×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Metadata in Vista Could Be Too Helpful

Zonk posted more than 8 years ago | from the you-want-some-toast? dept.

Windows 276

linumax writes "Windows Vista will improve search functionality on a PC by letting users tag files with metadata, but those tags could cause unwanted and embarrassing information disclosure, Gartner analysts have warned. Search and organization capabilities are among the primary features of Windows Vista, the successor to Windows XP due out late in 2006. While building those features, Microsoft is not paying enough attention to managing the descriptive information, or metadata, that users can add to files to make it easier to find and organize data on a PC, according to Gartner. 'This opens up the possibility of the inadvertent disclosure of this metadata to other users inside and outside of your organization,' Gartner analysts Michael Silver and Neil MacDonald wrote in a research note published on Thursday."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

276 comments

Oblig. Nelson (5, Funny)

gardyloo (512791) | more than 8 years ago | (#14326609)

Windows Vista will improve search functionality on a PC by letting users tag files with metadata, but those tags could cause unwanted and embarrassing information disclosure, Gartner analysts have warned.

        Ha-ha! You're using Windows!

Windows Insecure??? (2, Funny)

clr211 (796400) | more than 8 years ago | (#14326610)

The new version of Windows will be insecure???

Say it ain't so.....

Re:Windows Insecure??? (4, Insightful)

antifoidulus (807088) | more than 8 years ago | (#14326707)

I know it's trendy here to bash windows, but this is FAR from a windows specific problem. Any file system that contains metadata could enable inadvertant disclosure of information, be it windows, mac, linux etc. The solution basically is to ensure that either a)your users are aware of what metadata is and how it works and to make sure that they get rid of any metadata on sensitive documents that they may send out or b) failing that, don't use the metadata.

Re:Windows Insecure??? (0)

Anonymous Coward | more than 8 years ago | (#14326788)

I know it's trendy for astroturfers to describe every Windows vulnerability as typical of all operating systesm, but such problems are FAR from being as severe on Mac & Linux systems, which were built with a much greater focus on security.

Re:Windows Insecure??? (0)

Anonymous Coward | more than 8 years ago | (#14326829)

You base that on what, exactly? Do you even know what metadata is? Explain how the same problem would not exist on a mac or linux system also using metadata.

Re:Windows Insecure??? (1)

pdpTrojan (454023) | more than 8 years ago | (#14326841)

LOL, apparently you don't know about Open Source Software. OSS (as we worshippers like to call it), is the greatest thing since pussy (or so I've heard). With an OSS filesystem metadata whatnot, there can't be any bugs because everyone can see the source code.

Only if you sell your soul to Micro$oft do you have to worry about such petty things. They are a vile, evil, American (is that redundant? LOL!!!) corporation.
They must be stopped at all costs!

Re:Windows Insecure??? (2, Funny)

TubeSteak (669689) | more than 8 years ago | (#14326989)

AFAIK the only two companies that cause people to regularly get publicly humiliated due to meta-data are:
Microsoft (Office)
Adobe (PDFs)

If you can think of any other companies that keep turning up, you let me know.

Re:Windows Insecure??? (1)

charlesnw (843045) | more than 8 years ago | (#14327033)

Well when vista comes out and people start using the metadata I imagine there will be plenty more :)

Easy solution (5, Insightful)

crazdgamer (846581) | more than 8 years ago | (#14326615)

If my metadata could be viewed by other people inside and outside my organization, there's an easy solution to this.

Don't fill out the metadata fields!

Re:Easy solution (4, Insightful)

shokk (187512) | more than 8 years ago | (#14326786)

Or how about... watch how you tag things!! If you go tagging files "my secret romp with Goatse dude" AND you might be embarrassed about it, then _don't tag it_. However, if you're one to shout that kind of crap out to the world, tag away. I think the old adage still applies: "don't do anything you wouldn't want everyone to see in the news."

It has everything to do with human behavior and nothing to do with computer security. As it is, desktop search tools are opening up whole avenues to quickly find the secret smut on your desktop. Do you have a Google account AND search history enabled? Go to google.com and do a Search History and see what stuff you've been searching on that Google knows about. You shouldn't have done a search on "merkin".

Well that would be great, but... (0)

Anonymous Coward | more than 8 years ago | (#14326906)

The last major features that separate Vista from XP are: Searchable metadata and vector-based graphics. Everything else has effectively been scaled back or scrapped. As such, people using Vista will be encouraged to tag everything, if not by the OS (yeah right, like Microsoft isn't going to stick a reminder-like app. in the tray for a feature they've been marketing), then the organizations who purchase Vista will encourage tagging.

Re:Easy solution (0)

Anonymous Coward | more than 8 years ago | (#14326802)

that's the fucking point, the metadata is filled automatically

I don't get it.. (4, Interesting)

dangerz (540904) | more than 8 years ago | (#14326617)

Isn't this like saying Airbags are too safe? I thought whole point of metadata is to make it easier to search and find data? How can it be *too* helpful?

