A while ago, I profiled how Google Updater basically refuses to leave your system.  One of the responses included a guy who worked on the Updater and he basically said that they are working on a way to allow users to opt out.  I appreciate this as I am a power user.

This time, I want to take aim at another one of the popular apps:  Google Desktop.  I actually use the product every single day and love its simplicity.  Despite its many flaws, and there are many, Google Desktop stands out from its competitors. 

What is the actual problem?

However, I am concerned about what amounts to, in my opinion, a flat out privacy violation.  As you search, Google Desktop actually sends your keystrokes to its servers

Exhibit A

There is only one tool required for this:  Fiddler.  I bring up Google Desktop and type in “Privacy Violation”.

privacy_violation

As I type this, Google Desktop fires off the following requests to http://suggestqueries.google.com/complete/search with the following query strings:

?q=p&output=desktop&hl=en&client=gd
?q=priv&output=desktop&hl=en&client=gd
?q=priva&output=desktop&hl=en&client=gd
?q=privac&output=desktop&hl=en&client=gd
?q=privacy&output=desktop&hl=en&client=gd
?q=privacy+vi&output=desktop&hl=en&client=gd
?q=privacy+vio&output=desktop&hl=en&client=gd
?q=privacy+viola&output=desktop&hl=en&client=gd
?q=privacy+violation&output=desktop&hl=en&client=gd


The response to all these queries is basically nominal, so in other words, the query is simply there to be recorded – it serves no purpose to me, the user:

<?xml version="1.0"?>
<toplevel/>

fiddler

The frequency of the server queries seems to work on a timer.  If I type “Privacy Violation” really quick, it only manages to send 3 queries to the server. 

So What?

Let’s define what Google Desktop is intended for: To Search the Desktop and that is ALL.    I’ve turned off everything in the product I can think of to not have it spy on me.  All I want it to do is to search my desktop.  If I need to search the web, I’ll google it, thanks.  Furthermore, there is absolutely nothing on the google servers that will help with searching my desktop (as the response from the data transmission clearly shows).  Ok?  Good?  Great, now we have established that there is absolutely NO reason to send my keystrokes to the server other than to spy on me.

I am not saying that Google is going to use this information for something untoward, and so far they’ve haven’t been evil (except for that China capitulation thing), however, absolute power corrupts absolutely and sooner or later something will happen (like a data leak). 

The bigger issue is this compulsive need to collect every freaking piece of available data.  Just say NO.  My keystrokes are on a need to have basis and Google does not need to have it.  Or at least give us a way to opt out, or better yet to opt in.