Google Exposed Private Data of Hundreds of Thousands of Google+ Users and Then Opted Not To Disclose, Report Says (wsj.com) 133
Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, WSJ reported Monday, citing people briefed on the incident and documents. From the report: As part of its response to the incident, the Alphabet unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook and is widely seen as one of Google's biggest failures.
A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, [Editor's note: the link may be paywalled; alternative source] when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google's legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica. Update: In an announcement Monday, Google said it was shutting down Google+ for consumers: We are shutting down Google+ for consumers. Over the years we've received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+. This review crystallized what we've known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds. Google+ still receives north of 200 million page views every month on the web, according to SimilarWeb, a third-party web analytics firm.
A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, [Editor's note: the link may be paywalled; alternative source] when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google's legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica. Update: In an announcement Monday, Google said it was shutting down Google+ for consumers: We are shutting down Google+ for consumers. Over the years we've received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+. This review crystallized what we've known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds. Google+ still receives north of 200 million page views every month on the web, according to SimilarWeb, a third-party web analytics firm.
Fake News (Score:5, Funny)
Google + never had hundreds of thousands of users.
Re: (Score:3)
Google + never had hundreds of thousands of users.
If you had any google account they created a blank Google + account for you. Rather than leave mine blank I went ahead and filled it with all sorts of fake information and then never returned. I think on mine I went to Harvard, competitively wrestle bears for a living, and live in Turkmenistan. Or something like that- and have some obviously fake name.
I never miss an opportunity to provide fake data as noise to any company that tries to get information on me.
Re: (Score:1)
As someone who wrestles harvard educated bears in Turkmenistan for a living i find your post offensive! And are you telling me your real name isn't McWeany? Are you even Scottish?
Re: (Score:2)
As someone who wrestles harvard educated bears in Turkmenistan for a living i find your post offensive! And are you telling me your real name isn't McWeany? Are you even Scottish?
I was educated at Harvard. The bears I wrestled were only educated at Yale.
Re: (Score:2)
I seem to recall I had to pretend to be from some island nation for them to allow me to have just one name. The old "real name" policy required you to have two names, a problem for quite a lot of people. They noticed this early on and made an exception for some countries.
Re: (Score:2)
If you had any google account they created a blank Google + account for you. Rather than leave mine blank I went ahead and filled it with all sorts of fake information and then never returned. I think on mine I went to Harvard, competitively wrestle bears for a living, and live in Turkmenistan. Or something like that- and have some obviously fake name.
I never miss an opportunity to provide fake data as noise to any company that tries to get information on me.
I do something similar with important info for sites that don't really need it. I'm just waiting for the day I get denied something by a 3rd party because my real info doesn't match up with my fake info.
Re: Fake News (Score:1)
Try to avoid having any real info to reduce the chances of this happening.
What a coincidence... (Score:5, Insightful)
It's the same thing that happened with Facebook. It's almost like building these massive siphons of personal data inherently leads to massive personal data leaks...
Re: (Score:1)
So long as personal data leaks cannot be readily tracked to individuals thereby bypassing the Facebook/Google gatekeepers, there will be little to no incentive to actual stop these leaks. The real joke of it is that there is no real need for day-to-day monitoring of most people. Beyond a certain point, enough of a portfolio will be constructed of a person to adequately describe their ad prefe
Re:What a coincidence... (Score:4, Interesting)
No, but building APIs that allow third parties to gain access to data inherently leads to massive personal data leaks, because A. the most tech-savvy users have no good way to know whether those third party apps are using their data appropriately or not, and B. your average user will click "Install" for any app that their friends recommend, as long as it promises cute pictures of kittens and puppies or whatever.
The apathy clearly cannot be solved, and detection probably cannot be solved, either, so I'm not sure how to prevent abuse, or even *if* abuse can be prevented. I think the only approach that even has a prayer of working would be to require third-party apps to run in a pure web-based sandbox that prevents sharing data outside the sandbox, and even then, it's probably only a matter of time before someone finds a way to make such a sandbox leak.
Re: (Score:2)
All abuse of Google+ ceases today, or whenever they close it. Hope facebook won't be far -- 5 years?
Re: (Score:2)
I'd like to see Facebook wall off their API. From my perspective, I'm okay with sharing information with my friends, but I'm not okay with sharing that information with whatever random app those friends might decide to run within the context of their Facebook account. And right now, FB doesn't provide any real protection against that, as far as I can tell. I'm not even sure how feasible it would be for them to add that sort of protection. And that concerns me somewhat. I find myself sharing less as a r
Re: (Score:2)
There was a time when I thought people who said things I do now were conspiracy theorists, but I don't even want to share my data with my "friends", not through Facebook anyway. I filled my account with fake info and periodically delete all my posts and likes so FB is little more than a contact list for me. Much of the time my account is deactivated. Judging by your and my example the use trend for FB is downward.
