« Previous post
Next post »

December 27, 2006

Google Notebook: Use the Privacy Option

Michael Arrington

32 comments »

It looks like some people using Google Notebook are bookmarking sensitive personal information, including social security numbers and email passwords. And others are finding that sensitive information via the Google Notebook search tool.

This all played out in the comments to this Digg post. What’s amazing is that Google Notebook defaults to privacy, and users have to explicitly opt in to have information made available via the search. Google probably has no responsibility for this information, although some of it appears to be third party personal information, and they are hosting it on their servers. We’ll see if they start to censor this stuff to avoid liability.

Our previous coverage of Google Notebook is here and here.

Update: Yep, it looks like Google is starting to take down some of the sensitive content linked from that Digg post:

  • Sphere It

This entry was posted on Wednesday, December 27th, 2006 at 10:54 am and is filed under Company & Product Profiles. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Trackbacks/Pings (Trackback URL)

  1. daniel log: » Blog Archive » notas públicas do google

    December 27th, 2006 at 11:58 am

  2. TechCrunch Japanese アーカイブ » Google Notebookはプライバシー・オプションを利用しよう

    December 27th, 2006 at 12:39 pm

  3. ninthspace » The Close of the Year show

    December 28th, 2006 at 11:36 am

  4. Techcrunch » Blog Archive » Google Woes, cont…

    January 2nd, 2007 at 4:32 pm

  5. Google Woes, cont…

    January 9th, 2007 at 2:24 am

  6. phone ringtones verizon wireless

    December 30th, 2007 at 1:56 am

  7. mp3 ringtones for treo 650

    January 8th, 2008 at 8:30 am

  8. download i730 nextel ringtones software.com

    January 15th, 2008 at 5:22 am

  9. interest loan low payday low interest rate payday loan low interest payday loan

    January 24th, 2008 at 12:49 pm

Comments

RSS feed for comments on this post.

  1. Smaran

    December 27th, 2006 at 11:10 am

    Haha, maybe I shouldn’t have submitted that to digg. :-P

  2. Rational Beaver

    December 27th, 2006 at 11:16 am

    “The content on this page is provided by a Google Notebook user, and Google assumes no responsibility for this content.”

    I guess the disclaimer wasn’t quite enough then…

  3. Sharad

    December 27th, 2006 at 11:32 am

    Michael - Can google be sued for this?

  4. Michael Arrington

    December 27th, 2006 at 11:35 am

    Sharad - Anyone can be sued for anything. But I don’t think that’s going to be happening here.

  5. Andrew Michael

    December 27th, 2006 at 11:54 am

    Seems like thin ice for Google. Their biggest brand weakness seems to be “becoming evil”. Lots of issues surrounding privacy and Google. I know several people who won’t touch the Google spreadsheets for that very reason…

  6. Frank

    December 27th, 2006 at 12:27 pm

    It could be the owner of the notebook who made it private and not necessarily google taking it down

  7. Andrew

    December 27th, 2006 at 1:54 pm

    This is a huge ordeal for Google, I’ve seen quite a few articles about Google’s deep indexing and how it can breach security. There are command lines you can place in the Google search to bring out Logins and Passwords for sites… I love Google, and I hope they are working to fix all of this.

  8. Yoav

    December 27th, 2006 at 2:34 pm

    I did some research on the subject a while back and it’s not limited just for google notebook.

    You can find it here

    http://www.cogniview.com/conve.....tion-sink/

  9. Nick

    December 27th, 2006 at 3:07 pm

    Google has always been used as a tool to help hackers. The page http://johnny.ihackstuff.com/i.....rodreviews was made popular for compiling a database of common google search terms that can turn up passwords, security issues, admin pages, mp3s and other stuff that could be considered shady. Nothing new.

  10. Fox

    December 27th, 2006 at 3:08 pm

    If you’re stupid enough to opt to post your private information online then you deserve your identity to be stolen. Also if anyone sues google for that and wins, we know that the state of the judicial system in our country is lacking.

    http://sanityfordummies.blogspot.com

  11. Joe Duck

    December 27th, 2006 at 3:22 pm

    “If you’re stupid enough to opt to post your private information online …”

    Sure, tell it to the millions of newbies and grandmas who have NO idea how any of it works - they just want to USE the technology and that’s what’s making it all happen right now, including making Google one of the richest companies on earth.

    I’d stop short of saying Google should be sued when clever innovations go awry, but it’s time Google, Yahoo, MSN, and the “savvy” online community starts dealing with rampant abuse more intelligently than suggesting it’s the user’s fault when things screw up.

  12. Darren

    December 27th, 2006 at 4:02 pm

    god I have never seen this product before but its a complete rip off of 37’s backpack

  13. Adam

    December 27th, 2006 at 4:29 pm

    Joe, I’m not sure how much more we could do to make this crystal clear. In addition to having ALL Notebook scraps default to private, we state (in bold) this pretty straightforward message when people click on the Sharing option:

    Publish this notebook (make a public web page)
    _No _Yes…

    I think even my Grandma, were she still alive, would understand what the words Publish and Public mean. Pretty unambiguous IMHO.

