Skip to main content

Preventing Google Calendar spam, and intricacy of requirements analysis

In Google Calendar's (current) default configuration there's an opening for unlimited spamming, with an opportunity for dangerous phishing links. There's a Google Calendar setting that closes that opening, but in a way that also closes some information flow in legitimate collaboration with known colleagues. The details are a good example of the intricacy and difficulty in adequate requirements analysis.

The problem is in what happens when someone creates a calendar event that include you as a guest.

  • The person including you can elect to send out notifications to the event guests via email.
  • Your calendar has a setting which regulates when a calendar entry is automatically created for events of which you are a guest: "Automatically add invitations" (in General > Event settings)
    • Here are the options:
      1. Yes <- default="" li="" the="">
      2. Yes, but don't send event notifications unless I have responded "Yes" or "Maybe"
      3. No, only show invitations to which I have responded
    • You need to select 3 if you want to avoid automatically having spammer's events that include you as guest from showing on your calendar. (If you select 1 or 2 you can mark events that show on your calendar unwanted as spam, but then you have to intervene, and spam numbers could become unmanageable.)
For those of you who are reading just for the solution, that's it. It has a drawback, and a way that Google Calendar could rectify that drawback, tough such a solution is not yet available.

For those interested in how that solution could be better, and the intricacy of requirements assessment: the problem is that selecting 3 means that the system no longer does anything to automatically alert you about events that legitimately include you, but for which the colleague does not elect to issue an emailed notification. (This can easily happen in the context of work or other team endeavors.)

There's a solution for an analogous situation: to have an option to include events depending on whether the event creator is in your address book. This is similar to Gmail's Vacation responder configuration option, "Only send a response to people in my Contacts".

There might be some people in your contacts who overuse the privilege, but at least you have social recourse to let them know, which doesn't work with spammers. Further refinement of the configuration options, so you could identify a contacts group to exclude from the privilege, would provide a mechanical means for customizing to deal with this situation, as well.

Though this configuration issue is a fairly small detail, it illustrates the discretion necessary to enable people to manage communications which are accessible by the whole wide world. There's enormous potential inherent in that, and part of that potential is potential for abuse, which needs to be intricately tamed.

Comments

Popular posts from this blog

Blogger silently drops comments submitted by Safari in embedded-comments mode

We've noticed that comments submitted from Apple Safari (Mac or iPhone) are dropped without any notification if the blog is set with Comment location = Embedded. Having set it to Pop up (I think), it worked. We're going to try some more tests. That's what this post is for! From the comments testing we discovered some useful things: Using Comment location = embedded: Is necessary to enable replying to specific comments. Comments posted from Safari (laptop or iOS) are silently dropped. It looks to the person posting the comment that it went through, but the blog moderator sees no sign of it at all. Using Comment location = Pop up or Full page: Inhibits option to reply to other comments – no comment threads Enables comments from Safari The trade-off is clear. Losing comments from people who think they submitted them successfully is not acceptable. Particularly from a prominent browser (currently estimated to be a bit less than 4% of users). I just hate to lose comment threadin

Exploring Adaptation of the Underscore for Online Practice

I had early experience with the  Underscore  a few times while  Nancy Stark Smith  was developing it, before she found a name for it. Since those early days it has gotten a name and continued to grow, and it has become a practice for many, many groups around the world. I have been leading Underscores for the DC Sunday jam almost every month since the December 2013. I love how the Underscore works, love the sharing situation that it tends to foster. In recent days of the Coronavirus quarantine, a group exploring sharing of movement online has started to explore adapting the Underscore for online sharing. I've had the opportunity to try what others are doing, and an opportunity to adapt it for an online session myself. I wonder, can we arrive online at the often open and receptive shared presence if can foster? I'm not sure, but believe that something is possible. Whatever we discover, I know it will be different from an in-person Underscore. Online meetings are different in cru

A Contemplative Movement Online Score

Barbara Dilley developed a shared dance/meditation practice called Contemplative Dance Practice – CDP, a "dancer's meditation hall". I've been exploring adaptation of this score for online sharing. The aim is to share meditation and movement across the gap of social distancing. (See below the score description for online meeting logistics and further info about the practices.) (The framing of this score is a work in progress, continuing to change. Revision information is at the bottom.) Score Description The score is divided into sections. At the beginning of each timed section the facilitator says which section it is and arranges for a bell to sound at the beginning and the end of that section. Opening Circle : Time for brief introductions / check-ins and to review the outline of the score (essentially, the bold headers below). Meditation: 15 minutes for stillness . In the original score the participants share sitting meditation. We invite whatever meditat