Google+ to close following security flaw publication

October 9, 2018 // 10:54 a.m.

Tags: #ben-smith #buzz #dodgeball #flaw #insecurity #jaiku #lively #orkut #security #social-networking #vulnerability

Companies: #google

Google has announced it is to remove the consumer-facing functionality of its Google+ social networking service, following confirmation of a serious security flaw which it has been accused of deliberately hiding from its users.

Google+, like Google's previous social networking efforts Orkut, Dodgeball, Jaiku, Lively, and Buzz, was not a stellar success for the company. While efforts were made to boost adoption by tying Google+ into the company's other platforms, including Gmail and YouTube, it failed to tempt people over from industry behemoth Facebook - and now the company is shutting its doors for good, putting an end to the latest in a string of cancelled social networking ventures, following the disclosure of a major security flaw in the platform.

Details of the flaw were released not by Google, however, but by the Wall Street Journal, which cites anonymous sources plus leaked internal documentation as providing proof that Google knew about the issue but actively chose to hide it from users. While Google admits it made a decision not to go public, it has denied the WSJ's claims that it hid the problem out of fear of regulatory reprisal but rather that it could not find any evidence of abuse that would tip the issue over its internal reporting thresholds.

'Our Privacy & Data Protection Office reviewed this issue, looking at the type of data involved, whether we could accurately identify the users to inform, whether there was any evidence of misuse, and whether there were any actions a developer or user could take in response,' Google vice president of engineering Ben Smith claims in a blog post on the matter. 'None of these thresholds were met in this instance. We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.'

With an estimated 500,000 accounts affected by the bug, which allowed access to non-public content include personally identifiable information such as name, email address, occupation, gender, and age, and the likely comeback from its decision not to alert the owners of said accounts, Google is officially closing Google+. 'The review did highlight the significant challenges in creating and maintaining a successful Google+ that meets consumers' expectations,' Smith explains. 'Given these challenges and the very low usage of the consumer version of Google+, we decided to sunset the consumer version of Google+. To give people a full opportunity to transition, we will implement this wind-down over a 10-month period, slated for completion by the end of next August. Over the coming months, we will provide consumers with additional information, including ways they can download and migrate their data.'

The closure is only partial, however: While consumers will find Google+'s doors firmly locked, enterprise customers will be able to continue to use the service - should they so choose - with new features 'purpose-built for businesses'.

At the same time, Smith has detailed a range of new privacy and security features, under the codename Project Strobe, including more granular permissions over data sharing inspired by its Android permission dialogues and limitations to the types of data particular applications can access on both desktop and mobile.


Discuss this in the forums

QUICK COMMENT

Week in review

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU