Marcus L. Rowland (ffutures) wrote,
Marcus L. Rowland

BIG security hole in Google Buzz

Pointed out by karohemd.

If you use Google mail then you have probably seen that it is currently trying to sell something called Google Buzz

Unless you specifically disable it (a link at the bottom of the inbox page), the default user profile it produces for you (and which is accessible by anyone who looks) includes a list of all the people you email a lot!

Later See comments - it looks like the profile doesn't actually appear until you post to Buzz for the first time - still a VERY stupid way to do things!

And the_magician has pointed out another problem: if you decide to use Buzz as an aggregator to bring in your tweets, LJ etc. (or if Google sets that up automatically for you) then your *real* name or email address can easily be discovered by other Buzz users who only know your twitter ID or LJ ID

Much later And another pointed out by the_magician: If you Buzz from your mobile, it automatically appends your location to the buzz by default (haven't tried this but someone else has reported it) so journalists can be tracked down, whistle blowers identified, or just if you don't want to broadcast where you are (e.g. "I'm stuck on a train" and it turns out your location is still home in bed!)"

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened