Gmail Reveals the Names of All Users 438
ihatespam writes "Have you ever wanted to know the name of admin@gmail.com? Now you can. Through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account yourself. Depending on your view this ranges from a harmless "feature" to a rather serious privacy violation. According to some reports, spammers are already exploiting this "feature"/bug to send personalized spam messages."
This only punishes the foolish (Score:1, Insightful)
Ouf (Score:2, Insightful)
The person(s) responsible for this bug is going to have a nice and very uncomfy meeting with their supervisor very soon...
Is it really that big of a deal? (Score:4, Insightful)
If I was worried about privacy with my gmail account, google wouldn't have my actual name to have the ability to give it out.
Re:This only punishes the foolish (Score:5, Insightful)
In short, yes. Ever since GMail was launched and people discovered that its way more convenient that Outlook/Yahoo/etc., there's been a steady conversion of addresses in my contact list to "@gmail.com". People are moving to GMail as their primary mail accounts -- I don't know if you've been listening since 1998, but "free web-based email" is now often much, much better than whatever your university/company offers.
So yeah, this is a pretty big deal -- not so much for spammers, but as a privacy violation. You can't do a name lookup for an arbitrary e-mail address, and you shouldn't be able to do it for a GMail address. Someone should get an ass-kicking for this.
Re:This only punishes the foolish (Score:2, Insightful)
I mean really... Does anyone with a lick of sense actually give their real name to a free web-based service?
It's not about a 'lick of sense' as such - it's about knowledge of technology - specifically the internet, and a lack of education with regard to the internet. I know individuals with a hell of a lot of sense who would give their real names in such a situation.
Just because you and I have a reasonable working knowledge of the ins and outs of the internet, it doesn't mean everyone else does.
Why would anyone give Google honest information? (Score:2, Insightful)
With their track record of leaking information and giving it to whatever business asks them for it; why would anyone trust them with actual true information anymore?
Head in the clouds (Score:5, Insightful)
I try really, really hard not to leave to broad a trail online. Those databases just never die (except when they do, of course - but the timing is subject to Murphy's Law, so it's never in my favor).
I'm gonna go hide in my cave now.
Re:Is This Evil? (Score:5, Insightful)
Re:This only punishes the foolish (Score:2, Insightful)
The email address is actually more of an identifier than your real name as 2 people cannot have the same email address.
Now, if together with the real name, one can obtain your home address, then I'd be really concerned.
Re:This only punishes the foolish (Score:4, Insightful)
Why would they have such an unnecessary expense?
I have no problem giving people my gmail account address for business-type-transactions because it is a hell of a lot easier to keep track of my conversations and actually get business done using gmail. When I do need a "professional" email address I usually just have it forwarded to my gmail account, again, because it is easier to keep my life organized that way.
Not to mention how great gmail and Google Calendar Sync work on my BlackBerry.
It has really become a first-rate application suite for just about every use.
Using a fake name online may become illegal... (Score:2, Insightful)
I mean really... Does anyone with a lick of sense actually give their real name to a free web-based service?
I have difficulty believing the title of my reply will become true. I'd like to believe no one will ever let this happen, but here's a recent Slashdot post [slashdot.org] that raises some alarm:
"The access to MySpace was unauthorized because using a fake name violated the terms of service. The information from a "protected computer" was the profiles of other MySpace users. If this is found to be a valid interpretation of the law, it's really quite frightening. If you violate the Terms of Service of a website, you can be charged with hacking. That's an astounding concept. Does this mean that everyone who uses Bugmenot could be prosecuted? Also, this isn't a minor crime, it's a felony punishable by up to 5 years imprisonment per count. In Drew's case she was charged with three counts for accessing MySpace on three different occasions."
Re:Just how personal is this new spam (Score:5, Insightful)
Not yet but soon, just wait for the medical data to be compromised in a similar way.
Just last week at work... (Score:2, Insightful)
I was called a heretic for suggesting that "Google does not know all..."
Guess I owe some folks an apology...
Really, did anyone not see this coming? The company advertised that they read your email.
