Hacker News new | past | comments | ask | show | jobs | submit login
Automatically followed by abusive ex-husband (and his friends) on Google Buzz (fugitivus.wordpress.com)
549 points by godDLL on Feb 12, 2010 | hide | past | favorite | 275 comments

There are clearly no longer any humans working at google, just one giant heartless inhuman machine calling the shots...

Or at least thats how Google looks to the public these days. If thats the perception they want, they got it.

I think this Buzz privacy fiasco is an historic lesson in the convergence of humanity and software and the lesson learned is that privacy of personal relationships should be a fundamental right

Recklessness and lack of foresight doesn't make you inhuman. If you forwarded this post back in time to the Buzz engineers, they would try to fix it before launch -- not laugh maniacally at the thought of an innocent woman fearing for her safety.

Time travel would be spiffy, but how easy is it to contact the Buzz engineers now?

If you've ever dealt with Google "technical support" (even if you're a customer who shovels them buckets of cash each week) you'll find that it's nearly impossible to reach an actual human being who can help you.

Convoluted as it is, getting a blog post ranked top in Hacker News seems the easiest (only?) way to get a genuine Google issue addressed. I hope they address this one AND create an actual means of contacting the people who are supposed to be running the place.

Actually, a friend and I were having a big discussion about Buzz, using Buzz. And, to my surprise, a few Buzz devs jumped into the conversation: http://www.google.com/buzz/tmgrone/brHidEYC3jh/I-wish-Google...

And then all your privacy concerns quickly disappeared!

It's a public thread. You'd rather the dev's ignore what people say about their product on an open discussion?

I daresay the point of the comment is its comedic timing (which is brilliant) rather than its veracity (which is dubious)

That's nice that they care more about UI than privacy.

Exactly , I'm just furious about the buzz thing, so I wanted to send a feedback email to them, but... seems like there is no one there.

Seems like a bunch of geeks with autism that fail to understand that what they do in people's mail affect them enormously, is not a game, and you should ask them. People understanding 101.

Seems like this mathematical and logical geniuses are relationships retarded.

Or you could just drive around their campus on your cell phone, that seems like a good way to get an employee's attention.


No, they wouldn't. I'm saying this as somebody who built a product around identifying your 'inner circle' from your email patterns[1]. The part I spent the most time on was figuring out how to protect people's privacy, and these scenarios were painfully obvious even to me.

Plenty of people at Google have to have thought this through, but decided the benefits to adoption of the current process outweigh the privacy problems that will happen to some people. That's pretty evil in my book...

[1] http://web.mailana.com/demoday/

What are the benefits? Why couldn't they just have a lightbox appear that says, "Yay! We've invented google buzz, here's a list of people we gathered from your frequent contacts in gmail. Click the check boxes by the people you want to include in your inner circle, or click here to disable Google Buzz."

The lightbox: the new modal dialog.

"User! Answer this question! Now!"

Our user generally doesn't really care about your new feature if they're logging in to check mail; they want to--wait for it--check their mail. Just like users everywhere, they're just going to click on a random button and not even be able to tell you five seconds later whether it said "Go Away" or "Reveal My Location To My Abusive Ex-Husband And All His Friends".


"they want to--wait for it--check their mail"

Neither Gmail nor Yahoo are strictly email anymore. If you believe they are are, you're living in a fantasy world. Both have chat, and yahoo even has stuff like calendar and notes. "Webmail" isn't strictly email and it hasn't been for years.

"Reveal My Location To My Abusive Ex-Husband And All His Friends"

What all of the rabid people like you fail to realize is that no information was actually revealed to anyone in this instance. It was a combination of her misunderstand and a bug in google reader that displayed follower/following lists wrong.

Of course, none of you actually care about the facts, you just want to complain.

well, of course, if they'd have done that, they wouldn't have been able to easily leverage their gmail base into some pseudo facebook competitor. They cannot meet their business needs AND your privacy needs at the same time. So.....

Don't be evil, indeed.

That's the route I went (opt-in) but a large chunk of people just don't understand what on earth that means and end up inviting nobody. Defaults really matter, especially for new concepts like this.

The engineers are human. I'm sure they're as horrified as you suggest.

Companies are not human, certainly not by default. The vector sum of the effort of many humans is inhuman by default. [1] (Phrases like "mob mentality", "team spirit", and "groupthink" didn't get invented for nothing.) It takes hard work to give a company a human face -- hard work by management, by PR, by customer support, by HR. Some companies are much better at such work than others.


[1] This is, of course, a perennial topic here on HN: It's easier to run a human company when the company has fewer people. That's one of a startup's advantages.

Of course, a company that is too small runs the risk of being too human: Humans, for example, are prone to emotional roller-coastering, can become fixated on the trees instead of seeing the forest, and need at least some sleep every day. A team's inherent "inhumanity" can help smooth out misfeatures like this.

It appears they may have foreseen the outcome and acted deliberately, if this thread at http://www.google.com/buzz/tmgrone/brHidEYC3jh/I-wish-Google... is any indication. In particular, see Brett Lider's response that includes this excerpt:

'Similar to Facebook being willing to "piss its users off" when it feels the need to make a big change in its service for the long-term good, I see Buzz in Gmail as a relative big change that requires more than one day to adjust to. We've all been on the side of changes in services that we didn't like and either got used to or actually loved in the long run. We think Buzz is one of them. A lot of us here have also been designers on a service that we knew needed to change but was afraid to because of internal momentum or fear of short-term user reactions.'

edit: I think the quote stands on its own. They may be horrified, but the action was rooted in a kind of arrogance we often ascribe to inhuman activity, where the impact on other humans wasn't considered thoughtfully or was deliberately ignored.


Thinking about this, it seems like Google and Yahoo have been really envying what is effectively Facebook's captive audience. With Facebook, you sign up for "social networking" is essentially an undefined product whose provider has undefined obligations to you.

Email involves some explicitly or implicitly understood bounds and so doesn't let the provider sell it users to the same degree - well, unless the email provide just flagrantly violates their implicit obligations - and so the temptation is greater and greater.

On the one hand, I can envision actual engineers saying, "D'oh, we should have thought of that!" And at the same time, I have a hard time imagining that if even I was aware of a lot of furor about Facebook turning on new features that remove previously assumed privacy, the people at Google whose professional interests revolve around these features weren't also aware of that furor.

The only real conclusion I can draw is that they just didn't care. Sort of "We're Google, we have vast amounts of data, and we'll do whatever the hell we please with it, and if you have a problem, talk to the hand." I've been given the Google hand to talk to before (most people using AdSense have) and this is really getting to be a problem.

And yeah, I'm a freelancer, and yeah, I sometimes use Gmail, and yeah, it's not really a Good Thing for business if my customers can see each other. I'm not in danger of being raped by any of them, mind you, but this just doesn't seem to fall under the aegis of "don't be evil".

If all aspects of participation were opt in -- as they should be -- the problem could have been avoided. (It would help if the implications of participation were laid out up front, clearly, as well.)

And "opt in" is hardly a new concept.

This was totally preventable, through a well-worn paradigm of customer engagement.

Google has no excuse for this. They were greedy, and they screwed their customers, big time.

Totally preventable and entirely foreshadowed by Facebook's failures to think about the same damn issues.

>Recklessness and lack of foresight doesn't make you inhuman.

If anything, I'd say it makes you human.

Not sure what the problem is. I have complete control over the privacy settings of all my accounts. After reading the post, I think the problem is the poster made a choice before this not to use the privacy features.

Google added Buzz to my account automatically and automatically added people form my contact list - some of whom I don't think should have been added - and I had to actively go and search for the privacy/remove/turn off features.

If, on the other hand, Google had said "heres our new Google Buzz feature, heres how to turn it on, heres the privacy settings and heres how you can add everyone|people you talk to regularly|manually add" then I'd be perfectly happy. Opt in is better than opt out, as far as privacy is concerned.

>Google added Buzz to my account automatically and automatically added people form my contact list.

To the best of my knowledge they prompt you and ask you who you want to follow. This was the case for me. They don't automatically follow - unless you click the OK button.

Turning off buzz is literally one click away at the bottom of the screen. I know because I used it.

Not for me. They just said "The following people have been added automatically..." At least, I did not manually add anyone and I had a bunch of people added.

The weird part is that of my 6 followers, 2 are people I've never heard of before. One is following 20 and the other 77 and they don't look like spammers, just complete strangers with no reason to have found and followed me.

Had the same impression, but searching my mail for their names helped. They were guys like a free software developer whom I had sent feedback about his stuff, people from newsgroups I had exchanged some unimportant e-mails with, etc.

I am pretty sure you are mistaken. This is the prompt everyone got when they went to buzz for the first time: http://www.digitaltrends.com/wp-content/uploads/2010/02/goog...

This is also shown in the Google buzz demo video.

Responsibility lies on you when you decide not to edit the follow users and check privacy setting when its right in front of you the first time. The only way forward is to click OK, thats what you did like everyone else who is complaining and going ra ra about privacy.

Look, people aren't making this stuff up. I'm not sure of the circumstances yet (maybe just the first batch?), but there are a lot of people who were automatically added to Buzz without a prompt.

Upon signing in to Gmail, I was directed to some sort of Buzz landing page / prompt. I deliberately chose 'no / continue what I was doing'. (I wasn't aware of any problem, so I didn't make a point of memorizing the presentation.)

