
Automatically followed by abusive ex-husband (and his friends) on Google Buzz - godDLL
http://fugitivus.wordpress.com/2010/02/11/fuck-you-google/
======
rwhitman
There are clearly no longer any humans working at google, just one giant
heartless inhuman machine calling the shots...

Or at least thats how Google looks to the public these days. If thats the
perception they want, they got it.

I think this Buzz privacy fiasco is an historic lesson in the convergence of
humanity and software and the lesson learned is that privacy of personal
relationships should be a fundamental right

~~~
goodside
Recklessness and lack of foresight doesn't make you inhuman. If you forwarded
this post back in time to the Buzz engineers, they would try to fix it before
launch -- not laugh maniacally at the thought of an innocent woman fearing for
her safety.

~~~
tom_rath
Time travel would be spiffy, but how easy is it to contact the Buzz engineers
now?

If you've ever dealt with Google "technical support" (even if you're a
customer who shovels them buckets of cash each week) you'll find that it's
nearly impossible to reach an actual human being who can help you.

Convoluted as it is, getting a blog post ranked top in Hacker News seems the
easiest (only?) way to get a genuine Google issue addressed. I hope they
address this one AND create an actual means of contacting the people who are
supposed to be running the place.

~~~
jamesjyu
Actually, a friend and I were having a big discussion about Buzz, using Buzz.
And, to my surprise, a few Buzz devs jumped into the conversation:
[http://www.google.com/buzz/tmgrone/brHidEYC3jh/I-wish-
Google...](http://www.google.com/buzz/tmgrone/brHidEYC3jh/I-wish-Google-cared-
more-about-design-then-I-might)

~~~
jacabado
And then all your privacy concerns quickly disappeared!

~~~
enomar
It's a public thread. You'd rather the dev's ignore what people say about
their product on an open discussion?

~~~
dasil003
I daresay the point of the comment is its comedic timing (which is brilliant)
rather than its veracity (which is dubious)

------
raganwald
Ask HN:

I don't have a Google Profile, I said no thanks when Gmail asked me if I
wanted to try Buzz, and I clicked "turn off buzz" at the bottom of gmail. Can
anyone tell me if people can follow me in Buzz? Or if I'm following anybody?

I have been clicking around in Google and I have _no idea_ how to control this
and I don't want to turn Buzz on by accident...

 _Rant_ :

The terrible thing is, I didn't give Buzz another thought until all this
negative publicity turned up. Now I'm sitting here very paranoid that Google
is misusing information about me. And I'm wasting a lot of time trying to
figure out what it is or isn't doing. I resent having this fear and I am
annoyed that my lack of confidence that "No Means No" leads to wasting time on
Google.

You can definitely add me to the list of people who believe Google is the new
Microsoft. They have hired some of this generations' best and brightest for
what? To find new ways to spray ad feces on the Internet, to kowtow to
oppressive regimes up to the moment when they realized they were being back
stabbed, and to treat privacy as a quaint and archaic notion.

Worst of all, from the perspective of the HN community, they seem to be acting
like the Microsoft of old: Instead of indexing information, they want to own
it themselves, which is why they roll out services like Buzz directly
competing with Twitter, Foursquare, Friendfeed, Facebook, and so on.

It's a sad day for Google when I start to sympathize with Rupert Murdoch. But
now I understand why he wasn't rushing to embrace how Google would add value
to his news businesses.

~~~
jim_lawless
I do not have a Google profile, but I did re-activate Buzz this evening so
that I could go back in and block any followers I had.

I edited the list of people that Buzz automatically followed on my behalf and
un-followed all of them.

I edited the list of apps whose status changes would be automatically Buzzed (
like Picasa ) and removed them.

Then, I deactivated Buzz again.

I suspect that I'm going to have to repeat this process periodically.

~~~
raganwald
So it's possible for people to follow you on Buzz even if you don't have a
Google profile and you have never activated Buzz?

~~~
bonaldi
Well, yes, but it's also meaningless: if you're not using buzz, there's
_nothing to follow_. It's like they added you to a chat contacts list, when
you never sign in to chat.

Oh wait, that's _exactly_ what it is like, because they did the exact same
thing with the launch of GChat: pre-populated social graph. No outrage then
about people being able to listen to the sound of silence.

------
EricBurnett
I think the point most people are missing is that the data Google shared _was
already public_. Reader has its own privacy and sharing policies, and as far
as I can tell Buzz respects these. Even if this person successfully polices
Buzz, the reader feed is still out there, public and waiting to be found.

Reader privacy settings can be changed at
[https://www.google.com/reader/view/?tab=my#friends-
manager-p...](https://www.google.com/reader/view/?tab=my#friends-manager-page)

~~~
prosa
Sure, but there's a huge difference between "waiting to be found" and "pushed
to the foreground".

It's just like the Facebook Newsfeed debacle. People tend to have an
expectation of "how public" something is on a scale, and when that changes
suddenly it can be a bit jarring. Ultimately, people adjust -- but it's a
mistake to look at public/private as a binary concept. In many people's minds,
it is a sliding scale.

~~~
Tawheed
If anything, Google should've learned from the Facebook debacle before
releasing a News Feed of their own. Essentially, Google made the SAME EXACT
mistakes as Facebook did.

~~~
wvenable
They're not mistakes -- it's strategy. Google simply has the same strategy as
Facebook for the same reasons.

~~~
Tawheed
How is it strategy when they're reverting their mistakes? Unless ofcourse
screwing over a handful of people for 3 days of press buzz is considered
strategy.

~~~
wvenable
How are they reverting their mistakes? A few tweaks to help people opt-out?
That doesn't change much. You can't monetize privacy.

------
waterlesscloud
This is the sort of thing that was absolutely predictable.

~~~
fnid2
If you are certain that this was absolutely predictable, you are implying
either:

a) The Google Buzz people are so stupid that they couldn't have predicted this
absolutely predictable thing (no one else did that I know of until it bit
them) or

b) they knew this would happen and chose to allow it to happen in the bad
times hoping the love they'd get from those who like it would be greater than
the pain experienced by those to whom it happened.

If either (a) or (b) is true, can we trust Google with our private
information? Either they are too dumb to keep it out of the wrong hands or
they don't care about individuals' privacy.

