December 27, 2006

Google Notebook: Use the Privacy Option

Michael Arrington

32 comments »

It looks like some people using Google Notebook are bookmarking sensitive personal information, including social security numbers and email passwords. And others are finding that sensitive information via the Google Notebook search tool.

This all played out in the comments to this Digg post. What’s amazing is that Google Notebook defaults to privacy, and users have to explicitly opt in to have information made available via the search. Google probably has no responsibility for this information, although some of it appears to be third party personal information, and they are hosting it on their servers. We’ll see if they start to censor this stuff to avoid liability.

Our previous coverage of Google Notebook is here and here.

Update:
Yep, it looks like Google is starting to take down some of the sensitive content linked from that Digg post:

  • Sphere It

Trackbacks/Pings (Trackback URL)

  1. daniel log: » Blog Archive » notas públicas do google
  2. TechCrunch Japanese アーカイブ » Google Notebookはプライバシー・オプションを利用しよう
  3. ninthspace » The Close of the Year show
  4. Techcrunch » Blog Archive » Google Woes, cont…
  5. Google Woes, cont…
  6. phone ringtones verizon wireless
  7. mp3 ringtones for treo 650
  8. download i730 nextel ringtones software.com
  9. interest loan low payday low interest rate payday loan low interest payday loan

Comments

RSS feed for comments on this post.

  1. Smaran

    Haha, maybe I shouldn’t have submitted that to digg. :-P

  2. Rational Beaver

    “The content on this page is provided by a Google Notebook user, and Google assumes no responsibility for this content.”

    I guess the disclaimer wasn’t quite enough then…

  3. Sharad

    Michael - Can google be sued for this?

  4. Michael Arrington

    Sharad - Anyone can be sued for anything. But I don’t think that’s going to be happening here.

  5. Andrew Michael

    Seems like thin ice for Google. Their biggest brand weakness seems to be “becoming evil”. Lots of issues surrounding privacy and Google. I know several people who won’t touch the Google spreadsheets for that very reason…

  6. Frank

    It could be the owner of the notebook who made it private and not necessarily google taking it down

  7. Andrew

    This is a huge ordeal for Google, I’ve seen quite a few articles about Google’s deep indexing and how it can breach security. There are command lines you can place in the Google search to bring out Logins and Passwords for sites… I love Google, and I hope they are working to fix all of this.

  8. Yoav

    I did some research on the subject a while back and it’s not limited just for google notebook.

    You can find it here

    http://www.cogniview.com/conve.....tion-sink/

  9. Nick

    Google has always been used as a tool to help hackers. The page http://johnny.ihackstuff.com/i.....rodreviews was made popular for compiling a database of common google search terms that can turn up passwords, security issues, admin pages, mp3s and other stuff that could be considered shady. Nothing new.

  10. Fox

    If you’re stupid enough to opt to post your private information online then you deserve your identity to be stolen. Also if anyone sues google for that and wins, we know that the state of the judicial system in our country is lacking.

    http://sanityfordummies.blogspot.com

  11. Joe Duck

    “If you’re stupid enough to opt to post your private information online …”

    Sure, tell it to the millions of newbies and grandmas who have NO idea how any of it works - they just want to USE the technology and that’s what’s making it all happen right now, including making Google one of the richest companies on earth.

    I’d stop short of saying Google should be sued when clever innovations go awry, but it’s time Google, Yahoo, MSN, and the “savvy” online community starts dealing with rampant abuse more intelligently than suggesting it’s the user’s fault when things screw up.

  12. Darren

    god I have never seen this product before but its a complete rip off of 37’s backpack

  13. Adam

    Joe, I’m not sure how much more we could do to make this crystal clear. In addition to having ALL Notebook scraps default to private, we state (in bold) this pretty straightforward message when people click on the Sharing option:

    Publish this notebook (make a public web page)
    _No _Yes…

    I think even my Grandma, were she still alive, would understand what the words Publish and Public mean. Pretty unambiguous IMHO.

    Companies — whether they’re Google or Nintendo or Krispy Kreme or whatever — can do only so much to protect people from their own… er… misjudgments. That’s not to say that we couldn’t go even further in attempting to protect our users… but there also comes a point where protections themselves become onerous or at least hugely annoying (”I SAID I wanted this public! Why do I have to click on three confirmation screens and type in my initials…?”)

    DISCLAIMER: I work for Google, but I do not work on Google Notebook, nor do I speak for that team in any official capacity.

