Completely Accidental Privacy Violations

I have a Gmail account which is based on my real name. Since the advent of the Internet, I realised just how common my real name is around the world, which really should have come as no real surprise – but for some reason it did.

Gmail doesn’t pay attention to full stops in email addresses. That is, alicebob@gmail.com is the same address as alice.bob@gmail.com. This was reported ages ago and has been the subject of a lot of discussion, because it seemed like a bug – why would you want to get email that’s not addressed exactly to you?

At least one other person bearing my name has signed up for a Gmail account. Not an unreasonable thing for them to do. They no doubt got through the sign-up process with few problems and managed to create a Gmail account.

Or at least, they think they did. Unfortunately, they also think their email address is the same as mine (albeit with a full stop in the middle of it somewhere). Not a real drama, until they start giving that email address out to friends and family and using it for things like hotel reservations and business.

After all my time on the Internet, I’m long accustomed to getting email that I don’t want. I get literally hundreds of spams a day to my work and personal addresses that I ignore more or less completely.

However, emails like this tend to bust through my spam filter, because they’re often very similar to actual emails that I’d get myself. They’re definitely not spam, but they’re definitely emails that shouldn’t have made their way into my inbox.

I go to pains to NOT read these emails, and almost always hit reply to let the sender know (after a quick check to make sure they’re not spam that crept through) that their email was misdirected. When its a personal email or something from a business contact, I usually get a reply thanking me. But when its an automated email from a mailing list or some other non-human sending process, I’m a little bit torn about what to do.

I don’t really want to get any more emails from here, but often my only recourse from an automated email is to click a link in it that takes me to some sort of online profile, helpfully logging me in to someone else’s account. While there’s probably no real damage I could do (I’m sure, for example, that I couldn’t get my alternate namesake’s credit card details), if I was a little more malicious I could probably at least make his life a little uncomfortable or embarrassing.

Needless to say, I don’t want to do that. I just want the emails to stop. So this raises the question – can I ethically (and legally) claim some ownership of emails that are accidentally sent to an address that – while it isn’t mine per se, is still delivered to me – so that I can try to make sure the sender knows they’re sending it to the wrong person?

Case study:

My alternate namesake created a profile on an international dating site. He, no doubt, put in all sorts of personal information into this site. I could have probably gone in and messed with his profile and made him a she-male seeking furry companionship or something, but instead I went through this arduous and painful process of trying to contact the site through normal means to ask they take me off.

This process took weeks – they floundered around for a while trying to verify it, told me they’d removed me, I still got emails every few days, floundered around again, etc.

It would have been vastly easier for me to just log into the guy’s profile and delete his account. But I couldn’t do that – even though he’d used my email address to (somehow) create a profile, it wasn’t my account.

While I went through the process then, this guy just keeps signing up for services using my email address – thinking it’s his. I’m getting all sorts of stuff I don’t want. At some point, I’m just going to start deleting them, meaning they’ll go into a black hole until he finally figures it out.

I’m sure this is happening to a lot of other users. It’s crazy how much personal information I could have obtained from this guy without him even having the slightest idea about it – if I was maliciously inclined.

Obviously, you should be careful when deciding when to give someone your email address – the last thing you want is spam or more useless crap filling it up. But remember – also be careful that you’re giving it to them correctly, because it’s probably worse that your personal and private information is going to someone completely different.

David Harrison of the UK, I’m talking to you.

(Further – as a web developer-type, I find it somewhat objectionable that several sites have let this guy sign up to various emails and services without first verifying his email address.)

Leave a Reply

Your email address will not be published. Required fields are marked *