It's a feature that has bitten Google Calendar users in the past, but it's worth a reminder: in some cases, the widely used service may unexpectedly leak sensitive information to bosses, spouses, or just about anyone else.
The inadvertent leakage stems from Google Calendar's quick add feature, which is designed to automatically add the who, what, and where to events without requiring a user to manually enter those details. Typing "Brunch with Mom at Java 11am Sunday" is intended to schedule the event for the following Sunday morning at 11 and list the place as "Java." Participants can be added by listing their e-mail addresses, and in many cases, Google will respond by automatically adding an entry to the participants' calendar as well.
Google heavily promoted this time-saving feature during the rollout of its mail and calendar services. But as documented as early as 2010, the behavior can also result in the leakage of private information for people who are unaware of it. Alas, almost four years later, it's still catching some people by surprise. Blogger Terence Eden explained how an entry his wife put in her personal Google Calendar made its way to her boss. It read: "e-mail [boss's address] to discuss pay rise" and included a date a few months in the future. The boss quickly received the reminder as an entry in her own Google Calender.
"Although pretty embarrassing, it could have been a lot worse," Eden wrote. "It could have been 'E-mail mother-in-law@example.com with excuse why we can't see her' or perhaps 'E-mail husband@example.com with divorce details' or even 'E-mail co-worker@example.com to demand red stapler back' or... well, you get the picture."
Based on Eden's testing, the behavior works like this:
- If you use Google Calendar on the Web and put a Gmail address in the subject line, that user will have the event added to the calendar.
- They will not receive an email notification—although they will get a "meeting reminder" pop-up.
- Creating an event on an Android phone does not trigger a meeting request.
- Some non-Gmail addresses will also see the meeting in their calendar—but others will not.
- When you delete a calendar item, the "Cancellation" notification is emailed regardless of whether the user received the original invite.
Eden said he brought the behavior to the attention of members of Google's security team. They responded with a message saying that it "has minimal impact on the security of our users."
reader comments
77