The watchdog group says the latest version of the Google Desktop search utility is a sitting target for malicious hackers and data snoops.
A high-profile privacy watchdog group has a terse warning for business and consumer users: Do not use the new version of Google Desktop.
The nonprofit Electronic Frontier Foundation said a new feature added to Google Desktop on Feb. 9 is a serious privacy and security risk because of the way a users data is stored on Googles servers.
The new "Share Across Computers
" feature stores Web browsing history, Microsoft Office documents, PDF and text files on Googles servers to allow a user to run remote searches from multiple computers, but, according to the EFF, this presents a lucrative target to malicious hackers.
"[We urge] consumers not to use this feature, because it will make their personal data more vulnerable to subpoenas from the government and possibly private litigants, while providing a convenient one-stop-shop for hackers whove obtained a users Google password," the EFF said in a statement.
Google says it has to store the data on its own servers to deal with situations when one of a users computers may be turned off or otherwise be offline when new or updated items are indexed on a different machine. "We store this data temporarily on Google Desktop servers and automatically delete older flies, and your data is never accessible by anyone doing a Google search," the Web search giant insists.
For more about Googles Share Across Computers feature, read Steve Bryants blog.
Google said users can use a "Clear my Files" button to manually remove all files from its servers or a "Dont Search These Items" preference to remove specific files and folders from the softwares index.
But, the EFF isnt impressed, especially coming on the heels of what it calls "serious consumer concern about government snooping into Googles search logs."
"It is shocking that Google expects its users to now trust it with the contents of their personal computers," said EFF staff attorney Kevin Bankston. "Unless you configure Google Desktop very carefully, and few people will, Google will have copies of your tax returns, love letters, business records, financial and medical files, and whatever other text-based documents the Desktop software can index," he added.
Is desktop search the ultimate security hole? Click here to read more.
In a strongly worded statement, Bankston warned that the government could demand access to personal files with only a subpoena rather than the search warrant it would need to seize the same things from a users home or business.
"Other litigantsyour spouse, your business partners or rivals, whoevercould also try to cut out the middleman (you) and subpoena Google for your files," he argued.
Security analysts have long warned enterprises against the use of desktop search software because of the serious risk of data theft and sensitive information exposure.
Google itself has struggled with security in the Google Desktop software
. In November 2004, the company rushed out a patch for a security vulnerability that put users at risk of man-in-the-middle data leak attacks.
Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.