Linked by Eugenia Loli on Fri 23rd Dec 2005 03:29 UTC
Windows Windows Vista will improve search functionality on a PC by letting users tag files with metadata, but those tags could cause unwanted and embarrassing information disclosure, Gartner analysts warned.
Thread beginning with comment 77512
To read all comments associated with this story, please click here.
Alternatively...
by betson on Fri 23rd Dec 2005 04:37 UTC
betson
Member since:
2005-12-17

...you could not tag your files with potentialy embarassing keywords in the first place, saving you the trouble.

Better yet, secure your network so files and their associated tags don't get out into the wild.

Reply Score: 0

RE: Alternatively...
by mov_eax_eax on Fri 23rd Dec 2005 05:10 in reply to "Alternatively..."
mov_eax_eax Member since:
2005-10-12

better yet, don't tag your data

Reply Parent Score: 2

RE: Alternatives to ease of use?
by on Fri 23rd Dec 2005 19:09 in reply to "Alternatively..."
Member since:

...you could not tag your files with potentialy embarassing keywords in the first place, saving you the trouble.

What's the point of having this wonderful end user tool if you don't use it? It would be like not using Outlook Express for your e-mail just because it could give you a virus, worm or trojan. No point in having advanced search features like this in Vista if you don't use them.

Of course there's no advantage in being able to use metadata that can come back to bite you if you don't strip it out before sending out your docs. It just makes this "ease of use feature" very hard to use safely. Again like OE...

Better yet, secure your network so files and their associated tags don't get out into the wild.

In case you missed some of the content of the article this isn't a hazard associated with network intrusions or break-ins. SCO got exposed because they failed to strip out the revision history in the documents sent to one of their litigation targets. This pointed out that they were originally going to sue Bank of America. No network access was involved in turning up this info embedded in the doc. The other examples are similarly not-network-related.

Reply Parent Score: 0

betson Member since:
2005-12-17

Hey, I'm not saying don't use tagging, I'm saying don't use potentially incriminating tags on your information. ;)

An aside:
Securing your network isn't always about securing the digital domain; administrators also have to diligently craft policies and ensure that employees understand that using portable storage devices might not be permissable on company hardware, for instance. Presumably these policies will eventually encompass the concept of metadata and what attributes are allowed and not allowed to be let free into the wild.

Reply Parent Score: 1