Re: (Score:2)
Comment removed (Score:3, Informative)
Re: (Score:2)
IT'S NOT RICO, DAMMIT [popehat.com]
Re: (Score:1)
Re: (Score:2)
Well, at a minimum Google has shown they have absolutely no credibility when they talk about protecting the massive amount of information they gather about their users.
They could be knowingly leaking it all over the place and you’ll never know.
Journalists. (Score:2, Interesting)
A journalist wrote this. So it must fit into a continuing narrative that follows on from Facebook's Cambridge Analytica problem. Thus parallels will be drawn and details filled into establish this equivalence. We see exactly this in TFA. This is what journalists do. Take a (probably complex or subtle) technical problem and fit it into an existing mental model.
It's called lying.
Something in tech happened. It's probably not good. The Wall Street Journal is not the publication to tell you about it. They will t
Re:Journalists. (Score:5, Insightful)
I don't think there are better options here. Maybe it's a sad reflection on the state of journalism that it's come to this, but even if you weren't so cynical (or perhaps too much of a realist if I'm allowed to be cynical) I would say that getting your news from a single source is a bad idea regardless of how much trust you put into journalism. Fortunately, there's a wide variety of news sources and while each might have their own individual biases or way of framing the story, there are probably a set of facts that can be shaken out of the different narratives they are all weaving.
Re: (Score:2)
My cynicism/realism comes from every news-reported event for which I have direct personal knowledge. I can count 5 off the top of my head and there are a few more out there. In every instance, a false narrative was written, even when I talked directly to the journalist and made entirely sure that they knew exactly what was going on. Thus I learned how their job is not to report events and explain. Their job is to form stories that people will read and which will improve their standing as a journalist.
I woul
Re: (Score:2)
Why not? I'm techy. I'm in the security business. There absolutely is stuff that can be known. Admitting you don't know stuff on Slashdot seems like a challenge for many. I'm asserting that after reading the WSJ article, I still don't know what has happened or why.
Re: (Score:2)
You are right that it is a journalist's job to form a story that people will read. It's a flawed system. However, alvinrod is also correct that for many it is the most accurate way get information. Even if you know someone on the inside then you have to asses how trustworthy they are. It's also likely they could lose their job if they talked about something like this to someone on the outside.
I find that I usually end up taking in data from multiple sources to form an opinion. I also found a website, https: [allsides.com]
Re: (Score:2)
Well it's a pretty straight line linking the four things. The end result being poor security options in Linux. Catch me in a bar and I'll explain and name names.
Reputation of Journalists et al. (Score:3)
Wow! An insightful mod that actually seems justified.
There is a solution here, and it could even begin with Slashdot. Isn't there a song about "Let it begin with me"?
What if there was a system to accumulate and display the characteristics of sources? In your comment, the key dimensions would be those related to trust. Low for a PR shill and high for a good journalist. In theory, there are still some trustworthy people in the government, and such a system would help distinguish them from the others...
The sim
Re: (Score:1)
It was the memo prepared by Google's legal and policy staff that warned that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica.
A journalist, from a reputable investigative newspaper, has received a copy of that memo and written a story about it.
Now, who is lying? I think it's you.
Re: (Score:1)
All the interpretation is coming from the journo. My long experience with this sort of thing informs me that reality is probably different.
How about - Google+ wasn't making any money. Let's kill it now. + There was an information leak of some undefined form - and the two are unrelated. I don't know if that's true - I just made it up, but the arrow of causation is from the journo and all I did was delete it.
Re: (Score:1)
You're missing his entire point. Good job.
Re: (Score:3)
The memo doesn't state they are closing g+ due to a privacy breach.
He is stating that these journals look for links and make them without actually know - or checking - if the link is valid.
Google's Biggest Failure (Score:5, Insightful)
The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook and is widely seen as one of Google's biggest failures.
Google,
Exposing the private data of hundreds of thousands of Google+ users and then choosing not to disclose the issue is a bigger failure than Google+ could ever be.
You're very evil,
AC
Re: (Score:2)
Google has never been some altruisitc or nice company. You naive idiots put way too much stock into an informal motto.
