It's one thing to have a bug in a piece of software, it's completely another when that bug is "by design" and exposes people's personal information without their consent. This should be a lesson to other social network sites and startups that want to enter this space. "The user's personal data is sacred." Even if Google wins the suit, this is really very reputation damaging. People who don't know the details will likely only hear that "Google exposed people's private contacts to the world."
I've more or less accepted Google's apology on face value, but I was thinking about this again last night, and given all the recent hubbub about the Chinese hacker break-in, and how it target specific accounts of political dissidents, this really seems like a particularly inexcusable oversight. In theory this is obviously true, and in practice we already know of a case where a woman was found by her abusive ex-husband.
For clarification, as many misunderstand: though the "yes" and "no" links didn't really work as advertised (turn Buzz on / off), they displayed nothing that wasn't public already.
To use Buzz, you need a public Google profile. This was true on Day 1, and it's true now. Any info that was revealed was already googleable, public information that the user filled out explicitly for a public page.
edit: downvotes? What, don't like the truth? If I've got something wrong, speak up.
The Data that was exposed was in effect, who your top 6 or so most emailed contacts are. That data was never made public before.
How would you feel if somebody took the top few contacts in your address book and shared them all with each other? That is exactly what Google has done.
As a freelancer would you want the email addresses of your top 6 clients all exposed to each other?
Would you want to explain to your current significant other why you are now following your ex-girlfriends Google buzz? Would you want them to have each others contact info?
Would you want your top six most emailed contacts to be publicly available to your current employer?
Whether people opted in to this behavior via some obscure, hard to understand TOS agreement or not is immaterial. The end result is just poor design though and through.
While I agree that such a data display would be a big problem, it's simply not true about Buzz.
The Data that was exposed was in effect, who your top 6 or so most emailed contacts are.
Only if you have the box which says it makes your following-list public to people following you checked and they set up their public profile. If it's not checked, then no, they can't see the data. Try checking someone you're following who has that box un-checked, and all you'll see is their public profile page and whether or not they're following you.
Again. It's opt-in, and only shows things which are public anyway. If you see a request to make things public, like Buzz offered from day 1, then for the love of God, READ what's being made public. Especially if you have sensitive data on the account, or use it professionally. It was idiotic of them to check the box by default, but individuals are still responsible for leaving it checked.
edit:
The original notification: http://img694.imageshack.us/i/buzzflaw.jpg/ Note that it says "people you follow, and people who follow you". Editing your profile via the edit link before approving allowed you to turn off the "people you follow" display, and now there's a checkbox right on that popup (which should've been there to begin with, but still).
edit2: bah, static link fail. Updated link. Original source: http://is.gd/8Fduj
Just because the option is there and is easy for techies to find doesn't mean that it is reasonable to expect actual not particularly computer literate users to figure it out and uncheck the box if they don't want it.
Thank you for the reply. I was under the impression that the list was public by default. From the link you included this appears to have been the case.
The default behavior shouldn't be to make that list public. I think that is where people are taking issue.
1. Clicking yes/no at the splash screen didn't disable/enable buzz (for everyone), it just showed or didn't show the tutorial. I clicked "no" and buzz was enabled.
2. The subset of my contacts that clicked "yes" became exposed to the public. Are you claiming my address book was previously public?
3. Didn't Google make the public profile for me? I sure didn't. You make it sound like that was a steep barrier to entry to buzz?
"The subset of my contacts that clicked "yes" became exposed to the public."
Not on your profile.
"Didn't Google make the public profile for me"
It didn't. If you never set up a google profile or a buzz profile, Buzz displays a placeholder profile to your contacts with the sentence "This person does not have a public profile." where the name usually is. If you had a Google Profile, your contacts are shown a placeholder profile with your name and a link to your Google profile.
Certainly in the latter case and maybe the former, your following/follower lists are displayed to you on your placeholder buzz profile, but these are not displayed to anyone else looking at the profile.
