Tag Archives: privacy

Gawker Reports on Ex-Google Engineer Reportedly Showing his Unfettered Power to Teens

I hope most people are vaguely aware that the Google’s great utility and ubiquity also pretty much means it knows everything about you. If not, this Gawker/Valleywag story by Adrian Chen should be a primer. It’s the first detailed alleged case that I’ve read in which a Google employee was reportedly caught and punished accessing and disseminating private information. And not just basic private information, like birthdate or middle name. But something as tangential as the phone number and name of his target’s girlfriend.

It’s unclear how widespread Barksdale’s abuses were, but in at least four cases, Barksdale spied on minors’ Google accounts without their consent, according to a source close to the incidents. In an incident this spring involving a 15-year-old boy who he’d befriended, Barksdale tapped into call logs from Google Voice, Google’s Internet phone service, after the boy refused to tell him the name of his new girlfriend, according to our source. After accessing the kid’s account to retrieve her name and phone number, Barksdale then taunted the boy and threatened to call her.

There’s any number of ways to get this info…it could be as simple as going through the contacts list. Or the chat and call logs. Or typing in “xoxo” into a Gmail search. The point is, according to Gawker’s exclusive, is that even if Google lives up to its public-relations image of being privacy-conscious, a rogue employee can apparently have free and all-seeing access into your accounts. This is the case with any database-service, government or corporation run. But for some of us who use Google for everything, unauthorized information access can be catastrophic. For example, because GMail’s search capability is so convenient, I email myself the dates and times of doctor appointments. Anyone who has access to my account could easily find every doctor or dentist I’ve gone to, and when.

The biggest question in Gawker’s piece (Google did not return their calls for comment) is what kind of access logging they do for engineers such as Barksdale. Gawker says an ex-employee tells them that Barksdale’s position required constant access to the servers, and that engineers such as him were highly competent and trusted:

Barksdale’s intrustion into Gmail and Gtalk accounts may have escaped notice, since SREs are responsible for troubleshooting issues on a constant basis, which means they access Google’s servers remotely many times a day, often at odd hours. “I was looking at that stuff [information stored on Google’s servers] every hour I was awake,” says the former Google employee. And the company does not closely monitor SREs to detect improper access to customers’ accounts because SREs are generally considered highly-experienced engineers who can be trusted, the former Google staffer said.

Google Buzz == Gwitterbook

Well, my first impression of Google Buzz is that it’s a convenient way to FriendFeed my stuff to Google contacts. But I’m surprised at how poor of an interface it released with…I can’t recall the last major online service where I’ve been so confused on how to perform as simple a task as finding the settings panel. For example, last night I stumbled upon the option to set my Buzz to be “Public” or “Private”…and it took me awhile to remember how I got there this morning. The shortest path that I’ve found is to click on my own name in Google Buzz, then find the “profile link”, which takes me to another intermediary page where I have to divine that the link “Add more info to profile” will take me to a few basic privacy settings.

How about a simple “Privacy settings” link that Facebook wisely added at least a year ago? Why didn’t Google learn such an obvious feature from the leader?

This confusion is pretty inexcusable given that I’ve been on GMail for at least four years…this interface should be at least halfway intuitive. Even worse, there’s little to assure me how specific and granular these settings are. Facebook deserves to be criticized for its privacy missteps, but it’s done a fine job in giving us a huge amount of flexibility in designating what is viewable to whom.

With Buzz, I know there’s some kind of change between a “Private” and “Public” Google profile…but does setting it Private also make it so that random people can’t follow my Buzz? Or just that my profile information (city, date of birth, mugshot, etc) is hidden? Maybe Buzz wanted to go for the “Apple” approach in arrogantly deciding what’s best for the user in order to have the most clutter-free interface. But I think privacy concerns trump having a lowest-common-denominator interface.

Especially since Google is already in the limelight for owning too much of our personal information. Now they’ll have a database of every status update you made, and if it was from your phone, where you were.

Google’s sloppy approach has already made for some awful PR: WARNING: Google Buzz has a huge privacy flaw, says Silicon Alley, referring to how Buzz automatically sets you up to follow your most-contacted people.

I wouldn’t call that a huge privacy flaw…99% of people would be OK with following the people they message the most. But for journalists who may be using GMail for contacting anonymous sources…that’s a horrible default setting. Actually, I think the problem is that by default, this list of followers is publicly available…unless you go into the settings and find the appropriate checkbox. Now how do you get to the privacy settings again?…

Facebook CEO’s Mark Zuckerberg Gets Caught With His Privacy Pants Down

UPDATE: This commenter notes that Hill has a friend of a friend with Zuckerberg, which is a different level of privacy than just the whole world. Hill did note that a previous look into Zuckerberg’s profile showed it to be private (though she may have made the mutual friend since then).

True/Slant’s Kashmir Hill catches Facebook CEO’s Mark Zuckerberg not quite grokking his own brainchild’s privacy policies.:

Facebook CEO Mark Zuckerberg either missed that article or doesn’t care. Back in October, I checked the Facebook profiles of the Facebook executive team, and found their privacy settings to be quite high.

Well, that’s changed. His profile is now on uber-public settings. I can see his wall, his photo albums, and his events calendar. Zuckerberg recently became a fan of Taylor Swift, uploaded graphic photos of “The Great Goat Roast of 2009″ three months ago, and plans to attend the Facebook holiday party on Friday night. I can even tell you where it’s going to be held.

You can check out his profile here.

I think it’s obvious that Zuckerberg did NOT intend for all his photos to get out there. He’s kept his profile public (possibly to save face, though in the before/after pics, his wall reads like a list of press releases) his photo albums are now hidden:

Before Kashmir Hill’s article:

Mark-Zuckerbergs-profile-privacy-settings-low

After:

Mark Zuckerberg's profile, now with more privacy!

Mark Zuckerberg's profile, now with more privacy!

Also related: Reuters financial blogger Felix Salmon, and many others, had his friend list scraped and posted by a rival financial-laws activist site.