Sunday, August 29, 2010

Google must respond and plug this leak!!

Here I had described a surprising behaviour from Gmail. The bottom line here was that Google was using knowledge about my work email address which was configured in gmail as a backup address ( I will cover this in a different post when i have some time), in ways that can be clearly construed as a breach of privacy boundaries and at the very least as very unusual behaviour.

Quick recap - I had sent a calendar invite from my work address to someone at a fairly well known startup. The response to that calendar invite was automatically forwarded to my gmail address and my gmail address was exposed to all the people on this invite list without my consent. This is a clear breach of privacy. The reason for providing additional email addresses to an email provider are -

1. For forwarding emails to another address
2. For recovering account information in case one forgets his/her account information

To use this information in a way that exposes more information than i seek to share with others, is a clear breach of my privacy. Google must plug this leak. There are a lot of other dangerous possibilities once a service provider tries to stretch functionality that spans natural boundaries like professional life and personal life. It is critical that each function that spans these natural boundaries is evaluated for inadvertent or intended privacy abuse.

For example, assuming Gmail allows me to configure multiple mail forwarding addresses for specific kinds of rules (which it does). I may want to forward emails related to a specific topic to my wife. This will require me to add my wife's email address as one of the email addresses in my gmail account. My wife will actually confirm this as we'd have discussed this offline. Now if this acceptance is used to construe (mis) that both these email IDs are mine, i may start to receive calendar invites sent out by my wife from her email account. My gmail experience is just a step away from this possibility.

Calendering conflicts in today's world span personal and professional commitments and hence Google is trying to deliver functionality that allows you to keep your gmail calendar with your work calendar. But these are boundaries that need to be tread very carefully. We, the consumers, cannot leave this responsibility solely to Google and must raise concerns everytime we come across an interaction with Google or similar companies that don't look correct. This is the age when, consumers have to be doubly vigilant. It is hard to not provide information as you seek functionality but policing the usage of that information must be done by consumers.

Google must respond to this !! If you have experienced similar issues with other sites/providers please post it in the comments here so that we can investigate and raise awareness of these issues.

No comments: