Gmail Has a Privacy Problem

Martin Brinkmann
Jul 18, 2008
Updated • Mar 23, 2014
Email, Gmail, Security

You might have already read elsewhere that it is possible to reveal the real name of any Gmail user by sharing a calendar in Google Calendar with him. Let me explain how this is done. Google Calendar can be loaded in the header area of Gmail after logging in. A click on settings will load the settings where users can change all sorts of information like the date format and time zone.

A click on the Calendars tab loads the calendars that are currently active. A click on the Calendar loads the details of that calendar with information about the calendar timezone and addresses. There is also another tab in that view that lets the user share the calender with other users.

A click on the Share This Calendar tab displays a list of all users who have access to this calendar with the option to add new users by pasting their email address into the form field.

The problem arises if a Gmail email address is pasted into that field. Nothing happens until the changes have been saved and the question if the user should be invited if he does not use Google Calendar is denied.

The full name of the user is disclosed int he Share This Calendar tab even if that user has chosen a gmail address that is not made up of his first and last username.

This might not seem like a big deal for many users but this is a honeypot for spammers. All they need to do is enter email addresses to find out the real name of the user to send out personalized spam. You probably would not react to a phishing mail asking you to login to your eBay account if the name would be missing or be wrong but what about if the real name would be there ?


Tutorials & Tips

Previous Post: «
Next Post: «


  1. sug said on August 2, 2009 at 9:03 pm

    while spam filtering,the entire body of the email is scanned in gmail or in any email service is this spam filtering reduce the privacy of the users or security of the email is reduced..?

    1. Martin said on August 2, 2009 at 9:05 pm

      What has spam filtering to do with that?

  2. MrD666 said on July 18, 2008 at 9:46 am

    Personally, it does not bother me all that much. I really have been lucky that my GMAIL account (which is my primary account that I use) has been virtually spam free. I used my real name! and I haven’t gotten any personalized spam ever that I am aware of, and I had a gmail account from day 1. I do share my calendar with a select few but again, no problems, YET. Still for those with the conspiracy theories against GOOGLE and everything they do… just great more FUEL for the FIRE.

  3. Martin said on July 18, 2008 at 9:45 am

    That’s funny. I tried it just before I wrote the article and it worked.

  4. dualsub2006 said on July 18, 2008 at 6:45 am

    You’re a little late to the game on this one. Google has closed this hole. I tried it after I read about this a few days ago and it worked. Now it does not.

  5. Jojo said on July 18, 2008 at 1:54 am

    What I want to know is where the spam comes from on gmail! I created a new gmail account a few months back that I use for sending resumes (strictly professional use and to a very limited number of people). Yet within a few days, I was getting spam mail on that account.

    While Google does a good job of dumping most all spam into the spam folder, I’d like gmail even better if they could find a way to not even send me the spam (or not allow it into the system in the first place).

  6. Martin said on July 18, 2008 at 1:00 am

    THAT’S SHOCKING! It’s a valid point. But many users access other Google services like Adwords or Adsense where they have to use their real names.

  7. darkkosmos said on July 18, 2008 at 12:57 am

    This is a privacy problem assuming every used their real names on gmail, for example I’m not John Shaw :)

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.