

Google did something seriously wrong - bdfh42
http://www.scripting.com/stories/2010/02/14/googleDidSomethingSeriousl.html

======
coffee
I find this very funny, the public is starting to see the arrogance of Google
when they slip up on these public facing projects - most Adsense publishers or
Adwords advertisers have seen this over and over again in the past with
them... It is Google's true colors (always has been).

~~~
jasonlotito
I find it more funny that pretty much every post complaining about this over
the weekend repeated the same thing over and over again. Which essentially
boiled down to what _Google_ should do to solve the problem.

~~~
angelbob
Well, sure. They _caused_ the problem.

The answer for users is "don't trust Google with your information, and get as
much of it out of Google's control as you can, even though you don't know how
much there is and can't take some of it back."

But we knew that already. The question is "when will Google stop unethically
publicizing all the information we don't forcibly remove from their control?"

------
forsaken
This has been the first time that I have really felt that Google betrayed my
trust. Trust is something that is neigh impossible to get back once it is
lost.

It's interesting because I've rationally understood how scary it is that they
have all of this data about me. Now I can finally see that there are places
where it may come out, or they get hacked and someone steals it etc.

Just a wake up call really, which is something that Google should be scared
about, because they have a scary amount of data bout all of us.

~~~
heed
I'm not sure I get it. Is Google supposed to get everything right on their
first try? It seems many people would say yes, even many users of HackerNews.
This is very counter to my understanding of the philosophies shared around
here. I always thought it was best to push an new idea out there as fast as
you can and iterate as you go. Granted Google's mistake is a BIG mistake, but
condemning them for one act is somewhat irrational, no?

~~~
freshfunk
Well Google's play book used to be push stuff out as beta or a labs feature.
Let only the very sophisticated users opt-in and try things out before pushing
it out to the general public.

This was obviously rolled out in a very different fashion. Plus they attached
it to Gmail which is a tried-and-true product. Buzz feels very beta to me.

If Buzz we rolled out under labs or a separate interface I'm sure that there
wouldn't be as much backlash as there has been.

~~~
frio
Perhaps, but I think for this particular market they had no choice but to
launch big. Look at Orkut, their previous (dead) attempt at a social network.
Facebook is extremely entrenched now, and there's little to no incentive to
users to opt-in to something else. To attack the power of Facebook/Twitter,
this was really the only way of doing it (although I agree, perhaps a Labs
feature would have been a better way of introducing the concept for a couple
of months at first).

~~~
smokey_the_bear
Orkut is hardly dead, just because a product isn't popular in your market
doesn't mean it's dead.

~~~
derefr
It's dead for the market that includes its developers as members. Reflexively
dead, as it were. It becomes a lot harder to care about maintaining something
once you yourself no longer get anything out of using it.

~~~
smokey_the_bear
Orkut engineering is in India and Brazil.

------
bonaldi
As usual with Scripting News, the comments are of more value than the story.
No, it's not a "fact" that they exposed the private data of millions ... At
most, it's a fact that they casually handed a privacy-invading gun to people
and invited them to fire it.

Nothing was exposed to the public unless you agreed to create your Buzz
profile. Nothing is exposed to followers unless you post something. Nothing is
shared from your Reader unless it was already set to public.

So, you know, if you're a doctor or someone else who values the
confidentiality of your user list very highly, don't go blithely clicking
"Yes" when Google asks you if you want to make a public something-or-other.
And if you could be physically put in danger by your correspondents, don't
make comments like "ooh, this will be handy for my new house, its address is
123 xyz St" in public comments on your shared items.

Google didn't make a CEO-apology-level mistake here; they acted reasonably, if
a bit cavalierly, and a lot of people had a hysterical and irrational freak-
out, and a lot of those who are anti-Google picked it up as a stick to beat
them with.

I don't know when their image changed so much. Perhaps it was the string of
weird and useless launches recently. Wave must have cost them more reputation
than I thought.

