Hacker News new | past | comments | ask | show | jobs | submit login
Google will shut down Google+ four months early after second data leak (theverge.com)
261 points by bhauer 4 months ago | hide | past | web | favorite | 126 comments

Yikes. A release in November introduced an API bug that was active for about 6 days, impacting 52.5 million users.

* With respect to this API, apps that requested permission to view profile information that a user had added to their Google+ profile—like their name, email address, occupation, age (full list here)—were granted permission to view profile information about that user even when set to not-public.

* In addition, apps with access to a user's Google+ profile data also had access to the profile data that had been shared with the consenting user by another Google+ user but that was not shared publicly.

FWIW, also from the blog post:

> We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.

> we have no evidence

I know you can't say "no one did", but I wish announcements like this gave some level of confidence. "All API calls are logged and no 3rd party made calls that exploited this vulnerability" is very different from "We have no idea if anyone used this, but there's no proof that they did".

I mean, one has to assume your data was exposed anyway, but still, it'd be nice to know.

Yeah, testing in production. I wish the tech industry would stop this madness and do QA before releasing. It's all about code velocity and shipping things, we need to hold ourselves to higher standards. I'm afraid unless there will be legal pressure and a framework it will continue this way.

There's nothing that says there's no QA/testing before releasing. "Testing in production" doesn't remove the ability to do testing before production.

You should be testing your software at every step of its lifecycle, especially in production. Production is where it matters if there's bugs.

That doesn't get as many clicks!

It still indicates a fairly massive failure in terms of process. If you have the tools to discover this in an automated fashion but those tools are not part of your release process so you find out about them in production a week later then something is quite borked.

If Google Drive had a failure like this it would be a lot worse than Google+. And that's a much more complex environment.

Drive doesn't have the dumb "shared and yet marked as private" superposition of user intent flags that g+ profiles do.

The technical constraints that protect data are pretty solid, and I have no concern at all about any kind of generalized breach or exposure with one of Google's core data systems like drive, docs, and Gmail. But looking at the sharing configuration for g+, it's just not intuitive what's shared and with whom, because the states seem to contradict each other.

You can have proper technical controls managing your permissions only if you can articulate what those permissions are supposed to be. And you can't just v2 the API with a better sharing model because users have already expressed their intent using the old model. You'd have to reacquire user intent, which is basically a non-starter.

So either you put up with a crap sharing model which is impossible to get right, or you delete everything and start over. It's no wonder they're killing it.

Weren't they also saying somewhere that they are only keeping the logs from the last 3 months or so? So saying "we don't have evidence" might be true, but means nothing compared to the 6 year span the bug was present.

6 days, not years.

A 'bug'. Don't give them so much credit. They could be selling the data off.

Again, this is poor reporting. It's newsworthy that Google+ found and disclosed a vulnerability in its own code, but there is no norm for reporting internally-discovered vulnerabilities and few companies reliably do it, especially in SAAS platforms where there's no end-user patching activity that needs to be motivated.

There's a colorable argument that you don't even want this to be a norm, because of the incentive problems it creates:


Regardless: bear in mind that you haven't even heard about a fraction of the horrible vulnerabilities internal teams at tech companies have discovered over the years.

As someone in the heart of trying to help people get off G+, what's particularly newsworthy is that after two full months (and two days) of radio silence on the Google+ sunset, the first substantive comment from Google is ... that the sunset has been advanced by four months.

We'd be recommending people be starting their migrations by Feb - May, and now they've got to complete them by April. That's something of a PITA.


There are 7.9 million Google+ Communities. Sure, 3.9 million of those are 1 (or fewer) users, but that leaves tens of thousands of 1,000 or more members. Even at only a few percent of those as active, that's a lot of communities and people involved. And Google+ has no effective community migration process.

Source on communities: I counted them myself, well, via sampling: https://old.reddit.com/r/plexodus/comments/9zx67d/google_com...

I haven't followed the Google+ saga, so forgive me if this has already been answered:

Does the shutdown of Google+ mean that Google Search users will get the + operator back?

put the term(s) in double quotes, it does the same thing, no?

