Alexander's Blog

Sharing knowledge with the global IT community since November 1, 2004

Should You Delete Your Personal Google+ Profile ASAP?

/
/
Security


It shouldn’t be a surprise to anyone that Google encourages individuals and businesses to use their Google+ social networking profile. The more data you enter in your profile, the better it is for them because they can use it in different ways to profit from it. Unfortunately, Google has been unable to prevent Google+ data leaks. The first Google+ data leak was announced in October 2018 and then in December we heard about a second Google+ data leak.

Risks Associated With Google+ and Google Hangouts

If you are not familiar with Google+ profile that’s because it has been a big failure. In his article written for PCWorld.com after the first data breach in October 2018, Michael Simon asked “If a social network that no one uses gets breached and no one uses it, does it make a sound?” After the second Google+ security breach in December 2018, Michael suggested users should delete their Google+ profile right away. I totally agree with him.

Using Google+ social network essentially means you are willing to risk your privacy. I have been telling people for years to stay away from Google+, Google Hangouts, and other similar services because of the privacy and security risks associated with them. People often have a tendency to think that bad things only happen to others, or if too many people are using Facebook their own privacy can’t possibly be at risk because Facebook would never let that happen. Sometimes people are shocked to discover that the images they share via Google Hangout Chat with others are not private to them. Anyone can view any image you share on Hangouts. When last year one person reported this as a security bug through Google Vulnerability Reward Program, Google’s response was that it’s not a bug, it’s a feature. Apparently, the developers intentionally designed Google Hangouts this way.

The First Data leak (500,000 users impacted)

The first data leak in October 2018 exposed private information of 500,000 users to third-party developers. The data leak was blamed on a software glitch and what did Google do to tell the users when they found out about the data leak? Absolutely nothing. Following the pattern of other big organizations, such as Premera Blue Cross, Home Depot, and Marriott who kept the security incidents secret from their customers, Google too decided not to tell the users for months. Unfortunately, hacking and data leaks have become so common as of late that several of these large security and privacy incidents are hardly even mentioned on the nightly news. The list of private information that was leaked included name, email address, age, and occupation. See a more detailed list at the end of this article.

The Wall Street Journal said that Google knew about the data leak in the spring of 2018, but the public didn’t know about it until October 2018. Google’s CEO was briefed on a plan not to tell the users about the reason of the data leak. The Wall Street Journal reported, “A memo reviewed by the Journal prepared by Google’s legal and policy staff and shared with senior executives warned that disclosing the incident would likely trigger “immediate regulatory interest” and invite comparisons to Facebook’s leak of user information to data firm Cambridge Analytica.”

After the first data leak, Google announced that it will shut down Google+.

The Second Data Leak (52.5 million users impacted)

The second data leak this month impacted a whopping 52.5 million users. Instead of trying to get the users attention and clearly announcing this disastrous security incident, there was an article posted on Google blog titled, Expediting changes to Google+, as if Google was making significant enhancements to improve Google+. The title of the article should have been Expediting Google+ Demise because inside the article was the acknowledgment of a new bug that caused this second data leak and Google’s announcement that Google+ will be shut down for good. According to Google’s V.P. of Product Management, G Suite, “We’ve recently determined that some users were impacted by a software update introduced in November that contained a bug affecting a Google+ API.” Seriously? Some users? Yes, some 52.5 million users. Later in the same article, Google’s V.P. states “We have confirmed that the bug impacted approximately 52.5 million users in connection with a Google+ API.”

After the second Google+ data leak in 2 months, Google announced that Google will sunset all Google+ API in the next 90 days and it will deprecate Google+ in April 2019, instead of August 2019 as it had previously planned. When it comes to privacy, Google has been criticized frequently in the past. However, in the recent years Google has made a lot of progress and the Europe’s General Data Protection Regulation (GDPR) has a lot to do with it. As Google continues to gain people’s confidence, consumers want Google to pay more attention to protecting their privacy.

What Type of Information Was Exposed?

Here’s a partial list of users’ personal information that was exposed. As you will notice, some of this applies to businesses, such as organization name, job title, etc.

NOTE: Google had the list posted on its developer’s site, but that page was broken as of 11/1/19 without any redirection.

  • Full name
  • Honorific prefixes (such as “Dr.” or “Mrs.”)
  • Nickname
  • Email address
  • Date of birth
  • Gender
  • URL of user’s profile
  • Photo
  • Biography (About Me)
  • Relationship status
  • List of URLs for the user
  • A list of current or past organization with which the user is associated
  • Organization name
  • Job title
  • Type of organization (school or work)
  • The date user joined the organization
  • The date user left the organization
  • A list of places where the user has lived
  • Primary residence
  • User’s skills

Deleting Your Google+ Profile

As I mentioned earlier, I think deleting your Google+ profile right away is a good idea. It’s going away anyway, so why not just delete it now. If you are unsure whether you have a Google+ profile, simply log in to your Gmail account and then type https://plus.google.com in your Web browser. If you see the link Join Google+, you don’t have a Google+ profile and you are in good shape.

Join Google+

If you have a Google+ profile and would like to delete your Google+ profile, use the following procedure.

  1. Sign in to Google+ at https://plus.google.com/.
  2. Your screen may look something like this. Click Settings.
    Configure Google+ Settings
  3. Scroll down to the bottom of the page and click DELETE YOUR GOOGLE+ PROFILE.
    Delete Google+ Profile
  4. You will be taken back to the login page to verify your identity. Enter your password.
  5. On the following page, read the information in each section by clicking the down arrow, before deleting the profile, so you know what the consequences for deleting your profile are. If you still want to delete the profile, click Delete.

    Delete your Google+ profile

  6. Once your profile is deleted, I recommend you go back to https://plus.google.com and verify that you see the option to Join Google+, which means you are no longer a member of Google+.
    Join Google+
  7. Deleting Google+ profile deletes Google+ and other services and data that depend on it, but it doesn’t delete content in your Gmail, Hangouts, or Google Talk. It also doesn’t affect the status of your Google account. It can, however, protect your privacy and make you more secure.

According to Google, very few people are using Google+ and despite the two major data leaks, Google is going to wait until April 2019 before shutting it down. If Google can’t protect your privacy, at least users have the option to delete their Google+ profile and avoid being a victim of yet another security breach. The question that a lot of people have on their mind is why did Premera Blue Cross, Home Depot, Equifax, Marriott, and now Google kept the data breach secret from their customers?

It would be nice if the organizations that collect and store massive amounts of user data would make protecting it a higher priority. It would also be nice if they tell their customers right away when there is a security breach so at least they can take some actions to prevent identity theft or minimize additional exposure. Don’t you think?

Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background.

Copyright © 2018 SeattlePro Enterprises, LLC. All rights reserved.

  • Facebook
  • Twitter
  • Linkedin

Leave a Comment

Your email address will not be published. Required fields are marked *

This div height required for enabling the sticky sidebar