Feeds

Google engineering gaggle flees Facebook

'When I complain about privacy, I use Google Buzz'

Protecting users from Firesheep and other Sidejacking attacks with SSL

Updated A gaggle of Google engineers have expressed their displeasure with Facebook's latest effort to share your data with third-party sites, and many have gone so far as to deactivate their accounts.

This includes the Delphic Oracle of the SEO world, Matt Cutts, who announced his Facebook deactivation with a post to Twitter. Cutts didn't say why he deactivated, but the move came just hours after Facebook introduced an "instant personalization" thingy that automatically feeds your Facebook profile data to certain third-party sites when you - or your Facebook "friends" - pay a visit.

"When you and your friends visit an instantly personalized site, the partner can use your public Facebook information, which includes your name, profile picture, gender, and connections," Facebook says. Those "connections" include previously private information that Facebook recently forced users to make public or completely delete, including current city, hometown, education and work, and likes and interests.

A banner appears across the top of the page when you visit a site that Facebook is sharing data with, but the onus is on the user to opt-out. And we all know that the average user isn't exactly aware of what's going on.

"I just deactivated my Facebook account using the guide at http://goo.gl/rhpE," Cutts wrote. "Not hard to do & you can still revive it later."

As noticed by TechCrunch Europe, Cutts was joined by a Greek chorus of other Google engineers, some of whom have left Facebook for good.

"Effectively shut down my Facebook account. No more updates or activity from me over there. If you need me, I'm happy on Buzz and on Twitter. I feel so clean. :-)," Google software engineer Mike Wiacek posted to Google Buzz. Several other Googlers pointed to the same link as Cutts, where GigaOm shows the world how to deactivate their Facebook accounts.

The irony is that Wiacek and many of his Google colleagues are using Buzz to distribute their veiled - and not-so-veiled - attacks on Facebook's approach to privacy. When it was launched in February and pushed out to an estimated 32.1 million Gmail users, Buzz automatically identified users' most frequent email and chat contacts as people they'd like "to follow," and by default, it exposed these contacts to world+dog. You did have the option of hiding the list from the public view, but the checkbox that let you do so was not exactly displayed in a prominent position.

Google has since changed some of Buzz's privacy settings and users are given more warning, but fundamentally, the service is designed to expose information inside users' Gmail accounts.

Still, all those Google engineers have no problem casting stones at Mark Zuckerberg. "Am I the only one freaked out about Facebook and privacy??" wrote Google software engineer Ping Chen on, yes, Buzz. "I swear I might have to shut down my FB account...the recent announcements are really worrying..."

Google software engineer Trevor Stone compares Facebook's "instant personalization" move to Beacon, the user-data-sharing Facebook ad system that creeped out so many netizens after its launch in the fall of 2007. In settling a class action lawsuit last year, Facebook agreed to retire the ad system.

"It's like Beacon, but in reverse," Stone says. "When you visit a site, Facebook will send information about you and your friends to that site unless everyone opts out. It's like walking into Walmart for the first time and the greeter calling your mom (you're wearing a shirt with your mom's number on it, apparently) and asking what you and your friends like to eat, then handing you a shopping cart with suggested purchases."

A fair description. But let's not forget the way things work with Google's behavioral ad targeting. Mountain View's AdSense-powered "content" network spans hundreds of thousands of third-party sites, and Google is using your behavior across this network to target ads. What's more, the company now allows a third-party advertiser to place some Google code on its website that will track your visits to the site and trigger certain ads when you visit any other site in the network. And yes, with such targeting, the onus is on the user to opt-out.

All this is quite different from Facebook's latest play, but it's equally creepy.

At least with Facebook, you choose to use the service. In the beginning, you opt in. The trouble is that Facebook is constantly changing the service beneath you. Just days before announcing "instant personalization," Facebook introduced those profile "connections," telling users it had turned their "current city, hometown, education and work, and likes and interests" into public information. It did request users' approval. But the only way to avoid the change was to delete all that information, and the delete option was the less prominent link in the bottom left corner of the pop-up window.

It's a change worth complaining about. But with Buzz, Google moved the landscape beneath you in bigger ways. You opted in to Gmail because you wanted to use a web-based email service, and before you knew it, a new plug-in was exposing your contacts to the rest of the planet. Even the federal deputy CTO was caught with his personal info down. ®

Update: This story has been updated to include information about Facebook's new "connections" and to expand and clarify the comparison between Facebook and Google Buzz.

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.