Google Plus on life support after Alphabet failed to disclose user data exposed in Spring

Google usually shuts down services faster than this, and before hundreds of thousands of accounts are compromised.

9

Hundreds of thousands of Google+ users have had their private data exposed. Alphabet apparently knew of the issues affecting the users of their social network platform and chose not to disclose this issue in the Spring of 2018. Silicon Valley was already in the crosshairs of regulators at the time, and apparently Google didn't want to draw any further attention from Capitol Hill.

According to a WSJ report, Alphabet plans to announce a ton of new data privacy policies that include shutting down all consumer functionality of Google+. “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesman said in a statement. “Whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response,” he said. “None of these thresholds were met here.”

Google says over 400 apps had access to unauthorized Google+ data and that nearly 500,000 users were directly affected by this bug. This bug allowed developers who were permitted access to a Google+ user's account to collect profile data of their friends even if the data was marked nonpublic in Google's privacy settings, according to WSJ's sources. Making matters even worse, the bug appears to have existed in Google+'s API since 2015.

Dozens of users are heartbroken by today's news. Dozens!
Dozens of users are heartbroken by today's news. Dozens!

This seems to be game over for Google's attempt to compete with Facebook and Twitter, and is a bad look for a company who prides themselves on keeping their users' data safe and secure. At a time when Facebook was under the microscope for their mishandling of user data, Alphabet was doing their best to not report seemingly material information to its users and shareholders.

This story is still developing...

CEO/EIC/EIEIO

Asif Khan is the CEO, EIC, and majority shareholder of Shacknews. He began his career in video game journalism as a freelancer in 2001 for Tendobox.com. Asif is a CPA and was formerly an investment adviser representative. After much success in his own personal investments, he retired from his day job in financial services and is currently focused on new private investments. His favorite PC game of all time is Duke Nukem 3D, and he is an unapologetic fan of most things Nintendo. Asif first frequented the Shack when it was sCary's Shugashack to find all things Quake. When he is not immersed in investments or gaming he is a purveyor of fine electronic music. Asif also has an irrational love of Cleveland sports.

From The Chatty
    • reply
      October 8, 2018 10:31 AM

      [deleted]

    • reply
      October 8, 2018 10:49 AM

      Some actual other good things too, if you are privacy-minded too that affects Android:

      "API changes will limit developers’ access to data on Android devices and Gmail. Developers will no longer receive call log and SMS permissions on Android devices and contact interaction data won’t be available through the Android Contacts API. That same also API provided basic interaction data, like who you last messaged, and that permission is also being revoked.

      As for the Gmail changes, the company is updating its User Data Policy for the consumer version of the email service. This will limit apps and the scope of their access to user data. Ben Smith, Google fellow and VP of engineering, writes: “Only apps directly enhancing email functionality — such as email clients, email backup services and productivity services (e.g., CRM and mail merge services) — will be authorized to access this data.”

      Any developer who has this access will be have to undergo security assessments and agree to new rules about data handling, like not transferring or selling user data for targeting ads, market research, email campaign tracking, or other unrelated purposes."


      https://www.theverge.com/2018/10/8/17951890/google-plus-shut-down-security-api-change-gmail-android

    • reply
      October 8, 2018 11:34 AM

      I wanted to like G+ when it was launched because of its centricity to the daily business of my life. Its user experience was klunky and confusing, however, it managed my data in a very opaque way, and it never iterated fast enough to offer a better value to those who were already invested in other services like Facebook's. Their only effective recruitment strategy was to capture users who were complacent or oblivious enough not to opt out of sharing features across Google's properties. In the end, the biggest demographic of G+ users were people who didn't know they were G+ users.

      Ironically, I'm so heartened by this news of Alphabet's privacy-boosting efforts that, were they to retain G+ in some fashion with these new policies in place, I might actually start using it again.

    • reply
      October 8, 2018 11:36 AM

      Is it management that keeps Fucking up at Google? Or just bad PR? All we ever hear is a string of bad news from them

    • reply
      October 8, 2018 4:26 PM

      Well... Niantic/Ingress has one more thing they have to deal with now. They've made extensive use of G+ over the years. Ban appeals, portal edit appeals, their main source of news. All on G+.

      I'm screwing around on Mastodon now. https://mastodon.social/@artilectzed/

Hello, Meet Lola