Re:I don't get it.. (3, Insightful)

$RANDOMLUSER (804576) | more than 8 years ago | (#14326654)

> Isn't this like saying Airbags are too safe?

Like Big Bird says, remember to put your infants in the back seat, so the "safety" devices don't kill them.

Re:I don't get it.. (-1, Troll)

Anonymous Coward | more than 8 years ago | (#14326734)

Like Big Bird says, remember to put your infants in the back seat, so the "safety" devices don't kill them.

What is the problem with Slashdot users not just coming out and saying what the issue is instead of making all these odd coy remarks that skirt the issue but seem, in some fashion, to be geek?

My guess is that the majority of slashdot users dont know why this is a bad thing all they know is "microsoft bad! microsoft bad!" and feel the need to add to the fire.

What's my point? Next time don't reply unless you can answer the question without acting like a 12 year old that feels the need to fit in, dildo.

Re:I don't get it.. (4, Insightful)

mzwaterski (802371) | more than 8 years ago | (#14326778)

Someone got up on the wrong side of the bed. I'm pretty sure he was making an argument by analogy. It seemed pretty clear to me. Airbargs are a good thing. They save a lot of lives, but if used improperly (e.g., placing a child's car seat right in front of the airbag) they can be a bad thing (read: deadly).

Turning to the metadata: Having lots of metadata to search can be a very good thing. But, if used improperly (e.g., having the index not properly secured from outside access or malicious software) they can be a bad thing (read: security risk).

So, as the grandparent said: "Like Big Bird says, remember to put your infants in the back seat, so the "safety" devices don't kill them."

Re:I don't get it.. (4, Insightful)

Roofus (15591) | more than 8 years ago | (#14326716)

I would *hope* ( and no, I didn't read the article ), that the meta data for each file would have the same security permissions as the original file.

Otherwise, you'd be able to search for the meta data in the private files of other users.

Re:I don't get it.. (1)

jacksonj04 (800021) | more than 8 years ago | (#14326805)

That's what I was going to leap in with. Surely 'public' metadata is just that by definition - naming something "Cybersex with Mistress Oct 2005" will not go down well if it's not user-specific, but if you keep it in My Documents (Vista security model treats this like the /home, so it's only you & admins who see it) then surely the metadata won't be visible.

Re:I don't get it.. (2, Informative)

1u3hr (530656) | more than 8 years ago | (#14327012)

I would *hope* ( and no, I didn't read the article ), that the meta data for each file would have the same security permissions as the original file.

I did RTFA. The "problem" is you may deliberately send a file, eg a spreadsheet, but along with the file, Windows will have your indexing info, which may give away more than you want ("generic fuck off message", etc). Of course, this information comes courtesy of a company that has a "metadata cleaning" system they want to sell you. Everyone seems to be thinking about porn, but as you said, the metadata should be attached to the file, so if they don't get the file they won't get the metadata.

Re:I don't get it.. (1)

LoverOfJoy (820058) | more than 8 years ago | (#14326822)

How can it be *too* helpful?
Because it is helpful to me AND to others. Many people do not want to help others find their files or their sorting methods.

Silly as it sounds, it's possible to be TOO friendly. This is one reason it's fortunate that little children can cry when someone they don't know picks them up and takes them away from their parents.

Re:I don't get it.. (1)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14326847)

Isn't this like saying Airbags are too safe? I thought whole point of metadata is to make it easier to search and find data? How can it be *too* helpful?

It is possible for something to be helpful in some instances and harmful in others. Airbags can cause accidents if they go off when something hits the bumper, but would not otherwise have caused a crash. Most likely there are more crashes because of airbags, but fewer serious injuries.

In this particular case, metadata can be great for finding things but many users may not know that it exists, leading them to give away information without realizing it. For a real world example, Word files already contain a lot of information that the user may not know has been added. I once received a request for a bid from a vendor that included metadata to tell me it had originally been written for a competitor and included recoverable information on which components they were bidding on. Job posting forms written in Word have occasionally given me the name and phone number of the person doing the hiring, something that can be very useful if you are looking for a job in the security field. All this information was useful to me, but that does not mean the authors wanted me to have it. Meta-data that is not very visible to the end user, may very well be a security issue.

Re:I don't get it.. (0)

Anonymous Coward | more than 8 years ago | (#14327014)

Funny, I read the title as Metadata in Vista Could Be Helpful Too

As in, "A feature added to Vista might actually be helpful..."

Surprise? (2, Insightful)

cez (539085) | more than 8 years ago | (#14326618)

Should it be a surprise MS hasn't taken adequate security measures in the "advance" of its operating system that seems like another attempt to compete with google? I say stick to Google Desktop http://desktop.google.com/ [google.com]. And your own directory architecture for organization.

Google desktop is a little scary... (3, Insightful)

QuaintRealist (905302) | more than 8 years ago | (#14326712)

If you have any kind of data which needs to be kept private (we have HIPPA compliance to worry about at our medical office), using Google desktop is a bit scary. Yes, it allows you to "lock out" certain data sources, but on machines where private data passes in a lot of different formats, things can easily slip through the cracks.

Of course, we don't have it on our main office machines, because they are running Slackware. Our machines that are locked into Windows for hardware interface reasons had to have Desktop removed from them after a couple of almost-incidents.

YMMV

Re:Surprise? (1)

Giometrix (932993) | more than 8 years ago | (#14326809)

How is Google Desktop more secure than this? Here you have to actively use metadata to make it "easier to search" where as with Google Desktop you have to actively deny access to data... Personally, I prefer the google method, as I don't distribute many files, and I'm lazy; but that doesn't make it any more secure.

Oh Great (5, Insightful)

Anonymous Coward | more than 8 years ago | (#14326632)

Now we have a business analyst group trying to direct a computer software company how to write its software. When Gartner starts making new technology or being otherwise reasonably involved in technology, they can have a seat at the table. For now, this is just horrendously bad policy. Anyways, the Microsoft DOC format already contains a horrendous amount of metadata, the full history of changes that led to the current document, among other things. Where's Gartner's whines about that?

Re:Oh Great (1)

jferris (908786) | more than 8 years ago | (#14326798)

Gee, isn't it ironic the most structured developments start with requirement analysis done by business analysts?

Windows fills a business need. Yes, it is also a home OS, but business analysts tend to work in the broader scope of a user's interest. The "business" aspect tends to throw people off. The requirements that they come up with is key for a product's success (whether commercially, or simply a successful development lifecycle). From the requirements, architects and project managers derive design documents, which are ultimately use to blueprint the software.

I've worked in shops with and without and analyst team, and have done analyst work, myself. Those with an analyst team consistantly released better products, IMHO.

Surely not ? (4, Funny)

TractorBarry (788340) | more than 8 years ago | (#14326638)

No... say it ain't so...

Surely Microsoft aren't adding a feature to Windows without giving thorough consideration as to how the feature will work in a multi user, internet connected, environment ?

After all they've show time and time again how much they cae about these things :)

Re:Surely not ? (0)

Anonymous Coward | more than 8 years ago | (#14326651)

I detect an inferiority complex

That reminds me... (5, Funny)

archeopterix (594938) | more than 8 years ago | (#14326644)

My colleague at my former job once sent our boss a report in a file named 'for_dickhead_2003_11'. He changed the file name before attaching it to the email. Unfortunately, a self-reference in the file contents remained, showing the unfortunately chosen first name. Fortunately, our boss just politely reminded him to pick more neutral names, just in case.

Re:That reminds me... (2, Informative)

wombatmobile (623057) | more than 8 years ago | (#14326747)

In your colleagues case it sounds like he may have been able to prevent it, but that is not always so [abanet.org] with metadata that that vendor includes in your documents.

Re:That reminds me... (1)

js3 (319268) | more than 8 years ago | (#14326975)

funny but the problem here is not a bug in the software, it's a bug in the user! If he was professional enough not to call others dickhead he wouldn't find himself in that embarassing situation :)

News? (1)

olddotter (638430) | more than 8 years ago | (#14326648)

Microsoft not thinking about security is news?! Tell me when a microsoft product has reasonable security, that will be news.

But I suppose that for the protection of the unwashed, we should inform them of new flaws in MS products. ;-)

This will be embarrassing... (1, Funny)

Anonymous Coward | more than 8 years ago | (#14326650)

...if fellow co-workers learn I heart Fabio from the tags in my massive library of rectal gaping porn.

Hahaha, must have opened porn.... (4, Insightful)

ShyGuy91284 (701108) | more than 8 years ago | (#14326652)

Nothing worse then searching for one thing, and coming up with a "*ultra-midget-fetish-sex-in-chocolate*" result when your g/f is around.......... That's my biggest gripe of indexers. Too easy to accidently find files. Like search for your g/fs name if you want pictures of her (and she is hooking over your shoulder wanting them), she may see her name come up in a convo between you and your bud that you'd rather her not see.

Re:Hahaha, must have opened porn.... (0)

Anonymous Coward | more than 8 years ago | (#14326698)

Just as bad are those damn recently opened file lists.

Wife: "Can you enlarge my picture?"
Husband: "Sure, let me open photoshop...recently opened files..."
Wife: "What the hell is 'double_penetrated_teen.jpg'?"

Re:Hahaha, must have opened porn.... (2, Insightful)

slavemowgli (585321) | more than 8 years ago | (#14326963)

... which, of course, would only be symptomatic of a deeper-running problem you and your girlfriend have. If you can't openly talk about your sexual interests, and if you have to hide things from each other because the other one'd go apeshit if they knew about them, then you have a bigger problem in your relationship, anyway.

