My first thought was that it was from something like an airline/travel upsell team that somehow sneaked through, but my interaction w/Google convinced me otherwise (sorry I don't recall all the details, as it was years ago).

Google definitely made clear that if I wanted to accept them auto-populating my calendar with the flights in my email, I also had to accept the fake hotel bookings and lying "...confirm?" messages and manually delete them.

I'd be mildly ok with Google sending an offer email resembling: "Here's a potentially good hotel for your trip, would you like to book this, confirm, and insert in calendar?" (ya, it's spam, but at least sort of on-topic).

But what Google was doing is highly offensive and dishonest.

They presume to make a booking, populate it into my calendar, then send an email & alert in the calendar claiming that I failed to confirm the booking that they claim that I made -- flat-out lying to me, hoping I'm just in too much of a rush to notice that their booking was not one that I'd intended.

That was just so far beyond crossing the line that I want nothing to do with any such feature.

Sadly, it is also another bad example to magnify the stereotype of technology people with no ethical grounding (broadly, I don't think it's true, but it happens enough that it smears all of us).

It just feels more likely to me that the answer you got ("you just need to turn off this feature totally to avoid this") didn't mean Google was using it themselves to generate that "ad," but that it was someone basically taking advantage of the existence of the mail-to-calendar feature unscrupulously, and Google didn't have any controls you could use to stop that other than just turning the feature off.

That's still Google's fault to a degree, since that's pretty predictable behavior they'd need to account for, but it wouldn't be the major intrusion that you're interpreting it as.

Um, google is 1) automatically reading my mail, 2) noticing that I made an air travel reservation, 3) populating my calendar with the relevant times, 4) populating my calendar with a fake hotel reservation disguised to look as if I made it, and 5) sending both email and calendar notifications that I'd failed to confirm that fake reservation.

Items 1, 2, and 3 are ok, and are the feature

The fake reservation and "confirm" requests are straight-up deceptive trade practices - an attempt to steal money and change my travel plans by deceptive means.

For a moment, let's go with your idea that Google didn't do #4 & #5.

First, questions: When did I give Google permission to open up my calendar for anyone in the world to populate? Considering the levels of spam in email, telephony, & text, what idiot thought that was a good idea?

Aside from the deceptive trade practice, this is also a massive security risk - with everyone's calendar open to the world, and without advance warning, it'd be straightforward to route a person into a variety of dangerous situations if they aren't extremely careful - this is way beyond 'click the link ransomware', and up to 'go to the appointment in your ostensibly secure calendar and get kidnapped'. These are just a few quick examples.

So, either Google themselves is directly implementing deceptive trade practices, or they are stupidly enabeling all kinds of new cybercrime.

In short, if Google is actually enabling this kind of access for random 3rd parties, it is a WORSE intrusion than if they are merely doing it themselves.

Either way, I'd expect far more responsible thinking from such a supposedly mature company.