Risk of leakage of private information when creating new events in Google Calendar

It is convenient to check the schedule at any time from PC or smartphoneGoogle CalendarAlthough it thinks that there are many people using it, it turned out that there is a risk that others' mail address and private information will be transmitted from the subject of the calendar entered in any way.

Another Google Privacy Flaw - Calendar Unexpectedly Leaks Private Information (Disclosed) ← Terence Eden's Blog
http://shkspr.mobi/blog/2014/01/another-google-privacy-flaw/


The risk is hidden when you create a new event in Google Calendar. Terrence Eden's wife, who created the blog, is using Google Calendar for schedule management, and as always, I posted a new schedule as usual. What is different from the usual is that the subject titled "Email [email protected] to discuss pay rise (mail to [email protected] for pay increases)". Alice was his wife 's boss and agreed to discuss salary before entering the schedule.

It seems that the message that Alice sent from me for some time was written as "The matter of the meeting, OK, I understand".

My wife was at a loss. It was a matter of course that there was "reply" from the other party to the schedule just written for myself. If this subject was "to excuse the fact that I did not return to the New Year at (the mother's address)" or "to contact the conditions of divorce mediation at (my husband's address)", It is a place I might get.

ByJessica

When Mr. Terrence conducted a verification on this subject, the following phenomenon seems to be highlighted.
· If you use Google Calendar on a web browser and save and save the other party's Gmail address in the subject line of the new event, the calendar may be notified of the calendar
· Notifications are not e-mails, but by pop-ups
· Notified when an event is created on Android terminal
· Similar operation was performed even for addresses other than Gmail
· When an event is deleted from the calendar, an e-mail is sent to the other party to the effect that it canceled. Even if you set it so that you do not notify the other party when deleting an event.

The way the Mr. Terence created the event is as following movie. When creating, you can check the setting using both the popup screen and the detail screen, but the dialog "Do you want to notify the opponent about the schedule?" Is displayed only in the case of the popup screen You can also confirm that it is not.

Google Calendar Privacy Leak - YouTube


About this phenomenon, Terrence says, "I think that this is a result of Google seeking smartness, but this is a failure.The content you wrote about someone is not necessarily what you wrote" for someone " "I tell you. After that, Mr. Terence proposed improvement to Google side, but Google said that the answer was returned from Google as "the scope of the problem is very limited, so there is no problem".

The above phenomenon was also verified by the editorial department, but the same behavior could not be confirmed. It seems that there are cases where it occurs and cases where it does not exist because various conditions such as setting of browser and popup, setting of Gmail account and so on are involved. Nonetheless, in order to avoid unexpected risks, it seems better to avoid writing your email address and details in the subject.