
Google Calendar Unexpectedly Leaks Private Information - edent
http://shkspr.mobi/blog/2014/01/another-google-privacy-flaw/
======
leephillips
This article has pretty much the same content as my article from March, 2010:
[http://lee-phillips.org/gcaldisaster/](http://lee-phillips.org/gcaldisaster/)

Even the titles are similar: this one's called "Another Google Privacy Flaw";
mine was called "Another Google Privacy Disaster Brewing". So people have been
complaining about this since at least 2010, and Google by now has pretty
firmly established that they don't care.

~~~
edent
Hi Lee,

Although I did search for information about this issue, I didn't come across
your blog.

I'll update mine with a link to yours.

T

~~~
leephillips
No worries - I didn't mean to imply that you copied me, but just to point out
persistent this problem has been, and to underline the fact that Google
doesn't consider it an issue.

------
raverbashing
So the way to solve this is to create a note on my calendar with "Remind to
complain about this to vic.gundotra@google.com larry.page@google.com" ?

~~~
master-ruse-man
What about we flood their calendar about this? ;)

~~~
frandroid
[http://i3.kym-
cdn.com/entries/icons/original/000/012/132/tha...](http://i3.kym-
cdn.com/entries/icons/original/000/012/132/thatsthejoke.jpg)

------
brudgers
Privacy, where it exists, creates impedance in Google's cash flow because it
requires designing for some _n sigma_ tail where _n_ does not entail
statistical significance and the case analysis must be very fine grained.

Google doesn't have a category labeled "private" information". It never has
and creating one is not planned. Privacy is not amenable to computer science.
It is a social concept not a technical one. The closest technical concern is
security. It scales and so that is where Google devotes resources.

As far as Google is concerned: _All your bit are belong to us._

~~~
endtime
Do you have a source for this? I've worked on user data and privacy-related
stuff (I work on Maps, not Calendar) and everyone involved took it extremely
seriously. We sent PMs back to the drawing board more than once when we found
edge cases with potential privacy issues.

~~~
brudgers
Google's single identity policy is an obvious example.

Sharing that Google identity with other websites when that identity is logged
into Google is a less obvious one.

Analytics, cookies, personalized search results, etc. take it to Google's very
core.

Driving around collecting WiFi data, storing WiFi passwords, reading documents
via Docs and email via Gmail, and just plain crawling the web don't embody any
common language notion of privacy.

Instead security stands in for it. Two factor authentication for a Google
account is an example. It keeps a person's account secure but does not enhance
privacy because Google will still share and slice and analyze everything that
can possibly be associated with that account.

------
PythonicAlpha
That is one of the problems I see more and more often the last days:

Applications try to be extra-clever (more clever than their users) and think 2
steps further ... thus doing more than the users said.

So in my opinion, it is not only a privacy problem, but a problem of our
"computing-" era. Applications get more and more clever, but in the effect
they become extra-stupid, not doing what the user really wants, but doing what
the programmer thought (or worse, some weird AI thought) could be right to do
now.

I think, the reason is, that somehow applications must more and more show that
they are "better" than just simple eMail, or just simple groupware or just a
simple (you name it), as it existed before and as thousands exists as open
source apps. The way it goes, is adding some "extra benefit" (same as in the
food area) to the applications. But sometimes the extra benefit plainly
backfires.

That's also the reason, I shiver when I think that the car industry wants cars
that more and more take over control. That will become a big mess!

I also will reduce my usage of Google products, because it becomes more and
more "you have to do it the Google-way" products and I must say, that e.g.
Gmail has worsen it's user experience over time ...

~~~
genwin
> That's also the reason, I shiver when I think that the car industry wants
> cars that more and more take over control. That will become a big mess!

It's only a matter of time before any traffic infraction anywhere results in
an automatic debit from your bank account, and then Google lets everyone know,
with a sad-face icon next to your name.

~~~
PythonicAlpha
Yes, and people that insist steering their car themselves will be punished by
public opinion. They will be treated nearly the same way as Muslim looking
people in US airports directly after 9/11.

------
SunboX
Btw. ownCloud 6.0.1 was released yesterday:
[http://owncloud.org/releases/Changelog](http://owncloud.org/releases/Changelog)

~~~
est
God I love the idea of ownCloud so much but secretly hope it's not written in
PHP.

I run a wordpress site for 3 years, and one day a hacker took my site over
with a bug from a plugin.

~~~
rabino
Indeed, that's proof that PHP is bad. And that all other frameworks in other
languages don't have bugs that can be exploited.

~~~
krapp
(cough _yaml parser_ cough) ... indeed.

------
slazaro
The worst thing about things like this happening is the feeling of
helplessness when you can't reach anyone in the company or when they just say
"it's not a problem".

~~~
dredmorbius
Or the company shill shows up and burns through four HN accounts trying to
spread FUD.

