Image by Lyn Millett via FlickrTechnology Thursday
Google has really stepped in it with the launch of their latest product, Buzz. Here's their blog announcement about it. They appear to still be trying to make a splash in the social networking space, and apparently wanted to avoid some of the problems that plagued them with Google Wave. In particular, one of the complaints about Wave was that you would log in, and there'd be no one to "wave" with. So this time, for the new product, Google decided to seed each person's contact list based on people they email with from their Gmail accounts. Umm, bad idea. And, to add to the annoyance, it was hard to understand how to turn this off. And it was all turned on automatically without so much as a "by your leave." Lawyers' and journalists' frequently-emailed contacts were exposed. Abusive ex-spouses gained accesses to contact lists. Basically, a full-blown privacy nightmare.
Business Insider, before some of the fixes that Google has deployed said:
A Google spokesperson tells us the followers lists are public by default so that people can quickly find new people to follow. Obviously, that's a good thing for Google, which is hoping to get as many people using Google Buzz as soon as possible. It's also meant to be helpful for users. And for those who are unconcerned with telling the world who they email most, it is. But for everyone else, it's terrible.MSNBC walked through some of the privacy issues and offered suggestions for how to adjust some of the defaults:
It gets to a deeper problem with Google Buzz: It's built on email, which is a very different Internet application than a social network.
Another problem is that to use Buzz you have to create a public Google profile, which could end up exposing your Google e-mail address. Your e-mail address is one of the last barriers preventing people from getting in direct contact with you, so you may not want it out on the Web, for anyone to see. By comparison, Facebook doesn't allow people to get access to your "real" e-mail address unless you decide to make it public.Patrick Nielsen Hayden describes succinctly how to disable public display of the people you are following and the people following you. Note that this may have become even easier now as Google has been redesigning some of these features since I went digging a few days ago to figure out how to turn it off for myself.
So before you send out your first Buzz this morning, take a look at this privacy checklist, and make sure you're comfortable with all your personal information that could be exposed through your Google profile.
Matt Haughey offers another perspective, noting that in addition to the privacy problem, there are just too many of these things to keep track of and it's increasingly difficult to know if you've gotten feedback on something you've put out there in the world:
Today Buzz launched and I realized my annoyance expressed last July was going to get amplified again as there was yet another new channel that could chop up any piece of micro-content I've produced and let people comment, rate, and share it without me having any remote knowledge of it unless I happen to follow someone that interacted with it. It's just like how Facebook doesn't inform me that this very blog post might be shared as a link there, and maybe 7 people hit the "Like" button and maybe there are five comments on it there that I can't answer because I don't know it exists. Google Reader, as much as I love it as a tool for reading blogs, suffers the same issues.Many people have just decided not to bother and turned Buzz off entirely. As for me, I'm not really using it for anything and I made my following and follower lists private (I think), but there's this odd account named Leofrido Bumatayo that keeps showing up as following me and I keep blocking it. But like a zombie it keeps coming back. My current theory is that it's not a real person, but a ghost account used in Buzz development that is somehow still active--a glitch. But it just reinforces the colossal fail that this whole product roll-out has been. It's a real black-eye for Google from a privacy perspective. And it betrays a real lack of understanding, on Google's part, of the difference between a public or semi-public social network (like Facebook or Twitter) and people's private email accounts. There is a big overlap between my list of frequently-emailed contacts, and my Facebook friends, and people I follow on Twitter, but it is far, far from a complete overlap!
Let me be clear this isn't an ownership issue, it's not a frail ego issue, and it's not that I don't love remixing (I do!). My point is when there are half a dozen places someone can hit a like button or mark as a favorite or leave a comment that I have no knowledge of, the feedback loop is broken.
There are a lot of takeaway messages in this debacle for Google, and for other companies seeking to innovate in the social technology space. Harder to say what the takeaway messages are for individuals though.
Eternal vigilance? Of course.
Try not to be too dependent on one company's services? I guess.
But I'm hard-pressed to say that any individuals were the ones doing anything privacy-insensitive here. This was a deliberate exploitation and public exposure of people's private email contact lists, about as blatant a privacy violation (short of publishing emails themselves) as it gets in the email space. And there was really nothing any individual could have done (apart from not use Gmail) to protect themselves. Pfeh, I say. What a mess.