Thursday, February 11, 2010

On Potential Privacy Problems With Gmail Buzz Exposing Email Contacts

Author: Philipp Lenssen
Publisher: Google Blogoscoped

Nicholas Carlson of Business Insider calls Gmail Buzz’s (apparently default-settings) exposure of some of those you are in contact with – by auto-suggesting people to follow, and displaying that list on your public profile – a “huge privacy flaw”:

In my profession – where anonymous sourcing is a crucial tool – the implications of this flaw are terrifying.

But it’s bad for others too. Two obvious scenarios come to mind:

* Imagine if a wife discovering that her husband emails and chats with an old girlfriend a ton.
* Imagine a boss discovers a subordinate emails with executives at a competitor.

Now, you can turn off showing your contacts publicly in your profile settings. And you can also unfollow people suggested to you before finalizing your Buzz settings (though, using dummy accounts just now, I wasn’t able to properly test whether Google indeed wouldn’t expose your contacts in the time after logging in to Buzz and before finalizing your settings, if you already have a public profile. In one test I also signed up with Buzz without it creating a public profile. Does anyone know more?). And you may decide not to click that “okay” button in Buzz to begin with.

But Google should really consider to make showing people you follow an opt-in setting, or reword their interface to make it absolutely clear (i.e. more than a gray footnote) that you might expose who you’re emailing with. So already, we’re seeing the first privacy issues of mixing Buzz and Email the way Google does. Unless we’re following Eric Schmidt’s angle, that is: if you got something you don’t want anyone to know, maybe you shouldn’t be doing it in the first place. Like a journalist keeping their sources anonymous?

No comments: