Risk
2/16/2010
04:09 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Sorry About Buzz Privacy

But the company's apology isn't enough for the Electronic Privacy Information Center, which has just filed a complaint with the Federal Trade Commission.

Google on Saturday apologized for bungling the Buzz launch and announced a second set of changes to its new social networking service to prevent it from compromising user privacy.

In a blog post, product manager Todd Jackson said that the buzz spread by the Buzz service, along with other forms of feedback, told the company that Buzz had problems. "We quickly realized that we didn't get everything quite right," he said. "We're very sorry for the concern we've caused and have been working hard ever since to improve things based on your feedback. We'll continue to do so."

On Thursday, Jackson said Google had decided to make the option to not display follower information on public profiles more visible. He also said that Google had made it possible to block followers who have not created a Google Profile and had made information about followers more clear.

On Saturday, Jackson acknowledged that the changes were insufficient and said that instead of automatically setting up people to follow, Buzz will now merely suggest people to follow.

Suggested people to follow will be listed with checked boxes next to their names. To start following these people, Buzz users will have to click on a menu option that says, "Follow selected people and start using Buzz."

Jackson also said that Buzz will no longer automatically connect to public Picasa Web Albums and shared items in Google Reader. And he said that Google plans to add a Buzz tab to its Gmail Settings menu, to make it easier to disassociate Buzz with Gmail or disable it.

The Electronic Privacy Information Center (EPIC) on Tuesday filed a complaint with the Federal Trade Commission about Google Buzz. "The primary issue is that users who signed up for Gmail have now found themselves users of a social networking service," said Jared Kaprove, EPIC's domestic surveillance counsel, in a phone interview. "E-mail is not completely private, but it's ordinarily thought of as a private process."

The problem, as framed by the Electronic Frontier Foundation, "is that your e-mail and chat contacts are not necessarily people you want to advertise as friends via a public social network."

Kaprove says that despite the changes, Google Buzz remains essentially an opt-out service. "What they call a 'suggest model' still results in a screen with the boxes checked," he explained. To make the service more strictly opt-in, Kaprove suggests that the check boxes to follow people on Buzz should be in an unchecked state by default.

Google has traditionally preferred to set up services so that people have to opt-out rather than opt-in. Google's book scanning effort, Google News, and its search index all operate on the assumption that content owners want to be included.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7441
Published: 2015-05-29
The modern style negotiation in Network Block Device (nbd-server) 2.9.22 through 3.3 allows remote attackers to cause a denial of service (root process termination) by (1) closing the connection during negotiation or (2) specifying a name for a non-existent export.

CVE-2014-9727
Published: 2015-05-29
AVM Fritz!Box allows remote attackers to execute arbitrary commands via shell metacharacters in the var:lang parameter to cgi-bin/webcm.

CVE-2015-0200
Published: 2015-05-29
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x before 7.0.0.8 IF2 allows local users to obtain sensitive database information via unspecified vectors.

CVE-2015-0751
Published: 2015-05-29
Cisco IP Phone 7861, when firmware from Cisco Unified Communications Manager 10.3(1) is used, allows remote attackers to cause a denial of service via crafted packets, aka Bug ID CSCus81800.

CVE-2015-0752
Published: 2015-05-29
Cross-site scripting (XSS) vulnerability in Cisco TelePresence Video Communication Server (VCS) X8.5.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URL, aka Bug ID CSCut27635.

Dark Reading Radio
Archived Dark Reading Radio
After a serious cybersecurity incident, everyone will be looking to you for answers -- but you’ll never have complete information and you’ll never have enough time. So in those heated moments, when a business is on the brink of collapse, how will you and the rest of the board room executives respond?