Stupidity 101 ? (5, Insightful)

Tom (822) | more than 8 years ago | (#14326658)

Help me out here, but what's so difficult about not storing metadata in-line ?

After 10 years of M$ Word disclosing secret information, you'd have guessed that "a removal tool" as mentioned in the article is obvious to anyone with half a brain as not good enough.

Storing the meta-data in a seperate file, or how about with the other metadata (i.e. with the inode) isn't so hard, is it? And it is quite obviously the right thing. There's even a big, red hint right there in your face: It's called meta-data. Might want to treat it different from the actual data, you know?

Re:Stupidity 101 ? (4, Insightful)

$RANDOMLUSER (804576) | more than 8 years ago | (#14326710)

I'm sure I don't really need to point out to a 3 digit UID that Microsoft's other efforts with meta-data (the registry) have been less than stellar. Seems like we're doomed to lack of security or a single point of failure.

Re:Stupidity 101 ? (0)

Anonymous Coward | more than 8 years ago | (#14326763)

What document metadata is in the registry? Unfortunately, I do need to point out a 800K ID that he's an idiot.

Re:Stupidity 101 ? (1)

slavemowgli (585321) | more than 8 years ago | (#14326879)

You don't have to collect all the metadata in one central place, either. You could - when you create a Word file, for example - simply create a second file in addition to the actual document, one that holds the metadata, so you'd have one .doc file and one .mdc (or so) file.

If you want to guard against stupid l0sers who will only send/save/copy/move the .doc file and then complain that the metadata is gone, put them together in a zip file (and call it .dzp or so); then, someone who wants to remove the metadata can simply delete the .mdc file in there with any standard zip tool, and someone who doesn't care about these things can treat the container just like they would treat a plain old .doc file.

Re:Stupidity 101 ? (1)

$RANDOMLUSER (804576) | more than 8 years ago | (#14326974)

You've put your finger right on the problem. Either the data and meta-data are in the same file, (no matter what the extension is) subject to the same security concerns we have today, or the meta-data is in a repository somewhere, subject to single point failures and multi-user versioning problems.

Re:Stupidity 101 ? (1)

jbolden (176878) | more than 8 years ago | (#14326759)

Because the whole basis of the Dos filesystem is a strong relationship between the computer file and all the information associated with the file. Files don't have hidden aspects. This is unlike the OS/2 situation where the filesystem supported metadata, the OSX situation where "files" from a ueer standpoint are "really" directories. If new windows filesystem had gone off then we would have a whole new model for files (more like a mainframe). But as is, an office document file is really a large collection of files organized inline.

Re:Stupidity 101 ? (1)

CastrTroy (595695) | more than 8 years ago | (#14326804)

Wouldn't the MetaData have to be stored seperate from the file? If you put metadata on a text file, then wouldn't that data show up when you opened the file in a text editor? otherwise you'd have to do some fancy stuff with the OS to make sure that it didn't show up. Wouldn't it make more sense to keep all the metadata in one place, so that it could be easily searched, instead of having to scan the whole hard drive just to search the metadata? Are they really planning on storing the Metadata with the file? That's about the stupidest design I've ever heard of.

Re:Stupidity 101 ? (1)

rpk (9273) | more than 8 years ago | (#14326924)

Gee, if anybody needs to be lectured about not storing metadata it's inline, it's the designers of Unix. Special files, directories with special names, using "From" as a message separate in mail files.

Re:Stupidity 101 ? (1)

Eli Gottlieb (917758) | more than 8 years ago | (#14327007)

It is pretty stupid, and I can't see why The World hasn't gone the Reiser4 route of storing metadata as sub-files of the file itself, which can be accessed as a directory to look at its metadata and as a file to read it.

This is a BETA, Right? (4, Insightful)

drsmack1 (698392) | more than 8 years ago | (#14326660)

I find it a little annoying when someone does a "doom and gloom" review of a beta product, focusing on bugs or immature features. Its like doing a review of a building in progress and shouting out: "It has no roof! The rain will come right in! What are they thinking!"

Re:This is a BETA, Right? (1, Troll)

Tom (822) | more than 8 years ago | (#14326671)

Yes, it is a beta product. Which means someone within M$ is wondering why it hasn't shipped, yet.

Re:This is a BETA, Right? (1)

drsmack1 (698392) | more than 8 years ago | (#14326815)

This might be funnier if Microsoft was the only company out there shipping buggy releases. Have you tried Mandriva 2006?

Re:This is a BETA, Right? (1)

aredubya74 (266988) | more than 8 years ago | (#14326821)

It's a beta, sure, but unless users expressly complain about the business security implications of this issue, it's unlikely MS will do anything to fix it. Remember, they've shown time and time again that ease of use and functionality trump security. To cite some examples, remember single-user of the Win9x days, ActiveX defaulting to "on", Universal Plug-and-Play, file sharing defaulting to "on" for all files, and the built-in passwordless "guest" user access to all of these features. We should thank Gartner for publishing this, as hopefully it will get some IT execs thinking about the security implications for not just this, but other functions.

