Google Reader invades your privacy and it's not going to stop

by Will Chen on 26 December 2007 29 comments

On December 14, Google added a new sharing feature to their popular feed reader and lost me as a user.

Before December 14, Google Reader already had a "sharing" feature, which allows you to share posts with people that you had explicitly identified as friends you wanted to share with.

After December 14, Google took everything you've ever "shared" and started broadcasting that information to everyone in your Google Talk contact list. This is the new default setting. If you don't like it, the burden is on YOU to navigate through the settings to opt out of this new feature. Merry Christmas.

Google assumes that everyone in your Google Talk contact list is a close friend of yours, ignoring the fact that we often chat with supervisors, customers, competitors, professors, and ex-girlfriends.

Here's a likely scenario. In the past, maybe you've shared a lurid post about Britney's sex life with your old college buddies. You shared that post with them with the understanding that it was just between you guys. Now Google has unilaterally decided that everyone you have ever chatted with in Google Talk will know that you've read and shared this item.

What if you were a closet homosexual who shared gay lifestyle articles with discrete partners? What if you were thinking of leaving a physically abusive relationship and you've shared spousal abuse articles with the few people you trusted?

Google Bait and Switch Signs of Larger Violations to Come

This is not some random mistake. According to this 9/12/07 post on Wired, this may be part of Google's plan to compete against Facebook:

The overall gist of the video is that Google wants to take its existing set of applications and integrate them around Google Reader. Google Reader will become, not just a way to track news items, but also where you can see what your friends are up to.

 

Now granted, you can already do that to some extent, but you need to set things up by hand. What Google would like to do is automate and streamline the processas well as add more data to the mix.

Speaking of Facebook, you might recall the Beacon scandal where Facebook shared its users' online shopping history with all their friends on Facebook. Instead of learning from Facebook's mistakes, rumor has it that Google is considering a similar move. According to Techcrunch:

Given this controversy, you’d think that Google wouldn’t touch anything remotely Beacon-like with a ten-foot pole. But a source familiar with the matter says that Google has contacted at least one Facebook Beacon partner, and perhaps more, in an effort to drum up support for its own initiative for OpenSocial, which it is calling “universal activity streams."

 

These “universal activity streams” are meant to combine all actions you take online, similar to Facebook’s Beacon, and present them as a line of text in your personal activity feed on Google or an OpenSocial partner site like MySpace or Bebo. Within Google, for instance, these feeds could appear in Gmail, iGoogle, or Google Reader. The universal activity stream is expected to launch around February or March of next year.

This move with Google Reader is only the first step towards the "universal activity stream." If we don't stand up to Google now, they will make their expanded definition of sharing the default for all your other privacy information, such as search results, map queries, Google Docs, Google Notebook, or god forbid, Google Health.

Earlier this year, a report by Privacy International ranked Google dead last in terms of privacy compliance, stating that there is "an attitude to privacy within Google that at its most blatant is hostile, and at its most benign is ambivalent."

Here are some of Google's worst offenses:

  • Google maintains records of all search strings and the associated IP-addresses and time stamps for at least 18 to 24 months and does not provide users with an expungement option. While it is true that many US based companies have not yet established a time frame for retention, there is a prevailing view amongst privacy experts that 18 to 24 months is unacceptable, and possibly unlawful in many parts of the world.
  • Google has access to additional personal information, including hobbies, employment, address, and phone number, contained within user profiles in Orkut. Google often maintains these records even after a user has deleted his profile or removed information from Orkut.
  • Google logs search queries in a manner that makes them personally identifiable but fails to provide users with the ability to edit or otherwise expunge records of their previous searches.
  • Google fails to give users access to log information generated through their interaction with Google Maps, Google Video, Google Talk, Google Reader, Blogger and other services.

Google's Arrogant Defense

The worst part of this whole ordeal is Google's unwillingness to recognize they did something wrong. In response to angry complaints in its feedback forum, Google came up with this excuse:

The "share" feature was always intended to imply some amount of publicity. That's why we used the term "share" and had shared items marked as public by default on the Settings > Tags page. Google Reader Guide.

This is what Google is talking about. In the old system, the items you choose to share are published on a page with a obfuscated URL like this:

http://www.google.com/reader/shared/45388x91944y71z67112 (not an actual working link, just an example).

You "share" this link by explicitly telling your friend about this URL. Technically speaking, this page can be accessed by anyone who knows the address. That's what Google means when it claims the old system "imply some amount of publicity."

But come on. Look at that URL. If you were not told about that URL, there's no way you could access that page. Clearly the 20 random numbers in the URL is an indication that some amount of privacy is expected, and that we want the URL to be seen only by people we explicitly shared it with.

Now Google wants to expand the definition of "shared" to include anyone you have ever chatted with on Google Talk (or worse, anyone you've ever emailed, if your Gmail setting automatically adds anyone you've emailed to your Google Talk contact list).

After getting hundreds of complaints, the Google team brushed off their concerns with this little gem:

All of us on the Reader team are paying attention and are aware of the feedback from this group. However, we do need to balance all these concerns with keeping the feature useful for those who like it and use it. (There aren't many of those on this thread, granted, but this is only a small subset of the people using this feature.) (emphasis mine)

An angry Google user gave this blistering response:

The way these people have handled the current user feedback has shown that they are in reality *not* interested in hearing what people think, contrary to what the original post says. It would be safe to say that regardless of what kind of feedback they get, it will be in the minority because most people don't care that much about the services they use.

 

So the people that give feedback will automatically, by their very nature of caring, be in the minority. Saying that they can't really take such groups into account means that they were in fact lying when they said they wanted feedback.

But who needs feedback when you know your company does no evil?

5
Average: 5 (2 votes)
Your rating: None
ShareThis

comments

29 discussions

Add New Comment

CAPTCHA
This test helps prevent automated spam submissions.
Myscha Theriault's picture

This is right up there with the Real ID Act as being unbelievably disturbing.

Guest's picture
Sarah Hurst

I honestly have no problem with the new share feature. I never used it before. When I wanted to share something with a specific person or persons, I simply e-mailed it to them. Honestly, I never even knew what the purpose of the share feature was. Now, it's fairly obvious.

With all the benefits of Google Reader coupled with the fact that you can disable the feature, it seems a shame to abandon it. But that is, of course, your choice. Perhaps I'm naïve, but I haven't seen any convincing evidence that Google is "evil." Taking over the world, perhaps, but with good intentions. ;-)

Philip Brewer's picture

I can kinda see where Google is coming from, actually.

I use Google Reader, and it would never have occurred to me to imagine that my shared items were somehow "private" just because the link would be hard to guess. (Perhaps because of all my years in computer security where "security through obscurity" is universally seen as a disaster waiting to happen.)

I'm more peeved by the fact that Google's notion of "friends" is related to its chat feature. Neither of the two main people I share items with are people I chat with on Google: my wife lives in the same house with me and we share the same computer (so we mostly just talk when we want to chat) and my brother and I use iChat rather than Google chat. Is there some easy way to just mark people in my Google address book as friends?

Guest's picture
Brian Lindenau

I completely agree. The share feature was never meant to be a place where you kept "private" shared items. They were always broadcasted out without any security.

If you want to share an item with only a few people, use the integrated email feature. It's a breeze to use and I actually prefer it, because I can personalize who the post gets sent to and I can add a comment.

I also think it's a stretch to compare anything Google has done to the "Beacon" fiasco. What makes Google a privacy nightmare has more to do with the shear amount of information they have about you, not necessarily their business practices.

Will Chen's picture

Sarah & Philip you guys both make great points. One could argue that my privacy expectations were unreasonable high in this case. I agree that my interpretation is certainly not a "slam dunk" argument. However, I do think Google has expanded the definition of "sharing" in a way that has surprised at least some of their users. The fact that this change was made as the default setting, and the fact that Google refuse to make this an "opt in" system even after receiving several complaints leads me to believe that this is not an innocent mistake on their part.

Guest's picture

It's surprising to me that most of the above respondents aren't concerned about this.

If I'm reading this correctly, this means PAST articles read and shared will now be fully public. And was this done without warning?

Please, if you don't agree with Will, then please, please, please answer this question. Isn't it better for us, the users, to have control over who we want to receive whatever info? Isn't it better to allow an individual decide what to disclose. It was possible to do that...Google had done exactly that until December 14.

Will, I'm actually writing a column on all of this...what is the best way to contact/talk with you? Thanks.

Jonathan Trenn

Will Chen's picture

Hi Jonathan, I'll send you an email.

Will Chen's picture

This feature was already turned on when I accessed my Google Reader last night. Google did provide a pop up telling me about this new feature, and that I can opt out by tweaking the settings (which took me about 3 minutes to figure out).

Based on some of the user complaints, I believe (a) my past shared items were being shared before I opted out (please feel free to correct me if I'm wrong), and (b) some people had a much harder time with this "opting out" process than I did. Here are some highlights:

Google Ruined My Christmas:

This is going to sound like hyperbole, but this new feature has actually RUINED CHRISTMAS for my family! I sent a share a few days ago that I thought would only go to a few politically-like-minded friends. I didn't realize that because I had chatted with him in GChat, it would also go to my brother, who is of a different political persuasion. When he received it, he sent a snide, angry email about it to a large group of our family members. I sent him an email (I'll admit, not the nicest one I've ever sent) asking him not to talk about me behind my back and recommending that he stop reading my feed if the posts were going to make him so angry. He called me a nasty name and told me that if I can't take a little ribbing, maybe we shouldn't talk anymore at all, including at Christmas Eve dinner. My whole family has taken sides over this divisive political issue, and several of them are not speaking. I kid you not, this is threatening to break up my family at Christmas...

Google, you can set up whatever features you want and make whatever rules you want to. But you have to give us fair warning so that we can make decisions about how to use your products. You can't change the rules without telling anyone. People have integrated your products into their everyday lives, so the changes you make have real effects on our lives, including our relationships with the people we contact. You have to keep that in mind when you make these sorts of major decisions...."

Turn this off now :

"I want this turned off and like, now. Now my business associates, my family, my parents can all see my shared feeds and I have no control over that at all. I WAS using the shared feed for myself as a way to backup important RSS feeds, not to share with people I hardly know who happen to be in my address book. This is an awful, awful feature, an invasion of privacy and a feature that no one wanted in the first place. If we did, we'd share the link! I want a way to turn this off immediately."

Quite a shock:

"It was quite a shock this morning when I opened Google Reader only to be told that my "friends" could see what feed I'm subscribed to. Then I realised it's only shared items, but even so, I don't like the way Reader is going at all. Who's to say that the next new feature won't mean other people can see feeds I haven't shared?"

You've ruined my research:

For the last year I have used my obfuscated share URL for sharing market research with a small handful of trusted colleagues. I have over 700 shared items which represent one of the most thorough catalogues of discourse about a very particular market in my industry. Its absolutely intolerable to me that now all of my industry contacts (competitors) who are also gmail contacts will be able to mine this information as well as piece together fragments of other initiatives I've been considering. My only options to "opt-out" of this are to unshare 789 posts - effectively deleting an archive of research, or delete all my contacts from gmail."

Thanks for sharing my last name:

" Aside from all of the other reasons that people have already listed as to why this is a horrible feature and gross invasion of privacy, the most egregious thing I've seen is that all of my contacts were now able to see my full first and last name -- despite the fact that I hid my last name in my gmail account -- because I used both when I signed up for my google account."

Thanks for helping my competitors:

I use Reader for keeping my company aware of industry news and trends. Many of my gmail contacts are in my previous company who is a direct competitor to my current company. I DO NOT want people in my old company seeing what news items are being shared in my new company. If you do not make it possible to turn off the new feature by end of business on Tuesday, December 18, I will stop using Reader. Please don't make me do that."

And about that 20-digit URL code :

"Thinly"? You mean that 20-digit code in the URL? No, that wasn't a thin disguise, any more than the fact that you (on this group) don't know where I live is a thin disguise. My home security comes from thick doors, locks, and people inside; its privacy comes from the fact that I don't announce its address to just anyone. The shared feed used to be documented to only go to people you handed it to.

Google employee showing off the obsfucated URL for another product (Youtube video)

IIRC, the old obsfucated sharing URL was also not indexed by Google.

OH yeah, here's a radical idea:

"Um, what about all of the suggestions you've received that you make the feature optional -- that people can turn it off if they don't like it? Call me crazy, but that seems like a perfect way of "keeping the feature useful for those who like it and use it" while at the same time satisfying those of us who don't."

Guest's picture
Guest

How did you disable this "feature"? I agree that this is a bad mistake on Google's part. If I wanted my shared items automatically shared with all of my contacts I would have done it myself. How dare they betray us like this...

Please let me know how you disabled this!!

Will Chen's picture
Will Chen

Go to settings --> friends --> and unshare all.

If you only have a few skeletons, you can go to each post and unshare them individually. 

Guest's picture

While I'm not one to attack people, it seems that some seem to view this whole situation through their specific experiences and not the big picture. It is almost one has to have a bad experience to realize its pitfalls.

Guest's picture
Patrick

I don't use the "share" feature in Google Reader - I guess I never got around to using GR to its full capabilities.

Even though I have not been affected by this new feature, I do not believe it is a good capbility to thrust upon the unassuming public, especially when it is set as a default option. It would not be difficult for Google to go into the program files and rewrite 2 lines of code to change that.

I will keep using GR because I am familiar with it and I like its features (I switched over from Bloglines several months ago because I thought it was easier and more robust; I haven't used Bloglines since then). But I am not pleased with this development, and may look into something else.

Guest's picture

Fortunately, my Google reader is linked to my blog's google account...and my blogging life is a reasonably open book. There's no random blogs I read that reveal anything about my life. I can see that lines might be crossed if you read under your own name!

That said---yeah, not cool on Google's part. If this had been in my non-blogging account, I would have been highly highly pissed! I've heard people say there was a warning, but I don't recall it. Certainly nothing of the magnitude that "hey, anybody can see your shared posts." Maybe my browser blocked it?

Do you think that I, as someone this hasn't burned but this could have burned in theory, should add my two cents to the thread and tell Google that I don't like it?

Will Chen's picture
Will Chen

I've talked to several people who didn't recall the warning.  It might be a browser problem.  One person I talked to mentioned the fact that he is so busy during the holiday season that he might've skipped over it by accident.

It looks like Google is ignoring the complaints for now.  But it wouldn't hurt to add your opinion to the thread.  =) 

 

 

Guest's picture
Justin

This is riling people up something fierce. It seems to me that while this can lead to trouble, viz the unfortunate stories shared above, the preventative fix is a simple one: turn the feature off. I've always used the "e-mail it" feature to share items with specific people. I "shared" only if I was willing to let the everyone one earth know I was reading that item.

I sympathize with the horror stories, but Smart Sharing or a simple click of the mouse can make all the bad stuff go away!

All that having been said: thanks for spreading the news on this, Will. I'm a regular reader, and though I can't quite comprehend the general level of outrage this has provoked, I appreciate the work you do here. Thanks!

Guest's picture
Justin

I "shared" only if I was willing to let the everyone on earth know I was reading that item.

That's how that should read, sorry.

Guest's picture
Justin

Dangit all, you get the point. : )

Guest's picture
jgodsey

> This is the new default setting. If you don't like it, the burden is on YOU to navigate through the settings to opt out of this new feature.

not so....there IS NOT OPT OUT OF THIS FUNCTION.

All you can do is delete your shared items, or delete your contact list. pick one.

Will Chen's picture
Will Chen

I appreciate your comments Justin.  Being able to converse intelligently and civilly with people who hold different opinions is the best part of writing for Wise Bread!

jgodsey, I think Google might have addressed that.

Google said: "We just added a new option for those of you wishing to rearrange your
sharing habits in light of the new features. Now, the "clear all
shared items" link also includes an option to apply a tag to all of
these items. That means you can safely clear out your shared items,
but still keep them organized together, either for your own reference
or to share with a more limited audience."

I don't know if it works.  But frankly after the cavalier way they expanded the definition of "sharing" I didn't want to stick around to find out. 

 

Guest's picture
Rob in Madrid

this is the very reason I've started using scroogle.org/ for most of my seaches.

excellent post something to keep in mind

Guest's picture
plonkee

I'm still using bloglines, and was thinking of switching to google reader, but now I'm pretty sure that I won't.

This wouldn't really affect me, I read under my blog name, not my real name, and I probably wouldn't figure out how to share things. But that's kind of the point, I'm not savvy enough to work out that something will affect me badly until it does. Google (much like any company) shouldn't be trusted with too much of my information.

Guest's picture
Rob in Madrid

Will I'm sorry to hear what happened with your family but you bring up a good point, things written in email come across much stronger than we realize hence the (over)reaction to the emails.

My suggestion is that you apologize (regardless of who is at fault or not) in person and agree to disagree and avoid political discussions in the future.

btw scroogle is for searching.

