Google Desktop Search review and top tipsWednesday, November 03, 2004
[Edit: Privacy section updated as Google have since put up an explanation (not entirely complete) of why GDS keeps trying to contact their servers.]
I've been using Google Desktop Search Beta for about 2 weeks now, and I find the ability to search the contents of my hard drive at lightning Google speed, rather than Word or Windows Explorer crawl, invaluable. You can even search your hard drive while searching the Net on Google. GDS works by indexing the contents of your hard drive, which can take several hours the first time, and then it's supposed to update the index continuously while you work, after that. GDS then searches this index, via your browser.
It doesn't index everything - just the main types of things most people would need to search, like text files and common Microsoft documents (Word, Excel, Powerpoint, Outlook and Outlook Express emails - but not files attached to emails). Not Acrobat PDFs yet, sadly (but you can vote for it on their Contact pages and hopefully if enough people ask for it, Google will add it). It even searches your history of Web pages viewed using Internet Explorer, and AIM chats.
Here are my main thoughts so far, plus some GDS top tips.
Outlook/Outlook Express has to be closed before it installs.
Tip: open Outlook/OE again immediately after the installation, before it starts indexing your files - or it won't index your email.Security Issues
There's already been publicity about possible security issues with GDS. It searches your cache of Web pages visited - including any pages on secure sites (https), complete with username and password information etc. Which means that anyone using the same computer could find confidential info with GDS. This includes public computers e.g. in Internet cafes.There have already been reports about people being able to use GDS to read the private emails and password details of others who have previously used the same computer.
Fortunately there is an option to disable indexing of secure pages. Personally, I feel searching of secure pages should be turned off by default given the security risk and how unlikely it is that you would need to search secure pages anyway (except maybe secure email - but then I'd rather my Webmail was private than searchable).
Tip: right after installing GDS, go to Preferences (rightclick the system tray GDS icon) and untick the "Include secure pages (HTTPS) in web history" box if you want to improve security.
Tip: if you use a public computer, check to see if GDS is installed on it. If it is, uninstall it or change the Preferences to disable searching of https pages before using it to view secure email or login to secure sites (non-https Webmail will still be searchable unless you disable searching of that particular site first too, see below).Privacy Issues - Google
With all the fuss made about the privacy implications of Google's free Gmail and software searching the contents of your email to serve up relevant ads, it won't be surprising if there is focus on what GDS means for privacy.
Personally I have turned off the option in Preferences to "Send non-personal usage data and crash reports to Google". I'd like to help test the product, but by giving feedback on what I choose, when I choose; I've never been happy with "non-" information being sent to a company, as I don't know how non-identifying it really is.
But beyond that, I've noticed one odd thing about GDS. It's supposed to search your hard drive, and according to the GDS FAQ the index is kept only on your hard drive, not on Google's servers. Now I've turned off "Send non-personal usage data and crash reports to Google", so GDS shouldn't need to communicate with Google to send them anything.
Yet whenever I turn on my computer, even when I've not yet done anything on it, my firewall says that the GDS program (to be precise GoogleDesktopIndex.exe, rather than GoogleDesktop.exe) is trying to access the Net on port 80. More specifically, it tries to communicate with different addresses on different occasions but they're always Google-related. I let GDS through once just to see if it would open up some helpful Google page in my browser - but it didn't, it did nothing that I could see.
Google did acknowledge (e.g. in a FAQ about Zonealarm) that GDS will try to access the Net and advised that the firewall should be configured to let it, in order to stop firewall alerts recurring in future. But what I wondered about was, exactly why should GDS be trying to contact Google?
[Edit: for new Google FAQ answer] At first, I suspected Google were perhaps testing the potential for adding ads. Now Google have added an explanation to their Help pages: it seems GDS regularly "phones home" for updates. What still worries me is that their Help says my firewall alerts should show this as "autoupdate.exe", and now I know to let that through when I see it try to go out to Google, but why should GoogleDesktopIndex.exe be trying to contact Google? I'm still puzzled as to what's up...
On the whole, I've decided I can live with software reading my Gmail for the sake of 1GB storage and Google-reliable searching of my email, but somehow I feel a lot less comfortable about software reading my personal files not to mention my Web history too, especially when it's contacting Google. However I'd be quite happy however to pay for Google searching of my hard drive if it was fairly priced and designed to be secure and private. Sure, I may be wrong about future ads - but I'll certainly watch with interest how things develop.
Privacy Issues - Other People
If other people search your computer using GDS they could find your private documents. However you can tell GDS not to index certain files or folders on your hard drive, or certain websites (e.g. some Webmail sites where you want to keep your email private- remember, it searches all Web pages you've visited using Internet Explorer unless you tell it otherwise).
Tip: immediately after installing GDS, in the Preferences "Don't Search These Items" section consider entering the paths of the folders, files and Websites you don't want GDS to search, e.g. with a shared computer. You can also untick boxes to tell GDS not to index not only https pages but also the different types of content it searches, e.g. AOL IM chats.One immediate area of uncertainty is how soon GDS updates its index after you've excluded certain file types, folders, files or URLs in the Preferences. What if you've forgotten to do this soon after installation? For how long could you be exposed to others possibly viewing your secure Web pages? That's not clear from the GDS FAQs. If it automatically eliminates those file types or URLs etc from the results of any Desktop search carried out after that, even a split second after you've changed your Preferences, that would be ideal, particularly given the security concerns - but it would be reassuring if the FAQs said so. If it doesn't do that, then personally I'd like to have the option to force GDS to re-index whenever I choose, e.g. immediately after I tell it not to index something. I'd certainly feel more secure if I could do that.
I've also unticked "Show Desktop Search results on Google Web Search result pages" in the Preferences. Again, I don't want anyone doing a standard Google search on my computer to find my personal files inadvertently. Of course, this ought to be supplemented by excluding certain folders or sites, as already mentioned.
Overall I'm very happy with GDS, despite the security and privacy issues. It seems the key point is to ensure that it is set up carefully as soon as possible. My main remaining concern is why GoogleDesktopIndex.exe keeps trying to communicate with Google. But no doubt one day all will become clear...