GIB
MIR
FRED

fred @ Veröffentlicht am (Update: )

This week I noticed a bunch of Google calendar spam events added to my diary which read “Your iPhone XsMax is ready for PickUp” and contained a link to some external website.

Ok. Somebody added events to my calendar which I did not create. Was I hacked? Obviously I first checked who had access to my Google Account and was relieved there hadn’t been any security breach of sorts (phew!).

However adding a calendar event into my diary is definitely something I would consider a very intrusive move considering that this is a feature I heavily use every single day. My calendar is sync’ed up with my phone – hence every event added to it goes right on my screen. Congratulations! You got my attention!

How this Google Calendar Spam Works

Since I am working in the monetisation space this thing caught my interest right way. How can somebody pull this off without having access to my account? I found this thread on reddit where people seemed to have the same problem.

After reading through it I realised that the concept is strikingly simple. It’s just calendar invites. And apparently this is not even a new thing.

Google Calendar Spam in action: This is what the invites in my spam folder look like.
Event invite emails in my spam folder.

All you need is to send an invite to somebody’s inbox and hope that their client (Google, Office 365, etc.) will hoist the event with on rsvp into the calendar. In case of gmail Google doesn’t seem to differentiate between spam and ham. That’s why even though that email is correctly bucketed into the spam folder it won’t keep it from interacting with your diary. Urgh.

Still I think the idea behind that Google Calendar spam is genius!

The Idea Behind the Exploit isn’t all Bad.

If you think of it your calendar is somewhat of a sacred space. It’s mostly controlled by you and people you interact with. It’s definitely not real estate for advertising – at least not that you would naturally thinking of it being one.

At the same time most people are used to significant events automatically being added to their calendars: Flights, hotel stays, car pickup.. The list of capabilities is long and users know and trust the content parsed from their emails. You would normally not object to hotel check-in or flight departure times displayed in your calendar. For many users this is a clear feature and a very welcome reminder that would otherwise have to be created manually.

For those trust reasons – even though I don’t have access to numbers – I would assume that this spam scheme receives a good amount of clicks. Also the amount of work that needs to be done to invade such great screen estate is very low. So: Chapeau for that idea!

How to Protect your Calendar Against Unwanted Invites

One way of making sure these things do not make it into you calendar would be to disable events being added automatically completely. However I would advise against that: You might miss some important updates. A better way is adding only those event’s to which you have responded.

In order to achieve that, head over to your calendar’s settings. You’ll get there by clicking on the three dots when hovering over your calendar in the list on the left side. This will get you into the settings screen below.

Display only events which I have responded to
Show only events to which you have already responded.

Navigate to event settings and pick choose to view only those events to which you have already responded. Just hit the go back arrow on the top left of your screen to return and apply those settings.

Let’s hope that Google will get smarter when it comes to these quirks. Given how easy it was to invade my calendar it really made me wonder why this hasn’t been disabled yet.

Veröffentlicht am (Update: )
fred @ Veröffentlicht am

Have you ever worked in an environment where making decisions took forever because Manager A had to involve his Super B who in turn involved Stakeholders C, D and E so that your project never took off? Well – then this post is for you.

I’ve had the pleasure to work in a multitude of different work environments over the past 12 years ranging from small single-person businesses (including my own one as well), individual clients over research facilities to Microsoft as one of the biggest global software companies. Right now I’m working for a startup which – ever since I joined three years ago – has impressed me with a tremendous growth.

Over time not only employee numbers skyrocketed but also the organisational direction changed a lot. Things we easily settled by shooting out a single e-mail two years ago were replaced by long discussions and thorough stakeholder meetings. Pespectively the company is changing from a conventional, centralised startup towards a culture that fosters autonomy and self-driven decisions in order to be able to move away from micro-management. „About Communication: Why not Making Tough Decisions is Actually Really Expensive“ weiterlesen

Veröffentlicht am
fred @ Veröffentlicht am

It’s one of the most annoying states your dear OneNote can run into: The infamous “OneNote needs a password to sync this notebook” error. Apparently this is a real issue as you can see here, here and here. It renders your OneNote application essentially useless and drove me almost crazy – especially since it happened to me on my Windows Phone which added another level of complexity to the whole scenario. Nevertheless, I managed to solve it.

„How To Fix: OneNote Needs A Password To Sync This Notebook“ weiterlesen

Veröffentlicht am
fred @ Veröffentlicht am

Es passiert. Am 10. Dezember 2017 zieht Netflix die Preise für seine Abonnements an. Einzig das Basis-Abo wird von der Anpassung verschont bleiben.

Für Netflix war dieser Schritt eher eine Frage der Zeit und musste zwangsläufig geschehen, um sich im aktuellen Streaming-Markt behaupten zu können. „Warum Netflix die Preise ändert.“ weiterlesen

Veröffentlicht am
fred @ Veröffentlicht am