Slashdot Mirror
Gmail Reveals the Names of All Users
ihatespam writes "Have you ever wanted to know the name of admin@gmail.com? Now you can. Through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account yourself. Depending on your view this ranges from a harmless "feature" to a rather serious privacy violation. According to some reports, spammers are already exploiting this "feature"/bug to send personalized spam messages."
I mean really... Does anyone with a lick of sense actually give their real name to a free web-based service?
The person(s) responsible for this bug is going to have a nice and very uncomfy meeting with their supervisor very soon...
If I was worried about privacy with my gmail account, google wouldn't have my actual name to have the ability to give it out.
With their track record of leaking information and giving it to whatever business asks them for it; why would anyone trust them with actual true information anymore?
This is exactly why I remain leery of applications in the cloud. I've got a google account for work, and that's the only use it ever sees. And it's under real.name.company anyway, and has no other useful information associated with it.
I try really, really hard not to leave to broad a trail online. Those databases just never die (except when they do, of course - but the timing is subject to Murphy's Law, so it's never in my favor).
I'm gonna go hide in my cave now.
cogito ergo dubito
If this story was about a similar bug with Hotmail and Windows Live Calendar, yes it would.
"It's a reverse vampire...they....they crave the sun!"
I mean really... Does anyone with a lick of sense actually give their real name to a free web-based service?
I have difficulty believing the title of my reply will become true. I'd like to believe no one will ever let this happen, but here's a recent Slashdot post that raises some alarm:
"The access to MySpace was unauthorized because using a fake name violated the terms of service. The information from a "protected computer" was the profiles of other MySpace users. If this is found to be a valid interpretation of the law, it's really quite frightening. If you violate the Terms of Service of a website, you can be charged with hacking. That's an astounding concept. Does this mean that everyone who uses Bugmenot could be prosecuted? Also, this isn't a minor crime, it's a felony punishable by up to 5 years imprisonment per count. In Drew's case she was charged with three counts for accessing MySpace on three different occasions."
Fact: Everything I say is fiction.
Not yet but soon, just wait for the medical data to be compromised in a similar way.
I was called a heretic for suggesting that "Google does not know all..."
Guess I owe some folks an apology...
Really, did anyone not see this coming? The company advertised that they read your email.
The society for a thought-free internet welcomes you.
Given that my Gmail email address is my real first and last name, separated by a period, I don't think it's a big deal that my real name will be revealed through the calendar. I don't care. There are a million of me out there anyway. I've Googled my own name before and found that I'm several professors, an artist, a few musicians, a business owner or two, and a bunch of other things. I didn't find myself in there even after wading through about 300 results. So this ain't an issue. But if your name is Rumpelstiltskin DiScrewdio, then you're screwed because there's only one of you out there.
McCain/Palin '08. Now THAT's hope and change!
Ok...so I only see this as an issue for people trying to hide their identity for something nefarious. I mean christ, I give out my full name a dozen times a day to people I don't know. "Hello, we have a circuit down and need to open a ticket." "Hello, I have a few questions about your product." and damned near every other statement you might make when calling another company is almost IMMEDIATELY followed by "Can I have your name please?" Of course this is after they answer the phone "Hello, my name is..."? Now granted they don't always use their last name if they are just phone jockeys, but almost anyone worth anything in terms of sales/technical/etc reps will give you their full name, email address, phone number, etc.
In other news, purchasing cigarettes and alcohol require you to disclose your first and last name when you show your ID! Even worse, there are rumors that every time you make a purchase using anything other than cash you have to disclose your first and last name. This isn't a privacy issue, maybe a privacy irritation, but certainly not anything to get in a ruffle about. It isn't like names are even really unique identifiers. Now if it revealed birthdays or SSNs or credit card numbers or something then I would understand.
Course, maybe there is something here I am ignoring. Do the people getting in a ruffle about this freak out when someone of the opposite sex asks their name? "Oh my god they are trying to invade my privacy!" Generally it is considered "normal" to give them your name so they have something to call you other than "freak" or "uberhax4234".
The only change I can believe in is what I find in my couch cushions.
Honestly - your name isn't a secret...
and if you're trying to hide your identity and you put your real first / last name into a free service, you're a moron.
Don't tell me that I'm the first person on ./ to know that the REAL NAME of admin@gmail.com is "smart ass"!
And to think I'm only posting as A.C.! Oh the shame!