Re:This is a BETA, Right? (1)

DogDude (805747) | more than 8 years ago | (#14326903)

The thing is, the business security implications of this are minor at worst, and none at best. 1. This isn't security. This has nothing to do with security. 2. This is a usage issue. Don't label a file as "bad customer", and you don't have to worry about it. 3. If you insist on using bad info to label files, then there's a way to remove it.

Re:This is a BETA, Right? (0)

Anonymous Coward | more than 8 years ago | (#14326882)

No, it's more like doing a review of a building in progress and saying "its pillars won't be strong enough to support a roof!"

Re:This is a BETA, Right? (1)

slavemowgli (585321) | more than 8 years ago | (#14326941)

You seem to be misunderstanding what a beta release is.

A beta release is (or at least is supposed to be) essentially a release where the important features are pretty much done, and where the "only" work that's left to do is shake out bugs, tweak minor things, fix documentation and so on.

It is NOT a release where you put in all sorts of crazy features that you don't actually plan to have in the final product - that would be rather stupid on pretty much every level I can think of, especially the economic one.

So when there's a fundamental problem with a feature in a beta product, especially if it's the feature *as such* as opposed to its (probably buggy) implementation, then pointing that out is not "doom and gloom" - it's just reporting.

Say Ford decided to switch the driver's and passenger's seat in all their new models, so that the driver actually sits to the right of the passenger now, and further suppose that Ford presents their new concept model to the press. If a reporter now pointed out that that feature is pretty nonsensical (dangerous, even), would you call it "doom and gloom", and would you believe Ford if they said that it's "just a 'beta'", and that the actual cars won't have this after all?

Of course not. If they really didn't have any plans to have this feature, they wouldn't have it in the "beta" version, either, and the same's true here.

And what's more... if nobody cared about this now, then I'd bet (no pun intended) that when people actually noted these problems after the final product had been released, there'd be many who'd complain that it should've been pointed out while the product was still in beta, and not only after the final release.

The 2008 Toyota Prius (4, Insightful)

DogDude (805747) | more than 8 years ago | (#14326666)

I hear that the 2008 Toyota Prius will have a 7' high spoiler. What's up with that?

Oh, sorry... I just figured that we're talking about products that are still a few years down the pipe that haven't been anywhere close to finalized yet.

I don't know about anybody else, but we not only don't evaluate software years before it's released, but we generally wait until the software has been out for at least a year before even looking at it. I don't know what the point is of reviewing a product this early. The only thing that I can figure out is that it's a way to get a few more pageviews.

Re:The 2008 Toyota Prius (1)

sqlrob (173498) | more than 8 years ago | (#14326744)

I just figured that we're talking about products that are still a few years down the pipe that haven't been anywhere close to finalized yet.

MS has committed to an August 31,2006 date, so it better be damn close to finalized.

Now, chances are they won't make that date, but they've publically said they would.

Re:The 2008 Toyota Prius (1)

AlvySinger (900304) | more than 8 years ago | (#14326959)

Are you new here? Opportunity to take a cheap shot as MS. Taken! Should there ever be a story about a MS employee saving a puppy from drowning they'll be someone here to moan about it.

"embarrassing"? (4, Funny)

Mahou (873114) | more than 8 years ago | (#14326667)

sounds like he's worried about people finding his porn collection when they search for seemingly unrelated things(scat music, majestic horse paintings, old lady jokes, kiddie books and toys, etc). maybe someone should just tell him not to tag that stuff

All Microsoft has to do (3, Interesting)

m93 (684512) | more than 8 years ago | (#14326682)



is to make the metadata attatched to document files viewable only on the Vista installation it was created on. Perhaps it would be possible to have the operating system strip the data off the files that are being copied or moved to other network locations as a precursor to each respective process. In this case, they would also have to work some kind of functionality into the next iteration of Outlook, so that the problem could be stemmed from the email side of things.

What 3rd party vendors would do to accomodate this is anyone's guess.

Re:All Microsoft has to do (3, Insightful)

slashname3 (739398) | more than 8 years ago | (#14326737)

Oh, that would be good. Play "try and modify the file when we think it is being sent off this system". Yet another kludge with lots of holes. Can you say zip files?

This is just another example of disclosures from the past where change log information was left in documents released to public forums. Very interesting info disclosed in some of those word documents. Must be standard procedure now for lawyers to check the change log info on documents they are sent.

And if people don't fill out the meta data info the fancy new search capabilities won't be as useful so why have them?

Release date... (-1, Offtopic)

alexhs (877055) | more than 8 years ago | (#14326683)

Windows Vista, the successor to Windows XP due out late in 2006.

