Sunday, 14 February 2010

Google Buzz: the privacy fiasco, & lessons for Google

First, the practical stuff - if you don't know how yet, see how to turn off Google Buzz.

Google Buzz - the lamentable history

Google Buzz just started being rolled out to Gmail users a few days ago, including for mobile, with the location you're posting from (apparently it'll be rolled out soon to businesses and schools too - even riskier, that!). If, like me, you weren't one of the first to get it, count yourself lucky.

It's caused a storm of protest in the blogosphere, leading to some climb downs on Google's part, and changes to how it works, because it invaded Gmail users' privacy in the worst possible ways.

For anyone who's not heard, it represents Google's attempt to get into social networking and online sharing of status updates, photos etc, by making all Gmail account holders (whether they liked it or not) users of Google Buzz, a kind of cross between Twitter and Facebook - with APIs for developers too, of course.

Molly Wood of CNET puts the problems succinctly:

"I do not, however, like a product that bursts through my door like a tornado and opts me in to wanton in-box clutter and spam (or, more precisely, bacn) publicly reveals my personal contact list without asking me, threatens to broadcast my e-mail address anytime someone wants to @ me in a Buzz, and even appears to grab photos off my Android phone that I've never uploaded."

It doesn't give you a choice of whether you wanted to use Buzz or not. Even if you said "No Thanks" to checking out its features, you still get the Buzz link in your Gmail under your Inbox, plus the other Buzz "benefits".

Even worse, it automatically decides who you "Follow", based on some weird stuff to do with who you've chatted with (e.g. someone I'd just talked to 2 or 3 times a year ago got added!) and, supposedly, who you've emailed, or who's emailed you, the most - which, in one woman's case, included her abusive ex-husband, not good. In my case, it didn't even pick up the people I email with most frequently.

Worse still, those you're automatically made to "Follow", and those who "Follow" you, are publicly listed in your Google profile (which you're forced to create if you didn't have one already). I repeat, you aren't given a choice at the start whether to display those "Follow" lists or not, and it wasn't easy to figure out how to turn off the display. You want the whole world to know who you've been emailing or who's been contacting you? I thought not.

People also couldn't block people who didn't have public profiles from following them - anyone can follow you in Buzz.

Personally, I also object to Google assuming that when I share stuff on Google Reader, it's shared with all my Google Buzz followers too. In fact I use Share on Google Reader as an alternative to starring things for myself, as you can only have one colour / type of star on Reader (unlike Gmail).

Amongst other things, Google clearly didn't appreciate that the people you want to share Google Reader items with are not necessarily your email contacts! Indeed they seemed to think it was an advantage:

"And don't worry, you don't have another list of friends or followers to manage. The people you follow in Reader are the same people you follow in Buzz – those you've already chosen to follow in Reader, plus the people you email and chat with the most in Gmail."

So one of the first things I did was to UNlink Google Reader from Buzz, because Google had of course automatically linked it.

And another thing - Buzz spams your Inbox and Sent box in Gmail with Buzzes.


Now, all after the "feedback" (aka complaints!), there have been a few U-turns just over the last couple of days:

  1. Google have made it easier to find the option to make your Follow lists private - though, smacks to Google, public is still ticked by default
  2. soon Google will turn auto-follow into auto-suggest (which is it what it should have been in the first place), so you can decide whether to go with Google's suggestion or not
  3. "Buzz will no longer connect your public Picasa Web Albums and Google Reader shared items automatically"
  4. They're adding a Buzz tab to Gmail Settings.

All stuff that should have been done from the get go.

And there are still privacy problems - just because you've hidden the list of who's following you, e.g. X, doesn't mean X has hidden their list of who they're following, so you could still be on X's public list!

It seems your email address can be discovered from your profile.

There's still not enough granularity and control over separation. As I said people you share one set of things with may not be people you want to share another set of things with!

While Buzz allows "private" messages to be posted to just one group, it appears to be the same groups you have in Google Reader (Coworkers, Family, Friends, "My Contacts"). You can't have separate groups for Buzz purposes.

Protecting your privacy against Buzz

Lots of people have posted about how to tone down Buzz, so I won't do it in detail. Here's some links/info:

  1. scroll to the bottom of your Gmail main page and click "turn off buzz" (note this apparently doesn't turn it off for all purposes)

  2. if you want Buzz, you should seriously consider making your Follow lists private - it's easier to do that now; click the Buzz link under your Inbox link, and then the first time you click your name on the Buzz page or click in the box into which you're supposed to type status update messages, this sort of window now pops up and you should UNtick the "Show the list" box, then Save:

    If you don't have a public profile, try clicking the "View and follow back" or "View and edit" link on the Buzz page; and there may be a tiny box at the bottom of the pop up window, which of course you have to scroll to to find; then and UNtick that.
  3. while you're at it, click "view connected sites", and for ones at the top of the list, click Edit then Remove site to unshare them:

  4. save your Gmail Inbox from Buzz spam
  5. generally, see the privacy checklist which was recommended by the EFF
  6. if you're posting to Buzz via your mobile phone or cellphone, make sure you decline to share your location. This is really scary because you can't limit the broadcasting of your location only to a certain group of people, it's either on or off. Stalker heaven, much?

Lessons for Google

People are becoming more sensitive about privacy - and so should Google, if only to avoid getting into hot water with privacy regulators.

Google has already been criticised by EU data protection regulators for the length of time it holds IP address information relating to Google searches.

Facebook has been investigated by Canadian regulators, not once, but twice.

Email is not social media; it's even more private, and privacy mistakes with email are even worse. Broadstuff, who point out this incident will only make people more suspicious of Google, have an excellent summary of the position and what Google ought to be doing next to save themselves: GOOGLE BUZZ - ANATOMY OF A SLOW MOTION TRAIN WRECK - including splitting it off from Gmail.

As LightBlueTouchPaper noted, Google need to review internally all new products or services for privacy implications, as standard. before forcing them onto unsuspecting and, more importantly, unconsenting users, in order to avoid bad press or indeed privacy law breaches leading to fines and the like.

You'd have thought Google would have learned something from the furore over their Chrome terms of service in late 2008. Maybe it's time for their lawyers to be given a more important role in Google. Quite seriously.


Anonymous said...

Thanks to Consuming Experience for highlighting the issues with Buzz and for providing help on how to manage one's settings. I was furious to find this applcation had just appeared willy nilly without me requesting it and having an opportunity to configure it according to my preferred security settings (and NOT Google's). Damn cheek!

Anonymous said...

Ditto that thx to 'Consuming Experience'. For the most part I really enjoy Google features but this was a very instrusive move and EXACTLY the kind of "social" behavior I have begun to hate Facebook for. If Google values success, it should value customers' own determination of what their wants and needs are. Or as my uncle used to say, "to 'assume' makes and 'ass' out of 'u' and me'"! Maybe the next feature will be Google Ass!

Anonymous said...

I'm normally not this crude, but here it is. I compare the Google developers and managers who came up with this mess to people who don't close the door when they go to the bathroom, and then can't figure out why some people choose to close the door when they go to the bathroom.

Improbulus said...

Your comments are much politer than some I've seen about this!

The BBC reports that apparently Google just didn't think to test Buzz outside Google before rolling it out (no idea why, it seems they normally). EPIC have now filed a complaint against Google in the US about all this.

K-Tron said...

BS on the Picasa-Buzz de-linking.
My latest Picasa upload showed up in Buzz this morning, just like I didn't want it to.