Skip to main content

Preventing Google Calendar spam, and intricacy of requirements analysis

In Google Calendar's (current) default configuration there's an opening for unlimited spamming, with an opportunity for dangerous phishing links. There's a Google Calendar setting that closes that opening, but in a way that also closes some information flow in legitimate collaboration with known colleagues. The details are a good example of the intricacy and difficulty in adequate requirements analysis.

The problem is in what happens when someone creates a calendar event that include you as a guest.

  • The person including you can elect to send out notifications to the event guests via email.
  • Your calendar has a setting which regulates when a calendar entry is automatically created for events of which you are a guest: "Automatically add invitations" (in General > Event settings)
    • Here are the options:
      1. Yes <- default="" li="" the="">
      2. Yes, but don't send event notifications unless I have responded "Yes" or "Maybe"
      3. No, only show invitations to which I have responded
    • You need to select 3 if you want to avoid automatically having spammer's events that include you as guest from showing on your calendar. (If you select 1 or 2 you can mark events that show on your calendar unwanted as spam, but then you have to intervene, and spam numbers could become unmanageable.)
For those of you who are reading just for the solution, that's it. It has a drawback, and a way that Google Calendar could rectify that drawback, tough such a solution is not yet available.

For those interested in how that solution could be better, and the intricacy of requirements assessment: the problem is that selecting 3 means that the system no longer does anything to automatically alert you about events that legitimately include you, but for which the colleague does not elect to issue an emailed notification. (This can easily happen in the context of work or other team endeavors.)

There's a solution for an analogous situation: to have an option to include events depending on whether the event creator is in your address book. This is similar to Gmail's Vacation responder configuration option, "Only send a response to people in my Contacts".

There might be some people in your contacts who overuse the privilege, but at least you have social recourse to let them know, which doesn't work with spammers. Further refinement of the configuration options, so you could identify a contacts group to exclude from the privilege, would provide a mechanical means for customizing to deal with this situation, as well.

Though this configuration issue is a fairly small detail, it illustrates the discretion necessary to enable people to manage communications which are accessible by the whole wide world. There's enormous potential inherent in that, and part of that potential is potential for abuse, which needs to be intricately tamed.


Popular posts from this blog

Blogger silently drops comments submitted by Safari in embedded-comments mode

We've noticed that comments submitted from Apple Safari (Mac or iPhone) are dropped without any notification if the blog is set with Comment location = Embedded. Having set it to Pop up (I think), it worked. We're going to try some more tests. That's what this post is for! From the comments testing we discovered some useful things: Using Comment location = embedded: Is necessary to enable replying to specific comments. Comments posted from Safari (laptop or iOS) are silently dropped. It looks to the person posting the comment that it went through, but the blog moderator sees no sign of it at all. Using Comment location = Pop up or Full page: Inhibits option to reply to other comments – no comment threads Enables comments from Safari The trade-off is clear. Losing comments from people who think they submitted them successfully is not acceptable. Particularly from a prominent browser (currently estimated to be a bit less than 4% of users). I just hate to lose comment threadin

A Contemplative Movement Online Score

Barbara Dilley developed a shared dance/meditation practice called Contemplative Dance Practice – CDP, a "dancer's meditation hall". I've been exploring adaptation of this score for online sharing. The aim is to share meditation and movement across the gap of social distancing. (See below the score description for online meeting logistics and further info about the practices.) (The framing of this score is a work in progress, continuing to change. Revision information is at the bottom.) Score Description The score is divided into sections. At the beginning of each timed section the facilitator says which section it is and arranges for a bell to sound at the beginning and the end of that section. Opening Circle : Time for brief introductions / check-ins and to review the outline of the score (essentially, the bold headers below). Meditation: 15 minutes for stillness . In the original score the participants share sitting meditation. We invite whatever meditat

An Accumulation Score for Ensemble Movement

Many people are acquainted with the notion of conventional musical scores, which describe what musicians should do to perform a song/piece. No matter how specific the instructions, it can't be perfectly complete. It's always necessary for the person performing the score to make choices of their own - particular emphases and cadences and whatever it is that establishes what the performer expects is best to realize the piece. At the other end of the spectrum, improvised pieces can have scores also. Those scores don't generally use standard notation, but instead describe some parameters of the piece in some way, leaving many aspects up to the participants. This accumulation score is one such movement improvisation score. I don't recall where I first learned about it, nor do I recall the exact instructions I received in the various times I've been exposed to it. The ones below are my own take on it, but I expect they're similar to those that many others have also