The end of Google Plus has sparked much debate about online privacy, but have we considered the concept of privacy in the social media age? What information actually got exposed?
Back in March, I wrote How to score real estate listings using Google Plus. Well, it now appears that as I was writing those words, the folks over at Google were discovering a security vulnerability that would ultimately lead to the announcement earlier this month that they would be shutting down the platform.
I don’t think it’s fair to say that I was totally wrong to recommend the platform as a part of your social strategy, that I led you astray into a cave of data insecurity or that I’m secretly a shill for the G-squad pushing the giant’s second-rate social products onto unsuspecting victims who are just trying to earn an honest living.
I mean, I don’t think anyone’s saying those things, but if they were, it wouldn’t be fair.
The fact is that Google Plus was very useful for many purposes, and it gave great additional search engine optimization (SEO) benefits for any content you posted there. Although I found it rather useful, I was far from the platform’s biggest fan, so if you’re looking for a heartfelt eulogy, I recommend Bill Gassett’s piece.
No, instead, I’d like to use this moment to consider the concept of privacy in the social media age.
What information actually got exposed?
Basically nothing. As far as we know, no information was exposed because of the Google Plus incident.
Google’s entire business model is based on learning as much about you as it can in order to do crazy oracle-esque predictions about what you’ll be willing to spend money on or what monetized content and ads you’ll click on. So you might be skeptical when you’re told that this is no big deal, but hear me out.
You give your own information out all the time
The actual vulnerability that Google reported finding is related to the information fields on your profile page. Normally, you can mark individual details like your age, employer, relationship status or any of the other optional static fields, as visible only to connections and not to the general public.
Normally, you need to explicitly authorize an application to let it see your non-public profile details.
It’s not as dire as we all fear
What went wrong in this case was that if you authorized an app to see personal details, the application could see not only your non-public details, but also those of anyone who shared the details with you, even if they themselves hadn’t authorized the application. Basically, they could see whatever you could see.
While this is a major faux pas in the online privacy world, Google’s blog post on the subject states that they have no evidence of any developer exploiting the vulnerability or even that they were aware of it.
I had a look at the data structure of a personal profile, and as much as I enjoy ringing the shame bell at large-centralized data hogs when they mess up, I have to agree that, if they’re being honest about the nature of the bug, this is seems like one of the less catastrophic data breaches.
It doesn’t include access to any activity data, personal files stored in the cloud or even your phone number.
Why am I not more outraged? Because, honestly, none of the information that was potentially exposed was anything I consider to be private.
What is private information, anyway?
If you work in real estate, you likely spend relatively large sums of money trying to broadcast your name, employer and contact information. If I type your name into Google and I don’t immediately learn all of those things, I’d say you’ve got a problem with your online presence.
However, other details, like your birthday or relationship status, might not be something you want out there in the world. Or, if you’re not in real estate or some other public-facing position, you might not want any of it out there. If that’s the case, why is it on your profile?
Even if you have complete faith in the ability of a platform to keep private information private, how are you considering anything you expose to your social media “friends” to be “private”?
Think about it: How thoroughly do you vet someone before accepting a friend request? Who among us can honestly say that their friend lists consist only of people whom they’ve met — and made the informed decision to trust — in real life?
If you just raised your hand, put it down, you liar.
Whether it was because they left a glowing comment on one of your posts, made a video that really resonated well with you or just happened to be an attractive member of some of the same groups, you’ve surely accepted someone into your list with less scrutiny than you give to a box of donuts in the office break room.
The person behind that keyboard could be any person (or bot) in the world, and you gave them access to absolutely everything that was supposed to be only for “friends.”
How to protect yourself
How do I keep private information from going public, you ask?
Put simply, don’t post it on the internet.
If your actual friends actually want to know your birthday, they can find a way to get it. They can do this through a rather ancient technology called “asking a mutual acquaintance.”
Don’t confuse your online sphere of influence with your actual friends. Consider the audience (everyone in the entire world, both present and future) before posting any information about yourself.
To avoid any ambiguity regarding whether you’re sharing something privately with a limited number of people you trust, or you’re sharing it publicly with everyone on the platform, just remember this one simple rule: If anyone can see it, then assume that eventually everyone will be able to see it.
How many social accounts have to be hacked before people will understand this?