WARNING: New Gplus.To Site Not Affiliated with Google

With the launch of the new Google+ Social Network last week there has been a landrush of (mostly techie) people to start trying out the new service. As with anything new and untested, always be wary of your privacy settings on the web, and especially to whom you’re giving your information.

Recently a new site launched called gplus.to – this site has no affiliation with Google, no privacy policy, and basically no information about who owns it or how it uses your information. It is basically a URL shortener to provide vanity URLs for Google+ accounts. The problem is there is absolutely no verification in place. You can take anyone’s Google+ ID number, enter it in the box, and create a unique vanity URL for any name you choose – whether or not you have access to that Google+ account. This allows a huge potential for spammers to engage in Social Media Identity Theft.

There is an opportunity here for these site owners to start engaging in massive data mining because they offer no terms of service or privacy policy. So in addition to allowing anyone to capture anyone else’s vanity URL, they are also capturing everyone’s information for their own purposes. They can also redirect your URL wherever they want before sending you to your profile – Malware, tracking exploits, botnets, etc. You should be EXTREMELY cautious about using this service.

JULY 6 UPDATE: Someone associated with the site from Turkey got in touch with us and updated their site to include a simple About message which explains they are not trying to do anything malicious, and they are not affiliated with Google.  They also changed the appearance to make it look less like an actual Google page.  Wasn’t so hard, was it?

Tags: google, google plus, gplus.to, Intellectual Property, social media identity theft

Comments

6 Responses to “WARNING: New Gplus.To Site Not Affiliated with Google”

  1. Can Erdoğan on July 5th, 2011 6:01 pm

    This service isn’t a google product but its not a dangerous.
    This shortener projects is a first shortener projects and its made very fast about 2 or 3 hours.

    After this projects lounch its very fast growing. And now projects owner working on a new design. And I ask him about “Privacy Police”. He said “We didnt enough time for this. But We workin on it now. Don’t be scare people about this. We never use your information for a spam or other things. We promes you.”

    Thanks for your warning Barry. People must be carefully for privacy.

  2. Barry Wise on July 6th, 2011 12:52 am

    Hello Can, I am glad there is someone that will come out and provide transparency for the site and it’s operations, so we know it’s safe.

  3. Jenni on July 6th, 2011 8:22 am

    As I think it’s just a URL shortener service, you can use it as you want; therefore, don’t worry too much about this website.

  4. Kevin Mullett on July 6th, 2011 1:09 pm

    While it may not be malicious, it also is oddly using 302 redirects rather than the appropriate 301 redirect. This means that unless Google chooses to ignore the HTTP status code, any Google Juice will stay with the gplus.to site.

    I did a write up about that and a few other interesting points here. http://www.cirrusabs.com/blog/is-google-url-shortener-gplus-to-keeping-your-link-juice/

  5. JOOD on July 7th, 2011 7:38 am

    i found another similar site – topl.us

  6. Allen on July 7th, 2011 6:06 pm

    The people running gplus.to said they “promise” not to use our information. They may be sincere now but I cannot accept a promise. It’s laughable. Is there any way to undo this?

    Also, it would be a good idea to make people aware of this. If you look at all the geeks with blogs they are all recommending it even after your post. You did a great job so far on this. Please follow it through
    Thanks
    Allen