Missed Use Case? Google Buzz Reveals Who You Chat With The Most To Everyone

from the that's-not-good dept

There’s certainly been a lot of “buzz” (har har) about Google Buzz, which, frankly, is a bit baffling (hence us not writing about it earlier). It looks like Google’s latest attempt to be Facebook/Twitter. Sorta. That said, Nicholas Carlson found a rather scary privacy flaw in the way it’s set up. In order to jumpstart things, Google automatically sets you up with followers based on people you frequently communicate with via Gmail or Gtalk. And that info is public. As Carlson notes, especially as a reporter, keeping some of his sources private is really, really important. And Google just revealed them to the world. This seems like a case of the folks at Google not thinking through the implications of this.

Filed Under: ,
Companies: google

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Missed Use Case? Google Buzz Reveals Who You Chat With The Most To Everyone”

Subscribe: RSS Leave a comment
46 Comments
Brendan (profile) says:

You think they'd learn.

They had a very similar problem when they changed how Google Reader shared links with your contacts, making some things that were once very private (and potentially embarrassing) very public.

I couldn’t find a techdirt link on the topic, so here’s an outside one instead: http://www.wisebread.com/google-reader-invades-your-privacy-and-its-not-going-to-stop

Anonymous Coward says:

Re: Re:

You’re partially right. From their privacy policy, here http://www.google.com/intl/en/privacy.html:

2. Develop products that reflect strong privacy standards and practices.

It’s number 2 on their list. An opt-out service like this does not reflect strong privacy standards. They’re violating their own privacy policy. Since Buzz was introduced, and therefore will be seen, as a part of GMail, I would think the GMail specific privacy policy would come into play here (especially since it’s my contacts they’re displaying):

When you send email, Google includes information such as your email address and the email itself as part of that email.
We provide advertisers only aggregated non-personal information such as the number of times one of their ads was clicked. We do not sell, rent or otherwise share your personal information with any third parties except in the limited circumstances described in the Google Privacy Policy, such as when we believe we are required to do so by law.

There is nothing talking about how they are going to share your contact list with the world. Again, they violated their own policy and the trust of many GMail users. I’ve disabled everything, but I shouldn’t have had to. I should never be signed up for a service against my will.

What am I doing about it since I have such an obvious problem? I’ve set up a secondary email account with another provider and I’m forwarding email from my other account right now. I’ll be changing my accounts at various online vendors over the course of the next week or so, depending on how long it actually ends up taking. Unless there is a massive apology for this mistake, as well as a pledge against more opt-out services, they’ve lost a customer. A customer who knows how to disable Google ads. A single customer isn’t a big deal, but I feel like my information has been raped and I won’t put myself in that position again.

Jill Bradlie (profile) says:

Trying to do too much

Every heard of the expression that goes something like… those who try to do many things never become masters at one. aside from search I think google to trying to use their humongous market share to push tools on us that are not truly needed. This is just more clutter that will take reputation away of google as a really good search engine and start making it known more and more as the company who has just ok tools for everything lol

Potty Training | Potty Training Boys |How To Potty Train A Toddler

Kristoffer (profile) says:

Really that bad?

Come on guys, I think that’s a bit of an over-reaction. When Google says “the people you chat with the most” it means “the people in your gtalk that also uses buzz”, just corporate sugar coating to make it sound more interesting.

Also, it doesn’t really take a scientist to de-select the option to “Display the list of people I’m following and people following me” (hint: it’s right there in the settings). OK, it might have been a mistake to make this opt-out instead of opt-in, but hardly comparable to facebooks beacon fiasco, or the more recent “make everything public” decision.

Finally, on Google in general, saying the haven’t succeeded in other areas than search is, in my view, a bit ignorant. Gmail, Google Docs, AdSense, Analytics etc. are all very popular products by any measure.

Kevin Carson (user link) says:

Use the Old Version

Gmail removed the easily visible button for switching to the older version (you can probably find it going through Settings), but fortunately I’ve got my account linked in the old version on my Bookmarks toolbar.

I decided a long time ago that the “new and improved” version was a gold-plated turd that ate up bandwidth. I previously switched away from the “new and improved” version of Hotmail for exactly the same reason.

Jim says:

Yes it is bad.

Google is slipping.. They need to make features that can affect privacy opt in. Not on by default. They need to make it clear how it will affect your privacy and how to turn it on or off.

