Linked by Eugenia Loli on Fri 23rd Dec 2005 03:29 UTC
Windows Windows Vista will improve search functionality on a PC by letting users tag files with metadata, but those tags could cause unwanted and embarrassing information disclosure, Gartner analysts warned.
Thread beginning with comment 77782
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE: Alternatives to ease of use?
by on Fri 23rd Dec 2005 19:09 UTC in reply to "Alternatively..."

Member since:

...you could not tag your files with potentialy embarassing keywords in the first place, saving you the trouble.

What's the point of having this wonderful end user tool if you don't use it? It would be like not using Outlook Express for your e-mail just because it could give you a virus, worm or trojan. No point in having advanced search features like this in Vista if you don't use them.

Of course there's no advantage in being able to use metadata that can come back to bite you if you don't strip it out before sending out your docs. It just makes this "ease of use feature" very hard to use safely. Again like OE...

Better yet, secure your network so files and their associated tags don't get out into the wild.

In case you missed some of the content of the article this isn't a hazard associated with network intrusions or break-ins. SCO got exposed because they failed to strip out the revision history in the documents sent to one of their litigation targets. This pointed out that they were originally going to sue Bank of America. No network access was involved in turning up this info embedded in the doc. The other examples are similarly not-network-related.

Reply Parent Score: 0

betson Member since:
2005-12-17

Hey, I'm not saying don't use tagging, I'm saying don't use potentially incriminating tags on your information. ;)

An aside:
Securing your network isn't always about securing the digital domain; administrators also have to diligently craft policies and ensure that employees understand that using portable storage devices might not be permissable on company hardware, for instance. Presumably these policies will eventually encompass the concept of metadata and what attributes are allowed and not allowed to be let free into the wild.

Reply Parent Score: 1

Member since:

...I'm saying don't use potentially incriminating tags on your information. ;)

Your suggestion, though too late to help SCO, the UN, the FBI, etc., should be part of the startup screen for any MS products that can burn you later. That way the user is educated or reminded before every use of any potentially hazardous feature. Additionally there's no problem with anyone having to be told to RTFM because the software isn't "usable" (as another poster so helpfully suggested). (^;

My point is that ease of use doesn't encourage the creation of non-incriminating tags or the use of an additional tool or feature to strip out any potentially embarrassing metadata.

I'm letting Adobe off the hook here because the data that was exposed as a result of using their product was brought to light by using an open source PDF reader that simply bypassed the intended result of the blackout formatting and let a user see the "blacked out" portion of the PDF. The non-Adobe program also ignores password security and exposes files to whoever has access to them. Of course if they haven't fixed those two issues it's certainly high time they did, doncha think?

... Presumably these policies will eventually encompass the concept of metadata and what attributes are allowed and not allowed to be let free into the wild.

Any estimate on when that might [presumably] start to take place after incidents like this having been in even non-technical news articles for so long?

Any estimate on when software will make it as easy to protect yourself from ease of use blunders such as those under discussion as it now makes it to hurt yourself or your company?

Any other presumptions I should be made aware of before responding to future posts? My startup screen didn't include the ones you mentioned. ...do;)<

Reply Parent Score: 0