Gmail Reveals the Names of All Users 438
ihatespam writes "Have you ever wanted to know the name of admin@gmail.com? Now you can. Through a bug in Google calendars the names of all registered Gmail accounts are now readily available. All you need to find out the names of any gmail address is a Google calendar account yourself. Depending on your view this ranges from a harmless "feature" to a rather serious privacy violation. According to some reports, spammers are already exploiting this "feature"/bug to send personalized spam messages."
Is This Evil? (Score:4, Interesting)
Re:This only punishes the foolish (Score:5, Interesting)
Gmail strips out punctuation. So email to First.Last@gmail.com goes to the same inbox as FirstLast@gmail.com
Re:This only punishes the foolish (Score:5, Interesting)
I know individuals with a hell of a lot of sense who would give their real names in such a situation.
So? Part of the reason for that is that full names in and of themselves are not really a security risk. I walk around all day in public with an ID badge that gives my first and last name. Big deal. Our names are our public identifiers.
Re:This only punishes the foolish (Score:5, Interesting)
there are some cases where Google is a good alternative to other options.
Comment removed (Score:1, Interesting)
The *real* security risk... (Score:4, Interesting)
...is that this will allow Phishing scams aimed at GMail users to *seem* so much more plausible.
What? You expected humour?
Serious FERPA Violation (Score:5, Interesting)
The Families Educational Rights and Privacy Act of 1974 allows a student at a university to require the university to not release their name to anyone. For example, if you check for my name at my school's phonebook, you'll find I'm not listed. If you call my registrar's office and ask for information on me, they'll tell you that they don't have a student by my name. You see, it's against the law for them to even confirm that I'm a student.
Since many schools have outsourced their email systems to Gmail, anyone can generate a full roster of student names through this trick. This could obviously result in many violations of FERPA.
Re:This only punishes the foolish (Score:3, Interesting)
Because it looks unprofessional (may be a pro or con depending on the business)
ie mike@mikesauto.com versus mike34534@hotmail.com
There is also the superficial sense of security. When I send email to Mike at his domain I'm pretty sure he is the only one reading it (although it very well could also be the isp, hosting domain, his sysadmin, and NSA). When I send email to hotmail or gmail, perhaps unfounded, I have the feeling that if they felt like it MS or google could be reading the emails and no-one would know it and/or a security breach could leak access to everyone's email.
Spam doesn't worry me, it's privacy. (Score:5, Interesting)
This goes well beyond the scope of SPAM. Once they match your real name with your e-mail, they can start finding out what you do online, what sites/forums you visit, etc (Google knows everything).
I'm much more worried about ID thieves finding out about my life than about getting personalized spam.
Re:This only punishes the foolish (Score:3, Interesting)
As have I - But that has no bearing on whether or not people give GMail their real names. I know I sure as hell didn't, despite using that account for a number of legitimate purposes, including professional contacts.
And as a bonus, anyone foolish enough to spam me under a name I give to a random website actually helps my spam filtering, because I never give my real name. If someone sends "Petrov L. Aster" (as just one example I might use for my Slashdot handle) a notice that he has an inheritance from a Nigerian uncle, that message doesn't even make it to my "once a month quick look through non-whitelisted garbage" folder - it meets a hard blacklist and goes straight to
Re:This only punishes the foolish (Score:4, Interesting)
eBay sent this message to FULL NAME (account)
Your registered name is included to show this message originated from eBay. Learn more.
The "Learn more" link takes you to http://pages.ebay.com/help/confidence/name-userid-emails.html [ebay.com] which explains
Since people who send out spoof emails often don't have your first and last name as well as eBay User ID, receiving an email that contains this information should increase your confidence that the email was sent by eBay.
Re:Just last week at work... (Score:2, Interesting)
If you're talking about the ads displayed alongside your emails, Google never said they read the emails, just that their systems scan the emails for key words to make the ads relevant. That is quite a bit different from reading the actual email.
That being said, I still feel it is a bit too questionable, and a bit too close to actually reading them, so I generally only use the gmail address for non-important tasks.
Even so, bringing up the whole "Google reads your email!" line this late into the game is either a very bad troll, or just somebody trying to ride the wave of being over-emotional (or funny, but that is unlikely, I think).
There Is No "View" -- Outright Incompetence (Score:2, Interesting)
The summary states, "Depending on your view this ranges from a harmless 'feature' to a rather serious privacy violation."
There is no view, this is absolutely an outright product of incompetence, oversight, and cluelessness. This is definitely a bug, even if Google touts it as a feature. We've seen this before, with Google calendar appointments/conference call numbers made publicy accessible via incompetence.
Inexcusable.
Re:This only punishes the foolish (Score:3, Interesting)
A better method for customizing your registered email address is to use "+" on the left side. "me+example.com@gmail.com" should be directed to "me@gmail.com" by their system. I say "should" simply because I've never tested the "+" feature with "."s in "it."
"
I"m sorry, I seem to have a quotation infesta""tion. The information"s correct, though.
Re:This only punishes the foolish (Score:1, Interesting)
Which is why I strip out the dot when registering to sites and the little filter that drops everything without the dots into my trash takes care of any resulting spam. :)
Just google being google (Score:3, Interesting)
I've used about every service that they have had, and this is pretty much how everything they do works. You don't opt in for anything, you have to figure out how to eventually opt out.
You fumble through the options screen and finally find the right combination of checkboxes that doesn't throw your name out there, and let everyone see everything by default.
"Hey guess what users, we added this nice option that lets everyone see your real name, address, and link to a picture of your house on google maps. Don't worry, it's been already enabled for your convenience!"
Re:This only punishes the foolish (Score:2, Interesting)
I've received e-mails sent to vincenzo.myaccount@gmail.com, ornella.myaccount@gmail.com and many others. I DONT own those accounts, how could you explain that?
I've got them right there on my inbox. And I personally know four people that saw the same thing. I've reported it to google two times in its time and so far I've received no reply.
Re:Privacy... (Score:3, Interesting)
In other news, purchasing cigarettes and alcohol require you to disclose your first and last name when you show your ID! Even worse, there are rumors that every time you make a purchase using anything other than cash you have to disclose your first and last name.
Perhaps in the US, but here in the UK you don't have to show ID to buy alcohol or tobacco unless you look like you might be under age. Even that's a relatively recent thing - 16 years ago I had no problem buying alcohol at 16 and 17 (age limit is 18 here - yes, I looked older than my age, but not that much older).
Additionally for the last couple of years paying by card has meant putting it in a card reader, the member of staff dealing with the transaction doesn't even have to see the card, let alone your name.
I'm not arguing that this bug is some horrible privacy violation. I'm just pointing out that people in different countries have different expectations regarding privacy, and Google provides a global service.
Re:Is it really that big of a deal? (Score:3, Interesting)
Not to mention that my employers have started (without any process of considering implications whatsoever) started to use Google services for all their meeting arrangements, annual leave sheets, some internal email communications. I imagine some other places are doing the same. I wonder if it will get to the point where having your Google account suspended will be cause for a dismissal. At any rate, not everyone has the option of not using Google. I imagine the number of such people will increase.
That explains something (Score:2, Interesting)
Andy