Risk
2/16/2010
04:09 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

Google Sorry About Buzz Privacy

But the company's apology isn't enough for the Electronic Privacy Information Center, which has just filed a complaint with the Federal Trade Commission.

Google on Saturday apologized for bungling the Buzz launch and announced a second set of changes to its new social networking service to prevent it from compromising user privacy.

In a blog post, product manager Todd Jackson said that the buzz spread by the Buzz service, along with other forms of feedback, told the company that Buzz had problems. "We quickly realized that we didn't get everything quite right," he said. "We're very sorry for the concern we've caused and have been working hard ever since to improve things based on your feedback. We'll continue to do so."

On Thursday, Jackson said Google had decided to make the option to not display follower information on public profiles more visible. He also said that Google had made it possible to block followers who have not created a Google Profile and had made information about followers more clear.

On Saturday, Jackson acknowledged that the changes were insufficient and said that instead of automatically setting up people to follow, Buzz will now merely suggest people to follow.

Suggested people to follow will be listed with checked boxes next to their names. To start following these people, Buzz users will have to click on a menu option that says, "Follow selected people and start using Buzz."

Jackson also said that Buzz will no longer automatically connect to public Picasa Web Albums and shared items in Google Reader. And he said that Google plans to add a Buzz tab to its Gmail Settings menu, to make it easier to disassociate Buzz with Gmail or disable it.

The Electronic Privacy Information Center (EPIC) on Tuesday filed a complaint with the Federal Trade Commission about Google Buzz. "The primary issue is that users who signed up for Gmail have now found themselves users of a social networking service," said Jared Kaprove, EPIC's domestic surveillance counsel, in a phone interview. "E-mail is not completely private, but it's ordinarily thought of as a private process."

The problem, as framed by the Electronic Frontier Foundation, "is that your e-mail and chat contacts are not necessarily people you want to advertise as friends via a public social network."

Kaprove says that despite the changes, Google Buzz remains essentially an opt-out service. "What they call a 'suggest model' still results in a screen with the boxes checked," he explained. To make the service more strictly opt-in, Kaprove suggests that the check boxes to follow people on Buzz should be in an unchecked state by default.

Google has traditionally preferred to set up services so that people have to opt-out rather than opt-in. Google's book scanning effort, Google News, and its search index all operate on the assumption that content owners want to be included.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2015-2849
Published: 2015-07-07
SQL injection vulnerability in main.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices, when https is used, allows remote attackers to execute arbitrary SQL commands via the ppli parameter.

CVE-2015-2850
Published: 2015-07-07
Cross-site scripting (XSS) vulnerability in index-login.ant in the ANTlabs InnGate firmware on IG 3100, InnGate 3.01 E, InnGate 3.10 E, InnGate 3.10 M, SG 4, and SSG 4 devices allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

CVE-2015-3216
Published: 2015-07-07
Race condition in a certain Red Hat patch to the PRNG lock implementation in the ssleay_rand_bytes function in OpenSSL, as distributed in openssl-1.0.1e-25.el7 in Red Hat Enterprise Linux (RHEL) 7 and other products, allows remote attackers to cause a denial of service (application crash) by establi...

CVE-2014-3653
Published: 2015-07-06
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.

CVE-2014-5406
Published: 2015-07-06
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote attackers to modify settings or medication data via packets on the (a) TELNET, (b) HTTP, (c) HTTPS, ...

Dark Reading Radio
Archived Dark Reading Radio
Marc Spitler, co-author of the Verizon DBIR will share some of the lesser-known but most intriguing tidbits from the massive report