Google Discovers Google+ Servers Are Still Running

Google is pulling the plug on their social network, Google+. Users still have the better part of a year to say their goodbyes, but if the fledgling social network was a ghost town before, news of its imminent shutdown isn’t likely to liven the place up. A quick check of the site as of this writing reveals many users are already posting their farewell messages, and while there’s some rallying behind petitions to keep the lights on, the majority realize that once Google has fallen out of love with a project there’s little chance of a reprieve.

To say that this is a surprise would be disingenuous. We’d wager a lot of you already thought it was gone, honestly. It’s no secret that Google’s attempt at a “Facebook Killer” was anything but, and while there was a group of dedicated users to be sure, it never attained anywhere near the success of its competition.

According to a blog post from Google, the network’s anemic user base isn’t the only reason they’ve decided to wind down the service. A previously undisclosed security vulnerability also hastened its demise, a revelation which will particularly sting those who joined for the privacy-first design Google touted. While this fairly transparent postmortem allows us to answer what ended Google’s grand experiment in social networking, there’s still one questions left unanswered. Where are the soon to be orphaned Google+ users supposed to go?

Project Strobe

As explained in the blog post, the decision to shutter Google+ ultimately stems from the results of an internal effort called Project Strobe. Started in early 2018, it was a complete review of third-party developer access to not only personal data in the form of individual Google user accounts, but Android device data. Google claims they decided to make Google+ an early focus of Project Strobe due to user feedback, but the more skeptical observer might wonder if it was more likely a guise under which the service could be retired while still retaining some dignity.

We now know that in March, Project Strobe found a bug in the Google+ “People” API. It allowed app on the platform access to information about their friends on Google+, even if that information was not marked as publicly visible. Basically, if you could see your friends’ name/job/etc., then so could yours apps even though you never gave those apps permission to access that information. While the bug didn’t allow app to read messages or obtain phone numbers, it did expose profile data such as names, email addresses, occupations, genders, and ages of the users.

This kind of information might seem innocuous at first glance, but it can be a treasure trove for social engineering attacks. Being able to learn so much about your social media contacts, especially email addresses and occupations, could help an attacker craft convincing phishing schemes. The vulnerability presented in the form of a classic “Trojan Horse”: an attacker would only need to get the target to authorize their application under the pretense of it being a game or other interesting piece of software, and in return they get to siphon off information about their friends, family, and co-workers.

Google stresses that they uncovered no evidence that this bug was ever discovered, let alone exploited. Accordingly they made the decision not to reveal its existence to the public, as the issue was immediately resolved. Withholding information on security vulnerabilities until after the fix has been implemented is nothing new. But going more than half a year before revealing this information immediately sparked some controversy.

Citing the “challenges” of maintaining Google+ in a way that meets consumers’ expectations of privacy and functionality, Google has decided to simply shut the whole thing down.

Look Who’s Talking

Google’s announcement doesn’t specifically state how many people are actually using Google+, only saying that it’s “low”. Figuring out how many people are on the service has always been tricky, as the number of user accounts is inflated by the fact that it’s tied to the monstrously popular Gmail. But they did let slip one soul-crushing factoid: 90% of Google+ user sessions last less than five seconds. Ouch.

However, it seems the corporate world has had much better luck with Google+ than consumers. Google has found that businesses have been using it as a secure internal social network of sorts, and they are looking to capitalize on that going forward. It’s worth noting this is the same way Google handled the transition of Hangouts from being merely the defacto chat application on Android to being a business product meant to compete with Slack.

Finding a New Home

It’s a shame to see Google+ shut down, as it did have a few solid ideas on how to improve the social media paradigm like “circles” for tight control of who could see your posts and the ability to export data and cleanly delete your account. Unfortunately some downright boneheaded PR decisions, such as trying to shoehorn it into the YouTube comment system, led to ridicule and a general negative sentiment. Not what you want when going into battle against entrenched juggernauts like Facebook and Twitter. But even with its faults and rudderless advertising there are still many users who made Google+ their home, and a number of active (albeit niche) communities — 3D printing and photography specifically come to mind — which are now in danger of collapsing.

Crucially, the people who were active on Google+ were almost exclusively doing so in an effort to avoid Facebook to begin with, so that’s simply not a viable option. These users value privacy and granular control over their data, so they are far more likely to gravitate towards open services like Mastodon or Diaspora. If there’s a silver lining here, it could be the attention these decidedly more hacker-friendly platforms are about to receive once a sizable number of privacy and security minded individuals start looking for a new place to call home.

