Learn why information leaks in online collaboration applications are important to you
Earlier, I promised that I would look into online collaboration tools. I started looking into Zoho, Google Docs & Spreadsheets, Thinkfree and others. I was a bit worried that these services created an opening for security violations.
What I found was downright scary. People use online collaboration tools to document the most damaging private and commercial information and leave this information in a public folder or URL for the entire world to see.
The tech industry speaks as though the security and privacy problems inherent in collaboration and Web 2.0 software were merely a theoretical problem. My intention here is to show that this problem is very real. I will also suggest a solution.
Here are some of the things I found (note: I blacked out personal data):
Samples of personal medical information leaks
I’m pretty sure that recipient of the following letter is not aware that the details of his orthopedic appointment have been published on the Internet.
Samples of personal employment information leaks
This Best Buy employee decided to go to school and resign from Best Buy. That’s not such a big deal, but if I was a master spear phisher, I could use the information to my advantage.
Samples of personal and corporate financial information leaks
The following claims form was filled in with every kind of personal financial information about Mr. S. Using this to perform identity theft is a piece of cake.
The mother of all leaks – Passwords galore
For all you techies who are thinking, “Heh heh, stupid users, putting all their private data on the Web,” here are some techie-generated documents. I actually logged into the accounts shown in the next documents.
How big is the problem of information leaks?
After we checked some 1,500 documents that had been created by online collaboration tools and published on the internet (without any access restrictions), two facts emerged:
- The probability that users will leak confidential information is inversely proportional to the ease with which users can share information in any given tool.
- Between 0.5 percent and 5 percent of all information published by online collaboration tools is confidential and, if it falls into the wrong hands, potentially harmful. (One of the services that I checked had about 25 “leaking” documents out of just over 500 public documents checked.)
Why information leaking could spell the end of online-collaboration tools
Corporations are terrified of information leaks. Information leaks such as the ones we’ve discussed make the company a target for litigation, pave the way to commercial espionage, and may help expose weaknesses in the company or its management.
Once this problem becomes known, corporations will act swiftly and decisively and block their users from accessing online-collaboration tools. Since corporations are the target market for online-collaboration vendors, getting blocked by corporations is very bad news.
How can information leaking be prevented?
The problem can be solved by not allowing users to publish “open to all” documents. Just don’t allow users to publish documents on the Internet on a publicly accessible URL. This is a painful act, since it decreases the productivity gain offered by online-collaboration tools, but it is necessary for those tools that wish to survive.
One more thing
All the tools I checked were amazing–easy to use, fast and skillfully designed. In fact, the high quality of these tools attracted all these users and led to the information leaks.