WARNING: Google Buzz Has A Huge Privacy Flaw Skip to main content

WARNING: Google Buzz Has A Huge Privacy Flaw


Peeping Tom pictureImage: Kevin Steele

GOOG Feb 26 2010, 05:20 PM EST
526.80 Change % Change
+0.37 +0.07%
Update 3: Here's the story of how panicking just enough may have saved Google's answer to Facebook and Twitter.
Update 2: Google has made further changes that address most -- but not all -- of our concerns.
Update 1: Google released some privacy fixes for Buzz. They're a nice start, but we don't think they go far enough. Read more here: Sorry, Google's Improvements To Buzz Don't Fix Privacy Flaw
Earlier: There is a huge privacy flaw in Google's new Twitter/Facebook competitor, Google Buzz.



When you first go into Google Buzz, it automatically sets you up with followers and people to follow.
A Google spokesperson tells us these people are chosen based on whom the users emails and chats with most using Gmail.
That's fine.
The problem is that -- by default -- the people you follow and the people that follow you are made public to anyone who looks at your profile.
In other words, before you change any settings in Google Buzz, someone could go into your profile and see the people you email and chat with most.
A Google spokesperson asked us to phrase this claim differently. Like this: "In other words, after you create your profile in Buzz, if you don't edit any of the default settings, someone could visit your profile and see the people you email and chat with most (provided you didn't edit this list during profile creation)."
(Freaking out already? Here's how to IMMEDIATELY make these list private and then edit them >)
Buzz Flaw
When you first post to Google Buzz, there is a dialogue box that reads "Before participating in Buzz, you need a public profile with your name and photo." It also says -- albeit in tiny gray letters against a white background, "Your profile includes your name, photo, people you follow, and people who follow you."
But it does not say that these publicly viewable follower lists are made up of people you most frequently email and chat with.
Even if it did say that, we doubt most users bother to read the text in the dialogue box before clicking "save profile and continue."
(This is why it's always safest for Web services providers to make it so sharing information is always an "opt-in," rather than "opt-out," setting. Just ask Facebook, which still remembers Beacon.)
There is also a "Welcome To Buzz" panel that shows who you are following and who is following you. In a long bit of unbolded text, it says "Buzz is a new way to share updates, photos, videos and more, and start conversations about the things you find interesting. You're already set up to follow the people you email and chat with the most."
 If a user notices the box, it might help users "catch" that they might be following people they don't want the world to know they're following. But you don't have to close the box to use Buzz. Closing the box does not trigger a warning or anything else that alerts the user they've agreed to publish a list of the people they email and chat with most.
It looks like this:
Buzz flaw
The whole point is: Google should just ask users: "Do you want to follow these people we've suggested you follow based on the fact that you email and chat with them? Warning: This will expose to the public who you email and chat with most."  Google should not let users proceed to using Buzz until they click, "Yes, publish these lists."
In my profession -- where anonymous sourcing is a crucial tool -- the implications of this flaw are terrifying.
But it's bad for others too. Two obvious scenarios come to mind:
  • Imagine if a wife discovering that her husband emails and chats with an old girlfriend a ton.
  • Imagine a boss discovers a subordinate emails with executives at a competitor.
A Google spokesperson tells us the followers lists are public by default so that people can quickly find new people to follow. Obviously, that's a good thing for Google, which is hoping to get as many people using Google Buzz as soon as possible. It's also meant to be helpful for users. And for those who are unconcerned with telling the world who they email most, it is. But for everyone else, it's terrible.
It gets to a deeper problem with Google Buzz: It's built on email, which is a very different Internet application than a social network.
The good news for Google is that this is a very easy problem to fix. Google must either shut off auto-following, or it must make follower lists private by default as soon as possible.
In the meantime, here's how to IMMEDIATELY make these list private and then edit them >
Update: We've updated this post to emphasize that there are a few instances where Google does allow users to opt-out of inadvertently publishing a list of the people they email and chat with most.
We continue to believe these chances to opt-out do not force the user to make a real choice about this setting.
We believe Google could and should simply make this feature "opt-in" so that people know what they're doing.
We're stunned the people at Google don''t agree. We bet they change their minds.
On that point, here's a statement from Google:
"We thought very carefully about how to create a great experience in Google Buzz with as minimal setup as possible.  We designed our auto-following system to enable users to immediately see content from the people they email and chat with most, so when they start using Buzz, it "just works."  If users are automatically followed to anyone they'd rather not follow, it's easy to remove these individuals during the auto-following step by clicking on the "edit" link and then clicking "unfollow" next to their names.

After that, the first time the user creates a post or comment, we ask them to create a profile, principally so they have a name to display next to their post.  There's more information on why you need a profile here: http://mail.google.com/support/bin/answer.py?hl=en&answer=17073.  In this profile creation step, we inform users that the lists of people they follow and people following them will be displayed on their profile, and make it easy to view and edit these lists.  We also make it possible to hide the lists of people they're following and people following them from their profile."
Photo: Kevin Steele

Ref: businessinsider

Comments

Popular posts from this blog

Chronology of the Press in Burma

1836 – 1846 * During this period the first English-language newspaper was launched under British-ruled Tenasserim, southern  Burma . The first ethnic Karen-language and Burmese-language newspapers also appear in this period.     March 3, 1836 —The first English-language newspaper,  The Maulmain Chronicle , appears in the city of Moulmein in British-ruled Tenasserim. The paper, first published by a British official named E.A. Blundell, continued up until the 1950s. September 1842 —Tavoy’s  Hsa-tu-gaw  (the  Morning Star ), a monthly publication in the Karen-language of  Sgaw ,  is established by the Baptist mission. It is the first ethnic language newspaper. Circulation reached about three hundred until its publication ceased in 1849. January 1843 —The Baptist mission publishes a monthly newspaper, the Christian  Dhamma  Thadinsa  (the  Religious Herald ), in Moulmein. Supposedly the first Burmese-language newspaper, it continued up until the first year of the second Angl

Thai penis whitening trend raises eyebrows

Image copyright LELUXHOSPITAL Image caption Authorities warn the procedure could be quite painful A supposed trend of penis whitening has captivated Thailand in recent days and left it asking if the country's beauty industry is taking things too far. Skin whitening is nothing new in many Asian countries, where darker skin is often associated with outdoor labour, therefore, being poorer. But even so, when a clip of a clinic's latest intriguing procedure was posted online, it quickly went viral. Thailand's health ministry has since issued a warning over the procedure. The BBC Thai service spoke to one patient who had undergone the treatment, who told them: "I wanted to feel more confident in my swimming briefs". The 30-year-old said his first session of several was two months ago, and he had since seen a definite change in the shade. 'What for?' The original Facebook post from the clinic offering the treatment, which uses lasers to break do

Is 160 enough? One Indian man's family

By Sumnima Udas , CNN October 31, 2011 -- Updated 0857 GMT (1657 HKT) Ziona, center, with his has 39 wives, 86 children and 35 grandchildren in rural Baktwang village, India. STORY HIGHLIGHTS One man in India is the patriarch of a family of 160 in rural India Ziona, who only goes by his first name, has 39 wives, 86 children and 35 grandchildren. Ziona's father, Chana, founded the Christian sect in Baktwang that promotes polygamy "I never wanted to get married but that's the path God has chosen for me" Mizoram, India (CNN) -- The world's population hits 7 billion this week, but Ziona, the patriarch of what may be the biggest family in the world, is not bothered. "I don't care about overpopulation in India ... I believe God has chosen us to be like this (have big families). Those who are born into this family don't want to leave this tradition so we just keep growing and growing," he says with a smile. Ziona, who only goes by his f