Google has given Gmail users something long requested: the ability to change their original Gmail username — a tweak that ends a 22‑year freeze on account names but leaves many of the service’s deeper privacy problems untouched. The company’s U.S. rollout, amplified by CEO Sundar Pichai’s public endorsement — “2004 was a good year, but your Gmail address doesn’t need to be stuck in it” — has renewed attention on how online identity and account hygiene work today.
The new option lets users pick a different username for their Google Account while the old address continues to function as an alias, so messages sent to the legacy address still arrive. Google says users can choose any available name in their account settings; the change aims primarily to help people retire youthful or embarrassing handles and adopt more professional addresses without creating entirely new accounts. Gmail now has roughly 2 billion users, giving the change broad potential impact.
Security and privacy specialists warn the tweak does not address where problems actually lie. Email addresses — whether created in 2004, 2014 or 2024 — are routinely copied into marketing lists and data broker databases the moment they’re used to sign up for services. ESET security researcher Jake Moore described the move as “a huge shift in how identity works online,” but said it leaves users exposed unless providers also offer tools to stop their primary addresses being broadly distributed.
A common privacy safeguard is Apple’s Hide My Email, which generates unique, random forwarding addresses for each sign‑up and can be turned off or deleted without ever exposing a real inbox. Apple’s implementation keeps a user’s personal address out of merchant lists and marketing databases; messages are forwarded to the real inbox until a user disables forwarding. Google has reportedly been developing a similar “hide my email” feature but has not made such a product generally available, leaving the new username tool incomplete from a privacy standpoint.
The decision to keep legacy addresses active as aliases has raised another practical concern: it could increase risks of impersonation and phishing. If attackers and scammers can still send or claim to control an old address while the user operates from a new one, that continuity can be exploited to confuse contacts or mount credential‑harvesting schemes. Security experts say the best protection would be a system that both allows renaming and provides disposable or per‑site forwarding addresses that users can retire.
For now, the update is a mixed bag: a convenience for people wanting an address that reflects their current life, but not the privacy reset many hoped changing a decades‑old email would offer. Without built‑in per‑site masking or a managed alias service that blocks distribution of a primary address, Gmail users who change names will still need to take extra steps — such as creating separate addresses for new sign‑ups or relying on third‑party masking tools — to avoid reopening the same inbox to marketers and fraudsters.