Metadata in Vista Could Be Too Helpful

linumax writes "Windows Vista will improve search functionality on a PC by letting users tag files with metadata, but those tags could cause unwanted and embarrassing information disclosure, Gartner analysts have warned. Search and organization capabilities are among the primary features of Windows Vista, the successor to Windows XP due out late in 2006. While building those features, Microsoft is not paying enough attention to managing the descriptive information, or metadata, that users can add to files to make it easier to find and organize data on a PC, according to Gartner. 'This opens up the possibility of the inadvertent disclosure of this metadata to other users inside and outside of your organization,' Gartner analysts Michael Silver and Neil MacDonald wrote in a research note published on Thursday."

Re:That reminds me...

[wombatmobile]

In your colleagues case it sounds like he may have been able to prevent it, but that is not always so [abanet.org] with metadata that that vendor includes in your documents.

Re:Word: "Properties" and Track Changes

[C10H14N2]

...and these are a few of the many reasons why I print to PDF and never, ever, ever send MS Word files.

Re:I don't get it..

[1u3hr]

I would *hope* ( and no, I didn't read the article ), that the meta data for each file would have the same security permissions as the original file.

I did RTFA. The "problem" is you may deliberately send a file, eg a spreadsheet, but along with the file, Windows will have your indexing info, which may give away more than you want ("generic fuck off message", etc). Of course, this information comes courtesy of a company that has a "metadata cleaning" system they want to sell you. Everyone seems to be thinking about porn, but as you said, the metadata should be attached to the file, so if they don't get the file they won't get the metadata.

Re:Easy solution

[demastri]

The point is that metadata is useful, or even mandatory, for allowing certain internal workflow or functionality, but sensitive enough that you'd never want that metadata to go out with the published version of the document.

I've been on both sides of this problem with current Windows/Office implementations - receiving sales or RFP information that included "hidden" revision or comment information intended for another client, or catching similar information in documents heading out the door.

Within Office, there's a Remove Hidden Data add-in [microsoft.com] that allows you to clean up documents before publishing. Having this functionality enforced somehow once you leave a specified environment would be extremely helpful, while allowing you to leverage the advantages of tagging your file (i.e. if I do anything that looks like publishing, strip off all the metadata in the process)

$0.02

Re:Company policy.

[arkanes]

The virtual printer technique won't preserve metadata because it's not document aware - it presents itself as a Windows printing device, the application uses standard Win API drawing commands on it, and the driver internally translates those commands into postscript and then into PDF. Do watch out for redactions, like drawing black boxes over text - the application will likely print this as the text with a box over it, which will look fine on paper but the redacted text will remain in the document. This happened at least once with a redatected DoD document, exposing them to some fairly serious embaressment because they're redacted all the negative parts of an independent audit.

The places you need to worry about metadata exposure are the document-aware "export" functionality, because rather than simply printing from primitives, these work with full knowledge of the document and it's structure.

Security by obscurity

[QuaintRealist]

I'm no computer expert, but I do understand the argument against "security by obscurity" which has to do with FOSS vs closed source software.

Medicine is different, though. HIPPA basically requires that you use this kind of security (obscurity). Let me give you an example. If I have your (HIPPA protected) chart in the office on my desk, that's OK. If I leave it in the waiting room, it's not. Information does not have to be hidden from a determined (and illegal!) search, because, well, that's illegal, and because medical practice would grind to a halt if you added that much paperwork overhead.

But if you make it too easy for someone to "accidentally" stumble on HIPPA protected information, you're in a lot of troub le. And Google desktop does exactly that - offering "suggested" completions as you type, allowing you to find out that your neighbor Paul Smith has a patient letter on my computer while you were looking for your dad Paul Jones.

Re:Stupidity 101 ?

[flink]

Windows has a seldom-used feature that allows multiple streams to be associated with a single file. Now I have no idea if this is what they are using to implement their metadata feature, but you could have a document.txt that had the default plain text stream and a document.txt:meta that had the metadata stream. The two streams show up as a single directory entry called "document.txt", and the :meta stream follows the document.txt file around. Kinda like a resource fork on the Mac.

Example:

C:\TEMP>echo hi > foo.txt
C:\TEMP>echo there > foo.txt:meta
C:\TEMP>more < foo.txt
hi
 
C:\TEMP>more < foo.txt:meta
there
 
C:\TEMP>dir
  Volume in drive C has no label.
  Volume Serial Number is 6886-DD2A
 
  Directory of C:\TEMP
 
12/23/2005 02:25 PM <DIR> .
12/23/2005 02:25 PM <DIR> ..
12/23/2005 02:25 PM 5 foo.txt
              1 File(s) 5 bytes
              2 Dir(s) 110,433,406,976 bytes free