Previous discussion on HN (2011): https://news.ycombinator.com/item?id=3140797

>I know from considerable experience that the plus operator had a distinct meaning from the quotes operator so this change definitely implies that Google queries will be less fine-grained no matter what quotes means now.


I remember those discussions, but I'm not aware of even one great example of how + was so amazing compared to "...". (others pointed out it allowed spellchecking, which is okay, but far from the secret dark arts)

It was a strict operator, as opposed to a fuzzy one. It's not just spellchecking per se, but a whole lot of other fuzzy logic that Google softens search terms with nowadays.

Yes, but this is a terrible hack. Double quotes originally meant "The phrase exactly as I typed it". When Google+ came along, they stole the plus operator and gave the double quotes a second purpose.

I've been online since Google was a new up and coming company. There is a world of difference between the civic mindedness of Google back then and Google now. Google has gone from something genuinely idealistic, to something scary and totalitarian. If you aren't of the same "tribe" as the typical Googler, then basically, you're a subject.

Granted, the amount of UI they are carrying along with them is much larger, but the attitude of Google with regards to existing users has gone from really cool to downright disdainful. If you aren't a 20-something or barely 30-something techie, they think you should just go along and acknowledge their intellectual superiority. What you want either agrees with what they want, or is misguided.

for me it does the exact phrase match thing. as it always did. and the + did the same thing as far as I remember. (sibling comments point out that somehow the + allowed a bit of flexibility - but that's what google does by default, so I sort of understand that people want a better search engine, but I still don't know what + did that was so magical.)

+ forced the presence of the following word, but multiple + operators did not force a specific relationship between the keywords. And google massages input keyeords a bit. A typo in combination with the +operator might have been corrected. With the multiple meanings of the double quotes this is not possible without being inconsistent.

“term” is require_exact_match(term) and +term was require(term), so the latter would, for example, allow spell checking, IIRC.

You know, I don't think any of this matters so much at all now, because I recently realized that SEO has totally destroyed some 90% of the technical utility that Google once had.

There was a time when one could ask meaningful questions and see links to useful websites like hyperphysics, engineering toolbox, and others. Now, even if you're lucky enough that Google recognizes the technical nature of your question, you still end up with a page full of ads, commercial websites, blogs, and unrelated garbage on the first page[1]. Remember when if it wasn't on the first page it probably didn't exist?

I only lament that I have no way to compare modern and legacy Google search functionality to prove the decline I've noticed for years. Even the way we search has changed, as Google seems to have normalized asking full questions instead of just searching for keywords.

The internet seems to be regressing. This is just one of many fronts. Of course Google is only partly to blame. Users and their obliviousness to harmful commercialization are also a part of the problem.

1. Unless you're asking a coding related question, in which case Google is still great for directing you to the correct stack overflow question.

So the old `+term1 +term2 +term3` is like the new `"term1" "term2" "term3"`, but with spell checking?

It's not really "term" - at least, it can't handle multiple words.

"foo bar" is actually treated like "foo" "bar", which is far less useful than it once was.

> "foo bar" is actually treated like "foo" "bar"

No it isn't. Compare "internal engine" with "internal" "engine":



You're correct, it does not work as I describe. My description of the problem was just wrong, so thanks for pointing that out.

However, it doesn't work the way it used to either.

I get frustrated once or twice a year about this, and every time I fight with the many (old) tutorial examples, but eventually end here: https://productforums.google.com/forum/#!topic/websearch/6gH...

Where we see that "foo bar" only says that "foo" will appear in the text before "bar" (but anything can be between them), and that's assuming the bug is actually fixed.

That status of "we think it's fixed and users don't agree" is the last I've ever seen.

Under "search tools", you can change "all results" to "verbatim" to fix that. Really not obvious, though.

I haven't had these issues.

Also, the intext: operator works for me (make sure there is no space after ':').

okay, but why only spellchecking, why not synonyms too? and bam, you got what Google does now by default.

Since the day Google removed the + operator, its search results changed in ways that make them less useful and i have doubts that they will be able to roll back all changes that were made to google since then...


I don't have the time and attention to reproduce the details now, but I want to say that the parent is not a glib answer. There are significant differences, where double quotes do not reproduce the plus operator's behavior and fall significantly short in terms of facility in controlling search results.