So turns out you're totally wrong. I just went to the settings page to kill Buzz completely now that they've added the ability, and the default option is worded as such:
"Show the list of people I'm following and the list of people following me on my public Google profile Learn more"
So that list of followers (people who simply didn't read the splash page and blindly picked "yes") WERE exposed to the public.
Although I don't remember creating a profile, I wouldn't rule it out, so I'll take your word for it.
This was all much less terrible than I thought. If no private data was exposed, this was mostly just an inconvenience rather than a horrible breach of privacy, which I'm glad to hear.
I completely agree with 1 (which I'd mentioned in my initial comment). I thought it meant enable / don't enable too, at first, and was extremely disappointed when this turned out to not be the case. I wouldn't have minded the auto-enable setup if they hadn't made it so hard to actually disable it, and if they had an "opt-out" link like we thought they had.
They've effectively addressed this by having a simple completely disabling link now, but I still don't like how it requires deleting your public profile. What if I have a public Picasaweb page?
I'll admit, I pulled a tl;dr on the welcome screen; I typically do, welcome screens are rarely worth more than a quick scan. Expecting the "no thanks" link to refer to buzz is pretty much my mistake, though it could've been clearer.
edit: and as others have addressed (carbon8 this time), 2 and 3 are still incorrect, even from the beginning.
Actually, they did. I just re-enabled Buzz to check and they do allow you to view another persons followers. Couple that with auto following everyones gmail contacts and its easy to find a list of my gmail contacts without me having done anything. I don't share my contacts list anywhere else and I don't really think the world has to know what other gmail users I've ever emailed (one person Buzz auto followed for me was someone I'd emailed exactly once).
I count that as showing my personal information against.
"they do allow you to view another persons followers"
If that person took the extra step of setting up their buzz profile.
And although your profile might show your followers/following to you, the profile doesn't show the same information to other users. See my comment here:
It is indeed confusing and the way it's designed gives the impression that it exposed gmail contacts, but ThinkWriteMute is absolutely right and it's disturbing that he's being downvoted.
"Couple that with auto following everyones gmail contacts and its easy to find a list of my gmail contacts without me having done anything."
The "following" terminology seems to be the source of most of the confusion, since it makes it sound like something new is being exposed when it isn't. If you haven't set up your buzz profile, the only information your followers can see is you name, picture and chat status updates and anything else that was public, which is what they could see before when they were still just "contacts."
Actually, they didn't. You need to read up on your facts. For instance here's a post that sums it up rather nicely:
"No, they didn't. People think that the "want to find out more?" screen was the opt-in point, but it wasn't. The opt-in point was when you made your first Buzz post, when you were told this meant creating a public Google profile."
Actually, many people already had a public Google profile, either on purpose or because they tested a Google product in the past (I had a public profile, and I don't ever remember doing anything to create one). For all people who already had a Google profile, the list of people they were "following" (that is, an auto-generated list based on e-mail contacts) was automatically added to their public profile with no warning whatsoever.
But even for the people who didn't have one, there was no indication that if you tried out the feature, a list of people that you e-mailed frequently would be published to the public.
Note that it says "name, photo, people you follow, and people who follow you", while using the word "public" several times. Clicking "edit" let you uncheck the "people you follow / follow you" box that's since been made more prominent and on that popup.
edit: bah, static-link fail. Updated link. Original source: http://is.gd/8Fduj
"For all people who already had a Google profile, the list of people they were "following".. was automatically added to their public profile"
No, it isn't. Although it indeed appears to expose your contacts, it actually doesn't. This was the case on accounts I set up the first day and, out of curiosity, I tested it again a couple days ago. See my comment here for details:
It isn't now, but do we know for sure that it wasn't before they fixed the problems?
To test it earlier, I went to someone elses profile and checked out their list of followers. These people obviously set up their profile - but people here have stated that a profile may exist from other Google services and I don't know if what you say was the case from day one.
