Feeds

Fed skewers Google over Tweetbookish Gmail mod

The Buzz on private envelope pushing

Maximizing your infrastructure through virtualization

An outgoing commissioner with the US Federal Trade Commission has laid into Google for the privacy-envelope-pushing launch of Google Buzz, that web-based thingy that turned Gmail into a Tweetbookish social networking service.

"I am especially concerned that technology companies are learning harmful lessons from each other's attempts to push the privacy envelope," Pamela Jones Harbour said during an FTC privacy workshop, as reported by PC World.

"Even the most respected and popular online companies, the ones who claim to respect privacy, continue to launch products where the guiding privacy policy seems to be, 'Throw it up against the wall and see if it sticks.'" Her comments seemed to be aimed at Microsoft and Facebook as well as the Mountain View Chocolate Factory.

She characterized Google's Buzz launch as "irresponsible conduct".

Like Facebook or Twitter, Buzz is a way of sharing personal information, media and links with others across the web in what it so often called "real-time". But it's not a standalone, opt-in service. It's integrated with Gmail, tapping users' existing email and chat contacts.

When it was unveiled in February and immediately pushed out to an estimated 32.1 million Gmail users, Buzz automatically identified users' most frequent Gmail contacts as people they'd like "to follow" - ie people they'd like to receive posts from - and by default, it exposed these contacts to world+dog. You did have the option of hiding the list from the public view, but many howled that the checkbox that let you do so was far from prominently displayed.

"Google consistently tells the public to 'just trust us,'" Jones Harbour said. "But based on my observations, I do not believe consumer privacy played any significant role in the release of Buzz."

She called Buzz a "material change" in the user's relationship with Gmail. "When users created Gmail accounts, they signed up for e-mail services," she said. "Their expectations did not include social networking."

Google later agreed to move the checkbox to a more prominent position. And then it rejiggered the way it handles user contacts. Rather than automatically identifying email and chat contacts for following, it now "suggests" people to follow, giving the user a chance to make changes. It should be noted, however, that "suggestions" are checked by default. To change them, you must uncheck them.

Then, with a third set of changes, the company added a Buzz tab to a user's central Gmail "settings" that lets them disable Buzz entirely. But the fact of the matter is that most users will simply approve Buzz - and approve the default settings.

Google apologized for the setting at launch, and its general stance seems to be that it didn't realize that users would be upset, pointing out that it failed to test the service with users outside the company prior to launch.

But we would argue that Google knew exactly what it was doing. The company was, as Jones Harbour said, pushing the outside of the privacy envelope. It didn't test the service with outsiders because it exposed as much user data as possible - knowing that it may have to backtrack if there were complaints.

Like Facebook, Google's primary aim is to expose user data. That's why it integrated the service with Gmail in the first place. In taking such steps it may face short term criticism, but in the long term it comes out ahead.

"I realize that companies continue to take a testing-the-water approach to privacy because no regulatory agency has sent a clear message that this behavior is unacceptable," Jones Harbour said. "I would like to see the commission take the position of intolerance toward companies that push the privacy envelope, then backtrack and modify their offerings after facing consumer and regulator backlash."

Privacy watchdog EPIC has filed a complaint with the FTC over Buzz, saying it violated user expectations, diminished user privacy and contradicted Google's privacy policy. It even questions whether Buzz violated federal wiretap law. ®

Seven Steps to Software Security

More from The Register

next story
Whoah! How many Google Play apps want to read your texts?
Google's app permissions far too lax – security firm survey
Chrome browser has been DRAINING PC batteries for YEARS
Google is only now fixing ancient, energy-sapping bug
Do YOU work at Microsoft? Um. Are you SURE about that?
Nokia and marketing types first to get the bullet, says report
Microsoft takes on Chromebook with low-cost Windows laptops
Redmond's chief salesman: We're taking 'hard' decisions
EU dons gloves, pokes Google's deals with Android mobe makers
El Reg cops a squint at investigatory letters
Big Blue Apple: IBM to sell iPads, iPhones to enterprises
iOS/2 gear loaded with apps for big biz ... uh oh BlackBerry
OpenWRT gets native IPv6 slurping in major refresh
Also faster init and a new packages system
Microsoft's anti-bug breakthrough: Wire devs to BRAIN SCANNERS
Clippy: It looks your hands are shaking, are you sure you want to commit this code?
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Mobile application security vulnerability report
The alarming realities regarding the sheer number of applications vulnerable to attack, and the most common and easily addressable vulnerability errors.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.