Does Google+ privacy add up?
As the hype grows around Google+ and users begin to venture into uncharted social territory with the search giant, questions are being raised about privacy and whether users are better- or worse-off on the new platform.
Dominic White, security and privacy researcher at SensePost, says users' expectation of privacy is in direct conflict with Google's business model.
“Google's business is the monetisation of personal data,” says White. “They sell ads to people based on relevance to that person, the relevance is determined by your use of both their services, or sites which have chosen to use their services.”
White adds that the conflict of interests leads to a situation where the onus is on the users to lobby Google for privacy protections.
“Until that 'externality' is rectified, Google has no good business reason beyond public perception (which is not a good indicator of well thought out privacy stances) to make proactive privacy changes.”
According to White, the new social layer adds to his privacy concerns regarding Google.
“Data that was never online, (hence digitised, searchable and comparable) now is, and 'there's gold in them hills'.
“The 'perfect storm' of those services being attractive to users, and the data mining business model being attractive, means things are happening with our data with minimal understanding and consent from us,” notes White.
Web and digital media lawyer Paul Jacobson says the issues raised by critics are “the same tired criticisms from the peanut gallery”.
“They are missing what makes Google+ so innovative,” says Jacobson, who has been testing the new social platform.
“Web companies like Google collect and use our personal information to make money. In Google and Facebook's cases, our personal information is used to present us with more relevant ads.
“This provides the revenue that enables these companies to make the services we use each day freely available. It is a common trade-off. The important question is whether those companies adequately inform users about this and Google's privacy policies are clear and written in plain language.”
Jacobson also says Google makes it possible for users to see what personal information it has collected about them and, in many cases, gives users the ability to remove this personal information or even export it and take it to another service.
“By using Google+, users are telling Google who they regard as friends, family members, acquaintances and so on. Users also give Google more information about their interests and share their photos and videos with Google,” says Jacobson. “Each activity gives Google more information it may not have had before.”
Explosion of sharing
At yesterday's press briefing, held by Facebook to announce the launch of its embedded Skype-powered video chat and other features, Facebook founder and CEO Mark Zuckerberg stated the site has seen exponential growth in the amount of content being shared by users.
“Our findings translate into the average user currently sharing twice as much information and content today than they were a year ago,” said Zuckerberg, adding that four billion “things” are shared on Facebook everyday.
Zuckerberg also said he believes online users are currently at the “elbow of the growth curve” and sharing is essentially about to “explode”.
The rapid growth of online sharing is something the Google+ service is looking to capitalise on and incorporate into its existing features.
For Mark Eardley, channel manager at SuperVision Biometric Systems, social media sites are becoming increasingly like supermarkets for cyber villains looking to gather information on either individuals or organisations.
“People frequently use the same password for these sites as they do to access their workplace systems or even their online banking,” says Eardley.
“Each time a social media site gets compromised, and personal details are stolen, the information can be used by cyber villains as part of their toolkit.”
Eardley cites the examples of the high-profile cyber thefts at Google and RSA (the security division of EMC), whereby cyber villains gathered information from social media sites about employees they wished to target as the initial point of entry into Google and RSA's systems.
Cyber criminals have already started capitalising on the launch of Google+ by spamming inboxes with fake Google+ invitations, which when clicked on install malware on the users' computer.
White adds that another worry for users is whether companies like Google are making the right decisions on people's behalf when it comes to their data.
“If you Google 'bomb', are you a terrorist, or a bomb disposal technician? Data-driven inferences lead to bad decisions,” says White.
“People have been arrested based on this data. Google recently released a report of which governments served them with the most information requests. It is clear they are actively handing over data.”
White says over-criminalisation is a growing problem in states where legislation is increasingly being used for “population control”.
Stefan Tanase, senior security researcher for Kaspersky Lab's global research and analysis team, says that, when it comes to social networks and privacy and security, it's never about “major concerns”, but rather the subtler features or options that users might not fully understand, that make all the difference.
“More than that, I like how they are positioning their social network among users worried about sharing too much information,” adds Tanase, referring to the Google+ “Circles” feature, which allows users to share information with specific groups of people and not others.
Tanase does, however, point out that it is possible to do more or less the same thing on Facebook by sorting one's friends into groups, but this requires more “clicks” on the user's side.
Security vs usability
“I'm always giving this advice to anyone who asks me about privacy and social networks: as long as you have a social networking account, make sure you behave thinking that sooner or later, the things you do online can be seen by anyone.
“Expect the best, but think of the worst. Don't upload a picture, don't post a link or a comment unless you are prepared to take responsibility for your actions.”
Tanase adds that social networks are in a constant battle to find the balance between usability and security, “you can't have both at the same time”.
“They need their Web sites to have state-of-the-art usability, and security features will always come in the way of that. Unfortunately, the choice social networks most often make is towards usability, not security, and I fully understand the business reasons behind that choice. I just hope Google+ will have a different approach.”
Jacobson adds that it is important for Google+ users to pay attention to privacy settings for these services and set them to levels they are comfortable with.
“If a person is not comfortable with how Google shares his or her personal information, then he or she shouldn't use the service. The same principle applies to Facebook, Twitter and other social networks.”
In comparison to existing social networking platforms, Jacobson says Google's approach to privacy is quite different, and addresses many of the concerns people have raised about Facebook.
“Google gives users granular control over what they share with whom. This level of control doesn't exist on Twitter and is not promoted by Facebook. Google has come up with a way to build a social service based on privacy and control over personal information and still make it very sticky and compelling,” says Jacobson.
Google+ is still in limited field-testing phase and is, therefore, not the finished product. Jacobson says this provides early adopters with the opportunity to test the service and raise any bugs or privacy issues during the development stage.
“Some critics have raised concerns about how Google handles photo tagging in Google+ (Facebook rolled out a similar feature recently) and there were concerns that content shared with limited groups of people could be re-shared with people outside those limited groups,” explains Jacobson.
“Google has taken steps to address the latter issue and will hopefully address the first issue soon.”
Jacobson concludes: “Google has hinted that it is a part of an ongoing project to transform Google into a more social and compelling service. It is well designed, evolving and worth keeping both eyes on going forward.”