Google Buzz, the recently-announced social networking tool, designed to integrate with Gmail, the company’s free, web-based e-mail, has had a rough time since its unveiling. First, the company turned it on for all Gmail accounts, without asking users. Then, its default setting was that users’ contacts were published on their Google Buzz profiles; a serious violation of privacy that Google had to tweak. In addition, mobile users’ locations are posted whenever they send any messages using Buzz, raising other issues.
But beyond that, a cross-site scripting flaw has been found in Google Buzz’s underlying code. Computerworld reports that attackers can add their own code to “trusted web sites such as google.com” and create phishing attacks using Google domain pages.
Unfortunately, Google doesn’t give a hoot about privacy, with its CEO Eric Schmidt having said, on CNBC, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.” With a company who has this type of cavalier attitude toward privacy, is it really safe to trust them with confidential information such as e-mail?
For example, Chris Matyszczyk writing at CNet, recently highlighted the highly personal nature of ads that display on his Gmail page. Is it worth that type of intrusion just to get free e-mail?
Finally, spammers have already latched on to Google Buzz, so it’s going to end up like all the other “social networks” that are so full of spam that they just become annoying.
You might want to opt out of Buzz; to do this, look at the bottom of your Gmail page for the “Turn off Buzz” link and click it. (Though that might not be enough; you may have to purge all your followers first.) Because if you have a Gmail account and don’t turn it off, it’s on by default, and with the number of privacy and security issues found so far, it may be best just to ignore it.
Follow-up: Macworld UK is reporting that EPIC (the Electronic Privacy Information Center) has filed a complaint with the Federal Trade Commission in the US, has filed a complaint against Google for Buzz privacy issues. The complaint begins as follows:
This complaint concerns an attempt by Google, Inc., the provider of a widely used email service to convert the private, personal information of Gmail subscribers into public information for the company’s social network service Google Buzz. This change in business practices and service terms violated user privacy expectations, diminished user privacy, contradicted Google’s own privacy policy, and may have also violated federal wiretap laws. In some instances, there were clear harms to service subscribers. These business practices are Unfair and Deceptive Trade Practices, subject to review by the Federal Trade Commission (the “Commission”) under section 5 of the Federal Trade Commission Act.
