Google found itself in hot water with privacy advocates this February over Buzz, its new social networking platform. But, Google's isn't the only social networking site plagued by privacy issues.

In general, social networking sites have little interest in protecting the privacy of their users, said Randy Abrams, director of technical education at anti-virus vendor ESET.

“Privacy is the bane of social network sites,” Abrams said. “It is the lack of privacy that sells these sites to users, so effective privacy controls diminish the value to the owners of these sites.”

A majority of users do not understand the potential privacy implications of social networking sites, Abrams said. And, social networking site owners do not seem to be interested in educating users about these issues, he added.

Information made public on social networking sites can make it easy for cybercriminals to perform social engineering attacks, or cause people to lose their jobs, Abrams said. In addition, errors in social networking platforms can result in unintentional information disclosure.

The main privacy concern with Google Buzz was that it automatically set users up to “follow” the people they frequently emailed and chatted with, which essentially made some or all the names in a user's address book public information.

“Since who you frequently email with can contain private information, making this list public can create serious problems,” said Kurt Opsahl, senior staff attorney with the nonprofit consumer rights organization Electronic Frontier Foundation wrote in a blog post.

Before it was launched, Google tested Buzz internally among 20,000 individuals, a Google spokesman said.

“You cannot incubate social products in a Petri dish, or suddenly announce a fully baked product,” the Google spokesman said. “If you look at any company that's been successful in this space, it's because they have been able to iterate, refine, listen, stumble, get back up and dust themselves off.”

Google said the social networking platform was rolled out with an “auto-follow” model to make the setup quick and easy for users. Abrams, however, said Google may have considered privacy “acceptable collateral” when they launched Buzz.

“Google probably figured that any amount of money that a lawsuit might realistically cost them would be small compared to the value of a massive, instant social network,” Abrams said.

Just days after receiving a flood of criticism about the issue, Google switched the platform to an auto-suggest model, where a user must approve suggested friends. Google also has issued an apology.

“We quickly realized that we didn't get everything quite right,” Todd Jackson, product manager, Gmail and Google Buzz, said in a blog post. “We're very sorry for the concern we've caused and have been working hard ever since to improve things based on your feedback. We'll continue to do so.”

Google responded quickly to privacy concerns that never should have happened in the first place, said Opsahl.

“While Buzz previously had a lot of these privacy options available, the user interface failed to provide users with the setting users had reasonably expected,” he said. “Google should follow fair information practices and make secondary uses of information only with clear, unequivocal user consent and control.”

Going forward, all social networking sites should be configured for the maximum level of security and privacy by default, Abrams said. When suggestions are made to lower privacy settings, these sites should include easy-to-understand descriptions of what the change does and what the implications are.

In addition, social networking sites often offer applications that are not developed by the site itself. If this is the case, the site should include a warning that the application was not developed by the site and may be used to steal or mishandle personal information.



9,000,000
Number of posts and comments users created on Google Buzz, two days after it was launched.
 
Source: Gmail Blog