April 21, 2014

avatar

Google Buzzkill

The launch of Google Buzz, the new social networking service tied to GMail, was a fiasco to say the least. Its default settings exposed people’s e-mail contacts in frightening ways with serious privacy and human rights implications. Evgeny Morozov, who specializes in analyzing how authoritarian regimes use the Internet, put it bluntly last Friday in a blog post: “If I were working for the Iranian or the Chinese government, I would immediately dispatch my Internet geek squads to check on Google Buzz accounts for political activists and see if they have any connections that were previously unknown to the government.”

According to the BBC, the Buzz development team bypassed Google’s standard trial and testing procedures in order to launch the product quickly. Apparently, the company only tested it internally with Google employees and failed to test the product with a more diverse range of users who are more likely to have brought up the issues which were so glaringly obvious after launch. Google has apologized and moved to correct the most eggregious privacy flaws, though problems – including security issues – continue to be raised. PC World has a good overview of Buzz’s evolution since launch.

Meanwhile, damage has been done not only to Google’s reputation but also to an unknown number of users who found themselves and their contacts exposed in ways they did not choose or want. Exposing vulnerable users without their knowledge or choice even for a few hours can potentially have irreversible consequences. While Google is scoring some points around the tech policy world for reacting quickly and earnestly to the strident user outcry, the Electronic Information Privacy Center (EPIC) has filed an official complaint with the FTC, and that Canada’s Privacy Commissioner has expressed disappointment and asked Google to explain itself. (UPDATE: A class complaint has been filed in San Jose, claiming that Google broke the law by sharing personal data without users’ consent.)

Earlier this week I asked people in my Twitter network how they’re feeling about Buzz after the fixes they’ve made. Some are now reassured but others aren’t. Joe Hall wrote:

@rmack totally lost me for good.. I just can’t believe that they won’t do it again. It will have to be very useful/different to get me back

Some are leaving GMail altogether. Judson Dunn reported:

@rmack my boyfriend deleted his long time gmail account for good :(

I was so concerned about exposing people in my GMail network during the first week after launch that I stayed off Buzz entirely until Monday afternoon. By then I felt that the worst privacy problems had been fixed, and I understood well enough how to tweak the settings that I could at least go in without doing harm to others. After playing with it a bit and poking around I posted some initial observations and invited the people in my network to respond. There are still plenty of issues – some people who claimed in Twitter that they had turned off Buzz are still there, and I think Buzz should make it easier for people to use pseudonyms or nicknames not tied to their email address if they prefer.  From Beijing, Jeremy Goldkorn of the influential media blog Danwei responded: “I like the way Buzz works now, and it seems to me that the privacy concerns have been addressed.”

I’ve noticed that some Chinese Buzz users have been using it to post and discuss material that has been censored by Chinese blog-hosting platforms and social networking sites. If Buzz becomes useful as a way to preserve and spread censored information around quickly, it seems to me that’s a plus as long as people aren’t being exposed in ways they don’t want. My friend Isaac Mao wrote:

It’s more important to Chinese to make information flowing rather than privacy concern this moment. With more hibernating animals in cave, we can’t tell too much on the risks about identity, but more on how to wake up them.

Buzz has unleashed some potentials on sharing which just follows my Sharism theory, people actually have much more stuff to share before they realize them.

But I agree with any conerns on privacy, including the risks that authority may trace publishers in China. It’s very much possible to be targeted once they were notified how profound the new tool is.

The “Great Firewall” is already at work on Buzz, at least in Beijing. While most people seem to be able to access Buzz through GMail on Chinese Internet connections, numerous people report from Beijing that at least some Google profiles – including mine and Isaac’s – are blocked, though people in Shanghai and Guangzhou say they’re not blocked. Others in China report having trouble posting comments to Buzz, though it’s unclear whether this is a technical issue with Buzz or a Chinese network blocking issue, or some strange combination of the two.

