What we learn from the Google.Documents leak incident

2024 Author: Malcolm Clapton | [email protected]. Last modified: 2023-12-17 03:44

Several universal rules that will save you from losing your personal information on the Internet.

What happened?

On the evening of July 4, the public was agitated by the news that the search engine "Yandex" can be found "Google. Documents", which were clearly not intended for public viewing. Celebrity phone lists, advertising rates for top bloggers, editorial media plans, company financial documents, and even personal passwords.

Literally a few hours later, this feature was disabled. However, this time was enough to cause a lot of trouble. Someone leaked confidential information on the Web, while others lost real money.

What is the reason?

Thanks to the numerous publications of various publications, the incident acquired a scandalous connotation. Many people thought that there was a huge hole in the protection of "Google. Documents" through which any confidential information could be dragged. Others began to blame the search engine Yandex for all sins. In fact, neither the one nor the other side is to blame.

Search indexing on the Web is performed by special algorithms, they are also called search robots or spiders. They just follow links from one page to another and remember their contents.

If the host or service wants to prohibit the indexing of any content, then it places in the service directory of the site a special file listing the addresses of pages that the search spider should not enter. In this case, the documents were located on pages, access to which was not prohibited. So there can be no formal claims against Yandex.

Who is guilty?

It turns out that the Google. Documents service is to blame for not preventing search robots from accessing user documents? Not at all. All leaked files were published by the users themselves. It was they who opened them, providing everyone (including the search robot) with access via the link.

As you can see for yourself in the screenshot, the description explicitly states that everyone who has a link will have access to the document. The Yandex robot found the link and indexed the content. Absolutely standard situation, no sensation.

There have already been many such stories: remember the recent noise around Trello or the constant scandals with Facebook. Sometimes, as in this case, the users themselves are to blame, although there are also errors in the services that store our data. In any case, there is no doubt that such incidents will be repeated over and over again.

What to do?

It would be possible to publish detailed instructions that will help secure confidential data on the most popular services and social networks. Such a long sheet with a lot of screenshots: disable the function here, check the box in this pop-up window, and never poke your nose in here at all.

But that doesn't make any sense at all. Few people read such instructions to the end, even fewer immediately go to change and twist something. Any guide begins to become outdated immediately after publication, because new functions and settings appear that the author did not know anything about at the time of writing.

Nevertheless, there are several universal rules that will save you from losing your personal information on the web. They are suitable for absolutely all users and can be used on any platform. Here they are.

1. Remember: any information you upload to the Internet can be stolen. Including passwords in a text file, photos of mistresses and a plan to conquer the world. Take it for granted.
2. Each time ask yourself: "What will happen if enemies (friends, relatives, colleagues) see this?"If the question makes the hair on your head move, then in no way trust this information to cloud services. Better yet, just destroy it right away.
3. Read tooltips, help articles, and more options. Think. If you have not understood anything, then this is not a reason to click on "OK" or "Agree". Rather, the opposite is true.
4. Distinguish between business and personal communication. Create two email addresses and different social media and messenger accounts for each situation.
5. Activate all notifications that the service offers. So you can quickly find out about money debiting, file deletion, address change and other suspicious activity.
6. Use different passwords. They should be challenging and easy to remember. Better yet, use two-factor authentication whenever possible.

Print this memo and post it in a prominent place. Inform employees. And don't say that Lifehacker didn't warn you.