We are going to demonstrate in this article that documents on Google Docs (in July 2007) are not deleted, even after the user asked to empty the trash.
We are also going to show that there is an privacy issue with documents on Google Docs: parts of private documents on Google Docs can be accessed without having to enter any user-id and password.
Maybe Google still has not fixed the issues while you are reading this article. Try for yourself the URL that was used in the video:
If you are able to download the image by clicking on the URL then Google still has not fixed the deletion issue and the privacy issue.
When we last checked the URL (at the time of this writing) 12 hours passed by since we “deleted” Document1 from Google Docs:
12 hours later we still can access the private document that we deleted and we can access it even without being asked to provide user-id or password!
Please remember that you should not be able to access and read the text of the notepad screenshot because:
a) Document1 was a private document on Google Docs while it existed
b) Document1 was supposed to be completely deleted (including the embedded image) from Google Docs already at the 12th of July.
Do not be “disappointed” when clicking on the URL does not download the image anymore:
It would be good if the URL above is broken!
It would mean that Google has taken at least some action to fix (or less good: to work around) the identified issues.
The conceptual problem that is highlighted in this article will continue to exist, if the URL is broken or not does not change anything:
How can we talk about privacy on the Web if we can NEVER be sure that our “private” content (like mails, daft mails, documents) will be ever finally deleted from any of the services out there today?
For further discussion please read the rest of this article.
All of the steps below have been executed, tested and verified several times at the beginning of July 2007. While it would be for some of our readers exciting to experience the issues online themselves we hope that these issues are all fixed when you are reading this article.
Lets go through the example step by step:
1) Document1 is a document on Google Docs. It contains an embedded screenshot of notepad:
The URL for the embedded notepad screenshot is:
2) The document Document1 on Google Docs has not been published:
3) And the document Document1 on Google Docs is also not shared:
4) Now Document1 will be deleted and the trash will be emptied:
5) The trash is empty and Google Docs is confirming that Document1 has been deleted from Google Docs:
Now we are ready to make use of the URL that is/was pointing to one part of Document1: the image that is (or better was) embedded in Document1:
Now the (first) surprise is coming: Although we asked Google Docs to delete Document1 we can click on the URL of the embedded image and the image can still be retrieved from Google Docs like shown here:
How can this be? The Google Docs UI is clearly telling us: Document1 is deleted, there is no way of how you ever can access it again. Still we have just seen that we can access parts of the document (and we believe the rest of the document is also existing, we just do not have a way to proof that) although it should be deleted.
Windows users maybe know of a similar issue with the Windows trash. Emptying the Windows trash does not delete the files in the trash. This is the reason why it is recommended for Windows to use “Shredder” programs that make sure, that files are overwritten several times to delete them.
On Google Docs this problem is worse. Google Docs did not delete the image that was embedded in Document1. With high probability the rest of the document1 is also still available on Google Docs. Fact: The UI of Google Docs is just hiding the document from you. The issue of deletion on Google Docs is worse then on Windows because there is no “Shredder” available for you that you can trust. Until now you could have hoped that the Google UI is telling you the truth about the deletion of the file. Now you can not simply trust anymore.
The additional privacy issue:
At the time of the writing of this article 12 hours passed since we emptied the trash. Twelve hours ago we thought we deleted Document1 completely from Google Docs, still we can access from Google Docs the image that was embedded in Document1. This fact on its own can create serious questions about Google Docs: How can I ever be sure that documents on Google Docs will be deleted? Maybe there is a process that deletes trashed documents every 12 hours, maybe such a job is starting on demand. Or maybe my documents that I wanted to be completely removed from Google Docs will never be deleted.
But it does not stop here: Maybe you noticed in the movie that we signed out of Google docs before we retrieved with the specific URL the image from within document1. And maybe you noticed that we did not have to sign in to retrieve the image, Google Docs did not ask us for user and password. We shown that Document1 was not shared and not published, so it is really a private document. But never the less we can access a part of this private document without having to log-in into Google Docs!
This is in addition to the deletion issue another problem: If a URL (that is difficult to guess) is giving access to parts of private documents on Google Docs without asking for user-id and password how can one easily believe in Google Docs privacy statement as shown below?
What if Google would not only have an issue with deletion of documents on Google Docs?
What if also none of your mails would be ever deleted?
What if even a draft of a mail that you wrote but that you never sent and that you even never saved would be still stored on Google Mail because the new Google Mail “auto-save” feature saved it anyhow?
This would be not problem at all because you have nothing to hide?
You never wrote something where you later were happy that you did not share or sent it to someone (you boss, your wife)?
You would not feel uncomfortable if there is even only a theoretical small chance that people can still at some point get access to this against your will?
The good thing is that Google Docs is still in Beta and things can change until it goes into release mode. But chances are higher that something will happen when we bring our privacy concerns to the attention of Google and also to the attention of all others that are offering to us either free or paid services on the Web.
It is our responsibility. Let us choose wisely what and what not we are using as the the core of our personal information infrastructure.