James Butler's Blog

Google Apps SNAFU

November 17, 2010 07:56

At my day job, we have used Google's AdWords program exhaustively ever since it was rolled out (and before that we were charter GoTo/Overture members). While there have been numerous issues related to Google programming, over the years, I had to write about the latest SNAFU which involved a serious security breach.

Was it an ethical lapse? Maybe. Let's see ...

Since I use my computer at work for managing our AdWords campaigns, there are probably lots of 'cookies' floating around in there. It is these cookies that most probably triggered the issue, here.

One of the projects I am working on relates to exporting our inhouse calendar data to a private Google Apps Calendar, per the request of my boss, who happens to enjoy Google's approach to email and search suggestions. To satisfy the demands of the project as it enters a testing phase, we needed a new account with Google through which we could experiment with the Calendar application without compromising our existing lifeblood ... the AdWords account.

We have several Gmail accounts for various purposes, so I thought I'd simply start a new one and then expand that new account's profile to include Google Apps. Sounds simple, right? And it is ... the problem was created by some new "features" Google engineers figured were "must haves".

I booted up my computer, started my web browser and surfed over to the Gmail home page. Not the AdWords page ... the Gmail page. On that page, I selected the button clearly labeled "Create a new account", and went through the process of supplying unique identifying information, different from the info I had used to set up the AdWords account, and responding to the various verification mechanisms Google uses when setting up a new account.

The nasty surprise came at the END of the "new account" process, when I was congratulated for successfully ADDING a Gmail account to my existing Google Account! You can guess that the "existing" account Google chose to link to happened to be the AdWords account ... rather than any of the other Gmail accounts.

Even nastier, I logged into AdWords using my original credentials to be certain they still worked (they do), and I noticed that, in addition ot linking the new Gmail account to the AdWords account, the new credentials I had used in registering the Gmail account had now taken over our AdWords account! The new user was an Administrator of our AdWords account without a single mention to me that this would occur, or that it had occurred.

Let me run that down, very simply:

Anyone, like a janitor, who turned on my computer and set up a new Gmail account using the standard Google mechanism for doing so could COMPLETELY TAKE OVER our company's bread-and-butter advertising account with NO NOTICE to the existing account holders! COMPLETELY! A malicious person could not only wipe out our entire set of ad campaigns, they could have blocked any authorized user from accessing the account with a few mouse clicks.  All without a word of notice that the account was being pirated.

So let's ask whether this program behavior was ethical, or not.

On the one hand, is it ethical to automatically link accounts? I don't think this is necessarily an ethical issue, but I would answer that to automatically, with no notice, link any new account with an existing account is very bad practice. When a new user comes onto an established account, the fact that is happening should be front and center ... very obvious ... AND the existing account holders MUST be able to reject the link. It is mind-boggling to me that Google didn't observe BASIC security practices, here.

On the other hand, what purposes could automatically linking accounts serve? Well, it could be spun as a "convenience" for the user.That's not ethically bad. However it could also be seen as a marketing ploy to get and keep users within a single ecosphere, inside a "walled garden", where they receive greater exposure to branded elements and features.

On the third (and final) hand, doesn't the user deserve some credit for proceeding intentionally? When I clicked the button to "Create a new account", that is EXACTLY what I intended to do. If I wanted to link my existing account, I would have clicked the button that said, "Link to your existing account" or "Add Gmail to your Google Apps Account". 

But I did not. I wanted a new account. I clicked the "new account" button, for crying out loud!

Google should NOT have assumed that I wanted to REPLACE my administrative credentials on an existing, NOT-LOGGED-IN account, and at the very least the should have notified me, as the account holder, that such a DRASTIC change was about to occur.

Failing all of the above common sense practices, Google should have made it possible to revert the changes, or to delete the new identity from the AdWords account.

But you can't. They don't even know how to do it! It's going to take a team of engineers a few days before I even find out whether such a thing is possible!!

And THAT, my friends, IS unethical: Never secretly force someone down a road for YOUR benefit, and then FORBID them from getting back on the road they thought they had followed.

Google: I've watched as your programming has gotten sloppier and sloppier, and your UI has gotten sloppier, too. There have been several serious screw-ups on your part since you embarked on this course. If you want to remain a company that deserves to be respected, you will reconsider your QC processes and re-focus your efforts on your CUSTOMERS. Otherwise, you might be big, now, but so was Microsoft. And you know where they are headed ... 



Add comment
Accessible and Valid XHTML 1.0 Strict and CSS
Powered by LifeType - Design by BalearWeb