Sophos Cloud Optix
I’ve just returned from vacation to find that the everyone is buzzing about.. well, Google Buzz.
Google’s launch of a Twitter-style social network, embedded into its popular Gmail service, was always bound to make headlines of course, but it became the centre of attention for all the wrong reasons when privacy groups complained that it was sharing details of users’ most common contacts a little too freely.
Why is that a problem? Well, imagine you are an investigative journalist who wants to protect your sources, someone having a marital affair, or – dare I say it – someone supporting the human rights movement in China?
Even if you don’t fall into a group like this, it should still be your explicit choice if you want to share details of your private contacts with any old stranger, rather than the default rule if you join a network like Google Buzz.
The privacy backlash caused Google to back-pedal somewhat and make a series of changes to the way Buzz works.
I’m pleased to hear, for instance, that they will now automatically suggest people who Google believe you should follow on Google Buzz rather than auto-follow them without asking. Even though it’s human nature for people to follow a website’s suggestions without much questioning, it’s better than Google thinking it had carte blanche to make your Buzz connections for you.
But many commentators still have concerns that the service is a headache for those who wish to keep their information private, and the continuing brouhaha resulted in Google admitting to the BBC that it had not tested the social networking site sufficiently.
The latest embarrassment for Google Buzz is a XSS (cross-site scripting) flaw uncovered by a hacker called “Trainreq” that appears to be capable of exposing the geographic location of mobile users. The flaw also opens possibilities for hackers to phish information from unsuspecting social networkers.
I must admit I was bemused to realise that “TrainReq” (real name Josh Holly) is the same Tennessee-based hacker who was accused of hacking into the MySpace account of Miley Cyrus a while back, and stealing candid photos of the teen star.
With so many people’s eyes hunting for vulnerabilities and flaws on Google Buzz at the moment, it might be prudent to hold back from participating until things iron themselves out. If you have already taken the plunge into Google Buzz and are now having second thoughts, CNet has published some handy tips on how to disable the service.
My guess is that Google was hoping that Buzz would have had a better first week than this, and it must be thinking that things can only get better.. surely?