In an official blog posting, Jonathan Rochelle, Google Docs’ product manager, details why the company has determined that the issues included in the analyst’s report are far from critical.
Google’s conclusions aren’t a surprise. Hours after Ade Barkah published his report on Thursday, Google responded with a preliminary statement saying it was investigating the matter but that it didn’t believe there were significant security issues with Docs.
Nonetheless, Google evidently sees some merit in Barkah’s report. Google has added information regarding Barkah’s observations to its Docs “help” pages about creating drawings and about adding viewers and collaborators to documents.
In addition, Google may make changes to Docs as a result of Barkah’s report. “We are also exploring alternative design options that might further address the concerns. We’d like to thank the researcher for sharing his concerns with us,” Rochelle wrote.
Asked for comment about Rochelle’s blog post, Barkah indicated that he’s not done with his security analysis of Google Docs. “At this time, new details and test scenarios are still emerging. I appreciate the excellent feedback I’m receiving from Google Security. I am continuing to share my most recent findings with them, and will be able to comment further once our analysis is complete,” he said via e-mail.
Google Docs is a free, standalone product, as well as a component in the broader collaboration and communication suite Google Apps, which comes in free and fee-based versions and is designed for workplace use.
Barkah, founder of BlueWax, an enterprise application consultancy based in Toronto, highlighted what he considered three flaws in the way files are shared in Docs, which lets people invite others to view and edit their word processing documents, spreadsheets and presentations.
First, Barkah noted that images inserted into a document are assigned their own URL, so that someone who has been given access to the document can continue to call up the image even if the document is deleted or if the document owner removes their access rights. “If you embed an image into a protected document, you’d expect the image to be protected too. The end result is a potential privacy leak,” Barkah wrote.
Rochelle countered that images are kept independently of the documents in which they appear for fear that deleting them would break references to them in other documents and external blogs. “In addition, image URLs are known only to users who have at some point had access to the document the image is embedded in, and could therefore have saved the image anyway — which is fully expected,” Rochelle wrote.
Ultimately, document owners can request that images be purged from their account by sending an e-mail to Google’s support team at docsimagedelete@google.com.
The second observation Barkah made concerned the ability of someone with whom a document is shared to view all versions of any diagram contained in it by modifying the image’s URL.
In his response, Rochelle points out that allowing collaborators to view a document’s revision history is a Docs feature, and that the only people who could see past revisions of a drawing are those who have been given access to the document.
“We may consider explicitly preventing viewers from accessing drawing revisions,” Rochelle wrote. “For now, if document owners decide they don’t want viewers to have access to their revisions, they can simply make a new copy of the document — from the File menu — and share that new version. The revision history of both the document and all embedded drawings is removed in copies of documents.”
Barkah didn’t detail his final concern in his report to give Google time to troubleshoot it, but said that it allowed, in some cases, contributors whose access to a document has been removed to get back into it without the owner’s knowledge and permission.
Rochelle explained that the scenario involves the use of a Docs feature that allows invitations to access documents to be forwarded to more than one person. Google added this feature in response to requests from users who wanted to forward invitations and share documents with e-mail lists.
“Invitations sent using this feature contain a special key on the document link. This feature can be disabled at any time to expire previously distributed invitations which contain that special key. To do this, simply disable this feature by unchecking it — in documents and presentations, it’s called ‘invitations may be used by anyone’ and in spreadsheets it’s ‘editors can share this item,'” Rochelle wrote.
Privacy and security controls in Google’s hosted applications have been in the news recently. Last week, the Electronic Privacy Information Center filed a complaint asking the U.S. Federal Trade Commission to stop Google from offering hosted services that collect data until privacy controls can be verified.
Earlier this month, Google acknowledged that a glitch in Docs caused some documents to be exposed to users without proper permission. The problem occurred among users who had previously shared documents. The company said it affected fewer than 0.05 percent of documents. Editor’s note: the percentage of Google documents affected by the glitch was corrected on March 28, 2008.