Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Exposed Private Data of Hundreds of Thousands of Google+ Users and Then Opted Not To Disclose, Report Says (wsj.com)

Posted by msmash on from the closer-look dept.

Google exposed the private data of hundreds of thousands of users of the Google+ social network and then opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny and cause reputational damage, WSJ reported Monday, citing people briefed on the incident and documents. From the report: As part of its response to the incident, the Alphabet unit plans to announce a sweeping set of data privacy measures that include permanently shutting down all consumer functionality of Google+, the people said. The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook and is widely seen as one of Google's biggest failures.

A software glitch in the social site gave outside developers potential access to private Google+ profile data between 2015 and March 2018, [Editor's note: the link may be paywalled; alternative source] when internal investigators discovered and fixed the issue, according to the documents and people briefed on the incident. A memo reviewed by the Journal prepared by Google's legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger "immediate regulatory interest" and invite comparisons to Facebook's leak of user information to data firm Cambridge Analytica. Update: In an announcement Monday, Google said it was shutting down Google+ for consumers: We are shutting down Google+ for consumers. Over the years we've received feedback that people want to better understand how to control the data they choose to share with apps on Google+. So as part of Project Strobe, one of our first priorities was to closely review all the APIs associated with Google+. This review crystallized what we've known for a while: that while our engineering teams have put a lot of effort and dedication into building Google+ over the years, it has not achieved broad consumer or developer adoption, and has seen limited user interaction with apps. The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds. Google+ still receives north of 200 million page views every month on the web, according to SimilarWeb, a third-party web analytics firm.

25 of 133 comments (clear)

  1. Fake News by Anonymous Coward · · Score: 5, Funny

    Google + never had hundreds of thousands of users.

    1. Re:Fake News by Oswald+McWeany · · Score: 2

      Google + never had hundreds of thousands of users.

      If you had any google account they created a blank Google + account for you. Rather than leave mine blank I went ahead and filled it with all sorts of fake information and then never returned. I think on mine I went to Harvard, competitively wrestle bears for a living, and live in Turkmenistan. Or something like that- and have some obviously fake name.

      I never miss an opportunity to provide fake data as noise to any company that tries to get information on me.

      --
      "That's the way to do it" - Punch
  2. What a coincidence... by GameboyRMH · · Score: 5, Insightful

    It's the same thing that happened with Facebook. It's almost like building these massive siphons of personal data inherently leads to massive personal data leaks...

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
    1. Re:What a coincidence... by dgatwood · · Score: 3, Interesting

      It's the same thing that happened with Facebook. It's almost like building these massive siphons of personal data inherently leads to massive personal data leaks...

      No, but building APIs that allow third parties to gain access to data inherently leads to massive personal data leaks, because A. the most tech-savvy users have no good way to know whether those third party apps are using their data appropriately or not, and B. your average user will click "Install" for any app that their friends recommend, as long as it promises cute pictures of kittens and puppies or whatever.

      The apathy clearly cannot be solved, and detection probably cannot be solved, either, so I'm not sure how to prevent abuse, or even *if* abuse can be prevented. I think the only approach that even has a prayer of working would be to require third-party apps to run in a pure web-based sandbox that prevents sharing data outside the sandbox, and even then, it's probably only a matter of time before someone finds a way to make such a sandbox leak.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  3. RICO? by DigressivePoser · · Score: 3, Informative

    Google is closing in on having the Racketeer Influenced and Corrupt Organizations Act applied to them.

  4. Journalists. by TechyImmigrant · · Score: 2, Interesting

    A journalist wrote this. So it must fit into a continuing narrative that follows on from Facebook's Cambridge Analytica problem. Thus parallels will be drawn and details filled into establish this equivalence. We see exactly this in TFA. This is what journalists do. Take a (probably complex or subtle) technical problem and fit it into an existing mental model.

    It's called lying.

    Something in tech happened. It's probably not good. The Wall Street Journal is not the publication to tell you about it. They will tell you a story instead.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    1. Re:Journalists. by alvinrod · · Score: 4, Insightful

      Who are you going to trust for information then? It's certainly not going to be the company's PR department. The trustworthiness of the government is dubious at the best of times, and few here would trust the current administration. A random anonymous blogger on the internet more likely to be a paid shill than a journalist.

      I don't think there are better options here. Maybe it's a sad reflection on the state of journalism that it's come to this, but even if you weren't so cynical (or perhaps too much of a realist if I'm allowed to be cynical) I would say that getting your news from a single source is a bad idea regardless of how much trust you put into journalism. Fortunately, there's a wide variety of news sources and while each might have their own individual biases or way of framing the story, there are probably a set of facts that can be shaken out of the different narratives they are all weaving.