As far as I'm concerned, if, when it was released, Buzz was like it is now, there wouldn't be any problems.
It does expose (by full name) any contact who comments on one of your Buzzes. It's far from being obvious when you are using Buzz for the first time that your comments will be seen not just by the Buzz author; it's also far from obvious initially for the Buzz author that his contacts will see each other if they comment. Finally, it's not clear at all who is seeing what. This all feels fuzzy and insecure as compared to good old email.
"It does expose (by full name) any contact who comments on one of your Buzzes."
It's important to note, however, that unless the buzz message was shared with only specific contacts, anyone can comment on it. Sure, it's likely that a commenter is a contact, but it is entirely possible that they aren't a contact and came to the buzz via some other means.
"It's far from being obvious when you are using Buzz for the first time that your comments will be seen not just by the Buzz author"
It's pretty much universal for comments to have the same visibility as the item to which they are attached.
I could see how someone who isn't at all internet savvy might not realize this, but it's hard to say what they expect. For instance, Facebook, filled with the non-internet savvy, is even more liberal with comments, adding to your feed comments made by friends on things posted by non-friends.
"it's not clear at all who is seeing what."
Definitely. It's easy to see why people believe their contacts are being shared when they aren't and it's no surprise that others have accidentally shared their contacts when setting up their buzz profiles.
"It's pretty much universal for comments to have the same visibility as the item to which they are attached."
But Buzz does not even quite work like that. Any commenter can extend the visibility to one of his contacts (a totally different set from the author's contact) by adding a @ reference to them in a comment. So even the author himself does not completely control the access rights.
> Finally, it's not clear at all who is seeing what.
And when people went and figured it out, they have clearly said that they did not consent to that (or at least intend to consent)...which is the problem.
They certainly did to me. They spammed my Gmail contacts with my RSS feed and Orkut profile picture without my consent; these are separate accounts and I intended to keep them separate. So Google forced my hand on that and I may forgive, but I certainly won't forget that. Similar stories abound. That some of that information is public does not mean I want Google to take advantage of my social network to broadcast it against my will; there's a clear difference here that Google does not want to recognize. This is all about dissemination control by the end user rather than Google.
It appears we have a troll? I've noticed a number of epic-downvote-sprees in the past couple days, where any disagreers (even with valid points) were dropped at least -2 extremely quickly.
I remember how this very same negative attention (and threatening lawsuits) occurred when gmail was released and everyone realized that an algo would scan your email to serve ad's against it.
Unfortunately, Google's pompous behavior over Buzz is cold and calculated.
Personally I'm glad they are getting sued. Google has the mentality that they can do whatever they want and that they are above the law. If its illegal then they will get the law changed. I used to be a huge fan of google but as time goes on their true colors seem to be coming out. They don't give a damn about anything but getting data.
How is anything here "above the law"? It's an entirely opt-in service for exposing your info, and it told you, from day 1, what was being made public.
(The original notification: http://img694.imageshack.us/i/buzzflaw.jpg/ ) Note that it says "name, photo, people you follow, and people who follow you". Poor design != breaking the law.
edit: bah, static link fail. Updated link. Original source: http://is.gd/8Fduj
It's one thing to have a bug in a piece of software, it's completely another when that bug is "by design" and exposes people's personal information without their consent. This should be a lesson to other social network sites and startups that want to enter this space. "The user's personal data is sacred." Even if Google wins the suit, this is really very reputation damaging. People who don't know the details will likely only hear that "Google exposed people's private contacts to the world."
I've more or less accepted Google's apology on face value, but I was thinking about this again last night, and given all the recent hubbub about the Chinese hacker break-in, and how it target specific accounts of political dissidents, this really seems like a particularly inexcusable oversight. In theory this is obviously true, and in practice we already know of a case where a woman was found by her abusive ex-husband.