No, but it constitutes a serious bug. Evil usually requires intent. Stupidity, on the other hand, can be completely unintentional.
Man, the word 'Beta' is becoming like patents in terms of length.
If only Microsoft had released Vista Beta instead we'd have no reason to complain!
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
Frankly, Google seems to be gathering excessive power and not doing so well on the responsibility part. In general, they have become far too helpful to spammers, so I suggested a way that Google could be much less helpful to the spammers--but there is no evidence they are interested in it. Does their understanding of evil somehow exempt the spammers?
On the general privacy thing, Too many companies are collecting too much of our personal data--and then treating it like their corporate property. I deeply resent it, but at least it isn't anything special about Google. Or maybe it is, insofar as Google is especially skilled at using information, and therefore poses the greater threat for potential abuse... What I want it a privacy option to store my personal information on *MY* computer, and they can ask when they want to look at it--and they had better ask nicely, too. (Actually, I want an automated system of user-controlled privacy preferences to handle most of this...)
Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
But, does this constitute evil? So far so good. My gmail account is my real name anyway. I'll be looking out for the evil...
So if it doesn't affect you, then it is ok?
I think you have defined for us what evil is and you are a shining example of it yourself...
my solution to that is to act schizophrenic on almost every website i visit. any ID thief who tries to profile me just wont get anything they can wrap their tiny criminal minds around, other than perhaps the desire to . your best bet is to have a healthy separation between your life on the internet and your real life.
I don't buy that.
An email account is an email account. Either the account name itself is some variation on your name or the email "name" text that mail clients show contains your name already. If you have a non-name-based email address that doesn't disclose your name in the "human readable" namespace, then chances are you didn't give them your real name when you signed up anyway.
Sure, it's an unfortunate bug. Yes, the spam has potential to annoy--but it's spam; would you even notice a few more in the spam box? If you're the kind of person who emails others without disclosing your real name, why would you give your real name to the email provider? There is undoubtedly at least one person who has done so, however, and it sucks to be him right now, but I'd gladly take this bug over a more egregious one, even if I were that one affected guy.
Unless I'm a spambot, I'm not going to sit down and type out random strings of words and numbers to find out the name data on some arbitrary addresses. Whether it's Hotmail or Yahoo or Gmail doesn't matter here.
I've never been all that impressed with shared calendars or those that are stored online, having always believed that these were inherently less than secure, especially when the word 'free' precedes the description. At least use a service you pay for if you're all that interested in online email collaboration and shared calendar management.
This is not true; universities are not prohibited from telling people that [your name] is a student there, or graduated from there at such a time with such a degree. This is how employers can check to see if you are lying about your degree. This is called "directory information," and is not protected by the FERPA. Also, your parents? If they claim you as a dependent, they too are exempt from any FERPA restrictions.
Al Gore isn't dead, he's just resting!
"I only speak the truth"
Karma: null(Mostly affected by an unassigned variable)
Only if he is an American..... The rest of us don't really care too much about other nation's laws.
Have a look at soylentnews.org for a different view
Well, grow up. Even if this particular one doesn't affect you, it does show the kind of privacy problems that google has _again_. And it seems to be perfect illustration of what a few Google deffecters were ranting about recently.
Depending on what of their services you use, Google usually has a lot more data about you than your name. E.g., your searches, the news/mailing-lists you're subscribed to, your credit card number if you use their payment processor, possibly your medical history, etc. Heck, it even has the contents of your emails. Now that's something to worry about.
Now also bear in mind that a lot of that information has the potential to be worse than it really is, if taken out of context. E.g., if you're a Muslim and searched for "AK-47 tactics", I can assure you that the nice guys from the government won't think of Counter-Strike first. And I hope you don't mind waterboarding if you search for a map that involves placing a bomb at a refinery, and used the wrong wording. It's the same guys who tried to data-mine grocery purchases to find terrorists, i.e., anyone who orders arab kinda food.
So, yes, stop acting like an emotionally charged idiot. I know that some people get a boner out of defending Google, but grow up. They do have a recurring QA problem, and they do store all data about everyone they can get their hands on. (See their fighting the EU to keep everyone's search data for ever.) Yes, maybe this time it doesn't affect you, but it illustrates a broader problem they have. Unless they start taking QA and privacy seriously, it's only a matter of time before they leak something a lot more sensitive.
A polar bear is a cartesian bear after a coordinate transform.