Spotlight might be really cool, but the first thing I ended up doing after starting up Tiger was put together a list of folders for Spotlight to avoid indexing (you can set this up via the Spotlight preference pane in System Preferences). I was a bit wigged out by the possibility of having my sister search for something on my computer and then having her find a personal or particular candid IM message in the search results. Unlikely? Yeah, but it only needs to happen once…
John Batelle highlights an article talking about the government’s concerns along these lines. For a particularly amusing example of this, try typing in the following search terms:
- Credit Card
- MasterCard
- Visa
- Social Security
See what documents come up… Then, think about how many (or few) search terms you would need to have on, say, 100,000 compromised computers to garner significant numbers of credit card numbers or social security numbers. A significant security compromise will appear for Macs soon enough and we’re going to have to deal with this question…
(as an aside, it always drives me nuts when companies “protect” your credit card number by omitting the last 4 digits instead of only showing the last 4. Now, someone just needs one hit from each type of receipt and they’ve got your number)
May 7th, 2005 at 10:21 AM
I normally leave my computer locked when I’m not using it. If someone else wants on, they can log on (or if they’re already logged on, switch to their screen). Surely Spotlight isn’t going to bypass normal file system security and let them search files in my account… if it does that’s a huge local security hole.