This ain't no big deal. (Score:2, Insightful)
Privacy... (Score:5, Insightful)
Ok...so I only see this as an issue for people trying to hide their identity for something nefarious. I mean christ, I give out my full name a dozen times a day to people I don't know. "Hello, we have a circuit down and need to open a ticket." "Hello, I have a few questions about your product." and damned near every other statement you might make when calling another company is almost IMMEDIATELY followed by "Can I have your name please?" Of course this is after they answer the phone "Hello, my name is..."? Now granted they don't always use their last name if they are just phone jockeys, but almost anyone worth anything in terms of sales/technical/etc reps will give you their full name, email address, phone number, etc.
In other news, purchasing cigarettes and alcohol require you to disclose your first and last name when you show your ID! Even worse, there are rumors that every time you make a purchase using anything other than cash you have to disclose your first and last name. This isn't a privacy issue, maybe a privacy irritation, but certainly not anything to get in a ruffle about. It isn't like names are even really unique identifiers. Now if it revealed birthdays or SSNs or credit card numbers or something then I would understand.
Course, maybe there is something here I am ignoring. Do the people getting in a ruffle about this freak out when someone of the opposite sex asks their name? "Oh my god they are trying to invade my privacy!" Generally it is considered "normal" to give them your name so they have something to call you other than "freak" or "uberhax4234".
OMG ... first names... then what? Last names? (Score:5, Insightful)
and if you're trying to hide your identity and you put your real first / last name into a free service, you're a moron.
Re:This only punishes the foolish (Score:5, Insightful)
citation needed. seriously, what you describe would be a huge security/privacy hole, and I don't believe you.
Don't tell me I'm the first one to try it! Please! (Score:2, Insightful)
Don't tell me that I'm the first person on ./ to know that the REAL NAME of admin@gmail.com is "smart ass"!
And to think I'm only posting as A.C.! Oh the shame!
Re:Is This Evil? (Score:3, Insightful)
No, but it constitutes a serious bug. Evil usually requires intent. Stupidity, on the other hand, can be completely unintentional.
Re:This only punishes the foolish (Score:2, Insightful)
Cute sarcasm, thanks. This, however, is more like a phonebook for cellphone numbers -- given that there's an expectation of privacy for your name when signing up for an e-mail address. I say expectation because it's almost certainly not legally covered, but still reasonable given current norms. So the GMail situation is more like AT&T revealing your full name to ANYONE if they call with your unlisted/cellphone number in hand and just say a secret word. Sure, the name/number linkage is on your business card too, but giving it out is YOUR choice and there's a reason you can't get the information by just calling AT&T (if you're not NSA,etc.).
Re:This only punishes the foolish (Score:3, Insightful)
You do realise you give LOTS of mail servers WAY more private information every time you send or RECIEVE a non-encrypted e-mail, right? Mommy wrote you saying happy birthday and signed her message with her full name? Your employer, coworker or friends ever wrote you an e-mail ? Seriously, if you worry about google knowing your full name I think you should probably panic right about now given that everybody who has ever sent you an e-mail FROM gmail has given google a hell of a lot more info about you. Heck chances are that using just data stored by google it is possible to deduce the names of the majority of your coworkers, a good portion of your friends, where you live, a good number of your interests, as well as the birthday of your uncle.
That people get worked up about things like google knowing their name tells you a whole lot about just how little they realise about what google knows.
Re:OMG ... first names... then what? Last names? (Score:4, Insightful)
Honestly - your name isn't a secret...
It is to people who don't know it.
Re:it's BETA (Score:3, Insightful)
Man, the word 'Beta' is becoming like patents in terms of length.
If only Microsoft had released Vista Beta instead we'd have no reason to complain!
With great power comes great responsibility (Score:3, Insightful)
Frankly, Google seems to be gathering excessive power and not doing so well on the responsibility part. In general, they have become far too helpful to spammers, so I suggested a way that Google could be much less helpful to the spammers [google.com]--but there is no evidence they are interested in it. Does their understanding of evil somehow exempt the spammers?
On the general privacy thing, Too many companies are collecting too much of our personal data--and then treating it like their corporate property. I deeply resent it, but at least it isn't anything special about Google. Or maybe it is, insofar as Google is especially skilled at using information, and therefore poses the greater threat for potential abuse... What I want it a privacy option to store my personal information on *MY* computer, and they can ask when they want to look at it--and they had better ask nicely, too. (Actually, I want an automated system of user-controlled privacy preferences to handle most of this...)
Re:This only punishes the foolish (Score:2, Insightful)
That's just paranoia. Everyone with administrative/root access to the mail server could read them, not that they care what's in there usually. The fact that someone is paying for their mailbox or not has nothing to do with that. You are probably safer with the big names, at least they have established protocols and guidelines for privacy...
Besides you can have your @yourdomain.com email with google too, for free. Ever heard of google apps? http://www.google.com/a/help/intl/en/index.html [google.com]
Re:This only punishes the foolish (Score:4, Insightful)
I am aware of the period-ignoring feature, by which gmail treats Bob.Smith@ and Bo.bS.mith@ and BobSmith@ as the same person. That is not at issue. The parent claims that email sent to Bob.Smith@ is also delivered to [just] Smith@, which I believe to be false.
Re:Is This Evil? (Score:4, Insightful)
But, does this constitute evil? So far so good. My gmail account is my real name anyway. I'll be looking out for the evil...
So if it doesn't affect you, then it is ok?
I think you have defined for us what evil is and you are a shining example of it yourself...
Re:Spam doesn't worry me, it's privacy. (Score:3, Insightful)
Re:Is This Evil? (Score:1, Insightful)
I don't buy that.
An email account is an email account. Either the account name itself is some variation on your name or the email "name" text that mail clients show contains your name already. If you have a non-name-based email address that doesn't disclose your name in the "human readable" namespace, then chances are you didn't give them your real name when you signed up anyway.
Sure, it's an unfortunate bug. Yes, the spam has potential to annoy--but it's spam; would you even notice a few more in the spam box? If you're the kind of person who emails others without disclosing your real name, why would you give your real name to the email provider? There is undoubtedly at least one person who has done so, however, and it sucks to be him right now, but I'd gladly take this bug over a more egregious one, even if I were that one affected guy.
Unless I'm a spambot, I'm not going to sit down and type out random strings of words and numbers to find out the name data on some arbitrary addresses. Whether it's Hotmail or Yahoo or Gmail doesn't matter here.
Re:This only punishes the foolish (Score:2, Insightful)
Dweezil?
The Operative Word is Free (Score:1, Insightful)
I've never been all that impressed with shared calendars or those that are stored online, having always believed that these were inherently less than secure, especially when the word 'free' precedes the description. At least use a service you pay for if you're all that interested in online email collaboration and shared calendar management.
Re:Privacy... (Score:3, Insightful)
Re:Serious FERPA Violation (Score:2, Insightful)
Gore (Score:3, Insightful)
Al Gore isn't dead, he's just resting!
Re:This only punishes the foolish (Score:5, Insightful)
Re:I can't believe Google would do this! (Score:4, Insightful)
Grow up, lemming (Score:3, Insightful)
Well, grow up. Even if this particular one doesn't affect you, it does show the kind of privacy problems that google has _again_. And it seems to be perfect illustration of what a few Google deffecters were ranting about recently.
Depending on what of their services you use, Google usually has a lot more data about you than your name. E.g., your searches, the news/mailing-lists you're subscribed to, your credit card number if you use their payment processor, possibly your medical history, etc. Heck, it even has the contents of your emails. Now that's something to worry about.
Now also bear in mind that a lot of that information has the potential to be worse than it really is, if taken out of context. E.g., if you're a Muslim and searched for "AK-47 tactics", I can assure you that the nice guys from the government won't think of Counter-Strike first. And I hope you don't mind waterboarding if you search for a map that involves placing a bomb at a refinery, and used the wrong wording. It's the same guys who tried to data-mine grocery purchases to find terrorists, i.e., anyone who orders arab kinda food.
So, yes, stop acting like an emotionally charged idiot. I know that some people get a boner out of defending Google, but grow up. They do have a recurring QA problem, and they do store all data about everyone they can get their hands on. (See their fighting the EU to keep everyone's search data for ever.) Yes, maybe this time it doesn't affect you, but it illustrates a broader problem they have. Unless they start taking QA and privacy seriously, it's only a matter of time before they leak something a lot more sensitive.
Re:This only punishes the foolish (Score:3, Insightful)
Drifting OT but I've found that MD5 passwords are a great way to have unique passwords for a site, eg.
md5("MySecretPassword-www.somesite.com")
Means you can use 1 password for everything without revealing it to any sites