If you've heard of Google Buzz, chances are you've also heard about some of the privacy concerns that surround it. The social media service offers some cool ways to share photos, links, status messages, and more with fellow Google Buzz users. But if you're not careful, you may end up sharing more than you expect.
Silicon Alley Insider raised some very real privacy concerns about Google Buzz this week, noting that the service ends up exposing many of your e-mail contacts by default. That's a problem if you have e-mail contacts you'd rather not make public.
You also can't hide your e-mail contacts without cutting them off from your Buzz network. But why should you have to choose between exposing your personal and professional relationships or connecting with people on Google Buzz? Facebook recently changed its privacy settings to allow you to hide your friends list; shouldn't Buzz do the same? UPDATE: It turns out you actually can hide your Buzz follower list. But it's not the default option. See the end of this story for step-by-step instructions.
Another problem is that to use Buzz you have to create a public Google profile, which could end up exposing your Google e-mail address. Your e-mail address is one of the last barriers preventing people from getting in direct contact with you, so you may not want it out on the Web, for anyone to see. By comparison, Facebook doesn't allow people to get access to your "real" e-mail address unless you decide to make it public.
So before you send out your first Buzz this morning, take a look at this privacy checklist, and make sure you're comfortable with all your personal information that could be exposed through your Google profile.
What your Google Profile Is
To use Google Buzz you have to sign up for a public Google profile that will primarily be seen by other Google users. Your Google profile shows other people who you are, and allows you to share Web content like your Facebook, Twitter, and LinkedIn profiles from one place.
You can, if you choose, make your profile semi-public by removing your full name. This stops Google from displaying your profile in Google search results, but it's important to note you can't make your Google profile as private as your Facebook account can be. Anyone who knows the URL of your Google profile will be able to see its contents, regardless of whether or not your profile is searchable.
Everybody knows your e-mail address now
Here's the thing about Google's Web services: if Gmail was the first service you signed up for, then almost every single Google service you activate after that uses your Gmail username by default.
So, for some Gmail users, your Google profile will incorporate your Gmail username into your URL, which ends up looking something like this: www.google.com/profiles/johndoe. It doesn't take a genius to figure out that tacking on @gmail.com to the last part of that URL will reveal the e-mail address for some Gmail users.
You do have the choice to change the URL of your public Google profile so it doesn't include your Gmail username. But the option to change your URL is really no choice at all, because alternative URLs are complicated and impossible to remember, and often end up looking something like this: http://www.google.com/profiles/12345678900987654321. A better option than a 20-character URL would be to allow users to customize their URL any way they like, or at least allow those who have the same username for their Gmail and Google accounts to customize it.
For some people, making your e-mail address public may not be a problem, but if you are using your Gmail account as a private address where you want only a few people to reach you, then you may want to think twice about using Google Buzz. I also have to wonder if Google Buzz won't end up creating the largest directory in the world for e-mail spammers. Sure, that information may be made available on other networks like Facebook and Twitter, but again you only expose your e-mail address on those networks if you choose to, while some Gmail users are not really given that option.
As part of your public Google profile, you can provide links to all the various social media services you use like Facebook, Friendfeed, Flickr, Picasa, Delicious, Foursquare, MySpace, Twitter, blogs, and so on. Today would be a good day to ask yourself whether you're comfortable with the fact that you've made it so easy for people to access this information. If a prospective employer, for example, found your Google profile is there anything there you wouldn't want them to see?
Also, don't forget that anything you decide to share publicly on Buzz will also be displayed on your Google profile and potentially indexed for Google's search engine. So you might think twice before posting that link and giving a thumbs up to a legalize marijuana viral campaign.
Google Reader Shared Items Page
By default, Google will pull content from your Google Reader Shared Items page to Buzz. That makes sense since you wouldn't be sharing blog posts you found interesting unless you wanted others to read them. But if someone clicks through to your public Google profile from Buzz, and you've got Google Reader listed there as one of your links, then once again you may have exposed your Gmail username.
Just like the URL for your Google profile, the Google Reader Web address may display your Gmail username by default, like this: "www.google.com/reader/shared/johndoe."
So if John Doe wants to keep his username private, then just as with his Google profile Web address, John needs to do change the default URL for his Google Reader Shared items page. The result would be something like this: "www.google.com/reader/shared/09876543211234567890."
To change your Reader URL, visit Google Reader and click "sharing settings" on the right hand side under the "People you follow" section.
Now that your Google profile is more public than ever, you may want to figure out whether or not you want to include links to Picasa from your profile and which photos you want to make public.
Again, your Gmail username could be part of the URL for your public photo gallery, like this: "picasaweb.google.com/johndoe." Fortunately, however, Picasa has better privacy options than many Google services.
Let's say that 'johndoe' actually wants to make his Gmail username public, but at the same time he doesn't want to make it easy for someone to find his Picasa photos. If that's the case, John has two choices: customize the URL for his public photo gallery or adjust the individual privacy settings for all his Picasa photo albums.
If John wants to customize his URL he can change it to almost anything he wants. So John can have a Web address for his Picasa account that is not his Google username, easy to remember and share with friends, but also a little harder for outsiders to figure out.
Visit the Picasa support pages to find out how to change your Picasa URL.
The other option is to change the sharing settings on each of your Picasa photo albums. Picasa has three security levels for individual albums, but the names of each level aren't as clear as they could be. So here's a quick breakdown:
Public: Anyone can see your Picasa album, and your photos could appear in public searches in things like Google Image search, Google Maps, Picasa Albums search, and the Picasa Web Albums Data API. You can learn more about public search on Picasa's support pages.
Unlisted: These albums use an authorization key (a combination of letters and numbers) in the public URL. Only people who have the exact combination of letters and numbers in the Web address will be able to see your photos. Google doesn't say whether or not these photos are included in public search.
Sign-in required to view: This is the highest level of privacy in Picasa, and only people you explicitly authorize will be able to view your photos. However, for this security level, anyone you invite to view your albums needs to have a Google account or will be prompted to create one. Again, Google does not specify on the Picasa support pages whether or not these photos are included in public searches.
Learn more about Album visibility options in Picasa.
Sign-out and visit your profile
The last thing you should do is sign out of your Google account and visit your public profile so that you see exactly what other people see. Look at the information collected there, visit the links (you'll want to sign out of those accounts as well) you've added to your profile and ask yourself, "Am I comfortable with this information being public?"
It's not about FUD
Before I open the floor to comments, let me just say that this is not about spreading fear, uncertainty and doubt (FUD). In many ways, I like what Google Buzz has to offer, and am an avid user of Google services. But I also recognize that your e-mail address is one of the most private aspects of your digital identity, and Google should not be exposing this information for some of its users so readily.
Your e-mail address houses your personal contacts, it's used as part of your sign-in ID on countless Web services, and it also happens to be one of the most direct ways that people can contact you. So you owe it to yourself to stop for a moment and examine how much of your personal information will be out there when you're using Buzz, and whether you're comfortable with that.
- Go to www.google.com/profiles and click on "View my profile."
- Click on "Edit profile" in the top right corner of your Google profile page.
- On the next page, uncheck the box to the left of your profile picture that says, " Display the list of people I'm following and people following me." (Note that you can't hide the people you're following on Buzz, but at the same time keep the list of people who are following you public).
- Scroll down to the bottom of the page and click on "Save Changes."
- Your Google Buzz followers, as well as those who follow you, are now hidden from public view.
Connect with Ian on Twitter (@ianpaul)