My mother, several competing clients of mine, and a couple of young women who get naked for a living were all able to see each other today, despite me clicking to not go to buzz, for some reason it was all turned on by default and it took me a while to realize exactly what the implication was and how to turn it off.

Same goes for their recent social search. (Which requires me to sign out of every google service to not use it.. It can not just be turned off.)

Email has always been private and Google should allow that expectation of privacy to remain. When I am on facebook, or myspace, I have less expectation of privacy because I know that everyone on my “friends” list can see each other. But email is entirely different and I can honestly say that in the last few weeks I have for the first time become quite disappointed with google.

The Anti-Mike (profile) says:

Quite simply, this is proof that the borg have too much information, a no separation between their products.

Google should not be allowed to share information from product to product without your personal approval at each step. I find it frightening sometimes to log into something and realize that they have dragged non-related information from another product into the frame.

Google is getting so very close to getting a government beat down.

The Anti-Mike (profile) says:

Re: Re: Re:2 Re:

They are unavoidable.

I visit a website with google ads, I am using their service.

I watch a video on youtube, I am using their service.

I call someone on the phone, it happens to be a google phone number. I am using their service.

Now if they start an isp, when I chat with my friends I might be using their service.

Heck, any number of websites that you visit in a day may be served off their cloud computing service.

Pretty much it is impossible to NOT use their service, and you know they log every little bit of it.

Sorry, but they are the borg, and they know way more about you than you would like.

The Infamous Joe (profile) says:

Re: Re: Re:3 Re:

*sigh*

I visit a website with google ads, I am using their service.

No, the site is.

I watch a video on youtube, I am using their service.

Don’t go to youtube. Problem solved.

I call someone on the phone, it happens to be a google phone number. I am using their service.

No, Google is not VOIP (yet), and you are still using your telco provider’s service. If you require futher dumbing down, try using google voice without a telco.

Now if they start an isp, when I chat with my friends I might be using their service.

I assume you’re equally up in arms about “using” AT&T, Comcast, etc?

Heck, any number of websites that you visit in a day may be served off their cloud computing service.

They are. You are not.

Pretty much it is impossible to NOT use their service, and you know they log every little bit of it.

I do? No, I don’t. Please show me something (no tin foil, please) that says they “log every little bit”.

Sorry, but they are the borg, and they know way more about you than you would like.

They only know what info you give them. Don’t give them your info and you don’t have to worry about it. Personally, I like it.

The Anti-Mike (profile) says:

Re: Re: Re:4 Re:

Joe, I don’t think you understand what I mean about “using their service”.

Google logs everything, and retains records of everything. Every search, every movement, every use of their site. If you have the google toolbar (and many people do) and sign into Gmail, you remain signed in as you surf, and all your movements are tracked. They have a profile of your computer (all of the things revealed in the http headers about your machine) and even when you are logged off, there is often enough information combined for them to know what ads you have seen on sites they serve ads on (they get all the info, and more).

Data retention? http://news.cnet.com/8301-1009_3-10036090-83.html

They are now down to 9 MONTHS from the original 18 MONTHS before.

They log. They log everything. Every contact, every touch, every interface, every use. They log.

Oh yeah, don’t forget the bonus round: The cache every website they can get to, and any website that exposes information such as poster information and IP address could be matched up to other data they have logged to pretty much piece you together out of “series of tubes”.

The borg.

Brendan (profile) says:

Re: Re:

For once, I agree with you.

I hate that if I just close a gmail tab, rather than signing out, all subsequent Google searches are attributed to my Google account and stored there indefinitely. (I’m not sure I believe them when they say they delete my history when I ask with that privacy dashboard thing.)

Unless I click the “documents” or “calendar” or “search” links from my gmail inbox, I want to be asked to log in to each separately. Don’t assume I want to be logged into everything Google all at once.

mdavidthomson (profile) says:

How about reading the instructions.

So… maybe I have some special Gmail account, but when Buzz appeared in my Gmail it ASKED me.

If I took 10 seconds (which I would hope a journalist keeping secret contacts would do), I could remove everybody.

If I took another 10, I could remove it from Gmail altogether, by clicking down the bottom of the page.

End of problem. Buzz killed.

If you value your privacy so much, is spending 10 seconds saying “no thanks” that hard?