[https://news.ycombinator.com/threads?id=ritikk](https://news.ycombinator.com/threads?id=ritikk)

[https://news.ycombinator.com/threads?id=ritikk2](https://news.ycombinator.com/threads?id=ritikk2)

[https://news.ycombinator.com/threads?id=ritikk3](https://news.ycombinator.com/threads?id=ritikk3)

[https://news.ycombinator.com/threads?id=ritikk4](https://news.ycombinator.com/threads?id=ritikk4)

(Should I add the 5th link or wait for him to create that ID as well?)

~~~
judk
What does "FUD" mean and how is it relevant here?

~~~
mnw21cam
Fear, Uncertainty, and Doubt.

------
djim
this is a feature. it's actually pretty awesome for setting up quick meetings.
It's a function of the "Quick add" feature that carries over into the title of
the event:
[https://support.google.com/calendar/answer/36604?hl=en](https://support.google.com/calendar/answer/36604?hl=en)

Edit: I am very familiar with Google's products, having helped many businesses
move to Google Apps through the years. "Features" like this often surprise
users and it is not unusual to get negative reactions. Normally, once you show
someone how it works and explain that it isn't likely to change, they adapt.

~~~
bentcorner
Ugh, I understand that it can be useful for some people, but I find natural
language parsing of calendar events intrusive and annoying.

99% of the time it ends up parsing a field incorrectly, and if I wanted to set
a field it's on the form anyway, so why bother? In this case, why parse out an
email address and send them an invite when there's an "invite" text box on the
same page?

If the _only way_ to set the time, date and invite list was to have the
subject line get parsed, it would be obvious that this sort of thing will
occur.

Honestly, to me this is a solution in search of a problem.

~~~
djim
but you can create an event from the calendar interface prior to going into
the event interface. from the calendar interface, it only gives you the option
of creating a title. so i can put meet with name@email.com and create the
event. that's it.

Google Calendar should TOTALLY notify you you are adding someone to the event
and ask if you want to send an invite. Also, if you are in the events
interface and add someone's email to the title, it should add that person to
the guest list on the fly. It should do these things, but it doesn't. I think
that is the root of the complaint, not the feature itself.

------
perfunctory
Should the word "unexpectedly" in the title be changed to "predictably"?

~~~
afhsfsfdsss88
I was thinking 'naturally'.

~~~
qwerty_asdf
Makes perfect sense!

------
aviraldg
This is not a "private information leak." It's expected behaviour. Entering
information in that field to create a new event results in Google Calendar
parsing your information as best as it can, to automatically set things like
the date, time, event description and of course, the participants (the
apparent privacy leak here.)

~~~
Elessar
If you're aware of the feature, it's not a privacy leak. If you aren't, it
could be very damaging.

It would have been nice if the first time the Calendar parsed and sent emails
on behalf of a user, it would ask if this is what they wanted. It doesn't have
to bug them ever again, but that's a single instance of training that would
minimize confusion.

~~~
aviraldg
[https://support.google.com/calendar/answer/36604](https://support.google.com/calendar/answer/36604)

~~~
Anderkent
Except that says: 'Who: This should begin with 'with' followed by a list of
email addresses; these are added to the guest list.'

'Email alice@example.com' does _not_ match this spec.

------
jbb555
I'm gradually stopping using all of google's services. One by one they either
turn out to have "features" like this, or they "improve" them into being
horrible. There isn't much left I use any more. And I used to like google a
lot... Times change

------
pgl
One annoying thing about this is that it allows spammers to automatically add
events to your calendar.

~~~
ZoFreX
So THAT'S how they've been doing it. For the past week I've been inundated
with spam events on my Google Calendar, it's been winding me right up.

~~~
gms7777
Theres an option in your settings for google calendar that is something along
the lines of "Automatically add invitations to Calendar" that you can turn
off, and I think it will fix that problem for you.

------
Shank
I'm going to take a stab here and say that "Automatically add invitations to
my calendar" being set to yes is what allows you to be on the receiving end of
this. Can someone try turning that setting off in the gear menu and repeating
this?

It would at least stop spammers (and people on HN from inviting execs to
reminders about this).

------
blueskin_
>Google really needs to work harder at protecting the privacy of its users.

They would need to start protecting it first.

~~~
aniket_ray
Google does work extremely hard trying to protect the privacy of its users.
Yes, we might miss the boat sometimes but let's not make blanket statements
like yours.

D: I work for Google.

~~~
UweSchmidt
Would you be so kind and provide your definition of "privacy"?

The first thing that comes to mind is how much information about users Google
itself stores and processes. This happened earlier and faster than people
learned and understood the consequences of.

The next thing would be how the real name policy can make it difficult to keep
someones Youtube-habits separated from a gmail/g+ account.

For you, do these two concerns fall under the term "privacy", or how do you
reconcile all of that with your claim "protect the privacy of the users"?

