Google Release New Spam Bot In Form Of Google Plus
There has been a huge amount of hype surrounding the release of Google Plus, a social networking addition to their already robust portfolio and the main reasoning behind the Google +1 buttons that have begun to be implemented across search engine results pages and websites across the globe.
Well with so much anticipation to see exactly what Google have been able to create, once given the chance to sample the experience that many are yet to learn of but within minutes of access, the first problem has already raised its ugly head.
Testing of the Google Plus site has revealed that the latest offering from the online giants is a cloaked version of a spam bot that potentially is going to cause issues for millions of online email users.
So where does the problem arise?
The fact that Google Plus allows non Google Mail accounts to be placed into the contacts list within the site has opened up a huge security issue for email users based on the fact that Google have allowed you to share anything that you wish with huge contact lists, regardless of whether they use Gmail or not.
Here is an image of the screen box that you are presented with when you select to share something with your contacts, make sure to take note of the highlighted area as this is the extension of your ‘social circle'.
The adding of comments, links, videos and pictures has now become easy for those who are looking to use the site but the danger begins when malicious spammers begin to breach the Google Plus homepage and begin to share Trojans, viruses and botnets cloaked within links.
Okay so this isn't anything different than when you open your inbox and have offers from senders that are looking for someone to hold millions of pounds for them following the death of a prince far away, well other than the fact that you send the share to people outside of your contact list, but the real issue is the inability to unsubscribe from the email alerts if you are not a Gmail user.
This is the same email that every person within the contact list of any sent email receive but it seems that Google have failed to realise that their un-subscription link offers very little to anyone that is not a user of their Gmail service.
We have tested this here and when a share is revealed to an email address that is not Gmail based, they are unable to opt out of the email alerts, instead receiving a Google 404 page.
Google are known to want to try to make ground within the social networking world but with Google Plus functioning in the way that it does at the moment, they need to either act quickly and sort out the 404 issue or they need to eliminate the ability to include email addresses outside of Gmail.
Either way, at the moment Google could just have unwillingly created one of the biggest spam bots on the internet and one that offers the additional danger of being unable to opt out of the updates.
19 Comments
Bob
your email is open to the world, so it is all right if someone who knows your email id adds you in google circles. If your email spam filtering is not that great, then switch to gmail which has the best anti-spam techniques
David Meerman Scott - http://www.webinknow.com/
I was thinking the same thing. It seems that Google+ will have huge spam issues. But I’d be surprised if the smart people at Google have not sorted those issues out.
Carps - http://www.search-watch.com
Ouch. Major fail there. Set up a Gmail account, dump in a million email addresses for a ‘contact list’ and start doling out the spam via Google+. Might pass an afternoon!
Claus - http://www.koaladesigns.dk/
I had exactly theese thought when I used Google+ and noticed the option to send to non Google+ mails.
but as stated above, Im sure Google will have this fixed quite fast
Paul Gailey - http://paulgailey.com
i think precisely because these kind of issues don’t get surfaced in the dogfooding phase is why Apps Users are being excluded for the time being. There is just too much risk to Google to fail on this one. Buzz never recovered and this is really the last social roll of the dice for Google. At least the reception hasn’t been a WTF as with Wave which bodes well.
The question is how rapidly can they nip these issues in the bud and placate the growing Apps dissatisfaction at the situation. Facebook will try to out innovate them with revised interfaces and features and meanwhile Google risk users creating duplicate profiles with Gmail to then do the same with Apps email when enabled. That will cause a mess, especially if Profile portability is not enabled. Oh and what about preventing/discounting Apps +1 abuse? Yes, that lot at Mountain View must be busy.
Nathan - http://nathanmabry.com
I’m glad I’m not the only one who noticed this. I sent this “tip” to Mashable yesterday with hopes they would eventually cover this (as I don’t have a platform myself).
Even Gmail users have to take an intermediate step to unsubscribe from something they did not initially ask for. I simply shared 1 item with some colleagues with the thought that they’d like to get in on Google+. I followed up with the same “Circle” in trying to start a Huddle. Within 10 minutes, I’ve got a Gtalk message from one of the individuals asking me to stop spamming them. This can grow to be something serious and will take great responsibility on the part of Google+ users (unfortunately, we can’t trust them all).
How Google can Make Google+ Work « Search Watch - pingback
[…] Maybe tricky. The main entry point is Gmail – but that’s a pretty distant third behind Hotmail and Yahoo. Allowing members to invite non Gmail users is the best bet (although problematical already) […]
Betonsky - http://www.goodrep.blogspot.com
This is stuff I wouldn’t expect
David Bennett - http://quillcards.com/blog/
Have you told Google?
David Naylor
@david bennet I used the form on google+ that count
Nick Burch
I’ve tried reporting the same thing to google, via there privacy contact, and via their forum ( https://groups.google.com/a/googleproductforums.com/forum/embed/?place=topic%2Fgoogle-plus-discuss%2FnnMsYdiU0pQ%2Fdiscussion#!topic/google-plus-discuss/nnMsYdiU0pQ/discussion ) but they’ve been strangely silent all day on it. You’d have thought that Google would know better than to have broken unsubscribe links like this, but it seems not…
konisewu
can some one please gimmi a disposable mail that works for more than 1 month
Nobody Special
How, exactly, is using google+ for spamming any different from using gmail? I can’t opt-out of receiving emails from somebody sending them straight from their gmail account, and it’s just as easy to create giant contact lists in gmail as it is in google+.
You can’t do anything with google+ that you can’t already do using any webmail service.
Ravinder Negi - http://ravinders_negi@yahoo.co.in
this is look very exciting i m waiting for that new google plus launch
Amy
I have a gmail email address and I get the 404 page when I try to unsubscribe so it’s not just limited to non gmail users, very democratic of them! and very irritating!
David Gerard - http://newstechnica.com
They still haven’t bothered fixing this.
Amy
I just tried again to unsubscribe and no more 404 error, hooray!
Gabi
If you realy want people to read your blog, than please:
INCREASE THE COLORS AND SIZE OF THE FONTS !!!
I got a headache after 2 sections, man…
Beric - http://www.fabfive24.com
I am sure that Google will work this problem out. And will find a solution to this! I guess we will see a result soon!