I find this very funny, the public is starting to see the arrogance of Google when they slip up on these public facing projects - most Adsense publishers or Adwords advertisers have seen this over and over again in the past with them... It is Google's true colors (always has been).
See also de-facto monopoly power over navigation on the Internet, which they can (and do) use to ban sites from being accessible for any reason they feel like. I think the overwhelming perception is that "Oh, that only happens to black hat SEOs" and this is true right about until it happens to your site. At that point, welcome to Kafka.
(It says something that every time I criticize Google publicly I get a little scared because I know that flipping a bit in the Googleplex would cause my business to fold like an origami crane. Granted, they probably wouldn't play favorites with a site as small as mine. Probably.)
I trust the cops but I'm a big fan of having an adversarial process in place which reflexively distrusts them, because should the cops decide you're guilty for reasons fair or foul, the deck is otherwise incredibly stacked against you. I feel the same way about Google: they're a wonderful company, they've done more to improve the human experience than probably any other company in the last twenty years, and I assume every word out of their mouth is a lie until presented with evidence to the contrary. Note that if you do this you'll quickly clue onto the fact that aside from the meaningless PR about openness and self-righteousness about "evil" they are a ridiculously non-transparent company.
This is absolutely true. I have been bitten by their arrogance and poor customer service as a Google Checkout client in the past (they revoked our account without warning -- it was a legally-licensed private school fundraising car raffle -- and without explanation or recourse).
I find it more funny that pretty much every post complaining about this over the weekend repeated the same thing over and over again. Which essentially boiled down to what Google should do to solve the problem.
The answer for users is "don't trust Google with your information, and get as much of it out of Google's control as you can, even though you don't know how much there is and can't take some of it back."
But we knew that already. The question is "when will Google stop unethically publicizing all the information we don't forcibly remove from their control?"
This has been the first time that I have really felt that Google betrayed my trust. Trust is something that is neigh impossible to get back once it is lost.
It's interesting because I've rationally understood how scary it is that they have all of this data about me. Now I can finally see that there are places where it may come out, or they get hacked and someone steals it etc.
Just a wake up call really, which is something that Google should be scared about, because they have a scary amount of data bout all of us.
I'm not sure I get it. Is Google supposed to get everything right on their first try? It seems many people would say yes, even many users of HackerNews. This is very counter to my understanding of the philosophies shared around here. I always thought it was best to push an new idea out there as fast as you can and iterate as you go. Granted Google's mistake is a BIG mistake, but condemning them for one act is somewhat irrational, no?
Certainly no one expects anyone to get everything right in their first try. One expects to see a few bugs here and there in the first release and that is fine. In the case of Google Buzz, the basic idea of the product that 'all your frequent email contacts are your friends' is flawed. The manner in which they rolled it out without any regard for the privacy of its users is most disconcerting.
Well Google's play book used to be push stuff out as beta or a labs feature. Let only the very sophisticated users opt-in and try things out before pushing it out to the general public.
This was obviously rolled out in a very different fashion. Plus they attached it to Gmail which is a tried-and-true product. Buzz feels very beta to me.
If Buzz we rolled out under labs or a separate interface I'm sure that there wouldn't be as much backlash as there has been.
Perhaps, but I think for this particular market they had no choice but to launch big. Look at Orkut, their previous (dead) attempt at a social network. Facebook is extremely entrenched now, and there's little to no incentive to users to opt-in to something else. To attack the power of Facebook/Twitter, this was really the only way of doing it (although I agree, perhaps a Labs feature would have been a better way of introducing the concept for a couple of months at first).
It's dead for the market that includes its developers as members. Reflexively dead, as it were. It becomes a lot harder to care about maintaining something once you yourself no longer get anything out of using it.
I agree with you that Google has their work cut out for them trying to get into this market, but that doesn't excuse their mistake.
If you think it does then I am very curious to hear how you felt when Microsoft leveraged their desktop strength to compete with Netscape in the browser wars.
Well if they weren't going to get it right first try, then maybe they should have a done a small early rollout. Surely one the first 1000 users would have noticed the privacy issue and reported it, before it was a big deal.
The Google Buzz episode is an example of the risk of putting any data anywhere, regardless of how non-evil and trustworthy the data collector may be. I'm not saying you should pull all your data and buy a tarp and a shovel. But consider a few things.
Google didn't set out to be evil or clumsy in this case. They created the product with the best of intentions: to improve your connections with your network, and as a result make that network (that they host) more valuable to them. I'm sure "win-win" was probably said in more than one conference room.
But they made a number of mistakes, in implementation and in rollout. Most of the mistakes were minor, but amplified by "the millions that have signed up with Buzz!" A few mistakes were serious and possibly dangerous to a smaller number of people. Personal and child security were mentioned by more than one commenter.
One of the lessons learned from this, and any other misuse of data, is that your data will almost certainly be misused, on purpose or by accident. The more data, especially in one place, the more certain. I think the freelancers who suddenly had their clients exposed to each other were somewhere between surprised and horrified.
My own actions include not using my gmail account anymore, since a couple years. I use some of their products, but I don't sign in unless I need to be signed in to do something.
That doesn't mean that Google doesn't still know a lot about me. Even if I never had a gmail account they would still know a large part of my network, because a large number of my correspondents use gmail. Depending on my correspondents, I might become interesting to the Chinese government in another breakin, or I might get unwanted attention from law enforcement because I correspond with on of their suspects, creating even more potential for mistakes and misuse. The larger my actual or accidental Google network, the more likely something like that might happen.
There's nothing wrong with using Google. There's nothing wrong with using free services. But you should certainly think about how things can go wrong, and proceed from there. If you need your data to be online, it might make sense to keep some of your data with a paid for service (they aren't expensive) whose only interest in your data is the fee for keeping it secure and available; at least there's less temptation to play with it in creative ways and risky ways.
Intentional or not, all that matters is the public perception of what Google has done here. If they make me feel betrayed, then it's as good as betrayal.
That unpology that they posted certainly isn't helping, either.
As usual with Scripting News, the comments are of more value than the story. No, it's not a "fact" that they exposed the private data of millions ... At most, it's a fact that they casually handed a privacy-invading gun to people and invited them to fire it.
Nothing was exposed to the public unless you agreed to create your Buzz profile. Nothing is exposed to followers unless you post something. Nothing is shared from your Reader unless it was already set to public.
So, you know, if you're a doctor or someone else who values the confidentiality of your user list very highly, don't go blithely clicking "Yes" when Google asks you if you want to make a public something-or-other. And if you could be physically put in danger by your correspondents, don't make comments like "ooh, this will be handy for my new house, its address is 123 xyz St" in public comments on your shared items.
Google didn't make a CEO-apology-level mistake here; they acted reasonably, if a bit cavalierly, and a lot of people had a hysterical and irrational freak-out, and a lot of those who are anti-Google picked it up as a stick to beat them with.
I don't know when their image changed so much. Perhaps it was the string of weird and useless launches recently. Wave must have cost them more reputation than I thought.
But, really, I think their apology was fine. They should be sorry for causing concern. I don't see how much further they could go. "we're sorry for not making it completely safe for you to click 'Yes' on any box we present to you without any consequences at all. We agree that you should never, ever have to read anything. Oh, and you can log in to Facebook here, and finally we pledge to protect your security-by-obscurity whenever you mark something 'public'. Love, Google."
No, they didn't. People think that the "want to find out more?" screen was the opt-in point, but it wasn't. The opt-in point was when you made your first Buzz post, when you were told this meant creating a public Google profile.
There are millions of gmail users who haven't done this, and consequently have no public profile, and no information exposed. Users were not forced into anything. Buzz is there and inviting, sure, but I read the screen and was well aware of what would happen.
(Compare Facebook, which did recently force its users into publicising their names, small profile image and contacts list, with nary a whimper. It was a much more complicated opt-out box, too)
It was not at all obvious that "create a public profile" was equivalent to "make public the people who I frequently email". Certainly it's much more complex than telling the difference between ReadWriteWeb and Facebook, in which case there was a great deal of sympathy for the clueless users.
Yes, and I think Google was too cavalier in how they flagged that up -- the current revisions are much better.
