Risk
2/16/2010
04:09 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Sorry About Buzz Privacy

But the company's apology isn't enough for the Electronic Privacy Information Center, which has just filed a complaint with the Federal Trade Commission.

Google on Saturday apologized for bungling the Buzz launch and announced a second set of changes to its new social networking service to prevent it from compromising user privacy.

In a blog post, product manager Todd Jackson said that the buzz spread by the Buzz service, along with other forms of feedback, told the company that Buzz had problems. "We quickly realized that we didn't get everything quite right," he said. "We're very sorry for the concern we've caused and have been working hard ever since to improve things based on your feedback. We'll continue to do so."

On Thursday, Jackson said Google had decided to make the option to not display follower information on public profiles more visible. He also said that Google had made it possible to block followers who have not created a Google Profile and had made information about followers more clear.

On Saturday, Jackson acknowledged that the changes were insufficient and said that instead of automatically setting up people to follow, Buzz will now merely suggest people to follow.

Suggested people to follow will be listed with checked boxes next to their names. To start following these people, Buzz users will have to click on a menu option that says, "Follow selected people and start using Buzz."

Jackson also said that Buzz will no longer automatically connect to public Picasa Web Albums and shared items in Google Reader. And he said that Google plans to add a Buzz tab to its Gmail Settings menu, to make it easier to disassociate Buzz with Gmail or disable it.

The Electronic Privacy Information Center (EPIC) on Tuesday filed a complaint with the Federal Trade Commission about Google Buzz. "The primary issue is that users who signed up for Gmail have now found themselves users of a social networking service," said Jared Kaprove, EPIC's domestic surveillance counsel, in a phone interview. "E-mail is not completely private, but it's ordinarily thought of as a private process."

The problem, as framed by the Electronic Frontier Foundation, "is that your e-mail and chat contacts are not necessarily people you want to advertise as friends via a public social network."

Kaprove says that despite the changes, Google Buzz remains essentially an opt-out service. "What they call a 'suggest model' still results in a screen with the boxes checked," he explained. To make the service more strictly opt-in, Kaprove suggests that the check boxes to follow people on Buzz should be in an unchecked state by default.

Google has traditionally preferred to set up services so that people have to opt-out rather than opt-in. Google's book scanning effort, Google News, and its search index all operate on the assumption that content owners want to be included.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0985
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName parameter.

CVE-2014-0986
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the GotoCmd parameter.

CVE-2014-0987
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the NodeName2 parameter.

CVE-2014-0988
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode parameter.

CVE-2014-0989
Published: 2014-09-20
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the AccessCode2 parameter.

Best of the Web
Dark Reading Radio