Feeds

UK data watchdog 'looking into' Google+ mission creep

Google + Profiles – pseudonyms = privacy headache?

3 Big data security analytics techniques

Updated: Exclusive Blighty's Information Commissioner's Office is currently "looking into" Google's recent ID verification rejig, The Register has learned.

A spokeswoman confirmed to us yesterday that no formal investigation is yet underway, but the ICO is nonetheless using official man-hours probing Mountain View's recent changes to its profiles and username sign-ups.

Google, in the meantime, has clarified its position on the Chocolate Factory's newly installed common name profiles policy that has been created to place its social network project, Google+, at centre stage within its online estate.

The company's product veep Bradley Horowitz responded to recent criticism levelled against Google's identity verification tweaks, which in the next few days will lead to the mass deletion of private profiles for the firm's products.

Meanwhile, the Google ID screws have been tightened elsewhere. For example, wannabe Gmail users are now required to insert their real names when creating an account* are asked to verify their account sign-ups by providing phone numbers to Mountain View.

In effect, pseudonyms are no longer welcome at Mountain View, despite recent marketing-motivated comments during the Arab Spring uprising that suggested otherwise. YouTube used as a revolutionary tool? Not so much. And arguably not at all any more, given the sudden banishment of anonymous users from the video-sharing service.

Horowitz did little to move on from the debate/row brewing over Google's latest efforts to grab more data from some of its unwitting users, who largely sign up to the company's products for free, thereby becoming the product – whether they realise it or not.

He naturally published his comments about ID ownership on Google+, after an earlier discussion on the changes between serial tech blogger Robert Scoble and Vic Gundotra, Google's engineering veep.

Horowitz was keen to point out that Google+ remained a work-in-progress, and claimed feedback would be heard. He also spoke of the need to be "transparent" about the common name policy tweaks. It's a debate, he said, that would continue for some time.

The Google products man then stuck firmly to Google+ territory. After all, it's a new landing page for the company, so the logic seemed to follow that a change in ID-handling within that tech was perfectly acceptable. Facebook, of course, has long insisted that individuals provide their real names to access the site.

"We've noticed that many violations of the Google+ common name policy were in fact well-intentioned and inadvertent and for these users our process can be frustrating and disappointing," admitted Horowitz.

"So we're currently making a number of improvements to this process – specifically regarding how we notify these users that they're not in compliance with Google+ policies and how we communicate the remedies available to them."

In other words, nothing's going to change about the policy, but Google will better inform its "test field-only" userbase.

Before users are suspended for having a name not consistent with the one on their passport, birth certificate, CV or other official document, Google will give them the chance to correct it, otherwise those individuals can expect to be locked out of Google+.

And here's the money shot: "[W]e're looking at ways to improve the signup process to reduce the likelihood that users get themselves into a state that will later result in review."

Horowitz then skates over the fact that people sometimes use either their real name or an anonymous handle depending on how they want to present themselves online. This can sometimes involve serious political or personal reasons, a lengthy list of which is provided by the Geek Feminism blog here.

"We've noticed that some people are using their profile name to show off nicknames, maiden names and personal descriptions," he wrote. "While the profile name doesn't accommodate this, we want to support your friends finding you by these alternate names and give you a prominent way of displaying this info in Google+.

"If you add nicknames, maiden names, etc to the 'Other names' portion of your G+ profile, those with permission to view those fields can search for you using that term."

Irony alert! Horowitz is a fan of the pseudonym, indeed he uses the name "elatable" on Twitter and elsewhere.

But, as with Facebook, there's no wiggle room for people who want to keep their anon ID entirely separate from their real name within Google+.

And perhaps that's as it should be for a site that screams "SOCIAL". For many the true disappointment is the sudden impact Google's efforts to create a social graph have apparently had on the rest of its online empire.

Horowitz said he wanted to "debunk myths" about what some see as a downright creepy ID verification shift at Mountain View, by saying his company "aspired" to have "great solutions" for the likes of "teenagers" and "disadvantaged populations".

But such an aspiration clearly isn't good at yielding revenues, as Google's money-shy YouTube has demonstrated only too well.

He added that other Google accounts would not suffer the same suspension state as Google+, if an individual violates the firm's common name policy.

In other words, Gmail, Calendar, Blogger, etc all remain active. The one thing he failed to mention: New sign-ups to these services won't be able to do so anonymously anymore* are increasingly required to link back to a central Google email account.

It's unsurprising, then, to see the UK's information commissioner's ears prick up.

We asked his office to specifically consider, courtesy of one disgruntled Reg reader, if Google's Profile service in its current state constituted a so-called "Directory of Subscribers" under the Privacy and Electronic Communications (EC Directive) Regulations 2003.

Brussels commissioner Viviane Reding previously indicated to this author that the likes of Google and Facebook had "nowhere to hide" on such data issues, given that the US-based firms have clear business interests in Europe.

Notably, last weekend Google began more strictly applying its anti-private profile policy to its online estate. The result was that some users of its Google+ project were unceremoniously dumped. And an outcry has already begun ... ®

Corrections

*This story was corrected on 2 August to clarify Google's current verification requirements for some of its services.

3 Big data security analytics techniques

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.