The event was a lot of fun – we “made media” for the Time Capsule. We had a big mobile scavenger hunt by The Go Game and ended up with some funny video (it’s long) and pictures (full photoset). Go team super6 (we won)! We then had some great food and a workshop on Flickr and Jumpcut. It is clear that Yahoo! is about social media.

Next up was some unscheduled fun with Bre from Make who set up his balloon aerial photography unit (here’s a great photo). It was crazy letting loose a digital camera attached only to a big bunch of balloons and a line of 1000 feet of string.

Monday night was a dinner, thanks to Paul, with David Ulevitch and Allison Rhodes from OpenDNS. We had a great dinner and conversation as well. If you haven’t already, go set up OpenDNS now (it will only take 1 minute) for a better, safer, and faster internet. OpenDNS protects users from phishing scams, and if I type example.cmo, I will automatically be redirected to my intended domain.

Overall it was a great trip. It is always good to catch up with friends from Yahoo! and hang out with fellow previous interns like Paul, Richard, Doreen, and Britta. (And can’t forget some good In and Out burger with Jason Katzer)

Hi Phil,

We came across your blog post about sharing Google Calendar and wanted to follow-up with you: http://philfreo.com/blog/big-security-flaw-in-google-calendar/

We understand that you’re concerned about the security of Google Calendar because you can see all of your friend’s events although he only shared his free/busy information with you.

We suspect that the reason why you can see the details of your friend’s events is because his events are marked as public events. When events are marked as public events, other users can see them even if the calendar itself is set up as a private calendar.

To resolve this issue, can you please ask Bryan to check the privacy settings of his events? To do so, he’ll need to click on events, then select “edit event details” > “Options” > “Privacy.” Under “Privacy”
section, if “Public” is selected, he needs to change the selection to “Default” or “Private.”

Lastly, we understand that many users want the ability to create one main calendar that they can share with their friends without clattering their friends’ calendars. We also understand that our printing features need some improvements. We really appreciate your constructive feedback on Google Calendar and will keep them in mind as we work to improve the quality of Google Calendar.

Regards,
The Google Team

I did have Bryan check and indeed, the settings on each individual event had been set to “Public” rather than to “Default”. While I’m still not sure how that happened (he didn’t do it on purpose), it is much more relieving to know there was a good reason for what otherwise looked like a security hole.

Additionally, it is great to see Google say that they understand the other problems with Google Calendar (such as multiple calendars per person cluttering a friend’s calendar, as well its very ugly print interface). I now have more confidence that it is something they are working to fix.

I have now integrated Google Calendar on another website and am very pleased with how easy it is to give multiple people access to add/edit events. Additionally, subscribing to the calendar’s events make it a wonderful way for people wanting to keep up with the latest events from an organization without having to constantly check back. This was the perfect solution to the previous way it was happening: dozens of email reminders sent a week via the listserv.

However, since Google apparently is listening, I might as well point out a few more things I’d like to see changed in their iframe page:

• More styling options. For example, there is no way to change the color of the month name from black, and it looks very bad on a grey background.
• Event wrapping. With often < 700 pixels to work with, you can’t see much in terms of detail when the events don’t wrap. I would much rather lose vertical/height space than how it currently is.

Google has been doing a great job innovating lately through the integration of their products (Docs and Spreadsheets, Calendar and Gmail, etc). This integration, however, has not come without security issues arising. TechCrunch has covered several of them – but I believe I have found another…

This may be hard to believe, but I can view unauthorized and unshared events on my calendar. Let me explain:

My friend Bryan has a Google Calendar with the following security/sharing settings:

Note that, as you would imagine, he only wants me to see free/busy information for his schedule.

And MY settings for HIS calendar are as follows:

The settings all look correct – I should be able to see only free/busy information about his events. But this is not the case – I can actually see all his event details.

I have had him unshare and reshare his calendar, with no better results. Luckily, Bryan and I are friends, so it is not a big deal that I can see his event details. But one can only imagine how this could be a big deal when your calendar has sensitive appointments.

I have to know – can anyone else reproduce this huge security bug?

Another problem I have with Google Calendar – and maybe I am not using it the way developers intended for me – but here’s what I do: I like to have different events in my life categorized in different calendars. Then, I can show/hide a certain set of events (personal, business, school, etc) quickly, and I can see by color coding how much time I am spending in each category.

The problem arises when I want to let someone else see my free/busy schedule on their own calendar. This means, not only do I have to share 5 calendars instead of 1, but that person then has to keep 5 calendars in their list. Why can’t there be a way to combine calendars into 1 for all my friends wanting to see free/busy status, or event event details? It is a big clutter for them to have 5 calendars just from mine to see when I’m free.

Lastly, I’m unhappy with the PDF that the Calendar generates to print both the month and week view. I am not against the idea of generating a PDF for printing complex designs – it is a good idea – but their implementation leaves much to be desired. The design and UI of the online version of the calendar is beautiful, however it seems as if the print layout was something thrown together a day before the product was to be released.

My biggest qualms are 1) it’s ugliness, 2) lack of details for events (it doesn’t even show the location of the event), and 3) lack of consideration for many events (when I have overlapping events sometimes it creates a box with no event name shown).

Google is doing a great job with many things, that is why when I notice issues like the above, it really stands out.

Update: Google responds.