The biggest concern seems to come with the ability to search and share multiple computers with one account. In other words, you could use a single desktop search account to search, index and allow you to share files between your desktop and laptop for example.

But are these concerns grounded in truth? Is there really a privacy issue here?

I downloaded and installed the new Desktop Search beta the other day. It has some interesting new features such as the ability to remove panels from the sidebar and dock them anywhere you like on your desktop.

And there are several more panels available to let you do anything from manage what is indexed, to passing time by playing games.

One of the coolest features is its ability to reach beyond the desktop it is on to do a variety of things. Now, I can play tic tac toe with co-workers, or even friends around the world.

But the biggest, and most troubling update to some is the ability to remotely index files, as well as share them using Google servers to temporarily store the items.

By turning this feature on you give Google the right to store your files for up to 30 days. Therein lies the crux of the issue ? there seems to be no way around this 30 day requirement.

All I have to say is ’so what?’

So what if you have to give Google this ability? Google will encrypt the data so that no one else can access it. And even if there is some sort of DOJ subpoena requiring access to these files I don’t think it would stand up in court.

This is because Google has set up a network whereby all your Google activities are tied to one Google account. Your personalized home page, gmail, google analytics, adwords and adsense accounts all share the same Google account. Therefore, it would be difficult for anyone to get a subpoena to review information pertaining to only part of that account.

Legalities aside, if you are that concerned about the privacy being surrendered to Google in order to use this system then don’t sign up for it.

You can still download and use the new Desktop Search with most of its new features, but you don’t have to use the file sharing.

But what if you want to share files between computers?

Well, do what I did ? go to your favorite electronics store and buy a flash drive. I just bought a USB flash drive with over 2 gigs of storage for under $100. Now I can easily transfer anything between any computer with no worry of some government agency wanting to know what’s on it.

As I said, I do have the new Google Desktop installed, and I did look at the settings for the search and file sharing, but I didn’t turn them on. I have no need to be able to search my home computer from work and vice versa, nor do I need to share files between the two computers.

And if I did, I’ll simply use the FTP site I have set up on a computer at home or the aforementioned flash drive.

Really, when it comes to all the other ways that Google captures your personal data, from search history to Gmail, should we be all that concerned that some files may end up being stored on a Google server somewhere?

I think we should have other concerns. For example, I think we should be concerned about what Google already knows about us via those services I mentioned earlier.

I think business owners should be concerned that such a service would allow employees to easily steal and transfer data to and from work.

I think if you are that scared of the US government infringing on your privacy then you shouldn’t have a Google account, nor Google Desktop Search nor a Gmail account. In fact I don’t think you should have any Internet accounts because quite honestly everyone is a target for the DOJ. Further, I can almost guarantee you that your local ISP will fold and hand over the data much easier than Google will.

So before you start complaining about how Google could infringe your privacy, remember that YOU have the ability to stop it from happening. It’s just a matter of choosing to do so.

You have done, what most people think, are the major steps towards a secure network. This is partially correct. What about the other factors?

Have you thought about a social engineering attack? What about the users who use your network on a daily basis? Are you prepared in dealing with attacks by these people?

Believe it or not, the weakest link in your security plan is the people who use your network. For the most part, users are uneducated on the procedures to identify and neutralize a social engineering attack. What’s going to stop a user from finding a CD or DVD in the lunch room and taking it to their workstation and opening the files? This disk could contain a spreadsheet or word processor document that has a malicious macro embedded in it. The next thing you know, your network is compromised.

This problem exists particularly in an environment where a help desk staff reset passwords over the phone. There is nothing to stop a person intent on breaking into your network from calling the help desk, pretending to be an employee, and asking to have a password reset. Most organizations use a system to generate usernames, so it is not very difficult to figure them out.

Your organization should have strict policies in place to verify the identity of a user before a password reset can be done. One simple thing to do is to have the user go to the help desk in person. The other method, which works well if your offices are geographically far away, is to designate one contact in the office who can phone for a password reset. This way everyone who works on the help desk can recognize the voice of this person and know that he or she is who they say they are.

Why would an attacker go to your office or make a phone call to the help desk? Simple, it is usually the path of least resistance. There is no need to spend hours trying to break into an electronic system when the physical system is easier to exploit. The next time you see someone walk through the door behind you, and do not recognize them, stop and ask who they are and what they are there for. If you do this, and it happens to be someone who is not supposed to be there, most of the time he will get out as fast as possible. If the person is supposed to be there then he will most likely be able to produce the name of the person he is there to see.