70 thoughts on “Google Discovers Google+ Servers Are Still Running

  1. ” A quick check of the site as of this writing reveals many users are already posting their farewell messages, and while there’s some rallying behind petitions to keep the lights on, the majority realize that once Google has fallen out of love with a project there’s little chance of a reprieve.”

    Just look at Google Wave (now Apache Wave). Completely fell out of incubator status. Closes they came to a “Facebook killer”.

  2. Did they ever separate YouTube from Google’s account system or was that just a ruse to get people to quit bitching?
    I quit using my YT account because of it.
    I still remember the disaster that were the almost forced account merger of your Google(+) account and your YT account.

    1. ^This.

      Sadly, the general theme of free social media systems is: How to keep naive, well funded eyes glued to the ads. They need to screw with the timelines to create random positive reinforcement (which I understand from basic psych is a powerfully addicting – see gambling). Google Reader allowed you to see all the content from a source, in order and mark that which you had read/were no longer interested. This enabled you to effectively manage your time and minimize the how long you spent scrolling through ads^h^h^h I mean, “content”.

      Facebook, Instagram, YouTube, even G+ all started “helping” you by filtering and reordering content while not letting you manage what was new or old. It kept you guessing and coming back to see if you missed any ads^h^h^hposts.

      Twitter is circling this obsession quite closely – but with a bit of diligence I’ve kept the “You might have missed…” and “Here’s what your followers have liked…” noise at bay.

      Soon I will revert back to just email and SMS for communication. I’ve even been tempted to switch IRL only communication…

        1. Simple. Paywall. You want it? You pay for it. Problem solved. Now if you don’t, then we gotta go through a bunch of sneaky ways to pay for it without a person catching on that they’re paying for it.

        2. Respectfully, why didn’t you offer an alternative? Free isn’t free, because it costs some to create content, there the cost of servers.An a la carte system would probably fail because it wouldn’t be affordable yo most consumers of content probably afford the cost Personally I don’t mind the advertising model in any medium if it for me reduces he cost of acquiring content. While advertising with cont received over the internet can be done in a better less intrusive way,it’s the small shit I dont sweat. I handle it like I handle TV advertising, I read a book , newspaper, or magazine.

    2. While Feedly has it’s problems, it’s been good to me. That’s how I get my hackaday rss, amoung other sites, and I use it for YouTube rss, too, because the YouTube subscription section is a god damn nightmare.

      1. Whatever happened to DIY? Here’s how I read Hackaday’s RSS:

        import feedparser
        def check_hackaday():
            feed = feedparser.parse("https://hackaday.com/feed/")
            for entry in feed['entries']:
                push_to_vfd(entry.title)
        

        … where push_to_vfd publishes the title over MQTT to a channel that my VFD screen listens to. Dead simple. Decentralized. Done.

        1. Long before Google Reader I had my web-based RSS reader that was more featureful than this, but I use feedly now as it’s even more featureful and the $6 a month pro subscription is a fair exchange of value for money.

  3. What bothers me is that no one is going after Google for allowing the data breach, just Google getting away with it because we are shutting it down. Shutting it down does not help the users whos data has already been stolen. where’s the outcry? wheres the FBI? Facebook went under so much scrutiny as they should have but I have not heard any outcry for Google’s bungle whether it was used much or not.

    1. As of yet, from what I have researched, there has not been a data breach and I think that is a key point to remember when comparing against other vulnerabilities. The way this has been announced and is being re-released, while google knew about the issue, it sounds like it became a manual process to make sure nothing was taken. There are countless vulnerabilities on any application, its just a question if bad people know about them. I guess one of the issues I have with google on this is the perception of being secretive yet the truth is that they are being brutally honest. They could have just sealed the API, shut down the service and just let it stay a secret. So, I guess my point is that nothing was stolen… YET, Google is disclosing something they really didn’t have to, and it is truly sad to loose google plus. I liked it not because it wasn’t Facebook, but it gave me an easy way to catch up with other professionals in my field(s) quickly and I really think the value is being undervalued. Lastly, I have to say, in today’s age, my bank, mortgage company, Facebook, even yahoo have had more breaches then google, so even if anything was taken, the data was minimal at best and I do get a feeling that google does actually care about my privacy and security. Just my opinion.

