvans
Senior Member
Posts: 1345
Joined: Wed Jun 11, 2008 9:52 pm
Location: Austin TX
Contact:

#2

Post by RossEvans »

dougj wrote:I've always been a bit leery of 'cloud' computing. This new anouncement by google validates that concern. As a stake technology specialist, I'd be amiss to recommend using google docs - even if the stake presidency and bishoprics gave assurance they never publish documents. Who knows what could happen with documents stored in a 'cloud' at some point in the future.

As far as I know, our bishopric's use of Google Docs is limited to sharing by explicit login. So this change does not affect that practice at all. It only affects publication via links in a public web site.

I don't think a hypothetical -- "who knows what could happen .. at some point in the future?" -- is a very compelling argument against such a practice. I know the bishopric considered the security and policy issues carefully when they adopted it.
dougj-p40
New Member
Posts: 7
Joined: Wed Jan 24, 2007 7:55 pm

#3

Post by dougj-p40 »

On the contrary, it is a very legitimate concern. When you place something in a cloud, or have it hosted at a 3rd party site such as this, you relinquish control over it and its content. You cannot control the physical or logical security of the system, you cannot control future policy regarding privacy of your content. You are totally dependent on the 3rd party's good-will and competency to keep your information secure and confidential. That could go out the window any moment.
russellhltn
Community Administrator
Posts: 34417
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#4

Post by russellhltn »

boomerbubba wrote:It only affects publication via links in a public web site.
Who is to say that someone with access won't put the link somewhere (maybe as a set of personal shortcuts) and it ends up as meeting the criteria for searching?
Have you searched the Help Center? Try doing a Google search and adding "site:churchofjesuschrist.org/help" to the search criteria.

So we can better help you, please edit your Profile to include your general location.
RossEvans
Senior Member
Posts: 1345
Joined: Wed Jun 11, 2008 9:52 pm
Location: Austin TX
Contact:

#5

Post by RossEvans »

RussellHltn wrote:Who is to say that someone with access won't put the link somewhere (maybe as a set of personal shortcuts) and it ends up as meeting the criteria for searching?

The bishop.

There are two steps required to publish a link:
  1. An authorized user must log into Google Docs and create the public link.
  2. Someone possessing that link must include it in a public web site.
The bishop merely has to instruct the bishopric: "Don't do that." He probably does not have to give such micromanaged instructions, any more than he has to give explicit directions to the bishopric not to publish the contents of their private email on the public Internet, in a blog or whatever. But just in case, if he has technically challenged persons within that inner circle, I suppose a warning might be in order.
RossEvans
Senior Member
Posts: 1345
Joined: Wed Jun 11, 2008 9:52 pm
Location: Austin TX
Contact:

#6

Post by RossEvans »

dougj wrote:On the contrary, it is a very legitimate concern. When you place something in a cloud, or have it hosted at a 3rd party site such as this, you relinquish control over it and its content. You cannot control the physical or logical security of the system, you cannot control future policy regarding privacy of your content. You are totally dependent on the 3rd party's good-will and competency to keep your information secure and confidential. That could go out the window any moment.

Gosh. I guess I should cancel all my email and ISP accounts forthwith!
atticusewig
Member
Posts: 308
Joined: Fri Jan 19, 2007 9:48 am

URL Fuzzing

#7

Post by atticusewig »

Hopefully Google will have measures in place to
prevent URL Fuzzing. If not, there might be a
way for someone to generate a public site linking
to a large number of documents. Kinda like trying
all the combinations to a combination lock until
it opens. Private Docs "should" still be safe, but
sometimes you'd be suprised how lax the access
controls are. Unlike password authentication, I
have a feeling that these indexing spiders will
probably get an unlimited number of tries to
access the "published" google docs.

Still, risk could be minimized by removing documents immediately
after they are no longer needed.

Or you can ask Tom if LDSTech is interested in setting up a
LDSTech Docs service for its members. Not only would it
prevent future public disclosure, the church could do some
datamining on the docs to determine what Bishoprics spend
most of their time on, and shape policies and software solutions
to reduce some of the burden.

- Atticus
RossEvans
Senior Member
Posts: 1345
Joined: Wed Jun 11, 2008 9:52 pm
Location: Austin TX
Contact:

#8

Post by RossEvans »

atticusewig wrote:Hopefully Google will have measures in place to
prevent URL Fuzzing. If not, there might be a
way for someone to generate a public site linking
to a large number of documents. Kinda like trying
all the combinations to a combination lock until
it opens.

Your hope is fulfilled. There are such measures.

According to how Google has set this up, the brute-force method you suggest still could not retrieve a Google Docs item unless the authorized owner had expressly enabled a link to retrieve each Doc. He not only would have to generate the link, but also expressly grant permission by checking "Allow anyone with the link to view (no sign-in required)." The default setting is to disallow such access.

Note that this differs from the more open method applied to Google's My Maps area. There, every user-created map has an obscure URL that will retrieve it. The strongest privacy that can be set is making a map "unlisted." So theoretically a lucky guess of a very long "unlisted" URL could retrieve it.

It's really pretty simple: If you don't want to publish your Doc, don't publish it. If you do, you have that option.
Post Reply

Return to “Meetinghouse Internet”