More than one author has described this better than I can, in articles, blog posts, and comments. (If you can "find" them -- heh; but of an unexpected joke come up as I type this.)

I'm not finding the pages I remember -- a bit ironic, and I checked DuckDuckGo to see whether that might change any... bias. But, here are a couple of starting points:


"6 common misconceptions when doing advanced Google Searching"


(Blogger "Javascript era/template workaround):


I wasn't aware of some of the tips described there, but still not parity.


The + operator has been replaced. (google.com)

261 points by hammock on Oct 21, 2011 | hide | past | web | favorite | 167 comments


The first link says that + was just double quotes :(

As I recall, not quite.

+ was an exact match. I believe it also precluded stemming; thus the ~ operator, when you wanted stemming (stemming: Not just "wonder", but also "wondering", "wondered", "wonderful", ...).

+ designated "must be in result". With double quotes -- this may be part of or in kind with other changes made to by Google to search results matching -- Google insists and becomes more aggressive at including results that don't include all the specified terms. Sort of a forced default "Did you mean..." inclusion that many find has come to clutter search results to the point of being unusable.

There are some other aspects, I believe, that I'm not recalling right now.

My experience seems to mirror others': I know what I'm looking for. I may well even have seen it, months or even years ago -- my memory's pretty decent, in such matters. Yet I can no longer get Google to cough it up in a search result -- or, it's on page 15 or 20. Despite my focusing my search terms to try to target it.

There are other factors in this degradation. But, to the best of my recollection, the loss of the + operator was a significant factor.

Others said the same thing, but still no concrete examples.

And the link in a sibling comment states that + is/was simply double quotes. No magic at all.

Could you give an example?

I didn't even have any idea it was disabled! What is it supposed to mean with regards to google plus content?

There's a lot of great content on Google+. Is anyone working on a script to archive some of it before it all goes away? Perhaps the fine folks at the Internet Archive (Wayback Machine)?

Specifically, I'm wondering if someone's working on a script that does the following:

- Ideally for each post URL given, it would preserve the post, and the comments (including the first few ones, not just the last few ones that are shown by default). It would be nice if it also preserves the +1s (including who +1d them), but that's optional.

- And given a user, it would do the above for each (public) post of the user, or (optionally) use your account to save (just for yourself) the posts that you can see.

There were a lot of people posting great stuff on G+ and resulting in wonderful thoughtful conversations (especially a couple of years ago), it would be shame to lose all that permanently.

(If someone doubts this: see e.g. (if you're interested in mathematics) the posts by https://plus.google.com/+TerenceTao27 https://plus.google.com/+TimothyGowers0 https://plus.google.com/+johncbaez999 etc, or https://plus.google.com/+DanPiponi for more CS-y stuff, or for more "general" stuff https://plus.google.com/+YonatanZunger etc -- and for all these people, especially in 2015-2016 or so.)

Edit: You can download your own content using Google Takeout https://takeout.google.com. Just learnt of these other places where this question has been asked / is being asked: this G+ community (https://plus.google.com/communities/112164273001338979772) and this wiki (https://social.antefriguserat.de/index.php/Main_Page) -- if you have any answers those may be good places to post too :-)

> Is anyone working on a script to archive some of it before it all goes away? Perhaps the fine folks at the Internet Archive (Wayback Machine)?

The archivist in me is screaming that yes, of course it should be archived.

The web-old-timer in me just shakes his head that people never learn to keep a copy of their content on the actual free - as in freedom - web, on their own website. Let it be a mere text file, uploaded by ftp, or a WordPress, or anything, just do it. Nobody should expect others to archive it for them. (For more on the topic, see http://indieweb.org/why ).

Back on topic: talk to https://www.archiveteam.org/index.php?title=Main_Page .

So, how does Google, which we all trust with our precious data end up messing up like this several times in a row?

If this is the company with the best security team in the world does that mean we should simply abandon all hope?

They didn't "mess up" in either instance. Both times, they did exactly what you'd want a professional software team to do: they caught their own bugs, internally, and immediately fixed them.