~~~
raquo
So you say that a team of engineers does not understand that most frequent
contacts != those whom I wish to share my stuff with? Are edge cases like the
original post hard to predict? Did they do any testing, even with their
friends/colleagues?

That doesn't sound smart to me. Either their incentives are misaligned (b) or
there are some other problems.

~~~
stanleydrew
buzz was internally available at Google for a few months before launch, so yes
there was testing.

~~~
neurotech1
If it was a 'work' gmail account, it is quite possible that the people in
their frequent contacts, are people they normally share related information
with so the question didn't really come up.

Another possibility is that they assumed people would simply disable and that
would solve the issue. It turned out to be an incorrect assumption.

~~~
stanleydrew
I can attest that your first presumption is true. My girlfriend works at
Google and internally it's not that big a deal to share information to your
most frequent contacts, since you're generally not doing anything
inappropriate or private on the internal corporate network anyway.

------
loup-vaillant
This is the problem when you give your personal data to big companies. They do
what they want with it, and there is absolutely nothing you can do about it.
They have the power, you do not. It was obvious with Facebook, now it becomes
obvious with Google. But really, it should be obvious for _any_ online
service. Starting with web mail.

"Technology Shouldn't Give Big Brother a Head Start" Bruce Schneier
<http://www.schneier.com/essay-281.html>

"I will offer you free web hosting, with some PHP doodads; and you get spying.
For free." Eben Moglen <http://www.isoc-ny.org/?p=1338>

~~~
Pahalial
Honestly, Google is still allowing me to opt out at any time. They (as far as
we know) use "eventual deletion," but it's still deletion. Facebook on the
other hand has so far retained _everything_ that has ever been on it,
according to the interview with an employee that was on HN a few weeks ago. (
<http://news.ycombinator.com/item?id=1045879> )

That said, the way Buzz was introduced was definitely a leap in the wrong
direction by Google.

------
JulianMorrison
One thing that certainly is true about this: there's no simple, obvious single
place to tune all your Google privacy settings. I've found how to do it, but I
had to look under cushions and behind the sofa, so to speak.

~~~
DTrejo
Where is it?

~~~
dkersten
You can turn Buzz off on the bottom of your gmail page and privacy settings
can be found at <https://www.google.com/accounts/> though I still found it
awkward and unintuitive really.

~~~
danudey
Went to your link to see what privacy settings there were. Noticed the address
they had on file was my last company's US address. Removed that, then saw that
somehow the payments for that company's Google Apps account were made through
MY Google account, and their credit card was still on file.

Thanks Google, for storing someone else's credit card for someone else's
services on my account, for no reason I can find, other than the obvious 'I
didn't realize what account I was signed in with', which seems unlikely
because their Google Apps account was created before I ever started working
there.

Man, Google's getting more and more confusing. It's a giant labyrinthine maze
of data that only they have the time and processing power to sort through.

~~~
DTrejo
_It's a giant labyrinthine maze of data that only they have the time and
processing power to sort through_

Not even they have the time and processing power to sort through it.

------
ConceptDog
If you have concerns over privacy, move your data somewhere that doesn't
obviously look into your private data for the purposes of advertising.

Stay anonymous. Use your ISP's email. Use accounts you pay for and can hold
accountable for transgressions like this.

You give your data freely to google without understanding the terms of that
transaction and they will use those rights in some way you arn't happy with.

She should cancel all of her google accounts and move somewhere that gives
more favorable terms of service and is directly accountable to her.

~~~
waterlesscloud
Having thought about it some more, Google is in deep and immediate trouble.
They need to act swiftly (in days) and decisively to get on top of this before
public perception gets out of hand.

Simply put, Google can NOT afford to have public opinion turn against their
opt-out model. Their whole vision depends on opt-out.

But think about what a week or two of stories like this will do. Opt-out will
become synonymous with evil. Then how dows Google Book's stance to authors
look? How do all their other auto-data collection techniques look?

Google depends on opt-out to their very core, down to robots.txt.

They can't afford public opinion to turn against that, and it's going to if
they don't move fast.

~~~
ConceptDog
The majority of people don't and will never care about their privacy,
particularly when connected to the internet.

People who feel harmed by this will be upset and will hopefully understand
that they were far more vulnerable than they believed, then take steps to
insure that it doesn't happen again.

Some people will feign indignation at whats happened to her, claim to be
boycotting google, then abandon the prospect when they see how much of a pain
it is to change to another service.

Most people will never hear about this, and if they do, they won't really
care. GMail works for them, they don't understand or care about their privacy.
They have a service that works and is implied to be free.

~~~
mattmanser
There is a MASSIVE difference between not knowing and not caring.

~~~
calcnerd256
the latter can cause the former

------
volomike
What I didn't like about it was that by default it let everyone in my
addressbook know many of my other clients. In fact, if you're a freelancer for
anything, and you want to know most of the other freelancers that your client
has contacted, just click his Buzz profile. There's a profile checkbox for
this but for some reason Google left that on by default!

And let's say you had a bad client one day who wouldn't pay and you wanted to
not deal with him. Well guess what -- he now has contact access to many of
your other clients through the default settings in Buzz.

Heck, I was even seeing profiles out there where I could get access to
someone's doctor.

I also dislike that when Buzz has a message and says (1) beside it, so does my
Inbox too. I think the two should be distinctive. I ended up having to make a
rule to trash anything going to my inbox beginning with "Buzz:".

~~~
thaumaturgy
Eeee-yikes. I have a number of current clients in good standing, and one "bad"
client from a while back that would just _love_ this.

I've been migrating away from Google lately; the prospect of this just hurried
me right along.

------
kevingadd
How do you not see this coming with a feature like Buzz? Why didn't they do
any sort of staged roll-out or opt-in for a feature with such obvious privacy
implications? I'm stunned. Doesn't Google employ tons of lawyers, ethics
experts, or people with enough common sense to spot this?

Maybe it was some sort of skunk-works project that got out without sufficient
oversight?

