Google Drive Has a Serious Spam Problem, But Google Says a Fix is Coming

Google Drive has a pretty bad spam problem, and it seems Google doesn't care. Spammers can share files that automatically appear in your Drive, and there's no way to stop it. From a report: Google Drive's sharing system is the problem. Since it doesn't offer any sharing acceptance, all files and folders shared with your account are automatically available to you in Drive -- they just show up. To make matters worse, if you only have "View" permission, you can't remove yourself from the share. It's a mess. And to make matters even worse, this is far from a new problem, but Google still hasn't done anything to fix it.

Google got back to us with a statement saying that changes are coming to Drive's sharing features and they're"making it a priority." Here's the statement in full: "For the vast majority of users, the default sharing permissions in Drive work as intended. Unfortunately, this was not the case for this user and we sincerely apologize for her experience. In light of this issue, we are evaluating changes to our spam, abuse, and blocking features that will prevent this kind of activity from taking place on Drive. In the interim, users who are experiencing similar issues can remove themselves from the folder, and the folder should not reappear in either 'My Drive' or 'Shared with Me' unless they revisit it."

The much more serious google drive issue

[bobstreo]

is that despite their promises, after 6 years there still isn't a google provided linux client.

Re:

[Chris Katko]

Chromium OS runs on top of Linux.
Android runs on top of Linux.
Their cloud machines run Linux. -----a major portion of their products and income

God forbid they make their co-developed products... you know... work with each other.

I'd genuinely like to see someone to try and argue the opposite. That Google Chrome SHOULDN'T be supported on Linux for [same 'valid' reasons Google Drive doesn't]. After all Linux makes up a "smaller market share" blah blah... and supporting multiple operating systems is hard blah b

Re:

[cheekyboy]

Google is dead, they are the new MS.

MS is the new Google.

All MS has to do , is allow Windows 10/Arm to be installed into any Android 8+ device, so just like windows 3.1 ran on any PC-AT, Windows 10+mobile can run on any phone, then kill Android and its shit crappy bugs and simple iOS like features that lack any thing high-end, its just toy features.

Re:

[Anonymous Coward]

Once Linux desktop users amount to more then a rounding error, maybe they'll start care. Until then: "Fix it yourself, bum."

Re:

[Anonymous Coward]

Then stop whining.

Re:

[Desler]

How would using Windows stop someone from writing a third-party Google Drive client? What a moronic statement.

Re:

[novakyu]

And they have [fossmint.com]. There's just no official client.

Re:

[gweihir]

Why would I want this crap on Linux? (Rhetorical question, obviously...)

Re:

[gweihir]

Well, since you are nobody, thanks for caring!

Re: The much more serious google drive issue

[Anonymous Coward]

If your organisation has taken a decision to use GDrive, and you want to use Linux, maybe?

Re:

[gweihir]

Good point.

Does this affect Google's ability to harvest data?

[QuietLagoon]

If the answer is no, then do not expect a fix from google anytime soon.

Google Calendar As Well

[moehoward]

Google Calendar has the same problem. People can just add appointments/tasks to your calendar. Spammers. I'm at a loss as to how they let this happen.

Re:

[Desler]

They simply don't care. That's how.

Re:

[Desler]

Google Drive has paid tiers. So, no, it's not just a free service.

Re:

[MobyDisk]

Really?!?! I've never had this happen. How do I add something to someone else's calendar?

Re:

[CODiNE]

It's almost as if Google is unfamiliar with the internet.

Re:

[Anonymous Coward]

Too much diversity

Compete BS

[Anonymous Coward]

With two factor authentication keeping everyone's phone numbers in a huge database Google has safeguarded the world from bad people.

And what about google calendar?

[darthsilun]

Google lets spam emails through. And even if they identify it as spam and filter it into my spam folder, if it has a calendar invite, google goes ahead and adds it to my calendar.
Jeezus H Christ, google, connect the fucking dots.
Oh, I know. It's free. And I'm the product.