There was drama in the first instance because they didn't immediately disclose the bug. But disclosure of internally-discovered vulnerabilities in SAAS products isn't a norm. You see disclosure of bugs in consumer products, like the ones Apple issues, because they have to be disclosed to motivate end-user patching. That's not the case for serverside bugs, and you haven't heard about virtually any of the horrible vulnerabilities internal teams at tech companies have caught.

>>company with best security team

I think you are falling for Google's marketing efforts with a statement like this. Project Zero, where all the positive association around Google's security comes from has little to do with their product security. Their product security hasnt been so stellar, just look at Android. And don't forget the entire company was breached for a while without them knowing. Just trying to put things into perspective.

yes project zero is but a teeny tiny fraction of what google security does, but pointing out a flaw somewhere else does not bring down a house of cards. there’s no doubt google does have the best security team (overall) the world has ever seen.

sadly, they are a bit limited by product strategy.

Curious what metric you use to base your bold claim upon? It can't be Android or their corporate security strategy which was thoroughly breached by APT3.

My opinion is that, given the infrastructure and practices we have, anything that is in digital form will be eventually hacked in one way or another. It is just a matter of time. Unfortunately the best security team can't do anything about it.

The appropriate defense against this is to simply not collect any information that’s not necessary for the product, and any information you do collect, immediately anonymize (ideally client-side) and never keep the original data.

Unfortunately, Google (and Facebook) has a business model that depends on acquiring as much personal data as possible and keeping it forever.

It's depressing.

Its liberating. There is no information immortality.

Hacked data is more, not less immortal.

Let me rephrase that: there is no information privilege immortality.

What makes you think that Google has the best security team? Anecdotally some of their competitors appear to have a much better track record.

There is also a difference between "having a team of the best security people" and "having an organization that is best at security" I suspect Google is much more the prior and very little of the latter.

Yes. It's the same as it's always been: don't store precious data in the cloud. It won't be safe there.

Give how much code your browser executes without asking, how much phone-home calls modern OS do, how many crappy IOT are on your LAN, I wouldn’t say that your home is safer than the cloud.

Yes, well... this is why I use noscript, run Linux, and don't buy IoT devices!

Google has the best security team. But it doesn't necessarily mean the team is closely watching all of their services. And some services (say Gmail, search) have much higher priority than others.

tldr: don't use any Google services that have less than 1 billion monthly active users.

That's probably good advice that you could extend to other services too. Oh wait, Yahoo...

From the blog post:

> We discovered this bug as part of our standard and ongoing testing procedures and fixed it within a week of it being introduced. No third party compromised our systems, and we have no evidence that the app developers that inadvertently had this access for six days were aware of it or misused it in any way.

Yeah, imagine how that can go at other "trustworhy" companies holding your personal and credit card data :(

Does anyone know how or if this will affect OAuth2 logins? Several of the sites I run rely on Google OAuth2 and get the user's avatar using Google APIs. It's a simple thing that does not require Google+ but it's unclear to me how it will be affected.

What is this the 3rd or 4th social network Google has failed at?

It won't be affected. Google spent the last few years decoupling every useful G+ feature into standalone services, the account feature to me looks completely separate nowadays. Besides, without the OAuth provider, tons of integrations (that Google actively want on their products) would break.

G+ was such a silly play, when you consider that Google already had the key to centralized identity all along: the ubiquitous GMail account. They will continue to push that for sure.

I second that... basically all tutorials out there make use of the google+ api to log in.. would be a huge fallout all over the web ^^

This is why I gave up on oauth. In theory it's nice have somebody else manage your user accounts, but even facebook, which is not in imminent risk of a shutdown changes its API response periodically.

It amazes me that a company with all the resources that Google has repeatedly coming up with ideas and doing absolutely nothing effective with them. They've had some winners, like Chrome, and their acquisition of Youtube eventually paid off, but something as simple as a social media site and the best they can come up with from scratch is Google+.

As I understand it, Google is not well optimized for putting out new mass market customer-facing services and keeping them going. Their entire organizational hierarchy actually runs counter to this very idea, and you know, people at Google are just like people everywhere else. That is to say, they are just people.