~~~
CaptainZapp
I'd wager a guess: Greed?

So much for do no evil...

~~~
lsc
but it's /stupid/ to piss away the goodwill of nerds, and there is a rather
large subset of the nerd population that is freakishly concerned about
privacy. If you want to do business with nerds, you need to respect that.

Google, I think, did a very good job of building trust and enthusiasm with
nerds; it's super important for them, we are the influencers here. Sure, nerds
never click on ads, but who do you think sets up the computer for the confused
normals who do?

The number of nerds I know who hate google to the point of using inferior
search engines is growing over time.

~~~
hexis
Greed can make you stupid, just like any other kind of lust.

------
illumin8
I'm trying to understand how this is a problem. Surely, it doesn't matter who
is following you, as long as you don't post through Buzz. This sounds like
someone complaining about wierdos following you on Twitter. Nobody is forcing
you to tweet. If you don't want to publish your life to the world, then don't.

~~~
jfager
When you sign up to twitter, you know what you're getting into, and you act
accordingly - maybe you use an anonymous handle, maybe you only share certain
things, maybe you keep your account private, etc.

When you signed up for Gmail and Reader accounts, you thought you were getting
email and RSS, and you acted differently than you would for a twitter account.
For Google to suddenly invert those expectations is jarring and unwelcome, and
to expose personal information derived from activities undertaken with
particular expectations in place is a complete betrayal of trust. I still
can't believe how stupid Google was about this.

~~~
mattmcknight
I think the parent comment was referring to sharing items in Google Reader,
which was public or only to friends (which were generated from the people I
had listed Google Talk, initially for me)

The parent comment missed the fact that before you were sharing links, here
you are sharing the list of people you email frequently or chat with, which is
an entirely different proposition and was handled poorly in a misguided
attempt to imitate your twitter "following" list.

Except for that oversight on the list of people you are following, the Google
sharing model for items you share is much more advanced than Twitter or
Facebook, and makes it easy to share things with a particular group of people.

~~~
jfager
The problem is that Buzz automatically adds email contacts as followers, and
then publically displays who all of your other followers/ees are. So, if you
were sharing items in Reader with a small group, once Buzz went live, you were
also sharing them with everyone who was automatically added, and they could
see who else you were sharing them with. Completely unacceptable.

Integration with Android and Picasa make things even worse:
<http://news.cnet.com/8301-31322_3-10451428-256.html>

Plus, you can easily inadvertently expose other people's private email
addresses because of their incredibly stupid ui:
[http://techcrunch.com/2010/02/11/reply-google-buzz-
exposing-...](http://techcrunch.com/2010/02/11/reply-google-buzz-exposing-
email/)

~~~
mattmcknight
I think most people were already doing public sharing in Reader- it was the
default there. (Not of the people, but of the items). I am not sure what
exactly was happening with private sharing in Reader, but it was an option and
was limited to fairly small group. I made my google reader share's public and
posted them on my blog. My comments showed up in that feed.

You also would see the names of people that would comment on the items of
people you were following in Reader, even if you weren't following them. So, I
definitely see your point about names, but there were cases in Reader where
this was already happening.

In any case, I turned on Buzz almost right away. I got to the first step and
decided I needed to turn around and clean up my contacts list, I then turned
it on. That could have easily been designed into the activation process.

------
RiderOfGiraffes
Amongst others, this is one reason why I'm not an early-adopter. Too many
things have odd consequences, and although this one is and pretty much always
was obvious, many are not, and require devious minds and talented/persistent
hackers to find them.

So, in fact, this is an opportunity to say "thank you" to the hackers out
there that tinker with and attempt to break (sorry - "improve") everything as
soon as they can get their hands on it. You make the world a better place.

~~~
ableal
Nice walk-through, for the cautious like you and me:

[http://savedelete.com/discover-how-to-do-use-google-buzz-
and...](http://savedelete.com/discover-how-to-do-use-google-buzz-and-turn-it-
off.html)

(posted yesterday by yogeshmankani:
<http://news.ycombinator.com/item?id=1118141> )

------
godDLL
Official Google statement issued to businessinsider.com:

> We reached out to blogger in question this morning and addressed her
> concerns with Google Buzz and Google Reader. Some of the concerns were due
> to confusion the product experience created. Her report also helped us
> discover one bug and one product issue in Google Reader:

> 1) If you block people in Buzz, they still show up as following you in
> Reader. This is a bug, and we're working to fix it. Provided that your
> Google Reader shared items are protected, only the people you've explicitly
> allowed to see them can do so -- regardless of who appears to be following
> you in Reader.

> 2) Until now, there has not been functionality to block people from
> following you in Google Reader. We're adding this to the Reader interface.

> We are making these two changes as fast as possible and we'll get them live
> in the next few days.

Archived copy of the article in question:
[http://img38.imageshack.us/img38/329/harrietjacobsfuckyougoo...](http://img38.imageshack.us/img38/329/harrietjacobsfuckyougoo.png)

------
aswanson
It was ridiculously arrogant to just force-configure a network on users like
that. Thinking of dumping my Gmail account.

~~~
danudey
Thinking about it won't solve anything, because if you just think about it you
won't do it.

If you don't like the faceless information harvesting machine Google is
becoming, ditch their services. Otherwise, may as well just accept it.

~~~
altano
I've absolutely adored gmail since I got it for forwarding, spam filtering,
and providing me with a permanent email address to give out to people. I'm
definitely ditching it now over this and this alone. Which sucks because I
will miss those great attributes, but they simply aren't worth this nonsense.

Maybe if I could have easily turned it off (or if it was opt-in, of course)...

------
chubbard
The choice between privacy goes something like this on the internet these
days. Be apart of the internet and give up all hope of privacy, or don't
participate and be a Luddite. This choice is not acceptable or practical for
any future.

Google grossly underestimated how important privacy has become to average user
in last year or two. Unfortunately this could have been the killer feature
that Buzz could leverage over Facebook and Twitter because they do such a
horrible job at it. In fact Facebook's take on privacy has become down right
scary. Privacy controls for Buzz could have been it's differentiator. Instead
it's turned into the killer mistake threatening to bury Buzz before it even
got out of the gate.

But, everyone screws up, everyone makes mistakes, it's all about how fast they
fix it. So get some pizza, jolt, and strong coffee it should be a long weekend
Google Buzz Engineers.

~~~
grourk
It's a bit unfair to say that Twitter is bad at privacy. Twitter is public by
its very nature. Google Buzz seems to be the same. Don't want to participate?
Turn it off.

I would also disagree that Facebook's take on privacy is "downright scary,"
given the range of privacy settings you can choose. It's not some half-assed
implementation on their part. Perhaps you take issue with the default
settings?

No one set of privacy options will work for everyone for any of these tools.
And when you choose to use one, you're responsible for what you say and do
with it. So maybe the real issue is that Google decided to enable Buzz
automatically. It was a choice they made, and I don't think it was necessarily
the wrong one.

The only thing the Google Buzz Engineers should be working on this weekend is
removing the huge lag for posts showing up in the feed.

~~~
chubbard
When the head of the company basically says people don't care as much about
privacy as they once did. I call that scary. If he'd say we want you to
participate fully in our service and we think that means your information is
public it would be better.

But, I agree with the article that Facebook is really getting it wrong.
Instead of having a default how about present them with a simple dialog.
Explain the issues, and ask them what settings the user wants? Share with
Everyone, Share with My Friends, etc.

[http://www.readwriteweb.com/archives/facebooks_zuckerberg_sa...](http://www.readwriteweb.com/archives/facebooks_zuckerberg_says_the_age_of_privacy_is_ov.php)

Then the accusations that if you or one of your friends fills out a poll your
information is shared with the poll author. (As noted on Twit Podcast). So yes
I think those are some scary things.

------
Flemlord
"If you have something that you don't want anyone to know, maybe you shouldn't
be doing it in the first place..."

-Google CEO Eric Schmidt, in 2009.

~~~
tsally
As I pointed out two months ago, this quote is taken out of context [1]. I'll
reproduce the full quote here:

 _Judgment matters... If you have something that you don't want anyone to
know, maybe you shouldn't be doing it in the first place... If you really need
that kind of privacy, the reality is that search engines - including Google -
do retain this information for some time and it's important, for example, that
we are all subject in the United States to the Patriot Act and it is possible
that all that information could be made available to the authorities._

Schmidt simply suggested that if you have an extraordinarily high need for
privacy you should not use Google. He's right and I agree with him. This is
the _CEO_ of a company reminding his consumers that Google has to conform to
the PATRIOT Act. He's saying something that could potentially hurt his
business by pointing out how your privacy is hurt because of the laws they
have to comply to.

Remember the attack on Google by China a few weeks back? Where the subject
lines of the email of civil rights activists were compromised? This happened
because of a mechanism Google was forced to put in place to conform to federal
wiretap laws. Schmidt was spot on in what he said.

We've got a strong enough case against Google without resorting to cheap
tricks. What they've done with Buzz is unforgivable. I may well be migrating
away from Google's services in the next week or two, depending on how this
pans out.

[1] <http://news.ycombinator.com/item?id=984646>

~~~
josefresco
Even taken in context that statement is still very scary. He's not saying you
should use judgment on what search engine to use, he's saying you should use
judgment on the action alone. The fact that he watered the statement down
right after and then pulled the old "we're just following the law" doesn't
make it any better.

~~~
tsally
That's not what he's saying; he's saying the product of his company is not
suitable for those with very high privacy requirements. Similarity, many
commercial operating systems are not suitable for those with very high
security requirements. But hell, he's a witch, so let's burn him! But
seriously, this sort of a mob mentality is just as embarrassing as the mob
mentality seen on the far right in the US. Whether you're a global warming
denier or a privacy alarmist, you're still thinking irrationally.

Don't mistake my position; my only contention here is that Schimdt's quote is
taken out of context. It is _poor evidence_ of Google's stance on privacy.
Let's use _strong evidence_ like the mishandling of Buzz to make our case
against Google.

------
monkeygrinder
I have a few questions - how did it find her anonymous blog? I assume it was a
Blogger account? I've turned Buzz off and yet my work colleague next to me
said he is getting notifications that I am 'following' him - on Buzz, Reader.
It's more tricky than Twitter, because I can't 'unfollow' people. Google Buzz
also found the one tweet my friend sent in 2007 and published it on Buzz as
latest news. They could make privacy a little easier for the non-tech folk -
ie most of the population - or there will be these sorts of knee jerk
reactions.

~~~
jsz0
Probably. It linked up an old Blogger account of mine that I haven't used in
years. It could have been embarrassing since it was exposed to all my GMail
contacts who might have enabled Buzz including people I barely know, work
collages, etc. The Blogger account has a bunch of stupid stuff on it that was
only intended to be viewed by friends. I'm quite sure someone could have found
it by cyber stalking me but to have it shoved in their faces is entirely
different. Of course I'm not even sure what other people on Buzz could see.
There's no clear distinction between public & private information.

------
pasbesoin
Amen.

A close family member has spent the past decade going to sometimes extreme
measures to avoid an abusive ex-spouse.

Google has potentially pre-emptively revealed their contact information; and
not through their own choices and/or lack of action (on zero notice, spending
perhaps hours wandering through a plenitude of scattered and poorly documented
Buzz settings and behaviors -- please!). No: Any email contact who uses Gmail
is now a potential point of exposure for them.

ABSOLUTELY UNACCEPTABLE.

Stupidity can aid and abet evil, Google. If you are not purposefully evil, you
are aiding and abetting it.

My trust is gone. It's not coming back.

If you want any measure of damage control, you will determine who was actually
responsible for this. And everyone in a position of responsibility for this
product who did not understand or chose not to heed these concerns. And you
will terminate them. Anything less, and we can do no more than expect similar
bad decisions -- from those same people -- in the future.

~~~
jamesbritt
"And you will terminate them. Anything less, and we can do no more than expect
similar bad decisions -- from those same people -- in the future."

I'm not looking to defend Google's choices about Buzz. But I take exception to
the idea of firing people who make bad decisions without due consideration for
how those decisions came about.

It flies in the face of a mantra at HN: Fail early and often. It goes against
the idea that you learn by making mistakes.

If a company fires people for making a poor decision out of ignorance, then
they have just lost someone with valuable experience about a potentially
troublesome choice. Now that company has to go get someone who (most likely)
has not fucked up in that way. (I bet most places do not hire people who got
fired from another job for fucking up.)

Who is more likely to make that same or a similar mistake in the future? The
person who already fucked up and learned something, or the new person without
that experience?

Some people screw up because they are innately incompetent in some field. Let
them go; they will not get any better.

Others screw up because they are doing something new, or acting with
incomplete or wrong information. In that case, the problem may not be the
person but the situation.

Fix the conditions, don't just find a scapegoat.

~~~
jfager
_It flies in the face of a mantra at HN: Fail early and often. It goes against
the idea that you learn by making mistakes._

When you're a young, tiny startup, you can fail early and often because the
costs of doing so are outweighed by the benefit of the education you get, both
to yourself and to society at large.

This is Google. It's huge, it's been around the block a few times, it's
already had a ton of failures, and millions of people rely on it. It can't and
shouldn't have the same latitude to fail, especially in an area as important
as privacy.

~~~
jamesbritt
"This is Google. It's huge, it's been around the block a few times, it's
already had a ton of failures, and millions of people rely on it. It can't and
shouldn't have the same latitude to fail, especially in an area as important
as privacy."

All the more reason to consider what is the best course to prevent similar
mistakes in the future. Knee-jerk firings may make things worse.

~~~
jfager
"Don't worry boss, the next time I have to make a call about whether or not
I'll require millions of users to opt out of sharing some of their most
private personal information with the entire world, I'll know just what to
do."

Some lessons don't need to be learned from experience, and some screw ups are
bad enough that they should result in real consequences.

------
Sukotto
This really demonstrates the difference between _intelligence_ and _wisdom_.
Whomever wrote this thing in their 20% time was likely really smart but really
unwise. :-(

~~~
hussong
At first, I was thinking this came from Google intensely dogfooding their
products in-house before releasing them into the wild: Within a company, you
solve privacy issues simply by not sharing personal secrets. The frame of
communication is professional and work-related and the mundane chatter won't
get you in trouble.

But then again, I'm not sure if Eric Schmidt would happily share who he's
corresponding with or following with the entire staff...

------
ANH
Voted this up because I don't recall saying 'yes' to Buzz, yet somehow I'm
following people I never wanted to follow, and people are following me who are
completely unfamiliar to me. And apparently I've shared some items I "shared"
only due to an errant mouse-click many moons ago.

------
cabalamat
Can anyone tell me how I can (1) get off buzz, (2) not forward anytthing from
me to anyone using buzz, (3) not have buzz appear in my gmail window? I've
never opted in to buzz, don't want it, and don't want anything to do with it.
There doesn't appear to be any obvious setting where I can get out of it.

~~~
mbrubeck
First, open the "Buzz" label in GMail. Click on your list of followers and
block all of them. Click on "connected sites" and remove any connections.

Now edit your Google profile (if you have one) and remove any information that
you don't want public (including "display my full name"):
<http://www.google.com/profiles/me/editprofile?edit=b>

Finally, go to the footer of the GMail site and click "turn off Buzz."

~~~
stevenbedrick
But do make sure to do these steps in that order- clicking "turn off Buzz", as
far as I can tell, only keeps _you_ from seeing Buzz-related stuff, including
the Buzz privacy and follow/follower settings. It doesn't disconnect you from
those followers, hide your (by default) public or shared information, etc.

~~~
raganwald
At the risk of dredging up an extinct meme...

Worst. Design Choice. Ever.

------
erratic
Google is rolling out new privacy tweaks directly in response to this:

[http://www.businessinsider.com/google-adding-two-privacy-
fea...](http://www.businessinsider.com/google-adding-two-privacy-features-in-
response-to-bloggers-outrage-2010-2)

------
conanite
The author seems like a competent internet user. I wonder though what happens
to the intersection of people with her privacy needs and the people who don't
know how to login to facebook?

------
Goronmon
I wonder how much of all this security stuff around Buzz comes down to users
having incorrect assumptions/knowledge about how applications and software
handle privacy. It seems like a poor choice to make an assumption that any
given application (including one from Google) is going to be able to know what
level of privacy you expect by default.

Not to say that Google is blameless in this situation, as they could have done
a lot more to educate potential Buzz users on privacy. However, it seems a
common thread with the complains about Buzz and privacy start with someone
making an incorrect assumption about how Google applications were handling
their comments, shared feeds, friends, etc.

------
jazzychad
I have never created a google profile either. Is simply clicking "turn off
buzz" at the bottom of gmail sufficient to completely opt-out of all of this
nonsense? ...because that's exactly what I want to do at this point.

~~~
bozmac
You'll have to block people who are following you first

~~~
roqetman
No, if you don't have a public profile, then no-one will be following you.

~~~
bozmac
I didn't have a public profile but Google still automatically added people who
were following me. I had to block them one-by-one.

------
radu_floricica
I'd like a clarification from somebody who uses Reader / Picassa. Is any of
the stuff that's suddenly available to following people actually private, in
the sense of impossible to access? Or simply "obscure", i.e. if you know the
username and look for it you can find it?

~~~
griftah
Obscure.

~~~
Lazlo_Nibble
Wrong -- it adds the list of people you exchange email with to the list of
people you follow, which is publicly visible by default. There was no way for
anyone to see who you exchange email with until this happened.

