Feeds

Fed skewers Google over Tweetbookish Gmail mod

The Buzz on private envelope pushing

Remote control for virtualized desktops

An outgoing commissioner with the US Federal Trade Commission has laid into Google for the privacy-envelope-pushing launch of Google Buzz, that web-based thingy that turned Gmail into a Tweetbookish social networking service.

"I am especially concerned that technology companies are learning harmful lessons from each other's attempts to push the privacy envelope," Pamela Jones Harbour said during an FTC privacy workshop, as reported by PC World.

"Even the most respected and popular online companies, the ones who claim to respect privacy, continue to launch products where the guiding privacy policy seems to be, 'Throw it up against the wall and see if it sticks.'" Her comments seemed to be aimed at Microsoft and Facebook as well as the Mountain View Chocolate Factory.

She characterized Google's Buzz launch as "irresponsible conduct".

Like Facebook or Twitter, Buzz is a way of sharing personal information, media and links with others across the web in what it so often called "real-time". But it's not a standalone, opt-in service. It's integrated with Gmail, tapping users' existing email and chat contacts.

When it was unveiled in February and immediately pushed out to an estimated 32.1 million Gmail users, Buzz automatically identified users' most frequent Gmail contacts as people they'd like "to follow" - ie people they'd like to receive posts from - and by default, it exposed these contacts to world+dog. You did have the option of hiding the list from the public view, but many howled that the checkbox that let you do so was far from prominently displayed.

"Google consistently tells the public to 'just trust us,'" Jones Harbour said. "But based on my observations, I do not believe consumer privacy played any significant role in the release of Buzz."

She called Buzz a "material change" in the user's relationship with Gmail. "When users created Gmail accounts, they signed up for e-mail services," she said. "Their expectations did not include social networking."

Google later agreed to move the checkbox to a more prominent position. And then it rejiggered the way it handles user contacts. Rather than automatically identifying email and chat contacts for following, it now "suggests" people to follow, giving the user a chance to make changes. It should be noted, however, that "suggestions" are checked by default. To change them, you must uncheck them.

Then, with a third set of changes, the company added a Buzz tab to a user's central Gmail "settings" that lets them disable Buzz entirely. But the fact of the matter is that most users will simply approve Buzz - and approve the default settings.

Google apologized for the setting at launch, and its general stance seems to be that it didn't realize that users would be upset, pointing out that it failed to test the service with users outside the company prior to launch.

But we would argue that Google knew exactly what it was doing. The company was, as Jones Harbour said, pushing the outside of the privacy envelope. It didn't test the service with outsiders because it exposed as much user data as possible - knowing that it may have to backtrack if there were complaints.

Like Facebook, Google's primary aim is to expose user data. That's why it integrated the service with Gmail in the first place. In taking such steps it may face short term criticism, but in the long term it comes out ahead.

"I realize that companies continue to take a testing-the-water approach to privacy because no regulatory agency has sent a clear message that this behavior is unacceptable," Jones Harbour said. "I would like to see the commission take the position of intolerance toward companies that push the privacy envelope, then backtrack and modify their offerings after facing consumer and regulator backlash."

Privacy watchdog EPIC has filed a complaint with the FTC over Buzz, saying it violated user expectations, diminished user privacy and contradicted Google's privacy policy. It even questions whether Buzz violated federal wiretap law. ®

Internet Security Threat Report 2014

More from The Register

next story
Download alert: Nearly ALL top 100 Android, iOS paid apps hacked
Attack of the Clones? Yeah, but much, much scarier – report
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Microsoft: Your Linux Docker containers are now OURS to command
New tool lets admins wrangle Linux apps from Windows
Facebook, working on Facebook at Work, works on Facebook. At Work
You don't want your cat or drunk pics at the office
Soz, web devs: Google snatches its Wallet off the table
Killing off web service in 3 months... but app-happy bonkers are fine
First in line to order a Nexus 6? AT&T has a BRICK for you
Black Screen of Death plagues early Google-mobe batch
Microsoft adds video offering to Office 365. Oh NOES, you'll need Adobe Flash
Lovely presentations... but not on your Flash-hating mobe
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The hidden costs of self-signed SSL certificates
Exploring the true TCO for self-signed SSL certificates, including a side-by-side comparison of a self-signed architecture versus working with a third-party SSL vendor.