Posted by: Arian Eigen Heald
information security, Privacy, privacy on the web, TCM (Truly Clueless Management)
About ten days ago, a splash page appeared when I went to log into my Gmail, indicating I could click the button labeled “Sweet! Check out Buzz” or “Nah, go to my inbox.” I just said “Nah” and went to my inbox, thinking no more about it. Sometime later, I noticed a little icon at the top of my Gmail. I didn’t pay any attention to it. (Bad auditor, bad!)
Turns out “Buzz” is a function that integrates social networking, instant messaging, blogging and any of the other applications within Google. Unfortunately, it does a whole lot more.
When I read that EPIC (Electronic Privacy Information Center) had filed a complaint with the FTC about “Buzz,” I was surprised. Then I read the complaint. I strongly recommend you read it, and you will see why a class action suit has also been filed today on behalf of the 37 million users of Gmail.
It turns out that regardless of whether a user clicked the button labeled “Sweet! Check out Buzz” or “Nah, go to my inbox,” Google Buzz was activated. No big deal? Ohhh yes it was. According to EPIC, and others:
Once Google Buzz is activated, the tool automatically populated my “following” lists using my most frequent email contacts. This happened automatically, after I logged in. Regardless of what I selected at the splash screen. In other words, if I didn’t change any of the default settings in Google Buzz, someone could go into my profile and see the people I email and chat with most.
Google Buzz did not warn me that creating a “Profile” in Buzz would make my frequent email contacts into “followers” and followed by,” and that this list would be made automatically available to those people and public on the web.
As we all know, web pages are archived and stored all the time. I can’t take that information “back.”
And neither can anyone else.
If you’re as horrified as I am, here’s a link to disable the thing. You start by clicking that tiny little colored icon at the top right of the mail page.
That splash page was NOT an opt-out. I had no choice about whether to start using it, or not.
Check it out before you disable it. See how much default information about you and who you contact is available. I’m furious. So are a lot of other people. Google made some changes last week, that do not go far enough:
“Google will stop auto-following the people you regularly email and chat with, but will instead suggest that you follow these people when you first start using Buzz. You’ll be shown a bunch of faces and check boxes to make sure you’re really interested in following these people.” Those “checkboxes” are still automatically turned on.
If you are using this BAD IDEA, you must go in and manually set privacy settings.
Not good news for privacy. Big bad news for Google.