Possible Privacy Hole in Google+

I noticed that if a friend of mine decides to share a link with me, the share falls in the range of a “limited network” and is only visible to me. This share is only visible to two people: myself and the sharer.

If I wanted to share his post from my stream, I may do so by clicking share. Google+ is aware that the original share was in a limited network, so there is a message that pops up:

This post was originally shared with a limited audience — remember to be thoughtful about who you share it with.

I can still decide to share the post anyway, but there is a problem: the share attributes the original poster. So if Johnny had a link from someecards.com and shared it only with me, I can reshare this link with my extended circles (but not public circles) and the share would attribute Johnny as the originator of the link.

This yields an unintended result: Johnny is exposed as a sharer of potentially explicit content, unbeknownst to him. In fact, I could exclude Johnny from seeing my reshare, but his name would still be attached to the post. I could simply create a circle with everyone but Johnny included.

The implications for this privacy hole are obvious: a person’s name is at stake if the share was meant to be private. But, there is also a general point that needs addressing: when you share a link with someone with confidence, what does it mean? I find it can mean:

  1. Johnny has given you (and only you) permission to reshare the link with his name on it.
  2. Johnny has shared the link with you so that the link stays with you.

Option 2 seems like the more intended purpose of a limited share. If Option 1 is the case, then perhaps Google+ doesn’t have a problem. But, it seems more likely that users would want their privacy maintained. The ideal fix would be to eliminate attributions on reshares entirely, or not allow reshares that were intended for a limited network.

This entry was posted in Features, Google and tagged , , . Bookmark the permalink.