[kwlug-disc] GMail, profile photo, and privacy: HOW'd it DO that?!?

Thu Jan 21 10:08:20 EST 2021

> Hi,
>
> I was handed a phone yesterday to enter my email address into the To: 
> field of their GMail app.
>
> It auto-completed to ron at ronaldbarnes.ca, which is hosted at Gandi.net 
> and has *nothing* to do with Google.
>
> Along with the auto-completion (which may have come from the phone 
> owner's email history - we've exchanged mail before), a profile 
> picture appeared.
>
>
> It was the profile photo of my *parents'* account.
>
> I was astounded!
>
> After contemplating the possibilities, I decided that my email address 
> must be listed as a recovery address for parents' account.
>
>
> Seems this could be a massive privacy invasion: between work & private 
> accounts; between public & private accounts, etc.

This is what cross-correlation looks like. From where? Ask a neural net 
why your parents' photo should be there. Wait, it can't possibly answer 
as neural nets is a sausage factory.

I had a more predictable, older style mishap in Google's "we know you 
all" system. Several times, I highlight several times, people called, 
and we told them that info in Google's db is incorrect. They didn't 
believe us, humans, about who they had this info, and they were dialing 
our number. Wild, isn't it?

Now, imagine that this is a government. Or, more specifically, 
government that uses "publicly available" information, processed by AI 
(neural net), owned by some big co, of course. Would you just peacefully 
protest, when you can't know how info got assembled, and you have no 
ability to demand fix/removal? Thus, I urge all of you again about that 
survey on gov request, and whatever happens around it.

[ref: 
http://kwlug.org/pipermail/kwlug-disc_kwlug.org/2021-January/019878.html ]

> Having just checked the recovery options though, and my parents' 
> account's recovery email address is mine, but at an entirely different 
> domain.
>
> Just as I thought I'd figured it out, I'm stumped all over again.
>
>
> Can anyone shed some light on what the hell is going on?
>
>
>
> Finally, tested this with someone else's phone - it didn't happen. 
> Then, he upgraded to latest GMail app, tried again, and the profile 
> photo appeared.  Have a screenshot to prove it.

So shadow profiles is no longer just Facebook's thing.

Wow. Just wow. A couple years back, I thought that criticism of Signal's 
requiring a phone number was a bit of a stretch in people trying to not 
spill any info. I feel them now. :)