Google is pulling the plug on their social network, Google+. Users still have the better part of a year to say their goodbyes, but if the fledgling social network was a ghost town before, news of its imminent shutdown isnâ€™t likely to liven the place up. A quick check of the site as of this writing reveals many users are already posting their farewell messages, and while thereâ€™s some rallying behind petitions to keep the lights on, the majority realize that once Google has fallen out of love with a project thereâ€™s little chance of a reprieve.
To say that this is a surprise would be disingenuous. Weâ€™d wager a lot of you already thought it was gone, honestly. Itâ€™s no secret that Googleâ€™s attempt at a â€œFacebook Killerâ€ was anything but, and while there was a group of dedicated users to be sure, it never attained anywhere near the success of its competition.
According to a blog post from Google, the networkâ€™s anemic user base isnâ€™t the only reason theyâ€™ve decided to wind down the service. A previously undisclosed security vulnerabilityÂ also hastened its demise, a revelation which will particularly sting those who joined for the privacy-first design GoogleÂ touted. While this fairly transparent postmortem allows us to answer what ended Googleâ€™s grand experiment in social networking, thereâ€™s still one questions left unanswered. Where are the soon to be orphaned Google+ users supposed to go?
As explained in the blog post, the decision to shutter Google+ ultimately stems from the results of an internal effort called Project Strobe. Started in early 2018, it was a complete review of third-party developer access to not only personal data in the form of individual Google user accounts, but Android device data. Google claims they decided to make Google+ an early focus of Project Strobe due to user feedback, but the moreÂ skeptical observer might wonder if it was more likely a guise under which the service could be retired while still retaining some dignity.
We now know that in March, Project Strobe found a bug in the Google+ â€œPeopleâ€ API. It allowed app on the platform access to information about their friends on Google+, even if that information was not marked as publicly visible. Basically, if you could see your friendsâ€™ name/job/etc., then so could yours apps even though you never gave those apps permission to access that information. While the bug didnâ€™t allow app to read messages or obtain phone numbers, it did expose profile data such as names, email addresses, occupations, genders, and ages of the users.
This kind of information might seem innocuous at first glance, but it can beÂ a treasure trove for social engineering attacks. Being able to learn so much about your social media contacts, especially email addresses and occupations, could help an attacker craft convincingÂ phishing schemes. The vulnerability presented in the form of a classic â€œTrojan Horseâ€: an attacker would only need to get the target to authorize their application under the pretense of it being a game or other interesting piece of software, and in return, they get to siphon off information about their friends, family, and co-workers.
Google stresses that they uncovered no evidence that this bug was ever discovered, let alone exploited. Accordingly, they made the decision not to reveal its existence to the public, as the issue was immediately resolved. Withholding information on security vulnerabilitiesÂ until after the fix has been implementedÂ is nothing new. But going more than half a year before revealing this information immediately sparked some controversy.
Citing the â€œchallengesâ€ of maintaining Google+ in a way that meets consumersâ€™ expectations of privacy and functionality, Google has decided to simply shut the whole thing down.
LOOK WHOâ€™S TALKING
Googleâ€™s announcement doesnâ€™t specifically state how many people areÂ actuallyÂ usingÂ Google+, only saying that itâ€™s â€œlowâ€. Figuring out how many people are on the service has always been tricky, as the number of user accounts is inflated by the fact that itâ€™s tied to the monstrously popular Gmail. But they did let slip one soul-crushing factoid: 90% of Google+ user sessions last less than five seconds. Ouch.
However, it seems the corporate world has had much better luck with Google+ than consumers. Google has found that businesses have been using it as a secure internal social network of sorts, and they are looking to capitalize on that going forward. Itâ€™s worth noting this is the same way Google handled the transition of Hangouts from being merely the defacto chat application on Android to beingÂ a business product meant to compete with Slack.
FINDING A NEW HOME
Itâ€™s a shame to see Google+ shut down, as it did have a few solid ideas on how to improve the social media paradigm like â€œcirclesâ€ for tight control of who could see your posts and the ability to export data and cleanly delete your account. Unfortunately, some downright boneheaded PR decisions, such as trying to shoehorn it into the YouTube comment system, led to ridicule and a general negative sentiment. Not what you want when going into battle against entrenched juggernauts like Facebook and Twitter. But even with its faults and rudderless advertising, there are still many users who made Google+ their home, and a number of active (albeit niche) communities â€” 3D printing and photography specifically come to mind â€” which are now in danger of collapsing.
Crucially, the people who were active on Google+ were almost exclusively doing so in an effort to avoid Facebook, to begin with, so thatâ€™s simply not a viable option. These users value privacy and granular control over their data, so they are far more likely to gravitate towards open services like Mastodon orÂ Diaspora. If thereâ€™s a silver lining here, it could be the attention these decidedly more hacker-friendly platforms are about to receive once a sizable number of privacy and security-minded individuals start looking for a new place to call home.