The announcement generated a lot of news when Google released its declaration in October.
And Google Plus made even more news when we found out about another data breach.
However, Google Plus was really dead long before Google announced it.
The death of Google Plus really shouldn’t have been a surprise to anyone.
It has been on life support for years now.
Now what might be surprising for some is that Google Plus, though typically described as a failed social network, was never primarily a social network at all.
If Google Plus Wasn’t a Social Network, What Was It?
Google Plus was never really intended to be a place to share life updates, cat videos, and historically inaccurate memes with your friends.
Sure, it got lumped in with Facebook, Twitter, LinkedIn, and Pinterest; but in reality, Google+ was developed as an identity service, which may have a lot more to do with its life and death than an inability to compete with say, Facebook.
In August 2011, Google’s then CEO Eric Schmidt told NPR reporter Andy Carvin, that Google+ was not built as a social network, but an identity service:
“[Eric Schmidt] replied by saying that G+ was built primarily as an identity service, so fundamentally, it depends on people using their real names if they’re going to build future products that leverage that information,” Carvin wrote in a Google+ post. “Regarding people who are concerned about their safety, he said G+ is completely optional. No one is forcing you to use it. It’s obvious for people at risk if they use their real names, they shouldn’t use G+.”
The Rise of Identity
In the years between 2009-2015 (loosely speaking), there was a push by corporate entities and governments around the world to build an online ecosystem that could replace passwords.
Not only did they want to replace passwords, but they wanted to help better identify the person behind the log-in as a real human, a verified person.
This “verified” identity was to make it, so users were known to the companies they interacted with online.
Sort of an “insta-trust” for the web.
Andy Carvin continues:
“Paraphrasing [Eric} Schmidt’s comments, Carvin wrote that the Google exec also said the Internet “would be better if we knew you were a real person rather than a dog or a fake person. Some people are just evil and we should be able to ID them and rank them downward.”
The real-world implementation of Identity Service Providers, or Identity Providers (IdPs), was going mainstream.
The Push for Real Names & IdPs
The government was behind the push for using IdPs but did not want to be an IdP themselves.
Anyone remember the push in Google and Facebook for “real names”?
For everyone to have a login if they used any Google Product?
How about Google authorship?
Identity Provision was behind all of those initiatives.
Since users would no longer be unknown entities on the internet, but rather known persons who used IdPs to verify who they were online as they interacted with websites and other online platforms, such as government agencies, it was important that those providers were comprised of private entities.
This is where companies like Google came in.
But they were not alone.
Identity Provision & the NSTIC
This initiative towards Identity Provision was much bigger than Google alone.
Google was only going to be one of many identity service providers for a program run by the Federal Government called the NSTIC, or National Strategy for Trusted Identities in Cyberspace.
“[NSTIC] The initiative envisions an online environment-the “Identity Ecosystem”‘ – that improves on the use of passwords and usernames, and allows individuals and organizations to better trust one another, with minimized disclosure of personal information. The Identity Ecosystem is a user-centric online environment, a set of technologies, policies. and agreed upon standards, that securely support transactions ranging from anonymous to fully authenticated and from low to high value. It would include a vibrant marketplace that allows people to choose among multiple identity providers – both private and public – that would issue trusted credentials that prove identity.”
And it wasn’t just the U.S. government.
The Identity Provision program was international in scope.
The identity providers and the NSTIC were part of the “Real ID Movement” across the globe.
The movement was meant to bring together a set of nation states to implement similar protocols in their countries, which could be used to identify individual users, across borders and online.
However, this had to start somewhere and, in the U.S., there were pilot programs set up to test the identity ecospace.
Google Plus Is Officially Recognized
Google, Equifax, PayPal, Symantec, and Wave Systems were the first federally recognized IdPs of this new identity system.
This meant they were certified to start acting as IdPs for specific pilot programs in both public and private partnerships.
“In basic terms, this means that solutions from firms like Equifax, Google, PayPal, Symantec and Wave Systems – all of whom have had their credentialing solutions certified to meet Federal security and privacy requirements – can be trusted identity providers for certain types of Federal applications.” – White House Press Release
NSTIC was not without its critics, including privacy rights groups like the Electronic Frontier Foundation (EFF).
The NSTIC was met with its fair share of resistance due to:
- Privacy concerns.
- First Amendment protection issues.
- A lack of clarity on what an Identity Provider could do with the data they would now have detailing every online action a user performed.
Human rights and privacy rights groups, along with a fair number of high-profile cybersecurity experts, were harsh critics of the concept of a Real ID program online.
However, this did not stop the growth of the program.
It seemed to be humming along right up until 2015 when its funding was seemingly unexpectedly and dramatically reduced, and the program cut down to maintenance levels.
