Google Reader Begins Sharing Private Data

Felipe Hoffa writes "One week ago Google Reader's team decided to begin showing your private data to all your GMail contacts. No need to opt-in, no way to opt-out. Complaints haven't been answered. Some users share their problems, including one family who says they won't be able to enjoy this Christmas because of this 'feature.' Will Google start doing this with all their products? You can check a summary of complaints in my journal here or browse the whole thread in Google Groups."

I never "got" GMail

[pauljlucas]

One week ago Google Reader's team decided to begin showing your private data to all your GMail contacts.

I never "got" why people fell all over themselves about GMail and getting a GMail account. I've kept my own domain and use it for e-mail. Should my mail provider do something I don't like, I'd move my mail to another provider and update my MX record. (FYI: my mail provider, registrar, and ISP are 3 different companies.)

Maybe I'm missing something

[hax0r_this]

but there seems to be a fairly obvious way to opt out. Its not sharing any of my private data, because I simply don't use the product.

If you aren't willing to give Google what they want then why should Google give you anything?

Web applications

[MichaelSmith]

...more often than not are proprietary software. An open source desktop application would more than likely to have a thousand options for customisation so that all the users are pleased, (gnome applications excluded of course). If you are running proprietary software on your desktop or a proprietary web application then you use what you are given.

damned if you do, damned if you don't

[larry bagina]

at this point, anything google does is going to piss off someone. They need to keep growing to keep the suits happy, but the more they grow, the less I (and others) like them. Yahoo tried to be everything to everybody and failed it bigtime. Maybe if their search wasn't full of shit results they could look it up.

Re:I never "got" GMail

[morgan_greywolf]

I never "got" why people fell all over themselves about GMail and getting a GMail account.

AJAX makes gmail easily one of the best user interfaces as far as webmail goes. Unlimited space, for all intents and purposes as an e-mail account goes. Free POP (and now IMAP) access. Solid spam filtering. The webmail interface is entirely searchable using Google's fast and easy search engine technology.

In short, it's everything free e-mail providers like Yahoo and Hotmail promised, but never delivered on.

Yahoo??

[Locklin]

as things stand now I prefer having my email on yahoo/google than on a personal domain just for this reason.

So you don't mind Yahoo pasting spam into your outgoing emails? Those little ads at the bottom of your emails from Yahoo (and msn) users are rather annoying. It's one thing to pay for the service by viewing ads, but it's another to pay for it by spamming non-users.

The issue is a change in semantics

[ai2097]

As many readers have commented, this does not seem like such a big deal. Shared stuff being public? Who cares? Don't do it, ya morons! And so on.

I don't use GMail, or Google's reader. However, from TFA and the complaints, it appears as though there was a service where you could aggregate and re-publish feeds through a link that was not (automatically) published anywhere. Google changed the semantics of this, to mean that these "shared" feeds are now automatically available to everyone in your contact list. This (rightfully) has pissed off many existing users, who have invested their time into a system that they must now abandon, because most people have the concept of "mixed company." You don't talk about certain topics in certain groups -- you might be fine making dirty jokes around your regular friends, for example, but you behave yourself when you're at a professional lunch.

So, this is not a matter of not using it -- it's a matter of bait-and-switch. The rules got changed out from under the user's feet, and that leads to a feeling of betrayal in the case where embarrassing information gets leaked. Google gave the impression that you were just hanging out with your friends, and then let in your stuffy colleagues while you were in the middle of telling The Aristocrats Joke [wikipedia.org].

Re:Don't bring an internet to a pissing match

[Anonymous Coward]

The problem was that it was shared with more people than intended. Imagine sending an e-mail using g-mail to one of your friends and finding that it was sent to your entire contact list, and you'll see where the problem is coming from.

Re:Ok right....

[JPriest]

And this would be fine if the feature was always this way, but if they are going to change the behavior of the feature to be public to anyone you have had contact with, they should at least give you some warning about it in advance.

Re:This would have been disastrous for me.