    2. “We found no evidence that any developer was aware of this bug, or abusing the API, and we found no evidence that any Profile data was misused.”

      That’s the deciding factor. The bank vault door was left unlocked but CCTV shows no-one entered it and as far as we can tell the money’s all there. It was only discovered when a bank employee happened to be inspecting and found the door was unlocked. Proactive security audits that actually find things should be applauded imo.

      However, they could be lying about it being undiscovered and unused. In that case we’re going to need some evidence of a breach.

        1. One thing that bugs me about the analogy: with data, you can tell that it’s still there, but that doesn’t also mean that nobody has “taken” it, and the CCTV cameras are like the ones in Mission Impossible — if you can put up a good enough picture in front of the lens, the guard will never notice.

          But yeah. This was reporting a vulnerability that they found, but that may not have been exploited. It’s a little bit sketchy that they reported this so late — they were probably sitting on it b/c they were going to close the service anyway and didn’t want the bad PR. Trading off our security for their PR is a bit dodgy, but it looks like they got away with it. (I trust Google as far as I can throw them.)

          Do we know if the FB bug was actually used? How much data is leaked?

          If users sued for breaches, it would make firms realize that collecting too much data is actually a liability, and might provide a useful counterweight against the wholescale hoovering up of every little bit of PII. But then it would further incentivize the coverups… You can’t win.

      1. It is just like that. Perfect analogy. Especially when you realize the bank vault was unlocked for 6 months, they locked it again a few months ago, and the CCTV is a two week loop. And they refuse to clarify if, when they did check the CCTV, it was at the time the locked the vault, or right before they announced that it had been left open.

    3. I get the impression that Google’s issue was a hack, whereas Facebook was a result of some internal hanky-panky that got away from them. Facebook bit off more commerce than they could handle, Google was stupid.

    1. Root the phone and you can delete whatever you like. You can even install some lighter Android versions like Lineage and install only basic Google apps pack without hundreds of useless apps.

      1. And hence the issue, especially on MVNO phones. I do have one peculiar issue on mine. Every update ends up on the main memory instead of the SD were some apps have been moved. Having to move things back after every update is annoying.

      2. Wow ‘Root the phone and you can delete whatever you like.”
        You arent very bright are you?
        1) Not all Phones can be rooted.
        2) Let alone phone, not all devices can be rooted…tablets being the other one.
        3) Let alone not being rooted, dont say well you can always install another OS(Lineage etc), actually no you cannot, because the OS’s are made for specific devices, not all devices are supported for other OS’s. Goes along with #1 and #2. Let alone the Phone company that you have will prob not recognize the device anymore and not support it with a new OS of any sort (went through this with Sprint 3 times and ATT 1 time so yes it can happen) so it invalidates the warranty and the repair. So no.
        4) The Ability to search find and wait for a device to be rooted, or an OS made for it takes longer and usually $$$(Not always) cause of the person wanting it even on xdev, that by the time they make it, the person wanting it already has upgraded their device(usually 6mo-1year if not more). usually because the person who makes the root or OS for it has to find the device in question and BUY the device to make sure it works. That cost is put onto the person in question asking for the change.
        5) Let alone time and Money from #4, the stress of waiting for the device to be changed is worse than just living with the G+ App on the device and just uninstall all packages and force it to stop and never load again.

        You really need to take into account all factors of the situation of ‘Root the Phone’ aspect and not just blurt out ‘Root the phone Root the phone’.

        1. Oh I did forget to mention…
          6) Not EVERYONG Knows HOW to Root their phone, or are too scared to do so as well. Some people just want the ability to remove things that they dont want and arent bloatware on their device with ease and not have to worry abou t the future problems with removing an app.

          1. I agree with you that you should be able to do it by default, but it’s not like anybody was born knowing how to root a phone. You can use google itself to learn how to break its shitware.

        2. The issue is rather “user accessible Root without arbitrary limitations is a right, not a privilege” that phone manufacturers piss all over.

          Otherwise how can a user be confident that they OWN said device?

        3. Jeebus, are you still using ICS or something?
          Try updating. Things are much better now. You can do most things in Oreo that used to require root without. They got your WoT email. Thanks.

  4. @Rex Root your Android phone and you can delete all the Google stuff and the stuff from the phone produces to. My LG phone is twice as fast and the battery runs for a week instead of only two days.

  5. I don’t know that anyone would have voluntarily created a Google+ account in the first place if they hadn’t forced people to (if you had a login to Gmail or YouTube there came a point where you could no longer opt out of having a Google+ account created for you and populated with whatever details you’d been foolish enough to give those previously standalone sites). From the article it’s clear that they finally realized that you can coerce users into creating an account they don’t want but you can’t as easily coerce then into interacting with it…
    “The consumer version of Google+ currently has low usage and engagement: 90 percent of Google+ user sessions are less than five seconds.”
    i.e. people would say “damnit, not this again” and click log out as soon as they discovered that Google had “helpfully” logged them into Google+ again. You can lead a horse to water^H^H^H^H^Htoxic waste but you can’t make it drink.

  6. “Where are the soon to be orphaned Google+ users supposed to go?” They should go back to work and stop wasting time on social media. Same for Facebook users. The answer to Facebook’s problems (with its privacy-last design, by contrast) is not more Facebook.

    1. G+ actually has a pretty sizable 3D printing community, generally filled with questions, knowledge and people showing off things.

      The rest of G+ is mostly just SPAM. And I guess that’s why they are closing it down, the amount of SPAM vs the amount of valuable content to data mine is no longer worth it.

  7. I’ll say this…
    Often the banner images HackaDay posted on their Google+ feed were more informative than the ones here.
    Maybe it is because they knew it would probably be seen on a phone’s screen and so they put more effort into “making it count”.

  8. I’ll just repeat what I said about this:

    Personally, I’m really sad Google+ is going down. Yes, it’s quite terrible and there’s a huge amount of spam there, but it was still a great source for news and interesting projects; I follow some 3D-printing, maker-, Arduino-, ESP8266/ESP32-, embedded hardware-, DIY-electronics etc. commmunities there and it was great to be able to just open the G+ – app on my phone and see if there’s some new, interesting post in any of those communities. The posts appeared in the order of whatever was the newest, not based on popularity or likes or whatever stupid shit, it didn’t try to spam me to “react” to the posts or anything like that, all of which made it such a good, clean source.

    With Google+ going down, I don’t know what else to move to ???? I really wish there was something else that filled the spot, but none of Twitter, Facebook, Reddit and whatever other shit I’ve seen people telling people to move to instead works, they’re all absolutely terrible alternatives ???? Many of the suggested alternatives are also the kind where you can’t see the content without signing up for the service first, meaning that search-engines can’t index them, people can’t just randomly stumble upon interesting stuff and then decide that they wanna join in on the fun, you can’t just link to any interesting projects/guides/news/whatnot there — a locked-in platform is just a stupid idea for the kind of stuff I would be interested in.

    I don’t know what to fill the void with. Where can I get a similar experience, with all these interesting topics of my own choosing displayed as a clean, easy-to-follow stream, ordered by what’s newest, not by what’s the most viral/gotten most likes/whatnot?

    1. Use it as an opportunity to escape from social media poison. There’s been a “loss of innocence” lately for social media–ti’s become common knowledge that it’s just another nasty parasite on society. I wish something besides nuclear war could kill facebook.

      1. You didn’t read what I wrote in the first place, did you? I don’t need to “escape from social media” if I’m not participating in it in the first place. I use G+ as a news-source, as a means to follow the very specific communities I, myself, picked — not to socialize with people, not to follow viral bullshit, not to follow some communities someone else picked out. So no, there is nothing for me to escape from.

    2. I would suggest just going back to searching out the websites of dedicated creators and hobbyists. I think social media was created (or at least promoted, when they figured out what it could be used for) by the intelligence community. If you research the history of the creators of Google, Facebook, etc. it doesn’t take long to stumble over the CIA money and influence that rocketed them to success.

      The bloom is off the rose, and the whole thing is crumbling. I started a metal working group at MeWe, posted a couple of projects and invited others to do likewise, hoping to exchange ideas and techniques. It has several hundred members, but mostly they just use the chat. Very few members have ever showcased any of their work, though people do ask and answer questions from time to time.

      For the general public, I think social media was a fad that is now ending. Email and phones still work just fine, and there are a lot of subject-dedicated websites, that host message boards, that didn’t dry up and blow away when Facebook showed up. Anvilfire comes to mind for one of my main interests; there are similar sites for electronics enthusiasts, 3D printing, etc.. You just have to find them.