Upon proceeding in to Gmail, I found that I was participating in Buzz, with IIRC 14 follows.

My more general reaction to this situation, including a similar, serious security implication for a close family member, I'll comment on elsewhere in this thread.

Briefly: You fucked up bigtime, Google. The people truly responsible for this need to be terminated.

Me too. I just logged into my gmail account (which I don't use) and got a buzz page. I deliberately did not click the huge "Okay" button but instead the tiny "Nah", but then there was still a buzz tab and I had to click the very not obvious link at the bottom to turn it off.

This is the first time I have seen the image in that page. No, I did not get that prompt.

I didn't watch the Google Buzz demo video, because I'm not interested in Buzz. I shouldn't have to watch something I'm not interested in to find out how not to take part in what I'm not interested in. It also took me quite a while to figure out where the turn off button was - since its not in the normal settings, where I would expect to find such things.

You didn't actually look at the image you posted did you. It says quite clearly that google autofollowed people. The only button that is there is an "OK". I just clicked on buzz for the first time and I got this: http://imgur.com/ji5lx

There were already messages there. They were almost all about how to turn off buzz.

The argument is not so much that you were auto followed (which only happens when you click the buzz tab on gmail) but that you didn't get a chance to do anything about it.

Clearly you have option to edit your followers list and change privacy setting (which was the complain I was referring to). If you choose not to do anything about that and ignore the prompt and go ahead click OK. Should you not take some responsibility for it? I am not denying that google auto following is not in bad form I am just pointing out that changing/editing it is extremely easy and right in front of you.

As for turning off buzz. It is at the bottom of your gmail window. One click away, but not obvious.

I don't want to change privacy settings, I just don't want buzz. Where is the "cancel" button? Google should be smart enough to not do opt-out.

Nope - I never configured anything and had about 25 followers and was following 25 people - 2/3 of which were just people I had had to email in bursts who I didn't know. Seriously flawed execution here...

You're wrong. All sorts of people were following me, and me following them, just by clicking the Buzz link.

They switched to that when there were complaints. Lucky people like the poster of this blog entry got to be google's guinea pigs so they could figure out that they should have that screen.

Why is he being down-voted? (-3 at the moment)

Oh right, "we don't like his comment, let's get rid of it." Jesus, people, behave.

He's making his case based on his knowledge of the situation and he's doing so in an educated manner.

Me, personally, I'm in his same situation. I can't understand how people got automatically added to that Buzz thing. The link appeared in my Gmail account and I never clicked it, NEVER. I just turned it off when I learned how.

Because he's being sanctimonious and judgmental ("Responsibility lies on YOU") while having his facts completely wrong.

Because he's saying things which are obviously not true and could be verified as not true with a minimal amount of external research (by, for example, reading the text of the screenshot he posted).

When I set my one gmail account up it did not prompt me, all my contacts were added. However, I went to look at another account I have and it did not add the contacts from that. Not sure if it is a timing issue, as I set my first account up within 12 hours of them releasing Buzz and waited till yesterday after hearing all the complaints to see what it looked like in my other account and if I maybe missed something the first time. I think they may have either fixed the issue or are working on fixing it.

If you clicked that link, you have not actually disabled your public profile.

I'm not sure what the problem is either. I also have complete control over my privacy settings, but it seems you can't say that in this particular topic because the army of group-thinkers will down-vote you (read: censor your comment) to oblivion.

We can't have two-sided conversations in HN anymore. Either you bash Buzz/Google or get the hell out of this thread.

Here is where I think the problem lies. First, Google doesn't show your contact list. It doesn't. This was what people were suggesting, and it's not true.

Basically, what is happening is the same thing that happens at twitter by default. People follow other people, and followers, NOT contacts, are shared. People can see who is following you, but they can't see your contacts.

So, when someone joins Buzz, Google suggests they follow certain people, and sets them up. These are people they have in their contacts list. These people in turn have also done the same thing, most likely. Followers, like on Twitter, are shared publicly.

Basically, a lot of people were following people when they really didn't want to be, and despite the ability to prevent it, they accepted the defaults.

Google has made changes to make it more obvious, but from my own experience, and from everything I've read, seen, or done, is that this was all preventable. The problem was, people didn't take the time to read, or understand, what was happening, just happily clicking along.

Of course, that's probably just as dangerous. Should Google have handled it differently? Yes. Did they betray users privacy? Possibly, depending on if you accept that users using software have a certain level of responsibility, or that the software is supposed to assume you don't know what you are doing.

Edit: More information this morning, and I feel vindicated. =)

I did some of my own experiments with a couple of throwaway accounts, before the privacy improvements on Thursday.

I set up a profile on one account ahead of time. This was very easy to do; Google Reader encourages it at various places.

When I logged into GMail and got the "Buzz" welcome screen, it offered "Try Buzz" and "No thanks." I clicked "No thanks" and it took me to GMail, but the Buzz UI was enabled anyways. When I logged into second account that was a contact of the first, it received a notification that the first account was following the second, with a link to the first account's profile and list of followees/followers.

Now, this part is a bit foreign to many people, but imagine that the fact you email someone is a secret and potentially damaging to you. Maybe you are a whistleblower talking to a government regulator. Someone I know had a stalker added to their Buzz followers along with people she didn't want the stalker to learn about (because stalkers will try to get at their victims through their friends and family). Maybe you don't want certain people aware of your sexual orientation, or your religious or political activities.

At this point, the damage is already done. Before Thursday night, there was no clear notification or way to opt-out of the public followers list until after it had been created and then broadcast to a list of people. By the time you got around to checking out Buzz, realizing that your information had been disclosed, and figuring out how to remove it, it could easily be too late. Note that Google did not "suggest" people to follow and then let users "accept" these defaults. They were added without the user's knowledge or consent.

Worse, if you found the "Turn off Buzz" link in the GMail footer and clicked it before blocking your followers, changing your profile settings, etc., then all your information is still public but hidden from your GMail pages! It's then much harder either to discover the problem or to fix it.

And Google has admitted to some outright bugs that made the situation worse for the "Fuck you Google" blogger. For example, people still appeared in the "Following you" list on Google Reader even after they were blocked and you set your Reader shared items to private; they couldn't actually see your shared items then but it appeared to the user that they could. Also, before Thursday there was no way to block a user who did not have a public profile.

My friends who work at Google are convinced these are real problems[1]. I think you are dismissing them way too quickly.

[1]: http://www.google.com/buzz/mbrubeck/HEN2DyJooNZ/This-looks-l...

Couple things here.

First, I stand by what I said: People need to be aware, and made aware, of these things. Privacy is your business, and putting my privacy in the hands of someone else (and I'm not even referring to Google here) means I'm essentially giving up my privacy. Whistleblowers and other people who wished to remain secret should have taken more steps to ensure their privacy (accounts that can't be traced back to themselves).

Secondly, you don't make it clear whether either account said it auto-followed things before you logged in or not. Did it? Did Account 1 follow Account 2 without actually logging in with Buzz enabled, or was it only after logging in it auto-followed? Note: I realize the implications of either way; however, I'm just curious to know which it is for my own knowledge. Again, I'd rather not assume. You also make it seem as if you accepted the default privacy settngs Google set for you.

Next, I realize their were bugs in Reader that "Fuck you Google" made them aware of. Bugs happen. In this case, the bug was just a display bug and from my understanding, didn't actually share anything. In this case, the big problem was merely a display problem. Sure, this is a bug, and a serious one, but not the extent that anyone was suggesting.

Finally, everything I've seen from Google, including the link you sent, suggests that they had these settings in before hand, and that the privacy concerns were more from people that didn't look into the privacy settings before hand and accepted the defaults. The link you posted even described all the issues you described by fixing them merely through making them more visible.

So again, we come to it: The settings were made available. That they weren't flashing and in front of the users with big bold text with sound announcing themselves is a problem, but not to the same extent that "Google was display user's contact lists on their profile page."

However, that all being said, I still think we can learn a lot by this. But looking at it through the eyes of the mob-think that occurred these past few days won't teach us anything, and if anything, only promotes continued ignorance of privacy concerns on the internet.

When you have HN readers complaining about this issue, then we can be fairly certain that the average user of Google's products will have a very difficult time finding their way to the "privacy features" controls, and in effect Google has already made these privacy decisions for them.

Being an HN reader doesn't make someone immune to being wrong. At some point, the user has to take responsibility. Every complaint I've read that discusses this has mentioned not using Google Profiles to modify privacy settings previously. Either that, or it wasn't mentioned at all.

So, I go back to what I was saying: did anyone using the privacy settings available have their privacy setting explicitly overridden, or was is just people not using the privacy settings available, and then getting run over when they realized what they had allowed opened?

Edit: I get downvoted for asking questions. Apparently, not following the torch-bearers blindly is frowned on.

This morning, I've watched two coworkers open their gmail accounts for the first time since Buzz went live. In both cases, they clicked "No thanks, take me to my inbox" instead of the button to "Check out Buzz", and in both cases, Buzz was enabled anyways, and a bunch of people were listed as following/followers. We looked at their profiles, and all the followers/ees were publicly listed.

What, exactly, should they have done to keep this from happening?

