Top Stories

Laughing at the Google+ bug? You’re making a big mistake.


Google Doodles celebrates the search engine’s 20th anniversary as seen on the home page in Mountain View, Calif., on Sept. 27. (John G. Mabanglo/EPA-EFE) (John G Mabanglo/EPA-EFE/REX/Shutterstock)

A vulnerability in Google’s software has led to the potential exposure of information belonging to half a million accounts on its social network, Google+, the company acknowledged Monday — to which many people joked: Who cares?

This is a logic trap. Do not fall for it.

The idea that Google+ is some ancient relic of a bygone era is not relevant. What is relevant is that at one time, millions of people were persuaded to create accounts on Google+, accounts that still exist today, accounts that eventually became a danger to their owners — unbeknown to them — years after Google+ stopped being a meaningful social or cultural phenomenon.

It’s a story about the digital junk we create and promptly forget about, and how easily it can come back to haunt us.

For a time, Google made it so convenient to create a Google+ profile that you basically couldn’t make a new Gmail account without also signing up for the company’s social platform. Only those who were paying close attention could really avoid it. To this day, you might have a Google+ profile of your own and not even realize it. It may be linked to your current Google account, or perhaps a past Google account you no longer use, like a university email address. (Here’s how to find out if you have a Google+ profile — and if so, how to delete it.)

Google created Google+ in 2011, at a time when the Web was becoming increasingly social. That same year, Twitter became recognized for its role in mass protests across the Middle East and North Africa. Google was under mounting pressure to offer its own social product and to demonstrate that it had staying power just like Facebook.

Signing people up for Google+ while creating a general Google account seemed like an effective and competitive growth tactic: By 2012, Google was boasting that it had 90 million users of Google+. Google struggled to answer questions about how deeply engaged these users were, but at least it could claim that it had an answer to Facebook.

Today, Google acknowledges that hardly anyone is still really using Google+; of consumers who actually visit the site, 90 percent leave after five seconds or less, according to Monday’s company blog post. But just because nobody is active on the product doesn’t mean the accounts no longer exist. Google said that so far, it has not found evidence that Google+ profile data was misused.

Which brings us to the central point: The popularity of Google+ is a distraction when you’re thinking about Google+ as part of a consumer’s broader “attack surface” — the range of possible entry points for a hacker to gather information that could then be turned against a victim. The more accounts you have, the bigger your digital footprint and the wider your attack surface.

This is why the Google+ bug is no laughing matter. Dormant accounts represent a potential point of failure whether you find value in them or not.

Imagine if Facebook and Twitter fell out of fashion tomorrow. Seven years later, they announce that millions of accounts could have been leaking information. Would you laugh it off because everyone is on some other social network now?

Let’s block ads! (Why?)

Technology