Guest's picture
MJB

From a human-computer interaction point of view, they created a meaning and functionality for the word "share" and then they broke it. People had things set up how they were comfortable, and then their model or conception of their GR setup got broken (for some people, just a little scratched, but for others, smashed up pretty bad). If Google wanted a new feature, they should have come up with a new way to describe it, a nice notification about it, and an option to convert things over to the new feature if desired (and no change otherwise).

From an ethical point of view, GR users consented to have one thing done with their information, and Google decided to go and do some other thing. Now I haven't read the GR TOS, but I'm guessing they covered themselves so that it's legal, but in my book it's definitely not "not evil." This was a very bad PR move.

Guest's picture
Porous Horace

Will, let me get this straight. People click a button labeled "Share". And then, when viewing their shared items in Reader, there's a banner which says they're "publicly accessible" by a web page and a feed. And then some people expect to use this page for some manner of "private" use?

Then Reader makes these publicly accessible items easier to discover. A page-blocking interstitial announces this change and allows people to move or clear this stuff before anyone else sees them. (I verified this.) And this is an invasion of privacy?

Seems fair to criticize Google for making this change without an easier way to keep the desired behavior constrained to a subset of people I choose, but... your post title is way, way, way off base. It isn't true. An expectation of privacy cannot be made on a feature which describes itself as "publicly accessible." Anyone can see the URL if they visit. And it bears repeating, security through obscurity isn't security at all. If I hand that URL to your boss, she's gonna be able to see it - there's no authentication! People get burned on this kind of "security" all the time and it shouldn't ever be used as a data hiding measure. Looks like it wasn't intended to be used like that here.

However, Google super-screwed the pooch by not having an easier way to opt-out of this entire social-ness experiment, even if it isn't close to being a privacy violation. It adds more clutter and cognitive weight for those of us who aren't ever interested in sharing and makes the product harder to use. C'mon Google, what happened to simple?

Will Chen's picture
Will Chen

"My suggestion is that you apologize (regardless of who is at fault or not) in person and agree to disagree and avoid political discussions in the future."

I just want to clarify that the "Google ruined my Christmas" post happened to someone else. Though, I think if my parents read my RSS feeds, that might've ruined my Christmas as well. =)

"they created a meaning and functionality for the word "share" and then they broke it"

That's a great way of putting it.

"An expectation of privacy cannot be made on a feature which describes itself as "publicly accessible."

Is it a matter of all or nothing? I see privacy expectations as a spectrum in which users should have granular control and should be given some fair warning before the standards are changed.

I agree with you that an obfuscated URL is not perfect security, or even great security. But it is SOME security. It is a much higher level of security than, say, Google publishing your feed as:

google.com/shared_feeds/will_chen

To some extent the obfuscated URL implied a certain degree of privacy and choice. If I didn't choose to share that URL with you, you wouldn't know about it.

Sure, if I had shared that obfuscated URL with you, you could broadcast it to the world. But that's the same kind of chance I would be taking if the URL was password protected and I gave you the password.

"However, Google super-screwed the pooch by not having an easier way to opt-out of this entire social-ness experiment, even if it isn't close to being a privacy violation."

Well said. Privacy problems aside, I think generally it is a bad idea to change your service, make the change a default, do it during the busy holiday season when people are not paying attention, and then make it hard for people to switch back to the old system.

Guest's picture
Justin

Just as a resource for anyone else who's interested:

How to Selectively Share Your Google Reader Items via Lifehacker.

Guest's picture
Guest

Never use it, never will. I wipe clean ever registry setting of
Google tool bar from all my machines. They are compiling profile on everybody and when the Big F(*&g Brother put them in the corner they will give it up. Wake up people you sell your freedom for a some cheese. Beware this cheese is in the trap and you are getting in. FireFox let you send random query streams to Google, try it.

Guest's picture
Guest

you are absolutely right-indubitably.I support you completely wil.

Guest's picture
melissa susan hunter

welcome to the internet. of course everything you type is made public! the fact that google previously did not make it public was simply a nice addition, but if google no longer wishes to maintain such a privacy feature, they have the right to delete it and, yes, they also have the right to give you the 'burden' of opting out of the feature (which i cannot imagine to take so very much of your incredibly busy time). using the feature on google is a bonus, not a right. if you don't like the policy, then i agree with your decision to stop using google, but there really is no reason to complain and whine about it.