The fact that you can go back and block your "following" list from public view
is irrelevant -- the list of people you exchange email with should never have
been put on that list without your explicit consent. It's a unilateral change
in the terms of the agreement you have with Google. Letting Google publish a
list of people I follow in Google Reader is consent to publish a list of
people I follow in Google Reader -- it is _NOT_ consent to publish a list of
people I email or who email me.

------
hussong
The ability to set privacy settings individually per contact, not just on the
entire list seems to be a critical missing feature on buzz.

There are some people you don't want to follow at all, and there are some
people you want to follow in private.

As a friend of mine pointed out in a recent blog post, you really don't want
to make all info on all the people you follow public, especially if they're
your kids: <http://anwag.posterous.com/>

------
karlthepagan
I think the biggest breach here is the forwarded emails. I have used email
forwarding to maintain pseudo-anonymity (just barely, anyone with a brain can
figure it out).

It is a valid breach in privacy and trust. Careless on Google's part to
consider that use-case.

------
donaq
Well, Google followed up on it and she wrote another post about that.
<http://fugitivus.wordpress.com/2010/02/12/screw-you-google/>

~~~
godDLL
> This blog is protected, to view it you must log in. <

I have a Wordpress account, but it doesn't seem to bring down the wall for me.
Can you please quote an excerpt?

~~~
donaq
Huh. Sorry, I can't access it now either.

------
Tichy
I completely don't understand Buzz yet. Can somebody explain why Buzz allowed
that husband to read things he couldn't read before? Did it publish private
conversations?

~~~
rksprst
It seems like when she signed up to Buzz it auto-followed her most frequently
used contacts (which included her ex-husband). As a follower he was able to
read her shared google reader feeds (since those items are automatically
shared via Buzz) and since she put personal info in her the comments she made
to shared items, her abusive ex-husband was able to see them.

------
rapind
I wish I could look poke around with the settings and give some advice on how
to avoid this... but I can't even get buzz to show up with a gmail domain
account. Anyone else have integration issues between domain accounts, premium
accounts, and plain gmail accounts?

~~~
drusenko
yes. domain accounts are considered "business" accounts and do not get any of
the new features until they are proven out -- we're usually on a 4-9 month
exciting feature delay.

~~~
rapind
And yet somehow for a while I had a personal account linked with my domain
account, but the passwords were different... The behavior isn't that of the
_least surprise_ I've come to expect from google.

~~~
drusenko
tl;dr: google accounts are really confusing

here's what's most confusing. there's a "google account", that can be any
email address (including a google apps for your domain email). this is not the
same as a gmail account, it's just a "google account". this type of account
can use almost every service (except for gmail, and probably a few others),
and it's a personal account. it's so distinct from your "business"/domain
account, that it can even have different passwords.

then, you have your domain account. it can also access some services (like
google apps), but these are all accessed through a special URL -- like
mail.google.com/a/weebly.com, or calendar.google.com/a/weebly.com, etc. this
is also a unique account which has its own password.

long story short: super confusing

~~~
matrix
The worst part of all? Google's own properties handle these different types of
accounts poorly. Google App Engine in particular will lock you out if you
inadvertently have an administrator with a Google Account and Goodle Domain
Account with the same email address.

------
berglund
The (false) assumption is that a person has inherent privacy both on the
internets and in the carbon based world. A very quick look at your local
property appraisers office or clerk of courts should show you that the
_individual_ must be vigilant in protecting this right.

I don't trust google anymore than I trust any individual I don't know. I am
using their service, and I know that they can give up all me emails, on
purpose or by accident, and I have to be aware of what I send over that
service. Clearly google has done a foolish thing here, but based on the above,
not one that should have been unexpected.

Such is the state of modern life. You can always shut it off.

------
godDLL
Google adds opt-in on sign-up, and easy opt-out later ("Disable Google Buzz
Completely" in Gmail settings): <http://news.ycombinator.com/item?id=1123873>

------
protomyth
Stuff like this leads me to believe there is a pretty good business out there
for a paid-by-the-user service. Google's real customers are advertisers not
you.

~~~
Psyonic
I can't vouch for it, but it already exists: <http://www.lavabit.com/>

~~~
danudey
'Lavabit was built for people like you. People who want a fast, reliable,
private POP3 e-mail account with the most advanced features.'

POP3 account… with advanced features? I mean, I know they don't want to go
IMAP because they don't want to store information on their servers, but it's
still contradictory at first glance.

------
GiraffeNecktie
I think she should get a lawyer and sue Google's ass.

~~~
jm4
On what grounds do you think she could file a lawsuit and have an expectation
of it going anywhere? GMail is a free service for most users. You could choose
not to use or it just turn off Buzz. You don't go around suing people just
because you can't figure out how to set preferences. It's not like they're
acting in bad faith by deliberately making it difficult to disable.

~~~
GiraffeNecktie
Well, first of all, whether it's free or not is pretty much irrelevant. This
is a business for Google - they're taking people's personal information and
using it to make billions of dollars in advertising. I don't think it would be
hard to convince a jury that they have a duty to make a reasonable effort to
protect the information that has been entrusted to their care.

~~~
dkersten
_convince a jury_

But this would be a civil case, right? There is only a Jury if its a criminal
case.

EDIT: I stand corrected.

~~~
matasar
That's not true. Civil cases can have a jury.

~~~
andreyf
Can we have a source please, from either of you?

~~~
fnid2
it's common knowledge that many juries have ruled in favor of plaintiffs and
defendants in lots of civil cases. No one needs to cite anything for this.

