UK data watchdog 'looking into' Google+ mission creep

Google + Profiles – pseudonyms = privacy headache?

SANS - Survey on application security programs

Updated: Exclusive Blighty's Information Commissioner's Office is currently "looking into" Google's recent ID verification rejig, The Register has learned.

A spokeswoman confirmed to us yesterday that no formal investigation is yet underway, but the ICO is nonetheless using official man-hours probing Mountain View's recent changes to its profiles and username sign-ups.

Google, in the meantime, has clarified its position on the Chocolate Factory's newly installed common name profiles policy that has been created to place its social network project, Google+, at centre stage within its online estate.

The company's product veep Bradley Horowitz responded to recent criticism levelled against Google's identity verification tweaks, which in the next few days will lead to the mass deletion of private profiles for the firm's products.

Meanwhile, the Google ID screws have been tightened elsewhere. For example, wannabe Gmail users are now required to insert their real names when creating an account* are asked to verify their account sign-ups by providing phone numbers to Mountain View.

In effect, pseudonyms are no longer welcome at Mountain View, despite recent marketing-motivated comments during the Arab Spring uprising that suggested otherwise. YouTube used as a revolutionary tool? Not so much. And arguably not at all any more, given the sudden banishment of anonymous users from the video-sharing service.

Horowitz did little to move on from the debate/row brewing over Google's latest efforts to grab more data from some of its unwitting users, who largely sign up to the company's products for free, thereby becoming the product – whether they realise it or not.

He naturally published his comments about ID ownership on Google+, after an earlier discussion on the changes between serial tech blogger Robert Scoble and Vic Gundotra, Google's engineering veep.

Horowitz was keen to point out that Google+ remained a work-in-progress, and claimed feedback would be heard. He also spoke of the need to be "transparent" about the common name policy tweaks. It's a debate, he said, that would continue for some time.

The Google products man then stuck firmly to Google+ territory. After all, it's a new landing page for the company, so the logic seemed to follow that a change in ID-handling within that tech was perfectly acceptable. Facebook, of course, has long insisted that individuals provide their real names to access the site.

"We've noticed that many violations of the Google+ common name policy were in fact well-intentioned and inadvertent and for these users our process can be frustrating and disappointing," admitted Horowitz.

"So we're currently making a number of improvements to this process – specifically regarding how we notify these users that they're not in compliance with Google+ policies and how we communicate the remedies available to them."

In other words, nothing's going to change about the policy, but Google will better inform its "test field-only" userbase.

Before users are suspended for having a name not consistent with the one on their passport, birth certificate, CV or other official document, Google will give them the chance to correct it, otherwise those individuals can expect to be locked out of Google+.

And here's the money shot: "[W]e're looking at ways to improve the signup process to reduce the likelihood that users get themselves into a state that will later result in review."

Horowitz then skates over the fact that people sometimes use either their real name or an anonymous handle depending on how they want to present themselves online. This can sometimes involve serious political or personal reasons, a lengthy list of which is provided by the Geek Feminism blog here.

"We've noticed that some people are using their profile name to show off nicknames, maiden names and personal descriptions," he wrote. "While the profile name doesn't accommodate this, we want to support your friends finding you by these alternate names and give you a prominent way of displaying this info in Google+.

"If you add nicknames, maiden names, etc to the 'Other names' portion of your G+ profile, those with permission to view those fields can search for you using that term."

Irony alert! Horowitz is a fan of the pseudonym, indeed he uses the name "elatable" on Twitter and elsewhere.

But, as with Facebook, there's no wiggle room for people who want to keep their anon ID entirely separate from their real name within Google+.

And perhaps that's as it should be for a site that screams "SOCIAL". For many the true disappointment is the sudden impact Google's efforts to create a social graph have apparently had on the rest of its online empire.

Horowitz said he wanted to "debunk myths" about what some see as a downright creepy ID verification shift at Mountain View, by saying his company "aspired" to have "great solutions" for the likes of "teenagers" and "disadvantaged populations".

But such an aspiration clearly isn't good at yielding revenues, as Google's money-shy YouTube has demonstrated only too well.

He added that other Google accounts would not suffer the same suspension state as Google+, if an individual violates the firm's common name policy.

In other words, Gmail, Calendar, Blogger, etc all remain active. The one thing he failed to mention: New sign-ups to these services won't be able to do so anonymously anymore* are increasingly required to link back to a central Google email account.

It's unsurprising, then, to see the UK's information commissioner's ears prick up.

We asked his office to specifically consider, courtesy of one disgruntled Reg reader, if Google's Profile service in its current state constituted a so-called "Directory of Subscribers" under the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Brussels commissioner Viviane Reding previously indicated to this author that the likes of Google and Facebook had "nowhere to hide" on such data issues, given that the US-based firms have clear business interests in Europe.

Notably, last weekend Google began more strictly applying its anti-private profile policy to its online estate. The result was that some users of its Google+ project were unceremoniously dumped. And an outcry has already begun ... ®


*This story was corrected on 2 August to clarify Google's current verification requirements for some of its services.

Combat fraud and increase customer satisfaction

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story


Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.