Feeds

Fed skewers Google over Tweetbookish Gmail mod

The Buzz on private envelope pushing

Website security in corporate America

An outgoing commissioner with the US Federal Trade Commission has laid into Google for the privacy-envelope-pushing launch of Google Buzz, that web-based thingy that turned Gmail into a Tweetbookish social networking service.

"I am especially concerned that technology companies are learning harmful lessons from each other's attempts to push the privacy envelope," Pamela Jones Harbour said during an FTC privacy workshop, as reported by PC World.

"Even the most respected and popular online companies, the ones who claim to respect privacy, continue to launch products where the guiding privacy policy seems to be, 'Throw it up against the wall and see if it sticks.'" Her comments seemed to be aimed at Microsoft and Facebook as well as the Mountain View Chocolate Factory.

She characterized Google's Buzz launch as "irresponsible conduct".

Like Facebook or Twitter, Buzz is a way of sharing personal information, media and links with others across the web in what it so often called "real-time". But it's not a standalone, opt-in service. It's integrated with Gmail, tapping users' existing email and chat contacts.

When it was unveiled in February and immediately pushed out to an estimated 32.1 million Gmail users, Buzz automatically identified users' most frequent Gmail contacts as people they'd like "to follow" - ie people they'd like to receive posts from - and by default, it exposed these contacts to world+dog. You did have the option of hiding the list from the public view, but many howled that the checkbox that let you do so was far from prominently displayed.

"Google consistently tells the public to 'just trust us,'" Jones Harbour said. "But based on my observations, I do not believe consumer privacy played any significant role in the release of Buzz."

She called Buzz a "material change" in the user's relationship with Gmail. "When users created Gmail accounts, they signed up for e-mail services," she said. "Their expectations did not include social networking."

Google later agreed to move the checkbox to a more prominent position. And then it rejiggered the way it handles user contacts. Rather than automatically identifying email and chat contacts for following, it now "suggests" people to follow, giving the user a chance to make changes. It should be noted, however, that "suggestions" are checked by default. To change them, you must uncheck them.

Then, with a third set of changes, the company added a Buzz tab to a user's central Gmail "settings" that lets them disable Buzz entirely. But the fact of the matter is that most users will simply approve Buzz - and approve the default settings.

Google apologized for the setting at launch, and its general stance seems to be that it didn't realize that users would be upset, pointing out that it failed to test the service with users outside the company prior to launch.

But we would argue that Google knew exactly what it was doing. The company was, as Jones Harbour said, pushing the outside of the privacy envelope. It didn't test the service with outsiders because it exposed as much user data as possible - knowing that it may have to backtrack if there were complaints.

Like Facebook, Google's primary aim is to expose user data. That's why it integrated the service with Gmail in the first place. In taking such steps it may face short term criticism, but in the long term it comes out ahead.

"I realize that companies continue to take a testing-the-water approach to privacy because no regulatory agency has sent a clear message that this behavior is unacceptable," Jones Harbour said. "I would like to see the commission take the position of intolerance toward companies that push the privacy envelope, then backtrack and modify their offerings after facing consumer and regulator backlash."

Privacy watchdog EPIC has filed a complaint with the FTC over Buzz, saying it violated user expectations, diminished user privacy and contradicted Google's privacy policy. It even questions whether Buzz violated federal wiretap law. ®

Protecting against web application threats using SSL

More from The Register

next story
New 'Cosmos' browser surfs the net by TXT alone
No data plan? No WiFi? No worries ... except sluggish download speed
'Windows 9' LEAK: Microsoft's playing catchup with Linux
Multiple desktops and live tiles in restored Start button star in new vids
iOS 8 release: WebGL now runs everywhere. Hurrah for 3D graphics!
HTML 5's pretty neat ... when your browser supports it
Mathematica hits the Web
Wolfram embraces the cloud, promies private cloud cut of its number-cruncher
Mozilla shutters Labs, tells nobody it's been dead for five months
Staffer's blog reveals all as projects languish on GitHub
SUSE Linux owner Attachmate gobbled by Micro Focus for $2.3bn
Merger will lead to mainframe and COBOL powerhouse
iOS 8 Healthkit gets a bug SO Apple KILLS it. That's real healthcare!
Not fit for purpose on day of launch, says Cupertino
Not appy with your Chromebook? Well now it can run Android apps
Google offers beta of tricky OS-inside-OS tech
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.