Google Docs and confidentiality
Thread poster: Alexandre Chetrite

Alexandre Chetrite
France
Local time: 16:15
English to French
Jan 18, 2011

Hello,

When you send documents using Gmail, the recipient can open them using Google Docs (without saving them on their computers) and then Google Docs send a link back by e-mail to be able to access the document later.

Questions: what about confidentiality of information? Are the documentsstored on Google servers and how long? Can they be accessed by somebody else? Is it possible to deactivate this Goodle docs option(automatic using gmail)

What are the security risks?



Best regards,


Direct link Reply with quote
 

Valeria Sciarrillo  Identity Verified
Italy
Local time: 16:15
English to Italian
+ ...
Zipped files Jan 18, 2011

Hello Alexandre,

Maybe you could bypass this feature by sending zipped files only, if your client agrees. Try sending yourself a zipped .doc file, and check if Google has an unzipping built-in feature.

Kind regards,
Valeria


Direct link Reply with quote
 
Joakim Braun  Identity Verified
Sweden
Local time: 16:15
German to Swedish
+ ...
Don't Jan 18, 2011

Of course Google stores the documents. Otherwise how would the link work?

This is simple: Don't ever work with Google Docs, or any other kind of server storage, if you're supposed to provide real confidentiality.
(The security is probably fine as it goes, but there are way to many possible back doors.)


Direct link Reply with quote
 

Alexandre Chetrite
France
Local time: 16:15
English to French
TOPIC STARTER
About zipped files in Gmail Jan 18, 2011

Hello,

I confirm that Gmail can't open zipped files in Google docs..but maybe later it will be able to do so.

In the meantime I don't think it is sound from Gmail to automatically store attached e-mail files on their servers with a direct link. A hacker could very well access these attachments way after the e-mail has been received/processed.

I know that e-mails are deleted from the e-mail servers some time after being sent (well I hope!), but I don't know after how much time attached files are deleted from Google servers (for Google doc viewing)...

A user can chose for e-mails to be stored on the e-mail servers, but then the user won't be able to access it if he accidentally loses it..So most people enable this function. Web-based e-mail clients need this function enabled too...

Good day.


Direct link Reply with quote
 

Simone Linke  Identity Verified
Germany
Local time: 16:15
Member (2009)
English to German
+ ...
E-mails and Google Docs Jan 18, 2011

The documents are, of course, stored on the Google server because how else could they be delivered to the recipient's mailbox?

This has nothing to do with Google docs per se.

Now, regarding your problem, I understand you're referring to the option to have a preview of the Word files sent to you without downloading them first, right?

If you try it yourself, you will notice that in this (Google Docs) preview window, the recipient of the emails has to save them first before any sharing of the docs becomes possible (top right corner). That means these documents aren't per se accessible for everybody. If someone found out the link to one of these docs (highly unlikely), they'd get the login screen when trying to click on the link because these docs are only accessible via the respective user account.

Now, of course, hackers could hack into your account and they have done so already - even with big Google - but you should keep in mind that your e-mail travels around the world before reaching the recipient's mailbox. Unless you use secure e-mail methods, your mails are like postcards and can be read by whoever wants to read them (and has the skills to intercept them). If you want absolute confidentiality, use e-mail encryption or do not use e-mails at all.


Direct link Reply with quote
 

Alexandre Chetrite
France
Local time: 16:15
English to French
TOPIC STARTER
About security risk Jan 18, 2011

Dear Simone Linke,



I agree that encrypted e-mail is better than non-encrypted e-mail.It's just that until now I didn't have any problem with e-mail security.However you made me think and I will try finding a better way to send e-mails.

And I also agree that the security risk is very small because the e-mail travels all around the word and there are billions of e-mails sent each day...However IF it has to happen one day , the client may sue the translator (even years after??)...And I will do my best so that it does not happen



Good day


Direct link Reply with quote
 

Simone Linke  Identity Verified
Germany
Local time: 16:15
Member (2009)
English to German
+ ...
Another option.. Jan 18, 2011

Another option - although also a possible prey for hackers - would be to use your own Webspace / FTP server. Some of the agencies I work with send me a link to the translation files on their secure FTP server, and in a separate mail, they send the password for the protected files. That means, not only are the files stored in a (more or less) secure location but each individual file is also protected with a unique password.

Of course, if the recipient's account has just been hacked, the hacker will have access to this file, BUT I don't see how you could be sued in this case because the client's account got hacked and you didn't do anything wrong.

Also, if you put your translations on your own server and let the client download them, you can delete them after a week or so, and then it's the client's responsibility to ensure their subsequent confidentiality if needed. Thus, you will have more control over the files than you would have if you sent them via e-mail.


Direct link Reply with quote
 

Tomás Cano Binder, BA, CT  Identity Verified
Spain
Local time: 16:15
Member (2005)
English to Spanish
+ ...
Get a proper email Jan 18, 2011

My general advice in this matter is to pay an Internet Service Provider for a proper email with your own domain name on it. Using Gmail does not only look unprofessional (to me at least), but could also pose risks like the ones you mention.

Direct link Reply with quote
 

Alexandre Chetrite
France
Local time: 16:15
English to French
TOPIC STARTER
About Online web storage sites (mediafire , megaupload, etc) Jan 18, 2011

Hello,

That is an interesting point. What about online storage websites such as mediafire.com, and megaupload.com? I haven't read their Terms and conditions, but I believe they would not be responsbile if a hacker accesses my files on these hosters?

What would you answer to a client who accuses you of negligence and sues you and you know you haven't done anything wrong?

Anyway, as long as there is an unencrypted transmission , there is a higher risk.


