Gmail Privacy Hole Shows User Names

Finding out the name with which someone registered his or her Google Gmail account is as easy as sharing a Google Calendar.

Security researcher Aviram Jenik on Tuesday published details about this privacy oversight in a blog post. He attributes the issue to the strong linkage between Google's various services.

By sharing a Google Calendar with another Gmail user, the sharer is able to see the first name and last name that the recipient of the shared calendar supplied to set up a Gmail account.

At the time this article was written, Jenik's technique still worked. A Google spokesperson said in an e-mail: "This is not a security issue. It was originally incorporated into the product to make it easier to send Calendar invites to Gmail users. However, we are currently taking steps to remove it."

For those who include their first and last names, or some variation, in their Gmail addresses, there's no real privacy issue since the address itself already exposes the information.

But for those with pseudonymous Gmail addresses or Gmail addresses with a deliberate generic association, such as "[email protected]," the revelation of the first and last name supplied by the account holder could be undesirable.

Not everyone who signs up for a Gmail account supplies accurate name information of course. But even placeholder information may play a role in identifying someone if that information can be associated with the individual through a Web search.

For example, an alleged identity thief was recently identified using a Google search in part because he supplied his first name while registering for an IM client account.