Re: (Score:1)
Re:Google's Biggest Failure (Score:5, Insightful)
The data breach is also likely to cost money from Google itself. They're legally required to disclose this stuff in a timely manner, and they are almost certainly going to face a big class action suit both for the data breach and for the failure to disclose. That's at least going to cost them some money defending the suit and potentially a lot of money if there's a judgment against them.
Re: (Score:2)
So I can finally get something out of my g+ account?
Re: (Score:2)
not disclosed because it would draw reg scrutiny (Score:2, Insightful)
opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny
Aren't they required by law to disclose data breaches/exposure? How does a coverup help when your company is large enough that *someone* will blab?
Re: (Score:1)
Besides: "Paging Barbara Streisand...is there a Barbara Streisand here?"
Re: (Score:2)
Yes.
However, there was no breach of security. There was an issue that was discovered that COULD have exposed user data, but it was determined it was never independently discovered or exploited actually steal user data.
I "could" hit you is very different from "I did" hit you.
Re: (Score:2)
Again another Google products dies (Score:2)
Google+ dies, Google's long term prospects are not good, no one is going to trust using your products because you might just kill it.
Re: (Score:1)
Google+ was never alive in the first place. Digg probably has more active users than Google+.
Re: (Score:2)
I'm on google+. I actually get more updates there than on Facebook (mostly because facebook is dying and I never joined any "groups" on facebook). The best part of G+ is that it is not Facebook. Its method of segregating your posts to different groups (circles) is pretty nice; Facebook has nothing as comprehensive as that and really is not a suitable replacement for google+.
Sure it's not huge, but neither is slashdot. So why are slashdot readers concerned about the popularity contest?
Re: (Score:2)
I mean if Amazon do the Google approach, Amazon would have shut down years ago.
Report no evil (Score:4, Funny)
Report no evil
We are shutting down Google+ for consumers (Score:2)
Consumers? Wouldn't at some point a technology company think of referring to people as "users" or "customers"?
"Consumers" implies what we should all already know, of course... but I still found it notable.
Re: (Score:1)
Google's customers are advertisers.
Re: (Score:2)
Apparently there are enterprise users of Google+, news to me. What they mean is that they'll keep enterprise Google+ but get rid of the general public version. The enterprise version will still have users and customers.
Fix the search syntax then (Score:4, Insightful)
Re: (Score:2)
Re:Fix the search syntax then (Score:4, Informative)
It's replaced by the quote syntax
Put double quotes around the term that must be included in the results. You can precede the quotes with a minus to exclude it.
Re: (Score:2)
That's what Google said when people first complained about the usurping of the "+" operator.
At that time, there was a clear difference: Quoting a term was used to indicate that the phrase must be as is. "Search syntax" would get a hit on that exact phrase, not just any result that included the words search and syntax somewhere. But it did not mean that the phrase was required.
Between then and now they may have changed it so that a quoted phrase is a required term. But if so, then how do you indicate
Re: (Score:2)
I'm trying to come up with a hypothetical use case scenario of, "I want this phrase exactly like this or not at all!" and I just ... when would you DO that?
Re: (Score:1)
Re: (Score:2)
Perhaps the problem is that I DON'T work for Google or that I don't use the search features in such a way, but the difference in how quotation marks and the plus sign are used just don't make sense to me. Hudsucker in the other line of discussion born from my first post does come up with a reasonable use case (wanting "white hat" OR "penetration test", but not necessarily both on the same page and definitely not "hat test"), but I rarely find myself looking for things with multiple names like that.
Re: (Score:2)
Then why would you want pages without exactly that phrase?
Re: (Score:2)
It is the same as in any Google query: you can enter a number of search terms that you think may be in the result, but they don't all have to be. (Compare this to AltaVista, where every term was mandatory.)
All we're doing here is the same concept with one or more phrases. For example, maybe I want to find pages with "red team", "penetration test", or "white hat" (perhaps along with other terms), but I don't require the hit to have all three phrases. And I don't want to get returned every page that tal
Re: (Score:2)
Boo fucking hoo. Switch to duckduckgo or bing or something then. Google doesn't have a monopoly on search.
Re: (Score:2)
Re: (Score:2)
It means multiple facebook accounts so that your satanic ritual orgy posts don't accidentally get seen by your mom.
Just you wait.... (Score:2, Interesting)
Just you wait until something like this happens to all the data people, companies, schoolchildren, etc are shoveling into the G-suite without an apparent care in the world about who now controls their data.
It's gonna be spectacular.
Google needs to just die (Score:1)
seriously.
Plenty of other search engines and webmail providers out there. No reason to reward an evil manipulative entity that pretends it's not evil.
