Slashdot Mirror
Google Exposed Private Data of Hundreds of Thousands of Google+ Users and Then Opted Not To Disclose, Report Says (wsj.com)
Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, WSJ reported Monday, citing people briefed on the incident and documents. From the report: As part of its response to the incident, the Alphabet unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook and is widely seen as one of Google's biggest failures.
A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, [Editor's note: the link may be paywalled; alternative source] when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google's legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica. Update: In an announcement Monday, Google said it was shutting down Google+ for consumers: We are shutting down Google+ for consumers. Over the years we've received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+. This review crystallized what we've known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds. Google+ still receives north of 200 million page views every month on the web, according to SimilarWeb, a third-party web analytics firm.
A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, [Editor's note: the link may be paywalled; alternative source] when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google's legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica. Update: In an announcement Monday, Google said it was shutting down Google+ for consumers: We are shutting down Google+ for consumers. Over the years we've received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+. This review crystallized what we've known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds. Google+ still receives north of 200 million page views every month on the web, according to SimilarWeb, a third-party web analytics firm.
A journalist wrote this. So it must fit into a continuing narrative that follows on from Facebook's Cambridge Analytica problem. Thus parallels will be drawn and details filled into establish this equivalence. We see exactly this in TFA. This is what journalists do. Take a (probably complex or subtle) technical problem and fit it into an existing mental model.
It's called lying.
Something in tech happened. It's probably not good. The Wall Street Journal is not the publication to tell you about it. They will tell you a story instead.
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Just you wait until something like this happens to all the data people, companies, schoolchildren, etc are shoveling into the G-suite without an apparent care in the world about who now controls their data.
It's gonna be spectacular.
No, but building APIs that allow third parties to gain access to data inherently leads to massive personal data leaks, because A. the most tech-savvy users have no good way to know whether those third party apps are using their data appropriately or not, and B. your average user will click "Install" for any app that their friends recommend, as long as it promises cute pictures of kittens and puppies or whatever.
The apathy clearly cannot be solved, and detection probably cannot be solved, either, so I'm not sure how to prevent abuse, or even *if* abuse can be prevented. I think the only approach that even has a prayer of working would be to require third-party apps to run in a pure web-based sandbox that prevents sharing data outside the sandbox, and even then, it's probably only a matter of time before someone finds a way to make such a sandbox leak.
Check out my sci-fi/humor trilogy at PatriotsBooks.