I know you are saying that I am crazy, right? Well think of Kevin Mitnick. He is one of the most decorated hackers of all time. The US government thought he could whistle tones into a telephone and launch a nuclear attack. Most of his hacking was done through social engineering. Whether he did it through physical visits to offices or by making a phone call, he accomplished some of the greatest hacks to date. If you want to know more about him Google his name or read the two books he has written.

It’s beyond me why people try and dismiss these types of attacks. I guess some network engineers are just too proud of their network to admit that they could be breached so easily. Or is it the fact that people don’t feel they should be responsible for educating their employees? Most organizations don’t give their IT departments the jurisdiction to promote physical security. This is usually a problem for the building manager or facilities management. None the less, if you can educate your employees the slightest bit; you may be able to prevent a network breach from a physical or social engineering attack.

* Get many people to come to your website
* Get them to click on your Adsense links

Sounds simple enough. Get people into your website from Google search, then link out to an Adsense Ad. Search In ? Adsense Out.

Practically applying it to get sufficient commendable income, however, can be quite a challenge.

The first problem is how to get many visitors to your website.

That’s where Search Engine Optimization comes in. However, this is really easier said that done. It’s a bit of an artwork. You basically have to read the mind of an Internet user. What keywords would he use? Why would he visit your website? Do you have the content go get people interested enough to get to your website?

Basically, your goal is visibility. You have to be seen. You can do this using SEO or using traditional brand-building methods. Tell your friends, family and colleagues. If they have websites, politely ask if you could link with each other.

For those lucky few that are already on top of the search engines, this is not a problem. Others (including myself) would have to work hard at it. Look at FilipinoLinks.com. It’s been around for a very long time and has made quite a foundation. It would not be too difficult for its owners to tweak the website for SEO.

Experts have varied opinions on what to put in a website. Some say, put relevant important content ? with around 500-1000 words on each of your website. Some say provide simple 300 word news posts.

Another option to get clicks would be to advertise online for keywords. Adwords is an example of a tool that can allow you to do this. There will be marketing expenses in this scenario. The goal here is to get more Adsense income than Adwords Expenses ? which is really basic business sense. This is easier said than done, I tried it and got dismal results.

The next problem would be how to get visitors to click on Adsense links.

Well, the first thing that needs to be done is to get an Adsense account. It’s pretty easy to setup. After that, you need to put the Adsense links on your website. There are people who say make it blend it when the rest of your pages. Here, on my website, you can see my Adsense Ads that seem to be part of the overall theme.

Other experts say the more noticeable the advertisements, the more they will be clicked. In this case, the Ads stand out prominently ? with a different, and sometimes contrasting color scheme. One tip given was actually position the Google Ad right next to an image/picture. Viewers tend to click on picture links, so more income potential income there.
What does this all mean for a Filipino Entrepreneur?

In my point of view, it means opportunities. Although I have just started experimenting on all of this myself, there seems to be a real possibility of gaining a little revenue. For example, I started this website (last January) and have,in my first month I gained US$7 from Adsense. It’s not much but consider this:

* My expenses so far have been the webhosting (US$4 monthly), and domain name (US$3 for one year ? got it at a discount).
* If I continue getting US$7 a month, that would be, US$84 a year.
* My year’s hosting would be US$48
* My theoretical income for one year would be US$33.

There are other costs, of course, from writing the content for this website ? electricity, less time to do other things, etc? I didn’t include it yet. If you had pre-existing content, this wouldn’t matter to you. Just upload it and you should be ready.

For example, if you had a song lyrics database, you could find a pretty reliable web developer, have him upload your database, and include AdSense. Optimize it for search and you should soon get some revenue. It will probably not be big, but enough to get you interested.

I remember on my last test with the wordtracker application, “Pinoy Ako Lyrics” were some of the top keywords I found. People were actually looking for lyrics of Filipino songs. Since new songs come out every month, whoever gets the lyrics out soonest would be found earlier.

If you had a database of all Philippine Lotto Results ever since it began, you could probably have a statistics analyzer custom-made from your website. It could give suggested lotto numbers based on historical info. That would be something a lot of people would go to.

There are probably other more interesting opportunities for the web-savvy Pinoy entrepreneur. As long as you get people to your website, and get them to click on an advertisement, there will be revenue.