Not only that, but I had the opposite problem. I found their auto-add function didn’t work. It failed to suggest a friend I have been chatting to constantly on Gchat and Gmail for the past year. Probably because I only reconnected with him a year ago, but I’ve had my Gmail account for six. So, if you have recent heavy contact with someone, I don’t think it picks that up because I suspect it’s aggregated over the time the whole account has been open.

The whole thing is just a simple way to try and get something in your Buzz stream quickly. I’m fine with that it saves me time going to a 10 or 15 profiles and following them.

It’s no different from LinkedIn or Facebook or any other networking service that says: give me your email address and we’ll check to see who else is on here. The only difference is that Gmail doesn’t need to login to another email service.

Still, for a forward leaning tech blog, I’m amazed at the reactionary comments that sound like the cool kids bashing the new kid in high school, just because he’s new. And others, even more disturbingly along the lines of the grandpa “I hate new technology” response.

What happend to trying new things? Working with new models and seeing if they work over time?

Google Buzz has been online about 24 hours and we already know it’s a model and tool that is a big FAIL?

Let’s get some perspective here.

Carlson wants hits on his blog. And I’m sure he got them. I saw that story posted everywhere.

It’s classic tabloid sensationalism. A story titled: READ INSTRUCTIONS BEFORE USE or something similar just ain’t going to get the hits that WARNING:HUGE PRIVACY FLAW will.

And who says good old fashioned journalism is dead?

Mike Masnick (profile) says:

Re: How about reading the instructions.

So… maybe I have some special Gmail account, but when Buzz appeared in my Gmail it ASKED me.

If I took 10 seconds (which I would hope a journalist keeping secret contacts would do), I could remove everybody.

If I took another 10, I could remove it from Gmail altogether, by clicking down the bottom of the page.

End of problem. Buzz killed

The article discusses this. Yes, it is true, but the contacts were displayed publicly BEFORE you had the choices. That was the problem. If they had given you the list and asked you for the okay before putting it up publicly, that’s one thing. But they did not.

The whole thing is just a simple way to try and get something in your Buzz stream quickly. I’m fine with that it saves me time going to a 10 or 15 profiles and following them.

Your fine with it, but lots of people are not.

KGWagner (profile) says:

Opt out

I think I must have a special account, too. I didn’t get any “automatic” connections, and I was able to opt out of the whole thing as well.

I don’t think it’s a good idea, but I never thought Facebook or MySpace would take off, either. Shows how much I know. Apparently, a great many people are more than willing to share a lot more information than they should. Maybe I’m too private, or perhaps even paranoid or anti-social, but I don’t want people to know every single thing about me and/or my friends, right down to reading our mail.

jilocasin (profile) says:

That's why I only use Google for search.

Google is way too ‘spookish’ for me. They are constantly trying to get as much information about everyone, keep it _forever_, and refuse to ever delete it. Even their half hearted ‘anonymization’, that they can reverse when you’re not looking, reeks.

They have a great search engine, the best I’ve used so far. So that’s what I use, _for_searching_. I make it a point _not_ to use any of their other services, to block google-analytics links in AdBlock and to flush any google or google related cookies (including flash based ones) every time I start/stop my browsing.

Unless/until Google starts showing some restraint/respect I won’t use any of their services, nor will I recommend them to anyone else. Unfortunately it will take laws, laws with real teeth, to get Google to start acting responsibly.

With mass-wiretapping friendly people like Bush-Obama I’m not holding my breath of it happening anytime soon.

Google and the NSA, like two peas in a pod.

The Infamous Joe (profile) says:

Re: That's why I only use Google for search.

Unless/until Google starts showing some restraint/respect I won’t use any of their services, nor will I recommend them to anyone else. Unfortunately it will take laws, laws with real teeth, to get Google to start acting responsibly.

No, it will take exactly what you’re doing. If everyone felt as you, then Google would go out of business or be forced to change.

Cixelsid (profile) says:

You guys are overreacting

So this person is concerned about the privacy of his sources…why the hell is he using a Google Talk to communicate with them in the first place then? If you want security – don’t bother using the internet then my friend.

Still, I find this nothing in comparison with the privacy flaws in Facebook. I closed my account when I realized anybody who can follow a comment link can view my photos – even if I declared the particular album as “private”.

Mike, you were wrong about Twitter, don’t think it can’t happen again.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »