Buzz or Bust

Google's Buzz was a bust right out of the starting gate. The new stealth social media service--Buzz was launched without the usual public advance notice--was fraught with privacy concerns. The result was an immediate user backlash and firestorm of criticism from nearly every corner of the blogosphere. The ill-conceived release of Buzz surprised many Google watchers; the turn-on-a-dime response by Google to rectify the problems surprised even more.

Buzz allows Gmail users to post articles, comments, photos, and various ramblings that can be integrated with Twitter as well as other Google services such as Picasa, Google Reader, and Google Chat. Buzz represents an unabashed step by Google to weave together previously disparate services and data sources.

As it has done with other products, Google released Buzz even though all of its bugs had yet to be worked out. But unlike with previous Google product launches, potential users were not allowed to choose whether or not to join Buzz: it was automatically turned on, creating potential privacy issues for Google's 37 million-plus Gmail users. First, Buzz automatically revealed a Gmail account user's registered full name to some of his or her contacts instead of whatever nickname the user had chosen to assign to the account.

Second, users who clicked through the Buzz setup wizard--which was a requirement to post messages--using the defaults were in for an even bigger surprise: Google had preselected a number of their Gmail contacts who, as it turns out, were then able to peruse lists of some of their other Gmail contacts. The possible nightmare scenarios resulting from such random interactions among your Gmail contacts should be obvious. In addition, users with preexisting Google profiles saw their privacy settings surreptitiously overridden by the completion of the Buzz setup wizard.

Not the least infuriating feature of Buzz: its impressively labyrinthine and obfuscated privacy settings and remarkably scant disclosure about what was being shared with whom. Trying to figure out what your contacts and the Internet at large could see about you on Buzz was (and still is) a Herculean task.

Buzz Mobile has its own issues; every comment a user makes via Buzz Mobile by default includes the user's current location if the user has location services enabled on his or her mobile device. If a user hasn't taken steps to make a Buzz private then the comment is tossed into the public "buzzstream," allowing anyone, anywhere in the world to track where the user is at any given time. For example, you could check out who is hanging out at the corner bar, attending a protest rally or visiting a particular medical facility. Google is working to provide easier ways to control the disclosure of location information; for now the quick "fix" for end-running such tracking capability is to just say "no" to enabling the location tracking capabilities in your mobile device.

In its first iteration, Buzz served as a textbook example of how to violate the principles of Privacy by Design. In the rush to create "a great user experience straight out of the box" Google demonstrated carelessness toward some of the most sensitive information it holds and all but asked Internet users to reevaluate their trust in the company.

Google's "Tylenol" Response

Google quickly owned up to its mistakes. Within two days of Buzz's launch, a new checkbox - which made the publication of contact lists simpler to opt out of - was incorporated into the setup wizard and another two days after that Google announced plans to introduce a new setup wizard all together. Google's proposed changes (which are being worked on and rolled out as I write this) fix some of the most glaring problems with Buzz; however, we are waiting to see if these fixes adequately address all of our privacy concerns.

As Google works to retool Buzz and reel back in user trust, there are a number of important lessons to be learned from this experience. First, privacy disasters can arise when marrying previously distinct data troves to each other. When products - and their accompanying privacy settings - are merged, it is imperative that the most privacy-protective settings for each data type are preserved.

Privacy advocates have long been concerned about how Google would integrate its products, each holding massive amounts of information. While within its individual products, Google has long adopted industry-leading privacy practices, even offering a dashboard that allows users to easily access and update some of the information Google stores about them and review their privacy settings, but these controls do not hold up when two products with differing uses are merged together. Buzz offers a perfect example of why this concern continues to plague Google. The company overrode previously set privacy settings causing users to unwittingly disclose the registered name behind the pseudonym (nickname) associated with various Google products.

When merging data sources and privacy preferences companies must proceed carefully, a lesson Google seems to have learned last weekend. We are optimistic that the changes Google plans for Buzz will be a step in this direction.

The second lesson here is that getting the privacy controls right for a social network is not an easy task. It is not simple to both protect privacy and promote the development of a healthy network. Facebook was the first to prove that privacy controls can foster the growth of social networks, but as the Beacon episode and Facebook's recent privacy changes both demonstrated, even the most experienced social media companies can go sideways when it comes to privacy. When rolling out any kind of new social media platform or application, companies should always engage in extensive, privacy-centered user testing before releasing any social networking products to the public.

Finally, the backlash over Buzz demonstrates the difference the organized voice of the user can make in promoting online privacy. Google has credited user feedback, voiced in a panoply of languages, with inspiring its upcoming "re-launch" of Buzz. As the world has seen again and again over the past few years, online voices can be powerful and can affect real change. To find out more about how to amplify your voice on Internet privacy issues, check out CDT's "Take Back Your Privacy" campaign.

So what's my takeaway on Buzz? It may have a promising future, but it's not ready for prime time.