Related to this bug, some time ago I started getting spam on my Google Calendar. Not sure if Google ever fixed it, but basically Google would automatically add events to your calendar when you got an invite in your email. Honestly, it's a nice feature; saves a couple clicks every time I get an invite. The bug is that it applied even if the email was spam. There was no workaround, other than disabling the feature completely. Quite a pain. And yes, just like this bug, you'd get lovely "eat my pussy" events popping up on your calendar and reminders.
It's used not just by spammers, but by sales reps, too.
Dell recently did this to about half a dozen people on my team. 'Q2 Budget Review', which sounds official, but is really a Dell rep trying to sell you junk that magically pops up on your calendar _even if you mark their message as spam_.
> Dell recently did this to about half a dozen people on my team. 'Q2 Budget Review',
If you put this shit on my calendar, I will never purchase a product from you. I will additionally, at my own discretion, use it as proof that you have had a data breach and are unable to keep your accounts safe since no real company would really do this on purpose.
Yes, but for every person I tell that they had a data breach causing them to phish their customers through calendar, I can poison 50 people in each organization, then they can poison 50 and so forth... let's call it exponential growth of the DELL-20 coronavirus.
Don’t you get it?! They wouldn’t do it if it didn’t work, and you are vastly outnumbered. It’s not right, it’s bloody annoying, but it’s there and it’s not going away.
Google needs to fix the root problem, so that the spammy behaviour is not possible.
I'm not claiming that you're wrong because I don't have any data to the contrary, but "They wouldn’t do it if it didn’t work" isn't a strong argument. It's only true assuming rational actors and perfect information.
It is quite possible that the successes are more visible than the failures and thus it seems like it works. Or it "works" for the sales rep because he gets more leads and thus a bigger bonus, while hurting the company - but the company hasn't figured that out yet. Or it works in the short term but isn't worth the reputation damage in the long term.
Of course it's also possible that it just works, just pointing out that reality shows that people and companies often do things that are just stupid.
It would stop working if less people said "it will work even if you're difficult!" and more people just took a little time out of their workday to be difficult.
I hear "they wouldn't do it if it didn't work" about many dark patterns. Is there proof to this? I suspect that these kinds of things are easier to measure than less aggressive tactics, leading to a false sense of efficacy.
And what of the efficacy compared to the negative reputation gained from such practices? How do they measure that?
We had someone try this at a company I worked at previously. The target was so angry they aggressively complained; the company fired the salesman. It boggles the mind why a sales person would do something that is likely to be seen as an invasion to the prospect.
> It boggles the mind why a sales person would do something that is likely to be seen as an invasion to the prospect.
Sales droids don't think the same way regular people do. A lot of them really believe everybody is as extroverted as they are and introverts are just pretending. And that everybody would be as excited about their product as they are, if they only knew about it. The best sales people can adopt the point of view of their prospects; mediocre ones cannot.
That really hasn’t been my experience when working alongside sales people at the companies I’ve worked for.
I definitely wouldn’t call any of them sales droids. Usually they’re just given really tough goals and quotas to hit.
And while none of the salespeople I’ve worked with would book unsolicited appointments, I could see it happening at companies who don’t have a very mature sales org and just throw their account managers to the sharks and expect them to make it rain.
From experience, I suspect that most salespeople who resort to invasive tactics really don’t expect everybody to be excited about their product. They are just desperately trying to keep their heads above water to avoid getting fired - a very human, non droid like thing to do.
That really hasn’t been my experience when working alongside sales people at the companies I’ve worked for.
I'll outweigh your anecdote with mine, because the only two companies where I had to work with sales people, in both places the sales people were exactly as the parent described.
One cheated on his bride-to-be just to make a sale.
You may not be able to block the calendar spam with current tools, but if you're in a decision-making role, you can block e-mails or blacklist the vendor so your purchasing department knows that they cannot order from them.
Another lovely Google feature that lasted for about 10sec. after I discovered it:
Booked a flight, got the receipt through Gmail. Google then auto-populated my calendar with the flights - fine. They also populated it with a hotel reservation, and a link saying I hadn't yet confirmed the reservation for Hilton. I was going to stay with family, w/no intention of staying in a hotel. I couldn't believe the blatant hijacking and spamming involved here from my private info - bad enough if they'd merely spammed a hotel advert for those dates.
Contacted Google, no way to turn it off without turning off the entire feature. Done. Permanently.
I couldn't believe anyone could think this was a good idea.
YMMV, but I personally think that's a reasonable level of intrusion. I'd prefer less; but for the convenience of "auto-populated calendar events", I'm willing to swallow a little unobtrusive upselling for a very justifiable assumption ("person who is travelling _probably_ wants a hotel").
Having Google put fake hotel reservation confirmation links in your calendar is a "reasonable level of intrusion?" It's amazing what we've become conditioned to.
Is this something Google actually did/does? It doesn't really fit with my experience of them.
Now, if the confirmation email contained this upsell in text or in schema.org metadata or whatever and Google pulled it over, that feels very much like something they would do.
In my experience that's what happened. Some ad text on the bottom of the email got picked up (ie "hotels available during your trip"). It had "hotel" and a date range. That's all a faulty Google AI needs to create a hotel stay event.
In fact I'd adventure to say this is an exploit by the airline upsell team, not Google.
My first thought was that it was from something like an airline/travel upsell team that somehow sneaked through, but my interaction w/Google convinced me otherwise (sorry I don't recall all the details, as it was years ago).
Google definitely made clear that if I wanted to accept them auto-populating my calendar with the flights in my email, I also had to accept the fake hotel bookings and lying "...confirm?" messages and manually delete them.
