Book Snails Book Group discussion

99 views
Announcements > Goodreads Security & Privacy Issues. BEWARE!

Comments Showing 1-19 of 19 (19 new)    post a comment »
dateDown arrow    newest »

message 1: by StarMan (last edited Mar 28, 2022 06:07PM) (new)

StarMan (thestarman) | 1883 comments [Update, late 2021: GR is starting to block links to outside websites in some parts of this site, such as direct messages and some comment areas]

Goodreads currently is allowing (fake) authors to send friend requests to some GR users. These requests usually include a URL (web page link) which may lead to malicious/infected websites or files, or to pirated copies of e-books.

You can usually recognize these dangerous author-friend requests by one or more of these:

1. The "author" with 0 book reviews and 0 books (as seen under their name in the friend request).
2. The account is usually but not always from a non-USA country.
3. Includes a request to read or review a book, or offers a 'free' book to you.
4. The friend request includes a URL (web site link) to the 'free' book, or to something weird (like home improvement offers or stuff that has nothing to do with books).

Do NOT add these fake authors as friends.
Do NOT click on any URL (link) in their message.


Use the 'report' or 'block' feature to get rid of this request and alert Goodreads.

In my opinion, these friend requests are likely sent by automated bots, criminals, or idiots posing as authors. They hope you'll click on the link in the friend request and get their malicious payload, or be tempted to download illegal copies of books.

► TIP: To reduce the likelihood of receiving these dangerous requests, go to :

Account Settings --> Settings,
Scroll down to 'Friend Request' area,
Add a Challenge Question and (one word) answer

It can be something simple, such as "What is 10 plus 10?" Or "What season comes after spring?"

(most bots won't be able to answer, and most criminals won't bother).

Goodreads is well aware of this security loophole. It has been around for years, and there are current discusssions devoted to it. To date, GR has, for reasons I can't fathom, chosen not to plug this security flaw. It could be fixed with a simple filter (block all friend requests that include a URL, and/or block author-friend requests from authors we have not specificially followed).


message 2: by Pien (new)

Pien | 543 comments Thanks! I had a friend request like that today.


message 3: by biblio • bliss, Mod Nerd (new)

biblio • bliss (bookgirl1987) | 1150 comments Mod
Thanks for letting us know!!! Get on it, Goodreads, what’s wrong with you?!


message 4: by Bkwmlee (new)

Bkwmlee | 439 comments Thanks Starman! I've received a couple of these myself and was suspicious enough to ignore their request as well as block them.

Also, I've been following the Goodreads Feedback thread and there is another issue related to privacy that everyone should know about....it is currently the subject of raging debate over in that thread and users are frustrated that GR doesn't seem to be taking things seriously...

Apparently, there is a glitch in the GR website where users who marked "show email to no one" in their profiles are still having their emails "accidentally revealed" to others whenever they send friend requests. This happens sporadically and there doesn't seem to be rhyme or reason as to whose email gets seen and whose doesn't. GR has been giving generic responses claiming that they are "working on" the issue but so far there is no resolution and very little in terms of updates.

Not sure when or if this issue is going to be fixed, but many users are concerned enough to either not send friend requests anymore or change their email to one that is not their main email address and/or doesn't reveal their true identities.

This one is definitely scary...makes me wonder what else GR is making public that we may have marked as private. Might want to be careful about putting too much personal information on this site, as it's obvious their security and privacy protocols are quite lax....


message 5: by StarMan (last edited Jun 18, 2018 05:41AM) (new)

StarMan (thestarman) | 1883 comments Thanks, Bkwlmee! Excellent suggestions (don't use your main/real email address or name, etc.).


message 6: by StarMan (last edited Sep 28, 2018 03:47PM) (new)

StarMan (thestarman) | 1883 comments I should also warn you that GR allows zillions of FAKE or dangerous groups as well. They usually have 1 member (the scammer), and are basically just a way for idiots to put in links to websites that try to sell you something, or get you to click on a malicious link.

WHY does GR do nothing about such?

It's also useless to report (flag) these to GR. They do nothing about it.
Surprise, surprise: GR finally deleted a particular fake group that I reported. Too bad they didn't remove the OTHER 23 fake groups the same user has created on GR.


message 7: by StarMan (last edited Jun 30, 2018 02:22PM) (new)

StarMan (thestarman) | 1883 comments I informed GR about several specific friend requests I've received from fake authors (0 books, 0 friends, 0 reviews, message is basically advertising spam with dangerous web links).

Here is GR's response:

"Hi there,

Thank you for contacting us, though we're sorry to hear about this situation. We've looked into this for you and can confirm that your account settings are set as private. If you do receive another unwanted message or email notification, you can flag the message to our attention directly from your Goodreads inbox. Alternatively, feel free to email us with direct links or screenshots, and we'll take care of it. If you have any additional questions or concerns, please don't hesitate let us know.

Sincerely, The Goodreads Team"



message 8: by Bkwmlee (new)

Bkwmlee | 439 comments StarMan wrote: "I informed GR about several specific friend requests I've received from fake authors (0 books, 0 friends, 0 reviews, message is basically advertising spam with dangerous web links).

Here is GR's ..."


That’s not much of a response unfortunately...and isn’t reassuring given all the recent privacy and security related issues recently :-(

Hopefully GR truly prioritizes and fixes these issues soon (though I can understand why some users have lost confidence, as it seems that cosmetic tweaks to the site are being rolled out constantly, yet the functionality issues / bugs that have been brought up to staff for weeks/months/years seem to hang in limbo with no resolution)...


message 9: by Jane (new)

Jane (journojane) | 51 comments Thanks for the warning. Such warnings are so important.


message 10: by StarMan (last edited Jan 10, 2021 10:21PM) (new)

StarMan (thestarman) | 1883 comments Here is the GR group discussion I've been following concerning these fake friend requests:

[the group below has been deleted]


https://www.goodreads.com/topic/show/...



message 11: by [deleted user] (new)

Thanks for the info and warnings.
To day i got a notification from a "Nicky" asking for sex and "I am following your reviews"...yikes!

I now have a private profile, but i am concerned that he is going to bug me on my email - i don´t know if he went through my profile and copied my mail. Idiot.


message 12: by Vickie (new)

Vickie (bookfan4ever) Yep, setting everything to private is a good idea. Lot of weirdos out there, unfortunately. 😕


message 13: by Lia (new)

Lia Min | 3 comments Thank you so much


message 14: by StarMan (new)

StarMan (thestarman) | 1883 comments In some comments or parts of Goodreads (such as your user Profile, or direct messages), the Powers That Be have started blocking web links (URLs) to outside websites.

I guess that's a good thing, safety-wise.

Of course there are legitmate reasons to use links to a non-GR website, so it may be a bit aggravating to some nice folks here.

Some official GR info:

https://help.goodreads.com/s/announce...

and a discussion of the changes here:

https://www.goodreads.com/topic/show/...


message 15: by Jane (new)

Jane (journojane) | 51 comments What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? She seems friendly and chatty and has given me her email address so I think it will be fine. But I'm just a bit nervous about sending the whole thing to someone I don't know.


message 16: by Erin (new)

Erin | 822 comments Mod
Jane wrote: "What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? She seems fri..."

😏 Personally, I wouldn’t do it… It seems pretty sketchy.


message 17: by Jane (new)

Jane (journojane) | 51 comments Erin wrote: "Jane wrote: "What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? ..."

Thank you, Erin. It certainly sounds sketchy. I should add that I posted in a group for authors seeking beta readers, which she responded to. But I think you've just helped me make my mind up.


message 18: by StarMan (new)

StarMan (thestarman) | 1883 comments Jane wrote: "What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? She seems fri..."

I probably wouldn't take the risk -- but I'm more paranoid overly cautious than most people.

It's ultimately up to you, but I would avoid anyone who doesn't appear to be an avid reader or writer. And I certainly wouldn't send a complete stranger more than a chapter of my work, at least initially.

Good luck on your manuscript!

More thoughts / paranoid ramblings: (view spoiler)


message 19: by Jane (new)

Jane (journojane) | 51 comments StarMan wrote: "Jane wrote: "What do members think about someone with not much of a profile (having only four friends and apparently not having read any books last year) offering to beta-read my novel manuscript? ..."

Hi Starman,
Thank you very much for such a comprehensive reply - it's much appreciated.
And gosh - I hadn't thought about the possibility of the whole manuscript being plagiarised and passed off. What a terrifying thought. You might well have just saved me from falling off a cliff.
I wasn't aware of the Rooted in Writing site, and that's all good advice, so thanks.
I've also come across Reedsy, where you can get quotes from professional and semi-professional editors.
I'm in touch with a few other writers I was on a course with so might ask them to be involved, or as you say some second-level friends (first might be too embarrassing).
Thank you again and good luck with your own writing.


back to top