I noticed that if a friend of mine decides to share a link with me, the share falls in the range of a “limited network” and is only visible to me. This share is only visible to two people: myself and the sharer.
If I wanted to share his post from my stream, I may do so by clicking share. Google+ is aware that the original share was in a limited network, so there is a message that pops up:
This post was originally shared with a limited audience — remember to be thoughtful about who you share it with.
I can still decide to share the post anyway, but there is a problem: the share attributes the original poster. So if Johnny had a link from someecards.com and shared it only with me, I can reshare this link with my extended circles (but not public circles) and the share would attribute Johnny as the originator of the link.
This yields an unintended result: Johnny is exposed as a sharer of potentially explicit content, unbeknownst to him. In fact, I could exclude Johnny from seeing my reshare, but his name would still be attached to the post. I could simply create a circle with everyone but Johnny included.
The implications for this privacy hole are obvious: a person’s name is at stake if the share was meant to be private. But, there is also a general point that needs addressing: when you share a link with someone with confidence, what does it mean? I find it can mean:
- Johnny has given you (and only you) permission to reshare the link with his name on it.
- Johnny has shared the link with you so that the link stays with you.
Option 2 seems like the more intended purpose of a limited share. If Option 1 is the case, then perhaps Google+ doesn’t have a problem. But, it seems more likely that users would want their privacy maintained. The ideal fix would be to eliminate attributions on reshares entirely, or not allow reshares that were intended for a limited network.