As any self-respecting internet-social media geek would, I have been waiting with bated breath for Google’s Buzz to land in my inbox. Once it did, I realized that the excitement was not at all warranted. It seemed a bit too late and too unfinished, so I left it at that last night.
However, there seems to be a slew of posts and tweets this morning about the potential danger Google Buzz’s privacy settings pose, especially to human rights and democracy activists in repressive environments. Since our work at WLP brings us into contact with many activists around the world and many do use Gmail as their primary email system, any vulnerability in Google Buzz would have larger repercussions, especially if it inadvertently exposes someone’s Gmail contact list.
With that in mind, I went digging further. Before I launch into the details of what I found (with screenshots no less), here is the executive summary: Google Buzz privacy settings are not all that different from Twitter. More importantly, it does provide sufficient protection for those who want to remain anonymous.
The storm around Google Buzz’s privacy settings seems to have started with a Silicon Alley Insider article by Nicholas Carlson titled ominously “WARNING: Google Buzz Has A Huge Privacy Flaw” posted on Feb. 10, 2010, 4:49 PM. The article claims that:
“The problem is that — by default — the people you follow and the people that follow you are made public to anyone who looks at your profile.
In other words, before you change any settings in Google Buzz, someone could go into your profile and see the people you email and chat with most.”
From what I can see, those two lines have some important caveats.
For one, Google does provide a way for us to completely hide the list of our followers and followees (yeah, I know that is not a real word, but the meaning is pretty apparent right? :)) which has already been pointed out by Mauricio in the comment thread below that article.
The more important feature is this: of my contacts list, only people who have enabled public profiles are viewable by the world. Here are three exhibits to prove my case.
My profile to someone who has not logged into Gmail. Everyone can see whatever I want the world to see in my profile. But no one can see whether I have any followers or followees. This is a wee bit better than Twitter in that you can see my public status feeds and the number of followers and followees from my public Twitter page. You have to login to see who actually makes up that number.
Right bar of my profile to someone who has a Gmail account (in this case WLP) and has logged in. This person can now see that I have 8 followers and I am following 14. They can click on the lists to see who it is comprised of. This is similar to Twitter.
My followers list to someone who has logged into Gmail and is following me. Of the 8 followers, only 4 have opted to create public profiles and are therefore viewable to the trusted network. There are 4 who have opted to remain anonymous. This again is somewhat better than Twitter. With Twitter, even for those who have protected their tweets, it is possible to see their names and other profile information. With Google Buzz, you cannot even see the name of those who don’t have public profiles.
From my initial research, it looks like Google Buzz’s privacy settings are a bit (only a wee bit) better than Twitter. However, there is one thing that I think Google is doing right – it takes the responsibility of protecting my contacts’ privacy away from me and places it in the hands of the contacts themselves. A contact who wants to be anonymous can remain so by not creating a public profile. Google Buzz’s default privacy setting does not let me override my contacts’ wishes. It does not show who this person is to the world.
Of course, it is quite possible that I am missing something huge in this. If that is the case, do point me to it and I will update my thinking and my post. But, as of now, I am unable to understand what the Google Buzz privacy uproar is all about.
Update (Feb 12): Google Buzz announces improvements in privacy settings, including a more prominent display of users who don’t have public profiles, based on feedback.