Shortly after Google introduced its Buzz social media tool last week the security community lit up about its disastrous lack of privacy controls. Setting up an account opened up your contacts and everyone could see who you’d been in frequent contact with.
More than one commentator was shocked that Google would structure a product with so little concern for security. A piece in InfoWorld, entitled “Why Google Has Become Microsoft’s Evil Twin,” was especially hard hitting. Robert X. Cringely wrote: “The backlash over Google Buzz reveals an even bigger problem: The people behind the people’s search engine are deeply out of touch.”
“When you first go into Google Buzz, it automatically sets you up with followers and people to follow. … The problem is that — by default — the people you follow and the people that follow you are made public to anyone who looks at your profile. In other words, before you change any settings in Google Buzz, someone could go into your profile and see the people you email and chat with most …” he wrote.
Cringely also said that people he knew at Google were completely dumbfounded at the criticism.
By last Saturday Google had made some fixes and Todd Jackson, Product Manager of Gmail and Google Buzz wrote on the Official Gmail Blog:
“We’ve heard your feedback loud and clear, and since we launched Google Buzz four days ago, we’ve been working around the clock to address the concerns you’ve raised. Today, we wanted to let you know about a number of changes we’ll be making over the next few days based on all the feedback we’ve received.”
By Thursday Google had made changes:
— They made the Buzz checkbox for choosing not to display personal information easier to find,
— replaced the auto-follow model (Buzz automatically sets users up to follow people they email and chat with) to an auto-suggest model,
— removed the automatic connection for public Picasa Web Albums and Google Reader shared items and
— added a tab to Gmail Settings to make it possible to hide Buzz from Gmail or disable it.
We commonly hear the “home user” criticized for being oblivious to security and privacy measures (failure to update, clicking on links and attachments in spam, poor password selection, posting personal information in public places and on, and on, and on.) You’d think that all the smart people at Google would have been more conscious of the problem. It’s great that they immediately made the fixes needed, but, it was shocking that it happened in the first place.
Generally, most people have a warm and fuzzy feeling about Google, or did. This episode is just one more wake-up call. We are all responsible for our own online security. We all have to keep up with current threats and can’t trust big institutions like Microsoft and now Google, to be some kind of parent figure.