  14. Fashion Industry Ceo

    looks like google could be in a lot….of trouble.

  15. Nemrut

    Adam - there is a hint of arrogance to your comments about the following statemtn being a no-brainer:

    “Publish this notebook (make a public web page)
    _No _Yes…”

    This verbiage is so benign that it conveys to users that Google thinks that either option is equally safe.

    If Google truly cared about it’s users a more appropos way to express the same thing might be:

    “Keep Notebook private ‘or’ Share Notebook with the World” ..with additional copy for the latter, ‘Are you sure? all your private thoughts, personal info and potentially sensitve financial information could be viewed by everyone.’

    These are more powerful statements which convey stronger implications. It’s also good pr as it shows Google cares about privacy concerns enough to take steps to warn users of sharing potentially sensitive info.

    I think this is a real boneheadedmove on Google’s part and thy need to do better to live up to their pollyannish mantra of ‘do no evil.’

  16. Michael Arrington

    Nemrut - I don’t detect the arrogance you refer to. I agree that Google has made it pretty damn obvious when someone is making data public. The biggest issue in my opinion is the situation where someone publishes a third party’s personal information on Google Notebook. Their opt-in is meaninless in that situation, and Google may decide they need to do something to stop it. But policing that would be literally impossible.

  17. David R.

    @ Adam

    You said “I’m not sure how much more we could do to make this crystal clear.” and I think Nemrut just told you.

    You can either keep defending the nerd-friendly question or you can accept that it could be made easier to understand.

    Its crystal clear to you, because you’re a geek, they could just say “Pub? Y/N” and you would understand it. Nemrut demonstrated one way it could be made crystal clear to a less experienced audience.

    Any time you think the user is broken, and not your app, you’re probably wrong.

  18. Michael Arrington

    David - as I said just above, I think the real issue here isn’t people accidentally publishing data, I think that they are publishing data that is about other people and don’t really care.

  19. Werner Egipsy Souza

    3. GOOGLE PRIVACY POLICY

    For information about our data protection practices, please see our Privacy Policy at http://www.google.com/privacy.html. By using Google services, you acknowledge and agree that Google may access, preserve, and disclose your account information and any Content associated with that account if required to do so by law or in a good faith belief that such access preservation or disclosure is reasonably necessary to: (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce this Terms of Service, including investigation of potential violations hereof, (c) detect, prevent, or otherwise address fraud, security or technical issues (including, without limitation, the filtering of spam), or (d) protect against imminent harm to the rights, property or safety of Google, its users or the public as required or permitted by law.

    You understand that the technical processing and transmission of Google services, including your Content, may involve (a) transmissions over various networks; and (b) changes to conform and adapt to technical requirements of connecting networks or devices.

  20. Greg Andrew

    Nemrut - If Google asked the question the way you phrase it, I - along with a whole lot of other people - would attack Google for having an arrogant, condescending attitude towards their users, who should be treated with respect. I would not use a product that treated me like that. It would be totally irresponsible for Google to treat their customers in such a patronizing way.

    Public and private are not “geek words.” They are words most people use everyday. The overwhelming majority of people on the net know exactly what they mean. There’s no reason for Google to have to cater to the lowest possible common denominator.

  21. Nemrut

    Mike - I see what you’re saying about 3rd party info, but imo, this makes an stronger case for Google to revise the verbiage as a way to inform the less savvy while deterring others indifferent to privacy concerns.

    Greg - it may seem patronizing to you but for millions of youngsters, elderly and plain ‘ol technophobes the implications of ‘Publishing a Web page’ are not well understood.

    Also, i dont think this is about catering to the lowest common denominator, but rather, shouldering a certain level of responsibility and trust as the most popular information service in the world.

    Most people understand the meaning of public/private but the way the Google words it conveys the impression that ‘it’s ok, go ahead and make it public…’ But what isnt so clear to a lot of folks is that this info is publicly accessible through your lifetime…

  22. David Mackey

    Too bad you don’t have a screenshot of what that personal info. looks like. I’d like to know how the user was making the mistake of making it public.

  23. AndrewG

    I don’t know one little kid or grandma that would randomly click on “more >>” then “Even more”, then “Labs”, and finally find a little beta program called Notebook and say, “Hmm, this looks interesting. I’ll install it and not learn anything about how it works.”

    If they are smart enough to find it and install it, I’d assume they would be smart enough to know what public or private means.