> In both cases, they clicked "No thanks, take me to my inbox" instead of the button to "Check out Buzz", and in both cases, Buzz was enabled anyways

That's exactly what happened to me. I'm really pissed off with Google now. If they are going to throw this sort of crap at me, I will have to reconsider whether I want gmail and reader accounts.

Clicking "No thanks" in this instance is not a command to disable buzz it is actually a dismissal of the tutorial page. Buzz will still be enabled either choice you make. There should be an obvious opt out of buzz on the splash screen page.

The way to turn it off is a very small textual link in the footer of the page that says turn off buzz.

"The way to turn it off is a very small textual link in the footer of the page that says turn off buzz."

Important quote from http://news.cnet.com/8301-17939_109-10451703-2.html

"But all this does is remove active links, leaving your profile still publicly available, along with any public buzzes you might have made while trying Buzz out. In fact, you're still technically following people, and they're following you. Not OK."

Obfuscated opt-out is pretty much the definition of 'evil'.

Hanlon's Razor comes to mind : "Never attribute to malice that which can be adequately explained by stupidity."

I doubt the google programmers are stupid but I would say that they probably were excited by the new feature that they are proud of and didn't think that people would want to opt out of it before even trying it.

So when you have those $19.99 offer pages and small textual link in the footer to cancel or say no, you consider that stupidity and not malice

Obfuscated opt-out is pretty much the definition of 'evil'.

(since it didn't seem to come through when the other guy posted it)

I can confirm that this just happened to me as well. In fact, if not for this thread I wouldn't have known to go back to check if Buzz was silently enabled.

Same thing happened to me.

They were using their profile privacy settings, and it violated it, or was it more a case of the feature enabling itself in Gmail and using existing privacy settings?

Edit: And because it needs to be said here: I'm not suggesting enabling Buzz and then using existing privacy settings as a bases for how Buzz works is right. I'm just asking a question.

This was their first interaction with Buzz. There was no opportunity to set any privacy settings.

They are both Reader users, and did have limited sharing enabled there, but under what logic should those permissions ever extend to a completely new, different service with wholly different privacy concerns?

"Inferring privacy preferences for new software, based on prior actions in old software, is a recipe for failure."

From this thread: http://news.ycombinator.com/item?id=1121034

Anyways, here is my take. Buzz isn't a new product so much as it's a new feature of Gmail. It's as much a new product as any new feature of Gmail is. It's also tied into most of the areas Gmail is, and tied into the rest of Google, and uses Google Profiles.

Google made the assumption that because this wasn't so much a complete new product, but rather an extension to an existing one, that it should use existing permissions. And looking at it that way, I can easily see them doing what they did.

What they didn't suspect, or expect I'm sure, is that people would see it not as a Gmail feature, but rather as a completely different system unrelated to Gmail and rather, tacked onto it.

I can see how Google looks at Buzz as merely an extension to Gmail. Gmail is, after all, their communications tool, including email, chat, and eventually (we know this is coming), Wave. Buzz is merely another way to communicate, and because so much of Gmail already includes so many other connections, Buzz being a framework to share things that Email, Chat, and what not are effective at, they built it with a familiar way of doing things. They then assumed (and I'm assuming all of this, mind you) that because they were building on top of an existing structure, that much of the privacy concerns that have arisen were already in use by the people that were concerned with it.

So, the question is, not whether Google was right or wrong, but rather, where do we draw the line? When does a new feature become a new product that requires new permissions, and when is a feature merely a feature that can use existing permissions. After all, there is so much that they do add where we don't blink an eye or concern ourselves with permissions or privacy, despite the potential for problems down the line.

I understand what they did, and why they did it (if my assertions are correct). However, there is more to learn here than to just say "Make everything private." The reality is, most users make assumptions about privacy (this is excellent proof of that), and so do companies. I honestly don't think Google went with Buzz and said "Let's destroy users privacy." I also hope this heightens people's awareness to the state or privacy on the web.

Any new feature, product, whatever that exposes private information should be opt-in. Period.

But what if the information wasn't private before, merely public, but not in the same context? This is what I think happened with Buzz. Nothing new was made public. It's just the public things weren't really public before.

This is the question: if up until now, you had an option that set things to 'public', but they weren't really public, should a new feature unset your previous choices? Should a new feature change your privacy settings?

What are you talking about? Buzz exposes your up-till-now private email contacts by listing them on your public profile page, unless you take the time and effort to understand that it's doing so and follow the convoluted opt-out process. That's why everyone's upset.

Where does my contact list appear on my profile page? I can't find it. I can find my followers, but they aren't the same as my contacts.

By default, your followers were auto-populated from your contact list, potentially revealing who you most email.

Ask HN:

I don't have a Google Profile, I said no thanks when Gmail asked me if I wanted to try Buzz, and I clicked "turn off buzz" at the bottom of gmail. Can anyone tell me if people can follow me in Buzz? Or if I'm following anybody?

I have been clicking around in Google and I have no idea how to control this and I don't want to turn Buzz on by accident...


The terrible thing is, I didn't give Buzz another thought until all this negative publicity turned up. Now I'm sitting here very paranoid that Google is misusing information about me. And I'm wasting a lot of time trying to figure out what it is or isn't doing. I resent having this fear and I am annoyed that my lack of confidence that "No Means No" leads to wasting time on Google.

You can definitely add me to the list of people who believe Google is the new Microsoft. They have hired some of this generations' best and brightest for what? To find new ways to spray ad feces on the Internet, to kowtow to oppressive regimes up to the moment when they realized they were being back stabbed, and to treat privacy as a quaint and archaic notion.

Worst of all, from the perspective of the HN community, they seem to be acting like the Microsoft of old: Instead of indexing information, they want to own it themselves, which is why they roll out services like Buzz directly competing with Twitter, Foursquare, Friendfeed, Facebook, and so on.

It's a sad day for Google when I start to sympathize with Rupert Murdoch. But now I understand why he wasn't rushing to embrace how Google would add value to his news businesses.

Using another gmail account, I tried to discover what is being exposed via Buzz about my primary gmail account. Other than have one follow the other, I couldn't see anything that wasn't already exposed through my Google Profile. I don't use Google Reader for anything besides RSS, and even so, I don't refer to it any more (I use FriendFeed for RSS).

There must be particular kinds or sets of data that are exposed by Buzz, and I must not have contributed anything to those corpi. Some particular things that don't seem to have been made public via Buzz: my gmail contact list; any of my email, sent or received; Google Groups postings; any Google Chat conversations; nothing about or from my Google Wave account; Google Reader subscribed feeds.

I do not have a Google profile, but I did re-activate Buzz this evening so that I could go back in and block any followers I had.

I edited the list of people that Buzz automatically followed on my behalf and un-followed all of them.

I edited the list of apps whose status changes would be automatically Buzzed ( like Picasa ) and removed them.

Then, I deactivated Buzz again.

I suspect that I'm going to have to repeat this process periodically.

So it's possible for people to follow you on Buzz even if you don't have a Google profile and you have never activated Buzz?

Well, yes, but it's also meaningless: if you're not using buzz, there's nothing to follow. It's like they added you to a chat contacts list, when you never sign in to chat.

Oh wait, that's exactly what it is like, because they did the exact same thing with the launch of GChat: pre-populated social graph. No outrage then about people being able to listen to the sound of silence.

I've got the same question. Shoot me an email and I can try to follow you and report back; I'd appreciate if you did the same.

I set up a fake account for testing and tried to search for myself using my various email addresses. They don't seem to exist. So right now I think that setting up a Profile is the key. Once you set that up, Buzz can start sharing your information and you would have to fool around with privacy settings to shut that down.

I hope I'm mistaken about this, it would seriously suck http://rot13.com/index.php?text=fhpx%20tbng%20qvpx if your profile is the key to broadcasting news about you to everyone in your (automatically generated) address book including who is frequently mailed or mailing you.

I turned on buzz for one of my Gmail accounts, for which I had already set up a profile. I then saw I had one person following me. Someone I know.

But I did not see any indication that any of my contacts were auto-following me, or me them.

On another Gmail account, for which I have no profile, I signed in and was greeted with the Try out buzz? splash thing. I clicked "No thanks."

I get to my mail page, and there's the buzz icon right under Inbox. That's a real WTF moment. I clicked the Buzz icon, and it appears no different than on my other account (except here I was not following anyone, and no one was following me). So, I have no idea what that initial splash page was for.

However, back in my main Gmail account, I used Buzz to search for that other account. Not found. But I have no idea what that really means. Is it not found because there is no profile? Not found because I didn't really opt in?

I think the point most people are missing is that the data Google shared was already public. Reader has its own privacy and sharing policies, and as far as I can tell Buzz respects these. Even if this person successfully polices Buzz, the reader feed is still out there, public and waiting to be found.

Reader privacy settings can be changed at https://www.google.com/reader/view/?tab=my#friends-manager-p...

Sure, but there's a huge difference between "waiting to be found" and "pushed to the foreground".

It's just like the Facebook Newsfeed debacle. People tend to have an expectation of "how public" something is on a scale, and when that changes suddenly it can be a bit jarring. Ultimately, people adjust -- but it's a mistake to look at public/private as a binary concept. In many people's minds, it is a sliding scale.