The fact that every now and then they have a success speaks better of the specific team driving it than it does of Google as a whole organization. That is usually the case with any corporation though.

So basically, you can have all the resources in the world, but if you’re not organized well, then you will not accomplish your goals more efficiently than your smaller competitors. The fact that your competitors are comparatively resource starved probably helps them optimize better than you can, because what is just a side project to you is their entire existence to them.

> As I understand it, Google is not well optimized for putting out new mass market customer-facing services and keeping them going.

I've been reading the threads about Google killing off products - to the point where it's become a meme. Lost in this are the number of products killed off by other large tech firms. A shame because sometimes objectivity is lost in the analysis.

Your phrasing got me thinking about some of Google's successes (off the top of my head):

They have old successes in search and gmail. In these cases, they climbed their way to the top. The have google.docs, youtube (oldish) but entering TV/Movies now, android (not that old), Chrome Browser, ChromeOS & their entry into schools, translate, google.storage, maps, that dohickey used to stream video to TV sets (can't remember the name:)...

Google Plus probably deserves a quick death. I just wouldn't underestimate Google by downplaying their successes.

> that dohickey used to stream video to TV sets (can't remember the name:)...

Chromecast and it's probably one of the best things Google has built in recent years. It's entirely removed the need for me to hook up a media PC to the TV, and now I can just stream content from the home server. Also multi-participant Youtube parties are a thing, and work well (everyone can add things to a shared queue).

> Chromecast and it's probably one of the best things Google has built in recent years.

Yes, I love mine … and yet, why doesn't it have a remote. No, my phone is not a suitable remote: it's locked, so I must unlock it before I can do TV stuff with it. Also, for some reason Chromecast & my phone tend to desync a fair amount of time.

I've never been happy with the Apple TVs I've used, either (the UI is pretty painful), but at least they have remotes.

We've got a Chromecast and a Chromecast audio and whenever something is playing on either of them any Android phone in the house gets the ability to pause, skip or change the volume from the lock screen.

A remote doesn't make sense for it honestly.

It's still faster to pick up a remote & hit a physical button (possibly without even looking at it) than to pick up a phone, tap it to awaken it, wait for the screen to power on, look at it, find the button to pause & then hit it.

I would pay $20–$50 for a decent remote. I'd also love for the Chromecast to have the ability to use my accounts to play entertainment directly from that remote.

Sounds like you want an Android TV, or a Fire TV with Kodi+Plex+Kore+NewPipe+etc

Youtube - Aquisition

Android - Aquisition

Maps - Aquisition

Docs - Aquisition

Google is great at scaling up aquisitions and optimizing them for the audience.

> Google is great at scaling up aquisitions and optimizing them for the audience.

I'm not sure if I buy this line of thinking related to Google only. It just sounds like another dig. Most big tech companies are fairly good at either scaling acquisitions or buying them for their IP/Talent. Some big tech companies can't even get this right.

I'm still forced to ask myself: what was Android or Maps before the acquisition?

If we compare, for example, the hacked version of CP/M (that later become DOS) with Windows 10... can we not say the same for Android - pre-acquisition? Google has certainly done much more than simply optimizing it.

If it's basically an idea that Google's buying: the idea of a hut. Optimizing that hut might be akin to building a skyscrapper. At what point does Google get credit for actually building something useful vs "optimizing and scaling" (which I think has become another meme)?

This also still leaves us with Chrome, ChromeOS, Entry into schools, some hardware, and a host of other stuff someone more in tune with Google could address.

If the response is that Chrome is based on Linux, then the counter is that macOS is based on BSD. The question remains, what is Google doing differently from other tech firms. Might they actually be building a better mousetrap (re: their successes)?

Not a fan of Google. Just think that too often people box companies in and disparage the actual work they do while, in the meantime... they take over the world.

To make it clearer:

Maps - Acquired 14 years ago

Android - Acquired 13 years ago

Docs - Acquired 12 years ago

YouTube - Acquired 12 years ago

Are we assuming Google didn't change or innovate with those at all in last 10 years?