It will be interesting to see how things evolve, and whether activists in various countries find Buzz to be a useful alternative to Facebook and other platforms – or not. Whatever happens, I do think that Google fully deserves the negative press it has gotten and continues to get for the thoughtless way in which Buzz was rolled out. There are  senior people at Google whose job it is to focus on free expression issues, and others who work full time on privacy issues. Either the Buzz development team completely failed to consult with these people or were allowed to ignore them. I am inclined to believe the former instead of the latter, based on my interactions with the company through the Global Network Initiative and Google’s support for Global Voices. Call me biased or sympathetic if you want, but I don’t think that the company made a conscious decision to ignore the risks it was creatin
g for human rights activists or people with abusive spouses – or anybody else with privacy concerns. However, if we do give Google the benefit of the doubt, then the only logical conclusion is that in this case, something about the company’s management and internal communications was so broken that the company was unable to prevent a new product from unintentionally doing evil. Nick Summers at Newsweek thinks the problem is broader:

Google is so convinced of the righteousness of its mission statement that it launches products heedlessly. Take Google Books—the company was so in thrall with its plan to make all hardbound knowledge searchable that it did not anticipate a $125 million legal challenge from publishers. With Google Wave, engineers got high on their own talk that they had invented a means of communication superior to e-mail—until Wave launched and users laughed at its baffling un-usability. Last week, with Buzz, Google seemed so bewitched by the possibilities of a Google-y take on social networking that it went live without thinking through the privacy implications.

Whatever the case may be in terms of Google’s internal thinking or intentions, we have a right to be concerned. Too many of us depend on Google for too many things. As I’ve written before, I believe Google has a responsibility to netizens around the world to develop more effective mechanisms to ensure that the concerns, interests, and rights of the world’s netizens are adequately incorporated into the development process.

I’d very much like to hear your ideas for how netizens’ concerns around the world – particularly from at-risk and marginalized communities who have the most to lose when Google gets things wrong – might be channeled to Google’s development teams and product managers. Rather than wait for Google to figure this out, are there mechanisms that we as netizens might be able to build?  Are there things we can proactively do to help companies like Google avoid doing evil? Can we help them to avoid hurting us – and also help them to maximize the amount of good they can do?

(Cross-posted from RConversation)

Comments

  1. Anonymous says:

    Very nice write-up. However, I disagree with some of your conclusions. In particular, I think that Google simply has too many smart people, and the privacy issues were too numerous and obvious, for this to be anything other than a deliberate decision to boost the initial userbase of Buzz in exchange for losing much of their good image.

    Many people who use Google and Gmail — and not just the technologically illiterate — are still only vaguely aware of Buzz. There has been a loud and angry response, to be sure, but for every person who has spent an hour blocking people and deactivating Buzz, there are likely ten, twenty or fifty more who aren’t aware of any of the privacy issues, or even aware what “Buzz” is, other than a new tab on the side of their Gmail.

    I suspect that Google knew people would be mad. You can even take it a step further and imagine that they fully expected to withdraw the Auto-Friend feature that Buzz initially had after only a few days, using it only as a way to “jump start” the service. But the potential value of having a direct facebook competitor, tied in with one of their best and most popular services, was simply too valuable for what they likely viewed as “an acceptable” privacy breach.

    Further bolstering their decision, I’d argue, is the fact that in key demographics, Google really has no competitors. Nearly everyone I know between 18 and 35 has a gmail account, and Google as their default search engine. It’s not simply that Gmail and Google are the best, it’s that other options can be seen as unprofessional. (I’ve known people who cull resumes based on email domains, and Yahoo and Hotmail are borderline AOL.)

    So that’s my view of the issue. It’s not about Google knowing that they’ve seriously alienated a segment of their userbase, it’s that they were completely aware of what would happen and did it anyway, because they knew they’re be almost no negative consequences for them. Hopefully I’m wrong, but the cynic in me just can’t believe they’d do this by accident.

  2. guitarman says:

    Recently my gmail storage run out so I had to buy additional space. (Despite the old Google’s slogan that I will never have to trash any e-mails). It turns out that I cant do it without giving not only my credit card number (which is understandable) but also my home address and phone number!

    This was because I had to sign up for google checkout in order to pay for the additional storage — the checkout service which I never wanted in the first place.

    Of course there was nowhere to send the complaint during the process, so I filed through the search engine complaints web site, so probably that’s why I have not received any reply (two weeks lapsed).

    Today I also found that it is impossible to delete my account at checkout. I was able to erase my credit card number, but I could not delete my home address and phone number without giving a new credit number!

