Gmail Has a Privacy Problem - gHacks Tech News

Gmail Has a Privacy Problem

You might have already read elsewhere that it is possible to reveal the real name of any Gmail user by sharing a calendar in Google Calendar with him. Let me explain how this is done. Google Calendar can be loaded in the header area of Gmail after logging in. A click on settings will load the settings where users can change all sorts of information like the date format and time zone.

A click on the Calendars tab loads the calendars that are currently active. A click on the Calendar loads the details of that calendar with information about the calendar timezone and addresses. There is also another tab in that view that lets the user share the calender with other users.

A click on the Share This Calendar tab displays a list of all users who have access to this calendar with the option to add new users by pasting their email address into the form field.

The problem arises if a Gmail email address is pasted into that field. Nothing happens until the changes have been saved and the question if the user should be invited if he does not use Google Calendar is denied.

The full name of the user is disclosed int he Share This Calendar tab even if that user has chosen a gmail address that is not made up of his first and last username.

This might not seem like a big deal for many users but this is a honeypot for spammers. All they need to do is enter email addresses to find out the real name of the user to send out personalized spam. You probably would not react to a phishing mail asking you to login to your eBay account if the name would be missing or be wrong but what about if the real name would be there ?

Advertisement

We need your help

Advertising revenue is falling fast across the Internet, and independently-run sites like Ghacks are hit hardest by it. The advertising model in its current form is coming to an end, and we have to find other ways to continue operating this site.

We are committed to keeping our content free and independent, which means no paywalls, no sponsored posts, no annoying ad formats or subscription fees.

If you like our content, and would like to help, please consider making a contribution:


Previous Post: «
Next Post: »

Comments

  1. darkkosmos said on July 18, 2008 at 12:57 am
    Reply

    This is a privacy problem assuming every used their real names on gmail, for example I’m not John Shaw :)

  2. Martin said on July 18, 2008 at 1:00 am
    Reply

    THAT’S SHOCKING! It’s a valid point. But many users access other Google services like Adwords or Adsense where they have to use their real names.

  3. Jojo said on July 18, 2008 at 1:54 am
    Reply

    What I want to know is where the spam comes from on gmail! I created a new gmail account a few months back that I use for sending resumes (strictly professional use and to a very limited number of people). Yet within a few days, I was getting spam mail on that account.

    While Google does a good job of dumping most all spam into the spam folder, I’d like gmail even better if they could find a way to not even send me the spam (or not allow it into the system in the first place).

  4. dualsub2006 said on July 18, 2008 at 6:45 am
    Reply

    You’re a little late to the game on this one. Google has closed this hole. I tried it after I read about this a few days ago and it worked. Now it does not.

  5. Martin said on July 18, 2008 at 9:45 am
    Reply

    That’s funny. I tried it just before I wrote the article and it worked.

  6. MrD666 said on July 18, 2008 at 9:46 am
    Reply

    Personally, it does not bother me all that much. I really have been lucky that my GMAIL account (which is my primary account that I use) has been virtually spam free. I used my real name! and I haven’t gotten any personalized spam ever that I am aware of, and I had a gmail account from day 1. I do share my calendar with a select few but again, no problems, YET. Still for those with the conspiracy theories against GOOGLE and everything they do… just great more FUEL for the FIRE.

  7. sug said on August 2, 2009 at 9:03 pm
    Reply

    while spam filtering,the entire body of the email is scanned in gmail or in any email service providers..so is this spam filtering reduce the privacy of the users or security of the email is reduced..?

    1. Martin said on August 2, 2009 at 9:05 pm
      Reply

      What has spam filtering to do with that?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

Please note that your comment may not appear immediately after you post it.