Category Archives: Weberies 2.0

L’OPA de Google Buzz sur nos données personnelles

Les problèmes de Google Buzz ? Oubliés, mieux que ça : ils n’ont jamais existé, ce sont les utilisateurs qui avaient mal compris. La plainte EPIC/FTC ? « On adore discuter avec les associations ». Le mélange vie privée – vie professionnelle ? On n’en parle même pas, de toute façon Google a décrété que les deux sphères allaient fusionner, puisqu’on vous le dit.

Le concierge de Buzz a annoncé ce jour quelques petits trucs à connaître, juste histoire de faire bien comprendre aux naïfs que la vie vue par Google reprend ses droits.

Chapeau. C’est du grand art ; à ce niveau ce n’est plus du noyage de poisson, c’est de l’atomisation de cachalot, catégorie champion olympique.

Google Buzz start-up requesters update

Apparently the Google Buzz team is very hard at work (on a week-end break!) to fix some of the more blatant problems with Buzz initialization, see their post titled A new Buzz start-up experience based on your feedback; including a nice apology at the end regarding the panic.

My gut feeling is that there are still way too many opt-out things. List visibility, for one: opt-out still does not feel quite right to me; it is too easy for people to not care at first and regret it only when it’s too late. The obvious fact that leaked information can’t be unleaked should be taken into account.

Also, one of the core problems, clearly separating contacts vs friends, apparently remains. I’ll need to retry Buzz someday to see how it feels after this update.

Update: see also Google Buzz – anatomy of a slow motion train wreck, a very good analysis of what happened and things to expect. I share the feeling about the shift in privacy habits that Google (or should I say, some people at Google, but from where I stand that is irrelevant) are trying to shove down our throats.

Update: the mainstream press is getting angry, too. Furious John Naughton article in The Guardian, quoting:

In the real world, the devil is in the details. In cyberspace, it’s in the defaults. And the default settings in Buzz are so crass that one cannot imagine they are the product of corporate carelessness.

The Google boys are smart and know exactly what they’re doing. They’ve been enviously watching the stupendous growth of Twitter and Facebook and wondering how Google can cut them off at the knees before they become really unstoppable – which brings us back to Microsoft.

Update: another article, Buzz: Google Needs Better ‘People Skills’: (this one I find slightly unfair, albeit not totally undeserved)

Given the option, Google’s choice for default settings were what benefited Google the most, not what best protected its consumers.[…]

Privacy, however, impacts everything Google does. That the company could get Buzz privacy so terribly wrong is reason for serious concern.

Google needs to learn when to put people first and technology second.pdate:

Continue reading Google Buzz start-up requesters update

Google Buzz privacy debacle

So… as I said just 2 days ago, I tried Buzz.

And as I also said, « certainly missed a boatload of things and got some wrong ». Famous last words. How right I was !

I tried Buzz just like half the planet actually, which I didn’t realize until yesterday, when I found my Gmail account spammed by people I never heard about before, replying on my buzzes or writing buzzes I received or subscribing to my stuff.

I was panic-struck, just like the rest of the planet. That was the main theme of the comments I saw: « I’m panicking, are you? » « Oh yes I am, but who are you and how come you write this in my Buzz? ».

It somehow found the feed to this blog. I still haven’t quite figured out how; maybe that’s my fault, maybe not; anyway I validated it. I’m glad I wasn’t using Blogger, sorry but I’ve got enough knives planted in my back at the moment.

I did what everybody did yesterday evening: shut down all the incoming feeds, deleted posts and/or comments (“did I write something to my contacts that’s not for public consumption?”), tried to shut down everything outgoing, checked out all my subscribers, and tried to figure out how the damn thing decides that something should be visible or not visible, by others from me or by me from others. I’m still freaked out.

I still think this stuff makes Facebook look like amateur privacy violators by comparison. Even the quote by Eric Schmidt about privacy looks like a detail now (even though it was right-on).

The major, enormous psychological (not technical) error is that this was placed in the Gmail account; something you typically expect to be private. Putting there stuff that’s geared to be broadcast all over the place, in a opt-out way (second major error: everything is public by default, and you can’t ever revert to private after publishing, your only bet is to delete), is a tragically bad, bad, bad idea. Third error, fuzzy rules (recommendations? I’m not even sure) allowing buzzes to skip over contact boundaries.

By putting Buzz inside of Gmail, Google probably wanted to drive up adoption. Well done, it’s adopted all over the place with posts and comments and blog posts and tweet guts spilled everywhere, aggregated, resent, accessible without your knowledge. What a sorry mess. Evil? Still not sure about that. Ill-considered, that’s for sure.

Fourth, but not least, error — but is that really an error? Looks like a strategy, really –, Google confuses public availability with right-to-broadcast. My buzzes or blog posts being public does not mean that I want Google to spam these to contacts of contacts of contacts.

I’ll have to wait until the dust settles in my mind to know whether I really want to use this stuff. It’ll remain anyway as one of my most creepy experiences of late.

Already we see blog posts everywhere flowing about people who’ve unknowingly leaked private information to bosses, ex-husbands and so on. Too many to mention.

Update: Sixth error, the blocking of followers is not real security over leakage. It’s cleaning up after the fact (see the blog post linked-to above).

Update (21h41): Seventh error, and now (since when? since Buzz? No idea whatsoever, seems new since it also appears on my buzzes now) my Orkut photograph has been imported to my Gmail profile and appears to all my chat contacts. I never asked for that… it’s a photograph of me at the age of 3 months! Never meant to be visible in Gmail.