~~~
aniket_ray
I am not looking for a debate here but your points are related to Google's
algorithms analyzing user data. Google developers do not have access to that
data and Google does not reveal data to anyone. Yes, I consider our handling
of this data a success of our privacy engineers.

~~~
UweSchmidt
Thanks for the answer. I understand that times have changed and that revealing
that you're from Google is not as fun as it used to be.

The distinction you seem to be making between data that Google has and data
that is "revealed to anyone" is misleading in my opinion. No matter who has
the data, "privacy" is concerned.

Also I need to call you out on your blanket statements that Google developers
have no access to that data (clearly, some would, as part of their jobs, also
[1]), and that data is not revealed to anyone (seriously?). As of January
2014, this position is not defensible and you might have to face a more
nuanced, and possibly inconvenient reality.

[http://gawker.com/5637234/gcreep-google-engineer-stalked-
tee...](http://gawker.com/5637234/gcreep-google-engineer-stalked-teens-spied-
on-chats)

~~~
aniket_ray
Thanks for understanding.

The reference you point out was a one-off event from 2010 though, and a lot of
our systems and checks have developed in the subsequent years to prevent a
recurrence.

I'll concede the point about my blanket statement especially when talking
about NSA and Government espionage though. All I can say is Google does fight
in courts against that. I wish I had a good way to stop spying completely. All
we can do is continue to make our encryption stronger.

~~~
UweSchmidt
Additionally, when the dust settles and people figure out what's really going
on in all those data-collection companies, we need clear regulations what kind
of data may be collected, how it is used and when it must be deleted.

The data, properly analyzed, represents an immense power and has to be
transparent and under democratic control. In the EU the first steps go into
this direction already.

------
stevep98
This reminds me of the interesting security implementation in Netscape
Calendar. Among the interesting security practices:

\- the server sends the (obscured) password to the client, so the client can
check it

\- if you want to look at another person's calendar, the server will send you
the person's entire calendar, with the 'public/private' flag of each entry.
It's up to the client to decide whether to show the user each entry.

\- If you click on another person's private entry, the calendar data was
copied to the clipboard. Paste it somewhere to view the details.

------
aareet
I discovered this by accident some time ago as well but I've always
appreciated the convenience - when I add an event using the Quick Add dialog,
it's very useful for me to be able to say "Movie Night with alice@example.com"
and have it show up on Alice's calendar automatically. I use it all the time
at work and at home and it saves me time from having to go to the dedicated
event creation page to add people.

~~~
fastest963
I don't think anyone is arguing the potential usefulness of the feature. It'd
just be nice to know when its going to happen and have an alert box verifying
that you actually wanted to add the user to the event. The alert box could
even have an "Always do this" option.

------
ddalex
A good friend told me once: " the moment you enter info in an electronic
device, you can assume it's public ".

It was in response to me getting a pic of him wearing red thongs (dont' ask),
but the point stands in regards to Google, any email account, your PC, your
phone, and everything else.

~~~
zorked
I worry about an overly defeatist point of view here. Just because the
security situation is so bad right now does not mean that it is unavoidably
so.

------
username223
Spammers gonna spam. Those around in the 90s should remember the usual email
address obfuscation techniques.

------
polemic
I've had bad experiences with this "feature" lately too - scammers can pop
notifications into my phone simply by "inviting" me to events. I have no idea
that anything is afoot until my phone pings me the notification.

------
CreakyParrot
In a big-picture sense, it's only unexpected if one doesn't realize that
privacy is inherently in conflict with their business model.

------
ujjwal_wadhawan
Yes, It actually adds an invite in my other calender (other email account)
without confirming. Surely a privacy issue.

------
edent
A quick note to say I've received an email from Google - the calendar team are
treating this as a bug and are implementing a fix.

Hopefully it should make it a lot more obvious to users when a meeting
invitation is about to be sent.

------
cturhan
My golden rule, never ever put any personal information on the web especially
on google. If possible, don't even use your real name.

~~~
scott_karana
Is your last name Turhan, by any chance? ;)

(If you were being sarcastic, I rescind my comment)

------
petrel
If this was any other company like Microsoft, Every one will enjoy.

------
xenophanes
does it really count as unexpected at this point?

------
jbsmith86
when will it end?

------
ritikk3
A couple of things:

That is expected behaviour, email address in reminders applies coordination.
It's basically parsing your command correctly 'email this address'.

Second, the zdnet post you link to towards the end is full of inaccuracies:

[https://news.ycombinator.com/item?id=7107554](https://news.ycombinator.com/item?id=7107554)

~~~
amirmc
It's evidently _not_ 'expected' behaviour from the point of view of the user.
Just because you happen to put an email address in the title of a _calendar_
event doesn't imply that I expect the software to go and send messages on my
behalf.

~~~
ritikk4
Then we disagree. Especially if it's in the title it indicates you want to
coordinate with the email you just entered.

A proper way to do it is, Title: "Email Alice", Description:
"alice@example.com".

~~~
Shooti
A good UI would make it explicitly clear by highlighting the email address
and/or by auto adding an explicit entry to the guest list.

At present there's no way to predict the behavior until after the fact.
Something with that much consequence (sending an email to an unintended
recipient) should never be done silently. By all means take the initiative
with autofill etc, but the user should have the final say.

If the supposed design revolution within Google
([http://www.fastcodesign.com/3016268/google-the-
redesign](http://www.fastcodesign.com/3016268/google-the-redesign)) isn't just
for show, the Calendar team (assuming there even is an ongoing team) clearly
hasn't been touched by it and that ought to be corrected.