  9. I post a project to Facebook & friends and family laugh and mock “praise” my brains. – I haven’t logged in for years.

    I post a project to Instagram or Twitter and it’s crickets. – I’ve abandoned IG, and keep Twitter to ranting about bad bus service.

    I post a project to Google+ and I get constructive feedback, discussion on possible enhancements, intelligent affirmation.

    Once G+ is gone, I’ll hopefully find a source of validation before I fade away…

    1. This!

      G+ was the only place where I found information on certain obscure hardware hacks. And the following comments were actually useful.

      BTW, thanks for the laugh-worth title, [Tom]!

    2. “I post a project to Google+ and I get constructive feedback, discussion on possible enhancements, intelligent affirmation.”

      Kind of like Usenet, before it went downhill.

      1. Yup, they did Usenet properly the first time round. And no bullshit about censorship or “moderators”. Everything was allowed, and each user could set filters to block anything they didn’t want to read. Best of all worlds, more or less. Since ISPs abandoned it, it’s more or less dead though.

        Still Usenet is still half-grafted onto Google (for Google’s benefit, not Usenet’s) as “Google Groups”, which also has Google-specific groups users here might want to check into if Google+ is something they ever found a use for. Failing that there’s mailing lists, Yahoo do those, also called “groups” I think.

  10. I’ll miss it. It was fun to be inspired from animation/art/blender, 3D-printing, maker-, Arduino-, ESP8266/ESP32-, embedded hardware-, DIY-electronics etc. But it’s easy to feel FOMO, it’s so unstructured and messy that one forgets to check it more often. I loved these specific postings, but it had a lot of crap in between, I am not interested in “funny” stuff uninformed peoples do to relax. It wasn’t fast enought too, e.g. a sign of inline dynamic web-coding. “goodbye”.

      1. > want a curated feed algorithm creeping on you and nagging you

        I agree. It’s scary to see how sensitive Google is to my searching, it’s difficult to be objective with a non-biased searchlist. It’s more aggressive than I expected. I have heard somebody mentions that’s difficult to search through old discussions on facebook, so real and useful information is volative.

        I think kids should be made aware of how demanding these companies can be with their evil algorithm, those who are impulsive are more likable to be addicted.

    1. Yeah, I don’t think many people are gonna go with whatever they make next because they famously abandon so much of their stuff. I still can’t goddam believe they got rid of the “view image” button on request of those cockroaches at Getty images. I mean seriously, Alphabet caved to Getty? Why? I know you can just use an extension but still. They should have told them to go kick rocks.

      1. Removing the discussions search option was even a more deliberate evil move intended to hide results coming from forums to push those coming from advertisers or sites with ads. Todays Google is slowling undoing all good the very early Google did to the Internet.

  11. Isn’t Diaspora effectively dead? I tried, I really tried to like Diaspora but it was a great idea with a horrible implementation(Ruby/Rails, I’m looking at you). I spent the better part of a month trying to get a Diaspora server to work but what I discovered was that it hogged so many resources that even if I got it started, my multi-cpu machines would only be able to handle a handful of users. Eventually I shelved the idea and it appears I made a wise move because it wouldln’t be long before the developers determined they couldn’t make it any better either.

  12. For me G+ died in first year after beta launch. I was so eager to get in, I filled in for beta testing just to hop in and be happy without Facebook. But no, Google postponed launch multiple times and initial hype about it faded away so when actual launch happened, nobody cared. It was dead child after complicated birth.

  13. Google+’s poor user base can be tracked down to the same problem that plagues every Google project: bad explanation and bad documentation. Never once have I seen anything anywhere explaining what google+ is or what they expect people to do with it. Just like their hieroglyphic laden Gmail mobile app, or their supplied without decent instructions Chromecast, their projects are bound to languish if users don’t understand what they are, why they want them, or how to use them. It truly amazes me that a company of this stature could be so unaware of how users work.

    1. “Never once have I seen anything anywhere explaining what google+ is or what they expect people to do with it. ”

      I think that they want it to be a “secret”, it’ll be cooler when less is told, more information will make people more likely to not choose it.

      Big companies want people to behave like kids, always running to that new shining van with candies. Google should be more careful, people may go slower to their next fad.

Leave a Reply to ØCancel reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.