Sadly, failure is no longer the price of EVIL (Score:3)
While I agree that the google has become quite EVIL this is another case of EVIL having no relation to the price of tea in China. I arrived at your comment early in my searches for humor or insight. I don't spend (= waste) much time searching for such on Slashdot these days. The wells have run dry over here...
But here are my initial thoughts on this topic, and then I'll rummage around a bit more to see if anyone shares them. Even better if someone has improved upon the ideas. Rarely happens lately, but hope
Re: (Score:1)
(6) I wish the owners of the Barney Google trademark would sue the google and take the name away from them.
On what grounds could they possibly sue? That mark's registration is only for a cartoon series as it's Goods & Services which has zero applicability to Google and its registered mark.
Do you even know how trademarks work or are you just some ignoramus playing pretend lawyer?
Re: (Score:3)
Okay, I understand that you're too stupid to get the joke. So why are you braying like a jackass?
Oh yeah. I forgot. Because for you it's just another throwaway identity. After too many people notice what a feeble dweeb you are, you just throw it [identity 1608317] away and get a fresh sock puppet and start over as a fresh dweeb.
I'd try to explain, but you've already established your baseline and it would be boring and a waste of time. Looks to me like this "conversation" can be regarded as terminated.
Join the club (Score:2)
More garbage forced on end-users with no way to disable - it's almost as if they failed to learn anything from Buzz. Looking forward to the impending death of Hangouts in whatever rebadged form it takes next. Google should really just stick to the basics - and I say this as a long-time Google Apps for Your Domain customer, where it is at least possible to shut most of these semi-aborted features off.
Mostly finished (Score:1)
What actually happened is they got 80% of the way to a complete and well executed disclosure and then stopped.
Typo in our motto (Score:3, Funny)
Re: (Score:2)
Well good riddance (Score:3)
"... our engineering teams have put a lot of effort and dedication into building Google+ over the years,"
That's nice, but what they really did was what they do always. They asked themselves, what would Apple do? So they made something where it isn't clear what the timeline is, because posts are all over the page. Where you can't tel; what came when, because they did they same thing they do in GMail, which is something cute like "2 weeks ago", rather than the date itself. To Facebook's credit, they put everything on the page, you may have to look for a setting, but it's all there and it's usually obvious where to go for the commonly-used functions.
Everybody has privacy issues, but Google tells you what they think is important for you and takes away the rest. Then they muck is all up with a pretty-looking but half useful UI.
ok fine (Score:2)
Now, bring back Latitude on Google Maps.
When Latitude was shut down, we were told to do Google+ instead. It's fun it's easy etc etc. In actuality, as we all found out, it was a wasteland of (1) a few people who wanted to be on a social network that wasn't Facebook, (2) people who will join anything, and (3) people who had a use for the Latitude functionality.
Ok, so the first group is screwed. Nothing to be done for that. The second group probably won't even notice. Now is the time to do the right thing
Re: (Score:3)
2017 called, they want their new Maps feature back
https://9to5google.com/2017/03... [9to5google.com]
Location sharing has been in Maps for over a year now, It's no longer in Google+. Way to keep your finger on the pulse. It's even in wikipedia https://en.wikipedia.org/wiki/... [wikipedia.org]
Re: (Score:2)
What the hell. Really. Ok, I'll take that ribbing. Thanks for the info.
5 second session? (Score:2)
Of course. People use Google+ to sign in to things. They've created accounts on other websites with their Google+ account as the oauth sign in.
Killing Google+ will kill those accounts. Dick move Google.
Re: (Score:2)
People use Google+ to sign in to things.
And all who did this so much deserve to be punished for their laziness and stupidity. Just like those who don't do backups deserve to lose data. They also deserve some condescending shaming by those who are less stupid, less lazy, and better prepared.
An ad company (Score:2)
The users are the product.
And where (Score:2)
Where can I now have good old fashioned discussions with people about stuff?
Google plus discussions seemed to be as varied as I could imagine. There was not an apparent filter bubble. I discussed things with people that I would see as left wing and even people from the USA that considered themselves conservatives.
Where am I going to get this wide a discussion area? The last I heard, there were no newsgroups anymore. Are the commentators that have told me for ?a decade? going to fix facebook?
karma-- syntactic earmark (Score:2)
In related news, Google has promptly re-enabled the use of the + sign as a quick way to mark a search term as required.
Ha ha ha ha ha! Charlie Brown.
But no, even thought their karma will never quite overcome the + expropriation event, I doubt they will ever reverse this spectacularly arrogant syntactic earmark.
Re: (Score:2)
How dare they not uphold a completely informal motto that was never legally-binding in any way! This is my shocked face.