Something is Broken in Gmail
I’ve been stomping up and down for years because I receive an inordinate amount of email intended for other people in my Gmail account. I get medical information, banking info, notices to parents from schools, emails to teams from coaches, photos of families I don’t know, and the list goes on and on.
People always complain about this on the Gmail support forums but they are shouted down by the fan boys who defend Google’s loose use of allowing people to put “dots” in their Gmail addresses. Gmail ignores any dot it finds in an email address before the “At” sign. OK fair enough. But I maintain something with Gmail is broken and broken badly. How can so many people believe that they have an email address so similar to mine? Google says that once you have a Gmail address no one can sign up with any variation of that email address which includes a “dot”.
Here is how I know they are missing something. A few months ago I was setting up my new Roku device and attempted to activate it with my Gmail address. I was informed by the Roku server that my address was already in use. Curious, I clicked on the “Forgot Password” link. Within a few seconds an email appeared in my Gmail inbox allowing me to reset the password for the Roku account that was using “my” Gmail address. I changed the passwords and “voila!” I was in to a Roku account that belonged to someone else. There it was in all its glory… the person’s name, address, activated devices, purchase history, and the scary part…. their credit card information! Now, I could have been a real slime ball and run up all types of charges with content purchases on the Roku site, but since I’m not, I deleted their information and replaced it with my own.
Fast forward to recent days, out of nowhere, I began receiving email receipts for someone's Uber rides. I decided to try the password reset trick again. Surely it was a fluke the last time. Nope, within a couple of minutes there I was staring at the ride history, account information, and the last four of an Amex card (along with the expiration date) belonging to someone in Los Angeles. He must be generous because his gratuity preference was set to 20% of the fare. I was able to change all of the information I needed. Again, I didn’t take advantage of the situation by taking Uber rides all over town. Although it certainly appears I could have.
So again I ask, is this really what Google wants? Perfect strangers accessing each other’s accounts because somehow users are so confused about their Gmail addresses? Let there be no doubt there is some type of confusion going on here because in both of these cases I would have expected to see my email address with a dot somewhere in it. What I saw was my email address. No dots. Not some similar version of my email address. There in the email address field on both sites was my exact email address that someone purposefully entered believing it was their own.
I’ve been a Gmail user almost as long as it has been around. I’d hate to abandon it now. The truth of the matter is that I get so much email intended for other people in my inbox that I grow weary of logging on and may do so out of sheer fatigue. It takes so much of my precious time to clean out my inbox and set up filters (of which I have hundreds).
I hope someone at Google who cares about the user experience and security reads this and works to close the back door to its users personal information. I’m not holding my breath. I’ve been complaining about this to them for years… But keep hope alive right? Until then, try to use multi-step authentication and turn on password reset notification where you can and hope for the best. Do what you can to protect your information until Google gets around to doing the same.