    2. Re:Journalists. by JackieBrown · · Score: 2

      The memo doesn't state they are closing g+ due to a privacy breach.

      He is stating that these journals look for links and make them without actually know - or checking - if the link is valid.

  5. Google's Biggest Failure by Anonymous Coward · · Score: 5, Insightful

    The move effectively puts the final nail in the coffin of a product that was launched in 2011 to challenge Facebook and is widely seen as one of Google's biggest failures.

    Google,

    Exposing the private data of hundreds of thousands of Google+ users and then choosing not to disclose the issue is a bigger failure than Google+ could ever be.

    You're very evil,
    AC

    1. Re:Google's Biggest Failure by Desler · · Score: 2

      Google has never been some altruisitc or nice company. You naive idiots put way too much stock into an informal motto.

    2. Re:Google's Biggest Failure by rgmoore · · Score: 5, Insightful

      The data breach is also likely to cost money from Google itself. They're legally required to disclose this stuff in a timely manner, and they are almost certainly going to face a big class action suit both for the data breach and for the failure to disclose. That's at least going to cost them some money defending the suit and potentially a lot of money if there's a judgment against them.

      --

      There's no point in questioning authority if you aren't going to listen to the answers.

  6. not disclosed because it would draw reg scrutiny by Anonymous Coward · · Score: 2, Insightful

    opted not to disclose the issue this past spring, in part because of fears that doing so would draw regulatory scrutiny

    Aren't they required by law to disclose data breaches/exposure? How does a coverup help when your company is large enough that *someone* will blab?

  7. Re:Google says 'fuck you' by Desler · · Score: 2

    How dare they not uphold a completely informal motto that was never legally-binding in any way! This is my shocked face.

  8. Report no evil by Anonymous Coward · · Score: 4, Funny

    Report no evil

  9. Fix the search syntax then by hudsucker · · Score: 3, Insightful

    If Google is closing down Google+, can we have the "+' operator back in the Google Search syntax? It used to indicate a required search term.

    1. Re:Fix the search syntax then by viperidaenz · · Score: 3, Informative

      It's replaced by the quote syntax
      Put double quotes around the term that must be included in the results. You can precede the quotes with a minus to exclude it.

  10. Just you wait.... by Anonymous Coward · · Score: 2, Interesting

    Just you wait until something like this happens to all the data people, companies, schoolchildren, etc are shoveling into the G-suite without an apparent care in the world about who now controls their data.

    It's gonna be spectacular.

  11. Join the club by Pimpy · · Score: 2

    More garbage forced on end-users with no way to disable - it's almost as if they failed to learn anything from Buzz. Looking forward to the impending death of Hangouts in whatever rebadged form it takes next. Google should really just stick to the basics - and I say this as a long-time Google Apps for Your Domain customer, where it is at least possible to shut most of these semi-aborted features off.

  12. Re:not disclosed because it would draw reg scrutin by Anonymous Coward · · Score: 2

    Yes.
    However, there was no breach of security. There was an issue that was discovered that COULD have exposed user data, but it was determined it was never independently discovered or exploited actually steal user data.

    I "could" hit you is very different from "I did" hit you.

  13. Sadly, failure is no longer the price of EVIL by shanen · · Score: 2

    While I agree that the google has become quite EVIL this is another case of EVIL having no relation to the price of tea in China. I arrived at your comment early in my searches for humor or insight. I don't spend (= waste) much time searching for such on Slashdot these days. The wells have run dry over here...

    But here are my initial thoughts on this topic, and then I'll rummage around a bit more to see if anyone shares them. Even better if someone has improved upon the ideas. Rarely happens lately, but hope dies slow.

    (1) The googlers were glad to get an excuse to kill that turkey.

    (2) The real reason Google+ failed was because they never figured out how to encourage mass migration from Facebook. The relatively easy part would have been harvesting a user's data from Facebook (with "relatively easy" based on the google earning the users' trust (even though the trendline is in the opposite direction)), but the migration steps got much harder after that and the EVIL powers that be today's google never saw the justification for the large investment in such complexities as remapping Facebook's data to a Google+ format or even providing a more Facebook-like interface for people who preferred such. Flexible user interfaces have actually become anathema to the google. Talk about your profit stiflers! (The google actually tried a flank attack, but without much sincerity. It would have taken some extremely large incentives to persuade Facebook to agree to the google-proposed standards for personal data storage (and portability).)

    (3) The monopolistic advantage of the first mover makes the proposed solution of "other search engines and webmail providers" too weak.

