Google+ (Google Plus) Security Threats

Whenever you interact online, there’s always a risk.  Most people are completely and willfully ignorant of the risks they put not just themselves in, but their family and their friends.  Google+ is a new social network from Google that competes head-on with Facebook and Twitter.  Since it’s new, most people probably aren’t aware of the security threats present in this new system, even the people that aren’t willfully ignorant.

Click here to follow me on Google+.

There are primarily 2 types of threats:

  1. Technological
  2. Human

A technological threat is one caused by lapses in security measures in the software itself or as a result of the architecture of the whole system.

A human threat is generally a security threat caused by people’s action, inaction, or ignorance.  Social engineering is a form of a human threat.  If someone tricks you into giving them your password, that’s not a fault of the software, of course.

So, here are the threats to your security and to the security of your friends, family, and work due to your use of Google+.  Please understand that I’m not saying Google+ itself is a threat.  It’s simply another online resource that if not used properly can expose you and those you care about to inconvenience or danger.  Google+ is actually one of the more secure social network products available today, but even it can’t stop stupid, nor is it perfect.

Click here for instructions on configuring your privacy settings on Google+

  • The Google+ service:
    • Your real name.  Unfortunately, Google is insisting on this horribly bad idea that if you use Google+, you MUST publish your REAL NAME!  This connects anything you say to your real name and is available forever.
    • Posts that you delete are not gone.  They are still showing up in Google web searches.  Once you make a slip of the tongue (or keyboard), you can never undo it.
    • Default security settings:
      • People you’ve chosen to follow (people in your circles) are exposed publicly on your profile page.
      • Your gender is publicly shown and this is not configurable.
      • Your employer is shown publicly.
      • The schools you’ve attended are shown publicly.
      • Your home phone numbers and address are shown publicly.
      • Your work numbers and addresses are shown publicly.
      • Your relationship status is shown publicly.
      • Who you’re looking for is shown publicly.
      • Your aliases and nicknames are publicly exposed, connected to your real name.
      • You are visible in search.
      • Your photos are publicly available.
      • The GPS coordinates of where each of your photos were taken is exposed publicly.
      • Your uploaded videos are exposed publicly.
      • Photos you take on your phone are automatically uploaded to G+ (see notes above about photos being public by default and GPS info on them exposed).
      • Things you +1 around the web (to vote up something) are listed on your profile page PUBLICLY.
  • YOU!
    • Posting statements about where you live.
    • Posts about where you work.
    • Posts about where your children go to school.
    • Posts about your daily routines.
    • Posts about your boss.
    • Posts about details of your work.
    • Posts about your family or friends personal data.
    • Posts about going on vacation (leaving your house unattended).
    • Negative posts about your work.
    • Negative posts about people you know.
    • Posting anything you know about someone else that they weren’t willing to post.
    • Practicing poor security measures on your own PC or mobile device, letting it get infected, exposing your data and the data of your contacts to hackers.
    • Being duped by e-mail or phone calls into giving up your password.
    • Posting things publicly, rather than only to circles of people you know in the offline world.
  • Your friends, family, coworkers, and other contacts on Google+ that know you personally.
    • People that know you personally could unintentionally post something about your personal life.

Most of the technological issues you can fix by shoring up your privacy and security settings on your account.  The human factors can only fixed by the people who’d be breaking best practices.

Individually, most of these data bits don’t seem like they’re a big deal to expose, but someone wishing to do you or someone you know harm, they can piece together bits and pieces of your published data to form a complete picture of:

  • Where you live (and by extension, of course, where your KIDS live).
  • How many kids you have.
  • The names of your kids.
  • Your kids ages.
  • Where your kids go to school and after school activates.
  • Your daily routines.
  • Where you work.
  • Your e-mail address.
  • Your home, work, and mobile phone numbers.
  • Your spouse’s name.
  • Your job.
  • Where you work.
  • When you’re on vacation (or when you won’t be at home).
  • When you’re vulnerable.
  • When your kids are vulnerable.

This is just a small list and is by no means a complete list.  You must be absolutely careful with what you say and post online.  Doing something as simple as the following can get your kids killed:

  • Download and install the Google+ mobile app.
  • Take a picture (using your mobile device) of your kids opening their Christmas presents.

That’s it!  Why?  Because, many phones have geolocation tagging automatically enabled on your phone’s camera, meaning that when you take a picture, the current GPS coordinates are embedded in a tag inside the picture file.  Since you’ve got the Google+ app installed with the defaults, your photos are automatically uploaded to your Google+ stream and photos.  Your photos on Google+ are publicly available by default.

Any pedophile that’s stalking or lurking through your profile will see the photos of your kids and your home address with the geo tag embedded in them.  You’ve given the pedophile most everything he needs to abduct your kids!  He knows what they look like, about how old they are, what toys they like (because they’re opening them in the photos), where they live, and your name!  If he wanted to be more careful, he could just monitor your public posts about your daily activates, find out when you expose the name of their school or derive your daily schedule to figure out their most vulnerable times for abduction.

When you post anything online, you’ve got to think before you post.  Even though your intentions are casual conversation with friends, you have to consider who all can see it, how long it’ll be visible (hint: forever), and how could that post hurt you or anyone else now or at any time in the future?  If your boss saw it, could it damage your job?  What if your coworkers saw it?  What if your kids saw it?  What if some stranger you’ve never met (a pedophile, or a home burglar) saw it?  What if the police or a divorce lawyer saw it?  Or your in-laws?

Seriously!  You have to think before you post.  Not only can you damage yourself, but you could cause damage to other people.  The things you do and say online don’t just affect you, they affect everyone you talk about, everyone you post photos of, everyone you post videos of.  You have a morale and ethical responsibility to protect the people in your life, which means you have to think about every post and whether or not it has the potential to cause harm to anyone else, no matter how unintentional it is.

In addition to thinking about what you post online, you should also consider who can see it!  Fortunately, Google+ gives you almost complete control over that.  You do that by creating circles of people you know and dropping your contacts into your circles.  Then, whenever you post anything, YOU pick and choose which people and/or which circles get to see that.  But, always remember, even if you post it to just a few individuals, they still have the capability to share your post publicly.  If you don’t want it reshared, make sure your say that in your post.  And do it in EVERY post you don’t want shared.  Don’t assume your contacts will assume it.

The biggest piece of information that ties all this together is your REAL NAME!  I strongly recommend that you create a pseudonym for any and all activity online, including on Google+.  If you want your friends and family to connect with you on Google+, tell them what your pseudonym is, or better yet, just e-mail them a link to your profile page.  Google is completely against this, but then again, your and your family’s safety far outweighs what Google wants you to do.

Be safe!

BTW, if you want an invite to Google Plus, e-mail me at image. That’s not a clickable e-mail address… It’s a picture to prevent spammers from easily scraping it. You’ll need to type that address, exactly as you see it, including the G and the + in front of the word “Invite”.

See this image? image_thumb26
You’ll find an actual working version of it at the bottom of this article. Please click the appropriate buttons in it to let your friends know about this article so they too can be safe with Google+.

Check back later for updates too!

Click here to follow me on Google+.

Good Luck and Enjoy your new Google+ account!