TechCrunch.com reports on security problems with Google Docs that affect user privacy. This revelation comes soon after another Google Docs privacy problem, where some documents were shared without user knowledge. (For more on “cloud computing,” where user data is shared on remote servers accessible online, read an excellent recent report (pdf) from the World Privacy Forum, “Privacy in the Clouds: Risks to Privacy and Confidentiality from Cloud Computing.”) TechCrunch.com reports:
Security consultant Ade Barkah checked in with us to alert us to a couple of serious security issues associated to Google Docs, the web-based office software from the world’s most famous search engine company, giving a whole new meaning to its mission to make the world’s information universally accessible. On his blog on software, infrastructure and security, Barkah outlines no less than three issues that he discovered while investigating some potential security lapses.
Since he did the right thing by contacting Google about his findings (only to receive no response after five business days), we’re hoping that this article will help trigger the company’s engineering team to plug the holes asap. In case you missed it, earlier this month we uncovered some major privacy blunders going on with Google Docs, which the company later confirmed and fixed (we pinged them for this too).
So what’s up?
First, apparently when you embed an image in a protected document it gets uploaded to a Google server where people you’ve not given access to the file can still see and download it, even after you’ve deleted the document in question. I’ve uploaded an image to a protected file in my account for testing, and deleted the document right after. If you see the image embedded on top of this post, or click this link to find you can still get to the image, that means the above checks out. […]
The third issue Barkah […] claims that if you take away the permission for another person to access your documents, they could in some cases still be able to get to them later without your knowledge.