    Companies — whether they’re Google or Nintendo or Krispy Kreme or whatever — can do only so much to protect people from their own… er… misjudgments. That’s not to say that we couldn’t go even further in attempting to protect our users… but there also comes a point where protections themselves become onerous or at least hugely annoying (”I SAID I wanted this public! Why do I have to click on three confirmation screens and type in my initials…?”)

    DISCLAIMER: I work for Google, but I do not work on Google Notebook, nor do I speak for that team in any official capacity.

  14. Fashion Industry Ceo

    December 27th, 2006 at 6:28 pm

    looks like google could be in a lot….of trouble.

  15. Nemrut

    December 27th, 2006 at 8:32 pm

    Adam - there is a hint of arrogance to your comments about the following statemtn being a no-brainer:

    “Publish this notebook (make a public web page)
    _No _Yes…”

    This verbiage is so benign that it conveys to users that Google thinks that either option is equally safe.

    If Google truly cared about it’s users a more appropos way to express the same thing might be:

    “Keep Notebook private ‘or’ Share Notebook with the World” ..with additional copy for the latter, ‘Are you sure? all your private thoughts, personal info and potentially sensitve financial information could be viewed by everyone.’

    These are more powerful statements which convey stronger implications. It’s also good pr as it shows Google cares about privacy concerns enough to take steps to warn users of sharing potentially sensitive info.

    I think this is a real boneheadedmove on Google’s part and thy need to do better to live up to their pollyannish mantra of ‘do no evil.’

  16. Michael Arrington

    December 27th, 2006 at 9:41 pm

    Nemrut - I don’t detect the arrogance you refer to. I agree that Google has made it pretty damn obvious when someone is making data public. The biggest issue in my opinion is the situation where someone publishes a third party’s personal information on Google Notebook. Their opt-in is meaninless in that situation, and Google may decide they need to do something to stop it. But policing that would be literally impossible.

  17. David R.

    December 27th, 2006 at 10:56 pm

    @ Adam

    You said “I’m not sure how much more we could do to make this crystal clear.” and I think Nemrut just told you.

    You can either keep defending the nerd-friendly question or you can accept that it could be made easier to understand.

    Its crystal clear to you, because you’re a geek, they could just say “Pub? Y/N” and you would understand it. Nemrut demonstrated one way it could be made crystal clear to a less experienced audience.

    Any time you think the user is broken, and not your app, you’re probably wrong.

  18. Michael Arrington

    December 27th, 2006 at 11:48 pm

    David - as I said just above, I think the real issue here isn’t people accidentally publishing data, I think that they are publishing data that is about other people and don’t really care.

  19. Werner Egipsy Souza

    December 28th, 2006 at 3:33 am

    3. GOOGLE PRIVACY POLICY

    For information about our data protection practices, please see our Privacy Policy at http://www.google.com/privacy.html. By using Google services, you acknowledge and agree that Google may access, preserve, and disclose your account information and any Content associated with that account if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce this Terms of Service, including investigation of potential violations hereof, (c) detect, prevent, or otherwise address fraud, security or technical issues (including, without limitation, the filtering of spam), or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

    You understand that the technical processing and transmission of Google services, including your Content, may involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices.

  20. Greg Andrew

    December 28th, 2006 at 11:07 am

    Nemrut - If Google asked the question the way you phrase it, I - along with a whole lot of other people - would attack Google for having an arrogant, condescending attitude towards their users, who should be treated with respect. I would not use a product that treated me like that. It would be totally irresponsible for Google to treat their customers in such a patronizing way.

    Public and private are not “geek words.” They are words most people use everyday. The overwhelming majority of people on the net know exactly what they mean. There’s no reason for Google to have to cater to the lowest possible common denominator.

  21. Nemrut

    December 28th, 2006 at 11:33 am

    Mike - I see what you’re saying about 3rd party info, but imo, this makes an stronger case for Google to revise the verbiage as a way to inform the less savvy while deterring others indifferent to privacy concerns.

    Greg - it may seem patronizing to you but for millions of youngsters, elderly and plain ‘ol technophobes the implications of ‘Publishing a Web page’ are not well understood.

    Also, i dont think this is about catering to the lowest common denominator, but rather, shouldering a certain level of responsibility and trust as the most popular information service in the world.

    Most people understand the meaning of public/private but the way the Google words it conveys the impression that ‘it’s ok, go ahead and make it public…’ But what isnt so clear to a lot of folks is that this info is publicly accessible through your lifetime…

  22. David Mackey

    December 29th, 2006 at 6:01 pm

    Too bad you don’t have a screenshot of what that personal info. looks like. I’d like to know how the user was making the mistake of making it public.

  23. AndrewG

    January 3rd, 2007 at 12:11 am

    I don’t know one little kid or grandma that would randomly click on “more >>” then “Even more”, then “Labs”, and finally find a little beta program called Notebook and say, “Hmm, this looks interesting. I’ll install it and not learn anything about how it works.”

    If they are smart enough to find it and install it, I’d assume they would be smart enough to know what public or private means.

« Previous post
Next post »