Metadata in Vista Could Be Too Helpful 276
linumax writes "Windows Vista will improve search functionality on a PC by letting users tag files with metadata, but those tags could cause unwanted and embarrassing information disclosure, Gartner analysts have warned. Search and organization capabilities are among the primary features of Windows Vista, the successor to Windows XP due out late in 2006. While building those features, Microsoft is not paying enough attention to managing the descriptive information, or metadata, that users can add to files to make it easier to find and organize data on a PC, according to Gartner. 'This opens up the possibility of the inadvertent disclosure of this metadata to other users inside and outside of your organization,' Gartner analysts Michael Silver and Neil MacDonald wrote in a research note published on Thursday."
Re:That reminds me... (Score:3, Informative)
In your colleagues case it sounds like he may have been able to prevent it, but that is not always so [abanet.org] with metadata that that vendor includes in your documents.
Re:Word: "Properties" and Track Changes (Score:4, Informative)
Re:I don't get it.. (Score:3, Informative)
I did RTFA. The "problem" is you may deliberately send a file, eg a spreadsheet, but along with the file, Windows will have your indexing info, which may give away more than you want ("generic fuck off message", etc). Of course, this information comes courtesy of a company that has a "metadata cleaning" system they want to sell you. Everyone seems to be thinking about porn, but as you said, the metadata should be attached to the file, so if they don't get the file they won't get the metadata.
Re:Easy solution (Score:2, Informative)
I've been on both sides of this problem with current Windows/Office implementations - receiving sales or RFP information that included "hidden" revision or comment information intended for another client, or catching similar information in documents heading out the door.
Within Office, there's a Remove Hidden Data add-in [microsoft.com] that allows you to clean up documents before publishing. Having this functionality enforced somehow once you leave a specified environment would be extremely helpful, while allowing you to leverage the advantages of tagging your file (i.e. if I do anything that looks like publishing, strip off all the metadata in the process)
$0.02
Re:Company policy. (Score:4, Informative)
The places you need to worry about metadata exposure are the document-aware "export" functionality, because rather than simply printing from primitives, these work with full knowledge of the document and it's structure.
Security by obscurity (Score:3, Informative)
Medicine is different, though. HIPPA basically requires that you use this kind of security (obscurity). Let me give you an example. If I have your (HIPPA protected) chart in the office on my desk, that's OK. If I leave it in the waiting room, it's not. Information does not have to be hidden from a determined (and illegal!) search, because, well, that's illegal, and because medical practice would grind to a halt if you added that much paperwork overhead.
But if you make it too easy for someone to "accidentally" stumble on HIPPA protected information, you're in a lot of troub le. And Google desktop does exactly that - offering "suggested" completions as you type, allowing you to find out that your neighbor Paul Smith has a patient letter on my computer while you were looking for your dad Paul Jones.
Re:Stupidity 101 ? (Score:2, Informative)
Example: