Early Lessons about Google Buzz

Google’s Buzz has only been released into the wild for three days, but already there are numerous issues surrounding privacy that may wind up severely damaging Google’s reputation. Google’s decision to automatically interconnect everyone and their brother (quite literally) has triggered the Law of Unintended Consequences, prompting concerns about everything from abused spouses wanting to be anonymous to authoritarian governments cracking down on dissenters. Whether Google has jumped the shark on this one in terms of public trust remains to be seen, but we can still learn some lessons immediately.

Google apparently did test out Google Buzz with their own people, but apparently forgot that self-selection can be a problem:

Now, let’s be clear. We TOTALLY understand why Google believes it is better for everybody that this be an opt-out option. Users get a service that’s already set up. Public follower lists also make it very easy for users to find new people to follow. That’s useful and it helps Google grow Buzz much faster.Finally, when Google tested Google Buzz at the Googleplex, everyone agreed that this way was better and no one had any problems opting-out of settings that made them uncomfortable.

But we have a message for the brilliant people behind Google Buzz (and the rest of Google’s products): the rest of the world is NOT like you. These privacy concerns aren’t for the incredibly computer savvy, the patient beta testers, or Twitter and Facebook power users.

If ever there was an example for randomizing your sample, this would be it.

In fact, there have been several legitimate complaints about how wide open your life is if you’ve used Gmail for your private correspondence, including inadvertently including people’s private email addresses. Google has done the right thing by immediately addressing many of these concerns, but the underlying metaphor for Google’s approach still remains problematic.

In essence, Google has managed to answer a very important “what if” question that privacy pundits have been wondering about but haven’t had the technical capability to accomplish: What if everyone really was connected to everyone else? What would happen then?

It may sound very egalitarian (and even somewhat romantic) that this kind of connectivity could be a Good Thing but the pragmatic reality is that there are many instances when it’s not. When I was trying to learn how to use it – on both the Web and on my iPhone – I found myself repeating the same phrase: “Well, this is a security problem.”

So far, and this is an inexhaustive list:

  • Your location is automatically adopted into your mobile buzzes
  • You can see buzzes from people in your immediate local area whom you’ve never heard about in your life
  • You can have your email address exposed by someone who wants to message you
  • You can automatically have your buzzes available to people who follow people who follow you (and your email is exposed to them as well)
  • People you block can re-follow
  • Filtering out buzzes from your inbox can be a major PITA
  • Searching for all the places to opt-out of every possible connection is difficult, and always leaves you wondering if you’ve missed something

There are two major issues with Buzz that seems to be the focus of the complaints: there’s no ability to easily configure, and the automatic opt-in. The latter is the most significant issue by far.

I have not seen the question raised, but it’s worth asking: Is the next step to have your Google searches publicly available as well? I’ve seen comments (though have not verified this yet) that Google Reader accounts are also now somehow exposed. What about Google Docs? Just how far does this interconnectedness run, or will it run?

Now, I don’t mean to sound paranoid. But as the adage goes, “Just because you’re paranoid doesn’t mean they’re not after you.” As Google Buzz has shown so far, there are legitimate reasons to be curious about the extent to which your own personal information can be used against you and others without your knowledge.

It doesn’t have to be all bad, though. In 1989 Robert Tappan Morris unwittingly let loose a vicious Internet Worm that brought the entire Internet to its knees. As a result, after the fervor died down, the event generated a newfound interest in security and many of the existing metaphors for networks were radically changed (and improved). One such positive consequence was that network ports had previously been open by default, but now they were closed.

As a result, computer servers and networks became more secure, eventually leading the way to electronic commerce (this happened before the Internet was open to commercial interests) and other attributes that we take for granted.

Google’s Buzz has all the earmarks of turning our expectations and understanding of Social Media around. Up until this point we’ve had concerns about privacy, concerns about openness, but we’ve managed to create DMZs around our exposure to the world. We can now see what happens when we no longer have that capability by default.

I seriously doubt Google would have the malicious intention (or that much of a profit motive) to put its own customers at risk – after all, this is not the way to win friends, influence people, or keep you’re freakin’ customers! If they have been focusing on the mantra that more open is better, more communication is preferred, or if they have used the Twitter model of connectivity (where it’s actually expected and approved that people you don’t know would follow you), it’s easy to see how they could have genuinely thought this was a positive step forward.

But the two colossal failures on their part was that:

  1. Email is sacred
  2. Publishing your location with links to private information is a Bad Thing

The issue surrounding the configuration parameters is just the icing on the cake at that point. Google’s initial contention was that the manual approach to handling the increasingly social workload wasn’t sustainable. In Google’s opinion, simply waiting for others to choose to join negates the potential that connectivity can bring. Why not, then, do it automatically?

Well, we now know why not. The Law of Unintended Consequences is a mean taskmaster. Just ask Robert Tappan Morris.

Will Google’s approach work if it’s opt-in, instead of opt-out? There is no question that there can be potential for Buzz to work. It has a great deal of potential to evolve into its own social metaphor, but that kind of self-emergence must come from the users, not the company.