[mitchellsoft]

Just like the rest of the politicians, huh? The only way you or your group can stay in "power" is to lie to the people. Keep the faith, I guess.

Why would you in the first place?

[Duncan Blackthorne]

I don't know why anyone would store anything important or personally sensitive anywhere on the internet anyway, unless you store everything encrypted. I've had close friends of mine under standing orders for years running to never email me anything of a personally sensitive nature, or at least understand that if they do, transmitting it via the internet is completely insecure. I read more and more about "online apps" instead of local apps, and online data storage companies, and I have to roll my eyes because I have to assume that sooner or later someone, either criminals, the government, or the company itself, is going to go browsing through whatever you've got stored on their servers. Bottom line: You want privacy for your data? Store it locally, or better yet, offline.

Re:I don't get it

[X]

For this scenario to play out, you'd have to click on "share" an article from these feeds. Free advice: if you are worried about privacy, don't click on things that say "share". If you do, you might want to unclick them quickly.

headline should read...

[pavera]

Google Reader begins sharing public data in a new way.

These were not "private" feeds, they were publicly available URLs (although obfuscated).

I'm not necessarily siding with Google on this one. I do think they should have thought this change of functionality out a little more, but the fact remains this data was already public. Comparing it to the Beacon scandal is not accurate at all.

Re:Tempest in a Teapot

[sumdumass]

But he brings up a valid point. When ever you trust something to the whims of someone else, expect them to be the keeper of it, not you. There were plenty of people who shared with a few people under the assumption that only a few people saw it. When others in the contact list started seeing it, it created problems for them. Why? Because google at their whim change how something worked and people had the ability to access something though you that you didn't count on.

And this goes with on line documents or anything. If they change the policy because of whatever and catch you off guard, your shit out of luck. BTW, if you were a closet homo, would you want you mom and dad to see that you were sharing Gay Marriage articles with your lovers? I mean this as minor as you might think, reaches far beyond simple arguments about who cares. It goes to exemplify why you shouldn't trust anything to another person or company that can make a number of changes without notifying you.

Re:This would have been disastrous for me.

[mikesd81]

Your spouse and close friends, I would think, would already know where you stand religiously and politically? God, oh sorry, knows my friends do.

Sadder...

[SanityInAnarchy]

I'm not trying to justify Google here, but...

You're in politics, and porn and atheism are enough to end your career.

Not your fault, I'm sure, but that is sad.

It's not the feature...

[SanityInAnarchy]

...it's how it was rolled out. Things that were not shared have now become shared.

If you actually work for Google, it sounds like your attitude is part of the problem.

Yes, the feature is cool. Yes, people will get used to the new way things work. No, it still was not OK how you rolled it out.

I mean, come on. You're fucking Google. You're supposed to be the best engineers in the world. So tell me, how hard would it be to have a "shared" option, and a third "publish" option which was off by default? And then to prompt people on their first login after introducing "publish" whether they wanted their stuff to be shared or published by default, and whether they wanted that change to affect all their shared stuff?

That took me, what, ten seconds to think up, and less than a minute to type, and this isn't even my fastest keyboard.

Re:Shared items are not private

[sumdumass]

You do understand that telling one or two people something while it is "sharing" it with them, isn't the same thing as telling everyone that same thing right? And maybe the fact that so much of everything else is so public, that these few casually private pieces of life would mean more in this respect then an average joe not in the same position.

The problem isn't that it was shared, it was who it was shared with changed and that meant things that you wouldn't tell you boss made it to him directly from you without any notice or any way to prevent it.

Mr. Hand was right

[mcmonkey]

You are all on dope.

You give Google your private data, while they keep it private.

Are the folks at Google like the magical elves that come out at night and fix shoes? No, Google is a business. The folks who own Google do it for the money. You give Google your private data, and they mine the stuff out of it. There's nothing private about it. Your private data, after you give it to Google, isn't private any more.

Re:Tempest in a Teapot

[sumdumass]

Oh pulleeze. Nobody is forcing anybody to use google. When you choose a "service" run by somebody else you accept the risks involved. If you are concerned that it might change then don't use it. Build your own email server and everything else you want at home and stop whining.

