It looks like some people using Google Notebook are bookmarking sensitive personal information, including social security numbers and email passwords. And others are finding that sensitive information via the Google Notebook search tool.
This all played out in the comments to this Digg post. What’s amazing is that Google Notebook defaults to privacy, and users have to explicitly opt in to have information made available via the search. Google probably has no responsibility for this information, although some of it appears to be third party personal information, and they are hosting it on their servers. We’ll see if they start to censor this stuff to avoid liability.
Our previous coverage of Google Notebook is here and here.
Update: Yep, it looks like Google is starting to take down some of the sensitive content linked from that Digg post:
Haha, maybe I shouldn’t have submitted that to digg.
“The content on this page is provided by a Google Notebook user, and Google assumes no responsibility for this content.”
I guess the disclaimer wasn’t quite enough then…
Michael – Can google be sued for this?
Sharad – Anyone can be sued for anything. But I don’t think that’s going to be happening here.
Seems like thin ice for Google. Their biggest brand weakness seems to be “becoming evil”. Lots of issues surrounding privacy and Google. I know several people who won’t touch the Google spreadsheets for that very reason…
It could be the owner of the notebook who made it private and not necessarily google taking it down
This is a huge ordeal for Google, I’ve seen quite a few articles about Google’s deep indexing and how it can breach security. There are command lines you can place in the Google search to bring out Logins and Passwords for sites… I love Google, and I hope they are working to fix all of this.
I did some research on the subject a while back and it’s not limited just for google notebook.
You can find it here
http://www.cogn...aboration-sink/
Google has always been used as a tool to help hackers. The page http://johnny.i...ule=prodreviews was made popular for compiling a database of common google search terms that can turn up passwords, security issues, admin pages, mp3s and other stuff that could be considered shady. Nothing new.
If you’re stupid enough to opt to post your private information online then you deserve your identity to be stolen. Also if anyone sues google for that and wins, we know that the state of the judicial system in our country is lacking.
http://sanityfo...es.blogspot.com
“If you’re stupid enough to opt to post your private information online …”
Sure, tell it to the millions of newbies and grandmas who have NO idea how any of it works – they just want to USE the technology and that’s what’s making it all happen right now, including making Google one of the richest companies on earth.
I’d stop short of saying Google should be sued when clever innovations go awry, but it’s time Google, Yahoo, MSN, and the “savvy” online community starts dealing with rampant abuse more intelligently than suggesting it’s the user’s fault when things screw up.
god I have never seen this product before but its a complete rip off of 37’s backpack
Joe, I’m not sure how much more we could do to make this crystal clear. In addition to having ALL Notebook scraps default to private, we state (in bold) this pretty straightforward message when people click on the Sharing option:
I think even my Grandma, were she still alive, would understand what the words Publish and Public mean. Pretty unambiguous IMHO.
Companies — whether they’re Google or Nintendo or Krispy Kreme or whatever — can do only so much to protect people from their own… er… misjudgments. That’s not to say that we couldn’t go even further in attempting to protect our users… but there also comes a point where protections themselves become onerous or at least hugely annoying (”I SAID I wanted this public! Why do I have to click on three confirmation screens and type in my initials…?”)
DISCLAIMER: I work for Google, but I do not work on Google Notebook, nor do I speak for that team in any official capacity.
looks like google could be in a lot….of trouble.
Adam – there is a hint of arrogance to your comments about the following statemtn being a no-brainer:
“Publish this notebook (make a public web page)
_No _Yes…”
This verbiage is so benign that it conveys to users that Google thinks that either option is equally safe.
If Google truly cared about it’s users a more appropos way to express the same thing might be:
“Keep Notebook private ‘or’ Share Notebook with the World” ..with additional copy for the latter, ‘Are you sure? all your private thoughts, personal info and potentially sensitve financial information could be viewed by everyone.’
These are more powerful statements which convey stronger implications. It’s also good pr as it shows Google cares about privacy concerns enough to take steps to warn users of sharing potentially sensitive info.
I think this is a real boneheadedmove on Google’s part and thy need to do better to live up to their pollyannish mantra of ‘do no evil.’
Nemrut – I don’t detect the arrogance you refer to. I agree that Google has made it pretty damn obvious when someone is making data public. The biggest issue in my opinion is the situation where someone publishes a third party’s personal information on Google Notebook. Their opt-in is meaninless in that situation, and Google may decide they need to do something to stop it. But policing that would be literally impossible.
@ Adam
You said “I’m not sure how much more we could do to make this crystal clear.” and I think Nemrut just told you.
You can either keep defending the nerd-friendly question or you can accept that it could be made easier to understand.
Its crystal clear to you, because you’re a geek, they could just say “Pub? Y/N” and you would understand it. Nemrut demonstrated one way it could be made crystal clear to a less experienced audience.
Any time you think the user is broken, and not your app, you’re probably wrong.
David – as I said just above, I think the real issue here isn’t people accidentally publishing data, I think that they are publishing data that is about other people and don’t really care.
3. GOOGLE PRIVACY POLICY
For information about our data protection practices, please see our Privacy Policy at http://www.goog...om/privacy.html. By using Google services, you acknowledge and agree that Google may access, preserve, and disclose your account information and any Content associated with that account if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce this Terms of Service, including investigation of potential violations hereof, (c) detect, prevent, or otherwise address fraud, security or technical issues (including, without limitation, the filtering of spam), or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.
You understand that the technical processing and transmission of Google services, including your Content, may involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices.
Nemrut – If Google asked the question the way you phrase it, I – along with a whole lot of other people – would attack Google for having an arrogant, condescending attitude towards their users, who should be treated with respect. I would not use a product that treated me like that. It would be totally irresponsible for Google to treat their customers in such a patronizing way.
Public and private are not “geek words.” They are words most people use everyday. The overwhelming majority of people on the net know exactly what they mean. There’s no reason for Google to have to cater to the lowest possible common denominator.
Mike – I see what you’re saying about 3rd party info, but imo, this makes an stronger case for Google to revise the verbiage as a way to inform the less savvy while deterring others indifferent to privacy concerns.
Greg – it may seem patronizing to you but for millions of youngsters, elderly and plain ‘ol technophobes the implications of ‘Publishing a Web page’ are not well understood.
Also, i dont think this is about catering to the lowest common denominator, but rather, shouldering a certain level of responsibility and trust as the most popular information service in the world.
Most people understand the meaning of public/private but the way the Google words it conveys the impression that ‘it’s ok, go ahead and make it public…’ But what isnt so clear to a lot of folks is that this info is publicly accessible through your lifetime…
Too bad you don’t have a screenshot of what that personal info. looks like. I’d like to know how the user was making the mistake of making it public.
I don’t know one little kid or grandma that would randomly click on “more >>” then “Even more”, then “Labs”, and finally find a little beta program called Notebook and say, “Hmm, this looks interesting. I’ll install it and not learn anything about how it works.”
If they are smart enough to find it and install it, I’d assume they would be smart enough to know what public or private means.
Mike – I see what you’re saying about 3rd party info, but imo, this makes an stronger case for Google to revise the verbiage as a way to inform the less savvy while deterring others indifferent to privacy concerns.
Greg – it may seem patronizing to you but for millions of youngsters, elderly and plain ‘ol technophobes the implications of ‘Publishing a Web page’ are not well understood.
Also, i dont think this is about catering to the lowest common denominator, but rather, shouldering a certain level of responsibility and trust as the most popular information service in the world.
Most people understand the meaning of public/private but the way the Google words it conveys the impression that ‘it’s ok, go ahead and make it public…’ But what isnt so clear to a lot of folks is that this info is publicly accessible through your lifetime…