Google touts privacy as it readies social-networking features, and fires engineer who snooped on users
Google has had an awkward week when it comes to its users' privacy. Just as it was touting recent changes to its privacy tools and policies, word leaked out that (a) one of its engineers had snooped on Google users and (b) the company plans to introduce a new set of social-networking features.
That's not the timing the company could have wanted when it began booking ads for its "privacy tools" (there might be one right above this post) and inviting tech reporters to stop by its D.C. offices for a series of briefings.
I paid one such visit Tuesday, and I was surprised to learn a thing or two in the process. I had either overlooked or forgotten how you can pause Google's recording of your search history (if you have a Google Account and are signed into it) and then edit that search history. By virtue of not using Google Latitude, I didn't know that you could use that service to mislead others about your location. And I would not have guessed that one of seven visitors to Google's Ad Preferences Manager uses that page's opt-out feature to stop Google from tailoring ads to his or her eperceived interests.
The briefing also covered how Google had recently condensed some of its privacy policies and made it easier for users to find their privacy settings at such pages as its helpful Dashboard, which summarizes your activity across its services. I appreciated how the Mountain View, Calif., company has detailed exactly what language was deleted, rewritten or added during these changes instead of leaving that chore to third parties.
But Google's privacy policies still fall short of providing what I want to know most: just how far your data can flow in and beyond its organization. When I add an event in Google Calendar, I'd like to see what other Google services will be informed by the knowledge that I've got a flight out of Dulles in the morning.
A different issue with privacy on Google emerged that afternoon, when Gawker reported that Google had dismissed an engineer who had snooped on friends using its services:
David Barksdale, a 27-year-old former Google engineer, repeatedly took advantage of his position as a member of an elite technical group at the company to access users' accounts, violating the privacy of at least four minors during his employment, we've learned.
Google quickly confirmed that it had fired Barksdale and had stepped up its security rules. A PR statement said the company was "significantly increasing the amount of time we spend auditing our logs to ensure those controls are effective."
I'm told that Barksdale's exploits make him only two of a kind at the company, and that the company has cut down on the number of people who may access users' data to ensure that things are working correctly. (Like it or not, that's a normal part of networked systems; if you want to guarantee that nobody can peek at your information on their server, encrypt it first.)
But Google wouldn't say whether it planned to press charges against Barksdale or whether it had plans to make other changes to how it screens and monitors employees assigned to these sensitive tasks.
Finally, on Wednesday Google chief executive Eric Schmidt confirmed what many observers of the company have been expecting: The company is working on a set of social-networking tools known collectively as Google Me. The Los Angeles Times' report explained that Google will add a "social layer" to its products, allowing users to see how their friends may have crossed paths with them online.
Put me down as a skeptic of this. I am comfortable with a certain amount of Balkanization in my social networks online. I have to remember more passwords, but it doesn't subject my privacy to single-point-of-failure risks and lets me disclose different amounts of data to different circles of friends and acquaintances.
Google is welcome to try to convince me otherwise, but first I want to see it open up about what it does with user data and how it watches for abuse among its own employees. Saying "trust me" won't cut it, but more transparency might help.
September 17, 2010; 9:22 AM ET
Categories: Privacy , Social media
Save & Share: Previous: Thoughts on Craigslist, 'adult services' ads and convenient targets
Next: PostPoints tip: When in doubt, search by date
Posted by: wiredog | September 17, 2010 10:16 AM | Report abuse
Posted by: slar | September 17, 2010 11:05 AM | Report abuse
Posted by: mtborah | September 18, 2010 7:18 AM | Report abuse
Posted by: panamacanuck | September 20, 2010 1:17 PM | Report abuse