Google to strengthen Calendar privacy warnings
Forgetful users, including businesses, letting sensitive info slip
April 19, 2007 12:00 PM ETComputerworld - Google Inc. is working on making privacy warnings around its Calendar application stronger amid concerns that some users of the service may unintentionally be exposing more information than they mean to.
The Web-based calendar was launched last year. Similar to other desktop calendar applications, it allows users to store event information, contacts and other data. The information is kept online by Google and can be accessed over the Net from anywhere. Users have the choice of making their calendar entries private -- the default choice -- or allowing public searches of the information.
The idea is to give users an easy-to-use tool for discovering and sharing event information with others, according to Greg Badros, engineering director of Google. "We wanted to make the settings as easy as possible to make a calendar public," Badros said. It is currently used by "millions" of users worldwide, a spokeswoman said.
The problem, however, is that people sometimes appear to be storing information on Google Calendar that they might not have intended to share with others.
For instance, when Computerworld conducted a quick search Thursday for private data using Google Calendar’s public search feature, the feature returned several user names and passwords for accessing various sites and e-mail accounts. Included in the data were at least one username and password to a bank account, another to a retail store credit card account, and one to a private wedding blog.
The information yielded by such searches is not restricted to personal data. Even a few corporate calendars can be found on Google Calendar, with meeting dates, project codenames and dial-in information for internal conferences.
By default, information users enter into Google Calendar is marked as private. Such information gets shared only if the users explicitly allow the information to be shared, Badros said. But a user might disable those defaults and later forget that he or she has done so. The goal is to give users a more visible and persistent warning that information stored on Calendar is accessible to anyone if the default privacy settings are disabled by the user.
Badros today would not say when Google hopes to makes the warnings on Calendar more explicit. "We are working on improving the messaging there," Badros said. "There must be a persistent reminder that the Calendar is public such that other people can find them," he said. "To me the biggest weakness is that we did not make people as aware of that as well as they could have been," he said.
"We do a great job of telling people as they change settings that they are making the settings public," Badros said. For example, when a user enables settings to make a calendar public, the entire screen goes grey and the user cannot take further action without first acknowledging that he or she is aware of the change that is being made, he said.
"But sometimes people go deep into a setting and then later forget the changes they made," he said. As a result it is "worthwhile" to make the admonitions more visible and persistent, he said. Google cannot totally prevent users "from shooting themselves in the foot around this," Badros said. But, he states, better warnings should mitigate some of the issues.
Additional Resources



Learn the important issues you must consider before starting your next mobility initiative. Get your mobility white paper from IDC now, compliments of Sybase.
White Papers & Webcasts
Share our Strength
Download Now
Lower the Cost and Complexity of a Mobile Workforce through Automation
Download This Resource Now!
Top 10 Things to Know about Data Protection
Download Now
Managing Mobility: Improve Data Security, Compliance and Manageability
Download This Resource Now!
Managing Secure File Transfer to Save Time, Money and IT Resources
Learn how companies are using innovative technology to overcome these challenges and improve user productivity by offloading e-mail attachments and replacing FTP with...
Ponemon Study: The Business Risk of a Lost Laptop
Download Now
Security Convergence Equals Network Security Cost Savings
Listen to IBM Internet Security Systems' take on network security convergence.
Airport Insecurity: The Case of Lost Laptops
Download Now
Disaster Recovery 2008: Reduced Costs and Improved Performance
How long can your Enterprise afford to be without your data? With an accelerated disaster recovery program, you never have to answer this...
