Is Gmail Spyware?

Perhaps you have seen the recent buzz around Google Buzz. The fact is that Google has decided that anything it knows about you it is free to share with the world at its discretion and not only do you not need to be told, but if you say no they will say yes for you.

As I went to log into my Gmail account today I was greeted with a screen encouraging me to try out Google Buzz. I choose what Google displayed as a “No” response and then found that in Gmail Buzz was there AND enabled. Not having a Google profile is what prevented Google from automatically sharing information that I did not choose to have shared.

I would recommend that if you have a Google profile you delete it immediately, unless you want no control over your privacy. If you have a Gmail account and don’t want to broadcast to the world who you chat with and email the most, then when you log into Gmail, immediate scroll to the bottom of the page and turn off Buzz.

It appears there is no mechanism to only allow people you approve to start following you. The Gmail blog says you can block a user once they start following you. How about prompting you that someone wants to follow you and let you decide before, rather than after.

On the Gmail blog Google states “We look forward to hearing more suggestions and will continue to improve the Buzz experience with user transparency and control top of mind.”

I recommend you avoid Buzz until their user transparency is out of alpha and well into beta.

It is past time for Google to concisely explain exactly what happens when you enable Buzz and what the ramifications are. Perhaps they should republish http://news.cnet.com/8301-31322_3-10451428-256.html as a standard introduction to Buzz. Google should then aggressively suggest reading http://www.pcworld.com/article/189124/google_buzz_a_privacy_checklist.html for important information about Buzz.  Finally Google should prominently tell you that this is what Buzz means. (Caution, link contains a 4 letter word starting with F)

Yes, I think Google is going to be a very bad influence on the NSA.

Time for a little disclaimer. These views are mine and not necessarily shared by ESET or any other ESET employees.

Randy Abrams
Director of Technical Education

Author ESET Research, ESET

  • Mathew

    I'm in total agreement; This is a privacy nightmare, which makes a mockery of Googles "do no evil" mantra. As a user, the system is so complicated, you have to visit multiple google sites to use it, I can't see widespread adoption.

  • http://www.shiftsolutions.com.au Shift Computer Solutions

    We were unimpressed with the privacy issues right from the start, and your article serves to bring those concerns into sharp focus. We are recommending to our clients to disable buzz and delete their Google profile if they have one, as it is simply too hard to manage. http://shiftsolutions.net.au/2010/02/11/google-releases-buzz-via-gmail/ and instructions here;  http://bit.ly/9MKMSl

  • http://anti-virus-rants.blogspot.com kurt wismer

    it's stuff like this that makes me glad i access my gmail account with imap instead of the web interface – no login, no activating bizarre new features that i have no interest in, no worries.

    • Randy Abrams

      I am not entirely sure that Buzz has not been activated on your gmail account. I have no evidence that it wasn’t activated on all gmail accounts and not logging in may mean that you simply don’t have the option to turn it off. Remember, I said no thanks and it was turned on.

  • http://anti-virus-rants.blogspot.com kurt wismer

    it appears you're correct. buzz is on automatically. that screen at the beginning is asking wear you want to start, not whether you want to turn buzz on.
    ok then, i'm glad i partitioned my google identity and use my gmail account for nothing but email. no reader, no picasa, no profile, no blogging, no nothing – therefore no buzzing from that account. but i will log in and turn that nonsense off explicitly.

  • TetraNitro

     
    I find this highly disturbing on principle, and even more unsettling in practice.
    Sorry to drop a question here, but the entire web is flooded with confusing mis-mashes of convoluted information about Buzz right now. As a Gmail user who never set up a Google Profile, does this nightmare impact me? I've turned off Buzz at the bottom of my Gmail account, and prior to that I never even clicked through to see what it was or activate it. Plus, I've never made a Google Profile, so I can't take some of the steps I see posted about 'truly' disabling Buzz. Do I need to set up a profile just to turn off this unwanted option? Or can I just go on blithely using my Gmail account as I have?

  • Andre

    Why don't you add this as HTML/Spyware.GBuzz application? Just kidding. I disabled this when I read the blog. It's very strange that option to disable this thing is a little hidden in the GUI. It should be in the same Buzz section, I think.

  • Reb

    I find Google's attitude to be reprehensible. Their purpose in signing everybody in Gmail to Buzz and exposing everybodies personal contacts was to create a social media site to compete with Facebook. By doing this, they would create an immediate site for people to use.  Google does not care what damage they have done to anyuser of Gmail. This is all about money. And the only way to get there attention is to hurt them in their pockets.
    I am thankful that I have never signed up with Gmail. And as a matter of principle, I never will. And of course, I will not be using Buzz, And I will no longer use Google as my default search provider. I am asking all my friends to do the same thing. If enough people will do this, the next company that thinks they can use people's personal information however they see fit may think twice before doing so.

  • jim

    If you in gmail and look at the HTML source of that page you will be amazed what google is sending about you. Basically gmail is mining machine exactly the way the US government wanted to mine information in 2001 (Admiral Pointdexter) but people stopped the government becuase that would be violation of personal freedon and privacy. Well, Google was not bound by such silly things as laws and they are mining your email account. Look at the HTML source of the email you are sending. It has hell a lot more than what you typed into it.

Follow Us

Automatically receive new posts via email:

Delivered by FeedBurner

26 articles related to:
Hot Topic
ESET Virus Radar

Archives

Select month
Copyright © 2014 ESET, All Rights Reserved.