But nonetheless, it doesn't mean they forced people's data public, and it doesn't mean the NYT should have reported that as fact, as Winer demands. It's more nuanced than that, and only hit-seeking shouty tech blogs are saying otherwise. It'd be a disservice to their readers and the truth for the NYT to take their piece to the same histronic level as this link.
There are a lot of people here commenting on Google's arrogance and/or incompetence.
One of the big unsaid point i think is the expectation from Google. Companies like FB, MS and Apple are "expected" to do the wrong thing while Google is held to a higher standard, the "Do No Evil" standard. This of course has been brought upon by Google on itself hence the particularly strident criticism from the techie quarters.
It's not just our trust that Google violated. Although legally their privacy policy has enough loopholes, it still says:
When you sign up for a particular service that requires registration, we ask you to provide personal information. If we use this information in a manner different than the purpose for which it was collected, then we will ask for your consent prior to such use.
If we propose to use personal information for any purposes other than those described in this Privacy Policy and/or in the specific service privacy notices, we will offer you an effective way to opt out of the use of personal information for those other purposes. We will not collect or use sensitive information for purposes other than those described in this Privacy Policy and/or in the supplementary service privacy notices, unless we have obtained your prior consent.
They asked for consent. (Multiple times, in my case). You can argue that they weren't clear enough about exactly what they were getting consent for -- and I agree they weren't -- but they asked for it all the same.
The "storm" around this is reflecting really poorly on tech news blogs, many of whom are reporting this as if users had absolutely no say and just landed with a public profile. It's flat wrong, and we should stop promulgating that here.
For those saying it's unintentional, it's pretty close to what happened with Google Reader and shared items.
For those that didn't hear about it, with Google Reader you can click on feed items to be shared, in which case they become visible from a URL that only you know about, and you can pass that URL to people you want to see the shared items (and they can subscribe to).
Then one day they decided that everyone you've every chatted to should be able to see what you've shared, which caused some rocky times for peoples relationships / jobs / families. Personally, I thought that was very, very predictable.
It was opt-out, and the official work around was to stop sharing things or to delete your contacts. I think they added some finer grain stuff later, but everyone effected had left by then.
They were unapologetic throughout - they didn't see it as a big thing at all, even with the various tales of woe rolling in. It seemed almost like they don't have any procedures for checking if something leaks personal data and that there were no repercussions when it did. Hopefully that will change now something with more public attention has gone in a similar direction.
They did have a point when they said that they never guaranteed privacy, but the secret (pseudorandom looking URL) implies that they weren't going to splash it around quite as much as they did.
Toyota's problems were incompetence; it doesn't make them any less of a big deal. Google is primarily a data company; they should understand the risks better than anyone else.
I actually think we have a false disagreement. I agree with what you're saying here. I'm just getting weary of the "look how evil (Google|Apple|Microsoft) is" drama lately. ;) It's fine to complain about this Google snafu, but asking for a personal apology from the CEO, etc. etc. just makes it overly dramatic.
Either the Google folks never thought about the privacy issues they were igniting with Buzz; or else they did think about them and decided they weren't important. I don't know which alternative is worse.
I highly doubt it. There are countless times when companies have rolled things out to everyone and it caused problems.
The irony here is that Facebook has failed this way many time and here google is trying ot compete with facebook with buzz and did exactly the same thing.
Google is full of regular people and they make regular people mistakes and will continue to do so.
That's not ironic. People have very different expectations between Gmail and Facebook.
When I used FB I expect that my news feed is public to my friends. It's used for open social interaction. The same goes for Twitter.
When I use Gmail I expect my emails and contacts to be private. I don't expect strangers to see what I'm doing.
The user's experience and expectations are different. This is why Facebook has more leeway (but they still get * if they do something that opens up your profile to the public).
Yes they did, but that wasn't a wrong move, business-wise. This is seriously wrong, because people actually care about this stuff. People don't really care about China or cookies. This, on the other hand, is so obviously invading people's privacy, that a lot of people seem to understand it.
What a horrible post. Google hasn't done anything for us, they've done things for their business. It happens that for the moment their business model (largely) requires them to do things that we find convenient or good. This is extremely unlikely to remain the case forever.
Have loyalty to your friends/family. Not to some public company that doesn't know or care about you.
