In 2007 Facebook rolled out Beacon, an ad system that took parts of user's Facebook data that they thought were private, and made them public. Last week, Google's Buzz did something similar. Beacon was killed by public revolt—and a class-action lawsuit. Now for Buzz comes a potential FTC investigation.
Whether you like it or loathe it, Google's new Buzz social sharing system has hit the headlines in a particularly catastrophic way over and over in the week since its launch. Though Google has moved to adjust some of the issues, some of the damage is already done. Google's usual trick of data-mining and automating some of the process (a trick it uses elsewhere in its other services) directly exposes to public view some data that many Google users would prefer to remain private—thanks to the auto-populated friends list that Buzz used to deliver to you on login.
The issue is that Google's coders seem to have put zero thought into the secondary effects of this automated social grouping—the biggest concern of which is that your friends list was exposed for all to see, and that communications which you may have been having with some people in private suddenly became public. There are other issues too, and most recently it's been revealed that there's an issue with phishing scams via the Buzz-Twitter link, and a big privacy/security loophole that exposes your geolocation if you Buzz, whether or not you want to reveal this info.
Google has, to its significant credit, patched and tweaked Buzz repeatedly as these issues have arisen, but it may be too late. The office of the Privacy Commissioner in Canada (recently involved in forcing Facebook to improve its user privacy control) is investigating, the FTC has received a formal complaint from the privacy watchdog Electronic Privacy Information Center and may also receive one from the EFF.
And all of this angry storm reminds us of the hugely controversial Facebook Beacon ad system, launched back in November 2007. It was ostensibly designed to allow tight integration between external services that Facebook users also utilized, as a way of enabling extremely precise targeted ad placements. But it was forced on Facebook users, and it was flawed—it enabled private user data to pop up in extremely public view. Its privacy-smashing behavior was so shocking and bold that it resulted in law suits, and so much media, advertiser and public outcry that Facebook had to issue a number of tweaks and fixes, before then making Beacon an opt-in system only just a few weeks later. But Beacon was crippled, and limped on until September 2009 when it was finally axed.
Is it possible that Google's incredibly cavalier attitude toward user privacy could turn Buzz into the next Beacon? It's not beyond the pale. Because Google has almost forced Buzz onto its users, since even if it's a half opt-in system it's permeated throughout many of the company's services—so desperate is Google to get into the social networking game. In exposing private data to public view, Google's also risking its trustworthiness reputation, and that's extremely risky when people are beginning to feel a little uneasy at the amount of data Google retains about its users Net and lifestyle habits. If Google user trust wanes, the efficacy of Google's targeted advertising (its core revenue generator) is at risk.
Let's not be hasty though. Buzz is being patched and its security holes are being plugged (even while I wish Google would pay some time and attention to its pig-ugly user interface). And by virtue of being forced onto Gmail users, Buzz already has millions of users. The question is can Google retain these new users, and keep them engaged in a system that was launched while still deeply flawed, and which probably still has numerous security and privacy issues yet to be uncovered? Or will Google's execs deem it too much of a risk, and then let it wither on the vine, just like Facebook Beacon? If that does happen, Google will probably try a different angle on the social net game, since it's just too lucrative to ignore.