Maps - mainly cosmetic changes, though most of that was significant improvements

Android - significantly improved all over

Docs - never a big user, don't really know

YouTube - significantly better video quality, significantly worse user experience with everything else

Well, he did add that they were scaled up and optimized. That's where most of Google's innovation and engineering hours are spent on those products.

Maps and Youtube got worse.

Survivorship bias here. There are lots of other Google acquisitions that sank without a trace.

It seems the hit rate is low whether inside or outside Google.

The hit rate isn't as important as how well the hits perform. The list above has done quite well, and I highly doubt that Google has spent as much on the losers as the winners have made for them. If so, Google would be out of business (or close to it).

I don't know what you mean? The G+ UI is pretty good, certainly a lot better than Facebook was at the time when G+ launched. For a while, a lot of people were happy there, particularly in certain niches like photography.

It's a shame the implementation was so complex (apparently) that now it can't be easily maintained. This does seem to happen to Google a lot. It probably has more to do with too many resources, rather than not enough.

But maybe it's not simple to compete with Facebook. Maybe this has little to do with technology.

I don't know, but the whole Circles things was overcomplicated and average users didn't bother to put their followers into different circles, I am not sure how they thought this would work.

Perhaps I'm not average, but I certainly liked the ideas of separating my posts to family, close-friends, friendly-friends, and work-friends! Not because of secrecy, but just to be relevant/inoffensive. Not to mention people who DO have parts of their life they want to have, but also have separate. If a student wants to come out of the closet among close friends and discuss things openly without having that in their parents/grandparents/that one uncle's face, that seems like a pretty solid idea.

The only reason I didn't use it on G+ is that no one outside of my RPG circles was on it in the first place.

Circles was fantastic, and continues to be what I wish for in a lot of other networks. Mainly because there are people I follow loosely (don't mind seeing the occasional update from), and people I follow religiously (because I know them personally or care about every single thing they say). I used to maintain really primarily two feeds. One I cared to always read all the time, and one I'd browse when I was bored.

G+ mostly mitigated the frustration of it for people who didn't care years ago: You can just click follow and it puts them in a default following circle.

Circles is great for geeks who like to have such fine-grained control over their lives, both online and offline. For the rest of the world it doesn't really matter, and even if it does it is too difficult to set up and maintain. A company called Hyves in the Netherlands did much the same thing (but with a fairly crappy UI) long before Google+ came along. That fell to FB as well.

Are you seriously implying that concept of groups of people is too complicated for most human beings? O.o

I believe they're saying the interface was bad, not that the concept was hard. Friend lists are used all the time on Facebook.

Well, that's true. But being able to follow people (like on Twitter, not like friending on Facebook) is nice. As is not having character limits.

> as simple as a social media site

um "simple"? walks off cackling maniacally into the sunset

I've never worked at Google, but some of the commentary I've seen from people who have worked there suggests that performance reviews and promotions (at the senior levels) are heavily gated on your roles in releasing new products to users, with maintenance of existing products factoring in very little, if at all.

They should modify it so after launch it is based on active users. That will keep good things growing.

G+ wasn't that bad, technically speaking. They just failed at managing the political aspects of it, focusing too brutally on their own requirements, to the detriment of users' own: "we want your real names, so we can be the authority of record for everything! And we won't let you hack anything of importance on top of the platform, because we want our content clean!"... Compare with the free-for-all hacking bonanza that early twitter was, or the spam machine that Facebook is - social networks are powered by oversharing, an activity that G+ actively resisted in many different ways.

But technically speaking, they had the best support for high-quality photos, good features for private groups, and a few other wins on features like Hangouts.

RealNameGate was the tipping point from OK to bad IMHO. When they forced the issue, they lost a lot of goodwill. They should have done something similar to the optimal implementation of Twitter verified, merely to authenticate identity if the user desires (without bungling it as badly as Twitter has done).

doesn’t facebook require real name? that was g+ competition, and everything was referenced to that.

Not really. I think it was policy back when it was for colleges, when they exploded they basically renounced it because it was a hassle to check. Most people simply kept doing it, because if your friends use their name why should you hide?

something as simple as a social media site

Ironically, this is exactly the attitude that led Google to fail in social media! Why do you think it's simple? Because you think it's technologically simple?