I'd be mildly ok with Google sending an offer email resembling: "Here's a potentially good hotel for your trip, would you like to book this, confirm, and insert in calendar?" (ya, it's spam, but at least sort of on-topic).
But what Google was doing is highly offensive and dishonest.
They presume to make a booking, populate it into my calendar, then send an email & alert in the calendar claiming that I failed to confirm the booking that they claim that I made -- flat-out lying to me, hoping I'm just in too much of a rush to notice that their booking was not one that I'd intended.
That was just so far beyond crossing the line that I want nothing to do with any such feature.
Sadly, it is also another bad example to magnify the stereotype of technology people with no ethical grounding (broadly, I don't think it's true, but it happens enough that it smears all of us).
It just feels more likely to me that the answer you got ("you just need to turn off this feature totally to avoid this") didn't mean Google was using it themselves to generate that "ad," but that it was someone basically taking advantage of the existence of the mail-to-calendar feature unscrupulously, and Google didn't have any controls you could use to stop that other than just turning the feature off.
That's still Google's fault to a degree, since that's pretty predictable behavior they'd need to account for, but it wouldn't be the major intrusion that you're interpreting it as.
Um, google is 1) automatically reading my mail, 2) noticing that I made an air travel reservation, 3) populating my calendar with the relevant times, 4) populating my calendar with a fake hotel reservation disguised to look as if I made it, and 5) sending both email and calendar notifications that I'd failed to confirm that fake reservation.
Items 1, 2, and 3 are ok, and are the feature
The fake reservation and "confirm" requests are straight-up deceptive trade practices - an attempt to steal money and change my travel plans by deceptive means.
For a moment, let's go with your idea that Google didn't do #4 & #5.
First, questions: When did I give Google permission to open up my calendar for anyone in the world to populate? Considering the levels of spam in email, telephony, & text, what idiot thought that was a good idea?
Aside from the deceptive trade practice, this is also a massive security risk - with everyone's calendar open to the world, and without advance warning, it'd be straightforward to route a person into a variety of dangerous situations if they aren't extremely careful - this is way beyond 'click the link ransomware', and up to 'go to the appointment in your ostensibly secure calendar and get kidnapped'. These are just a few quick examples.
So, either Google themselves is directly implementing deceptive trade practices, or they are stupidly enabeling all kinds of new cybercrime.
In short, if Google is actually enabling this kind of access for random 3rd parties, it is a WORSE intrusion than if they are merely doing it themselves.
Either way, I'd expect far more responsible thinking from such a supposedly mature company.
This hit a bunch of us about a year ago, maybe two years, I forget. It was incredibly annoying and made me completely stop relying on gmail for calendar stuff.
Google has very little incentive to fix the problem, and outsourced support personnel have even less incentive to care. The entire google forums read like passing the buck.
> Google has very little incentive to fix the problem
A long time ago, in an internet far, far away, Gmail was brand new. The big feature? No spam. Back then we'd hide our email addresses in cryptic text and images. It was a private thing, shared between friends. If the light of the internet were to ever shine upon your unobfuscated email address, woe be onto you as the plague of SPAM descended. There were even entire websites dedicate to the purpose of "email address images". It was ... a wild time.
Then, GMAIL! For the first time since the dawn of SPAM we could post our addresses in plaintext, in the light of day. We didn't hide them like dirty underwear. The whole WORLD could see our email addresses, and we didn't have a care in the world. The smell of fresh email was in the air, unbesmirched by SPAM.
Perhaps the young ones forget. Perhaps Google has forgotten. Lost to the sands of Calendar spam...
Even internally this bug is not prioritized. In their defense, it's not clear what the behaviour should be. Against them, there are options that, while not perfect, are better than the status quo, even if the user must manually set them.
You just reminded me why I decoupled my google calendar from my iPhone calendar a few years ago. Just the other day I was thinking I’d like them up, but something made me feel like I shouldn’t...
I still get this. It was bad enough on my "sign up for shit" email address that I had to disconnect that account from my smartphone because it kept spamming me with notifications in my calendar to "earn $1500 a week working at home!"
Considering 40h/week that would be 1500/40 = $35/h. Kinda low for a freelancer to work from home. Tell spammers their game is outdated, they should at least double it :P
I used to get these in Russian (I don't speak Russian and have no links with Russia). The worst part was I couldn't delete them from the Android app, which is like probably everyone else the only place I ever see my Google calendar. The functionality to delete them was hidden at calendar.google.com or somewhere I'd never had occasion to use. I don't get this spam any more, so I guess Google fixed it at some level.
This will sound facetious, but I mean it sincerely. Change email provider. I was an original "invite only" user of GMail. Eventually, I got so sick of Google's complete u-turn on their original philosophy that I changed, despite the cost in time and effort that decision entailed. It's worth it. But I will recommend you choose providers carefully. If you're not paying for it in some way (e.g. Fastmail), be concerned. Also, the ability to use your own domain is a huge boon (you'll never have to go through the excessive email-change pain again).
I wish I could turn off the feature entirely, but I still occasionally get Russian spam events on my calendar. They also try to notify me at ~3am (fortunately I turn notifications completely off at night).
The emails themselves land in my spam folder... but no one said "hey, maybe calendar events shouldn't be created from the spam folder" at inception, so I guess it'll never be implemented.
I report them as spam when I get them, but I also discovered that I can't report calendar events as spam in the mobile app.
It was awhile ago, but that looks like the right link and jives with my current settings. I don't get any more spam on my calendar, but obviously need to manually respond Yes to any email invites to get them to show on the calendar.
Thanks Google, you're the best /s