If anything, Google should've learned from the Facebook debacle before releasing a News Feed of their own. Essentially, Google made the SAME EXACT mistakes as Facebook did.

They're not mistakes -- it's strategy. Google simply has the same strategy as Facebook for the same reasons.

How is it strategy when they're reverting their mistakes? Unless ofcourse screwing over a handful of people for 3 days of press buzz is considered strategy.

How are they reverting their mistakes? A few tweaks to help people opt-out? That doesn't change much. You can't monetize privacy.

I'm not sure this is entirely right. I have a public profile on Google, but it didn't announce the people that I converse with on a regular basis before Buzz (at least as far as I know).

I turned off Buzz because I don't see a value in it for me, but before that I had to search to figure out how to make it so that my contacts were not made public. I was a little irate because it represented a significant portion of my client list which is more than a little bit frustrating.

That they acknowledged as a mistake, and rectified early on. When you first turned on Buzz, there would have been an option for whether or not you wanted to have your contacts displayed, however I guess it wasn't easy to find. Shortly after releasing Buzz, they made it a lot more obvious (I guess due to user complaints):

http://gmailblog.blogspot.com/2010/02/millions-of-buzz-users... (item # 1)

They are certainly responsive to these issues, however the fact is their approach to privacy was confusing from the start, which is a recipe for disaster.

As of about an hour or so ago, it still wasn't fixed. Clicking "No, thanks" on the first Buzz popup screen means nothing - Buzz still gets enabled, still auto-populates a big list of followers and followees, and still makes that list public.

I had the same thing happen not 10 minutes ago. I logged into a rarely used gmail account, got the Buzz landing page, clicked "no thanks" and then was redirected to my inbox. Buzz was there and active and had added followers automatically.

I agree - I don't have a public profile setup, so nothing was added to buzz for me.

Thank you for pointing this out. This entire Google Buzz is infiltrating my privacy BS has got to stop.

bullshit. Google just redefined "public."

This is the sort of thing that was absolutely predictable.

If you are certain that this was absolutely predictable, you are implying either:

a) The Google Buzz people are so stupid that they couldn't have predicted this absolutely predictable thing (no one else did that I know of until it bit them) or

b) they knew this would happen and chose to allow it to happen in the bad times hoping the love they'd get from those who like it would be greater than the pain experienced by those to whom it happened.

If either (a) or (b) is true, can we trust Google with our private information? Either they are too dumb to keep it out of the wrong hands or they don't care about individuals' privacy.

So you say that a team of engineers does not understand that most frequent contacts != those whom I wish to share my stuff with? Are edge cases like the original post hard to predict? Did they do any testing, even with their friends/colleagues?

That doesn't sound smart to me. Either their incentives are misaligned (b) or there are some other problems.

buzz was internally available at Google for a few months before launch, so yes there was testing.

If it was a 'work' gmail account, it is quite possible that the people in their frequent contacts, are people they normally share related information with so the question didn't really come up.

Another possibility is that they assumed people would simply disable and that would solve the issue. It turned out to be an incorrect assumption.

I can attest that your first presumption is true. My girlfriend works at Google and internally it's not that big a deal to share information to your most frequent contacts, since you're generally not doing anything inappropriate or private on the internal corporate network anyway.

(b) is almost certain. I have trouble believing no one at Google thought, "I have people in my email contacts I don't want to share with on Buzz." They probably thought that these cases would be in a tiny minority, and that they could respond to complaints with pointers for how to block people.

Agree that (b) is almost certain.

Google had the decision to jump-start their social network in a big way at a cost of annoying maybe 1 in 100 gmail users who are conscious about this sort of thing. Seems like an obvious decision to a for-profit company.

It raises questions in my mind about what data I am providing to Google and what unforeseen ways they may decide to use that data at some future point.

What if Google just starts buying stuff for you and having it shipped to your house. You can opt-out once it arrives -- if you can figure out the RMA process...

You're probably right but what would make them think this would be a tiny minority? Have these engineers never had ex-girlfriends?

Sane people don't have excessive drama with their exes.

Sane people do not always have sane exes.

Sane people don't make accounts to troll anti-google posts. And who said anything about excessive drama: do I really need to list the myriad reasons why one wouldn't want email to automatically "follow" exes and vice versa?

Clearly this is an edge case though; you cant protect against every eventuality!

There are other options available. What almost certainly happened here is that Google was so concerned with getting the features right that they pushed it out without asking "What could go wrong?"

A lot of startups do that and most of the time they're fine because they can learn as their user base grows. But Google made a strategic decision to bind Buzz to Gmail and that is what caused the problem.

The lesson is that a lot of people are thoughtless when building technology but once you get to the size of Google you can no longer afford to be as lax as everyone else.

I know it was absolutely predictable because c), I predicted it. About 20 minutes into using Buzz. I posted on my Buzz, in fact, that I was waiting to see the resulting mess.

So yes, I'm certain that it was.

c) http://www.jargon.net/jargonfile/s/SNAFUprinciple.html

Generally speaking, it is difficult for useful information to flow in organizations. Most of the time, this lack of circulation is not remarkable, but this looks like a big deal to me, the sort of thing that gives PR people nightmares. I would wager that at least one Buzz engineer raised this concern weeks if not months ago but was ignored or pressured into backing down.

Exactly so: if you put your address and other contact information online, people will find it.

I started off agreeing with her complaint, but it suddenly struck me: she's trying to avoid an abusive ex-husband - why on Earth did she even put that information in her Google profile to start with?

I have estranged family members, which is exactly why I don't put that sort of information in online profiles, and I'm not even worrying about an abusive husband who has my email address.

This is the problem when you give your personal data to big companies. They do what they want with it, and there is absolutely nothing you can do about it. They have the power, you do not. It was obvious with Facebook, now it becomes obvious with Google. But really, it should be obvious for any online service. Starting with web mail.

"Technology Shouldn't Give Big Brother a Head Start" Bruce Schneier http://www.schneier.com/essay-281.html

"I will offer you free web hosting, with some PHP doodads; and you get spying. For free." Eben Moglen http://www.isoc-ny.org/?p=1338

Honestly, Google is still allowing me to opt out at any time. They (as far as we know) use "eventual deletion," but it's still deletion. Facebook on the other hand has so far retained everything that has ever been on it, according to the interview with an employee that was on HN a few weeks ago. ( http://news.ycombinator.com/item?id=1045879 )

That said, the way Buzz was introduced was definitely a leap in the wrong direction by Google.

One thing that certainly is true about this: there's no simple, obvious single place to tune all your Google privacy settings. I've found how to do it, but I had to look under cushions and behind the sofa, so to speak.

Where is it?

You can turn Buzz off on the bottom of your gmail page and privacy settings can be found at https://www.google.com/accounts/ though I still found it awkward and unintuitive really.

Thank you. Although it is there I'd consider where they put that link as intentionally hiding it.

Went to your link to see what privacy settings there were. Noticed the address they had on file was my last company's US address. Removed that, then saw that somehow the payments for that company's Google Apps account were made through MY Google account, and their credit card was still on file.

Thanks Google, for storing someone else's credit card for someone else's services on my account, for no reason I can find, other than the obvious 'I didn't realize what account I was signed in with', which seems unlikely because their Google Apps account was created before I ever started working there.

Man, Google's getting more and more confusing. It's a giant labyrinthine maze of data that only they have the time and processing power to sort through.

It's a giant labyrinthine maze of data that only they have the time and processing power to sort through

Not even they have the time and processing power to sort through it.

I don't see any mention of Buzz in any of my Gmail accounts settings pages. Please tell me I would've had to consciously enable Buzz in order to have the option to turn it off. Please tell me Google is not automatically making my Google account a Buzz account too.

Nope, theres no mention of Buzz in the accounts setting or the gmail settings. They automatically enabled it for me and I had to hunt to find the disable link in a non-standard (for their apps) place. I'm not very happy about this, honestly.

You can configure buzz's connection to other sites by going to gmail, buzz, "n connected sites" above the text box, click the Edit link next to (non editable!) item that says Public. A box pops open with a link to that site's privacy page.

If you have concerns over privacy, move your data somewhere that doesn't obviously look into your private data for the purposes of advertising.

Stay anonymous. Use your ISP's email. Use accounts you pay for and can hold accountable for transgressions like this.

You give your data freely to google without understanding the terms of that transaction and they will use those rights in some way you arn't happy with.

She should cancel all of her google accounts and move somewhere that gives more favorable terms of service and is directly accountable to her.

Having thought about it some more, Google is in deep and immediate trouble. They need to act swiftly (in days) and decisively to get on top of this before public perception gets out of hand.

Simply put, Google can NOT afford to have public opinion turn against their opt-out model. Their whole vision depends on opt-out.

But think about what a week or two of stories like this will do. Opt-out will become synonymous with evil. Then how dows Google Book's stance to authors look? How do all their other auto-data collection techniques look?

Google depends on opt-out to their very core, down to robots.txt.

They can't afford public opinion to turn against that, and it's going to if they don't move fast.

Entirely agree. You and I know how Google works, but most people think they either configure their servers manually or that they supervise them all in real time. It's like those stories of a dead person receiving a computer-generated bill or debtor's letter - there's no malice intended, but it makes everyone feel bad and damages the reputation of the organization involved.

