Google Plus on life support after Alphabet failed to disclose user data exposed in Spring

Google usually shuts down services faster than this, and before hundreds of thousands of accounts are compromised.

9

Hundreds of thousands of Google+ users have had their private data exposed. Alphabet apparently knew of the issues affecting the users of their social network platform and chose not to disclose this issue in the Spring of 2018. Silicon Valley was already in the crosshairs of regulators at the time, and apparently Google didn't want to draw any further attention from Capitol Hill.

According to a WSJ report, Alphabet plans to announce a ton of new data privacy policies that include shutting down all consumer functionality of Google+. “Whenever user data may have been affected, we go beyond our legal requirements and apply several criteria focused on our users in determining whether to provide notice,” a Google spokesman said in a statement. “Whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response,” he said. “None of these thresholds were met here.”

Google says over 400 apps had access to unauthorized Google+ data and that nearly 500,000 users were directly affected by this bug. This bug allowed developers who were permitted access to a Google+ user's account to collect profile data of their friends even if the data was marked nonpublic in Google's privacy settings, according to WSJ's sources. Making matters even worse, the bug appears to have existed in Google+'s API since 2015.

Dozens of users are heartbroken by today's news. Dozens!
Dozens of users are heartbroken by today's news. Dozens!

This seems to be game over for Google's attempt to compete with Facebook and Twitter, and is a bad look for a company who prides themselves on keeping their users' data safe and secure. At a time when Facebook was under the microscope for their mishandling of user data, Alphabet was doing their best to not report seemingly material information to its users and shareholders.

This story is still developing...

CEO

Asif Khan is the CEO and majority shareholder of Shacknews. He began his career in video game journalism as a freelancer in 2001 for Tendobox.com. Asif is a CPA and was formerly an investment adviser representative. After much success in his own personal investments, he retired from his day job in financial services and is currently focused on new private investments. His favorite PC game of all time is Duke Nukem 3D, and he is an unapologetic fan of most things Nintendo. Asif first frequented the Shack when it was sCary's Shugashack to find all things Quake. When he is not immersed in investments or gaming he is a purveyor of fine electronic music. Asif also has an irrational love of Cleveland sports.

From The Chatty
    • reply
      October 8, 2018 10:31 AM

      Google+ still exists?

      Of all the things Google hasn't killed, this is one of them?

    • reply
      October 8, 2018 10:49 AM

      Some actual other good things too, if you are privacy-minded too that affects Android:

      "API changes will limit developers’ access to data on Android devices and Gmail. Developers will no longer receive call log and SMS permissions on Android devices and contact interaction data won’t be available through the Android Contacts API. That same also API provided basic interaction data, like who you last messaged, and that permission is also being revoked.

      As for the Gmail changes, the company is updating its User Data Policy for the consumer version of the email service. This will limit apps and the scope of their access to user data. Ben Smith, Google fellow and VP of engineering, writes: “Only apps directly enhancing email functionality — such as email clients, email backup services and productivity services (e.g., CRM and mail merge services) — will be authorized to access this data.”

      Any developer who has this access will be have to undergo security assessments and agree to new rules about data handling, like not transferring or selling user data for targeting ads, market research, email campaign tracking, or other unrelated purposes."


      https://www.theverge.com/2018/10/8/17951890/google-plus-shut-down-security-api-change-gmail-android

    • reply
      October 8, 2018 11:34 AM

      I wanted to like G+ when it was launched because of its centricity to the daily business of my life. Its user experience was klunky and confusing, however, it managed my data in a very opaque way, and it never iterated fast enough to offer a better value to those who were already invested in other services like Facebook's. Their only effective recruitment strategy was to capture users who were complacent or oblivious enough not to opt out of sharing features across Google's properties. In the end, the biggest demographic of G+ users were people who didn't know they were G+ users.

      Ironically, I'm so heartened by this news of Alphabet's privacy-boosting efforts that, were they to retain G+ in some fashion with these new policies in place, I might actually start using it again.

      • reply
        October 8, 2018 11:37 AM

        Yah that zombie population was so bad. Like you would see all these friend notifications from people who didn't know they had a google+ account and were just clicking things so they can get to their YouTube video and whatnot.. Disasterous project in my opinion

        • reply
          October 8, 2018 11:38 AM

          Tying google+ into YouTube was such a bad idea

    • reply
      October 8, 2018 11:36 AM

      Is it management that keeps Fucking up at Google? Or just bad PR? All we ever hear is a string of bad news from them

      • reply
        October 8, 2018 11:41 AM

        It's a matter of victories (in terms of say performance, technical wins, increased privacy, etc) not being told as victories and the negatives being amplified by poorly managed communications and PR.

        I get the feeling google hires well for technical positions but their pr department doesn't really know what's going on.

        • reply
          October 8, 2018 11:48 AM

          I'm sure there are great people in their pr, but it's like being treated as 2nd class citizen, like product teams would make features and decisions without running at least some heads up through comms. And product eliminations and cancellations almost never get a good story (as in well coordinated, reasonably through response) from PR at Google.

          For example, if I were to do this g+ closure well, I would have gotten some victory stories from the global g+ community about what it meant to them. Feel good stories - perhaps a community used g+ to coordinate typhoon rescue and response in the Philippines, or using g+ to coordinate epic Ingress sessions or whatnot. Anything to acknowledge that yes people did use it and it was a part of their lives, and sorry that it's shutting down for for a point in time it mattered. Not to many people, but that's the job of PR - to find out WHO it mattered out to and reach out and maintain the customer relationship.

          Instead we get a robotic or letter that says ok it's going. Lots of developer details, nothing for the users that a social network is built for and on.

      • reply
        October 8, 2018 11:42 AM

        have you checked their quarterly reports? management is doing alright

      • reply
        October 8, 2018 11:42 AM

        They probably bring in like a billion dollars a day on ads so they don’t care.

      • reply
        October 8, 2018 2:13 PM

        Google PR? Is that still not shut down?

    • reply
      October 8, 2018 4:26 PM

      Well... Niantic/Ingress has one more thing they have to deal with now. They've made extensive use of G+ over the years. Ban appeals, portal edit appeals, their main source of news. All on G+.

      I'm screwing around on Mastodon now. https://mastodon.social/@artilectzed/

      • reply
        October 8, 2018 4:29 PM

        Is mastodon any good?

        • reply
          October 9, 2018 5:42 AM

          It's okay. Doesn't suck balls, and you can sign up on any Mastodon server you want, but still have access to all of it.