Gmail Privacy Hole Shows User Names
Sharing a Google Calendar with another Gmail user can expose the first name and last name that the recipient of the shared calendar supplied to set up a Gmail account.
Finding out the name with which someone registered his or her Google Gmail account is as easy as sharing a Google Calendar.
Security researcher Aviram Jenik on Tuesday published details about this privacy oversight in a blog post. He attributes the issue to the strong linkage between Google's various services.
More Internet Insights
- Business Networks: Reduce the Cost of B2B Integration and Information Exchange
- Maximize the Effectiveness of Real-Time and Social Marketing Campaigns with IBM™ InfoSphere' Master Data Management
- High Bandwidth Internet Access: Opening Doors to New Capabilities
- The IPv6 Future Is Now: Are You Ready?
- Strategy: Using Google to Find Vulnerabilities
- How Google+, Facebook Impact Corporate Strategy: Social Media and IT at a Crossroads
By sharing a Google Calendar with another Gmail user, the sharer is able to see the first name and last name that the recipient of the shared calendar supplied to set up a Gmail account.
At the time this article was written, Jenik's technique still worked. A Google spokesperson said in an e-mail: "This is not a security issue. It was originally incorporated into the product to make it easier to send Calendar invites to Gmail users. However, we are currently taking steps to remove it."
For those who include their first and last names, or some variation, in their Gmail addresses, there's no real privacy issue since the address itself already exposes the information.
But for those with pseudonymous Gmail addresses or Gmail addresses with a deliberate generic association, such as "firstname.lastname@example.org," the revelation of the first and last name supplied by the account holder could be undesirable.
Not everyone who signs up for a Gmail account supplies accurate name information of course. But even placeholder information may play a role in identifying someone if that information can be associated with the individual through a Web search.
For example, an alleged identity thief was recently identified using a Google search in part because he supplied his first name while registering for an IM client account.