Get the security buzz about Google Buzz

What are the security concerns about Google's new social networking service, Google Buzz? Chad Perrin sees plenty.

What are the security concerns about Google's new social networking service, Google Buzz?

In case you have not heard the news yet, Google has decided the world needs another social networking site. Perhaps the Internet search giant was emboldened by the success of Gmail. It certainly has not been dissuaded by the poor showing of its Friendster clone, Orkut.

This time, Google is going after Facebook's niche, which Facebook itself wrested from the control of MySpace. There seems to be a lot of excitement surrounding Buzz, but not all of it is good. Pete Cashmore seems to be on both sides. He criticizes the concept in the first sentence of an article about Google Buzz:

Google Buzz, Google's new social networking service announced this week, isn't particularly original.

On the other hand, the article is titled, "Why Gooble Buzz will be a hit." His point is that ultimately the key to the success of "the most generic 'social sharing' service launched to date" is the way Google has tied it to Gmail accounts. That sort of instant user base is about the only way anyone can compete with Facebook in its own niche these days.

Another possible advantage for Google Buzz over Facebook is privacy. While Google's record for privacy has been a bit tarnished by little problems like anti-privacy statements made by Google's CEO last year and evidence of an automated privacy violation portal, Facebook has adopted a distinctly anti-privacy policy lately. Facebook suddenly decided to change all privacy defaults to "public", catching a lot of users off-guard. As a result, Facebook's 350 million users suddenly got their private profile details published on the Internet.

It seems that Google Buzz should have a leg up on Facebook from the very beginning. It has not had time to pull the same kind of surprise privacy negation that Facebook did -- right?

Think again. The very competitive advantage that makes Buzz a viable competitor with Facebook -- its integration with Gmail -- is also being called a huge privacy flaw:

When you first go into Google Buzz, it automatically sets you up with followers and people to follow.

A Google spokesperson tells us these people are chosen based on whom the users emails and chats with most using Gmail.

That's the good news. Now for the bad:

The problem is that -- by default -- the people you follow and the people that follow you are made public to anyone who looks at your profile.

In other words, before you change any settings in Google Buzz, someone could go into your profile and see the people you email and chat with most.

In short, only a couple months after Facebook suddenly proved to be security-unconscious by flipping public sharing defaults from "opt-in" to "opt-out", Google decided it would be a great idea to start its new service with opt-out public sharing. To put it mildly, this is an inauspicious beginning.

For Buzz, as with Google Wave when it first hit the scene, and as with any (and every) other new service when it first appears, you should certainly be careful with how far you trust it. Unfortunately, to some extent, the very reason you might want to use Google Buzz is the way it ties in with private information about users -- which means that to some extent your level of trust for the new service is a decision that is made for you.

If you choose to use Google Buzz, and want to do so as carefully as you can, a good place to start is with Lifehacker's explanation for how to Stop Google Buzz From Showing the World Your Contacts. Basically the only way to be more careful about it to start is to avoid setting up a Buzz account at all.

Hopefully, Google will not decide to activate a Buzz account for everyone in the world who has a Gmail account next. Maybe I'm just being paranoid, but canceling my Gmail account is beginning to seem like a tempting precaution. If I do, I should hurry up before Google decides to follow Facebook's example in another way -- by making it impossible for a normal user to cancel an account.