Google took a lot of flack over privacy concerns this week, like over a loophole that allowed people to figure out your private email address in replies. Security weblog Social Hacking details another method your Gmail address is exposed using a URL hack.
The Social Hacking post points out that users with numeric profile address (e.g., http://www.google.com/profiles/104424237445852766735–the numeric address of the post’s author) may think that means their Google account username is still hidden. Turns out with that number, it’s actually very easy to divine a user’s account id. Here’s how it works (from ReadWriteWeb):
First, you simply copy the numbers from a user’s Google profile and then append these numbers to http://picasaweb.google.com/[numbers] .
The solution, from Social Hacking:
To protect yourself from this access, visit the Picasa settings page. Under “Your gallery URL,” add a new username and select the new username for your gallery URL. Also, you may want to edit your nickname.
I suppose the point here isn’t that Google’s done you wrong in every way, but it’s worth recognising that when you go public with Google accounts, they really are public, and they tie together in more ways than you might realise.