    (4) An actual solution approach would call for a pro-freedom anti-greedom economic system, while America is increasingly dedicated to the opposite.

    (5) The main reason I write such things is to help me collect a list of key terms to search for since the Slashdot moderation system is so badly broken.

    (6) I wish the owners of the Barney Google trademark would sue the google and take the name away from them.

    Time's up, but I bid you ADSAuPR, atAJG.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
    1. Re:Sadly, failure is no longer the price of EVIL by shanen · · Score: 2

      Okay, I understand that you're too stupid to get the joke. So why are you braying like a jackass?

      Oh yeah. I forgot. Because for you it's just another throwaway identity. After too many people notice what a feeble dweeb you are, you just throw it [identity 1608317] away and get a fresh sock puppet and start over as a fresh dweeb.

      I'd try to explain, but you've already established your baseline and it would be boring and a waste of time. Looks to me like this "conversation" can be regarded as terminated.

      --
      Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.
  14. Typo in our motto by jittles · · Score: 2, Funny

    While we’re discussing this, I just wanted to apologize for typo that has appeared in our corporate motto since the company’s foundation. Our motto was supposed to be “Don’t openly do evil” but it seems that the secretary taking the board minutes accidentally wrote down “Don’t do evil” and it’s just stuck with us throughout the years. Many apologies. — Larry Page

  15. Well good riddance by Nexus7 · · Score: 2

    "... our engineering teams have put a lot of effort and dedication into building Google+ over the years,"

    That's nice, but what they really did was what they do always. They asked themselves, what would Apple do? So they made something where it isn't clear what the timeline is, because posts are all over the page. Where you can't tel; what came when, because they did they same thing they do in GMail, which is something cute like "2 weeks ago", rather than the date itself. To Facebook's credit, they put everything on the page, you may have to look for a setting, but it's all there and it's usually obvious where to go for the commonly-used functions.

    Everybody has privacy issues, but Google tells you what they think is important for you and takes away the rest. Then they muck is all up with a pretty-looking but half useful UI.

  16. Re:ok fine by viperidaenz · · Score: 2

    2017 called, they want their new Maps feature back
    https://9to5google.com/2017/03...

    Location sharing has been in Maps for over a year now, It's no longer in Google+. Way to keep your finger on the pulse. It's even in wikipedia https://en.wikipedia.org/wiki/...

  17. Reputation of Journalists et al. by shanen · · Score: 2

    Wow! An insightful mod that actually seems justified.

    There is a solution here, and it could even begin with Slashdot. Isn't there a song about "Let it begin with me"?

    What if there was a system to accumulate and display the characteristics of sources? In your comment, the key dimensions would be those related to trust. Low for a PR shill and high for a good journalist. In theory, there are still some trustworthy people in the government, and such a system would help distinguish them from the others...

    The simplest way I can imagine to implement it would be with a second avatar icon. Slashdot doesn't use graphic avatars, but user names, so if Slashdot can't be enhanced in that way (and any enhancement to Slashdot seems less likely over time), it could be done with a second text link.

    However, it's more clear to describe the idea in terms of avatar images, so that's how I'll describe it. Imagine the left avatar is however you want to represent yourself and it links to whatever profile information you want to share. Actually you don't need to imagine it because that's pretty much the standard approach on many websites.

    So now imagine the second avatar image as a standardized representation of your public reputation based on how people have reacted to your public behaviors (such as comments and Likes). The version I like best would be a little radar diagram that shows how that person is seen on several key dimensions. Your [alvinrod's] comment was focused on trust, and something like "trustworthiness" or "honesty" would qualify as a key dimension to display.

    With such a reputation avatar, you would be able to see at a glance just how much you should trust the comment (or link or whatever) in question. Or not trust it or even not see it. I admit that I would actually prefer to use such a system to save my limited time by rendering a LOT of time-wasting people invisible. I'll gladly wait to see them until AFTER they have improved their reputations.

    Actually just a shadow of a much more complicated idea. For example, I didn't say anything about where the reputation avatar link would take you or how you should be able to weight the dimensions that matter to you...

    By the way, I'm sure that the google and Facebook and other corporate cancers already do this. They collect our information and create highly detailed analyses of each of us. They just use those analyses for their own secretive purposes and don't share any of the information with the suckers who provided it. Par for the course in today's anti-freedom pro-greedom economy.

    But too much time already, so I bid you ADSAuPR, atAJG.

    --
    Freedom = (Meaningful - Coerced) Choice != (Speech | Beer^2), and sad sock puppets' bad mods avail them naught.