google may be its own worst buzz-kill

When I saw the new "Google Buzz" icon in my Gmail, I was curious, so I clicked. Much to my surprise, 13 people are already following me. (This is different than following wmtc. 61 people are now doing that, and 135 people have wmtc on their Google Reader feed.) All but one of my Buzz followers are either readers of this blog or "IRL" friends or both.

It seems harmless enough, but do I really need another social-networking tool? I bought into Facebook with great reluctance, and still don't (won't!) live there. I don't do Twitter. Or any others.

Yet... when you see people following your feed, it's tempting. We know that. They know that.

Here's something you might not know about Google Buzz: unless you change your default privacy settings, a list of your most-emailed Gmail contacts may be made public. Google in bed with the NSA, Google using invasive default privacy settings... it doesn't bode well.
The launch of Google Buzz has set various parts of the technology blogosphere afire -- and for all the right reasons: it does introduce a number of interesting social features that could make our email experience more social (whether it has to be more social is a different question).

However, what tech pundits have mostly overlooked is a peculiar privacy choice made by Google's designers: unless you tinker with Buzz's settings, a partial list of your most-emailed Gmail contacts might be automatically made public (see this post over at Silicon Alley Insider; it appears that contacts those who already had a Google Profile account before Buzz are at risk; also see this excellent and very angry post at CNet for additional background. UPDATE: Google has promised to fix some of these problems).

Yes, that's right: without you ever touching Google Buzz's privacy settings, the entire world may know who you correspond with (yes, including that secret lover of yours and that secret leaker at the White House).

This could be an extremely uncomfortable and tragic privacy disaster for Google, potentially of the same magnitude that Beacon was toFacebook. I certainly don't have many concerns about those who are cheating on their spouses or are leaking sensitive information to journalists-- they will survive (even though the future of whistle-blowing does not look very bright in our increasingly overexposed information environment).

Nevertheless, I am extremely concerned about hundreds of activists in authoritarian countries who would never want to reveal a list of their interlocutors to the outside world. Why so much secrecy? Simply because many of their contacts are other activists and often even various "democracy promoters" from Western governments and foundations. Many of those contacts would now inadvertently be made public.

If I were working for the Iranian or the Chinese government, I would immediately dispatch my Internet geek squads to check on Google Buzz accounts for political activists and see if they have any connections that were previously unknown to the government. They can then spend months on end drawing complex social circles on the shiny blackboards inside secret police headquarters.

But potential risk from disclosing such data extends far beyond just supplying authoritarian governments with better and more actionable intelligence. For example, most governments probably already suspect that some of their ardent opponents are connected to Western organizations but may lack the evidence to act on those suspicions. Now, thanks to Google's desire to make an extra buck off our data, they would finally have the ultimate proof they needed (if you think that this is unrealistic, consider this: the Iranian authorities have once used membership in an academic mailing list run out of Columbia as evidence of spying for the West).

It's business decisions like this that make me very suspicious of Google's highfalutin rhetoric about their commitment to defending the freedom of expression.

. . .

Otherwise, all their promises about their stance on freedom of expression is just empty talk. Their recent partnership with NSA does not make Google look any more trustworthy; Chris Soghoian, an expert on information security, made a hilarious point on Twitter: "How do I sign up for the Iranian government's new emailservice? At least they are not in bed with NSA."

Read more here.

Anyone want to tell me about following Buzz? Is it more useful than redudant? Am I expected to reciprocate?

Comments

Popular posts from this blog

not so fast

dipstick