Image by cliff1066™ via FlickrGoogle Buzz is definitely the buzz word of the week and, in this industry, has been quickly put under the microscope. As a result, a cross-site scripting vulnerability was already discovered and fixed in the mobile version of the buzz utility. I’m sure close examination will continue to reveal additional security or operational flaws in Buzz, but security minded folks were not the only active critics of the social networking tool from Google.
Initial users were upset by Buzz’s default “all inclusive” settings. These automatic features included adding yourself as a follower of those you most contact through email or chat, (allowing them to automatically follow you as well), displaying all users involved in the follow-fest on your Google Profile, and instant sharing of activity on your other Google sites like Picasa and Reader. Providing easy display of a lot of information to potentially a lot of people, all of these features raised a lot of concern over privacy issues. In addition, new Buzzers were disappointed with the difficulty in finding settings options regarding these features, most while trying desperately to disable them.
While some may not be all that concerned, instant exposure of this information to user contacts without giving expressed permission has been more than disappointing. Some social circles are meant to be separated. Facebook users have been forced to explore this friends and family cross communication fiasco due to multi-generational interest in the social networking world. For many users this is uncomfortable at best.
Complete testing before release may have prevented the scramble for alterations that Google is now the middle of, but the feasible protection of online privacy is the real issue here. In our efforts to connect with the world, can we expect to keep secrets or achieve selective and exclusive information sharing? When we type something into our network connected devices, can we blame anyone but ourselves when that information spreads beyond the originally intended parties?
Anonymity while on the internet is becoming progressively harder to maintain. With photo tagging and friends who gossip across Facebook, even people who never participate in social networking sites have an online profile, in a sense. While reluctant or non users are losing control over just how much the online world can find out about them, self surveillance is now commonplace. We’ve become comfortable with sharing information about ourselves and living and working online, making us vulnerable to attack over the internet and in the physical world. If the Buzzing is getting a little too close you could be in danger of getting stung.
For those interested in de-Buzzing, the links below can guide you through the process:
http://news.cnet.com/8301-17939_109-10451703-2.html
http://securitylabs.websense.com/content/Blogs/3553.aspx
For those sticking with it:
http://gmailblog.blogspot.com/2010/02/new-buzz-start-up-experience-based-on.html
http://gmailblog.blogspot.com/2010/02/5-buzz-tips.html
Matt Sully
Director
Threat Research & Analysis
![Reblog this post [with Zemanta]](http://img.zemanta.com/reblog_e.png?x-id=43e47364-9158-4498-9e06-3c36997b6caa)