Please, couldn't you say the accurate thingy ? :
Windows Vista, the successor to Windows XP due out late next year.

inadvertent disclosure (1)

Ashley Bowers (932552) | more than 8 years ago | (#14326688)

'This opens up the possibility of the inadvertent disclosure of this metadata to other users inside and outside of your organization' Well this would suck, and will no doubt slow the release date down if it is not fixed soon!

Isnt Metadata part of the filesystem? (0)

Anonymous Coward | more than 8 years ago | (#14326692)

Surely Metadata is part of the filesystem (ie there is a seperate store of metadata seperate from the actual file)?

How can they possibly attach their metadata to the actual file, this would corrupt the files for other users.

If the metadata is stored in the local filesystem then surely there is no need to be worried about that metadata getting out since it is not attached to the file (unlike Word document revisions)

Yawn, non-story (4, Insightful)

mopslik (688435) | more than 8 years ago | (#14326699)

For example, a user might use "good customers" and "bad customers" as keywords on contract files. If such a contract is sent to the customer with the keyword still attached, it could cause embarrassment or even loss of business, the analysts wrote.

How is this different than naming your file "Invoice for Asshole Larry.doc" and mailing it to the client? Simple solution: don't put potentially embarassing stuff in the metadata fields.

Do people really need an analysis to tell them this?

Re:Yawn, non-story (-1, Flamebait)

Anonymous Coward | more than 8 years ago | (#14326742)

what these people need is a good analrapest

SAVE ARRESTED DEVELOPMENT!!!

Word: "Properties" and Track Changes (2, Insightful)

G4from128k (686170) | more than 8 years ago | (#14326700)

I've often been amused by what appears in the Properties pane of Word document sent by clients or what you can dredge up from Track Changes. Evidence of re-used documents, other projects, other clients, and deft attempts at redaction abound in the hidden metadata and edits.

The more data a computer saves (especially if hidden from plain site), the greater the chance of embarrassment and unintended leakage of sensitive info.

Re:Word: "Properties" and Track Changes (3, Informative)

C10H14N2 (640033) | more than 8 years ago | (#14326810)

...and these are a few of the many reasons why I print to PDF and never, ever, ever send MS Word files.

More delays! Yay! (1)

kiehlster (844523) | more than 8 years ago | (#14326702)

And now we'll see Microsoft delay the release of Vista for another year, and yes, more people will be fired for their supposed ignorance in this meta matter.

Usefulness of metadata (4, Insightful)

paologat (844520) | more than 8 years ago | (#14326714)

Adding flexible metadata at the level of files does not seem such a good idea to me, especially for files that need to be transmitted or shared with others. Catalogation systems are going to be different from user to user, and from organization to organization - which is going to be messy if you mix multiple systems together.

Having something like "post-it notes" that do not stick to the file, but instead are part of the directory entry for that file, might be more useful and safer. If someone sends me a file, I don't want that person's metadata to pollute my classification of files.

That's somewhat like what happens with e-mail - I receive plenty of mails that the sender marked as "high priority", but that are low priority to me. Metadata on the file should be objective; subjective information should be stored somewhere else and not be transmitted together with the file.

Re:Usefulness of metadata (4, Funny)

Photon Ghoul (14932) | more than 8 years ago | (#14326837)

Catalogation

In the interestation of securitization, the catalogation of the nation's datation should not be left to the ineptitudination of incompetentation corporatizations with a historicalization of not giving full thoughtfulination to securitization.

Re:Usefulness of metadata (1)

thatguywhoiam (524290) | more than 8 years ago | (#14326932)

Adding flexible metadata at the level of files does not seem such a good idea to me, especially for files that need to be transmitted or shared with others. Catalogation systems are going to be different from user to user, and from organization to organization - which is going to be messy if you mix multiple systems together.

What makes you say that? MP3 files, and their ID3 tags, don't seem to be an issue really?

I like the concept of metadata in the filesystem because it moves beyond the 'folder barrier'. For instance I can create a smart folder that gathers files with tag x into a 'view' in that window. These files can exist within multiple 'folders', as opposed to living in only one place. Spotlight on OS X is a good example; I use it at work all the time to create a folder with all photoshop files with layers named y, or with resolution z, etc.

Really I think the solution as far as sensitive metadata goes is a kind of 'airlock' around Vista; when sending files out to the network or an external device, prompt the user to confirm the metadata; let them uncheck fields that are no good to go out. Of course MS could have solved a number of office faux-pas type issues with such handling in Outlook ("are you sure you wan to Reply to All? are you sure you want to attach this 50MB Powerpoint?") but have yet to demonstrate a concrete effort to do so.

Summary (1)

wombatmobile (623057) | more than 8 years ago | (#14326723)

Allchin said those enhancements--along with a reduction in the number of times customers have to reboot their machines and other features--will mean that companies that move to Longhorn will be able to cut their operating costs. Of course, he added, "that's up to us to prove."

Got that? To cut your operating costs, pay Microsoft some more money for some Longhorns.

i can see the commercials (1)

goarilla (908067) | more than 8 years ago | (#14326741)

Have a hardon, feel horny? gf broke up.
M$ Vista
Searching for your porn stash has never been easier with M$ Vista's new meta-data feature

seriously this is a true reason not to use Vista. Just imagine the plot u have some friends over
you leave them with your new box u come back and they were able to play that 1.30 min pr0n movie on your bigscreen tv :O
That's why i use *nix: find /* -iname *xxx* 2>/dev/null is a pretty hard command for non *nix users.

Company policy. (4, Interesting)

JVert (578547) | more than 8 years ago | (#14326762)

We never send any raw documents out to customers. We always print them to PDF first. Looking back I wonder if there is still a chance private data could be leaked, that somehow PDF layers the hidden stuff underneath and if someone were to peel back the top.

But this will just be an extension to that policy to check for any meta data.

Re:Company policy. (1)

Giometrix (932993) | more than 8 years ago | (#14326853)

You're probably using a commercial app to convert the documents, so I don't know if any meta data is passed along; but if you really care, you can transform XML documents to PDF via an XSLT stylesheet, so you'd know exactly what gets transformed.

Re:Company policy. (1)

JVert (578547) | more than 8 years ago | (#14326990)

We're using CutePDF converter with the postscript filter thingy. I dont know much about what i'm talking about but its just a virtual printer.

Sounds like the XLST stylesheet will have to be modified for every type of document?

Re:Company policy. (1)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14326889)

Looking back I wonder if there is still a chance private data could be leaked, that somehow PDF layers the hidden stuff underneath and if someone were to peel back the top.

For the most part, no. PDF files do, however, support the concept of layers (which must be explicitly created by the authoring program). The only security issues I've seen with this is where people layer black boxes over text to censor them, not realizing the information under the boxes is still there and readable. This has caused several important disclosures and usually a reader need only copy and paste the text to have a readable, uncensored, version.

Eh? (0)

Anonymous Coward | more than 8 years ago | (#14326779)

So why do i need meta data again?!?!

This is bull (2, Interesting)

Nex6 (471172) | more than 8 years ago | (#14326781)

Even the much vuanted google desktop had information discloser issues.
as this type of technology comes to the mainstream its to be expected the early stuff may have a bug or two. (see: google desktop)

and here they are slamming microsoft for a new feature people are asking for. and telling them how to do it, when they have no idea on how hard this kind of thing is to do from a software engineering perspective.

I mean sheesh The product is in BETA, make a bug report to microsoft as a beta tester if you find a bug.

I mean windows vista has alot of very new stuff under the hood which is very cool. much of the stuff effects security and stability which is a good thing.

-Nex6

Terms of Embarrassment (2, Insightful)

Mulletproof (513805) | more than 8 years ago | (#14326783)

"but those tags could cause unwanted and embarrassing information disclosure, Gartner analysts have warned."

Oh, you mean more embrassing than finding cookies and cached images from pr0n sites and the like? Unless you're considering self comments like "he's so hawt! I'd so tap that!" Not that you that most people's surfing already involuntarily discloses their personal data like a sieve.

I'd be less concerned about people appending credit card numbers and such to files, not embrassement.

Couldnt care less (0, Troll)

The Cisco Kid (31490) | more than 8 years ago | (#14326784)

.. about what MS decides to incorportate in its proprietary platform. The more user-hostile, privacy-invading, insecure, and unreliable it is, the more people will finally realize that MS completely sucks and will consider taking the bit of extra effort that MS currently makes necesarry for them to choose to use something *other* than MS. And once enough people choose away from MS, the more people will support the rights of end-users to have a market that isnt monopolized by one vendor.

So go ahead, MS, fuck over your customers in any way that you want to, or are paid by RIAA/MPAA/BSA to. The more you fuck them over, the less customers you will have, and the better the overall health of software technology will be.

You have to put up with a certain amount of fucking over to stick with MS, It just seems that some people are willing to take more than others and still remain loyal. Of course some poor ignorant fools will stick with them till the end, and I pity them.

Stupid (1)

zecg (521666) | more than 8 years ago | (#14326787)

This is idiocy - any disclosure of data which is unwanted can be damaging; so, are we not to have it? Don't index the files and don't name the files, also - this can be potentially embarrassing as well; and don't ever have a shovel in the house, kids cut off each others' heads clear off with those things!

Re:Stupid (1)

99BottlesOfBeerInMyF (813746) | more than 8 years ago | (#14326943)

This is idiocy - any disclosure of data which is unwanted can be damaging; so, are we not to have it?

