John Pescatore

A member of the Gartner Blog Network

John Pescatore
VP Distinguished Analyst
11 years at Gartner
32 years IT industry

John Pescatore is a vice president and research fellow in Gartner Research. Mr. Pescatore has 32 years of experience in computer, network and information security. Prior to joining Gartner, Mr. Pescatore was senior consultant for Entrust Technologies and Trusted Information Systems… Read Full Bio

Coverage Areas:

Google Follows the Usual “Violate Privacy; If Caught, Apologize; Then Offer Opt Out” Path

by John Pescatore  |  February 15, 2010  |  9 Comments

I mentioned the predictable flap about Google violating users’ privacy expectations when they rolled out their Buzz social networking add-on.  Imagine the outrage if the speed dial buttons on your cellphone were pre-populated with “friends” based on the stores your may have called on the phone or asked the directory services operator about. Imagine if Microsoft Exchange or Lotus Notes mail did what Google turned on with Buzz! Businesses need to expect this kind of thing from advertising supported IT.

The New York Times reports that over the weekend, Google continued to follow the predictable path that many other advertising and Internet companies have followed in the past when they go too far in using user information to make money:

  1. Introduce a new feature or offering that takes advantage of user data in ways users are sure not to like – but call the release “beta”
  2. Wait for the outrage, if none keep going. If outrage, goto (3)
  3. Apologize profusely, explain that privacy violating features were to make it easier for users
  4. Offer an opt-out capability buried a few menus or web screens or tabs down.
  5. Wait for outrage or FTC investigation, if none keep going. If outrage, goto (6)
  6. Promise FTC never to do this again, agree to security audits, keep trying to keep to opt-out and avoid opt-in
  7. Wait for press to lose interest, users to stop noticing the latest violation of their privacy. Goto (1).

9 Comments »

Category: Uncategorized     Tags:

9 responses so far ↓

  • 1 Jared   February 15, 2010 at 8:13 pm

    Fortunately all it took was a quick google search to learn how to disable google buzz :-)
    Finally it’s fun to know they’re watching…

  • 2 uberVU - social comments   February 15, 2010 at 11:25 pm

    Social comments and analytics for this post…

    This post was mentioned on Twitter by mitchbetts: With Buzz, Google follows the usual “violate privacy; if caught, apologize; then allow opt-out” path. http://bit.ly/d0GQV7...

  • 3 Jim Haughwout   February 15, 2010 at 11:29 pm

    It is a shame, given Google’s strong stance on privacy vis-a-vis the info-sec attacks originating from somewhere in China of just a few weeks ago that they forgot the cardinal rule of social media: Assume anything your members do is private until they tell you otherwise. Simply looking at how much faster Facebook grew following this policy (attracting people older than HS- and college-age) vs. MySpace (which did not) reinforces this.

    This time Google may have over-stepped themselves. In the past few days, I have helped half a dozen non-technical people (who used to love Google for its usefulness) shut down their accounts and route their email elsewhere. They simple no longer trust Google.

    The big winner here is Microsoft. If I were Steve Balmer, I would “double-down,” increasing my investments in Bing and Facebook (and look again at buying Twitter).

  • 4 John Pescatore   February 16, 2010 at 8:06 am

    I’m constantly warning Gartner clients that they need to remember that the *advertisers* are the actual customers of free mail and social network sites, not the users. The users are just there to provide data to target the ads for the advertisers.

  • 5 Robin Wilton   February 17, 2010 at 6:19 am

    I’m with John P on that one; Jim, with respect, I don’t think what you’ve expressed is the cardinal rule of “social media”. In my view, the game operates more like this:

    Rule One: Maintain the illusion that the user is interacting only with their chosen parties; as long as you don’t spook them, users will be happy to connive at this pretence.

    Rule Two: Under no circumstances force the user to acknowledge that there’s a third party in the room… whether that’s you, as the “social network” provider, or the others with whom you exchange data about the users.

    Rule Three: Keep calling it “social networking”, to reinforce the impression that it operates by the same rules as face-to-face interaction between friends. (It doesn’t, but see Rule One).

  • 6 Mark Drapeau   February 17, 2010 at 7:12 am

    Very different than the Microsoft philosophy on these issues! Check out the new (and responsible) Outlook Social Connector features: http://bit.ly/dtCuCz

  • 7 Erin White   February 22, 2010 at 8:08 pm

    What, no option to “share this post on Buzz”?

    ;p

  • 8 Steve Simmons   February 24, 2010 at 11:44 am

    How ironic that you post this just before I was spammed by Garner and Damballa about a webcast on botnets. Pot, kettle, etc.

  • 9 John Pescatore   February 25, 2010 at 9:10 am

    Not sure of the connection between email solicitation spam and giving away customers private information but if you think Gartner has caused you an issue, please send email to privacy@gartner.com.

Leave a Comment