Slashdot Mirror
Gmail Reveals the Names of All Users
ihatespam writes "Have you ever wanted to know the name of admin@gmail.com? Now you can. Through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account yourself. Depending on your view this ranges from a harmless "feature" to a rather serious privacy violation. According to some reports, spammers are already exploiting this "feature"/bug to send personalized spam messages."
If I was worried about privacy with my gmail account, google wouldn't have my actual name to have the ability to give it out.
In short, yes. Ever since GMail was launched and people discovered that its way more convenient that Outlook/Yahoo/etc., there's been a steady conversion of addresses in my contact list to "@gmail.com". People are moving to GMail as their primary mail accounts -- I don't know if you've been listening since 1998, but "free web-based email" is now often much, much better than whatever your university/company offers.
So yeah, this is a pretty big deal -- not so much for spammers, but as a privacy violation. You can't do a name lookup for an arbitrary e-mail address, and you shouldn't be able to do it for a GMail address. Someone should get an ass-kicking for this.
An old-timer with old-timey ideas.
This is exactly why I remain leery of applications in the cloud. I've got a google account for work, and that's the only use it ever sees. And it's under real.name.company anyway, and has no other useful information associated with it.
I try really, really hard not to leave to broad a trail online. Those databases just never die (except when they do, of course - but the timing is subject to Murphy's Law, so it's never in my favor).
I'm gonna go hide in my cave now.
cogito ergo dubito
If this story was about a similar bug with Hotmail and Windows Live Calendar, yes it would.
"It's a reverse vampire...they....they crave the sun!"
Not yet but soon, just wait for the medical data to be compromised in a similar way.
Ok...so I only see this as an issue for people trying to hide their identity for something nefarious. I mean christ, I give out my full name a dozen times a day to people I don't know. "Hello, we have a circuit down and need to open a ticket." "Hello, I have a few questions about your product." and damned near every other statement you might make when calling another company is almost IMMEDIATELY followed by "Can I have your name please?" Of course this is after they answer the phone "Hello, my name is..."? Now granted they don't always use their last name if they are just phone jockeys, but almost anyone worth anything in terms of sales/technical/etc reps will give you their full name, email address, phone number, etc.
In other news, purchasing cigarettes and alcohol require you to disclose your first and last name when you show your ID! Even worse, there are rumors that every time you make a purchase using anything other than cash you have to disclose your first and last name. This isn't a privacy issue, maybe a privacy irritation, but certainly not anything to get in a ruffle about. It isn't like names are even really unique identifiers. Now if it revealed birthdays or SSNs or credit card numbers or something then I would understand.
Course, maybe there is something here I am ignoring. Do the people getting in a ruffle about this freak out when someone of the opposite sex asks their name? "Oh my god they are trying to invade my privacy!" Generally it is considered "normal" to give them your name so they have something to call you other than "freak" or "uberhax4234".
The only change I can believe in is what I find in my couch cushions.
Honestly - your name isn't a secret...
and if you're trying to hide your identity and you put your real first / last name into a free service, you're a moron.
citation needed. seriously, what you describe would be a huge security/privacy hole, and I don't believe you.
They also ignore anything after a + sign, so I use username+site@gmail.com to sign up for legit stuff where I think there's a chance of getting spammed in the future, if I do get spammed on that alias I write a rule to drop it to the floor and contact the company letting them know they now have zero chance of getting future business with me. The only problem is when a stupid validation script writer doesn't know how to read an RFC and claims the address is invalid. In that case they get my old excite address which is nothing but a spamhole. I guess I could use my google apps address, but it's too much of a pain to create a new user just for one site and I never read the catchall mailbox unless I know I'm missing an important email.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.