No it is not idiocy. Sharing metadata can be both useful and disastrous, as shown by the metadata often shared with Word files. The concern is that, like MS Word, Vista will include metadata in shared files without providing a proper UI that informs the user and makes sure they are aware of that metadata. MS does not exactly have a stellar record in this regard. Third parties currently provide applications for cleaning Word files of metadata (which in the past has occasionally included random chunks of data from your hard drive). Less expert users are usually the ones that suffer because of this.

I think it is important to both inform users and to pressure MS to provide a proper interface to avoid problems with unintended metadata sharing. For example, when e-mailing or otherwise transferring a file, by default a list of the included metadata should probably be shown as well as an option to delete any of it that is unwanted.

Google desktop still the winner (1)

el_jake (22335) | more than 8 years ago | (#14326791)

I have tried a Vista beta, and after 4 hours of trying out various search features I installed Google Desktop and found Vista to be just as good as my old XP.

Wich btw runs just fine under Vmware on my Ubuntu distro.

I doubt Gartner knows what they're talking about (1, Interesting)

Anonymous Coward | more than 8 years ago | (#14326811)

For example, a user might use "good customers" and "bad customers" as keywords on contract files. If such a contract is sent to the customer with the keyword still attached, it could cause embarrassment or even loss of business, the analysts wrote.

Wait a minute... Since the tags in question are an OS feature, wouldn't the OS have to store them somewhere else in the filesystem, outside the file, since it can't know how to stuff them inside a file of an arbitrary format? And when you send someone a file, isn't it only the content of the file that is sent, along with the filename of course? Ergo, isn't it impossible to inadvertently send someone a file with Vista's tags still attached, since they're not in the file itself?

<slashdot-editor-mode> Does this mean that Gartner analysts are simply FUD-mongering without a clue? </slashdot-editor-mode>

Gartnerhype (0)

Anonymous Coward | more than 8 years ago | (#14326816)

Gartner is becoming pretty hyperbolic. Is this seriously a problem? And why wouldn't it affect anyone else? You just can't take unreasonable anti-MS seriously anymore.

Enough rope to hang yourself (0)

Anonymous Coward | more than 8 years ago | (#14326830)

Why is that *Microsoft's* responsibility? If you're going to put sensitive information in metadata then you need to think a little bit about who you are sending the file to!

"New! Microsoft Security Assistant! Keeps you from putting sensitive data into your files, where it may leak to unauthorized persons! So you have to think even less than you do now!"

Sounds familiar (1)

FishandChips (695645) | more than 8 years ago | (#14326880)

I guess what Gartner is saying wrt boosting the meta-data options is that marketing has won over security on Microsoft's tick list, whereas after Vista is launched the userbase will demand that security wins over marketing. We've been here with MS before, oh my yes ...

Search your data? (1)

Skiron (735617) | more than 8 years ago | (#14326918)

I still find this very hard to conceive. WTF do users have to SEARCH their own data anyway? What did people do before MS fucked it up for them?

Well, we used to file away FILES in filing cabinets that had drawers all marked - and inside each drawer was as a folder arranged however the user wantted it! Everything was marked as to what it was, and arranged logically.

None of the ~%user%/fredblo~2/setting~1/my docu~2/cache~3/ bollocks (OK, I donwloaded it.... where did it go?????)

I mean. What a load of bollocks in having to do this on a supposedly 'advanced' OS that causes the bloody problem in the first place.

Re:Search your data? (1)

realmolo (574068) | more than 8 years ago | (#14327025)

Why do users have to search their files? Because most users don't know where their files are. They don't know what their files are NAMED. They don't even really know what program they used to create their files. Is it a Word file? An Excel file? A JPEG? (usual response: "I don't know. I just used Windows 99 to make it.") A good search utility could be handy.

Of course, people that can't be bothered to give their files descriptive names aren't very likely to fill out metadata info, either. So it's not going to help much. Still, it's progress.

Seriously, if you've ever worked in a any kind of office environment, the question of "where is my file?" comes up EVERY DAY. People let Word or Excel or whatever name their files, and pay no attention to where those programs are saving things. Thankfully, most of the time things end up in "My Documents".

Stupid Question (0)

Anonymous Coward | more than 8 years ago | (#14326957)


Why does the metadata need to be in the file? Why can't it just be in another file/persistance mechanism with a reference in the document to the location of the metadata?

what will happen to the file name? (1)

mseidl (828824) | more than 8 years ago | (#14327004)

Does this mean people will get lazy about file names? What will happen to directories? I am sure they won't go away. But, MS is trying to make them transparent to the end user. Which was a goal of their WinFS. Im worried this meta data thing will get out of hand and then things will rely on it. I do not like the idea for searching for my data everytime I want to access it. Folders and filenames excite me because I can easily sort/find my stuff. I can quickly access it. If I need to search I have google. Like id3 tags...? I do not find myself using it. I do not need to see the title scrolling in winamp, because I have the file approriately named. But, thats just me.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...