Social Enterprise

Get the security buzz about Google Buzz

What are the security concerns about Google's new social networking service, Google Buzz? Chad Perrin sees plenty.

What are the security concerns about Google's new social networking service, Google Buzz?


In case you have not heard the news yet, Google has decided the world needs another social networking site. Perhaps the Internet search giant was emboldened by the success of Gmail. It certainly has not been dissuaded by the poor showing of its Friendster clone, Orkut.

This time, Google is going after Facebook's niche, which Facebook itself wrested from the control of MySpace. There seems to be a lot of excitement surrounding Buzz, but not all of it is good. Pete Cashmore seems to be on both sides. He criticizes the concept in the first sentence of an article about Google Buzz:

Google Buzz, Google's new social networking service announced this week, isn't particularly original.

On the other hand, the article is titled, "Why Gooble Buzz will be a hit." His point is that ultimately the key to the success of "the most generic 'social sharing' service launched to date" is the way Google has tied it to Gmail accounts. That sort of instant user base is about the only way anyone can compete with Facebook in its own niche these days.

Another possible advantage for Google Buzz over Facebook is privacy. While Google's record for privacy has been a bit tarnished by little problems like anti-privacy statements made by Google's CEO last year and evidence of an automated privacy violation portal, Facebook has adopted a distinctly anti-privacy policy lately. Facebook suddenly decided to change all privacy defaults to "public", catching a lot of users off-guard. As a result, Facebook's 350 million users suddenly got their private profile details published on the Internet.

It seems that Google Buzz should have a leg up on Facebook from the very beginning. It has not had time to pull the same kind of surprise privacy negation that Facebook did -- right?

Think again. The very competitive advantage that makes Buzz a viable competitor with Facebook -- its integration with Gmail -- is also being called a huge privacy flaw:

When you first go into Google Buzz, it automatically sets you up with followers and people to follow.

A Google spokesperson tells us these people are chosen based on whom the users emails and chats with most using Gmail.

That's the good news. Now for the bad:

The problem is that -- by default -- the people you follow and the people that follow you are made public to anyone who looks at your profile.

In other words, before you change any settings in Google Buzz, someone could go into your profile and see the people you email and chat with most.

In short, only a couple months after Facebook suddenly proved to be security-unconscious by flipping public sharing defaults from "opt-in" to "opt-out", Google decided it would be a great idea to start its new service with opt-out public sharing. To put it mildly, this is an inauspicious beginning.

For Buzz, as with Google Wave when it first hit the scene, and as with any (and every) other new service when it first appears, you should certainly be careful with how far you trust it. Unfortunately, to some extent, the very reason you might want to use Google Buzz is the way it ties in with private information about users -- which means that to some extent your level of trust for the new service is a decision that is made for you.

If you choose to use Google Buzz, and want to do so as carefully as you can, a good place to start is with Lifehacker's explanation for how to Stop Google Buzz From Showing the World Your Contacts. Basically the only way to be more careful about it to start is to avoid setting up a Buzz account at all.

Hopefully, Google will not decide to activate a Buzz account for everyone in the world who has a Gmail account next. Maybe I'm just being paranoid, but canceling my Gmail account is beginning to seem like a tempting precaution. If I do, I should hurry up before Google decides to follow Facebook's example in another way -- by making it impossible for a normal user to cancel an account.

About

Chad Perrin is an IT consultant, developer, and freelance professional writer. He holds both Microsoft and CompTIA certifications and is a graduate of two IT industry trade schools.

8 comments
LyleTaylor
LyleTaylor

I'm been considering stopping using Google mail for a while now - I trust Google less and less. This just takes me one step closer and makes me trust them even less...

phantomelr
phantomelr

Due to this kind of questions that people ask, google now put it easy to choose not to get public your contacts. The people just have to read the dialog that asks for your profile (it's not that much text). For the posts, just select private... I see like a better choice buzz than facebook for myself pd. Sorry for my english...

pparks_2000
pparks_2000

If you don't have a Public profile, you don't have to worry about this (per se). Still, you should be "vewy vewy careful" with your personal info.

apotheon
apotheon

Does the growing disdain for privacy that appears to infest Google make you as nervous about Google Buzz as it does me? Have you been caught unawares by the opt-out nature of the public sharing feature of Google Buzz? How do you think it compares to Facebook for security and privacy?

AlexNagy
AlexNagy

From what you've wrote (and that is all I can go on since I haven't had a Google account in about a month now) I'd say it actually fares worse then Facebook for security and privacy with the only redeeming grace being that you can still permanently delete your Google account. The fact that I cannot completely delete my Facebook account is very disturbing and is pretty much one of the few reasons I'm still there. If I cannot completely get rid of it, I might as well use it. At least for now.

sliver59crows
sliver59crows

Yup, I found that you can't "deactivate" a Facebook account. The deactivate link/box just doesn't work. This is not right because your info is out there and you should have the right to limit who has access to even limited info about yourself. There was several months, after a hacker got into both Facebook and Twitter, that I couldn't use Facebook at all--it was totally useless. So, I decided to deactivate the account, which was the only method offered to get rid of the account, and that didn't work. This is really frustrating to me. It makes me really hesitant to sign up for any other "social" networking account. If my info is out there, I want full control over it, or I'm not going to play the game.

JCitizen
JCitizen

I definitely bookmarked that one!

kenmo
kenmo

Look here: http://www.facebook.com/group.php?v=info&gid=16929680703 Note that this is a user page on FB and not official. Also note well his one caution: once you delete you acct., you must stay out of it for two weeks; if you try to log in during this "cooling off" period, it will cancel the acct. deletion. Most people, of course, want to check right away to see if it worked and inadvertently abort the process :-\ ...and then complain that it doesn't work.

Editor's Picks