How Google managed to reveal my sources
IF you’ve been following the tech media this week, you’ll know that Google is in hot water over one of the most serious privacy breaches in its history.
You’ll likely have heard that Google launched a new product, called Google Buzz, that was meant to create a social network out of its email users.
And that major privacy flaws in the product led to abusive men getting access to the details of their ex wives, political activists finding their contacts made public for investigators to peruse and journalists having their sources “outed”. I’m one of those journalists.
When I clicked on the Google Buzz button in my Gmail account last weekend, Google automatically made a list of people connected to me based on people who I had spoken with by email.
No option was displayed to give me a choice of whether or not this list should be created.
And who turned up in it was quite a shock – an ex girlfriend, an editor based in New York who I had spoken to just once and most disturbingly a person who had contacted me confidentially to provide information for a news story.
Sometimes when people want to talk to me about sensitive information, they aren’t comfortable sending messages to an address with “news.com.au” in it because it may look conspicuous.
In those cases, I often provide them with my personal Gmail address.
Until the weekend I had trusted Google to keep this information private, just as I trust Vodafone not to provide a log of who I have called on the phone to anyone who asks.
But no – if you had clicked on my name in Buzz you would have been able to look at the list of people I had spoken with for yourself and, if you were trying to find out who had given me certain information, put two and two together.
Thankfully, by the time I launched Buzz the company had already started urgently disabling its own product to “fix” the problem and I am relatively confident – enough to write this article – that my source remains unnamed.
Had Google taken another 24 hours to act the situation may have been much worse.
But the fact Google responded to the problem quickly is not much comfort. If anything, it has only made me realise that giving away my private information is an even quicker process.
There is no harder evidence that Google has outgrown its old motto of “don’t be evil” than the launch of Buzz.
As far as failed product launches go it is not a “fiasco” or even a “train crash” but a case of extreme negligence that jeopardised the privacy – and in some cases wellbeing – of its estimated 176 million Gmail users.
And for what? To rush out a poorly planned and tested Facebook knock-off?
Even basic testing should have revealed that mixing private communications – email – with public broadcasts – social networks – was fraught with danger.
Google has promised users that it has heard the “concerns” they’ve raised, but it will take a lot more than that to regain their trust.
Don’t miss: Get The Punch in your inbox every day
Get The Punch on Facebook
Read all about it
Up to the minute Twitter chatter
The latest and greatest
Good morning Punchers. After four years of excellent fun and great conversation, this is the final post…
I have had some close calls, one that involved what looked to me like an AK47 pointed my way, followed…
In a world in which there are still people who subscribe to the vile notion that certain victims of sexual…