Their privacy improvements last night[1] look good on a technical level, but they don't fully address either the underlying user confusion, or the PR issue (they haven't offered a sincere apology).

[1]: http://gmailblog.blogspot.com/2010/02/millions-of-buzz-users...

The majority of people don't and will never care about their privacy, particularly when connected to the internet.

People who feel harmed by this will be upset and will hopefully understand that they were far more vulnerable than they believed, then take steps to insure that it doesn't happen again.

Some people will feign indignation at whats happened to her, claim to be boycotting google, then abandon the prospect when they see how much of a pain it is to change to another service.

Most people will never hear about this, and if they do, they won't really care. GMail works for them, they don't understand or care about their privacy. They have a service that works and is implied to be free.

There is a MASSIVE difference between not knowing and not caring.

the latter can cause the former

Isn't it reasonable to expect privacy by default? Should't you be able to hold even a free service accountable for such a transgression? Google's 'if you have nothing to hide...' attitude should not be tolerated.

It's also reasonable to expect someone to read the terms of the contract they enter into.

When you skip those terms of service, you're agreeing to those terms.

You also always have the choice not to tollerate them. Move away from their service. Don't use google for search. They track every search that you perform tied against your IP.

If your privacy matters, take the time to protect it.

"Stay anonymous. Use your ISP's email"

You ISP is the least anonymous email provider available. They know exactly who you are, where you live, and can see everything you do online.

I may be wrong, but I think that the parent of your post had a more limited idea of 'anonymous' here.

Your ISP knows all the things you say they do, but so far as I know, no ISP does the kind of social/networking stuff with your information that Facebook, Yahoo, Google and company do. A government agency can get information from your ISP, but your ISP doesn't "share" anything through default-to-yes things like Buzz. (I may be wrong about this. Some ISPs may do this too.)

We're not talking about the relationship between her and Google, but the one between her and her ex-husband, into which google has unwittingly interposed itself.

She willingly included Google in that relationship by making him a contact and giving Google information that they had a relationship.

You can't give away information and expect it not to be acted upon. Corporations are not bound by anything except for the law and the contract they form with you. If it's within their rights, they can and will act upon it.

It sounds like there are two issues here. First, that Google assumed that because they were 'frequent contacts' that they were best friends, and thus him and all his jackass friends were made followers on her Google Reader.

The second is that all the people that frequently contact HER (via an anonymous account which forwards to her Google account) now have her personal Gmail account and are following her on Buzz (and Google Reader), which she can't stop from happening.

The problem is that Google's assumed that anyone with whom you correspond frequently is a friend with whom you're willing to share all of your data, when in reality a lot of people are forced to correspond with people whom they don't like at all, and that Google shouldn't be saying 'Hey, we've created a new thing called Buzz, and we've told everyone all about you on your behalf!'

Edit: also worth mentioning: you don't 'make someone a contact' in Gmail, Google does it for you automatically whenever you e-mail someone. Also, she didn't give Google information that they were in a relationship, Google just did this automatically. Even people that she e-mailed from an anonymous address via gmail got access to her profile. Google basically gave everyone her personal info without asking if it was ok, and now she can't take it back.

> The second is that all the people that frequently contact > HER (via an anonymous account which forwards to her Google > account) now have her personal Gmail account and are > following her on Buzz (and Google Reader), which she can't > stop from happening.

Until now, hiding your mail address from spam was one of the biggest concerns one had with email. Now, that might turn into hiding from Google. Or at least circumventing where we don't want it to do something with our private data we do not agree with.

That might turn out to be hard.

She must have replied fairly regularly to these individuals; I get around 10 emails a week from one individual to whom I have replied around once a month - and they never got auto-added.

Not quite. I peeked at the Buzz thing, and saw that it has me auto-following people whom I've never corresponded in any fashion. How exactly does one "willingly include" Google in a relationship one never had?

A "contact" is someone who you email frequently. That's it. It's entry in an address book.

A user signs up for email from gmail. They don't sign up for "networking". Whatever the fine print might be, it would be clear to her and to any neutral judge that she didn't ask to have Google give her information to her contact.

What I didn't like about it was that by default it let everyone in my addressbook know many of my other clients. In fact, if you're a freelancer for anything, and you want to know most of the other freelancers that your client has contacted, just click his Buzz profile. There's a profile checkbox for this but for some reason Google left that on by default!

And let's say you had a bad client one day who wouldn't pay and you wanted to not deal with him. Well guess what -- he now has contact access to many of your other clients through the default settings in Buzz.

Heck, I was even seeing profiles out there where I could get access to someone's doctor.

I also dislike that when Buzz has a message and says (1) beside it, so does my Inbox too. I think the two should be distinctive. I ended up having to make a rule to trash anything going to my inbox beginning with "Buzz:".

Eeee-yikes. I have a number of current clients in good standing, and one "bad" client from a while back that would just love this.

I've been migrating away from Google lately; the prospect of this just hurried me right along.

How do you not see this coming with a feature like Buzz? Why didn't they do any sort of staged roll-out or opt-in for a feature with such obvious privacy implications? I'm stunned. Doesn't Google employ tons of lawyers, ethics experts, or people with enough common sense to spot this?

Maybe it was some sort of skunk-works project that got out without sufficient oversight?

Google employs a lot of smart people, so this is a real failure on their part - probably the biggest that I've yet seen from them. All previous similar addons to gmail have been opt in, so I wonder what caused them to change that policy in this case.

I'd wager a guess: Greed?

So much for do no evil...

but it's /stupid/ to piss away the goodwill of nerds, and there is a rather large subset of the nerd population that is freakishly concerned about privacy. If you want to do business with nerds, you need to respect that.

Google, I think, did a very good job of building trust and enthusiasm with nerds; it's super important for them, we are the influencers here. Sure, nerds never click on ads, but who do you think sets up the computer for the confused normals who do?

The number of nerds I know who hate google to the point of using inferior search engines is growing over time.

Greed can make you stupid, just like any other kind of lust.

> Why didn't they do any sort of staged roll-out or opt-in

I distinctly remember to have clicked in something like "I want to use buzz" before having it enabled

You get the intro page with a button at the bottom ("Sweet! Check out Buzz!") but the feature is automatically enabled.

As always, beware of geeks carrying gifts.

I'm trying to understand how this is a problem. Surely, it doesn't matter who is following you, as long as you don't post through Buzz. This sounds like someone complaining about wierdos following you on Twitter. Nobody is forcing you to tweet. If you don't want to publish your life to the world, then don't.

When you sign up to twitter, you know what you're getting into, and you act accordingly - maybe you use an anonymous handle, maybe you only share certain things, maybe you keep your account private, etc.

When you signed up for Gmail and Reader accounts, you thought you were getting email and RSS, and you acted differently than you would for a twitter account. For Google to suddenly invert those expectations is jarring and unwelcome, and to expose personal information derived from activities undertaken with particular expectations in place is a complete betrayal of trust. I still can't believe how stupid Google was about this.

I think the parent comment was referring to sharing items in Google Reader, which was public or only to friends (which were generated from the people I had listed Google Talk, initially for me)

The parent comment missed the fact that before you were sharing links, here you are sharing the list of people you email frequently or chat with, which is an entirely different proposition and was handled poorly in a misguided attempt to imitate your twitter "following" list.

Except for that oversight on the list of people you are following, the Google sharing model for items you share is much more advanced than Twitter or Facebook, and makes it easy to share things with a particular group of people.

The problem is that Buzz automatically adds email contacts as followers, and then publically displays who all of your other followers/ees are. So, if you were sharing items in Reader with a small group, once Buzz went live, you were also sharing them with everyone who was automatically added, and they could see who else you were sharing them with. Completely unacceptable.

Integration with Android and Picasa make things even worse: http://news.cnet.com/8301-31322_3-10451428-256.html

Plus, you can easily inadvertently expose other people's private email addresses because of their incredibly stupid ui: http://techcrunch.com/2010/02/11/reply-google-buzz-exposing-...

I think most people were already doing public sharing in Reader- it was the default there. (Not of the people, but of the items). I am not sure what exactly was happening with private sharing in Reader, but it was an option and was limited to fairly small group. I made my google reader share's public and posted them on my blog. My comments showed up in that feed.

You also would see the names of people that would comment on the items of people you were following in Reader, even if you weren't following them. So, I definitely see your point about names, but there were cases in Reader where this was already happening.

In any case, I turned on Buzz almost right away. I got to the first step and decided I needed to turn around and clean up my contacts list, I then turned it on. That could have easily been designed into the activation process.

I think the point is that she was operating under the understanding that she was NOT publishing to the world ... and all of a sudden, not only is she publishing to the world, it's been made retroactive and she can't block anyone stalking her. How does that not suck?

That was a mistaken understanding. Reader has always published to the world unless you specified otherwise.

She does use the social features, and the communication; albeit limited to her two closest relatives. These are all the people she ever wanted to use her e-mail, Reader sharing, and chat with.

Gmail keeps track of your correspondents and automatically nominates them to be your social circle, which is way out of the scope of this girl's usage and requirements for and e-mail client. What she wanted was web-based anonymous e-mail, and Google didn't help her out there much.

"web-based anonymous e-mail" can't exist. It is just too tempting for the hosting company to use your personal data without your explicit consent.

"not being raped" can't exist. It is just too tempting for men to rape you without your explicit consent.