Old Chinese proverb: He who chases two rabbits catches none.

Well, Apple failed with Ping, so I sometimes think that social media is a lot harder than any of us think.

According to my taste and requirements Google+ is (or was before they started adding unnecessary complexity to its model) by far the best social network I've ever seen. In fact "It amazes me that a company with all the resources that Google has repeatedly…" behaved like "the president of Madagascar" shutting down everything...[1]

[1] https://knowyourmeme.com/memes/shut-down-everything

Can we have Google Reader back now?

this is what i was looking for when i saw this headline.

They could have done soo much more with Google+ ... The hype was real up until launch. Really wish they had done things a little differently. Oh well... With all these leaks, I'm actually really glad they weren't successful with this.

Even after launch. But the Real Names policy and lack of write api killed any momentum.

So is this four months per new leak found or "half the distance to the goal line?"

I admit I actually rather liked Google+, for certain communities it was really active and well suited. However now that Google is decoupled and free from G+ shackles, it has really room to take off and grow in new areas, which is exciting to see. eg G+ logins will now be returned to G or Gmail branding, probably dramatically increases consumer confidence and mindshare, and other stuff. Developer teams can be fully redeployed to other products etc. Building of "micro" communities within Maps, YouTube, etc will accelerate, and that's really where it should be, rather than forced to accede to G+ product area.

How do I download all the discussions (posts with comments) I have participated in?

Google Takeout has two different Google+ entries that may have what you're looking for.

What are some good alternatives to Google+? I mean microblogs with subscribers/followers instead of friends, without a strict message length limit, with first-class comments, letting you to edit your posts and comments after you submit them and to limit access to particular post to a specific group of people?

Dreamwidth (Livejournal fork)? A recent Wired article: https://www.wired.com/story/tumblr-porn-bloggers-dreamwidth-...

There's a range of options, though what exactly depends on your goals and communities.


Is it accurate to call this a leak if no one actually took advantage of the vulnerability?

Did they ever unfuck the merging of Google+ comments with YouTube comments?


I suppose I’ll ask this here.

Does anyone know of a good way to archive a Google+ group. There is a bunch of good info about hacking the Kankun smart plug that I would like to preserve.

I really don't care what they do with the consumer version (who uses it?), but I'd like to see mapping and wayfinding features added to the paid GSuite version.

Data really has become radioactive.

That is so true.

Its like most of us live behind this wall of our behavior online, like it isn't shared unless there is a hack.

But its sold, shared and traded without us knowing it, and used to display a reality tailored to us with the unintended consequence of us living in a bubble and not seeing much outside the edge of the bubble.

This site is a great example of bubble breaking.


Google+ had 52 million users?

That should be the headline.

Everyone with a gmail address or youtube account was strong armed into having a google+ account, which counts as their "userbase" regardless of whether or not any of those people actually made use of any google+ specific features.

then it should be more than 52,000,000 people.

The vulnerability did not affect all of the users.

There are over 3.3 billion G+ profiles, based on the March 2017 sitemaps files, though how many of those profiles are active is something of an open question.

About 9% of Google+ accounts ever posted any public data. That's roughly 300 million profiles there, though for many of them, the posting was at best minimal.

Based on publicly-visible posting activity, I and Stone Temple Consulting independently determined that there were ~4 - 16 million profiles publishing on a monthly basis or better in 1Q2015. Given other forms of participation, it's reasonable to assume a ~10x larger general active, but lurking, population, which gets us to about 40 - 160 million users.

Various other forms of population estimation come up with fairly similar statistics. Keep in mind that until 2007, an online community with >10m users was extraordinary of itself. A few were larger (Google's own Blogger had 200m MUA in 2008, larger than Facebook at the time: https://techcrunch.com/2008/12/31/top-social-media-sites-of-...).

The most interesting thing about the 52 million user statistic reported is that it is in the general ballpark of at least one set of estimates of G+ user counts. A number on which Google have been showing remarkably more candor as of late, though far from crystal clarity.

I personally had some dozens thousands followers from all over the Earth on Google+, communicated to them actively through commenting and have occasionally met some of them offline when they traveled to my country.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact