Home > Windows > Watch Out with Metadata in Vista, Analysts Warn Watch Out with Metadata in Vista, Analysts Warn Eugenia Loli 2005-12-23 Windows 29 Comments Windows Vista will improve search functionality on a PC by letting users tag files with metadata, but those tags could cause unwanted and embarrassing information disclosure, Gartner analysts warned. About The Author Eugenia Loli Ex-programmer, ex-editor in chief at OSNews.com, now a visual artist/filmmaker. Follow me on Twitter @EugeniaLoli 29 Comments 2005-12-23 4:02 am never mind the field day that virus and malware writers will have 2005-12-23 4:37 am betson …you could not tag your files with potentialy embarassing keywords in the first place, saving you the trouble. Better yet, secure your network so files and their associated tags don’t get out into the wild. 2005-12-23 5:10 am mov_eax_eax better yet, don’t tag your data 2005-12-23 7:09 pm …you could not tag your files with potentialy embarassing keywords in the first place, saving you the trouble. What’s the point of having this wonderful end user tool if you don’t use it? It would be like not using Outlook Express for your e-mail just because it could give you a virus, worm or trojan. No point in having advanced search features like this in Vista if you don’t use them. Of course there’s no advantage in being able to use metadata that can come back to bite you if you don’t strip it out before sending out your docs. It just makes this “ease of use feature” very hard to use safely. Again like OE… Better yet, secure your network so files and their associated tags don’t get out into the wild. In case you missed some of the content of the article this isn’t a hazard associated with network intrusions or break-ins. SCO got exposed because they failed to strip out the revision history in the documents sent to one of their litigation targets. This pointed out that they were originally going to sue Bank of America. No network access was involved in turning up this info embedded in the doc. The other examples are similarly not-network-related. 2005-12-23 7:44 pm betson Hey, I’m not saying don’t use tagging, I’m saying don’t use potentially incriminating tags on your information. An aside: Securing your network isn’t always about securing the digital domain; administrators also have to diligently craft policies and ensure that employees understand that using portable storage devices might not be permissable on company hardware, for instance. Presumably these policies will eventually encompass the concept of metadata and what attributes are allowed and not allowed to be let free into the wild. 2005-12-23 9:42 pm …I’m saying don’t use potentially incriminating tags on your information. Your suggestion, though too late to help SCO, the UN, the FBI, etc., should be part of the startup screen for any MS products that can burn you later. That way the user is educated or reminded before every use of any potentially hazardous feature. Additionally there’s no problem with anyone having to be told to RTFM because the software isn’t “usable” (as another poster so helpfully suggested). (^; My point is that ease of use doesn’t encourage the creation of non-incriminating tags or the use of an additional tool or feature to strip out any potentially embarrassing metadata. I’m letting Adobe off the hook here because the data that was exposed as a result of using their product was brought to light by using an open source PDF reader that simply bypassed the intended result of the blackout formatting and let a user see the “blacked out” portion of the PDF. The non-Adobe program also ignores password security and exposes files to whoever has access to them. Of course if they haven’t fixed those two issues it’s certainly high time they did, doncha think? … Presumably these policies will eventually encompass the concept of metadata and what attributes are allowed and not allowed to be let free into the wild. Any estimate on when that might [presumably] start to take place after incidents like this having been in even non-technical news articles for so long? Any estimate on when software will make it as easy to protect yourself from ease of use blunders such as those under discussion as it now makes it to hurt yourself or your company? Any other presumptions I should be made aware of before responding to future posts? My startup screen didn’t include the ones you mentioned. …do;)< 2005-12-23 5:01 am oh noez! it’ll find all my porn just like picasa did! 2005-12-23 5:18 am sappyvcv Correct me if I’m wrong, but isn’t metadata stored by the file system and not in the file itself? So unless someone is on your computer on your account, what is the issue? 2005-12-23 6:02 am The only new metadata I’ve noticed since WinFS was pulled is the TransactionalNTFS (TxF) stuff. Actually it took up a noticeably large amount of space on my other drives and I noticed it when I was defragging. I think there really isn’t a security issue but it would be nice for MS or someone to release a tool that would let you strip out the extra metadata files. Hmmm. Maybe just converting back to NT4 or 2000’s version of NTFS. Is there a program that does that? 2005-12-23 8:58 am evert Some metadata is stored in the file itself, and other meta outside of the file. For example: Word .doc documents contain the meta-information in the main file. But setting a summary for a plain .txt file will create an additional NTFS data stream for the file. The new WinFS will work different, of course. I agree about the metadata that is stored in the WinFS database or in a NTFS stream – because that information is lost when emailing a file or copying to a FAT USB stick, it does not really matter. The embedded metadata in JPEG en Word files is another matter, but ALL operating systems, not just Vista, suffer from this feature which can be misused by stupid users 🙁 How WinFS changes all this? I guess that the UI in Vita will make it really easy to assing metadata to groups of files, and that Vista will not only store that metadata in the database, but apply it to the embedded metadata in Word files, too. 2005-12-23 5:18 am Luke McCarthy So what, you could embed the same data in the file anyway. Where it is stored is irrelevant. In fact the metadata is likely to be stripped when transferring files across regular protocols. 2005-12-24 5:24 am abraxas Considering Microsoft is the dominant operating system at the moment I wouldn’t be surprised if things like file sharing programs started supporting Microsoft’s metadata. Don’t forget that windows file sharing itself is very popular, especially at colleges, and I’m sure that Microsoft will support the transfer of metadata in their own file sharing protocol. 2005-12-24 2:09 pm sappyvcv Possible. But that would be the software’s own fault. 2005-12-23 5:22 am ma_d This is just another reason why users need to understand the software they’re using. Meta-data is a good thing… However, users need to be aware it’s there and that it’s treated as a part of the time and not some sort of magical thing they never worry about. Just like document history on their Word documents. Now, making tools like outlook ask you each time if you want the meta-data included might be one solution (obviously with an option to always do one option or the other and a way to change it once it’s attached). Also, other similar tools could do the same things. This is just one more evidence that the FOSS solution has been right the whole time: Educate the user. 2005-12-23 5:45 am Bending Unit This is just one more evidence that the FOSS solution has been right the whole time: Educate the user. That’s because they rather say RTFM instead of designing usable software. 2005-12-23 10:57 am You are aware that computers are infact tools, which require some sort of education before usage. I hear those virus writters make usable software, all it takes is a double click in Outlook Express. 2005-12-23 11:12 am raver31 hehehehe but the majority of the time they don’t even need the double click ! 2005-12-23 6:06 pm ma_d Single click actually . 2005-12-23 7:29 pm That’s because they rather say RTFM instead of designing usable software. The end user choice and ease of use stuff built into MS products is generally what is getting them in so much trouble, as this article points out. Are you suggesting that more of this needs to be coded into software that doesn’t already suffer from those problems? Maybe you should suggest this to any F/OSS coders you know and see if they will try it. Or are you espousing the Mac philosophy that any software that needs a manual is poorly written? Or ‘C’, none of the above? 2005-12-23 5:25 am zephc photo_at_dad’s_2000_ranch_snow_pets_christmas.png or nsa_classified_aliens_illuminati_molepeople.doc 2005-12-23 5:36 am jessta I’ve already seen this sort of issue in documents created with office 2003. Office has a feature that tracks changes to a document, which is turned on by default and most users don’t know how it works. So, when people send me documents I always have a look at the recorded changes. It’s quite funny the sort of things that one can find in this data. 2005-12-23 8:09 am agsedu December 23, 2005 Jessta, Thank you for the insight. Though I currently use MSO 10…or is that 2002/XP, I would like to find out more about how to better utilize the .doc format. The general OSnews readership would probably also appreciate knowing more about in MS Office feature set (e.g. the basics of using “a feature that tracks changes to a document”), including the one you previously described. Thank you and have a pleasant day and a Merry Christmas. ~agsedu 2005-12-23 8:35 am noocyte The policy should be to always use a “read-only” format, like PDF, when sending documents outside of the organization. Thus you avoid the whole meta-data issue.. 2005-12-23 9:20 am Drumhellar Problems of sensitve data can still exist with PDF, though. I don’t remember which US federal agency it was, (I’m thinking either FBI or CIA), but they released some documents in PDF that had redacted portions (i.e. black lines over names, still-sensitive parts, etc). While the text underneath couldn’t be seen using Acrobat Reader, the actual text still existed and was in the file. Of course, this problem seems more like an issue of specific programs storing metadata, versus Vista’s. NTFS already has some form of metadata, and it’s searchable with that wonderful MSN Desktop search. 2005-12-23 10:49 am “Problems of sensitve data can still exist with PDF, though. I don’t remember which US federal agency it was, (I’m thinking either FBI or CIA), but they released some documents in PDF that had redacted portions (i.e. black lines over names, still-sensitive parts, etc). While the text underneath couldn’t be seen using Acrobat Reader, the actual text still existed and was in the file.” At least one famous (in Italy) occurrence was wen the US Army released a report about Callipari and Sgrena incident in Iraq, some data that was censored (i.e. names of soldiers involved) on the .pdf but still present and easily recoverable. 2005-12-23 8:55 am …when transferring files across regular protocols. Window$ does not have regular protocols. 2005-12-23 4:07 pm TownDrunk Doesn’t MacOSX have fields where you can store metadata for Spotlight? Does the same issue apply to MacOSX? 2005-12-23 6:25 pm That’s because they rather say RTFM instead of designing usable software. Yeah right, 0x800CCC0E is a nice error to get [Outlook Express]. Very very usable. Also “they” are right in what they say; RTFM!! That’s where a manual is made for. And if you did read it and you still have senseful questions many FOSS coders are willing to help you. 😉 2005-12-24 1:42 am John Nilsson If a metadata such as a keyword “bad customer” is linked to a number of objects, why would that link be visible to a specifik object once it is transferd? In any case, a thought: In this internet age I don’t see why you would be sending copies around. Why not publish ALL data and controll access rights to instead. “Sending” data to a friend would consist of selecting wich parts of the data to give him access to and then provide him with a link to it. It would be like have local user accounts for the whole world on your machine.