Direct link Reply with quote
 

Simone Linke  Identity Verified
Germany
Local time: 16:15
Member (2009)
English to German
+ ...
Not relevant in this case - unfortunately Jan 18, 2011

Tomás Cano Binder, CT wrote:

My general advice in this matter is to pay an Internet Service Provider for a proper email with your own domain name on it. Using Gmail does not only look unprofessional (to me at least), but could also pose risks like the ones you mention.


The problem in this case is that it doesn't matter what kind of e-mail you're using. If the recipient uses a gmail account, the mentioned Google Docs issue arises, because it's the recipient who can open the files in a Google Docs preview window. The sender can only send file formats that are currently not supported by Google Docs, but even then, the sender has no influence on how long the recipient will let the files sit in his/her gmail account. :-/


Direct link Reply with quote
 

Simone Linke  Identity Verified
Germany
Local time: 16:15
Member (2009)
English to German
+ ...
No external hosts Jan 18, 2011

Alexandre Chetrite wrote:

Hello,

That is an interesting point. What about online storage websites such as mediafire.com, and megaupload.com? I haven't read their Terms and conditions, but I believe they would not be responsbile if a hacker accesses my files on these hosters?

What would you answer to a client who accuses you of negligence and sues you and you know you haven't done anything wrong?

Anyway, as long as there is an unencrypted transmission , there is a higher risk.


Personally, I wouldn't use such external hosts because I'd always be afraid of (unintended) filesharing or whatever.. I'm sure many of these sites are very professional but given the not so professional sites amongst them, I'm always wary about it.

Regarding client accusations:
I have my own Terms and Conditions and these include a paragraph on circumstances beyond my control and on the fact that no e-mail or Web transmission can ever be 100% sure (which is also true for snail mail). I'm not a lawyer but I'm pretty sure that - as long as you use adequate security measures - there isn't really much that could happen to you. (Plus, a proper insurance should also cover you in such cases.)
Adequate measures and behavior should include all the things common sense dictates:
- don't give passwords to others
- don't use your e-mail account on public computers
- don't send protected files + password in the same e-mail
- don't put confidential files on your website
- etc.

You get the point.

There will always be a tiny risk, but if even the giants (Google, Microsoft...) aren't fully immune, I don't think you should worry about things that are really beyond your control.


Direct link Reply with quote
 

Samuel Murray  Identity Verified
Netherlands
Local time: 16:15
Member (2006)
English to Afrikaans
+ ...
The alternative Jan 18, 2011

Simone Linke wrote:
Alexandre Chetrite wrote:
What about online storage websites such as mediafire.com, and megaupload.com?

Personally, I wouldn't use such external hosts because I'd always be afraid of (unintended) filesharing or whatever.


Whether you use Gmail, or your own ISP's servers, or megaupload.whatever, etc... you always trust someone else to take care of security. Perhaps you get more personal service with a small ISP but perhaps you get better security with a large international company -- who knows? Unless you host your mail server right there on your own computer, you're always in the hands of someone else. And don't forget that you need to transfer the files to your client securely... in other words, he must log in to your computer directly to get his files.


Direct link Reply with quote
 

Yasutomo Kanazawa  Identity Verified
Local time: 23:15
Member (2005)
English to Japanese
+ ...
@ Simone: A bit off-topic Jan 18, 2011

Simone Linke wrote:

Another option - although also a possible prey for hackers - would be to use your own Webspace / FTP server. Some of the agencies I work with send me a link to the translation files on their secure FTP server, and in a separate mail, they send the password for the protected files. That means, not only are the files stored in a (more or less) secure location but each individual file is also protected with a unique password.

Of course, if the recipient's account has just been hacked, the hacker will have access to this file, BUT I don't see how you could be sued in this case because the client's account got hacked and you didn't do anything wrong.

Also, if you put your translations on your own server and let the client download them, you can delete them after a week or so, and then it's the client's responsibility to ensure their subsequent confidentiality if needed. Thus, you will have more control over the files than you would have if you sent them via e-mail.



Hello Simone,

Let me add one thing to what you wrote.

If you really want to shut out the hackers, you should ask your client to send the password for the protected files via FAX, not email. That's what I used to do (and was told to do) when I worked as an office worker where I had to handle confidential information. Like you wrote earlier, emails travel around the world and could be read like postcards. Just my 2 cents and sorry for the OT.


Direct link Reply with quote
 

Clive Phillips  Identity Verified
United Kingdom
Local time: 15:15
Member (2009)
German to English
+ ...
Security risks Jan 18, 2011

I agree with Simone: "If you want absolute confidentiality, use e-mail encryption or do not use e-mails at all." If you don't use proven and reliable email encryption, confidentiality is compromised.

Even the best of firewalls is not impregnable: anything on the Web is potentially accessible by those without a need to know.

The more secure ways are to do the translation on the end-user's PC or network and on their premises, or to save the translation on removable media only and then hand-deliver it. Time and distance often militate against these solutions.

Sending it by courier or recorded mail service is more secure than email but nevertheless entails the risk of loss or theft.


Direct link Reply with quote
 


To report site rules violations or get help, contact a site moderator:


You can also contact site staff by submitting a support request »

Google Docs and confidentiality

Advanced search






Wordfast Pro
Translation Memory Software for Any Platform

Exclusive discount for ProZ.com users! Save over 13% when purchasing Wordfast Pro through ProZ.com. Wordfast is the world's #1 provider of platform-independent Translation Memory software. Consistently ranked the most user-friendly and highest value

More info »
SDL MultiTerm 2017
Guarantee a unified, consistent and high-quality translation with terminology software by the industry leaders.

SDL MultiTerm 2017 allows translators to create one central location to store and manage multilingual terminology, and with SDL MultiTerm Extract 2017 you can automatically create term lists from your existing documentation to save time.

More info »



Forums
  • All of ProZ.com
  • Term search
  • Jobs
  • Forums
  • Multiple search