Google+ Is Shutting Down, but Your Virtual Security Could Still Be at Risk

google plus shutting down

On Monday, Ben Smith, Google's Vice President of Engineering, announced that what has to be one of the biggest flops in the company's history is about to meet its maker. Google+, once touted as Google's way of crushing Facebook, will soon be no more. The platform will be permanently shut down in August 2019, and during the remaining ten months, you can download your data and close your account if you so desire.

Some people will be preparing their handkerchiefs. There are even petitions, with over 20 thousand users urging Google to reconsider. Mind you, in the gigantic world of social media, 20 thousand isn't such a huge number. For most users, Google+'s demise will be a shrug-and-move-on moment.

Not exactly an unexpected move

Google+ was launched in 2011 to a lot of excitement and hype. It was Google's answer to Mark Zuckerberg's ever-growing social media empire. It was supposed to re-think the web, put people in circles, make sharing easier, and many other concepts that only Google's marketing people understood. In the beginning, Mountain View even teased its users by giving invitation-only access to a few of its users before the platform was open to the public.

When the requirement was finally lifted, however, nothing happened. Facebook continued to grow, and even smaller competitors like Twitter and Instagram managed to keep users interested for longer. If you need any proof of this, you can just check out Ben Smith's blog post. It says that a whopping 90% of all user sessions on Google+ are over within 5 seconds. Compare this to the time you wasted on Facebook today.

Google+ will remain in the history books as a major failure, but from one perspective at least, this is a good thing.

A buggy API exposed private information of at least half a million people

Google's management vocally admitted that Google+ isn't as popular as they were hoping it to be, but Monday's post suggests that this is not the only reason for the social network's death.

At the beginning of 2018, Google launched Project Strobe, a thorough review of the mechanisms third-party apps use to interact with users' Google profiles. When the security researchers got to a set of APIs known as Google+ People API, they noticed that thanks to a bug, applications had access to some private information.

Whenever an app is connected to a Google account using the said APIs, the account owner is aware of the fact that some of their personal data is shared with the app. Because of the bug, however, apps also got to look at some private information. Not many specific details were given, but apparently, that private information included the user's name, email address, occupation, gender, and age.

Google's security people claim that for privacy reasons, the APIs keep usage logs for a period of two weeks, and that as a result, they can't be sure how many people have been exposed. What Ben Smith did point out is that during the two weeks prior to the bug's discovery in March, around 500 thousand users were put at risk. Imagine how much bigger this number would have been if Google+ was as enormous as Facebook.

You get the sense that Google wants as little noise around the vulnerability as possible. The company announced that the security hole was patched shortly after its discovery, and using bold formatting, Ben Smith emphasized on the fact that there is no evidence of someone exploiting the bug and stealing users' data.

That said, some people aren't happy. For one, many are criticizing the search engine giant for discovering the bug way back in March and then failing to publicly disclose it for the next seven months. As we all know, in the digital world, a lack of evidence doesn't necessarily mean that something hasn't happened, and according to a Wall Street Journal report, the bug was first introduced way back in 2015. The lack of logs means that anything could have happened over the last three years.

In other words, some of the information on your Google+ account might not have been as private as you thought it was. Make sure you bear this in mind while you're going about your everyday online business.

October 10, 2018

Leave a Reply