    SUMMARY
    1. Broken promise about always enough space (I dont think I’m an excessive consumer of storage)
    2. Extortion of personal data
    3. I never wanted checkout but was forced to sign up even though there are other methods of payment available
    4. No way to get out of checkout
    5. No way to claim my data back

  3. Anonymous says:

    I’m glad I subscribed to this blog, because Google Buzz introduced real privacy problems into my own life– a self-identified pedophile found my real name and started looking through my photos and blog entries. What Google is doing is scary.

  4. Anonymous and prefer to remain so says:

    Good write-up. Like many other people, I found this quite troubling.

    However, let’s not forget that Gmail still has two huge privacy advantages:

    1. It does not transmit your IP address to the recipients of your emails, if sent via their webmail interface. So they can’t check from which geographic region you sent the mail, or (if you are working at a university or big enough company and are using Gmail to send private mails from your workplace) to identify your employer.

    2. It has long offered complete SSL encryption and recently has made it the default (after some prodding in the form of an open letter from security resarchers). The importance of this for people living under an oppressive regime should be well-known.

    Can anybody recommend a reasonable alternative to Gmail which offers these two?

  5. Anonymous says:

    I was so concerned about exposing people in my GMail network…

    Rebecca–

    U R Doing It WRONG.

    If your GMail network is that sensitive, then you should keep it under tighter opsec.

    Look, I’ve had two close friends “disappeared” probably –possibly– –maybe?— –who knows?— by governments which are supported and allied with the U.S. If you think that your data is safe entrusted to Google, then you’re just thinking wrong.

    A trusted principal is one that can subvert your security.

    The best thing that Google could do would be to continually repeat “Don’t trust us. We try not to be evil, but evil happens.”

  6. Kontra says:

    I explored why Buzz wasn’t an accident but one of the first fruits of a strategy by the company to take over territory now being vacated by Microsoft with Microsoft’s now discredited methods and the consequences thereafter, in a series of recent posts:

    Google Buzz: The Big Misdirection

    Buzz launch wasn’t flawed, Google’s intentions are

    Judgement vs. testing

  7. Anonymous says:

    How is a list of people that you send email to private? That is a noob viewpoint. 99% of email is sent as clear text with all header information clearly visible to each SMTP server and all logging software that happens to be running on each of the hops. Thouse of us that have been on the internet for over 20 years apparently are the only ones that know that email (unless s/mime or pgp encrypted) is like a postcard in snailmail. All reciepient info, as well as the message, is visible.

    Now Google gets bad press for not making something that is publicly visible private??? come on people! Email is not private!

  8. sjs says:

    The last couple of comments illustrate the chasm between the tiny minority of geek security absolutists and the vast majority of the population. Privacy/security is a matter of degrees, and the general public will always be making a tradeoff between usability/utility and greater security. More knowledge can be a factor in striking this balance, but knowledge alone doesn’t mean everybody will always do the most secure thing. On balance, this is actually a good thing. Sometimes getting more done in a less secure way is good for overall public welfare.

    The geeks too often assume that people making less secure decisions are idiots. Rather, these users may simply be welfare optimizing, basing their decisions on the risks and benefits within the constraints at hand. Geeks could improve the environment by making security more easy and ubiquitous. In the case of oppressive regimes, projects like Tor are a great example. The Buzz launch is a counter-example. PGP and “web of trust” models are an example of a technically and theoretically great option that has utterly failed on usability, adoption, and practicality for the mass market.

    Indeed, on balance Gmail was a very smart choice for welfare optimizing activists in oppressive regimes. It offered a TLS-encrypted interface, storage outside the jurisdiction of the oppressive regime, and was run by a company with a track record of denying government requests for user data. This is far from absolute, but it may well be the best option possible in the environment that geeks helped create.

  9. Andrew says:

    You can easily see how their logical flow worked:

    1) Wow, twitte r is successful and really easy to copy.
    2) Let’s make something even better! Heck, in our world we can go over 140 characters.
    3) Where will we find users? Oh, we already have a bunch of messaging users in G mail.
    4) How will we quickly catch up to twitte r? Oh, we’ll scan your email and use those as people to follow.

    You can see how they would miss things like opt-in vs opt-out and creepy suggestion effects.

    (now trying to figure out why this is triggering your spam filter…)