Re:

[apoc.famine]

Outlook does this too, so it's not just google. Apparently the default for not responding is to harass you anyway. If I explicitly decline outlook invitations they go away, but if I don't bother to do anything with them, I get reminders.

Re:

[jittles]

Outlook does this too, so it's not just google. Apparently the default for not responding is to harass you anyway. If I explicitly decline outlook invitations they go away, but if I don't bother to do anything with them, I get reminders.

If you actually respond to the event this won't happen with Outlook. Decline it if you don't want to hear about it, otherwise they just assume you're really bad at keeping up on your email.

Re:

[jodido]

You do see the irony in the phrase "misogynist cunt," don't you? If not, perhaps check a dictionary.

Re:

[hwolfe]

You can turn that feature off.

I had several of those invites, and after deleting about a half dozen or so, looked for the setting to disable them. It's under settings, next to the last option, titled Events from Gmail. Uncheck the box that reads "Automatically add events from Gmail to my calendar"

Haven't had a problem since I turned that off.

Mismatch between title and summary.

[Darkness Of Course]

Either google is doing nothing about it, per the summary. Or they are working on it, per the title and the blurb.

Come on poster step up your game, accuracy is important, even to geeks.

Re:

[thewolfkin]

same. and my email is everywhere. I sign up for a LOT of (imo trustworthy) mailers and a handful of semi-sketch ones I get a LOT of junk email (and google sucks and keeping my non junk out of junk still btw)

Google Drive permissions are a nightmare.

[jrq]

It's been this way since its inception. The permissions model is awful. For instance, you can assign permissions to users and/or groups. Standard ACL-style permissions, right? But if you and another user to the group, you have to re-share the document/folder with that group, in order for the new user to acquire those permissions. Their suggested solution was to perform this function anytime a group's definition changed. Utterly impractical for groups larger than three, at best.

Re:

[gweihir]

So the security model is entirely botched, not only in what the story reports on. Does not surprise me anymore with Google. They really never managed to hack solid engineering. They can only throw more resources at a problem, but skill does not scale that way.

Re:

[gweihir]

This is so open to abuse and malware, I'm surprised Google even allowed this in the first place.

Extreme incompetence and gross lack of experience. Google likes to hire intelligent and young. Makes the workers weak in experience and morals. This is a consequence.

Re:

[TheDarkMaster]

I would like to supplement your comment by giving more emphasis to the part of the lack of experience, and adding the problem of arrogance. The "new guys" are too inexperienced to worry about non-trivial problems (such as safety) and usually they too are too arrogant to look at the work of their predecessors and wonder why things were done that way and not the other way.

Re:

[gweihir]

You have a point.

There cannot have been any security analysis

[gweihir]

Because something like this pops up immediately when you do that analysis competently. Makes me wonder what other severe defects they have in there. Better stay away entirely from this train-wreck.

Re:

[Desler]

Google Drive has paid tiers as well and they suffer from this same issue.

Should be able to fix

[140Mandak262Jamuna]

They can figure out how many people a document is shared with and filter out the dumb spammers.

Then it is an arms race. All shared documents are associated with accounts. They can throttle down how much sharing you can do to young accounts. For older accounts they can build links of shared documents and shared editing history. With some amount of AI thrown, they can cut down a lot of spam.

Gmail is pretty good in filtering out spam. Google phone is pretty good in marking incoming calls as possible spam. So they will probably have a more sophisticated way than what a random guy like me posts after two minutes of thinking.

Re:

[jittles]

They can figure out how many people a document is shared with and filter out the dumb spammers.

Then it is an arms race. All shared documents are associated with accounts. They can throttle down how much sharing you can do to young accounts. For older accounts they can build links of shared documents and shared editing history. With some amount of AI thrown, they can cut down a lot of spam.

Gmail is pretty good in filtering out spam. Google phone is pretty good in marking incoming calls as possible spam. So they will probably have a more sophisticated way than what a random guy like me posts after two minutes of thinking.

Are you sure that it is Android that is marking the call as spam? Who is your service provider? Many of them now mark the call as likely spam from their end using caller ID.

Re:

[account_deleted]

Comment removed based on user account deletion