Google’s attempts to build a social network to rival Facebook have generated more than a few concerns about privacy. It’s Google Buzz network assumed that contacts in email lists must be friends and automatically shared information between them. In one infamous case, this linked a woman with her abusive ex-partner.
So privacy has been a central concern in the launch of Google+, the company’s next generation social network which it launched in June.
Today, Shah Mahmood and Yvo Desmedt at University College London unveil a preliminary analysis of privacy on Google+ and point out a number of issues that they say are a concern.
The first relates to pictures. Mahmood and Desmedt say that when users share a picture on Google+, Google also shares the photo’s metadata. That’s information like the date and time the picture was taken as well as the type of camera that was used.
That may sound innocuous but Mahmood and Desmedt point out that this kind information has been used in court cases to prove where individuals were at specific points in time. Their point is that the time and date is a private piece of information that shouldn’t be shared without explicit permission.
They go on to say that in the ‘About’ section, Google encourages users to list their previous addresses and any previous names as well as their mother’s maiden name. This, they say, is exactly the kind of information that can be used for identity theft.
The UCL pair also compare the sharing features on Facebook and Google+, which are broadly similar. “But there is one difference that makes Facebook lists more robust than Google+ circles,” they say.
This is the ability to make exceptions to the people with whom stuff is shared. On Facebook you can share messages with ‘All’ your contacts but make an exception of say ‘Coworkers’. By contrast, exceptions aren’t possible on Google+.
In fact, Mahmood and Desmedt say that the features on Google+ are merely a subset of those that are available on Facebook. However, they concede that Google+ has a better interface and that it allows finer control of content through features such as disabling the resharing of content and in allowing users to edit content by modifying or backtracking on their comments at any time. These are things that are not possible on Facebook.
Finally, they say that while Facebook uses an encrypted channel for login, Google+ uses it for the entire connection. That makes it harder to carry out a man-in-the-middle attack on Google+.
Overall, Mahmood and Desmedt don’t appear to have identified any showstoppers in their analysis. Google may want to tweak a few things such as the sharing of metadata and the ability to make exceptions when sharing content.
But it also looks to have got many things right in the fine control that Google+ offers over content that has already been posted.
Ref: arxiv.org/abs/1111.3530: Preliminary Analysis of Google+’s Privacy