Don’t Do This, You Gave NIMW It’s Start

.jpg photo of graphic of Google+ announcement of closing
Google announced that it will shut down the consumer version of Google+ following the discovery of a bug that it opted to keep secret.

Google+ to shut down following bug that
exposed 500K profiles

Google yesterday announced that it will shut down the consumer version of Google+ following the discovery of a bug that it opted to keep secret.

In a blog post, the search giant framed the decision as one that makes sense given that very few people actively use Google+—”90 percent of Google+ user sessions are less than five seconds,” writes Ben Smith, a Google Fellow and VP of Engineering—and it doesn’t warrant the work required to keep tabs on developers.

But as the Wall Street Journal reports, the move comes after Google discovered a bug that left private user information open to developers in March, but declined to alert users for fear of regulatory scrutiny.

“A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger ‘immediate regulatory interest’ and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica,” the Journal says.

Google CEO Sundar Pichai reportedly knew about the plan to forego notification.

In the blog post, Smith says Google discovered the bug in March as part of Project Strobe—”a root-and-branch review of third-party developer access to Google account and Android device data and of our philosophy around apps’ data access.”

The bug, according to Google, meant that third-party apps had access to “profile fields that were shared with the user, but not marked as public,” like name, email address, occupation, gender, and age. Google+ posts, messages, Google account data, phone numbers, or G Suite content were not accessible.

“We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused,” Smith says.

The bug, which Google patched in March, affected about 500,000 Google+ users. Was yours one of those accounts?  Sorry, there’s no way to tell.

“We made Google+ with privacy in mind and therefore keep this API’s log data for only two weeks,” according to Smith.  “That means we cannot confirm which users were impacted by this bug.”

According to Smith, the vulnerability didn’t rise to the level of requiring a notification.  “Every year, we send millions of notifications to users about privacy and security bugs and issues.  Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” he says.

It remains to be seen if regulators agree.  Uber kept a 2016 data breach secret, and that just resulted in a $148 million fine.

The Google+ shutdown, meanwhile, will occur over the next 10 months, so get your fill before August 2019.  If you use the service for work, though, Google+ is not going anywhere.

“Our review showed that Google+ is better suited as an enterprise product where co-workers can engage in internal discussions on a secure corporate social network,” Smith says.  “Enterprise customers can set common access rules, and use central controls, for their entire organization.  We’ve decided to focus on our enterprise efforts and will be launching new features purpose-built for businesses.  We will share more information in the coming days.”

As part of the announcement, Google also promised to give users “more fine-grained control over what account data they choose to share with each app.”  If an app wants access to a Calendar and Drive documents, for example, you can opt to share one but not the other.

Google will also “limit the apps that may seek permission to access your consumer Gmail data,” while Google Play will limit which apps that can ask for a user’s phone (including call logs) and SMS data.

2 thoughts on “Don’t Do This, You Gave NIMW It’s Start”

  1. Yep they are going to do this.
    (By the way it’s a heck of a story for me to finally be able to get one of your posts to load again. )
    But we got 10 months to go yet. Maybe they will change their mind but who knows. ?

    Liked by 1 person

    1. Keith, it is great to hear from you!
      I can’t imagine why our posts wouldn’t load, both our sites have been designed to be very responsive(device friendly).
      I am going to email you later, so we can talk about this there.
      Sincerely,
      Robert

      Like

Fill it out, don't be a stranger forever.

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.