This is kind of beating a dead horse here, but Despammed.com was my baby (still is, in an embalmed and pathetic sense) for six years. And we had Web-based anonymous email for real, written into our policy. We tossed the logs every day - the only way anybody could get fresh logs, before tossing, was to subpoena us for them. One - exactly one - law enforcement agency did that, for a user who was using us as a dropbox for credit card fraud. The Italians never managed to get us a subpoena for the freedom-of-speech abrogation they attempted. And nobody else ever tried. They'd bluster a bit, but when it came to getting us paperwork, they went away.

I should probably reinvigorate that someday.

I don't understand the disagreement. Can someone explain to me why "web-based anonymous e-mail" can reliably exist ? (short of having your mail server at home, of course)


They (claim to) use some sort of asymmetric encryption scheme such that they literally do not have access to the data on their own servers. I'd love to have a crypto expert explain to me if it's legit.

They still have to deliver your mail, unencrypted (besides TLS) through POP3. Which means that at some point, your mail is unencrypted in their machines. But they would have to be outright malicious to intercept your messages at that point, so I think we can trust them on this.

Anyway, there is more than just your e-mail: there is your connection logs, the quantity of messages you receive (and from whom), retrieve (and when) and sent (and to whom).

Plus, the relevant authorities could compel them to surrender your logs. You may prefer that they (have to) ask you directly. (EDIT: Vivtek says this happens very rarely, if you care do ditch the logs, so this may be a small issue.)

I don't think we can get closer to truly anonymous web based mail. That may be sufficient for most people, though.

The issue was about Google reader. The information she put there to share with friends apparently leaked. It can happen whenever privacy policies are changed, by the way.

Amongst others, this is one reason why I'm not an early-adopter. Too many things have odd consequences, and although this one is and pretty much always was obvious, many are not, and require devious minds and talented/persistent hackers to find them.

So, in fact, this is an opportunity to say "thank you" to the hackers out there that tinker with and attempt to break (sorry - "improve") everything as soon as they can get their hands on it. You make the world a better place.

Nice walk-through, for the cautious like you and me:


(posted yesterday by yogeshmankani: http://news.ycombinator.com/item?id=1118141 )

as you get auto-subscribed, this is no early adopter. Gmail's around for years

Official Google statement issued to businessinsider.com:

> We reached out to blogger in question this morning and addressed her concerns with Google Buzz and Google Reader. Some of the concerns were due to confusion the product experience created. Her report also helped us discover one bug and one product issue in Google Reader:

> 1) If you block people in Buzz, they still show up as following you in Reader. This is a bug, and we're working to fix it. Provided that your Google Reader shared items are protected, only the people you've explicitly allowed to see them can do so -- regardless of who appears to be following you in Reader.

> 2) Until now, there has not been functionality to block people from following you in Google Reader. We're adding this to the Reader interface.

> We are making these two changes as fast as possible and we'll get them live in the next few days.

Archived copy of the article in question: http://img38.imageshack.us/img38/329/harrietjacobsfuckyougoo...

It was ridiculously arrogant to just force-configure a network on users like that. Thinking of dumping my Gmail account.

Thinking about it won't solve anything, because if you just think about it you won't do it.

If you don't like the faceless information harvesting machine Google is becoming, ditch their services. Otherwise, may as well just accept it.

I've absolutely adored gmail since I got it for forwarding, spam filtering, and providing me with a permanent email address to give out to people. I'm definitely ditching it now over this and this alone. Which sucks because I will miss those great attributes, but they simply aren't worth this nonsense.

Maybe if I could have easily turned it off (or if it was opt-in, of course)...

The choice between privacy goes something like this on the internet these days. Be apart of the internet and give up all hope of privacy, or don't participate and be a Luddite. This choice is not acceptable or practical for any future.

Google grossly underestimated how important privacy has become to average user in last year or two. Unfortunately this could have been the killer feature that Buzz could leverage over Facebook and Twitter because they do such a horrible job at it. In fact Facebook's take on privacy has become down right scary. Privacy controls for Buzz could have been it's differentiator. Instead it's turned into the killer mistake threatening to bury Buzz before it even got out of the gate.

But, everyone screws up, everyone makes mistakes, it's all about how fast they fix it. So get some pizza, jolt, and strong coffee it should be a long weekend Google Buzz Engineers.

It's a bit unfair to say that Twitter is bad at privacy. Twitter is public by its very nature. Google Buzz seems to be the same. Don't want to participate? Turn it off.

I would also disagree that Facebook's take on privacy is "downright scary," given the range of privacy settings you can choose. It's not some half-assed implementation on their part. Perhaps you take issue with the default settings?

No one set of privacy options will work for everyone for any of these tools. And when you choose to use one, you're responsible for what you say and do with it. So maybe the real issue is that Google decided to enable Buzz automatically. It was a choice they made, and I don't think it was necessarily the wrong one.

The only thing the Google Buzz Engineers should be working on this weekend is removing the huge lag for posts showing up in the feed.

When the head of the company basically says people don't care as much about privacy as they once did. I call that scary. If he'd say we want you to participate fully in our service and we think that means your information is public it would be better.

But, I agree with the article that Facebook is really getting it wrong. Instead of having a default how about present them with a simple dialog. Explain the issues, and ask them what settings the user wants? Share with Everyone, Share with My Friends, etc.


Then the accusations that if you or one of your friends fills out a poll your information is shared with the poll author. (As noted on Twit Podcast). So yes I think those are some scary things.

to err is human, but to persevere is diabolical. errare humanum est, sed perseverare diabolicum. Seneca

To err is human, but to persevere in error is only the act of a fool. "Cujusvis hominis est errare, nullius nisi insipientis in errore perseverare". Cicero

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place..."

-Google CEO Eric Schmidt, in 2009.

As I pointed out two months ago, this quote is taken out of context [1]. I'll reproduce the full quote here:

Judgment matters... If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place... If you really need that kind of privacy, the reality is that search engines - including Google - do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.

Schmidt simply suggested that if you have an extraordinarily high need for privacy you should not use Google. He's right and I agree with him. This is the CEO of a company reminding his consumers that Google has to conform to the PATRIOT Act. He's saying something that could potentially hurt his business by pointing out how your privacy is hurt because of the laws they have to comply to.

Remember the attack on Google by China a few weeks back? Where the subject lines of the email of civil rights activists were compromised? This happened because of a mechanism Google was forced to put in place to conform to federal wiretap laws. Schmidt was spot on in what he said.

We've got a strong enough case against Google without resorting to cheap tricks. What they've done with Buzz is unforgivable. I may well be migrating away from Google's services in the next week or two, depending on how this pans out.

[1] http://news.ycombinator.com/item?id=984646

Even taken in context that statement is still very scary. He's not saying you should use judgment on what search engine to use, he's saying you should use judgment on the action alone. The fact that he watered the statement down right after and then pulled the old "we're just following the law" doesn't make it any better.

That's not what he's saying; he's saying the product of his company is not suitable for those with very high privacy requirements. Similarity, many commercial operating systems are not suitable for those with very high security requirements. But hell, he's a witch, so let's burn him! But seriously, this sort of a mob mentality is just as embarrassing as the mob mentality seen on the far right in the US. Whether you're a global warming denier or a privacy alarmist, you're still thinking irrationally.

Don't mistake my position; my only contention here is that Schimdt's quote is taken out of context. It is poor evidence of Google's stance on privacy. Let's use strong evidence like the mishandling of Buzz to make our case against Google.

I hate that attitude so much. I hate that man.

We are all criminals in today's world. He understands that. He just doesn't care. He's a part of the elite that can afford lawyers and protection.

In my wildest dreams he is sued under the DMCA for making a backup copy of one of his kid's dvds.


I have a few questions - how did it find her anonymous blog? I assume it was a Blogger account? I've turned Buzz off and yet my work colleague next to me said he is getting notifications that I am 'following' him - on Buzz, Reader. It's more tricky than Twitter, because I can't 'unfollow' people. Google Buzz also found the one tweet my friend sent in 2007 and published it on Buzz as latest news. They could make privacy a little easier for the non-tech folk - ie most of the population - or there will be these sorts of knee jerk reactions.

Probably. It linked up an old Blogger account of mine that I haven't used in years. It could have been embarrassing since it was exposed to all my GMail contacts who might have enabled Buzz including people I barely know, work collages, etc. The Blogger account has a bunch of stupid stuff on it that was only intended to be viewed by friends. I'm quite sure someone could have found it by cyber stalking me but to have it shoved in their faces is entirely different. Of course I'm not even sure what other people on Buzz could see. There's no clear distinction between public & private information.


A close family member has spent the past decade going to sometimes extreme measures to avoid an abusive ex-spouse.

Google has potentially pre-emptively revealed their contact information; and not through their own choices and/or lack of action (on zero notice, spending perhaps hours wandering through a plenitude of scattered and poorly documented Buzz settings and behaviors -- please!). No: Any email contact who uses Gmail is now a potential point of exposure for them.


Stupidity can aid and abet evil, Google. If you are not purposefully evil, you are aiding and abetting it.

My trust is gone. It's not coming back.

If you want any measure of damage control, you will determine who was actually responsible for this. And everyone in a position of responsibility for this product who did not understand or chose not to heed these concerns. And you will terminate them. Anything less, and we can do no more than expect similar bad decisions -- from those same people -- in the future.

"And you will terminate them. Anything less, and we can do no more than expect similar bad decisions -- from those same people -- in the future."

I'm not looking to defend Google's choices about Buzz. But I take exception to the idea of firing people who make bad decisions without due consideration for how those decisions came about.

It flies in the face of a mantra at HN: Fail early and often. It goes against the idea that you learn by making mistakes.

If a company fires people for making a poor decision out of ignorance, then they have just lost someone with valuable experience about a potentially troublesome choice. Now that company has to go get someone who (most likely) has not fucked up in that way. (I bet most places do not hire people who got fired from another job for fucking up.)

Who is more likely to make that same or a similar mistake in the future? The person who already fucked up and learned something, or the new person without that experience?

Some people screw up because they are innately incompetent in some field. Let them go; they will not get any better.

Others screw up because they are doing something new, or acting with incomplete or wrong information. In that case, the problem may not be the person but the situation.

Fix the conditions, don't just find a scapegoat.

It flies in the face of a mantra at HN: Fail early and often. It goes against the idea that you learn by making mistakes.

When you're a young, tiny startup, you can fail early and often because the costs of doing so are outweighed by the benefit of the education you get, both to yourself and to society at large.

This is Google. It's huge, it's been around the block a few times, it's already had a ton of failures, and millions of people rely on it. It can't and shouldn't have the same latitude to fail, especially in an area as important as privacy.

"This is Google. It's huge, it's been around the block a few times, it's already had a ton of failures, and millions of people rely on it. It can't and shouldn't have the same latitude to fail, especially in an area as important as privacy."

All the more reason to consider what is the best course to prevent similar mistakes in the future. Knee-jerk firings may make things worse.

"Don't worry boss, the next time I have to make a call about whether or not I'll require millions of users to opt out of sharing some of their most private personal information with the entire world, I'll know just what to do."

Some lessons don't need to be learned from experience, and some screw ups are bad enough that they should result in real consequences.

This situation is not simply a matter of inconvenience. It's a matter of users' safety including physical safety.

As an example of some thoughts on the latter:


And it is not a terribly challenging intellectual exercise to realize some of the implications of the product rollout as configured and executed.

Finally, having used and observed Google products for some time now, I perceive it to be yet another in an increasing cascade of decisions and behaviors that have short-shifted legitimate and often apparent security considerations. Yes, that is my opinion. So is my parent comment. Take from it what you will.

First, in my further opinion, there are "mistakes" that are simply too significant to just forgive and learn from. They demonstrate an inability of the parties responsible to carry out their duties and responsibilities. I see Buzz as such a case.

Second, Google as an institution has let various aspects that are exposed by these situations -- from effective design and execution, particularly with respect to some aspects of security, to effective customer relations -- slide for too long. If they are going to improve, it's become apparent that as an institution they are going to have to take some dramatic action. Something that communicates to their employees that the status quo will no longer do.

It's my opinion. And maybe I'm overly pissed off at the moment. But this Buzz rollout is particularly boneheaded, and Google is better off without the employees who had responsibility for preventing such a fiasco.

Google held many customers by making enough of a show about being concerned for their privacy. It's what kept me using their search results, despite the increasing tracking they've been implementing. They are at risk of losing this perception now in the public and upon the part of their customer base.

When your customers don't trust you, your other efforts at engagement run a distant second.

This is really well-considered.

This really demonstrates the difference between intelligence and wisdom. Whomever wrote this thing in their 20% time was likely really smart but really unwise. :-(

At first, I was thinking this came from Google intensely dogfooding their products in-house before releasing them into the wild: Within a company, you solve privacy issues simply by not sharing personal secrets. The frame of communication is professional and work-related and the mundane chatter won't get you in trouble.

But then again, I'm not sure if Eric Schmidt would happily share who he's corresponding with or following with the entire staff...

Voted this up because I don't recall saying 'yes' to Buzz, yet somehow I'm following people I never wanted to follow, and people are following me who are completely unfamiliar to me. And apparently I've shared some items I "shared" only due to an errant mouse-click many moons ago.

Can anyone tell me how I can (1) get off buzz, (2) not forward anytthing from me to anyone using buzz, (3) not have buzz appear in my gmail window? I've never opted in to buzz, don't want it, and don't want anything to do with it. There doesn't appear to be any obvious setting where I can get out of it.

First, open the "Buzz" label in GMail. Click on your list of followers and block all of them. Click on "connected sites" and remove any connections.

Now edit your Google profile (if you have one) and remove any information that you don't want public (including "display my full name"): http://www.google.com/profiles/me/editprofile?edit=b

Finally, go to the footer of the GMail site and click "turn off Buzz."

But do make sure to do these steps in that order- clicking "turn off Buzz", as far as I can tell, only keeps you from seeing Buzz-related stuff, including the Buzz privacy and follow/follower settings. It doesn't disconnect you from those followers, hide your (by default) public or shared information, etc.

At the risk of dredging up an extinct meme...

Worst. Design Choice. Ever.

At the bottom-center of your Gmail page, there is a link to "turn off buzz".

Google is rolling out new privacy tweaks directly in response to this:


The author seems like a competent internet user. I wonder though what happens to the intersection of people with her privacy needs and the people who don't know how to login to facebook?

I wonder how much of all this security stuff around Buzz comes down to users having incorrect assumptions/knowledge about how applications and software handle privacy. It seems like a poor choice to make an assumption that any given application (including one from Google) is going to be able to know what level of privacy you expect by default.

Not to say that Google is blameless in this situation, as they could have done a lot more to educate potential Buzz users on privacy. However, it seems a common thread with the complains about Buzz and privacy start with someone making an incorrect assumption about how Google applications were handling their comments, shared feeds, friends, etc.

I have never created a google profile either. Is simply clicking "turn off buzz" at the bottom of gmail sufficient to completely opt-out of all of this nonsense? ...because that's exactly what I want to do at this point.

You'll have to block people who are following you first

No, if you don't have a public profile, then no-one will be following you.

I didn't have a public profile but Google still automatically added people who were following me. I had to block them one-by-one.

I'd like a clarification from somebody who uses Reader / Picassa. Is any of the stuff that's suddenly available to following people actually private, in the sense of impossible to access? Or simply "obscure", i.e. if you know the username and look for it you can find it?


Wrong -- it adds the list of people you exchange email with to the list of people you follow, which is publicly visible by default. There was no way for anyone to see who you exchange email with until this happened.

The fact that you can go back and block your "following" list from public view is irrelevant -- the list of people you exchange email with should never have been put on that list without your explicit consent. It's a unilateral change in the terms of the agreement you have with Google. Letting Google publish a list of people I follow in Google Reader is consent to publish a list of people I follow in Google Reader -- it is NOT consent to publish a list of people I email or who email me.

The ability to set privacy settings individually per contact, not just on the entire list seems to be a critical missing feature on buzz.

There are some people you don't want to follow at all, and there are some people you want to follow in private.

As a friend of mine pointed out in a recent blog post, you really don't want to make all info on all the people you follow public, especially if they're your kids: http://anwag.posterous.com/

I think the biggest breach here is the forwarded emails. I have used email forwarding to maintain pseudo-anonymity (just barely, anyone with a brain can figure it out).

It is a valid breach in privacy and trust. Careless on Google's part to consider that use-case.

Well, Google followed up on it and she wrote another post about that. http://fugitivus.wordpress.com/2010/02/12/screw-you-google/

> This blog is protected, to view it you must log in. <

I have a Wordpress account, but it doesn't seem to bring down the wall for me. Can you please quote an excerpt?

Huh. Sorry, I can't access it now either.

I completely don't understand Buzz yet. Can somebody explain why Buzz allowed that husband to read things he couldn't read before? Did it publish private conversations?

It seems like when she signed up to Buzz it auto-followed her most frequently used contacts (which included her ex-husband). As a follower he was able to read her shared google reader feeds (since those items are automatically shared via Buzz) and since she put personal info in her the comments she made to shared items, her abusive ex-husband was able to see them.

She set up a shared G-reader feed for her trusted contacts to read. Buzz auto-added her untrusted contacts.

The shared feed included sensitive info (like where she lives) and now that secret info is available to her violent and abusive ex-spouse (and all his friends.

I wish I could look poke around with the settings and give some advice on how to avoid this... but I can't even get buzz to show up with a gmail domain account. Anyone else have integration issues between domain accounts, premium accounts, and plain gmail accounts?

yes. domain accounts are considered "business" accounts and do not get any of the new features until they are proven out -- we're usually on a 4-9 month exciting feature delay.

And yet somehow for a while I had a personal account linked with my domain account, but the passwords were different... The behavior isn't that of the least surprise I've come to expect from google.

tl;dr: google accounts are really confusing

here's what's most confusing. there's a "google account", that can be any email address (including a google apps for your domain email). this is not the same as a gmail account, it's just a "google account". this type of account can use almost every service (except for gmail, and probably a few others), and it's a personal account. it's so distinct from your "business"/domain account, that it can even have different passwords.

then, you have your domain account. it can also access some services (like google apps), but these are all accessed through a special URL -- like mail.google.com/a/weebly.com, or calendar.google.com/a/weebly.com, etc. this is also a unique account which has its own password.

long story short: super confusing

The worst part of all? Google's own properties handle these different types of accounts poorly. Google App Engine in particular will lock you out if you inadvertently have an administrator with a Google Account and Goodle Domain Account with the same email address.

