Bitdefender
Resource Center

BITDEFENDER RESOURCE CENTER


Second notable privacy flaw for Google+

by George Lucian Petre, on 01 July 2011

Hot on the heels of the news about a reshare bug on Google+, we’ve detected another flaw that should be of real concern to users

 The Financial Times already reported on the important privacy issue regarding the reshare feature that cannot be disabled by default, and this related flaw presents similar problems.

One of the main features of Google+ is Circles, the possibility to easily share the right content to the right people. However, once the content has been shared to a Circle, anyone can share it by default to other Circles. It boils down to the fact that the tagging feature can be bypassed by using the reshare option. Let's say user “A” shares a picture only to their “Close Friends” circle, and disables resharing. All it takes is for someone from that "Close friend" circle to tag a person from outside this circle in the picture. Once this has been done, that person can share the picture to anyone, in any way.

Whilst it's true that once someone has access to a picture they can save it and redistribute it, the concern here is that Google+ is promoting Circles as a way to be selective about how you share content, yet accidental and even deliberate sharing to other Circles is all too easy to do. Let’s not forget, if it happened to Bono, it can happen to anyone.

UPDATE:

Acording to ZDNET, "As pointed out in the comments, it looks like a partial fix is now available, as a drop-down menu has been enabled for users to disable resharing after a post has already been made." We have tested again, and seems like the resharing disabled feature is working. However, the problem remains that tagging is not fully connected to sharing rights. So, if someone tags users that do not have the right to see a photo, they are still able to do so. 

UPDATE nr. 2:

Let’s explain the process here in a little more detail(with the current status of the issue):

1.  George shares  a photo with his friend Tim, and disables the resharing option(pic1, bottom image)



2.  Tim tags a third person, David, in the photo - the post is automatically cloned with different sharing settings

3.  This means that the photo will be automatically cloned in a post  that can be shared (pic2) with whoever he wants.

George Lucian Petre

Product Manager - Social Media Security

Submit comment

On Jul.1.2011 10:07

Catalin said

I'm waiting for the "see who viewed your Google+ profile" scams :D
Any bet?

On Jul.1.2011 18:04

Michele said

I already shared this post on Google+, now everybody can see it outside of those nice blue circles, or not?
Interesting article!

On Jul.2.2011 14:29

PASQUALE-BARBATO said

quando metto la sicurezza del bitdefender..esce prima un nome e cognome senza foto ...dopo esce il mio profilo .la persone e John Doe..come fare ,non mi sento al sicuro ; ho ruba dati o' altro ..

On Jul.3.2011 02:28

Online Strategies said

Ultimately the circles getting overlapped?

Bitdefender`s Security News & Alerts
Stay safe online. Click here if you want to receive the latest news and alerts on computer threats, viruses and scams.
Daily "Did you know?"
On July 31, 2008, the Koobface computer worm started to target users of Facebook and MySpace; and new variants still constantly appear.
Authors
Categories
Malware City

Antivirus Software For Home Users
Business Security Solutions
Latest News
Tools & Resources