But, really, I think their apology was fine. They should be sorry for causing
concern. I don't see how much further they could go. "we're sorry for not
making it completely safe for you to click 'Yes' on any box we present to you
without any consequences at all. We agree that you should never, ever have to
read anything. Oh, and you can log in to Facebook _here_ , and finally we
pledge to protect your security-by-obscurity whenever you mark something
'public'. Love, Google."

~~~
eagleal
> _they casually handed a privacy-invading gun to people and invited them to
> fire it_

They didn't invite them to fire, they _forced_ them to fire. It's quite
different.

~~~
bonaldi
No, they didn't. People think that the "want to find out more?" screen was the
opt-in point, but it wasn't. The opt-in point was when you made your first
Buzz post, when you were told this meant creating a public Google profile.

There are millions of gmail users who haven't done this, and consequently have
_no_ public profile, and no information exposed. Users were not _forced_ into
anything. Buzz is there and inviting, sure, but I read the screen and was well
aware of what would happen.

(Compare Facebook, which _did_ recently force its users into publicising their
names, small profile image and contacts list, with nary a whimper. It was a
much more complicated opt-out box, too)

~~~
orangecat
It was not at all obvious that "create a public profile" was equivalent to
"make public the people who I frequently email". Certainly it's much more
complex than telling the difference between ReadWriteWeb and Facebook, in
which case there was a great deal of sympathy for the clueless users.

~~~
bonaldi
Yes, and I think Google was too cavalier in how they flagged that up -- the
current revisions are much better.

But nonetheless, it doesn't mean they _forced_ people's data public, and it
doesn't mean the NYT should have reported that as fact, as Winer demands. It's
more nuanced than that, and only hit-seeking shouty tech blogs are saying
otherwise. It'd be a disservice to their readers and the truth for the NYT to
take their piece to the same histronic level as this link.

------
buster
Site doesn't load for me.

Ironically Google Cache helps:
[http://209.85.129.132/search?q=cache:http://www.scripting.co...](http://209.85.129.132/search?q=cache:http://www.scripting.com/stories/2010/02/14/googleDidSomethingSeriousl.html)
;)

edit: I should probably mention that google will eventually save that you
viewed that website in its cache. Just to prevent angry blog post fury.

------
ivenkys
There are a lot of people here commenting on Google's arrogance and/or
incompetence.

One of the big unsaid point i think is the expectation from Google. Companies
like FB, MS and Apple are "expected" to do the wrong thing while Google is
held to a higher standard, the "Do No Evil" standard. This of course has been
brought upon by Google on itself hence the particularly strident criticism
from the techie quarters.

~~~
elblanco
It's actually not a bad problem to have.

~~~
ivenkys
Oh i agree - its not a bad problem to have , just a problem which requires you
to be particularly vigilant.

------
plaes
...and they fixed their error - [http://gmailblog.blogspot.com/2010/02/new-
buzz-start-up-expe...](http://gmailblog.blogspot.com/2010/02/new-buzz-start-
up-experience-based-on.html)

But yeah, damage is still done.

------
alain94040
It's not just our trust that Google violated. Although legally their privacy
policy has enough loopholes, it still says:

 _When you sign up for a particular service that requires registration, we ask
you to provide personal information. If we use this information in a manner
different than the purpose for which it was collected, then we will ask for
your consent prior to such use.

If we propose to use personal information for any purposes other than those
described in this Privacy Policy and/or in the specific service privacy
notices, we will offer you an effective way to opt out of the use of personal
information for those other purposes. We will not collect or use sensitive
information for purposes other than those described in this Privacy Policy
and/or in the supplementary service privacy notices, unless we have obtained
your prior consent._

~~~
bonaldi
They asked for consent. (Multiple times, in my case). You can argue that they
weren't clear enough about exactly what they were getting consent _for_ \--
and I agree they weren't -- but they asked for it all the same.

The "storm" around this is reflecting really poorly on tech news blogs, many
of whom are reporting this as if users had absolutely no say and just landed
with a public profile. It's flat wrong, and we should stop promulgating that
here.

------
yata
For those saying it's unintentional, it's pretty close to what happened with
Google Reader and shared items.

For those that didn't hear about it, with Google Reader you can click on feed
items to be shared, in which case they become visible from a URL that only you
know about, and you can pass that URL to people you want to see the shared
items (and they can subscribe to).

Then one day they decided that everyone you've every chatted to should be able
to see what you've shared, which caused some rocky times for peoples
relationships / jobs / families. Personally, I thought that was very, very
predictable.

It was opt-out, and the official work around was to stop sharing things or to
delete your contacts. I think they added some finer grain stuff later, but
everyone effected had left by then.

They were unapologetic throughout - they didn't see it as a big thing at all,
even with the various tales of woe rolling in. It seemed almost like they
don't have any procedures for checking if something leaks personal data and
that there were no repercussions when it did. Hopefully that will change now
something with more public attention has gone in a similar direction.

They did have a point when they said that they never guaranteed privacy, but
the secret (pseudorandom looking URL) implies that they weren't going to
splash it around quite as much as they did.

See here for an overview [http://www.eweek.com/c/a/Messaging-and-
Collaboration/Google-...](http://www.eweek.com/c/a/Messaging-and-
Collaboration/Google-Responds-to-Shared-Reader-Privacy-Furor/) and here for
the horror stories and complaints [http://groups.google.com/group/google-
reader-howdoi/browse_t...](http://groups.google.com/group/google-reader-
howdoi/browse_thread/thread/318c4559e2ac5bbe?pli=1)

------
techiferous
Calm down. Deep breaths. Big companies sometimes make mistakes. No need for
drama.

~~~
aswanson
Yeah like Toyota with braking systems. Exposing personal data to people you
don't want to have it is no big deal.

~~~
techiferous
True, it is a big deal. Google goofed. But it was incompetence, not malice.
Google fixed the problem. Let's move on.

~~~
bruceboughton
Toyota's problems were incompetence; it doesn't make them any less of a big
deal. Google is primarily a data company; they should understand the risks
better than anyone else.

~~~
techiferous
I actually think we have a false disagreement. I agree with what you're saying
here. I'm just getting weary of the "look how evil (Google|Apple|Microsoft)
is" drama lately. ;) It's fine to complain about this Google snafu, but asking
for a personal apology from the CEO, etc. etc. just makes it overly dramatic.

------
RyanMcGreal
Either the Google folks never thought about the privacy issues they were
igniting with Buzz; or else they did think about them and decided they weren't
important. I don't know which alternative is worse.

------
DannoHung
That'll be the last time they ever roll something out to everyone at once.

~~~
fnid2
I highly doubt it. There are countless times when companies have rolled things
out to everyone and it caused problems.

The irony here is that Facebook has failed this way many time and here google
is trying ot compete with facebook with buzz and did exactly the same thing.

Google is full of regular people and they make regular people mistakes and
will continue to do so.

~~~
freshfunk
That's not ironic. People have very different expectations between Gmail and
Facebook.

When I used FB I expect that my news feed is public to my friends. It's used
for open social interaction. The same goes for Twitter.

When I use Gmail I expect my emails and contacts to be private. I don't expect
strangers to see what I'm doing.

The user's experience and expectations are different. This is why Facebook has
more leeway (but they still get __* if they do something that opens up your
profile to the public).

------
zitterbewegung
They haven't been doing something wrong before? Like their policy on china and
everything else?

~~~
stingraycharles
Yes they did, but that wasn't a wrong move, business-wise. This is seriously
wrong, because people actually care about this stuff. People don't really care
about China or cookies. This, on the other hand, is so obviously invading
people's privacy, that a lot of people seem to understand it.

------
sushantanand
This is why Eric Schmidt uses a Yahoo email address.

~~~
Frazzydee
heres a source (<http://www.ericschmidt.com>), but I doubt he still checks
that address.

------
winter_blue
Stop bitching about Google Winer, and get a life.

Google's done a lot of good things for us, and to insult them so much just
because they made one mistake is just plain ungrateful.

~~~
ytinas
What a horrible post. Google hasn't done anything _for us_ , they've done
things for their business. It happens that for the moment their business model
(largely) requires them to do things that we find convenient or good. This is
extremely unlikely to remain the case forever.

Have loyalty to your friends/family. Not to some public company that doesn't
know or care about you.