~~~
danudey
There's lots of common knowledge out there. The common knowledge which is true
ought to be easily citeable. ;)

~~~
fnid2
Yep, that's right, that's true too.

If you type "Jury trial" into bing, it #2's "in civil cases" and for that you
get:

    
    
       U.S. Constitution extend the rights to trial by jury
       to include the right to jury trial for both criminal 
       and civil matters and a grand jury for serious cases
    

But see, I suppose there are some places where even a conversation like this
could get us in jail, so maybe we shouldn't be having it... I don't know...

------
eplanit
Google makes money by shoving ads in your face, or charging you for their
service to shove ads in others' faces. Their power in this field is their
expertise in exploiting the information that people so freely hand over to
them.

They make no money protecting ones' privacy. If you can work your privacy into
their business model, you'll have gained something. Good luck with that,
though.

------
Groxx
Hopefully Google is following some of these complaints. Personally, I'm adding
feedback on their "disabling Buzz" help page:
[http://mail.google.com/support/bin/answer.py?hl=en&answe...](http://mail.google.com/support/bin/answer.py?hl=en&answer=171460)

They're doing serious damage to their image with this. I hope they wake up
soon.

------
pilif
I wonder... before buzz, her ex-husband could also have followed her, probably
without her ever noticing. Now that buzz generated, well, buzz, she found out
about it and now can actually take mesures to block her ex.

While I see dubious value of automatically setting often mailing addresses to
following (this should not have been the case, IMHO), I have a feeling that
the much more visible follow-relationships right now might actually be an
improvement to the older situation where you never really knew who was
following whom, as right now, you actually have a chance to find out about it.

(also as a preventive measure: I'm not trying to troll. I understand her and
I'm feeling bad for her, but I would really like to discuss whether this can't
actually be some kind of a good thing as she at least knows that he's
following her now)

~~~
mechanical_fish
_You_ don't get to cherry-pick the scenarios. If you're going to play the
cost-benefit game you have to enumerate them all, or at least all of the
common ones.

(Here's just one of the many alternative scenarios: For every technically-
sophisticated stalker who is unmasked by this change, I'll bet there are
several technically-unsophisticated stalkers who didn't used to know how to
stalk someone through Google, but who now do.)

Anyway, you can do all the sociological research you want, but that still
doesn't make it right to manipulate someone else's personal toolset without
their consent. You still have to ask. The person who _does_ get to cherry-pick
scenarios -- to steer the course of his or her life in situationally-
appropriate ways -- is the _customer_. Unless you're a Google customer,
apparently, in which case the company will change the nature of its existing
tools, without fair warning, to suit its own benefit.

~~~
pilif
Thanks. I see.

I do also think though that the previous setup provided security by obscurity
(it was hard to stalk, but it was also hard to notice being stalked), whereas
the new setup is open about that fact.

Relying on your stalker not to be technically-sophisticated seems risky.

I agree on the point of not changing existing tools, though arguably, this was
a change for the better (now you see that you are being stalked and how to
stop it), albeit one which could have done even better (by turning all of the
existing features off, then implementing buzz and then giving people the
chance to opt-in again).

~~~
maqr
I'm also having a hard time understanding the issue here. Is any private data
(besides social relationship data) being 'published' that wasn't available
before via a simple Google search?

~~~
mechanical_fish
As I will have cause to say again: Life is not a mathematics problem. There is
a world of difference between that which is _theoretically possible_ , that
which is _practical_ , that which is _routine_ , and that which is _obvious_.
And the tendency to assume that these things are all the same is a huge
problem in tech product design, especially social software design.

Cryptographers have a principle: security-through-obscurity is no security at
all. And in the world of cryptography, that's a good principle. [1] But, alas,
in the world of people who are being stalked, that principle is useless -- or,
rather, it is isomorphic to _in the long run you are doomed_. Security-
through-obscurity, and its undependable, amorphous cousins like _social
engineering_ , are all that you get, assuming that you physically exist, that
you can't afford to live in an armed compound, and that you can't afford (or
have no legal power) to get your stalker put in a secure prison for life.

Don't force your users to give up all the pragmatic social tools that they
know best, that they've developed for themselves -- their knowledge of the
natures, personalities, and social norms of the people around them -- and make
them live inside a math-class story problem. Such a move can literally _kill_
them. And they won't appreciate it even if it doesn't.

\---

[1] Because cryptographers study a class of problems in which this assumption
makes sense and maps well to the real-world situation.

------
datums
I thought about a few shitty scenarios, but this one didn't come to mind.
Google calculated the risks and choose to have autofollow enabled. They knew
what they were doing. I think they released it and waited and reacted. Venn
diagram it, they have more users using their system because of it.

------
gnubardt
Her post on rape jokes was also very good:
[http://fugitivus.wordpress.com/2009/06/24/a-woman-walks-
into...](http://fugitivus.wordpress.com/2009/06/24/a-woman-walks-into-a-rape-
uh-bar/)

A good reminder (or revelation) of why rape is never funny and should be taken
seriously.

------
jrockway
I don't get the outrage. Is there some flag in GMail that you flip to say
"this person is stalking me, pretend they don't exist"? No.

So at this point, her public comments are being shared with one of the people
that she talks to the most. This is a problem, but it's not something Google
could have avoided.

My advice is to block this person, stop commenting on blogs if it is going to
endanger her life (or use real anonynimization tools), and get a restraining
order against the person she fears. People are easy to get rid of if you put
enough effort into it, but what I've noticed from reading Ask Metafilter (and
other things) is that people enjoy having problems and don't actually want to
solve them. I feel that this person is doing the same thing, "drama drama me
me me".

Let the downmods begin...

~~~
run4yourlives
The default position of any social network when it comes to sharing personal
information should not to, Period.

All "sharing" should be based on opt-in actions and not left to being opt-out.
I've fully aware that many networks including the biggies like Facebook don't
follow this mantra, but personal privacy laws (such as those that exist in
Canada) should exist to enforce this fact.