Eight error: so obvious I missed it… the followers/followee list is public by default “Display the list of people I’m following and people following me”. Which means you have a privacy leak in your contact list, since that’s where the followers come from.

This is insane. I think Google really has jumped the shark, this time. I’m out of Buzz for the foreseeable future.

Update (23h38): additional thoughts in relation to the above… Google apparently doesn’t realize that mail contacts (many kinds of people) are very different from friends in a social network; the contact or chat list may look like a friends list functionally, but they do not contain the same kind of people and do not serve the same purpose. It’s obvious if you look at  who’s in your own respective lists. A lot of confusion stems from that. Google is trying to “Facebookize” the Gmail ecosystem and the fit just can’t be good. Maybe that’s a cultural problem.

Update (0h06): an idea I just got. If the Buzz follower/followee lists actually were new lists, treated like real friends lists starting from zero (i.e. not based on any contact list, not even with a pre-filled checkbox list), with a reciprocal acknowledge just like in social networks, the user would really be more in control, with the actual feeling of starting up his own, separate network.

Google Buzz

Okay. I’ve just learned I’m the proud and lucky (thanks to my guardian angel) owner of a Google Buzz account.

What is it? Actually, I’m still trying to figure that out exactly.

Try to imagine Google Talk (chat) extended with bits of Twitter (followers and followees, but that’s not how they’re called) and geolocation, integrated within Google Mail with an interface that’s slightly reminiscent of Google Wave presented in a blogpost-like format (there has to be a RSS feed somewhere underneath, but I didn’t find it); with possible post upvoting as in Digg or Reddit (but no downvoting).

And you can also mix in stuff from Picasa, Google Reader, Twitter itself, Flickr or blogs.

The above looks like a web 2.0 keyword soup; this is a good reflection of my first impression 🙂

That’s what I was able to gather after using it for 5 minutes. I certainly missed a boatload of things and got some wrong.

Allongez votre URL

Une petite preuve de concept plutôt rigolotte (via Stéphane) :

Et en plus c’est original.

Je ne suis que très partiellement convaincu par l’argumentaire sur la question, mais un petit service de ce style permet au moins de mettre le doigt sur ce qui se passe en « arrière-boutique » des raccourcisseurs, qui ne sont souvent qu’un mauvais palliatif pour transmettre des adresses via des formats étriqués (Twitter, SMS, mail…) qu’il vaudrait mieux directement améliorer ou remplacer, suivant le cas.

J’aime beaucoup la liste des URL récentes… qui présente cependant exactement deux des problèmes signalés dans l’argumentaire contre les raccourcisseurs 🙂

Google, Internetactu et OVH…

Exemple vécu ce jour, qui (m’)aide à comprendre en quoi le DNS Google peut, éventuellement, servir à quelque chose. Les fournisseurs d’accès ont bon dos (il est de bon ton de leur tirer dessus, et ni Google ni OpenDNS ne se sont gênés), mais souvent ce sont les sites d’origine qui ne gèrent pas correctement leur DNS.

Ainsi, aujourd’hui tous les serveurs DNS du site (deux serveurs DNS chez l’hébergeur à bas coût OVH) sont actuellement en carafe :

% dig
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 17958

% dig ns
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 14783

% dig +norecurse ns
;; AUTHORITY SECTION:       172652  IN      NS       172652  IN      NS

Qu’en pense OpenDNS ?

% dig @
;; connection timed out; no servers could be reached

Pas glorieux…

Qu’en pense Google Public DNS ?

% dig @   72852   IN      A

La bonne réponse.

La question « naturelle » que l’on peut se poser, et qui n’est pas neutre au vu de ce qui précède : est-ce un effet « normal » de cache DNS, ou Google effectue-il de la mise en cache « agressive » et au delà des spécifications du DNS pour donner des réponses de meilleure qualité ? (la mise en cache agressive est avérée, elle a été annoncée lors de l’ouverture du service).

Ironie suprême, j’ai découvert la panne qui précède en tentant d’aller consulter sur ledit site des articles sur la Googlisation de nos vies (trouvés via un article du Standblog trouvé via Stéphane).

Google public DNS

Google a annoncé hier un nouveau service d’ordre assez technique mais à vocation grand public : Google public DNS (merci à Philippe de Blue Pipe).

Je profite lâchement de l’absence aux JRES d’un des principaux bloggeurs français spécialistes pour donner mon grain de sel avant lui sur la question, même s’il m’a lui même gentiment fourni les pointeurs idoïnes vers sa littérature 🙂

Il s’agit « simplement » d’un service supposé remplacer les serveurs DNS récursifs que vous utilisez, soit ceux de votre fournisseur d’accès (cas le plus courant), soit ceux d’un service « ouvert » (cas moins courant et peu recommandé).

À quoi cela peut-il bien servir ?

Réponse rapide pour gens pressés : en gros… à rien ! Chaque fournisseur de connectivité gère ses propres serveurs, bien en général, et cela reste le plus souvent la meilleure solution (la vraiment meilleure solution technique étant dans la plupart des cas d’avoir chez vous un cache DNS local). Et si votre fournisseur ne gère pas correctement ses serveurs, il est temps de changer de boutique, pas juste de serveur DNS.

Mais ce nouveau service de Google a tout de même plusieurs intérêts notables.

Continue reading Google public DNS