

Gmail exposes personal email addresses. - elliottcarlson

Earlier this month I posted on the Who's Hiring thread on HN and today I was setting up a phone interview with a candidate for next Monday. During the process I have used my work email address exclusively which is hosted on our own internal Exchange server.<p>As a courtesy, I sent a meeting invite to the parties here at my company, as well as to the applicant, whom is using a Gmail account. The problem is that when the applicant responded to the meeting invite (initiated from my work email) it sent the response to my personal Gmail account, marking that account as the meeting organizer.<p>I confirmed with the applicant that he sees my personal Gmail account as well and this concerns me. I have no expectations of Google not knowing who I am and linking those accounts together on their side - it does bother me that they would simply switch the email address out for my personal one. In this case I don't really care if the applicant has my personal email address, but at the same time, what if I did?<p>TL;DR Google exposes personal Gmail addresses when meeting invites are sent from Outlook on accounts it knows are linked together.<p>(Edit: Changed title to be less tongue in cheek and more to the point)
======
pkamb
(I don't think this is the exact problem you have, but a related 'exposing
other email addresses' issue with gmail)

There is a long-standing gmail bug that Google refuses to act on:
[http://www.google.com/support/forum/p/gmail/thread?tid=2cb03...](http://www.google.com/support/forum/p/gmail/thread?tid=2cb03772f39c2d61)

Basically, you've always been able to import and send via other email
addresses from your gmail account. Either another gmail account or
yourcustomemail@example.com

A while ago they added settings to send through your own SMTP servers when
using an @example.com custom email through gmail. This removes all traces of
your gmail account from the email header.

But for some reason they inexplicably _don't_ allow this option for imported
gmail accounts! So even though they control all the gmail mail servers, you're
still forced to send "on behalf of" your main gmail account.

This is a really annoying exposure of your main email address. No longer can
you have a main/professional personal account, and then an anonymous linked
email to use otherwise. Every time you use the anonymous account it lists your
main account as well in the mail header.

To make matters worse, Outlook often replies to and highlights the "on behalf
of" account rather than the account you sent with. Major annoyance when
dealing with companies using Outlook. The root issue is gmail's fault though.

------
devinrhode2
I had one experience where I was sending a new project (YouTubeAdBlock.com) to
EVERYONE in my contact list.

Somehow, gmail had found my instructors personal email, added it to my contact
list. For some reason my instructor was really mad about me sending him it...

------
mryan
Can you replicate it, or provide steps so others can try?

~~~
elliottcarlson
Easily - we replicated it here a few times now with some of my co-workers
email accounts.

I simply use Outlook to schedule a meeting. I add an invite to anyone using a
gmail.com account. That request goes to the intended recipient and they see my
personal gmail account as well as my Outlook based account.

Couple of notes:

1) Outlook does not know anything about my Gmail account. It's not added in
there etc.

2) Google DOES know about my work account. It's under my personal settings on
my Google profile, because I use it for various Google Group mailing lists.

Even if Google knows that the two accounts are the same person, it's a major
privacy issue IMHO to expose any of the linked accounts like that. I have
submitted this to Google with all the information I am aware of.

(Edit for formatting)

~~~
mryan
Thanks for the detail. I completely agree, exposing linked accounts is a
serious privacy issue (assuming you didn't click a box that says "we will link
your accounts whenever you invite someone to a meeting" ;-) ).

------
olegious
when did email addresses become like social security numbers? so someone finds
out your email? block them, problem solved. yes they can find your FB account,
but that shouldn't be public anyway...

~~~
elliottcarlson
I don't care if anyone has my email address, Facebook or Twitter. It's one of
the reasons I use my full name to post on HN - I personally want to be found.
The problem is that not everyone is of that mentality, and that while this
might seem like a minor info leak, it can still be damaging.

I wouldn't want one of our producers, assistants, whatevers to schedule a
meeting with an important client, only for it to reveal some AOL style
username contain at least the numbers 69 and some reference to a body part. I
also wouldn't want some of our more intense clients to have one of their
personal email addresses and either email them there, or look up any of their
Facebooks etc.

The bottom line is that it is an information leak that according to their
privacy policy is guarded against.

------
avstraliitski
Yeah, I've noticed this too and it sucks.