------
benatkin
If you're an active user of Google Reader's social networking features who
tried out Buzz, please chime in. I wonder if it really happened as
automatically as it sounds, from the post, or if she missed something. (I've
tried out Buzz, but haven't used Google Reader in months.)

~~~
wyclif
I've been an active user of Google Reader since it went live, and I also have
a Google profile. When I enabled Buzz, the only users added to my Buzz network
were those already in my GReader shared network. Then I added a few others to
Buzz. No problems here; no sense of an invasion of privacy whatsoever.

The rub is that I have no idea what results look like for those who don't use
GReader or GProfile.

------
madars
It seems it was pulled of the Internet, here's a copy -
[http://img38.imageshack.us/img38/329/harrietjacobsfuckyougoo...](http://img38.imageshack.us/img38/329/harrietjacobsfuckyougoo.png)

------
derwiki
Not that I'd suggest a "run on the bank" ... but what's the easiest way to
download a copy of all my GMail to load it into another service? (Linux or OS
X, preferably command line util or Python script)

~~~
qjz
Gmail is accessible via IMAP:
[http://mail.google.com/support/bin/answer.py?hl=en&answe...](http://mail.google.com/support/bin/answer.py?hl=en&answer=75725)

Use the client of your choice to copy it to another account or download it to
your computer.

~~~
godDLL
And if you have IMAP enabled, Buzz will show up there too, with replies to
your posts looking like e-mails. There is a feature in Gmail Labs called
"Advanced IMAP Controls", that lets you disable Buzz showing up in IMAP
folders.

------
binarycheese
I just found out I am following 27 people I have no idea who they are or why
Google choose to make me follow them. I didn't even sign up for this Buzz
thing. Google - this is really messed up!

~~~
godDLL
Yes it is, and you're not contributing to the discussion. Take a look at this
guy, this is how it's done: <http://news.ycombinator.com/item?id=1121239>

------
jagjit
What got me is switching buzz off does not disable people following you - you
have to individually block people. They did a similar thing with searching
through emails - there was no option to disable that feature.

It is like Google is saying - "We give you free services, so now we own all
your data. And just so you know, we don't do evil - so pls don't judge."

Must be funny in the rich man's world. They are wasting away shareholders'
profit share in their hubris or competitive fear.

------
ashish01
I was also quite upset over a similar situation but now google seems to have
made it easier to "block" people who follow you. As mentioned in this article

[http://lifehacker.com/5470104/google-updates-explains-
buzz-p...](http://lifehacker.com/5470104/google-updates-explains-buzz-privacy-
setup)

Now there is a block link again anyone following you (once you unfollow them).

------
paul9290
WoW by the look of all these comments made by us techies, Zuckerberg's
comments "Public Is the New “Social Norm,” is so wrong!

[http://mashable.com/2010/01/10/facebook-founder-on-
privacy/#...](http://mashable.com/2010/01/10/facebook-founder-on-
privacy/#comment-29353484)

------
invisible
There needs to be a "make them person stop following me" option so I don't
feel like such a dick when I block people. What's so wrong about that option?
Also, why can't I block/force someone to stop following me if they don't have
a google profile? What?

------
etherealG
uh, nothing that you post on anywhere outside buzz is propagated via buzz
unless you ask buzz to propagate it, unless I missed something. also, buzz
doesn't have access to this information unless you allow it to. it seemed that
way to me when I used it.

~~~
cookiecaper
Buzz automatically adds at least Reader and Picasa streams to your Buzz
account.

~~~
losvedir
But it's not too hard to remove them.

The way the Buzz settings found my contacts and added them was perfect,
because I use my gmail account frequently with my friends -- I'm right in
their ideal use case.

This person didn't -- either she could not have "Okayed" Buzz at all and there
would be no issue, or once she saw that it added all the wrong people she
could disable her sites and then not post to it.

~~~
RiderOfGiraffes

      > But it's not too hard to remove them.
      > ...
      > ...  once she saw that it added all the wrong people
      > she could disable her sites and then not post to it.
    

But the point is that these require that you actively prevent Google from
sharing your data, and that you realise it's doing so. That seems wrong. It
shouldn't do things and then require me to notice that I didn't want them, and
then work out how to disable them, and then trust that nothing went wrong in
the interim period before I noticed.

EDIT: It's not me who down-voted you because I think your comment adds value.
It tells us that people think these options are OK. I think you're wrong, but
I think it's important that your opinion is seen as reasonable by some. Just
not me.

------
Tawheed
Class action lawsuit?

~~~
nfnaaron
You'd have to have people who were provably harmed, in a way that jurors or
judges would recognized as harmed. Google will defend themselves vigorously,
and likely win. And it would take a long time.

More effective to just leave gmail. It threads conversations and gives you a
lot of storage. Other than that it's just email.

There are lots of cheap email options where the only way the provider makes
money is by you paying them a small amount of it, not by sifting and analyzing
the contents of your email and the relationships between your contacts and
correspondents.

------
ThinkWriteMute
Having worked in the family services sector...I'm actually thinking this post
is full bullshit. I very much doubt this even happened.

I could be wrong of course, but the post has way too many red flags to sound
true.

~~~
snprbob86
Please list some of these red flags for those of us without a family services
sector background.

------
sailormoon
I must say that this person strikes me as having "issues" and thus I think
I'll wait for more information before passing judgement. I mean just look at
rest of the blog. I look at that, and I do not think, "wow, that's a calm,
reasonable person who is going to give me a fair and balanced description of
what the problem is".

~~~
bad_user
Only calm and reasonable people should be listened to?

Of course she's having issues. We all do. That's how it is in the real world
;) ... and some of us are extroverts, sharing our feelings with others. But it
doesn't mean that if I have a message for Fred, everybody should read it ...
and normal people don't know how to protect themselves, that's why this whole
trend on "public by default" taken by Google and others is so worrying.

~~~
griftah
If you have a message for Fred, send it to Fred privately. Don't share it with
whole world.

~~~
pmjordan
This is the point. Her messages _were_ private until Google enabled buzz
without asking, automatically followed people and let them follow her, and
shared her Google Reader stuff.

It did the same to my account, I didn't even realize it until I read the
article.

~~~
griftah
Her messages were public. She just thought that nobody will find them except
her friend.

------
zhishaosiwei
I like Greader. I like to comment to my notes, but I must share first then I
can make comments. Why do you let me share first? why? sharing is not the
nature of web!

