Risk
2/16/2010
04:09 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Sorry About Buzz Privacy

But the company's apology isn't enough for the Electronic Privacy Information Center, which has just filed a complaint with the Federal Trade Commission.

Google on Saturday apologized for bungling the Buzz launch and announced a second set of changes to its new social networking service to prevent it from compromising user privacy.

In a blog post, product manager Todd Jackson said that the buzz spread by the Buzz service, along with other forms of feedback, told the company that Buzz had problems. "We quickly realized that we didn't get everything quite right," he said. "We're very sorry for the concern we've caused and have been working hard ever since to improve things based on your feedback. We'll continue to do so."

On Thursday, Jackson said Google had decided to make the option to not display follower information on public profiles more visible. He also said that Google had made it possible to block followers who have not created a Google Profile and had made information about followers more clear.

On Saturday, Jackson acknowledged that the changes were insufficient and said that instead of automatically setting up people to follow, Buzz will now merely suggest people to follow.

Suggested people to follow will be listed with checked boxes next to their names. To start following these people, Buzz users will have to click on a menu option that says, "Follow selected people and start using Buzz."

Jackson also said that Buzz will no longer automatically connect to public Picasa Web Albums and shared items in Google Reader. And he said that Google plans to add a Buzz tab to its Gmail Settings menu, to make it easier to disassociate Buzz with Gmail or disable it.

The Electronic Privacy Information Center (EPIC) on Tuesday filed a complaint with the Federal Trade Commission about Google Buzz. "The primary issue is that users who signed up for Gmail have now found themselves users of a social networking service," said Jared Kaprove, EPIC's domestic surveillance counsel, in a phone interview. "E-mail is not completely private, but it's ordinarily thought of as a private process."

The problem, as framed by the Electronic Frontier Foundation, "is that your e-mail and chat contacts are not necessarily people you want to advertise as friends via a public social network."

Kaprove says that despite the changes, Google Buzz remains essentially an opt-out service. "What they call a 'suggest model' still results in a screen with the boxes checked," he explained. To make the service more strictly opt-in, Kaprove suggests that the check boxes to follow people on Buzz should be in an unchecked state by default.

Google has traditionally preferred to set up services so that people have to opt-out rather than opt-in. Google's book scanning effort, Google News, and its search index all operate on the assumption that content owners want to be included.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-2886
Published: 2014-09-18
GKSu 2.0.2, when sudo-mode is not enabled, uses " (double quote) characters in a gksu-run-helper argument, which allows attackers to execute arbitrary commands in certain situations involving an untrusted substring within this argument, as demonstrated by an untrusted filename encountered during ins...

CVE-2014-4352
Published: 2014-09-18
Address Book in Apple iOS before 8 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information by obtaining this UID.

CVE-2014-4353
Published: 2014-09-18
Race condition in iMessage in Apple iOS before 8 allows attackers to obtain sensitive information by leveraging the presence of an attachment after the deletion of its parent (1) iMessage or (2) MMS.

CVE-2014-4354
Published: 2014-09-18
Apple iOS before 8 enables Bluetooth during all upgrade actions, which makes it easier for remote attackers to bypass intended access restrictions via a Bluetooth session.

CVE-2014-4356
Published: 2014-09-18
Apple iOS before 8 does not follow the intended configuration setting for text-message preview on the lock screen, which allows physically proximate attackers to obtain sensitive information by reading this screen.

Best of the Web
Dark Reading Radio