Bennett Haselton: Google+ To Gmail Controversy Missing the Point

Bennett Haselton: Google+ To Gmail Controversy Missing the Point 244

Posted by samzenpus on Monday January 13, 2014 @12:09PM from the read-all-about-it dept.

Bennett Haselton writes "Google created controversy by announcing that Google+ users will now be able to send email to Gmail users even without having those Gmail users' email addresses. I think this debate misses the point, because it's unlikely to create a deluge of unsolicited email to Gmail users, as long as Google can throttle outgoing messages from Google+ users and terminate abusive accounts. The real controversy should be over the fact that Google+ users can search a public database of the names of all Gmail users in the first place. And limiting the ability of Google+ users to write to those Gmail accounts, won't do anything to address that." Read below to see what Bennett has to say.

To begin with, remember that on Facebook (which I no longer use, but which I keep up with) does allow you to search for other members' names and send them messages even if they have not yet accepted your friend request. Facebook users are generally not shy when it comes to complaining about problems with the site, but I've never heard Facebook users complaining about junk messages from strangers. (It's true that if you get a message from a user outside of your friends list, it gets routed to the "Other" folder of your Facebook inbox. But similarly, Google says that messages from strangers on Google+ will get routed to a Gmail user's "Social" tab of the inbox.)

So I expect the amount of actual unsolicited emails from Google+ users to Gmail users to be almost a complete non-issue, for the same reason that it's not an issue on Facebook. I assume the reason that Facebook users get so few junk messages, is that Facebook can limit the number of outgoing messages sent per day by any one account (although I don't know what that limit is), and can shut down accounts that are reported for abuse. Yes, a spammer could continually create new accounts to send more messages, but if you create too many Facebook accounts from the same IP address, and each account created from that IP address gets flagged for abuse, Facebook might start disallowing new accounts created from that IP. You could switch your IP address continually, but at a certain point, spammers must have decided that creating disposable Facebook accounts for spamming purposes wasn't worth the trouble, because the simple fact is that they don't do it. So Gmail users are not in danger of buried in spam from Google+ accounts. (By contrast, conventional email spam grew to unmanageable proportions because anybody with an email server could send out millions of messages per day, unless their provider cut them off.)

On the other hand, I think we should be more concerned about the fact that anyone who creates a Gmail address automatically has a Google+ account created for them. This doesn't just mean that any of Google's claims about the "number of Google+ users" are inflated, if they're including everyone who signs up for a Gmail account. (That's a valid complaint, but it's between Google and their shareholders, since the rest of us don't need to care how many users Google+ actually has.) More importantly, it means that all of those users become part of a public database that is searchable by name.

As a test, I went to Gmail.com and created a new user account, entering the first and last name "Zanzibar Higglesbrain" which I figured was probably unique. (Fan fiction authors: knock yourselves out.) Then I logged back in under my own Google+ account, went to the people search page, searched for "Zanzibar Higglesbrain", and found 1 match. (I didn't even need the exact name -- entering "Zanzibar Hi" into the people search box, listed Mr. Higglesbrain among the results.)

Now, when I created the Higglesbrain account, how much up-front notice was I given that I would be adding myself to a public database? I went through the normal signup process, viewed through the eyes of a novice -- after typing in Gmail.com, I was redirected to a page on accounts.google.com with the innocuous title "Create your Google Account", and entered my personal information. On the next page is the somewhat confusingly worded message (I've also posted a screen shot here):

How you'll appear

Choose how you appear across Google by creating a public Google+ profile.
Include a photo - you can update it at any time.
[Link:] Add a photo
[Button:] Next step

This message is misleadingly worded because the phrase "by creating a public Google+ profile" implies that's something you can do, optionally, if you want to. It doesn't really disclose the fact that the profile is being created for you as a side effect of signing up for Gmail. The wording might be interpreted, rather, to mean that your profile will only be created if you upload a photo (which is not the case; your profile gets created regardless). And besides -- what if the user is a novice who went to Gmail.com because they saw all their friends using Gmail.com addresses, and have never even heard of "Google+"? If they haven't consented to their name being added to a publicly searchable database, it shouldn't be their responsibility to know what "Google+" is, so that they can object to their name being listed there.

After you click the "Next step" button, the final page in the account creation process says:

Welcome, [firstname]

Your new email address is [address]

Thanks for creating a Google Account. Use it to subscribe to channels on YouTube, video chat for free, save favorite places on Maps, and lots more.

Note what's conspicuously missing from this message: It doesn't mention Google+ at all, much less the fact that you have unwittingly "joined" it, where other users can find you.

I can think of a couple of scenarios where a user might object to their name being listed in a searchable user database, apart from just "on general principles". If you have a stalker in your past, and they find your name on Google+, it confirms for them that you're probably still alive, that you're probably active on the Internet, and that you're still going by the name that they knew you under. Or, if you have a very unique first name, anyone who knows it could search on Google+ to find your last name, even if you didn't want them to. Similarly, if you have a very unique last name, someone could use the search feature to find the names of your children and other relatives with the same last name, at least those of them that are using Gmail.

And this lack of user consent is a more serious problem on Gmail/Google+ than on Facebook, because most Facebook users create a profile with the general expectation that other Facebook users can find them. Some Facebook users had chosen not to make their accounts searchable -- and Facebook justifiably received a firestorm of criticism for removing that feature and forcing those users' profiles to become publicly searchable after all -- but the overwhelming majority of Facebook users had joined with the understanding that their profiles could be found by others. That's not a valid assumption about Gmail users -- if someone creates a Gmail.com email address, there's no reason to think that they believed they were joining a publicly searchable name database.

Google has tried to mollify people's concerns about emails from strangers on Google+, by specifying that anyone not already in your Google+ circles will only be able to send one message to your Gmail inbox, and will not be able to send more messages until you reply. But this misunderstands the privacy implications in, for example, the stalker scenario. If a stalker ex "Bob" really did find your name on Google+, they might try to tease out a reply by creating a Google+ account under the name of a friend "Alice" you and your ex had in common, and sending you a generic "How have you been doing lately?" message. Since that message probably won't raise any alarm bells (the message isn't asking for anything like a current address or phone number), you might not realize that just by replying, you've already done the damage (the stalker now knows your email address, plus the fact that it's still an actively used account).

Similarly, although you can modify your Gmail settings to prevent strangers on Google+ from messaging you, the ability to change a setting to fix a problem only helps a user if the user realizes when the problem is happening. For example, if the problem resulting from this new feature switch were a deluge of spam from strangers on Google+, then more and more users would get frustrated and look for information about how to stop the flood of spam, and most of them would find out about this setting and switch it off. But for combatting the stalker problem, this setting is useless, because by definition if a stalker finds you on Google+ (and tricks you into replying to a message and revealing your email address), you wouldn't know about that problem until the damage has already been done, at which point it's too late to solve it by changing a setting.

The only way to avoid this risk to people's privacy, would be for Google to ask Gmail users at the time they create a Gmail account: "Do you also want to create a Google+ account, yes or no? This means you will have a publicly searchable profile, and people who know your name will be able to find you." Some people would like to be found, some people would rather not be, and this would allow them to sort themselves properly.

But instead, we have an untold number of zombie Google+ accounts created whenever someone signs up for Gmail, which serve no purpose except to make it possible to find people who never confirmed that they wanted to be found -- all most likely for the reason given by Chris Taylor at Mashable, so that "Larry Page gets to claim increased Google+ user numbers on the next quarterly earnings call."