The (false) assumption is that a person has inherent privacy both on the internets and in the carbon based world. A very quick look at your local property appraisers office or clerk of courts should show you that the individual must be vigilant in protecting this right.

I don't trust google anymore than I trust any individual I don't know. I am using their service, and I know that they can give up all me emails, on purpose or by accident, and I have to be aware of what I send over that service. Clearly google has done a foolish thing here, but based on the above, not one that should have been unexpected.

Such is the state of modern life. You can always shut it off.

Google adds opt-in on sign-up, and easy opt-out later ("Disable Google Buzz Completely" in Gmail settings): http://news.ycombinator.com/item?id=1123873

Stuff like this leads me to believe there is a pretty good business out there for a paid-by-the-user service. Google's real customers are advertisers not you.

I can't vouch for it, but it already exists: http://www.lavabit.com/

'Lavabit was built for people like you. People who want a fast, reliable, private POP3 e-mail account with the most advanced features.'

POP3 account… with advanced features? I mean, I know they don't want to go IMAP because they don't want to store information on their servers, but it's still contradictory at first glance.

I think she should get a lawyer and sue Google's ass.

On what grounds do you think she could file a lawsuit and have an expectation of it going anywhere? GMail is a free service for most users. You could choose not to use or it just turn off Buzz. You don't go around suing people just because you can't figure out how to set preferences. It's not like they're acting in bad faith by deliberately making it difficult to disable.

Well, first of all, whether it's free or not is pretty much irrelevant. This is a business for Google - they're taking people's personal information and using it to make billions of dollars in advertising. I don't think it would be hard to convince a jury that they have a duty to make a reasonable effort to protect the information that has been entrusted to their care.

convince a jury

But this would be a civil case, right? There is only a Jury if its a criminal case.

EDIT: I stand corrected.

That's not true. Civil cases can have a jury.

Yes, this is true. It's in the U.S. Constitution, in fact.


The right to trial by jury in a civil case is addressed by the 7th Amendment, which provides: "In Suits at common law, where the value in controversy shall exceed twenty dollars, the right of trial by jury shall be preserved, and no fact tried by a jury shall be otherwise re-examined in any Court of the United States, than according to the rules of the common law."

Though there are also details that matter. Here's one:

The right to a jury trial in civil cases does not extend to the states, except when a state court is enforcing a federally created right, of which the right to trial by jury is a substantial part.

Can we have a source please, from either of you?

it's common knowledge that many juries have ruled in favor of plaintiffs and defendants in lots of civil cases. No one needs to cite anything for this.

There's lots of common knowledge out there. The common knowledge which is true ought to be easily citeable. ;)

Yep, that's right, that's true too.

If you type "Jury trial" into bing, it #2's "in civil cases" and for that you get:

   U.S. Constitution extend the rights to trial by jury
   to include the right to jury trial for both criminal 
   and civil matters and a grand jury for serious cases
But see, I suppose there are some places where even a conversation like this could get us in jail, so maybe we shouldn't be having it... I don't know...

Google makes money by shoving ads in your face, or charging you for their service to shove ads in others' faces. Their power in this field is their expertise in exploiting the information that people so freely hand over to them.

They make no money protecting ones' privacy. If you can work your privacy into their business model, you'll have gained something. Good luck with that, though.

Hopefully Google is following some of these complaints. Personally, I'm adding feedback on their "disabling Buzz" help page: http://mail.google.com/support/bin/answer.py?hl=en&answe...

They're doing serious damage to their image with this. I hope they wake up soon.

I wonder... before buzz, her ex-husband could also have followed her, probably without her ever noticing. Now that buzz generated, well, buzz, she found out about it and now can actually take mesures to block her ex.

While I see dubious value of automatically setting often mailing addresses to following (this should not have been the case, IMHO), I have a feeling that the much more visible follow-relationships right now might actually be an improvement to the older situation where you never really knew who was following whom, as right now, you actually have a chance to find out about it.

(also as a preventive measure: I'm not trying to troll. I understand her and I'm feeling bad for her, but I would really like to discuss whether this can't actually be some kind of a good thing as she at least knows that he's following her now)

You don't get to cherry-pick the scenarios. If you're going to play the cost-benefit game you have to enumerate them all, or at least all of the common ones.

(Here's just one of the many alternative scenarios: For every technically-sophisticated stalker who is unmasked by this change, I'll bet there are several technically-unsophisticated stalkers who didn't used to know how to stalk someone through Google, but who now do.)

Anyway, you can do all the sociological research you want, but that still doesn't make it right to manipulate someone else's personal toolset without their consent. You still have to ask. The person who does get to cherry-pick scenarios -- to steer the course of his or her life in situationally-appropriate ways -- is the customer. Unless you're a Google customer, apparently, in which case the company will change the nature of its existing tools, without fair warning, to suit its own benefit.

"The person who does get to cherry-pick scenarios -- to steer the course of his or her life in situationally-appropriate ways -- is the customer."

As has been pointed out here on HN, we are not the customer. The customer is the ad buyer. We are merely the sheep, here to be regularly shorn by serving ads to us and analyzing our data and networks.

As has also been pointed out here on HN, Google doesn't treat their customers (ad buyers) very well. Given that, how well would you expect them to treat the sheep?

Thanks. I see.

I do also think though that the previous setup provided security by obscurity (it was hard to stalk, but it was also hard to notice being stalked), whereas the new setup is open about that fact.

Relying on your stalker not to be technically-sophisticated seems risky.

I agree on the point of not changing existing tools, though arguably, this was a change for the better (now you see that you are being stalked and how to stop it), albeit one which could have done even better (by turning all of the existing features off, then implementing buzz and then giving people the chance to opt-in again).

I'm also having a hard time understanding the issue here. Is any private data (besides social relationship data) being 'published' that wasn't available before via a simple Google search?

As I will have cause to say again: Life is not a mathematics problem. There is a world of difference between that which is theoretically possible, that which is practical, that which is routine, and that which is obvious. And the tendency to assume that these things are all the same is a huge problem in tech product design, especially social software design.

Cryptographers have a principle: security-through-obscurity is no security at all. And in the world of cryptography, that's a good principle. [1] But, alas, in the world of people who are being stalked, that principle is useless -- or, rather, it is isomorphic to in the long run you are doomed. Security-through-obscurity, and its undependable, amorphous cousins like social engineering, are all that you get, assuming that you physically exist, that you can't afford to live in an armed compound, and that you can't afford (or have no legal power) to get your stalker put in a secure prison for life.

Don't force your users to give up all the pragmatic social tools that they know best, that they've developed for themselves -- their knowledge of the natures, personalities, and social norms of the people around them -- and make them live inside a math-class story problem. Such a move can literally kill them. And they won't appreciate it even if it doesn't.


[1] Because cryptographers study a class of problems in which this assumption makes sense and maps well to the real-world situation.

I thought about a few shitty scenarios, but this one didn't come to mind. Google calculated the risks and choose to have autofollow enabled. They knew what they were doing. I think they released it and waited and reacted. Venn diagram it, they have more users using their system because of it.

Her post on rape jokes was also very good: http://fugitivus.wordpress.com/2009/06/24/a-woman-walks-into...

A good reminder (or revelation) of why rape is never funny and should be taken seriously.

I don't get the outrage. Is there some flag in GMail that you flip to say "this person is stalking me, pretend they don't exist"? No.

So at this point, her public comments are being shared with one of the people that she talks to the most. This is a problem, but it's not something Google could have avoided.

My advice is to block this person, stop commenting on blogs if it is going to endanger her life (or use real anonynimization tools), and get a restraining order against the person she fears. People are easy to get rid of if you put enough effort into it, but what I've noticed from reading Ask Metafilter (and other things) is that people enjoy having problems and don't actually want to solve them. I feel that this person is doing the same thing, "drama drama me me me".

Let the downmods begin...

The default position of any social network when it comes to sharing personal information should not to, Period.

All "sharing" should be based on opt-in actions and not left to being opt-out. I've fully aware that many networks including the biggies like Facebook don't follow this mantra, but personal privacy laws (such as those that exist in Canada) should exist to enforce this fact.

If you're an active user of Google Reader's social networking features who tried out Buzz, please chime in. I wonder if it really happened as automatically as it sounds, from the post, or if she missed something. (I've tried out Buzz, but haven't used Google Reader in months.)

I've been an active user of Google Reader since it went live, and I also have a Google profile. When I enabled Buzz, the only users added to my Buzz network were those already in my GReader shared network. Then I added a few others to Buzz. No problems here; no sense of an invasion of privacy whatsoever.

The rub is that I have no idea what results look like for those who don't use GReader or GProfile.

I use google reader and I have noticed only new shared items on Buzz posts. I.e., it did not automatically 'publish' old stuff I have shared.

Seems OK with me. In fact, I kind of like it.

Only complaints I have are: 1. Missing tagging functionality (or I haven't found one) 2. No centralized 'privacy control panel'

It seems it was pulled of the Internet, here's a copy - http://img38.imageshack.us/img38/329/harrietjacobsfuckyougoo...

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact