The Federal Trade Commission busted Google Buzz Wednesday morning, accusing the Mountain View, Calif., firm of using “deceptive tactics” in its launch of its Buzz social-networking service..
When it launched last February as an extension to Gmail, this service looked like a threat to Facebook and Twitter. But it quickly became more of a threat to its own users who found themselves unintentionally publicizing their contacts and locations and more.
The FTC announced that its proposed settlement would require Google to change its privacy policies and undergo third-party audits of them every two years for the next 20 years. But Google won’t pay any fines unless it breaks these new rules in the future.
Google repeated earlier apologies in a blog post and said it would go forth and sin no more: “While today’s announcement thankfully put this incident behind us, we are 100 percent focused on ensuring that our new privacy procedures effectively protect the interests of all our users going forward.”
(The Association for Competitive Technology, an earlier critic of Google’s actions, objected to the deal Wednesday afternoon, writing that “today’s proposed settlement doesn’t go far enough to punish or deter.”)
What I’m most interested in, however, is the FTC’s critique of Google Buzz’s launch. If you read through its eight-page complaint (PDF), you’ll see a focus on the finer points of Buzz’s initial presence--the default settings that anybody could change but few people would, the user-interface details that were too easy to overlook--that other social-media sites would do well to consider.
Consider how the complaint repeatedly notes the privacy exposure that could happen if a user took the easiest action when presented with an invitation to join Buzz: clicking a “Nah, go to my inbox” link. It then notes how the only effective way to opt out of Buzz, a “Turn Off Buzz” link, was “contained in small type at the bottom of the Gmail home page.”
Then there’s this dissection of the steps involved in cloaking the list of the people you follow and those who followed you: “a user had to take the additional step to click a link marked ‘edit,’ which expanded the profile creation screen. Only after clicking ‘edit’ could users choose not to have their lists of followers and people the user was following shown on the user’s public Google profile. They did so by unchecking a pre-checked box.”
The complaint makes another good point about interface design in its critique of how much publicity Buzz gave a user’s update. It notes that users who hadn’t changed Buzz’s default “public” setting for updates would have to “select ‘private’ from a drop-down menu”--that is, a setting they wouldn’t see unless they thought to open that menu.
Anybody who designs privacy options for a Web site or service needs to obsess over getting the default settings right and implementing a design that makes it easy to discover how to change them. Google failed to do so. (So did I, it seems: My initial report doesn’t look nearly skeptical enough in retrospect. It took me another week to get a fuller sense of Buzz’s problems.) I can think of one widely-used social network--with more than 500 million users, many with little computing experience, as well as a history of past privacy missteps--that should be reading the FTC’s complaint with particular interest. Are you paying attention, Facebook?