That is exactly the point. You cannot trust the other guy. You need to do it yourself. And it isn't that people are forced into using Google, it is that they were charmed into a false sense of security.

It's getting harder and harder to evaluate LEGITIMATE issues with google from the people that just like to complain because they are happy when they are complaining about something thats popular.

I wouldn't consider this a legitimate issue, I would think it was more of an annoyance. But it is still an issue because people do things they don't want others to know about. And when there was an expectation of privacy, even if it was minor, when that expectation gets removes, there needs to be adequate notice given and a means to get out. Even if it means not sharing anything at all.

wtf?

[wandernotlost]

The headline and summary of this article are not only false, but probably illegal slander. In no way can the sharing of "shared" data be considered "sharing private data," whether or not some users fooled themselves into thinking it was private. If anything, this is a benevolent move on Google's part because it makes users more aware of the fact that data they are explicitly making public is, in fact, public.

So fuck you, Slashdot, for lying to me and wasting my time.

Re:Tempest in a Teapot

[anilg]

To add to that.. and to explain this issue better you need to see when and how the features were added.

The 'sharing' feature was added earlier. It gave you a unique url that was a feed to your favorite items. It was 'public' but only you knew and could share that url to others. In a way that gave you privacy as you chose who saw things and who didn't. Google's own documentation said as much.

Then came the Gtalk integration and suddenly everyone in your contact list is being subscribed to your 'private' feed. This is probably a small annoyance, but is still a breach of privacy.

An exaggerated analogy, in slashdot terms.. /. gives you a unique url that can login automatically for you.. and /. FAQ says this is 'very insecure' but 'very convenient'. Since only you know this url, only you can login. Now imagine if /. went around broadcasting this url to all you friends..

Google, IMHO, made a mistake. Don't blame malice when stupidity was the culprit. Now their 'ego' wont allow them to revert and that is sad.

Re:I never "got" GMail

[Ross Finlayson]

I agree. Serious professionals do *not* use "@gmail.com" email addresses. Sorry, they just don't. Ditto for "@yahoo.com", "@hotmail.com" etc.

If you don't want to look like a noob, then don't use "@gmail.com" email addresses.

Re:Tempest in a Teapot

[Anonymous Coward]

Speaking of stupidity, I find it difficult to feel sorry for anyone who assumed an open website would be protected against prying eyes simply because the URL wasn't published. If their documents were really that sensitive maybe they shouldn't have put them somewhere anyone with a web-browser could view.

Waa waa. You're a moron. Congrats. Now your parents know you're into midgets fucking ponies.

seriously, grow the f**k up /.

[Anonymous Coward]

so

google will share your public shared list with people you know (and only with people you explicitly know, not "everyone", and only when you actively share it.)

seriously, what the hell is the problem with this?

you people need to grow up.

Re:I don't get it

[Seumas]

On the other hand, just because I click on 'share', because I want to share something I found with my girlfriend and a couple of my buddies does not mean that I intended to share it with the guy I had a transaction with on ebay or the person I communicated with from Craigslist to sell them my used computer monitors or the person who emailed me to ask if I wanted to sell my domain name two years ago.

If Google has any sense at all, they will re-engineer this function so that you have greater control over how your 'shared' items are actually shared.

Re:I never "got" GMail

[AySz88]

Serious professionals in the tech sector do *not* use "@gmail.com" email addresses.

...that's probably more accurate. I know of plenty of "professionals" in non-tech areas that use GMail, Hotmail, or even still AOL (gasp!). Plus, those who use GMail in the tech sector probably already know how to mask the fact that they use GMail, since you can use whatever domain name you want.

Yeah, don't show gmail.com!

[saikou]

Because every professional just _has_ to keep his own SMTP server with multiple redundant mail drops, back-up and web interface, simplified interface for WAP/mobile devices and a spam filter, right?

Instead professionals should simply get Google Apps for their domain and have Google Mail work as "professional@thatismydomain.com". Duh :)