So, what happened?
The End of Google Plus
In 2015, the NSTIC was defunded to “maintenance levels.”
This meant all new programs would be canceled and only a few remaining pilot programs were left at basic funding levels.
House Slashes Online ID Program and Pilot Funding
Last Friday, the House of Representatives passed a spending bill including less funding and language intended to wind down the administration’s efforts to replace the online username/password with a more secure proof of identity. The House Commerce, Justice, Science and related agencies (CJS) Appropriations bill would only provide $5.9 million of the requested $16.5 million for the National Institute of Standards and Technology (NIST) program known as the National Strategy for Trusted Identities in Cyberspace (NSTIC) program.”
There was never a clear statement on why the NSTIC program was defunded.
Prevailing thoughts are it was a combination of budget cuts in general and privacy concerns post-Snowden that made the concept of an online Identity Program run by the federal government less than desirable.
The Snowden Effect
Due to Edward Snowden’s revelation that the NSA had installed hidden backdoors into company networks like Google under a program called Prism, it is thought it would become much harder to push a public-private identity ecosystem.
Since the NSTIC relied on a private push for user adoption, lack of trust in the identity providers could make their efforts tenuous at best.
“Tapping the Google and Yahoo clouds allows the NSA to intercept communications in real time and to take “a retrospective look at target activity,” according to one internal NSA document.
To obtain free access to data- center traffic, the NSA had to circumvent gold-standard security measures. Google “goes to great lengths to protect the data and intellectual property in these centers,” according to one of the company’s blog posts, with tightly audited access controls, heat-sensitive cameras, round-the-clock guards and biometric verification of identities.“
Now, to be clear, there is no stated link between this breach, the defunding of the NSTIC program, and the demotion of Google Plus from Identity Provider to simply a social media platform.
However, it is hard to ignore the timeline and its correlations to events.
Here is a timeline of Google Plus’ slow demise from Digiday.
- In June 2013, The Guardian reported the first leak based on top-secret documents that Edward Snowden stole from the National Security Agency. These took approximately almost 12 months to fully roll out with the last release in May 2014.
- In July 2014, Google Plus drops its controversial “Real Name” requirement.
- In March 2015, Google Plus split into two products.
- In May 28, 2015, Google executive Bradley Horowitz, who had co-founded Google Plus, said that Google+ was about to undergo a “huge shift” that would better reflect how the service is actually used.
- In June 2015, the NSTIC was defunded.
- In July 2015, Google removes the Google Plus single login requirement.
- In November 2015, Google Plus underwent a redesign to become “Communities and Collections.”
But this was not the end of Google Plus as an application, just Google Plus as an Identity Provider as the program was no longer funded and Google was reverted back to its secondary intent, a social network, of sorts.
Then, in October 2018, Google Plus finally had its life support pulled.
What Finally Killed Google Plus?
What finally killed Google Plus could be thought of as ironic given its beginnings.
What finally killed Google Plus was Google’s failure to disclose a potential data breach and application vulnerability that would allow developers using the Google Plus API access to private information on up to 500,000 Google Plus users.
Instead of fixing the vulnerability, something very expensive for a product that had low rates of engagement (90 percent of user sessions lasted less than 5 seconds), Google decided to just shut Google Plus down.
According to Google, it was:
“… not worth the effort, considering the meager use of the product, the company said.”
Since Google Plus was never primarily a social network, it struggled to find a place for itself after the NSTIC program was defunded.
As with many failed Google products, without a clear sense of direction or intent, it floundered and never found solid footing except as a really great way to get news articles indexed instantly, as any SEO who works with news publishers likely knows.
Goodbye, Google Plus! We Hardly Knew Ye!
So, it’s time for us to say goodbye to Google Plus – the social network that never actually was a social network.
I know some news publishers will be really sad to see you go, though given the engagement rate it is not likely many others will even notice.
You can review the links below for a full history of Google, the NSTIC, and Identity Provision.
Articles I have written on Google+ and the NSTIC Program:
- In Google We Trust (Your Identity)
- NSTIC, Google & SEO
- Real Names: Google+, Government & The Identity Ecosystem
- Google as Your Identity Provider: Where Are We Now?
- Google & NSTIC Leading the March to Digital Totalitarianism?
- White House Announcement of the NSTIC
- The Snowden Effect – A Leaks Timeline
- Identity Verification in a Post-Breach World
- Identity Crisis: States are tightening verification, the feds are funding pilots and privacy advocates are worried, CIO Magazine (p.58)
- Real ID Online? New Federal Online Identity Plan Raises Privacy and Free Speech Concerns
- Identity Crisis: The Delusion of NSTIC