Risk
2/16/2010
04:09 PM
Connect Directly
Google+
LinkedIn
Twitter
RSS
E-Mail
50%
50%

Google Sorry About Buzz Privacy

But the company's apology isn't enough for the Electronic Privacy Information Center, which has just filed a complaint with the Federal Trade Commission.

Google on Saturday apologized for bungling the Buzz launch and announced a second set of changes to its new social networking service to prevent it from compromising user privacy.

In a blog post, product manager Todd Jackson said that the buzz spread by the Buzz service, along with other forms of feedback, told the company that Buzz had problems. "We quickly realized that we didn't get everything quite right," he said. "We're very sorry for the concern we've caused and have been working hard ever since to improve things based on your feedback. We'll continue to do so."

On Thursday, Jackson said Google had decided to make the option to not display follower information on public profiles more visible. He also said that Google had made it possible to block followers who have not created a Google Profile and had made information about followers more clear.

On Saturday, Jackson acknowledged that the changes were insufficient and said that instead of automatically setting up people to follow, Buzz will now merely suggest people to follow.

Suggested people to follow will be listed with checked boxes next to their names. To start following these people, Buzz users will have to click on a menu option that says, "Follow selected people and start using Buzz."

Jackson also said that Buzz will no longer automatically connect to public Picasa Web Albums and shared items in Google Reader. And he said that Google plans to add a Buzz tab to its Gmail Settings menu, to make it easier to disassociate Buzz with Gmail or disable it.

The Electronic Privacy Information Center (EPIC) on Tuesday filed a complaint with the Federal Trade Commission about Google Buzz. "The primary issue is that users who signed up for Gmail have now found themselves users of a social networking service," said Jared Kaprove, EPIC's domestic surveillance counsel, in a phone interview. "E-mail is not completely private, but it's ordinarily thought of as a private process."

The problem, as framed by the Electronic Frontier Foundation, "is that your e-mail and chat contacts are not necessarily people you want to advertise as friends via a public social network."

Kaprove says that despite the changes, Google Buzz remains essentially an opt-out service. "What they call a 'suggest model' still results in a screen with the boxes checked," he explained. To make the service more strictly opt-in, Kaprove suggests that the check boxes to follow people on Buzz should be in an unchecked state by default.

Google has traditionally preferred to set up services so that people have to opt-out rather than opt-in. Google's book scanning effort, Google News, and its search index all operate on the assumption that content owners want to be included.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5208
Published: 2014-12-22
BKBCopyD.exe in the Batch Management Packages in Yokogawa CENTUM CS 3000 through R3.09.50 and CENTUM VP through R4.03.00 and R5.x through R5.04.00, and Exaopc through R3.72.10, does not require authentication, which allows remote attackers to read arbitrary files via a RETR operation, write to arbit...

CVE-2014-7286
Published: 2014-12-22
Buffer overflow in AClient in Symantec Deployment Solution 6.9 and earlier on Windows XP and Server 2003 allows local users to gain privileges via unspecified vectors.

CVE-2014-8015
Published: 2014-12-22
The Sponsor Portal in Cisco Identity Services Engine (ISE) allows remote authenticated users to obtain access to an arbitrary sponsor's guest account via a modified HTTP request, aka Bug ID CSCur64400.

CVE-2014-8017
Published: 2014-12-22
The periodic-backup feature in Cisco Identity Services Engine (ISE) allows remote attackers to discover backup-encryption passwords via a crafted request that triggers inclusion of a password in a reply, aka Bug ID CSCur41673.

CVE-2014-8018
Published: 2014-12-22
Multiple cross-site scripting (XSS) vulnerabilities in Business Voice Services Manager (BVSM) pages in the Application Software in Cisco Unified Communications Domain Manager 8 allow remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug IDs CSCur19651, CSCur18555, CSCur1...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.